Your SlideShare is downloading. ×
0
Authentication across the Atlassian Ecosystem - AtlasCamp 2011
Authentication across the Atlassian Ecosystem - AtlasCamp 2011
Authentication across the Atlassian Ecosystem - AtlasCamp 2011
Authentication across the Atlassian Ecosystem - AtlasCamp 2011
Authentication across the Atlassian Ecosystem - AtlasCamp 2011
Authentication across the Atlassian Ecosystem - AtlasCamp 2011
Authentication across the Atlassian Ecosystem - AtlasCamp 2011
Authentication across the Atlassian Ecosystem - AtlasCamp 2011
Authentication across the Atlassian Ecosystem - AtlasCamp 2011
Authentication across the Atlassian Ecosystem - AtlasCamp 2011
Authentication across the Atlassian Ecosystem - AtlasCamp 2011
Authentication across the Atlassian Ecosystem - AtlasCamp 2011
Authentication across the Atlassian Ecosystem - AtlasCamp 2011
Authentication across the Atlassian Ecosystem - AtlasCamp 2011
Authentication across the Atlassian Ecosystem - AtlasCamp 2011
Authentication across the Atlassian Ecosystem - AtlasCamp 2011
Authentication across the Atlassian Ecosystem - AtlasCamp 2011
Authentication across the Atlassian Ecosystem - AtlasCamp 2011
Authentication across the Atlassian Ecosystem - AtlasCamp 2011
Authentication across the Atlassian Ecosystem - AtlasCamp 2011
Authentication across the Atlassian Ecosystem - AtlasCamp 2011
Authentication across the Atlassian Ecosystem - AtlasCamp 2011
Authentication across the Atlassian Ecosystem - AtlasCamp 2011
Authentication across the Atlassian Ecosystem - AtlasCamp 2011
Authentication across the Atlassian Ecosystem - AtlasCamp 2011
Authentication across the Atlassian Ecosystem - AtlasCamp 2011
Authentication across the Atlassian Ecosystem - AtlasCamp 2011
Authentication across the Atlassian Ecosystem - AtlasCamp 2011
Authentication across the Atlassian Ecosystem - AtlasCamp 2011
Authentication across the Atlassian Ecosystem - AtlasCamp 2011
Authentication across the Atlassian Ecosystem - AtlasCamp 2011
Authentication across the Atlassian Ecosystem - AtlasCamp 2011
Authentication across the Atlassian Ecosystem - AtlasCamp 2011
Authentication across the Atlassian Ecosystem - AtlasCamp 2011
Authentication across the Atlassian Ecosystem - AtlasCamp 2011
Authentication across the Atlassian Ecosystem - AtlasCamp 2011
Authentication across the Atlassian Ecosystem - AtlasCamp 2011
Authentication across the Atlassian Ecosystem - AtlasCamp 2011
Authentication across the Atlassian Ecosystem - AtlasCamp 2011
Authentication across the Atlassian Ecosystem - AtlasCamp 2011
Authentication across the Atlassian Ecosystem - AtlasCamp 2011
Authentication across the Atlassian Ecosystem - AtlasCamp 2011
Authentication across the Atlassian Ecosystem - AtlasCamp 2011
Authentication across the Atlassian Ecosystem - AtlasCamp 2011
Authentication across the Atlassian Ecosystem - AtlasCamp 2011
Authentication across the Atlassian Ecosystem - AtlasCamp 2011
Authentication across the Atlassian Ecosystem - AtlasCamp 2011
Authentication across the Atlassian Ecosystem - AtlasCamp 2011
Authentication across the Atlassian Ecosystem - AtlasCamp 2011
Authentication across the Atlassian Ecosystem - AtlasCamp 2011
Authentication across the Atlassian Ecosystem - AtlasCamp 2011
Authentication across the Atlassian Ecosystem - AtlasCamp 2011
Authentication across the Atlassian Ecosystem - AtlasCamp 2011
Authentication across the Atlassian Ecosystem - AtlasCamp 2011
Authentication across the Atlassian Ecosystem - AtlasCamp 2011
Authentication across the Atlassian Ecosystem - AtlasCamp 2011
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Authentication across the Atlassian Ecosystem - AtlasCamp 2011

1,057

Published on

How can you get your Atlassian products to use the same authentication and sign-on as the rest of your enterprise apps? We'll show you strategies for accomplishing this with the minimum amount of …

How can you get your Atlassian products to use the same authentication and sign-on as the rest of your enterprise apps? We'll show you strategies for accomplishing this with the minimum amount of pain.

