• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content

Loading…

Flash Player 9 (or above) is needed to view presentations.
We have detected that you do not have it on your computer. To install it, go here.

Like this presentation? Why not share!

OAuth Multiple Lifetime Token

on

  • 3,114 views

 

Statistics

Views

Total Views
3,114
Views on SlideShare
3,101
Embed Views
13

Actions

Likes
1
Downloads
7
Comments
0

2 Embeds 13

https://si0.twimg.com 10
https://twimg0-a.akamaihd.net 3

Accessibility

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    OAuth Multiple Lifetime Token OAuth Multiple Lifetime Token Presentation Transcript

    • OAuth Multiple lifetime token
      byYahoo! Japan
    • 1
      Copyright © 2010 Yahoo Japan Corporation. All Rights Reserved. 無断引用・転載禁止
      Summary
      Proposal toward OAuth v2 spec
      multiple lifetime tokens (access_token & refresh_token)
      no change in process of OAuth, only change in token,lifetime and scope parameter.
      Introduction of Yahoo! JAPAN OAuth API and security policy
    • 2
      Copyright © 2010 Yahoo Japan Corporation. All Rights Reserved. 無断引用・転載禁止
      Yahoo! JAPAN OAuth APIs
      Payment API”Credit Card Payment”
      Point API”Award and use Y!Points”
      Contacts API”Read Contact List of Y!Mail”
      Social API”Read & Update Y!Profiles”
      Attribute API”Read User Attributes”
      Auction API”Bidding or Selling at Y!Auction”
    • 3
      Copyright © 2010 Yahoo Japan Corporation. All Rights Reserved. 無断引用・転載禁止
      Security Level of APIs
    • 4
      Copyright © 2010 Yahoo Japan Corporation. All Rights Reserved. 無断引用・転載禁止
      Current issue
      Moba-ge-town(http://yahoo-mbga.jp/)
      Social API(security level: low)
      Update Yahoo! Profile
      Contacts API(security level: middle)
      Find Friends, Send Invitation to Friends
      Payment API(security level: high)
      Purchase Avatar Item, Virtual coin
      expires in 2w
    • 5
      Copyright © 2010 Yahoo Japan Corporation. All Rights Reserved. 無断引用・転載禁止
      Web Server Profile
      User-Agent
      (Web browser)
      Client
      (Web App)
      AuthZ Server
      (Service Provider)
      Authorization Request w/ multiple scopes
      Ask for Permission
      Access Grant
      Authorization code & multiple scopes
      Authorization code & multiple scopes
      Access(and refresh) Tokens with different lifetimew/ multiple scopes
    • 6
      Copyright © 2010 Yahoo Japan Corporation. All Rights Reserved. 無断引用・転載禁止
      User-agent Profile
      Still needs consideration about the URL lengh
      User-Agent
      (Web browser)
      AuthZ Server
      (Service provider
      Authorization Request w/ multiple scopes
      Ask for Permission
      Access Grant
      multiple Access(or refresh) Token with different lifetime w/multiple scopes
    • 7
      Copyright © 2010 Yahoo Japan Corporation. All Rights Reserved. 無断引用・転載禁止
      Idea of multiple liftetime access token
      Manage each access token lifetime by “expires_in”
      {
      “scope": “paymentsocial"
      "access_token": "SlAV32hkKGV2v5ehmLY"
      "expires_in": "36001206900"
      }
      expires in 1h.
      expires in 2w
    • 8
      Copyright © 2010 Yahoo Japan Corporation. All Rights Reserved. 無断引用・転載禁止
      Idea of multiple lifetime refresh_token
      set access token lifetimes short and set refresh_tokenlifetimeslonger
      {
      “scope": “paymentsocial"
      "access_token": "SlAV32hkKGV2v5ehmLY"
      "expires_in": "36003600"
      "refresh_token": "8xLOxBtZp87euhZh4E"
      }
      expires in 1h.
      expires in 2w