Hybrid Auth: OpenID + OAuth
Upcoming SlideShare
Loading in...5
×
 

Hybrid Auth: OpenID + OAuth

on

  • 7,895 views

>>> This is a draft <<< Not all links/code may work. V1

>>> This is a draft <<< Not all links/code may work. V1

Statistics

Views

Total Views
7,895
Views on SlideShare
7,848
Embed Views
47

Actions

Likes
4
Downloads
77
Comments
0

3 Embeds 47

http://ykominami.blogspot.jp 25
http://www.slideshare.net 21
http://ykominami.blogspot.com 1

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

Hybrid Auth: OpenID + OAuth Hybrid Auth: OpenID + OAuth Presentation Transcript

  • Hybrid Auth: OAuth + OpenID Erik Eldridge Engineer/Evangelist Yahoo! Developer Network
  • Overview
    • What, Why, and How of Hybrid Authentication
    • Sample code
    • Summary
    • Resources
  • What is Hybrid Auth?
    • Using OpenID for authentication and Oauth to authorize data access
    • Similar to Facebook's Connect, but based on open standards
  • Why should we use it?
    • Easy
      • Single flow for end-users
    • Portable
      • Open source libraries
      • Any service can be an OpenID &quot;Provider&quot;
      • Transferable skill-set and technologies
  • How do we get started?
    • Setup
    • Implementation
    • Sample
  • Setup requirements
    • Visit developer.yahoo.com/dashboard
    • Register an OAuth application
    • Download Yahoo! Social SDK from github.com/yahoo
    • Download OpenID-Enabled library from openidenabled.com
  • Generalized implementation
    • Define a log in/out mechanism for your site
    • If user is not logged in, initialize authentication via OpenID with Simple Registration
    • In OpenID callback, check if OAuth access token for user is stored
    • If access token does not exist, exchange request token for access token and store access token
    • Log in user using local mechanism and begin fetching data using Oauth
  • Example
    • service
      • index.html
      • openid/
        • index.php
        • return_to.php
        • php-openid-2.1.3/
      • oauth/
        • index.php
        • yahoo-social-php-sdk/
  • Service/index.html, top
  • Service/index.html, middle
  • Service/index.html, bottom
  • Service/openid/index.php, top
  • Service/openid/index.php, bottom
  • Service/openid/return_to.php, top
  • Service/openid/return_to.php, middle
  • Service/openid/return_to.php, bottom
  • Service/oauth/index.php
  • Summary
    • What?
      • Combination of OpenID authentication and OAuth authorization
    • Why?
      • Convenient for the end-user: single auth flow
    • How?
      • Yahoo! Social SDK + OpenID-Enabled OpenID library (with a pinch of YUI and YQL)
  • Resources
    • developer.yahoo.com/openid
    • developer.yahoo.com/oauth
    • example.erikeldridge.com/{example code}
    • Find me on Twitter: @erikeldridge