How to Avoid Losing Your Pants Using oAuth
Loading...
Flash Player 9 (or above) is needed to view presentations.
We have detected that you do not have it on your computer. To install it, go here.
1 Favorite
-
wesley83
favorited this 3 months ago
How to Avoid Losing Your Pants Using oAuth - Presentation Transcript
- HOW TO AVOID LOSING YOUR PANTS USING OAUTH EVERYTHING YOU NEED TO KNOW TO KEEP YOUR USERS SAFE AND MAINTAIN YOUR SANITY WITH OAUTH JESSE STAY CEO, SOCIALTOO.COM HTTP://STAYNALIVE.COM
- A LONG TIME AGO, IN A GALAXY FAR, FAR AWAY, THERE WAS A STORY OF A WISE OLD EMPEROR... OKAY, NOT THIS EMPEROR!
- THE “UNTOLD” TRUTH DON’T BE STUPID!
- DON’T GET CAUGHT WITH YOUR PANTS DOWN! MORAL OF THE STORY PHOTO VIA HTTP://WWW.FLICKR.COM/PHOTOS/WIRETHREAD/175023943/
- WHAT IS OAUTH?
- WHAT IS OAUTH? OAUTH IS OPEN
- WHAT IS OAUTH? OAUTH IS OPEN OAUTH IS SECURE
- WHAT IS OAUTH? OAUTH IS OPEN OAUTH IS SECURE OAUTH IS AUTHORIZATION
- WHAT IS OAUTH? OAUTH IS OPEN OAUTH IS SECURE OAUTH IS AUTHORIZATION OAUTH IS A STANDARD
- COMPONENTS OF OAUTH THE USER
- COMPONENTS OF OAUTH THE CONSUMER
- COMPONENTS OF OAUTH THE SERVICE PROVIDER
- BASIC FLOW OF AN OAUTH APP USER VISITS APPLICATION, CLICKS “AUTHORIZE” BUTTON
- BASIC FLOW OF AN OAUTH APP USER VISITS CONSUMER, CLICKS “AUTHORIZE” BUTTON CONSUMER REDIRECTS USER TO SERVICE PROVIDER FOR AUTH
- BASIC FLOW OF AN OAUTH APP USER VISITS CONSUMER, CLICKS “AUTHORIZE” BUTTON CONSUMER REDIRECTS USER TO SERVICE PROVIDER FOR AUTH PROVIDER RETURNS USER TO CONSUMER W/ TOKEN TO ACT ON BEHALF OF PROVIDER FOR THAT USER
- “BEHIND” THE SCENES CONSUMER FORMATS A REQUEST TO PROVIDER TO GET A REQUEST TOKEN, APPENDS REQUEST TOKEN TO THE PROVIDER AUTH URL CONSUMER THEN REDIRECTS USER TO PROVIDER AUTH URL W/ THE REQUEST TOKEN
- “BEHIND” THE SCENES USER AUTHENTICATES WITH PROVIDER, AUTHORIZES CONSUMER TO MAKE CALLS ON BEHALF OF USER
- “BEHIND” THE SCENES PROVIDER REDIRECTS USER BACK TO CONSUMER’S CALLBACK URL (SPECIFIED IN ORIGINAL CONSUMER TO PROVIDER REDIRECT OR IN APP SETTINGS) CONSUMER SENDS ORIGINAL REQUEST TOKEN, REQUESTING ACCESS TOKEN FROM PROVIDER
- “BEHIND” THE SCENES PROVIDER SENDS CONSUMER ACCESS TOKEN AND ACCESS TOKEN SECRET, GIVING CONSUMER PERMISSION TO MAKE API CALLS ON BEHALF OF USER CONSUMER MAKES API CALLS FOR USER!
- CONSUMER CALL AND REDIRECT TO PROVIDER: REAL WORLD EXAMPLE (THERE’S MORE THAN ONE WAY TO DO IT!)
- CONSUMER CALLBACK ON REDIRECT FROM PROVIDER: REAL WORLD EXAMPLE (THERE’S MORE THAN ONE WAY TO DO IT!)
- MAKE SOME API CALLS! REAL WORLD EXAMPLE (THERE’S MORE THAN ONE WAY TO DO IT!)
- OAUTH ON THE IPHONE
- OAUTH FOR DESKTOP PROVIDER ASKS USER FOR PIN USER ENTERS PIN IN CONSUMER DESKTOP APP CONSUMER SENDS PIN WITH REQUEST FOR ACCESS TOKEN
- FLAWS OF OAUTH MULTIPLE STEPS FOR USER TO AUTHENTICATE USER HAS TO LEAVE THE CONSUMER SITE NOT BUILT AS AN AUTHENTICATION PLATFORM - WHEN PROVIDER IS DOWN, SO IS OAUTH FOR THAT PROVIDER
- FACEBOOK CONNECT AUTHENTICATION AND AUTHORIZATION IN ONE USER NEVER LEAVES SITE MANY MORE INTEGRATED TOOLS CLOSED, PROPRIETARY
- ANY QUESTIONS? HTTP://WIKI.OAUTH.NET HTTP://STAYNALIVE.COM HTTP://APIWIKI.TWITTER.COM/AUTHENTICATION
+
408 views, 1 favs, more stats
Applications have long provided ways to enable othe more
More info about this document
© All Rights Reserved
Go to text version
- Total Views 408
- 408 on SlideShare
- Comments 0
- Favorites 1
- Downloads 7
Most viewed embeds
All embeds
- Upload Info
- Also on LinkedIn
- Uploaded via SlideShare
- Uploaded as Apple Keynote
0 comments
Post a comment