You’re building an API and the question comes up, how to let client applications authenticate against it? Giving username/password to 3rd party client applications is a security anti-pattern. You don’t want to do that. API keys are better, but confusing for the average user. So we’re going to look at solving that with OAuth 2.0.
- Google I/O 2011: Identity and Data Access: OpenID and OAuth
- O’Reilly Webcast: An Introduction to OAuth 2