How to Avoid Losing Your Pants Using oAuth
Upcoming SlideShare
Loading in...5
×
 

How to Avoid Losing Your Pants Using oAuth

on

  • 10,501 views

Applications have long provided ways to enable other applications to access their API. In the past this has involved naked, plain-text password storage that provided the illusion of users securely ...

Applications have long provided ways to enable other applications to access their API. In the past this has involved naked, plain-text password storage that provided the illusion of users securely giving permission to access the API in their name. oAuth removes this illusion, "putting the clothes" back on authorization so user data remains secure in an open, standards-supported way.

Statistics

Views

Total Views
10,501
Views on SlideShare
9,565
Embed Views
936

Actions

Likes
3
Downloads
56
Comments
0

3 Embeds 936

http://www.uxmagic.com 933
http://www.slideshare.net 2
http://webcache.googleusercontent.com 1

Accessibility

Upload Details

Uploaded via as Apple Keynote

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

How to Avoid Losing Your Pants Using oAuth How to Avoid Losing Your Pants Using oAuth Presentation Transcript

  • HOW TO AVOID LOSING YOUR PANTS USING OAUTH EVERYTHING YOU NEED TO KNOW TO KEEP YOUR USERS SAFE AND MAINTAIN YOUR SANITY WITH OAUTH JESSE STAY CEO, SOCIALTOO.COM HTTP://STAYNALIVE.COM
  • A LONG TIME AGO, IN A GALAXY FAR, FAR AWAY, THERE WAS A STORY OF A WISE OLD EMPEROR... OKAY, NOT THIS EMPEROR!
  • THE “UNTOLD” TRUTH DON’T BE STUPID!
  • DON’T GET CAUGHT WITH YOUR PANTS DOWN! MORAL OF THE STORY PHOTO VIA HTTP://WWW.FLICKR.COM/PHOTOS/WIRETHREAD/175023943/
  • WHAT IS OAUTH?
  • WHAT IS OAUTH? OAUTH IS OPEN
  • WHAT IS OAUTH? OAUTH IS OPEN OAUTH IS SECURE
  • WHAT IS OAUTH? OAUTH IS OPEN OAUTH IS SECURE OAUTH IS AUTHORIZATION
  • WHAT IS OAUTH? OAUTH IS OPEN OAUTH IS SECURE OAUTH IS AUTHORIZATION OAUTH IS A STANDARD
  • COMPONENTS OF OAUTH THE USER
  • COMPONENTS OF OAUTH THE CONSUMER
  • COMPONENTS OF OAUTH THE SERVICE PROVIDER
  • BASIC FLOW OF AN OAUTH APP USER VISITS APPLICATION, CLICKS “AUTHORIZE” BUTTON
  • BASIC FLOW OF AN OAUTH APP USER VISITS CONSUMER, CLICKS “AUTHORIZE” BUTTON CONSUMER REDIRECTS USER TO SERVICE PROVIDER FOR AUTH
  • BASIC FLOW OF AN OAUTH APP USER VISITS CONSUMER, CLICKS “AUTHORIZE” BUTTON CONSUMER REDIRECTS USER TO SERVICE PROVIDER FOR AUTH PROVIDER RETURNS USER TO CONSUMER W/ TOKEN TO ACT ON BEHALF OF PROVIDER FOR THAT USER
  • “BEHIND” THE SCENES CONSUMER FORMATS A REQUEST TO PROVIDER TO GET A REQUEST TOKEN, APPENDS REQUEST TOKEN TO THE PROVIDER AUTH URL CONSUMER THEN REDIRECTS USER TO PROVIDER AUTH URL W/ THE REQUEST TOKEN
  • “BEHIND” THE SCENES USER AUTHENTICATES WITH PROVIDER, AUTHORIZES CONSUMER TO MAKE CALLS ON BEHALF OF USER
  • “BEHIND” THE SCENES PROVIDER REDIRECTS USER BACK TO CONSUMER’S CALLBACK URL (SPECIFIED IN ORIGINAL CONSUMER TO PROVIDER REDIRECT OR IN APP SETTINGS) CONSUMER SENDS ORIGINAL REQUEST TOKEN, REQUESTING ACCESS TOKEN FROM PROVIDER
  • “BEHIND” THE SCENES PROVIDER SENDS CONSUMER ACCESS TOKEN AND ACCESS TOKEN SECRET, GIVING CONSUMER PERMISSION TO MAKE API CALLS ON BEHALF OF USER CONSUMER MAKES API CALLS FOR USER!
  • CONSUMER CALL AND REDIRECT TO PROVIDER: REAL WORLD EXAMPLE (THERE’S MORE THAN ONE WAY TO DO IT!)
  • CONSUMER CALLBACK ON REDIRECT FROM PROVIDER: REAL WORLD EXAMPLE (THERE’S MORE THAN ONE WAY TO DO IT!)
  • MAKE SOME API CALLS! REAL WORLD EXAMPLE (THERE’S MORE THAN ONE WAY TO DO IT!)
  • OAUTH ON THE IPHONE
  • OAUTH FOR DESKTOP PROVIDER ASKS USER FOR PIN USER ENTERS PIN IN CONSUMER DESKTOP APP CONSUMER SENDS PIN WITH REQUEST FOR ACCESS TOKEN
  • FLAWS OF OAUTH MULTIPLE STEPS FOR USER TO AUTHENTICATE USER HAS TO LEAVE THE CONSUMER SITE NOT BUILT AS AN AUTHENTICATION PLATFORM - WHEN PROVIDER IS DOWN, SO IS OAUTH FOR THAT PROVIDER
  • FACEBOOK CONNECT AUTHENTICATION AND AUTHORIZATION IN ONE USER NEVER LEAVES SITE MANY MORE INTEGRATED TOOLS CLOSED, PROPRIETARY
  • ANY QUESTIONS? HTTP://WIKI.OAUTH.NET HTTP://STAYNALIVE.COM HTTP://APIWIKI.TWITTER.COM/AUTHENTICATION