1 answer
OAuth 1.0 is based on having shared secrets between the server and consumer which are used to calculate signatures. Those signatures are then used to verify the authenticity of API requests. The community found that implementing signatures correctly was quite difficult. OAuth 2.0 removes signatures and instead relies on SSL to secure the secret. If you want to see a concise explanation and detailed flow (with diagrams) of OAuth, you can check out The OAuth Bible (http://oauthbible.com/)
