IDENTIFY YOURSELF                      WITH ACCESS                                           Tim Messerschmidt            ...
Who am I?            2	  
Agenda•  What is PayPal Access?•  How does it work?•  Why should I use this?•  How to implement that?                     ...
Slides          goo.gl/u3Rix            SlideShare:          PayPalEuDevs                       4	  
WHAT ISACCESS?           5	  
Can be used to login with your existing PayPal credentials                       6	  
Figure:Q3 2012  active   users      7	  
Leverage existingtechnology to push your own service(s)                       8	  
Based on OAuth 2.0 or  OpenID Connect                        9	  
Not related to payments                       10	  
Free to use               11	  
Introduced in 2011                      12	  
Additional features  coming soon!                      13	  
Registration of apps:  devportal.x.com                         14	  
15	  
HOW DOES IT LOOK LIKE?               16	  
17	  
18	  
19	  
HOW DOESIT WORK?20	        20	  
OAuth?     OpenID?OpenID Connect?                   21	  
OAuth 1.0             22	  
OAuth 2.0             23	  
OPINIONS ON  OAUTH 2              24	  
OAuth 2.0 &            the Road to HellEran Hammer: http://hueniverse.com/2012/07/oauth-2-0-and-the-road-to-hell/   25	  
“OAuth 2.0 offers little to none code re-usability”                          26	  
“What 2.0 offers is a   blueprint for anauthorization protocol”                       27	  
On the Deadness           of OAuth 2Tim Bray: http://www.tbray.org/ongoing/When/201x/2012/07/28/Oauth2-dead   28	  
“OAuth 2 isuseful today.”                  29	  
“OAuth 2 may not beperfect, and may have been harmed by the Enterprise crap, but the core of Web functionality […] seems t...
OpenIDConnect           31	  
5 scopes    1.    profile             2.    emailfor access             3.    address   to the             4.    phone  pro...
THEDIFFERENCE          33	  
OAuth 2.0 implementation   can be easily changed to       OpenID Connect               Jonathan LeBlanc: https://www.x.com...
WHYSHOULD IUSE THIS?             35	  
People forget passwords…“45 % admit to leaving a websiteinstead of re-setting their passwordor answering security question...
People don’t like to register…Out of 657 surveyed users 66 %think that social sign-in is a desirablealternative. ** Blue I...
THE VALUE             38	  
Leveragean existing    profile         39	  
Verified user accounts               40	  
THE FLOW     &SOME CODE             41	  
Authorization Flow          Client                    Server1.  Open Authorization     2.  Provide login page    Endpoint ...
Your components (OAuth 2)Server endpoints: Client details:                             43	  
Load the Authorization URL in      a WebView and…                            44	  
… start checking the URLs your     WebView is loading	                              45	  
Retrieve the Access Token	                                  46	  
THE REPLY{     "access_token": "something not so long",     "token_type": "Bearer",     "refresh_token": ”something not so...
REFRESHING A TOKEN   Do a POST including theRefresh Token to this endpoint:                 https://www.paypal.com/   weba...
REFRESHING A TOKEN Change the Grant Type:grant_type=refresh_token            Add the profile’s scope      scope=profile     ...
VALIDATION  Do a POST including theAccess Token to this endpoint:                https://www.paypal.com/   webapps/auth/pr...
VALIDATIONProvide the id_token value you got when receiving    the Access Token             access_token=myToken          ...
LOGGING OUT THE USER  Do a POST including theAccess Token to this endpoint:                https://www.paypal.com/  webapp...
LOGGING OUT THE USER  Furthermore you have toadd the following parameters        to the POST:             redirect_url=myF...
FURTHERINFORMATION           54	  
Useful links•  goo.gl/y9HKO  – Migrating PayPal Access to from OAuth 2    to OpenID Connect (Jonathan LeBlanc)  •  goo.gl/...
Official developer resources•  x.com/identity  –  PayPal Access Developer Guide  •  x.com/mobile  –  PayPal payment product...
Help!!?! Problems?•  paypal.com/dts  –  Developer Technical Services  –  Ticketing•  x.com/developers/paypal/forums  –  Pa...
INNOVATION              58	  
QR Code adoptionbetween different    countries                    59	  
% of Smartphone Audience      20	        18	        16	        14	        12	        10	          8	          6	          ...
Adoption of QR Codes70% of 30.000.000 surveyedGerman households recognize QRCodes and know how to use them ** Nielsen 2011...
Available"      for " Android"   & iOS         62	  
TL;DR         PayPal Access enhancesapplications by adding a   verified user-base                           63	  
QUESTIONS?          64	  
THANKS! tmesserschmidt@paypal.com@seraandroid / @paypaleurodev      +tim messerschmidt  slideshare.net/PayPalEuDev        ...
Upcoming SlideShare
Loading in …5
×

