Everything OAuth

6,419 views
6,301 views

Published on

A presentation given at Codebits 2010 about everything related to OAuth.

I didn't go into any deep technical details as I tried to cover most OAuth related topics.

Published in: Technology, Self Improvement
2 Comments
9 Likes
Statistics
Notes
No Downloads
Views
Total views
6,419
On SlideShare
0
From Embeds
0
Number of Embeds
375
Actions
Shares
0
Downloads
198
Comments
2
Likes
9
Embeds 0
No embeds

No notes for slide



  • Authorization - used most of the time
    Authentication - 2 legged OAuth, “sign in with twitter”, no to be confused with OpenID
    Built as an Open Protocol on top of already existing solutions (Amazon,Yahoo)
  • Blaine Cook from twitter, Chris Messina, David Recordon,Larry Halff from magnolia and others
  • RFC only published in April 2010
  • Authorization - used most of the time
    Authentication - 2 legged OAuth, “sign in with twitter”, no to be confused with OpenID
    Built as an Open Protocol on top of already existing solutions (Amazon,Yahoo)
  • Authorization - used most of the time
    Authentication - 2 legged OAuth, “sign in with twitter”, no to be confused with OpenID
    Built as an Open Protocol on top of already existing solutions (Amazon,Yahoo)














  • Example from twitter connections settings
  • Example from facebook where you can revoke apps and also individual permissions
  • Example from facebook where you can revoke apps and also individual permissions








  • Let’s see an example (next slide)




  • OOB = Out of Band aka PIN OAuth











  • Consumer sends along info about service provider and asks to verify credentials

  • OAuthpocalypse happened on August 31st 2010


  • Prevents man-in-the-middle attack






  • SAML: Security Assertion Markup Language


  • ×