OAuth Protocol 簡介
          by david
目的
➲   An open protocol to allow secure API authorization in a simple
    and standard method from desktop and web applica...
取得授權流程
OAuth App Sample: Twitter
如何產生認證簽署 (Signature)


➲   HMAC-SHA1
    ●   var sig = b64_hmac_sha1(key, baseString);
    ●   RFC2104


➲   RSA-SHA1
    ...
Signature Key via HMAC-SHA1


➲   Format:
    ●   [consumer secret]&[token secret]
    ●   token secret 即使是空值, & 符號仍然要保留

...
Signature Base String via HMAC-
             SHA1
➲   Format:
    ●   [http method]&[request url]&[request parameter strin...
OAuth Requset Example
          (request token)

➲   Authorization: OAuth
    oauth_consumer_key="0685bd9184jfhq22",
    o...
Demo
http://localhost/prototype/test_oauth.jsp
OAuth Authorize Page: Twitter

http://twitter.com/oauth/authorize/?
oauth_token=[received token value]
參考資料


➲   OAuth 1.0 Spec - http://oauth.net/core/1.0/

➲   OAuth Library - http://oauth.net/code/
    ●   Java
    ●   Ja...
Thank You!
Upcoming SlideShare
Loading in...5
×

OAuth簡介

2,429

Published on

OAuth protocol, a security mechanism for different web sites to retrieve data.

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
2,429
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
31
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

OAuth簡介

  1. 1. OAuth Protocol 簡介 by david
  2. 2. 目的 ➲ An open protocol to allow secure API authorization in a simple and standard method from desktop and web applications. ➲ 為了提供讓第三方軟體取得網路服務的被保護使用者資料 ➲ 共同公開標準的 API 取得授權流程 User Consumer Service Provider
  3. 3. 取得授權流程
  4. 4. OAuth App Sample: Twitter
  5. 5. 如何產生認證簽署 (Signature) ➲ HMAC-SHA1 ● var sig = b64_hmac_sha1(key, baseString); ● RFC2104 ➲ RSA-SHA1 ● RFC3447 section 8.2 ➲ PLAINTEXT ● 建議只有在 SSL 加密時才使用
  6. 6. Signature Key via HMAC-SHA1 ➲ Format: ● [consumer secret]&[token secret] ● token secret 即使是空值, & 符號仍然要保留 ➲ Example: ● 8vHfFq5mPB46AUjO7PtWGgFJcpAI1VfEyNA5F6Hh&
  7. 7. Signature Base String via HMAC- SHA1 ➲ Format: ● [http method]&[request url]&[request parameter string] ● request query string 必須要照字母排序 ● request url 及 request parameter string 都必須經過編碼 (javascript: encodeURIComponent) ➲ Request Parameter String Example: ● oauth_consumer_key=5rxRZZUSI2T00KIyLIMQAA &oauth_nonce=2998391270622 &oauth_signature_method=HMAC-SHA1 &oauth_timestamp=1267410026 &oath_version=1.0 ➲ Example: ● GET&http%3A%2F%2Ftwitter.com%2Foauth %2Frequest_token&oauth_consumer_key %3D5rxRZZUSI2T00KIyLIMQAA%26oauth_nonce %3D2998391270622%26oauth_signature_method%3DHMAC- SHA1%26oauth_timestamp%3D1267410026%26oauth_version %3D1.0
  8. 8. OAuth Requset Example (request token) ➲ Authorization: OAuth oauth_consumer_key="0685bd9184jfhq22", oauth_token="ad180jjd733klru7", oauth_signature_method="HMAC-SHA1", oauth_signature="wOJIO9A2W5mFwDgiDvZbTS MK%2FPY%3D", oauth_timestamp="137131200", oauth_nonce="4572616e48616d6d65724c61686176", oauth_version="1.0"
  9. 9. Demo http://localhost/prototype/test_oauth.jsp
  10. 10. OAuth Authorize Page: Twitter http://twitter.com/oauth/authorize/? oauth_token=[received token value]
  11. 11. 參考資料 ➲ OAuth 1.0 Spec - http://oauth.net/core/1.0/ ➲ OAuth Library - http://oauth.net/code/ ● Java ● Javascript ● PHP ● Ruby ● ... ➲ MHAC-SHA1 [RFC2104] http://tools.ietf.org/html/rfc2104
  12. 12. Thank You!
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×