OAuth - Open API Authentication
Loading...
Flash Player 9 (or above) is needed to view presentations.
We have detected that you do not have it on your computer. To install it, go here.
44 Favorites & 1 Group
-
Domon
favorited this 1 week ago
-
Dinesh Vasudevan, Software at GL, favorited this 3 weeks ago
-
maxhorvath
favorited this 4 weeks ago
-
David Lafon, Web developer at groupe Reflect - Emakina group, favorited this 1 month ago
-
Stefano Sanna favorited this 1 month ago
-
tzhang
favorited this 1 month ago
-
adorepump, software developer
favorited this 1 month ago
-
Dan Donald, Web developer favorited this 2 months ago
-
izuno
favorited this 4 months ago
-
aleung
favorited this 5 months ago
-
joeri.cochuyt
favorited this 5 months ago
-
toafu
favorited this 5 months ago
-
shinyzhu
favorited this 5 months ago
-
Craig Scott, Senior Product Manager at Elsevier,
favorited this 7 months ago
-
rawwell
favorited this 8 months ago
OAuth - Open API Authentication - Presentation Transcript
- OAuth Basic Introduction
- What is OAuth? A simple open standard for secure API authentication.
- The Love Triangle End User Service Provider Consumer Application (fake applications by EHL) http://www.hueniverse.com/hueniverse/2007/10/oauth-end-user-.html
- Specifically OAuth is... • Authentication Need to log in to access parts of a website ex: bookmark a link, post a photo, add a friend, view a private message • Token-based Authentication Logged-in user has a unique token used to access data from the site
- Similar to... • Flickr Auth • Google’s AuthSub • Yahoo’s BBAuth • Facebook Auth • and others...
- Who is involved?
- Goals: Be Simple • standard for website API authentication • consistent for developers • easy for users to understand * * this is hard
- Goals: Be Secure • secure for users • easy to implement security features for developers • balance security with ease of use
- Goals: Be Open • any website can implement OAuth • any developer can use OAuth • open source client libraries • published technical specifications
- Goals: Be Flexible • don’t need a username and password • authentication method agnostic • can use OpenID (or not!) • whatever works best for the web service • developers don’t need to handle auth
- What the end user sees... an example from ma.gnolia and nsyght.
- OMG! Need to login!
- Login with service provider
- Authorize
- Done!
- How Does OAuth Work? (for developers)
- Register a Consumer Application • Provide service provider with data about your application (name, creator, url etc...) • Service provider assigns consumer a consumer key and consumer secret • Service provider gives documentation of authorization URLs and methods
- Authorization Process 1. Obtain request token 2. User authorizes request token 3. Exchange request token for access token 4. Use access token to obtain protected resources
- OAuth Parameters • oauth_consumer_key • oauth_token • oauth_signature • oauth_signature_method • oauth_timestamp • oauth_nonce
- Where is this information passed? • HTTP Authorization header • HTTP POST request body (form params) • URL query string parameters
- Security • Tokens - aren’t passing username/password • Timestamp and nonce - verify unique requests • Signature - encrypted parameters help service provider recognize consumer • Signature methods - HMAC-SHA1, RSA- SHA1, Plaintext over a secure channel (such as SSL)
- Current Status of OAuth • oauth.net • Auth Core 1.0 Draft 7 • several libraries Python, Ruby, Perl, C# ...) for consumers and service providers (PHP, • Ma.gnolia and Twitter implementations • more implementations soon!
- Thanks! Chris is still working on the logo...
leahculver, 2 years ago
10895 views, 44 favs, more stats
http://www.justin.tv/hackertv/49975/Tech_Talk_1_Lea more
More Info
© All Rights Reserved
Go to text version- Total Views 10895
- 10594 on SlideShare
- Comments 1
- Favorites 44
- Downloads 406
Most viewed embeds
All embeds
- Uploaded via SlideShare
- Uploaded as Adobe PDF
1 comments
Comments 1 - 1 of 1 previous next Post a comment