Mark Lassau, JIRA Developer

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
1,057
On Slideshare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
7
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1.  
  • 2. Integration and Authentication ” “ Mark Lassau Team Lead, JIRA Engine Room
  • 3. <ul><ul><li>Work on JIRA's core </li></ul></ul><ul><ul><li>DB, performance, Business Logic… </li></ul></ul><ul><ul><li>Maintain the JIRA Service API </li></ul></ul><ul><ul><li>Build the JIRA REST API </li></ul></ul>Engine Room Team
  • 4. Integration and Authentication ” “ <ul><li>Talking to external applications from your plugin </li></ul><ul><li>Dealing with OAuth </li></ul><ul><li>Non-Atlassian applications </li></ul><ul><li>Custom Authentication schemes </li></ul>
  • 5. Introduction to Application Links ” “
  • 6. <ul><ul><li>What is “Application Links”? </li></ul></ul><ul><ul><ul><li>a.k.a “App Links”, APL, UAL (Unified App Links) </li></ul></ul></ul><ul><ul><ul><li>By itself – nothing – just an enabling library </li></ul></ul></ul><ul><ul><ul><li>Helps you write plugins that can talk to external systems </li></ul></ul></ul>Introduction to Application Links
  • 7. <ul><ul><li>Common configuration UI </li></ul></ul>Introduction to Application Links <ul><ul><ul><li>Consistent look and feel </li></ul></ul></ul><ul><ul><ul><li>Shared configuration makes administration easier </li></ul></ul></ul><ul><ul><ul><li>One less thing for plugin devs to write </li></ul></ul></ul>
  • 8. <ul><ul><li>What else do we get? </li></ul></ul>Introduction to Application Links <ul><ul><ul><li>Out of the box Authentication providers </li></ul></ul></ul><ul><ul><ul><li>Factories to help plugins make authenticated remote requests </li></ul></ul></ul><ul><ul><ul><li>Modular and extendable </li></ul></ul></ul>
  • 9. Using Application Links in a plugin ” “
  • 10. <ul><li>Show me the code! </li></ul>Using App Links in a Plugin <ul><ul><ul><li>Use the ApplicationLinkService to get an ApplicationLink </li></ul></ul></ul><ul><ul><ul><li>Get a RequestFactory that will add appropriate authentication data </li></ul></ul></ul>
  • 11. <ul><li>How easy is this? </li></ul>Using App Links in a Plugin <ul><ul><ul><li>Create your HTTP request </li></ul></ul></ul><ul><ul><ul><li>Execute it and parse the results! </li></ul></ul></ul>
  • 12. <ul><li>Except … </li></ul><ul><li>… the CredentialsRequiredException </li></ul>Using App Links in a Plugin <ul><ul><ul><li>If we are not able to authenticate yet </li></ul></ul></ul><ul><ul><ul><li>This is mostly about OAuth </li></ul></ul></ul>
  • 13. Authentication in App Links ” “
  • 14. <ul><ul><li>Configuring Authentication methods </li></ul></ul>Authentication in App Links <ul><ul><ul><li>The admin sets up zero or more authentication providers </li></ul></ul></ul><ul><ul><ul><li>Plugins usually accept “preferred” method, but can request a specific one </li></ul></ul></ul>
  • 15. <ul><ul><li>Available Authentication providers </li></ul></ul><ul><ul><ul><li>Basic Authentication </li></ul></ul></ul><ul><ul><ul><li>Trusted Applications </li></ul></ul></ul><ul><ul><ul><li>OAuth </li></ul></ul></ul><ul><ul><ul><li>(+ Custom Authentication Providers) </li></ul></ul></ul>Authentication in App Links
  • 16. <ul><ul><li>Basic Authentication </li></ul></ul><ul><ul><ul><li>Basic Auth sends a weakly encoded user/pass with every request </li></ul></ul></ul><ul><ul><ul><li>Single credentials shared with all users </li></ul></ul></ul><ul><ul><ul><li>Send every request over HTTPS to secure it </li></ul></ul></ul>Authentication in App Links
  • 17. <ul><ul><li>Basic Auth – the Good </li></ul></ul><ul><ul><ul><li>Simple to configure </li></ul></ul></ul><ul><ul><ul><li>You may want to use shared credentials? </li></ul></ul></ul>Authentication in App Links
