Submit Search
Upload
OAuth簡介
•
0 likes
•
1,174 views
F
firestoke
Follow
OAuth protocol, a security mechanism for different web sites to retrieve data.
Read less
Read more
Technology
Report
Share
Report
Share
1 of 12
Download now
Download to read offline
Recommended
REST is bad - Kfir Bloch - OpenStack Day Israel 2017
REST is bad - Kfir Bloch - OpenStack Day Israel 2017
Cloud Native Day Tel Aviv
Rest is bad
Rest is bad
Kfir Bloch
Demystifying REST
Demystifying REST
Kirsten Hunter
Proxy : effective logs for tracking down usage trends
Proxy : effective logs for tracking down usage trends
Proxies Rent
對抗釣魚與詐騙網站的經驗談
對抗釣魚與詐騙網站的經驗談
Jerry
Introduction to OAuth
Introduction to OAuth
Paul Osman
Engage 2013 - Multi Channel Data Collection
Engage 2013 - Multi Channel Data Collection
Webtrends
Android webservices
Android webservices
Krazy Koder
Recommended
REST is bad - Kfir Bloch - OpenStack Day Israel 2017
REST is bad - Kfir Bloch - OpenStack Day Israel 2017
Cloud Native Day Tel Aviv
Rest is bad
Rest is bad
Kfir Bloch
Demystifying REST
Demystifying REST
Kirsten Hunter
Proxy : effective logs for tracking down usage trends
Proxy : effective logs for tracking down usage trends
Proxies Rent
對抗釣魚與詐騙網站的經驗談
對抗釣魚與詐騙網站的經驗談
Jerry
Introduction to OAuth
Introduction to OAuth
Paul Osman
Engage 2013 - Multi Channel Data Collection
Engage 2013 - Multi Channel Data Collection
Webtrends
Android webservices
Android webservices
Krazy Koder
02 banking trojans-thomassiebert
02 banking trojans-thomassiebert
geeksec80
Django and Nginx reverse proxy cache
Django and Nginx reverse proxy cache
Anton Pirker
Token Based Authentication Systems with AngularJS & NodeJS
Token Based Authentication Systems with AngularJS & NodeJS
Hüseyin BABAL
Anex....,,,.
Anex....,,,.
Carlos Catanejo
Connecting to Web Services on Android
Connecting to Web Services on Android
sullis
Securing Single Page Applications with Token Based Authentication
Securing Single Page Applications with Token Based Authentication
Stefan Achtsnit
PHP Experience 2016 - [Palestra] Json Web Token (JWT)
PHP Experience 2016 - [Palestra] Json Web Token (JWT)
iMasters
Adding Identity Management and Access Control to your Application, Authorization
Adding Identity Management and Access Control to your Application, Authorization
Fernando Lopez Aguilar
How to use proxy server in .net application
How to use proxy server in .net application
codeandyou forums
Building Secure User Interfaces With JWTs (JSON Web Tokens)
Building Secure User Interfaces With JWTs (JSON Web Tokens)
Stormpath
Phishsense
Phishsense
Lorenzo Eccher
Ignite Talk: I AM a robot, how do I log in?
Ignite Talk: I AM a robot, how do I log in?
VMware Tanzu
Web Exploitation Security
Web Exploitation Security
Aman Singh
ASM 11.6 DDoS profile- lior rotkovitch
ASM 11.6 DDoS profile- lior rotkovitch
Lior Rotkovitch
Modern API Security with JSON Web Tokens
Modern API Security with JSON Web Tokens
Jonathan LeBlanc
GSS FED 別亂來交給我們來 Bear
GSS FED 別亂來交給我們來 Bear
DesBear Li
SiteTag 系統窮人調校法經驗談
SiteTag 系統窮人調校法經驗談
tsunghaolee
CSS架構如何加速功能開發
CSS架構如何加速功能開發
Oliver Lin
Caching and tuning fun for high scalability
Caching and tuning fun for high scalability
Wim Godden
Pinkoi 與 RWD @RGBA 構思
Pinkoi 與 RWD @RGBA 構思
Adam Wang
淺談 Startup 公司的軟體開發流程 v2
淺談 Startup 公司的軟體開發流程 v2
Wen-Tien Chang
Authorization with oAuth
Authorization with oAuth
Vivastream
More Related Content
What's hot
02 banking trojans-thomassiebert
02 banking trojans-thomassiebert
geeksec80
Django and Nginx reverse proxy cache
Django and Nginx reverse proxy cache
Anton Pirker
Token Based Authentication Systems with AngularJS & NodeJS
Token Based Authentication Systems with AngularJS & NodeJS
Hüseyin BABAL
Anex....,,,.
