Your SlideShare is downloading. ×
0
Authentication made EasyNCDevCon2012Billy Cravens
About meBilly CravensColdFusion since 4.0 (1999)Houston CFUG managerFormer DFWCFUG board memberOther languages: PHP, .NET;...
About meSupporter of Cystic Fibrosis (research)    www.CureCF.comTwitter: @bdcravensWeb:    www.billycravens.com    billy.io
Traditional authenticationsession check per requestCFLoginOS-based    IIS         Windows authentication, using IIS manage...
Pain points of traditional/Advantages of federated loginRegistration and conversion rates    (statistic here would be nice...
Disadvantages of federated loginUser experienceUncontrolled downtimeTrust and perception
Federated identity/single sign onOrigins   Liberty Alliance whitepaper   Microsoft “Passport”OpenIDOAuth
OpenIdServices usingThe workflowOpen source CF libraries
OpenIdServices using    Google    Yahoo    WordPress    Flickr    Other services    Roll your own
OpenIdThe workflow   OpenID URL   Authentication   Permission request   Shared secret   Returns profile info and unique ID (...
OpenIdOpen source CF libraries    http://www.yakhnov.info/go/projects/openid/    others on RiaForge
OAuthServices usingopen source CF librariesthe workflowoAuth 1.0 / 2.0Disadvantages
OAuthServices using    Twitter (originated here)    Facebook (oAuth 2.0)    LinkedIn
oAuth 2.0 Workflow   Send user to                     User logs in and grants              Send token to yourauthentication...
DevelopmentGoogleFacebookTwitterOthersintegrating into legacy systems
GoogleShow me the code
FacebookShow me the code
TwitterShow me the code
Integrate into existing securityAuthenticate your userAuthenticate with serviceCapture user ID field of service, save to da...
Authentication Using Twitter, Google, Facebook, And More
Upcoming SlideShare
Loading in...5
×

Authentication Using Twitter, Google, Facebook, And More

1,295

Published on

From my hands-on session at NCDevCon 2012

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
1,295
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
5
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide
  • \n
  • \n
  • \n
  • Session check: briefly show /session code (no more than 1 minute)\n\nCFLogin: briefly show /cflogin code (no more than 1 minute)\n\nOS options: don’t show examples\n
  • \n
  • Trust and perception:\n* people's unwillingness to grant *your* application access to their Twitter/FB/Google data. \n* Although most of these allow a level of access that is only used for auth, many users will not understand that and so may be hesitant to allow access. \n* you are placing trust in another authority, which is also an issue.\n* privacy issues: access to your website as data to mine\n\n
  • TODO: short blurb about Liberty Alliance. Discuss role in standard, merger into Kantara Initiative\n\nMS Passport: proprietary solution, some early adoption, Starbucks.com; \nbegan process of migrating Windows Live ID to OpenID, but never moved past CTP\n
  • \n
  • only one we’re interested in is Google\n\nin this presentation we’re only going to look at \n\n
  • TODO: a workflow diagram would be good\n
  • TODO: a workflow diagram would be good\n
  • \n
  • not going to look at LinkedIn\n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • Transcript of "Authentication Using Twitter, Google, Facebook, And More"

    1. 1. Authentication made EasyNCDevCon2012Billy Cravens
    2. 2. About meBilly CravensColdFusion since 4.0 (1999)Houston CFUG managerFormer DFWCFUG board memberOther languages: PHP, .NET; node.js ninja in trainingRemember the Wrox book?
    3. 3. About meSupporter of Cystic Fibrosis (research) www.CureCF.comTwitter: @bdcravensWeb: www.billycravens.com billy.io
    4. 4. Traditional authenticationsession check per requestCFLoginOS-based IIS Windows authentication, using IIS management console Apache Configure in .htaccess file
    5. 5. Pain points of traditional/Advantages of federated loginRegistration and conversion rates (statistic here would be nice!)Established user profilesCustomer care and password recovery costsSocial web Facebook: 845 million users Twitter: 300 millions users Google: 350 million Gmail users Linked In : 135 million users
    6. 6. Disadvantages of federated loginUser experienceUncontrolled downtimeTrust and perception
    7. 7. Federated identity/single sign onOrigins Liberty Alliance whitepaper Microsoft “Passport”OpenIDOAuth
    8. 8. OpenIdServices usingThe workflowOpen source CF libraries
    9. 9. OpenIdServices using Google Yahoo WordPress Flickr Other services Roll your own
    10. 10. OpenIdThe workflow OpenID URL Authentication Permission request Shared secret Returns profile info and unique ID (URI)
    11. 11. OpenIdOpen source CF libraries http://www.yakhnov.info/go/projects/openid/ others on RiaForge
    12. 12. OAuthServices usingopen source CF librariesthe workflowoAuth 1.0 / 2.0Disadvantages
    13. 13. OAuthServices using Twitter (originated here) Facebook (oAuth 2.0) LinkedIn
    14. 14. oAuth 2.0 Workflow Send user to User logs in and grants Send token to yourauthentication URI permissions callback URI API calls using Verify token token
    15. 15. DevelopmentGoogleFacebookTwitterOthersintegrating into legacy systems
    16. 16. GoogleShow me the code
    17. 17. FacebookShow me the code
    18. 18. TwitterShow me the code
    19. 19. Integrate into existing securityAuthenticate your userAuthenticate with serviceCapture user ID field of service, save to database
    1. A particular slide catching your eye?

      Clipping is a handy way to collect important slides you want to go back to later.

    ×