Your SlideShare is downloading. ×
OAuth 2.0 & OpenID Connect @ OpenSource Conference 2011 Tokyo #osc11tk
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

OAuth 2.0 & OpenID Connect @ OpenSource Conference 2011 Tokyo #osc11tk

4,254

Published on

Published in: Technology
0 Comments
6 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
4,254
On Slideshare
0
From Embeds
0
Number of Embeds
8
Actions
Shares
0
Downloads
136
Comments
0
Likes
6
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. OAuth 2.0 &OpenID Connect
  • 2. @novOpenID Foundation Japan EvangelistOAuth.jpRuby Libraries rack-oauth2 openid_connect fb_graph OpenSource Conference 2011
  • 3. OpenSource Conference 2011
  • 4. Current TrendMobile Game Social OpenID TechNight #7
  • 5. Platform 3rd-party Developers OpenSource Conference 2011
  • 6. API IntegrationAccess Control for APIs OpenID TechNight #7
  • 7. OpenID TechNight #7
  • 8. Using same password on 10+ services?? OpenID TechNight #7
  • 9. OAuthNo password sharingLimited access lifetime Expire a*er N weeksLimited access scope Status Update : OK Read Inbox : NG OpenID TechNight #7
  • 10. B2B is slow though.. OpenID TechNight #7
  • 11. Rough History OpenID TechNight #7
  • 12. 2007.12 OAuth 1.0 OpenID TechNight #7
  • 13. Twitter API OpenID TechNight #7
  • 14. 2010.04 OAuth 2.0 (dra* 0) OpenID TechNight #7
  • 15. Facebook Graph API OpenID TechNight #7
  • 16. 2010.07 dra* 10 OpenID TechNight #7
  • 17. mixi Graph API OpenID TechNight #7
  • 18. OpenID TechNight #7
  • 19. 2011.09 dra* 22 OpenID TechNight #7
  • 20. OAuth 1.0 OAuth 2.0 OpenSource Conference 2011
  • 21. OAuth 1.0 in Japanese ju.mp/oauth1_jaOAuth 2.0 in Japanese ju.mp/oauth2_ja OpenSource Conference 2011
  • 22. OpenSource Conference 2011
  • 23. Authorization Server AuthorizeClient Access Access Token Resource ServerResource Owner API Client Access OpenID TechNight #7
  • 24. Authorization Server AuthorizeClient Access Access Token Resource ServerResource Owner API Client Access OpenID TechNight #7
  • 25. Authorization Server AuthorizeClient Access Access Token Resource ServerResource Owner API Client Access OpenID TechNight #7
  • 26. Core Spec Authorization Server AuthorizeClient Access Access Token Resource ServerResource Owner API Client Access Token Type Spec OpenID TechNight #7
  • 27. Core Spec Authorization Server Authorize Client Access Access Token Resource ServerResource Owner Client API Access OpenID TechNight #7
  • 28. Core Response Type 2 Response Types in Core Code Token Extensions Code + Token and more.. OpenSource Conference 2011
  • 29. Core response_type = codeResource Owner Client Authorization Server Initiate Require Approval Approve Code Code Access Token OpenID TechNight #7
  • 30. Core response_type = codeResource Owner Client Authorization Server Initiate Require Approval Approve client_id=...& response_type=code&Code redirect_uri=https://...& scope=... Code Access Token OpenSource Conference 2011
  • 31. Core response_type = codeResource Owner Client Authorization Server Initiate Require Approval Approve Code Code Access Token OpenSource Conference 2011
  • 32. Core response_type = codeResource Owner Client Authorization Server Initiate Require Approval Approve Code Code Access Token OpenSource Conference 2011
  • 33. Core response_type = codeResource Owner Client Authorization Server Initiate Require Approvalcode=...& client_id=...& Approve client_secret=...& grant_type=authorization_code& redirect_uri=https://... Code Code Access Token OpenSource Conference 2011
  • 34. Core response_type = codeResource Owner Client Authorization Server Initiate Require Approval Approve Code [NOTE] Facebook API returns access token in x-www-form-urlencoded Code Access Token OpenSource Conference 2011
