OAuth2 on Ericsson Labs

4,373 views

Published on

The OAuth2 Framework allows you to protect your web resources using the next generation OAuth, (http://oauth.net/2/) as well as accessing OAuth2 protected resources, most notably the Facebook Graph API. The API consists of libraries for building your own OAuth2 server as well as client side access. The standard is still in draft mode so expect some level of changes. Currently version 10 of the OAuth 2 specification is the one being supported.

The framework is implemented in Java on top of Restlet.org HTTP framework.
It can execute on all platforms that Restlet is available on and it is validated using Java SE, EE and Android.
Donated to Restlet.org as an open source project with very generous open source license for reuse.

Published in: Technology, Education
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
4,373
On SlideShare
0
From Embeds
0
Number of Embeds
715
Actions
Shares
0
Downloads
57
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

OAuth2 on Ericsson Labs

  1. 1. OAuth2Framework A labs.ericsson.com APIhttp://labs.ericsson.com/apis/oauth2-framework/
  2. 2. OAuth2 Framework› The OAuth2 framework provides OAuth 2.0 library and code samples – in order to create a client web application, an OAuth protected web resource or even a full fledged Authorization Server.› It is an implementation of the latest IETF web authorization draft. (Soon to be RFC)› The framework is implemented in Java on top of Restlet.org HTTP framework. – It can execute on all platforms that Restlet is available on and it is validated using Java SE, EE and Android. – Donated to Restlet.org as an open source project with very generous open source license for reuse.© Ericsson AB 2010 | Page 2
  3. 3. WHY OAuth2?› The Oauth2 framework enables security on the web where information can easily and securely be exchanged. – At the same time we want you to spend less time re-creating something that actually does not add value to your service concept.› It is also a platform with extension that can make it even easier for the developer to experiment with using – an Authorization Server API – an OAuth discovery API – a hosted service where the interoperability can be tested and in this way make the service more robust and secure.© Ericsson AB 2010 | Page 3
  4. 4. Main Features› Support for following authorization flows – Web service, user agent, autonomous, user/password – Support for unlimited token and time expire tokens – Flexible user data model with a provided in memory BE – OpenID for authentication – Access to all the source code with open source – Automated Unit tests – Soon Available from Restlet Maven repository© Ericsson AB 2010 | Page 4
  5. 5. OAuth2 Overview Protected Scope Resource ClientID ClientSecret Authorization Resource CallbackURI Server Server Code Webclient (service provider) OauthToken Authenticate Authorize Browser© Ericsson AB 2010 | Page 5
  6. 6. Protected resource› Example of a protected resource use of APIpublic class ProtectApplication extends Application { @Override public synchronized Restlet createInboundRoot() { Router router = new Router(getContext()); RemoteAuthorizer auth = new RemoteAuthorizer( "http://localhost:8080/oauth/validate", "http://localhost:8080/oauth/authorize"); auth.setNext(ProtectedResource.class); //Defines only one route router.attach("/me", auth); return router; }}© Ericsson AB 2010 | Page 6
  7. 7. Web Client› Example of an oauth web client use of APIpublic class ProxyApplication extends Application { @Override public synchronized Restlet createInboundRoot() { Router router = new Router(getContext()); OAuthParameters params = new OAuthParameters( "1234567890", "secret1", "http://localhost:8080/oauth/", "foo bar"); OAuthProxy local = new OAuthProxy(params,getContext()); local.setNext(MeResourceClient.class); router.attach("/local",local); return router; }}© Ericsson AB 2010 | Page 7
  8. 8. Example applications Desktop Mobile© Ericsson AB 2010 | Page 8
  9. 9. © Ericsson AB 2010 | Page 9

×