Anex....,,,.
Carlos Catanejo
Connecting to Web Services on Android
Connecting to Web Services on Android
sullis
Securing Single Page Applications with Token Based Authentication
Securing Single Page Applications with Token Based Authentication
Stefan Achtsnit
PHP Experience 2016 - [Palestra] Json Web Token (JWT)
PHP Experience 2016 - [Palestra] Json Web Token (JWT)
iMasters
Adding Identity Management and Access Control to your Application, Authorization
Adding Identity Management and Access Control to your Application, Authorization
Fernando Lopez Aguilar
How to use proxy server in .net application
How to use proxy server in .net application
codeandyou forums
Building Secure User Interfaces With JWTs (JSON Web Tokens)
Building Secure User Interfaces With JWTs (JSON Web Tokens)
Stormpath
Phishsense
Phishsense
Lorenzo Eccher
Ignite Talk: I AM a robot, how do I log in?
Ignite Talk: I AM a robot, how do I log in?
VMware Tanzu
Web Exploitation Security
Web Exploitation Security
Aman Singh
ASM 11.6 DDoS profile- lior rotkovitch
ASM 11.6 DDoS profile- lior rotkovitch
Lior Rotkovitch
Modern API Security with JSON Web Tokens
Modern API Security with JSON Web Tokens
Jonathan LeBlanc
What's hot
(15)
02 banking trojans-thomassiebert
02 banking trojans-thomassiebert
Django and Nginx reverse proxy cache
Django and Nginx reverse proxy cache
Token Based Authentication Systems with AngularJS & NodeJS
Token Based Authentication Systems with AngularJS & NodeJS
Anex....,,,.
Anex....,,,.
Connecting to Web Services on Android
Connecting to Web Services on Android
Securing Single Page Applications with Token Based Authentication
Securing Single Page Applications with Token Based Authentication
PHP Experience 2016 - [Palestra] Json Web Token (JWT)
PHP Experience 2016 - [Palestra] Json Web Token (JWT)
Adding Identity Management and Access Control to your Application, Authorization
Adding Identity Management and Access Control to your Application, Authorization
How to use proxy server in .net application
How to use proxy server in .net application
Building Secure User Interfaces With JWTs (JSON Web Tokens)
Building Secure User Interfaces With JWTs (JSON Web Tokens)
Phishsense
Phishsense
Ignite Talk: I AM a robot, how do I log in?
Ignite Talk: I AM a robot, how do I log in?
