OAuth Checklist

Simple checks to ensure proper authorization in your services

• UX

  1. Remove passwords from API calls
  2. Offer an easy way to revoke applications
  3. Offer detailed permissions, or scopes

• Development

  1. Use a well tested OAuth library
  2. Offer the appropriate OAuth dance
  3. Document your OAuth implementation

• Security

  1. Encrypt all OAuth credentials
  2. Generate verifiable consumer keys
  3. Throttle undesired usage