Your SlideShare is downloading. ×
OAuth 2.0 with IBM WebSphere DataPower
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×

Saving this for later?

Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime - even offline.

Text the download link to your phone

Standard text messaging rates apply

OAuth 2.0 with IBM WebSphere DataPower

1,331
views

Published on

Quick summary of the OAuth support provided by IBM WebSphere DataPoewr

Quick summary of the OAuth support provided by IBM WebSphere DataPoewr

Published in: Technology

0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
1,331
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
75
Comments
0
Likes
1
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. OAuth 2.0  Client type (application type) – Confidential – Public  Grant type (handshake/dance) – authorization code – Implicit grant – client credential – resource owner password  Token : Bearer (self contained)  Extension/Customization – Added Values Allow you to share your resources with a third party application without sharing your credentials with the third party application Authorization Code Grant Type
  • 2. Authorization Endpoint Obtain authorization/consent from end user Token Endpoint Exchange a temporary authorization for the actual access permission (in the form of access_token) Authorization Endpoint Token Endpoint DataPower Enforcement for Resource Server
  • 3. Authorization Code
  • 4. 4 Alice launches an application Resource Owner(Alice) OAuth 2.0 – Authorization Code authz token DataPower resource
  • 5. 5 Resource Owner(Alice) OAuth 2.0 – Authorization Code HTTP 302 Alice is redirected to an OAuth authorization server, so user can grant access to the application. authz token DataPower resource
  • 6. 6 Resource Owner(Alice) OAuth 2.0 – Authorization Code HTTP 302.. A temporary code is issued to the application authz token DataPower resource
  • 7. 7 Resource Owner(Alice) OAuth 2.0 – Authorization Code HTTP Authorization: Basic client_id:client_secret Exchange temporary code for access permission authz token DataPower resource
  • 8. 8 Resource Owner(Alice) OAuth 2.0 – Authorization Code Access resource with access_token authz token DataPower resource
  • 9. Implicit
  • 10. 10 Alice launches an application Resource Owner(Alice) OAuth 2.0 – Implicit authz DataPower resource
  • 11. 11 Resource Owner(Alice) OAuth 2.0 – Implicit HTTP 302 Alice is redirected to an OAuth authorization server, so user can grant access to the application. authz DataPower resource
  • 12. 12 Resource Owner(Alice) OAuth 2.0 – Implicit HTTP 200.. access_token is returned authz DataPower resource
  • 13. 13 Resource Owner(Alice) OAuth 2.0 – Implicit authz DataPower resource
  • 14. Resource Owner
  • 15. 15 Resource Owner(Alice) OAuth 2.0 – Resource Owner authz DataPower resource request Authorization: Basic client_id:client_secret username & password response access_token=xxxx
  • 16. 16 Resource Owner(Alice) OAuth 2.0 – Resource Owner authz DataPower resource access_token=xxxx
  • 17. Client Credentials
  • 18. 18 Resource Owner(Alice) OAuth 2.0 – Client Credentials authz DataPower resource request Authorization: Basic client_id:client_secret response access_token=xxxx
  • 19. 19 Resource Owner(Alice) OAuth 2.0 – Client Credentials authz DataPower resource access_token=xxxx
  • 20. Customization  3 DataPower grant types – Validation grant : urn:ibm:datapower:validate – Client Revoke Access grant : urn:ibm:datapower:client:revoke – Resource Owner Revoke Access grant : urn:ibm:owner:revoke  Extensibility thru different “plug points” during OAuth handshake/dance – This provides customization to the behavior of OAuth
  • 21. Use cases
  • 22. Resource Server DataPower DataPower access_token Authorization Server Access resources with access_token
  • 23. Resource Server DataPower DataPower access_token Authorization Server Access resources with access_token Resource Server DataPower access_token Other Authorization Server IBM TFIM Ping Federation ? Access resources with access_token
  • 24. Resource Server DataPower DataPower access_token Authorization Server Access resources with access_token Resource Server DataPower access_token Other Authorization Server IBM TFIM Ping Federation ? Access resources with access_token Resource Server DataPower access_token Authorization Server Access resources with access_token PEP