Whether you’re interacting via server side web applications, client-side browser applications, or native mobile applications, as web services support more write functions and allow access to more sensitive data, it is increasingly important that information be kept secure. Our OAuth 2.0 implementation enables you to provide a secure login function for your registered users.
The OCLC OAuth 2.0 Authorization Server includes both a Web App pattern (“Explicit Authorization Flow” in OAuth terms) and a Mobile Pattern (“User Agent Flow”) and provides a safe, robust infrastructure to manage authentication and authorization interactions across clients.
The Authorization Server allows clients to log users in to their appropriate identity provider at the relevant institution and is built on our Identity Management (IDM) infrastructure. Applications and institutions that are configured in IDM include:
Web services that utilize IDM:
Note that consuming web browsers must have cookies enabled.
Ready to get started?
In order to use this new functinoality, you will need to tell OCLC about an additional piece of information for your WSKey, a redirect URI that our Authorization Server will use to send logged in clients back to your application. We’ve added a new field for new WSKey requests where you’ll need to set the Redirect URL for your application. You can add this information to an existing WSKey by emailing email@example.com with the API key string for an existing WSKey, the web service, and the redirect URI for your application. We've created a page with this, and everything else you'll need to know, about getting started using the OAuth 2.0 Authorization Server.
For further reading on OCLC WorldShare Platform Authentication and Authorization, including more details about our OAuth 2.0 implementation, we recommend Karen’s ongoing topical series:
Keep an eye out for upcoming posts on Explicit Authorization Code, User Agent Mobile Flow, and more.
The OCLC Developer Network supports the use of OCLC Web Services—a set of tools and APIs that expose data and services for WorldCat and our member libraries and partner institutions or companies. learn more »
© 2010 OCLC Domestic and international trademarks and/or service marks of OCLC Online Computer Library Center, Inc. and its affiliates