Earlier today, passed on by Mikkel on Twitter is an excellent article on OAuth. Mikkel has created an abstracted view part for use in his TwitNotes that does the OAuth work for you. As Mikkel outlines, he has gone through the same struggles as Ryan did in his article on Ars. Even though the article has some great visual graphics, don’t think its not comprehensive. The article goes deeply into the problem at hand and even offers some suggestions how Twitter could change its OAuth flow like LinkedIn and Google.
Even in the context of server-to-server authentication, OAuth should be viewed as a necessary evil rather than a good idea. It should be approached with extreme trepidation and the high level of caution that is warranted by such a convoluted and incomplete standard. Careless adoption can lead to serious problems, like the issues caused by Twitter’s extremely poor implementation.