OAuth book

OAuth Up And Running

Original thoughts on an OAuth book:

• Simple
• Short
• Focused on OAuth client development

working title: OAuth: Up & Running

Might still do this - there's probably a lot more demand for it than a more comprehensive book. Can probably re-use material from one for the other, and vice-versa.

Definitive Guide to OAuth 2

http://aaronparecki.com/The_Definitive_Guide_to_OAuth_2

http://aaronparecki.com/Talk:The_Definitive_Guide_to_OAuth_2

Some thoughts on writing an OAuth book with Aaron Parecki et al

Part 1 feedback

Re: Part 1 overall. If I was a developer wanting to get up and running with OAuth, I wouldn't want to wade through all the history and nitty gritty of how OAuth works. Need chapters on example applications instead.

Re: Chapter 1. History can be an appendix. A one page summary timeline intro would be sufficient. Perhaps 1 page on password anti-pattern bad, how Flickr solved it with Flickr-auth good, and then 1 page on how OAuth 1 and 2 are the generalization/standardization of what Flickr-auth did instead.

Re: Chapter 2 and 3 - move these to a latter advanced section.

Then from a developer's perspective, I would expect to see one chapter for each type of client that just walked me through the code I needed to write.

Part 2 feedback

Part 2 (Ch 4-12) - the whole thing seems far too plumbing centric. Great for someone into protocols, but intimidating/overwhelming from an application developer perspective. I understand why each of these might be important to know, however the packaging can be improved. That is, each Chapter should be a feature / user-scenario of an app which then requires using a specific feature of OAuth, that way the motivation to make the feature work is what drives learning/understanding the feature, which is likely to be more effective than mere protocol curiousity which tends to be much rarer.

Part 3 feedback

Part 4 feedback

Part 3 and 4 are definitely advanced sections.