Open ID & OAuth<br />Paul Fryer<br />June 2011<br />
What we’ll cover<br />What is OpenID and OAuth?<br />Where and why are these used?<br />“In the wild” examples.<br />Source code examples.<br />
What is OpenID?<br /><ul><li>OpenID is about verifying identity (authenticating).
Prevents users from having to maintain multiple identities with websites/electronic systems.</li></li></ul><li>Who uses OpenID?<br />You probably already have an OpenID.<br />Most of the major web players have an implementation.<br />You can provide your own implementation.<br />
How does OpenID Work?<br />What’s your OpenID?<br />User enters OpenID.<br />Request the OpenID Provider page.<br />Provider returns page with openid.server and, optionally, openid.delegate. <br />Build URL and make request to OpenID server.<br />OpenID server presents login screen.<br />User provides credentials.<br />OpenID server asks user to authorize use.<br />User responds to authorization request.<br />User redirected to success or failure URL.<br />Appropriate page is rendered depending on success or failure.<br />
What is OAuth?<br /><ul><li>OAuth is about authorizing 3rd party sites to access user information.
Allows sharing of user data with other systems without providing credentials to the other systems.</li></li></ul><li>Who uses OAuth?<br /><ul><li>Most major web players.
Live Example<br />Stackoverflow.com<br />Built on <br />
Source Code Examples<br />Examples using the Dot Net Open Auth library.<br />ASP.Net MVC example using OpenID.<br />ASP.Net Web Forms example using OAuth.<br />
A particular slide catching your eye?
Clipping is a handy way to collect important slides you want to go back to later.