PayPal Access GDG DevFest

2,501 views
2,346 views

Published on

These slides were presented at the Google DevFest 2012 in Berlin. They provide information about the implementation & functionality of PayPal Access.

Published in: Technology
0 Comments
2 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
2,501
On SlideShare
0
From Embeds
0
Number of Embeds
1,387
Actions
Shares
0
Downloads
8
Comments
0
Likes
2
Embeds 0
No embeds

No notes for slide
  • Final draft got introduced in April ’07Clunky to implement on client-sideIETF
  • Current draft considered as stableFocus on performance & scalabilityDifferent authorization scenarios
  • Current draft considered as stableFocus on performance & scalabilityDifferent authorization scenarios
  • Good news:Choosing the technique isnot that important
  • OAuth: Grant access to resourcesOpenID Connect: Grant access to more specialized resources & session management
  • Good news:Choosing the technique isnot that important
  • OAuth: Grant access to resourcesOpenID Connect: Grant access to more specialized resources
  • OAuth: Grant access to resourcesOpenID Connect: Grant access to more specialized resources
  • Real valueMore serious for some usecases
  • PayPal Access GDG DevFest

    1. 1. IDENTIFY YOURSELF WITH ACCESS Tim Messerschmidt Developer EvangelistGDG DEVFEST 2012 developer.PayPal 1  November 2012, Karlsruhe (via Hangout) @SeraAndroid
    2. 2. Who am I? 2  
    3. 3. Agenda•  What is PayPal Access?•  How does it work?•  Why should I use this?•  How to implement that? 3  
    4. 4. Slides goo.gl/u3Rix SlideShare: PayPalEuDevs 4  
    5. 5. WHAT ISACCESS? 5  
    6. 6. Can be used to login with your existing PayPal credentials 6  
    7. 7. Figure:Q3 2012 active users 7  
    8. 8. Leverage existingtechnology to push your own service(s) 8  
    9. 9. Based on OAuth 2.0 or OpenID Connect 9  
    10. 10. Not related to payments 10  
    11. 11. Free to use 11  
    12. 12. Introduced in 2011 12  
    13. 13. Additional features coming soon! 13  
    14. 14. Registration of apps: devportal.x.com 14  
    15. 15. 15  
    16. 16. HOW DOES IT LOOK LIKE? 16  
    17. 17. 17  
    18. 18. 18  
    19. 19. 19  
    20. 20. HOW DOESIT WORK?20   20  
    21. 21. OAuth? OpenID?OpenID Connect? 21  
    22. 22. OAuth 1.0 22  
    23. 23. OAuth 2.0 23  
    24. 24. OPINIONS ON OAUTH 2 24  
    25. 25. OAuth 2.0 & the Road to HellEran Hammer: http://hueniverse.com/2012/07/oauth-2-0-and-the-road-to-hell/ 25  
    26. 26. “OAuth 2.0 offers little to none code re-usability” 26  
    27. 27. “What 2.0 offers is a blueprint for anauthorization protocol” 27  
    28. 28. On the Deadness of OAuth 2Tim Bray: http://www.tbray.org/ongoing/When/201x/2012/07/28/Oauth2-dead 28  
    29. 29. “OAuth 2 isuseful today.” 29  
    30. 30. “OAuth 2 may not beperfect, and may have been harmed by the Enterprise crap, but the core of Web functionality […] seems to have survived.” 30  
    31. 31. OpenIDConnect 31  
    32. 32. 5 scopes 1.  profile 2.  emailfor access 3.  address to the 4.  phone profile: 5.  attributes 32  
    33. 33. THEDIFFERENCE 33  
    34. 34. OAuth 2.0 implementation can be easily changed to OpenID Connect Jonathan LeBlanc: https://www.x.com/developers/community/blogs/jcleblanc/migrating-paypal-access-integration-oauth-2-openid-connect   34  
    35. 35. WHYSHOULD IUSE THIS? 35  
