• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
OAuth簡介
 

OAuth簡介

on

  • 2,617 views

OAuth protocol, a security mechanism for different web sites to retrieve data.

OAuth protocol, a security mechanism for different web sites to retrieve data.

Statistics

Views

Total Views
2,617
Views on SlideShare
2,615
Embed Views
2

Actions

Likes
0
Downloads
27
Comments
0

1 Embed 2

http://www.linkedin.com 2

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    OAuth簡介 OAuth簡介 Presentation Transcript

    • OAuth Protocol 簡介 by david
    • 目的 ➲ An open protocol to allow secure API authorization in a simple and standard method from desktop and web applications. ➲ 為了提供讓第三方軟體取得網路服務的被保護使用者資料 ➲ 共同公開標準的 API 取得授權流程 User Consumer Service Provider
    • 取得授權流程
    • OAuth App Sample: Twitter
    • 如何產生認證簽署 (Signature) ➲ HMAC-SHA1 ● var sig = b64_hmac_sha1(key, baseString); ● RFC2104 ➲ RSA-SHA1 ● RFC3447 section 8.2 ➲ PLAINTEXT ● 建議只有在 SSL 加密時才使用
    • Signature Key via HMAC-SHA1 ➲ Format: ● [consumer secret]&[token secret] ● token secret 即使是空值, & 符號仍然要保留 ➲ Example: ● 8vHfFq5mPB46AUjO7PtWGgFJcpAI1VfEyNA5F6Hh&
    • Signature Base String via HMAC- SHA1 ➲ Format: ● [http method]&[request url]&[request parameter string] ● request query string 必須要照字母排序 ● request url 及 request parameter string 都必須經過編碼 (javascript: encodeURIComponent) ➲ Request Parameter String Example: ● oauth_consumer_key=5rxRZZUSI2T00KIyLIMQAA &oauth_nonce=2998391270622 &oauth_signature_method=HMAC-SHA1 &oauth_timestamp=1267410026 &oath_version=1.0 ➲ Example: ● GET&http%3A%2F%2Ftwitter.com%2Foauth %2Frequest_token&oauth_consumer_key %3D5rxRZZUSI2T00KIyLIMQAA%26oauth_nonce %3D2998391270622%26oauth_signature_method%3DHMAC- SHA1%26oauth_timestamp%3D1267410026%26oauth_version %3D1.0
    • OAuth Requset Example (request token) ➲ Authorization: OAuth oauth_consumer_key="0685bd9184jfhq22", oauth_token="ad180jjd733klru7", oauth_signature_method="HMAC-SHA1", oauth_signature="wOJIO9A2W5mFwDgiDvZbTS MK%2FPY%3D", oauth_timestamp="137131200", oauth_nonce="4572616e48616d6d65724c61686176", oauth_version="1.0"
    • Demo http://localhost/prototype/test_oauth.jsp
    • OAuth Authorize Page: Twitter http://twitter.com/oauth/authorize/? oauth_token=[received token value]
    • 參考資料 ➲ OAuth 1.0 Spec - http://oauth.net/core/1.0/ ➲ OAuth Library - http://oauth.net/code/ ● Java ● Javascript ● PHP ● Ruby ● ... ➲ MHAC-SHA1 [RFC2104] http://tools.ietf.org/html/rfc2104
    • Thank You!