0
Hybrid Auth: OAuth + OpenID Erik Eldridge Engineer/Evangelist Yahoo! Developer Network
Overview <ul><li>What, Why, and How of Hybrid Authentication </li></ul><ul><li>Sample code </li></ul><ul><li>Summary </li>...
What is Hybrid Auth? <ul><li>Using OpenID for authentication and Oauth to authorize data access </li></ul><ul><li>Similar ...
Why should we use it? <ul><li>Easy </li></ul><ul><ul><li>Single flow for end-users </li></ul></ul><ul><li>Portable </li></...
How do we get started? <ul><li>Setup </li></ul><ul><li>Implementation </li></ul><ul><li>Sample </li></ul>
Setup requirements <ul><li>Visit developer.yahoo.com/dashboard </li></ul><ul><li>Register an OAuth application </li></ul><...
Generalized implementation <ul><li>Define a  log in/out  mechanism for your site </li></ul><ul><li>If user is not logged i...
Example <ul><li>service </li></ul><ul><ul><li>index.html </li></ul></ul><ul><ul><li>openid/ </li></ul></ul><ul><ul><ul><li...
Service/index.html, top
Service/index.html, middle
Service/index.html, bottom
Service/openid/index.php, top
Service/openid/index.php, bottom
Service/openid/return_to.php, top
Service/openid/return_to.php, middle
Service/openid/return_to.php, bottom
Service/oauth/index.php
Summary <ul><li>What? </li></ul><ul><ul><li>Combination of OpenID authentication and OAuth authorization </li></ul></ul><u...
Resources <ul><li>developer.yahoo.com/openid </li></ul><ul><li>developer.yahoo.com/oauth </li></ul><ul><li>example.erikeld...
Upcoming SlideShare
Loading in...5
×

Hybrid Auth: OpenID + OAuth

6,062

Published on

>>> This is a draft <<< Not all links/code may work. V1

Published in: Technology, Business
0 Comments
4 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
6,062
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
81
Comments
0
Likes
4
Embeds 0
No embeds

No notes for slide

Transcript of "Hybrid Auth: OpenID + OAuth"

  1. 1. Hybrid Auth: OAuth + OpenID Erik Eldridge Engineer/Evangelist Yahoo! Developer Network
  2. 2. Overview <ul><li>What, Why, and How of Hybrid Authentication </li></ul><ul><li>Sample code </li></ul><ul><li>Summary </li></ul><ul><li>Resources </li></ul>
  3. 3. What is Hybrid Auth? <ul><li>Using OpenID for authentication and Oauth to authorize data access </li></ul><ul><li>Similar to Facebook's Connect, but based on open standards </li></ul>
  4. 4. Why should we use it? <ul><li>Easy </li></ul><ul><ul><li>Single flow for end-users </li></ul></ul><ul><li>Portable </li></ul><ul><ul><li>Open source libraries </li></ul></ul><ul><ul><li>Any service can be an OpenID &quot;Provider&quot; </li></ul></ul><ul><ul><li>Transferable skill-set and technologies </li></ul></ul>
  5. 5. How do we get started? <ul><li>Setup </li></ul><ul><li>Implementation </li></ul><ul><li>Sample </li></ul>
  6. 6. Setup requirements <ul><li>Visit developer.yahoo.com/dashboard </li></ul><ul><li>Register an OAuth application </li></ul><ul><li>Download Yahoo! Social SDK from github.com/yahoo </li></ul><ul><li>Download OpenID-Enabled library from openidenabled.com </li></ul>
  7. 7. Generalized implementation <ul><li>Define a log in/out mechanism for your site </li></ul><ul><li>If user is not logged in, initialize authentication via OpenID with Simple Registration </li></ul><ul><li>In OpenID callback, check if OAuth access token for user is stored </li></ul><ul><li>If access token does not exist, exchange request token for access token and store access token </li></ul><ul><li>Log in user using local mechanism and begin fetching data using Oauth </li></ul>
  8. 8. Example <ul><li>service </li></ul><ul><ul><li>index.html </li></ul></ul><ul><ul><li>openid/ </li></ul></ul><ul><ul><ul><li>index.php </li></ul></ul></ul><ul><ul><ul><li>return_to.php </li></ul></ul></ul><ul><ul><ul><li>php-openid-2.1.3/ </li></ul></ul></ul><ul><ul><li>oauth/ </li></ul></ul><ul><ul><ul><li>index.php </li></ul></ul></ul><ul><ul><ul><li>yahoo-social-php-sdk/ </li></ul></ul></ul>
  9. 9. Service/index.html, top
  10. 10. Service/index.html, middle
  11. 11. Service/index.html, bottom
  12. 12. Service/openid/index.php, top
  13. 13. Service/openid/index.php, bottom
  14. 14. Service/openid/return_to.php, top
  15. 15. Service/openid/return_to.php, middle
  16. 16. Service/openid/return_to.php, bottom
  17. 17. Service/oauth/index.php
  18. 18. Summary <ul><li>What? </li></ul><ul><ul><li>Combination of OpenID authentication and OAuth authorization </li></ul></ul><ul><li>Why? </li></ul><ul><ul><li>Convenient for the end-user: single auth flow </li></ul></ul><ul><li>How? </li></ul><ul><ul><li>Yahoo! Social SDK + OpenID-Enabled OpenID library (with a pinch of YUI and YQL) </li></ul></ul>
  19. 19. Resources <ul><li>developer.yahoo.com/openid </li></ul><ul><li>developer.yahoo.com/oauth </li></ul><ul><li>example.erikeldridge.com/{example code} </li></ul><ul><li>Find me on Twitter: @erikeldridge </li></ul>
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×