Painless OAuth: Adopting OAuth Without The Night Sweats

Clay Loveless (Mashery)
Average rating: ***..
(3.33, 9 ratings)

Application interoperability is rapidly becoming a prerequisite for survival. Yet the more intertwined our decentralized digal selves become, the greater the need for a standard approach to delegating authenticated interactions. OAuth has emerged as the method of choice for many services exposing these integration points. However, there is a vast difference between the clarity of OAuth as a choice, and the details of OAuth’s implementation.

As a developer exposing an API on behalf of a service, or as a developer seeking to integrate with external services, the need to support the OAuth standard is a reality today. While many large services support OAuth, few do it in a pain-free manner.

Clay Loveless is the Chief Architect and co-founder of Mashery, the leading API management service provider. Clay will talk about what he’s learned helping both large and small companies implement OAuth.

The talk will discuss:

  • How to plan an OAuth implementation that will be successful from an API’s developer community perspective.
  • Tactics for switching from OAuth 1.0a to OAuth 2.0
  • Best practices for secret management in different types of applications and devices.
  • Most common gotchas that developers encounter, and how to avoid them.
  • Maximizing return on the least amount of development time to get OAuth implemented so developers can focus on what’s important in their API.

Attendees will leave the session with a roadmap of pitfalls to avoid and a set of best practices to refer to when implementing an OAuth stack on top of their APIs.

Photo of Clay Loveless

Clay Loveless


Mashery co-founder and Chief Architect Clay Loveless has been programming online applications since 1995. As Senior Software Engineer at Feedster, he played a key role in API and application development for Feedster partners. Prior to his work at Feedster, Clay served as Vice President of Technology for Eruptor Entertainment, a Los Angeles-based entertainment production company.

Clay also led the enterprise web application consulting firm Killersoft, and in the early days of the Web, he developed frontend code for America Online. He has written numerous articles devoted to PHP development, and was responsible for four chapters in the PHP Cookbook, 2nd Edition (2006) from O’Reilly. Clay holds a BA from New York University’s Gallatin Division.

Comments on this page are now closed.


Patrick Dolan
04/04/2011 6:46am PDT

I appreciated Clay’s candor in advising to NOT using OAuth, but it seemed he had some difficulty in filling the void with enough material to make it worthwhile.

  • Bundle
  • Microsoft Corporation
  • Rackspace Hosting
  • .CO
  • Serve (amex)
  • Tagged
  • Berlin Partner
  • IBT
  • OpenSRS
  • PR Newswire
  • RIM
  • SoftLayer
  • StrataScale Inc.
  • TokBox

Ally Parker

Kaitlin Pike
(415) 947-6306

View a complete list of Web 2.0 Expo contacts.