Web Exploitation Security
Web Exploitation Security
ASM 11.6 DDoS profile- lior rotkovitch
ASM 11.6 DDoS profile- lior rotkovitch
Modern API Security with JSON Web Tokens
Modern API Security with JSON Web Tokens
Viewers also liked
GSS FED 別亂來交給我們來 Bear
GSS FED 別亂來交給我們來 Bear
DesBear Li
SiteTag 系統窮人調校法經驗談
SiteTag 系統窮人調校法經驗談
tsunghaolee
CSS架構如何加速功能開發
CSS架構如何加速功能開發
Oliver Lin
Caching and tuning fun for high scalability
Caching and tuning fun for high scalability
Wim Godden
Pinkoi 與 RWD @RGBA 構思
Pinkoi 與 RWD @RGBA 構思
Adam Wang
淺談 Startup 公司的軟體開發流程 v2
淺談 Startup 公司的軟體開發流程 v2
Wen-Tien Chang
Viewers also liked
(6)
GSS FED 別亂來交給我們來 Bear
GSS FED 別亂來交給我們來 Bear
SiteTag 系統窮人調校法經驗談
SiteTag 系統窮人調校法經驗談
CSS架構如何加速功能開發
CSS架構如何加速功能開發
Caching and tuning fun for high scalability
Caching and tuning fun for high scalability
Pinkoi 與 RWD @RGBA 構思
Pinkoi 與 RWD @RGBA 構思
淺談 Startup 公司的軟體開發流程 v2
淺談 Startup 公司的軟體開發流程 v2
Similar to OAuth簡介
Authorization with oAuth
Authorization with oAuth
Vivastream
O auth how_to
O auth how_to
vivaqa
iMasters Intercon 2016 - Identity within Microservices
iMasters Intercon 2016 - Identity within Microservices
Erick Belluci Tedeschi
InterCon 2016 - Segurança de identidade digital levando em consideração uma a...
InterCon 2016 - Segurança de identidade digital levando em consideração uma a...
iMasters
OAuth 2 at Webvisions
OAuth 2 at Webvisions
Aaron Parecki
Some OAuth love
Some OAuth love
Nicolas Blanco
OAuth2 Authentication
OAuth2 Authentication
Ismael Costa
Pushed Authorization Requests
Pushed Authorization Requests
Torsten Lodderstedt
[LDAPCon 2015] The OpenID Connect Protocol
[LDAPCon 2015] The OpenID Connect Protocol
Clément OUDOT
Modern Security with OAuth 2.0 and JWT and Spring by Dmitry Buzdin
Modern Security with OAuth 2.0 and JWT and Spring by Dmitry Buzdin
Java User Group Latvia
The OpenID Connect Protocol
The OpenID Connect Protocol
Clément OUDOT
REST API Security: OAuth 2.0, JWTs, and More!
REST API Security: OAuth 2.0, JWTs, and More!
Stormpath
The Current State of OAuth 2
The Current State of OAuth 2
Aaron Parecki
Oauth 2.0 security
Oauth 2.0 security
vinoth kumar
Securing APIs
Securing APIs
WSO2
OAuth 2.0
OAuth 2.0
Uwe Friedrichsen
GDG Cloud Taipei: Meetup #52 - Istio Security: API Authorization
GDG Cloud Taipei: Meetup #52 - Istio Security: API Authorization
KAI CHU CHUNG
AllTheTalks.Online 2020: "Basics of OAuth 2.0 and OpenID Connect"
AllTheTalks.Online 2020: "Basics of OAuth 2.0 and OpenID Connect"
Andreas Falk
OAuth and OEmbed
OAuth and OEmbed
leahculver
What the Heck is OAuth and OIDC - UberConf 2018
What the Heck is OAuth and OIDC - UberConf 2018
Matt Raible
Similar to OAuth簡介
(20)
Authorization with oAuth
Authorization with oAuth
O auth how_to
O auth how_to
iMasters Intercon 2016 - Identity within Microservices
iMasters Intercon 2016 - Identity within Microservices
InterCon 2016 - Segurança de identidade digital levando em consideração uma a...
InterCon 2016 - Segurança de identidade digital levando em consideração uma a...
OAuth 2 at Webvisions
OAuth 2 at Webvisions
Some OAuth love
Some OAuth love
OAuth2 Authentication
OAuth2 Authentication
Pushed Authorization Requests
Pushed Authorization Requests
[LDAPCon 2015] The OpenID Connect Protocol
[LDAPCon 2015] The OpenID Connect Protocol
Modern Security with OAuth 2.0 and JWT and Spring by Dmitry Buzdin
Modern Security with OAuth 2.0 and JWT and Spring by Dmitry Buzdin
The OpenID Connect Protocol
The OpenID Connect Protocol
REST API Security: OAuth 2.0, JWTs, and More!
REST API Security: OAuth 2.0, JWTs, and More!