  • 18. <ul><ul><li>Basic Auth – the Bad </li></ul></ul><ul><ul><ul><li>Shared credentials </li></ul></ul></ul><ul><ul><ul><li>Storing passwords is bad, mkay? </li></ul></ul></ul>Authentication in App Links
  • 19. <ul><ul><li>Trusted Applications </li></ul></ul><ul><ul><ul><li>Atlassian proprietary protocol </li></ul></ul></ul><ul><ul><ul><li>Provides “impersonating” authentication </li></ul></ul></ul><ul><ul><ul><li>Assumes the user bases are exactly the same in both apps </li></ul></ul></ul>Authentication in App Links
  • 20. <ul><ul><li>Trusted Apps – the Good </li></ul></ul><ul><ul><ul><li>Respects users privileges on external app </li></ul></ul></ul><ul><ul><ul><li>Doesn't require a shared password </li></ul></ul></ul><ul><ul><ul><li>No further authorisation required by users </li></ul></ul></ul><ul><ul><ul><li>No special code required by plugins </li></ul></ul></ul>Authentication in App Links
  • 21. <ul><ul><li>Trusted Apps – the Bad </li></ul></ul><ul><ul><ul><li>Will only connect to other Atlassian applications </li></ul></ul></ul><ul><ul><ul><li>Only works for shared userbases </li></ul></ul></ul>Authentication in App Links
  • 22. <ul><ul><li>OAuth </li></ul></ul><ul><ul><ul><li>Standards-based authorisation protocol </li></ul></ul></ul><ul><ul><ul><li>Provides “impersonating” authentication </li></ul></ul></ul><ul><ul><ul><li>Allows a user to grant third party access to external resources without sharing their password </li></ul></ul></ul>Authentication in App Links
  • 23. <ul><ul><li>OAuth - the Good </li></ul></ul><ul><ul><ul><li>Standard protocol used by many 3 rd party systems </li></ul></ul></ul><ul><ul><ul><li>No storing of foreign passwords </li></ul></ul></ul><ul><ul><ul><li>Allows disparate user bases </li></ul></ul></ul><ul><ul><ul><li>User can grant and revoke access to their resources </li></ul></ul></ul>Authentication in App Links
  • 24. <ul><ul><li>OAuth - the Bad </li></ul></ul><ul><ul><ul><li>User must explicitly grant access to their resources </li></ul></ul></ul><ul><ul><ul><li>Plugins must implement the UI logic to gain access </li></ul></ul></ul>Authentication in App Links
  • 25. A bit about OAuth ” “
  • 26. <ul><ul><li>Three-Legged OAuth </li></ul></ul><ul><ul><li>(the “OAuth Love Triangle”) </li></ul></ul>A bit about OAuth
  • 27. <ul><ul><li>The OAuth Dance </li></ul></ul><ul><ul><li>User has not approved access yet </li></ul></ul>A bit about OAuth
  • 28. <ul><ul><li>The OAuth Dance </li></ul></ul><ul><ul><li>User must authenticate with the remote application </li></ul></ul>A bit about OAuth
  • 29. <ul><ul><li>The OAuth Dance </li></ul></ul><ul><ul><li>User grants the “client” access to her resources on the remote application. </li></ul></ul>A bit about OAuth
  • 30. <ul><ul><li>The OAuth Dance </li></ul></ul><ul><ul><li>The first application can now access data from the remote application. </li></ul></ul>A bit about OAuth
  • 31. <ul><ul><li>The OAuth Dance – behind the scenes </li></ul></ul><ul><ul><ul><li>Client gets temporary request token from Server </li></ul></ul></ul><ul><ul><ul><li>Client redirects User to the Server with the request token </li></ul></ul></ul><ul><ul><ul><li>User authenticates with Server </li></ul></ul></ul><ul><ul><ul><li>Users grants access to resources and is redirected back to Client </li></ul></ul></ul><ul><ul><ul><li>Client exchanges request token for Access Token </li></ul></ul></ul><ul><ul><ul><li>Client can now access resources on Server on behalf of User! </li></ul></ul></ul>A bit about OAuth
  • 32. Doing the OAuth Dance ” “ <ul><ul><li>Back to writing our plugin </li></ul></ul>
  • 33. <ul><ul><li>The happy path </li></ul></ul>Doing the OAuth Dance <ul><ul><ul><li>Retrieve remote data and display to user </li></ul></ul></ul>
  • 34. <ul><ul><li>Dealing with CredentialsRequired </li></ul></ul>Doing the OAuth Dance <ul><ul><ul><li>We need to send the user to the remote server </li></ul></ul></ul><ul><ul><ul><li>We supply a callback URL to come back to us when they are finished </li></ul></ul></ul>
