You may have noticed that Liferay's new OAuth Provider application was released on Marketplace last week. This utility authorizes third-party applications to interact with a user’s resources. OAuth is a handshake mechanism that redirects Liferay users to a service provider, where they can tell the service provider to allow a plugin limited access to their Liferay accounts. This keeps the plugin from storing any of the user's credentials, avoiding security risks.

 

 

If you're interested in a Liferay Bodyguard (OAuth) and want to learn more about how it works, visit the Liferay Developer Network's user article on OAuth. If you'd like to implement OAuth yourself, visit the developer tutorial.

 

Special thanks to Igor Beslic for his helpful advice and insight. Also, thanks to Rich Sezov and Jim Hinkey for their guidance.