The Current State of OAuth 2
The Current State of OAuth 2
Oauth 2.0 security
Oauth 2.0 security
Securing APIs
Securing APIs
OAuth 2.0
OAuth 2.0
GDG Cloud Taipei: Meetup #52 - Istio Security: API Authorization
GDG Cloud Taipei: Meetup #52 - Istio Security: API Authorization
AllTheTalks.Online 2020: "Basics of OAuth 2.0 and OpenID Connect"
AllTheTalks.Online 2020: "Basics of OAuth 2.0 and OpenID Connect"
OAuth and OEmbed
OAuth and OEmbed
What the Heck is OAuth and OIDC - UberConf 2018
What the Heck is OAuth and OIDC - UberConf 2018
Recently uploaded
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of Brazil
V3cube
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
Enterprise Knowledge
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
wesley chun
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
The Digital Insurer
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
apidays
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
ThousandEyes
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
gurkirankumar98700
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
The Digital Insurer
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
Paola De la Torre
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Roshan Dwivedi
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
giselly40
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Safe Software
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Neo4j
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
Earley Information Science
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
Radu Cotescu
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
Allon Mureinik
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
Delhi Call girls
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
Results
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
hans926745
Recently uploaded
(20)
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of Brazil
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
OAuth簡介
1.
OAuth Protocol 簡介
by david
2.
目的 ➲
An open protocol to allow secure API authorization in a simple and standard method from desktop and web applications. ➲ 為了提供讓第三方軟體取得網路服務的被保護使用者資料 ➲ 共同公開標準的 API 取得授權流程 User Consumer Service Provider
3.
取得授權流程
4.
OAuth App Sample:
Twitter
5.
如何產生認證簽署 (Signature) ➲
HMAC-SHA1 ● var sig = b64_hmac_sha1(key, baseString); ● RFC2104 ➲ RSA-SHA1 ● RFC3447 section 8.2 ➲ PLAINTEXT ● 建議只有在 SSL 加密時才使用
6.
Signature Key via
HMAC-SHA1 ➲ Format: ● [consumer secret]&[token secret] ● token secret 即使是空值, & 符號仍然要保留 ➲ Example: ● 8vHfFq5mPB46AUjO7PtWGgFJcpAI1VfEyNA5F6Hh&
7.
Signature Base String
via HMAC- SHA1 ➲ Format: ● [http method]&[request url]&[request parameter string] ● request query string 必須要照字母排序 ● request url 及 request parameter string 都必須經過編碼 (javascript: encodeURIComponent) ➲ Request Parameter String Example: ● oauth_consumer_key=5rxRZZUSI2T00KIyLIMQAA &oauth_nonce=2998391270622 &oauth_signature_method=HMAC-SHA1 &oauth_timestamp=1267410026 &oath_version=1.0 ➲ Example: ● GET&http%3A%2F%2Ftwitter.com%2Foauth %2Frequest_token&oauth_consumer_key %3D5rxRZZUSI2T00KIyLIMQAA%26oauth_nonce %3D2998391270622%26oauth_signature_method%3DHMAC- SHA1%26oauth_timestamp%3D1267410026%26oauth_version %3D1.0
8.
OAuth Requset Example
(request token) ➲ Authorization: OAuth oauth_consumer_key="0685bd9184jfhq22", oauth_token="ad180jjd733klru7", oauth_signature_method="HMAC-SHA1", oauth_signature="wOJIO9A2W5mFwDgiDvZbTS MK%2FPY%3D", oauth_timestamp="137131200", oauth_nonce="4572616e48616d6d65724c61686176", oauth_version="1.0"
9.
Demo http://localhost/prototype/test_oauth.jsp
10.
OAuth Authorize Page:
Twitter http://twitter.com/oauth/authorize/? oauth_token=[received token value]
11.
參考資料 ➲
OAuth 1.0 Spec - http://oauth.net/core/1.0/ ➲ OAuth Library - http://oauth.net/code/ ● Java ● Javascript ● PHP ● Ruby ● ... ➲ MHAC-SHA1 [RFC2104] http://tools.ietf.org/html/rfc2104
12.
Thank You!
Download now