OAuth 2.0 & OpenID Connect @ OpenSource Conference 2011 Tokyo #osc11tk

OAuth 2.0 &OpenID Connect

@novOpenID Foundation Japan EvangelistOAuth.jpRuby Libraries rack-oauth2 openid_connect fb_graph OpenSource Conference 2011

OpenSource Conference 2011

Current TrendMobile Game Social OpenID TechNight #7

Platform 3rd-party Developers OpenSource Conference 2011

API IntegrationAccess Control for APIs OpenID TechNight #7

OpenID TechNight #7

Using same password on 10+ services?? OpenID TechNight #7

OAuthNo password sharingLimited access lifetime Expire a*er N weeksLimited access scope Status Update : OK Read Inbox : NG OpenID TechNight #7

B2B is slow though.. OpenID TechNight #7

Rough History OpenID TechNight #7

2007.12 OAuth 1.0 OpenID TechNight #7

Twitter API OpenID TechNight #7

2010.04 OAuth 2.0 (dra* 0) OpenID TechNight #7

Facebook Graph API OpenID TechNight #7

2010.07 dra* 10 OpenID TechNight #7

mixi Graph API OpenID TechNight #7

OpenID TechNight #7

2011.09 dra* 22 OpenID TechNight #7

OAuth 1.0 OAuth 2.0 OpenSource Conference 2011

OAuth 1.0 in Japanese ju.mp/oauth1_jaOAuth 2.0 in Japanese ju.mp/oauth2_ja OpenSource Conference 2011

Authorization Server AuthorizeClient Access Access Token Resource ServerResource Owner API Client Access OpenID TechNight #7

Core Spec Authorization Server AuthorizeClient Access Access Token Resource ServerResource Owner API Client Access Token Type Spec OpenID TechNight #7

Core Spec Authorization Server Authorize Client Access Access Token Resource ServerResource Owner Client API Access OpenID TechNight #7

Core Response Type 2 Response Types in Core Code Token Extensions Code + Token and more.. OpenSource Conference 2011

Core response_type = codeResource Owner Client Authorization Server Initiate Require Approval Approve Code Code Access Token OpenID TechNight #7

Core response_type = codeResource Owner Client Authorization Server Initiate Require Approval Approve client_id=...& response_type=code&Code redirect_uri=https://...& scope=... Code Access Token OpenSource Conference 2011

Core response_type = codeResource Owner Client Authorization Server Initiate Require Approval Approve Code Code Access Token OpenSource Conference 2011

Core response_type = codeResource Owner Client Authorization Server Initiate Require Approvalcode=...& client_id=...& Approve client_secret=...& grant_type=authorization_code& redirect_uri=https://... Code Code Access Token OpenSource Conference 2011

Core response_type = codeResource Owner Client Authorization Server Initiate Require Approval Approve Code [NOTE] Facebook API returns access token in x-www-form-urlencoded Code Access Token OpenSource Conference 2011

Core response_type = tokenResource Owner Client Authorization Server Initiate Require Approval Approve Access Token OpenID TechNight #7

Core response_type = tokenResource Owner Client Authorization Server Initiate Require Approval Approve client_id=...& response_type=token& redirect_uri=https://...& Access Token scope=... OpenID TechNight #7

Core response_type = tokenResource Owner Client Authorization Server Initiate Require Approval Approve Access Token OpenID TechNight #7

Core Response Type Code Token Secure Eﬃcient 2 HTTP request 1 HTTP request Require Approval Both at once Get Access Token + extensions OpenID TechNight #7

Token Type Spec Authorization Server Authorize Client Access Access Token Resource ServerResource Owner Client API Access OpenID TechNight #7

Token Token Type Spec Bearer MAC No signature Signature No token secret Token secret Mainstream Similar to OAuth 1.0 + extensions OpenID TechNight #7

Token Token Type Spec Bearer MAC No signature Signature No token secret Token secret Mainstream Similar to OAuth 1.0In most cases, you use this. + extensions OpenID TechNight #7

Token Bearer Token Access Token Response OpenID TechNight #7

Token API Access (Bearer) OpenID TechNight #7

BUT OpenSource Conference 2011

Not all API providersfollow the latest dra*.. OpenSource Conference 2011

NO “token_type”Access Token Response OpenID TechNight #7

Diﬀerent Scheme/Parameter OAuth oauth_token OpenID TechNight #7

#MA7 Mashup Caravan & Meetup in Kyoto

OpenID is dead!?Poor UX? URL as identiﬁer? OpenSource Conference 2011

Lack of API access!?You need “stream access”, don’t you? OpenSource Conference 2011

OpenID Connect~ OpenID based on OAuth 2.0 ~ OpenSource Conference 2011

ref.) slideshare.net/oid;/openidconnect-nat OpenSource Conference 2011

Authorization Server AuthorizeClient Access Access Token Resource ServerResource Owner API Client Access OpenID TechNight #7

Basic FlowResource Owner Client Authorization Server Initiate Require Approval Approve Access Token OpenID TechNight #7

Basic FlowResource Owner Client Authorization Server Initiate Require Approval Approve client_id=...& response_type=token+id_token& redirect_uri=https://...& Access Token scope=openid OpenID TechNight #7

Basic FlowResource Owner Client Authorization Server Initiate Require Approval Approve Access Token OpenID TechNight #7

OAuth 2.0 + “ID Token” OpenSource Conference 2011

connect-rp.heroku.com OpenSource Conference 2011

ID TokenRepresent Session InformationJWT-encoded JSON Object Singed using JWS Encrypted using JWE OpenSource Conference 2011

UserInfoOAuth 2.0 Protected Resource REQUIRED “proﬁle” scope OPTIONAL “email” and “address” scopesStandardized JSON Format PoCo (Portable Contacts) + Facebook Graph API OpenSource Conference 2011

So, why these matters? OpenSource Conference 2011

Social OpenSource Conference 2011

Cloud OpenSource Conference 2011

Living in the Web OpenSource Conference 2011

ApplicationsPeopleStreamsAccess ControlIdentityDiscovery OpenSource Conference 2011

OpenID Summit Tokyoin Tokyo, Japan December 1, 2011 OpenSource Conference 2011

twitter.com/novslideshare.net/matakegithub.com/novopenid-foundation-japan.github.com OpenSource Conference 2011

http://outputlog.blogspot.com	97
http://outputlog.blogspot.jp	37
http://coderwall.com	19
http://a0.twimg.com	4
http://webcache.googleusercontent.com	2

OAuth 2.0 & OpenID Connect @ OpenSource Conference 2011 Tokyo #osc11tk

by Nov Matake on Nov 18, 2011

Accessibility

Categories

Tags

Upload Details

Usage Rights

5 Embeds 159

Statistics

OAuth 2.0 & OpenID Connect @ OpenSource Conference 2011 Tokyo #osc11tk — Presentation Transcript