Enrich your applications with access to our data and/or provide paid services to users that enhance their functionality on Campus Discounts. Whatever you choose to do, we promise a painless API platform that is easy and fun to use and manage.
The Open standard for authorization, OAuth began in 2006. The OAuth 1.0 protocol was publish in 2010. Unsatisfied, work begun on OAuth 2.0 shortly thereafter. In July 2012, Eran Hammer resigned his role of lead author for the OAuth 2.0 project citing, chief among other things, the deliberate complexity of the framework as a front for consultancy services and integration solutions. The OAuth 2.0 framework was later published in October 2012.
We won't delve into whether or not we agree with his views, but at Campus Discounts we strive to make developers lives simpler for both our own team and for third parties. We have developed our own simple authorization process for third party apps.
Nathan's Open standard for authorization, NOAuth is the codename we gave our OAuth protocol. It involves the following steps :-
- An App is created, given a secret and assigned version 0
- The App self assigns or/and is approved of certain action permissions
- The App changed are saved and version is bumped to v1
- A User installs the App saving the version number installed
- The App saves the installed User's ID
- The App makes requests with its App ID, App Secret and a User ID
- We check wether User ID has installed App ID and what version.
- Using the version number we get the App permissions for that version.
- App can perform actions on behalf of user for that version's permissions.
There are numerous benefits to NOAuth over OAuth 2.0 for our use case and probably many others. We list some of them here but will write a few articles about it in on our Blog with the tag #NOAuth.
No Access Tokens
Developers don't need to save and keep track of Access Tokens in their databases. Just save the ID of the User who installed your App which for many cases you would normally save anyway. Storing less datain your DB to complete the same action is always a plus.
No Token Expiration
Related to the point above, you do not need to worry about re-requesting and re-saving new tokens every so often.
This is huge. Let's say your DB falls victim to ransomware or theft. You would have to revoke each access token and ask your users to re-authorize your App. Bummer.
With NOAuth, just request for a new App secret and presto, you're done. Don't punish your users for something they had nothing to do with.
Another huge one. When installing your App, users can the option to tick the auto-update checkbox (on by default). This enables them to pre-grant permissions to your App everytime you upgrade your app, which is very similar to what IOS and Android Apps do over wifi.