OAuth Multiple lifetime token
by Yahoo! Japan
1 Copyright © 2010 Yahoo Japan Corporation. All Rights Reserved. 無断引用・転載禁止
Summary
–Proposal toward OAuth v2 spec
–multipl...
2 Copyright © 2010 Yahoo Japan Corporation. All Rights Reserved. 無断引用・転載禁止
Yahoo! JAPAN OAuth APIs
Payment API ”Credit Car...
3 Copyright © 2010 Yahoo Japan Corporation. All Rights Reserved. 無断引用・転載禁止
Security Level of APIs
Security Level
Token
Lif...
4 Copyright © 2010 Yahoo Japan Corporation. All Rights Reserved. 無断引用・転載禁止
Current issue
– Moba-ge-town(http://yahoo-mbga....
5 Copyright © 2010 Yahoo Japan Corporation. All Rights Reserved. 無断引用・転載禁止
Web Server Profile
User-Agent
(Web browser)
Cli...
6 Copyright © 2010 Yahoo Japan Corporation. All Rights Reserved. 無断引用・転載禁止
User-agent Profile
– Still needs consideration ...
7 Copyright © 2010 Yahoo Japan Corporation. All Rights Reserved. 無断引用・転載禁止
Idea of multiple liftetime access token
– Manag...
8 Copyright © 2010 Yahoo Japan Corporation. All Rights Reserved. 無断引用・転載禁止
Idea of multiple lifetime refresh_token
– set a...
Upcoming SlideShare
Loading in …5
×

OAuth Multiple Lifetime Token

3,119 views
3,021 views

Published on

Published in: Technology, News & Politics
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
3,119
On SlideShare
0
From Embeds
0
Number of Embeds
19
Actions
Shares
0
Downloads
8
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

OAuth Multiple Lifetime Token

  1. 1. OAuth Multiple lifetime token by Yahoo! Japan
  2. 2. 1 Copyright © 2010 Yahoo Japan Corporation. All Rights Reserved. 無断引用・転載禁止 Summary –Proposal toward OAuth v2 spec –multiple lifetime tokens (access_token & refresh_token) –no change in process of OAuth, only change in token,lifetime and scope parameter. –Introduction of Yahoo! JAPAN OAuth API and security policy
  3. 3. 2 Copyright © 2010 Yahoo Japan Corporation. All Rights Reserved. 無断引用・転載禁止 Yahoo! JAPAN OAuth APIs Payment API ”Credit Card Payment” Point API ”Award and use Y!Points” Contacts API ”Read Contact List of Y!Mail” Social API ”Read & Update Y!Profiles” Attribute API ”Read User Attributes” Auction API ”Bidding or Selling at Y!Auction”
  4. 4. 3 Copyright © 2010 Yahoo Japan Corporation. All Rights Reserved. 無断引用・転載禁止 Security Level of APIs Security Level Token Lifetime Payment API Y! Point API high short Attribute API Contacts API middle medium Social APIs (User Status & Updates) low long
  5. 5. 4 Copyright © 2010 Yahoo Japan Corporation. All Rights Reserved. 無断引用・転載禁止 Current issue – Moba-ge-town(http://yahoo-mbga.jp/) – Social API (security level: low) – Update Yahoo! Profile – Contacts API (security level: middle) – Find Friends, Send Invitation to Friends – Payment API (security level: high) – Purchase Avatar Item, Virtual coin expires in 2w
  6. 6. 5 Copyright © 2010 Yahoo Japan Corporation. All Rights Reserved. 無断引用・転載禁止 Web Server Profile User-Agent (Web browser) Client (Web App) AuthZ Server (Service Provider) Access Grant Ask for Permission Authorization Request w/ multiple scopes Authorization code & multiple scopes Authorization code & multiple scopes Access(and refresh) Tokens with different lifetime w/ multiple scopes
  7. 7. 6 Copyright © 2010 Yahoo Japan Corporation. All Rights Reserved. 無断引用・転載禁止 User-agent Profile – Still needs consideration about the URL lengh User-Agent (Web browser) AuthZ Server (Service provider Access Grant Ask for Permission Authorization Request w/ multiple scopes multiple Access(or refresh) Token with different lifetime w/ multiple scopes
  8. 8. 7 Copyright © 2010 Yahoo Japan Corporation. All Rights Reserved. 無断引用・転載禁止 Idea of multiple liftetime access token – Manage each access token lifetime by “expires_in” { “scope": “payment social" "access_token": "SlAV32hkKG V2v5ehmLY" "expires_in": "3600 1206900" } expires in 1h. expires in 2w
  9. 9. 8 Copyright © 2010 Yahoo Japan Corporation. All Rights Reserved. 無断引用・転載禁止 Idea of multiple lifetime refresh_token – set access token lifetimes short and set refresh_token lifetimes longer { “scope": “payment social" "access_token": "SlAV32hkKG V2v5ehmLY" "expires_in": "3600 3600" "refresh_token": "8xLOxBtZp8 7euhZh4E" } expires in 1h. expires in 2w

×