  • 35. Custom Application Types ” “ <ul><ul><li>Connecting to non-Atlassian Apps </li></ul></ul>
  • 36. <ul><ul><li>Why Create a Custom Application Type? </li></ul></ul>Creating a custom Application Type <ul><ul><ul><li>Simpler more professional configuration </li></ul></ul></ul>
  • 37. <ul><ul><li>Why Create a Custom Application Type? </li></ul></ul>Creating a custom Application Type <ul><ul><ul><li>Control the available Authentication Providers </li></ul></ul></ul><ul><ul><ul><li>Can use custom Authentication Providers </li></ul></ul></ul>
  • 38. <ul><ul><li>Why Create a Custom Application Type? </li></ul></ul>Creating a custom Application Type <ul><ul><ul><li>More professional look </li></ul></ul></ul><ul><ul><ul><li>Implement the heartbeat ping </li></ul></ul></ul>
  • 39. <ul><ul><li>atlassian-plugin.xml </li></ul></ul>Creating a custom Application Type
  • 40. <ul><ul><li>Implement ApplicationType </li></ul></ul>Creating a custom Application Type
  • 41. <ul><ul><li>Implement ManifestProducer... </li></ul></ul>Creating a custom Application Type
  • 42. <ul><li>Implement Manifest … </li></ul>Creating a custom Application Type
  • 43. <ul><li>Implement Manifest … authentication types </li></ul>Creating a custom Application Type
  • 44. <ul><li>Implement Manifest … mostly boilerplate </li></ul>Creating a custom Application Type
  • 45. Custom Authentication Providers ” “
  • 46. <ul><ul><li>atlassian-plugin.xml </li></ul></ul>Creating a custom Authentication Provider
  • 47. <ul><li>AuthenticationProviderPluginModule - Custom UI </li></ul>Creating a custom Authentication Provider
  • 48. <ul><ul><li>Custom config is inserted as an iframe </li></ul></ul>Creating a custom Authentication Provider
  • 49. <ul><ul><li>Storing the configuration settings </li></ul></ul><ul><ul><ul><li>AuthenticationConfigurationManager is provided for you </li></ul></ul></ul><ul><ul><ul><li>Stores and retrieves arbitrary configuration </li></ul></ul></ul>Creating a custom Authentication Provider
  • 50. <ul><li>AuthenticationProviderPluginModule </li></ul><ul><ul><ul><li>Creating an authentication provider </li></ul></ul></ul><ul><ul><ul><li>We are going to use the SAL RequestFactory as a helper </li></ul></ul></ul>Creating a custom Authentication Provider
  • 51. <ul><li>AuthenticationProvider </li></ul><ul><ul><ul><li>Returns a RequestFactory that will add authentication data </li></ul></ul></ul><ul><ul><ul><li>Can be “impersonating” or “non-impersonating” </li></ul></ul></ul><ul><ul><ul><li>Wrapping the SAL RequestFactory makes life easy </li></ul></ul></ul>Creating a custom Authentication Provider
  • 52. <ul><li>ApplicationLinkRequestFactory </li></ul><ul><ul><ul><li>Use SAL RequestFactory to create a vanilla request </li></ul></ul></ul><ul><ul><ul><li>Add headers (or whatever) in order to add authentication info </li></ul></ul></ul>Creating a custom Authentication Provider
  • 53. <ul><ul><li>The circle is complete! </li></ul></ul>Creating a custom Authentication Provider <ul><ul><ul><li>Remember the old “authenticated request factory”? </li></ul></ul></ul>
  • 54. ” <ul><li>App Links makes talking to external servers easy </li></ul><ul><li>OAuth is not as scary as it sounds </li></ul><ul><li>Specialist Application Types can be created </li></ul><ul><li>We can handle any authentication scheme </li></ul>
  • 55. Thank you!
  • 56. <ul><li>More Reading </li></ul><ul><li>Application Links Documentation http://confluence.atlassian.com/display/APPLINKS/ </li></ul><ul><li>App Links Developer docs https://developer.atlassian.com/display/APPLINKS/ </li></ul><ul><li>Example Twitter App Link http://blogs.atlassian.com/developer/2011/06/unified_applinks_integration_without_the_hassle_-_part_1.html </li></ul><ul><li>OAuth 1.0 Guide http://hueniverse.com/oauth/ </li></ul>

×