Basic auth for your web services sucks for several reasons. OAuth is a standard protocol for doing token based auth, similar to how flickr auths their desktop apps. OAuth is also an ideal companion to openid, as it doesn't require a local username/password. In this talk we'll take a closer look at how OAuth is built up, as well as look into how you can easily use OAuth for your own APIs, with examples in Catalyst well as Jifty and pure mod_perl.