Slideshare.net (beta)

Home My Slidespace Upload Community Tags Widgets

Latest | Most Viewed | Most Embedded | Featured | Most Favorited | Most Downloaded | Slidecasts

 
Post: 
Myspace Hi5 Friendster Xanga LiveJournal Facebook Blogger Tagged Typepad Freewebs BlackPlanet gigya icons
Download file



All comments

Add a comment on Slide 1

If you have a SlideShare account, login to comment; else you can comment as a guest


Showing 1-50 of 25 (more)

OAuth - Open API Authentication

From leahculver, 7 months ago

http://www.justin.tv/hackertv/49975/Tech_Talk_1_Leah_Culver_on_OAu more

5583 views  |  1 comment  |  24 favorites  |  253 downloads  |  9 embeds (Stats)
Share this slideshow
Download file
 

Tags

pownce leahculver justin.tv web2.0 authentication api oauth leah culver auth openapi

more

 
 

Groups/Events

 
 

Privacy InfoNew!

This slideshow is Public

 
Embed in your blog
Embed (wordpress.com)
custom

Slideshow Statistics
Total Views: 5583
on Slideshare: 5381
from embeds: 202* * Views from embeds since 21 Aug, 07

Most viewed embeds (Top 5):

Slideshow transcript

Slide 1: OAuth Basic Introduction

Slide 2: What is OAuth? A simple open standard for secure API authentication.

Slide 3: The Love Triangle End User Service Provider Consumer Application (fake applications by EHL) http://www.hueniverse.com/hueniverse/2007/10/oauth-end-user-.html

Slide 4: Specifically OAuth is... • Authentication Need to log in to access parts of a website ex: bookmark a link, post a photo, add a friend, view a private message • Token-based Authentication Logged-in user has a unique token used to access data from the site

Slide 5: Similar to... • Flickr Auth • Google’s AuthSub • Yahoo’s BBAuth • Facebook Auth • and others...

Slide 6: Who is involved?

Slide 7: Goals: Be Simple • standard for website API authentication • consistent for developers • easy for users to understand * * this is hard

Slide 8: Goals: Be Secure • secure for users • easy to implement security features for developers • balance security with ease of use

Slide 9: Goals: Be Open • any website can implement OAuth • any developer can use OAuth • open source client libraries • published technical specifications

Slide 10: Goals: Be Flexible • don’t need a username and password • authentication method agnostic • can use OpenID (or not!) • whatever works best for the web service • developers don’t need to handle auth

Slide 11: What the end user sees... an example from ma.gnolia and nsyght.

Slide 12: OMG! Need to login!

Slide 13: Login with service provider

Slide 14: Authorize

Slide 15: Done!

Slide 16: How Does OAuth Work? (for developers)

Slide 17: Register a Consumer Application • Provide service provider with data about your application (name, creator, url etc...) • Service provider assigns consumer a consumer key and consumer secret • Service provider gives documentation of authorization URLs and methods

Slide 18: Authorization Process 1. Obtain request token 2. User authorizes request token 3. Exchange request token for access token 4. Use access token to obtain protected resources

Slide 19: OAuth Parameters • oauth_consumer_key • oauth_token • oauth_signature • oauth_signature_method • oauth_timestamp • oauth_nonce

Slide 20: Where is this information passed? • HTTP Authorization header • HTTP POST request body (form params) • URL query string parameters

Slide 21: Security • Tokens - aren’t passing username/password • Timestamp and nonce - verify unique requests • Signature - encrypted parameters help service provider recognize consumer • Signature methods - HMAC-SHA1, RSA- SHA1, Plaintext over a secure channel (such as SSL)

Slide 22: Current Status of OAuth • oauth.net • Auth Core 1.0 Draft 7 • several libraries Python, Ruby, Perl, C# ...) for consumers and service providers (PHP, • Ma.gnolia and Twitter implementations • more implementations soon!

Slide 23: Thanks! Chris is still working on the logo...

© 2008 SlideShare Inc. All Rights Reserved.
App06 is serving you.