    36. 36. People forget passwords…“45 % admit to leaving a websiteinstead of re-setting their passwordor answering security questions” ** Blue Inc. 2011 36  
    37. 37. People don’t like to register…Out of 657 surveyed users 66 %think that social sign-in is a desirablealternative. ** Blue Inc. 2011 37  
    38. 38. THE VALUE 38  
    39. 39. Leveragean existing profile 39  
    40. 40. Verified user accounts 40  
    41. 41. THE FLOW &SOME CODE 41  
    42. 42. Authorization Flow Client Server1.  Open Authorization 2.  Provide login page Endpoint URL 3.  Return Authorization4.  Check callbacks for Token after Authorization Token successful login5.  Request a valid 6.  Check Authorization Access Token Token & return7.  Retrieve user’s Access Token if valid resources 42  
    43. 43. Your components (OAuth 2)Server endpoints: Client details: 43  
    44. 44. Load the Authorization URL in a WebView and… 44  
    45. 45. … start checking the URLs your WebView is loading   45  
    46. 46. Retrieve the Access Token   46  
    47. 47. THE REPLY{ "access_token": "something not so long", "token_type": "Bearer", "refresh_token": ”something not so long", "expires_in": 900, "id_token": "something very long"} 47  
    48. 48. REFRESHING A TOKEN Do a POST including theRefresh Token to this endpoint: https://www.paypal.com/ webapps/auth/protocol/openidconnect/v1/tokenservice 48  
    49. 49. REFRESHING A TOKEN Change the Grant Type:grant_type=refresh_token Add the profile’s scope scope=profile 49  
    50. 50. VALIDATION Do a POST including theAccess Token to this endpoint: https://www.paypal.com/ webapps/auth/protocol/ openidconnect/v1/checkid 50  
    51. 51. VALIDATIONProvide the id_token value you got when receiving the Access Token access_token=myToken 51  
    52. 52. LOGGING OUT THE USER Do a POST including theAccess Token to this endpoint: https://www.paypal.com/ webapps/auth/protocol/openidconnect/v1/endsession 52  
    53. 53. LOGGING OUT THE USER Furthermore you have toadd the following parameters to the POST: redirect_url=myFancyUrl.com logout=true 53  
    54. 54. FURTHERINFORMATION 54  
    55. 55. Useful links•  goo.gl/y9HKO – Migrating PayPal Access to from OAuth 2 to OpenID Connect (Jonathan LeBlanc) •  goo.gl/1wjRV –  Sample project which has some helper classes that enable easy integration Access into your Android app –  Apache V2 55  
    56. 56. Official developer resources•  x.com/identity –  PayPal Access Developer Guide •  x.com/mobile –  PayPal payment products •  Mobile Payments Library (native) •  Mobile Express Checkout (web) 56  
    57. 57. Help!!?! Problems?•  paypal.com/dts –  Developer Technical Services –  Ticketing•  x.com/developers/paypal/forums –  PayPal Developer Forums 57  
    58. 58. INNOVATION 58  
    59. 59. QR Code adoptionbetween different countries 59  
    60. 60. % of Smartphone Audience 20   18   16   14   12   10   8   6   4   2   0   Germany   France   UK   Italy   Spain  * comScore MobiLens July 2012 60  
    61. 61. Adoption of QR Codes70% of 30.000.000 surveyedGerman households recognize QRCodes and know how to use them ** Nielsen 2011 61  
    62. 62. Available" for " Android" & iOS 62  
    63. 63. TL;DR PayPal Access enhancesapplications by adding a verified user-base 63  
    64. 64. QUESTIONS? 64  
    65. 65. THANKS! tmesserschmidt@paypal.com@seraandroid / @paypaleurodev +tim messerschmidt slideshare.net/PayPalEuDev 65  

    ×