  • 35. Core response_type = tokenResource Owner Client Authorization Server Initiate Require Approval Approve Access Token OpenID TechNight #7
  • 36. Core response_type = tokenResource Owner Client Authorization Server Initiate Require Approval Approve client_id=...& response_type=token& redirect_uri=https://...& Access Token scope=... OpenID TechNight #7
  • 37. Core response_type = tokenResource Owner Client Authorization Server Initiate Require Approval Approve Access Token OpenID TechNight #7
  • 38. Core Response Type Code Token Secure Efficient 2 HTTP request 1 HTTP request Require Approval Both at once Get Access Token + extensions OpenID TechNight #7
  • 39. Token Type Spec Authorization Server Authorize Client Access Access Token Resource ServerResource Owner Client API Access OpenID TechNight #7
  • 40. Token Token Type Spec Bearer MAC No signature Signature No token secret Token secret Mainstream Similar to OAuth 1.0 + extensions OpenID TechNight #7
  • 41. Token Token Type Spec Bearer MAC No signature Signature No token secret Token secret Mainstream Similar to OAuth 1.0In most cases, you use this. + extensions OpenID TechNight #7
  • 42. Token Bearer Token Access Token Response OpenID TechNight #7
  • 43. Token API Access (Bearer) OpenID TechNight #7
  • 44. BUT OpenSource Conference 2011
  • 45. Not all API providersfollow the latest dra*.. OpenSource Conference 2011
  • 46. NO “token_type”Access Token Response OpenID TechNight #7
  • 47. Different Scheme/Parameter OAuth oauth_token OpenID TechNight #7
  • 48. #MA7 Mashup Caravan & Meetup in Kyoto
  • 49. OpenSource Conference 2011
  • 50. OpenID is dead!?Poor UX? URL as identifier? OpenSource Conference 2011
  • 51. Lack of API access!?You need “stream access”, don’t you? OpenSource Conference 2011
  • 52. OpenID Connect~ OpenID based on OAuth 2.0 ~ OpenSource Conference 2011
  • 53. ref.) slideshare.net/oid;/openidconnect-nat OpenSource Conference 2011
  • 54. Authorization Server AuthorizeClient Access Access Token Resource ServerResource Owner API Client Access OpenID TechNight #7
  • 55. Basic FlowResource Owner Client Authorization Server Initiate Require Approval Approve Access Token OpenID TechNight #7
  • 56. Basic FlowResource Owner Client Authorization Server Initiate Require Approval Approve client_id=...& response_type=token+id_token& redirect_uri=https://...& Access Token scope=openid OpenID TechNight #7
  • 57. Basic FlowResource Owner Client Authorization Server Initiate Require Approval Approve Access Token OpenID TechNight #7
  • 58. OAuth 2.0 + “ID Token” OpenSource Conference 2011
  • 59. connect-rp.heroku.com OpenSource Conference 2011
  • 60. ID TokenRepresent Session InformationJWT-encoded JSON Object Singed using JWS Encrypted using JWE OpenSource Conference 2011
  • 61. OpenSource Conference 2011
  • 62. OpenSource Conference 2011
  • 63. UserInfoOAuth 2.0 Protected Resource REQUIRED “profile” scope OPTIONAL “email” and “address” scopesStandardized JSON Format PoCo (Portable Contacts) + Facebook Graph API OpenSource Conference 2011
  • 64. OpenSource Conference 2011
  • 65. OpenSource Conference 2011
  • 66. OpenSource Conference 2011
  • 67. So, why these matters? OpenSource Conference 2011
  • 68. Social OpenSource Conference 2011
  • 69. Cloud OpenSource Conference 2011
  • 70. Living in the Web OpenSource Conference 2011
  • 71. ApplicationsPeopleStreamsAccess ControlIdentityDiscovery OpenSource Conference 2011
  • 72. OpenID Summit Tokyoin Tokyo, Japan December 1, 2011 OpenSource Conference 2011
  • 73. twitter.com/novslideshare.net/matakegithub.com/novopenid-foundation-japan.github.com OpenSource Conference 2011

×