OAUTH AUTHORIZATION
IN CLIENT-SERVER APPLICATIONS
          for iPhone / Android

      presentation by Taras Filatov
    ...
History
http://www.injoit.com/blog/2009/02/20/an-idea-for-saving-game-scores-online-for-iphone-
                          ...
OAuth
http://oauth.net/                          http://oauth.net/code/




http://code.google.com/p/oauth-signpost/

    ...
iGetScoresand Android
online high scores API for iPhone

           http://www.igetscores.com/

           http://www.mob1...
iGetScores
              OAuth nonce / time zones problem

http://www.injoit.com/blog/2009/06/26/getting-to-know-oauth/


...
Mob1serv
                           http://www.mob1serv.com/
•   Mob1serv is a SaaS suite providing a
    single solution ...
OAuth in Mob1serv
           http://www.mob1serv.com/oauth-contracter/

PLATFORMS

1st version: client: iPhone; server: PH...
OAuth in Mob1serv
              http://www.mob1serv.com/oauth-contracter/
 AUTHENTICATION EVOLUTION

 1st version: Standar...
OAuth Contracter
             http://www.mob1serv.com/oauth-contracter/


Modules (API wrappers):
* Twitter
* Facebook
* Y...
Thank you!

Contacts
•   e-mail: taras@injoit.com

•   www: www.injoit.com

•   www: www.mob1serv.com

•   twitter: INJOIT...
Upcoming SlideShare
Loading in...5
×

OAuth in mob1serv: Android point of view

3,322

Published on

A short presentation given by Taras Filatov, director of Injoit.com at Londroid (Android in London, http://bit.ly/ciDOBF) Meetup on 17th of June 2010.

This covers some aspects of using OAuth in mob1serv (universal server API for iPhone and Android) and in general of OAuth for Android platform.

Published in: Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
3,322
On Slideshare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
21
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide










  • OAuth in mob1serv: Android point of view

    1. 1. OAUTH AUTHORIZATION IN CLIENT-SERVER APPLICATIONS for iPhone / Android presentation by Taras Filatov for Londroid meetup www.mob1serv.com © Injoit and YAS, 2010
    2. 2. History http://www.injoit.com/blog/2009/02/20/an-idea-for-saving-game-scores-online-for-iphone- apps/
    3. 3. OAuth http://oauth.net/ http://oauth.net/code/ http://code.google.com/p/oauth-signpost/ http://groups.google.com/group/oauth
    4. 4. iGetScoresand Android online high scores API for iPhone http://www.igetscores.com/ http://www.mob1serv.com/high-scores/
    5. 5. iGetScores OAuth nonce / time zones problem http://www.injoit.com/blog/2009/06/26/getting-to-know-oauth/ different time zones of players caused OAuth to stop working
    6. 6. Mob1serv http://www.mob1serv.com/ • Mob1serv is a SaaS suite providing a single solution to all typical server side tasks faced by mobile developers • One library, 5 min installation • Huge added value for end users: Online High Scores, IM/PM (direct messaging), Events Notification, GPS location tracking, Banners Manager, http://www.mob1serv.com/help/quick-install/ Facebook / Twitter / Google integration, Files storage etc • Serious business class service, no annoying ads or 3rd party advertisement
    7. 7. OAuth in Mob1serv http://www.mob1serv.com/oauth-contracter/ PLATFORMS 1st version: client: iPhone; server: PHP NOW: client: iPhone / Android library; server: Ruby on Rails IDENTIFICATION 1st version: UDID NOW: 1) login 2) login+password 3) iPhone UDID / Android ID
    8. 8. OAuth in Mob1serv http://www.mob1serv.com/oauth-contracter/ AUTHENTICATION EVOLUTION 1st version: Standard OAuth ‘3-legged’ scheme * 2 keys: Consumer and Secret * Application works with server through HTTP requests (data is NOT encrypted, it is only signed with HMAC-SHA hash) * App sends Consumer Key and Consumer Secret to receive Access Token and Access Token Secret * App sends Consumer Key, Consumer Secret, Access Token, NOW: improved scheme (simplified but more secure) * Consumer Key replaced with Token * All requests are signed with merged parameters hash + Consumer Secret but Consumer Secret is NEVER transmitted openly to avoid Man-in-the-middle attacks * Timestamp and nonce are still used to avoid Replay attacks
    9. 9. OAuth Contracter http://www.mob1serv.com/oauth-contracter/ Modules (API wrappers): * Twitter * Facebook * Yahoo SERVICE (Twitter / APP OAuth Contracter Facebook / Yahoo) Libraries: * iPhone * Android
    10. 10. Thank you! Contacts • e-mail: taras@injoit.com • www: www.injoit.com • www: www.mob1serv.com • twitter: INJOIT and MOB1SERV
    1. A particular slide catching your eye?

      Clipping is a handy way to collect important slides you want to go back to later.

    ×