×

IDMWORKS Blog

Oauth vs. Xauth – When to pick the “O” vs. the “X”


Oauth vs.Xauth (Open Authorization vs. Extended Authorization). Both will accomplish sign on using an Oauth token, however Xauth is more a form of Oauth light, only really appropriate in a small percentage of applications. But be aware you still need to understand the Oauth authentication process, even when using Xauth.Oauth vs.Xauth (Open Authorization vs. Extended Authorization), there have been wars fought over less.  while  not getting into the philosophies that separate the two sides let’s start by looking at them as two separate tools.

The analogy is as follows: I can appreciate a good flat head screw driver and I believe there are jobs that require a Phillips screw driver. And while many Phillips screws can be worked with a flat head screw driver a Phillips screw driver won’t work on a flat head screw.

Such is the case with Oauth and Xauth.  Both will accomplish sign on using an Oauth token, however Xauth is more a form of Oauth light, only really appropriate in a small percentage of applications.  But be aware you still need to understand the Oauth authentication process, even when using Xauth.

Xauth is typically used for mobile and desktop applications that don’t use a browser directly.  Oauth is used for browser based authentication.  But this may be too much of a simplification.  I prefer that Xauth is used when Oauth can’t be used.  And when using Xauth you must also figure out how to dispose of the name/password that was used to retrieve the token.

Questions, comments or concerns are always welcome.  Feel free to reach out to us at IDMWorks.

Questions, comments or concerns? Feel free to reach out to us below, or email us at IDMWORKS to learn more about how you can protect your organization and customers.

  1. […] might be simple presentation of the difference between x-Auth vs o-Auth but many considered x-auth as an over-simplification of permissions related things and post DM-Gate […]

Leave a Reply

Your email address will not be published. Required fields are marked *