You may have read my recent (rather monolithic) post on Getting Started with OAuth.

Web Resource Authorisation Protocol (WRAP) is a set of so-called “profiles” for OAuth, which contribute a substantial number of additional features as well as vast simplification of the bloated (yet finally secure) authentication mechanism.

WRAP is currently in the very early stages of development as a protocol specification. But that doesn’t mean that it’s not gaining traction already, and beginning to make an impact.

OAuth is an often confusing protocol, that can be very difficult to get started with and nigh-on impossible to debug.

With that in mind, I set out to learn more about OAuth, why it’s there, how it works, and what you can do with it.

Of course the best way to do this is to actually get developing. So I got my PHP out, fired up my favourite IDE, and got started.

Here’s what I learnt, from the beginning, and it will hopefully save anyone else getting started with OAuth a bit of time and a lot of confusion.

You may have seen recently more tweets pointing links to something called Fallen London.

I’m not here to discuss the game, what it does, why as soon as you start playing it asks to OAuth with your Twitter account, or even the merits of social gaming.

I am here, however, to discuss the fine line between playing a game, sharing links, and spamming.

Fallen London