Submit Search
Upload
The Present Future of OAuth
•
22 likes
•
16,563 views
Michael Bleigh
Follow
An exploration into the past, present and future of the OAuth protocol.
Read less
Read more
Technology
Design
Report
Share
Report
Share
1 of 76
Download now
Download to read offline
Recommended
Elixir experiments presentation
Elixir experiments presentation
Przemyslaw Krowinski
A Step By Step Guide On Setting Up Free Wordpress Blog For Newbies Part 1
A Step By Step Guide On Setting Up Free Wordpress Blog For Newbies Part 1
Nezel Yurong
Better than google.
Better than google.
Arica Santos
Your Site vs. The World
Your Site vs. The World
Jason Cosper
BETTER THAN GOOGLE
BETTER THAN GOOGLE
LeonardoAguiar52
Better than google.
Better than google.
videosdoserto
Better than google
Better than google
clevanisilva
Better than google. (1)
Better than google. (1)
WallaceHallandaCosta
Recommended
Elixir experiments presentation
Elixir experiments presentation
Przemyslaw Krowinski
A Step By Step Guide On Setting Up Free Wordpress Blog For Newbies Part 1
A Step By Step Guide On Setting Up Free Wordpress Blog For Newbies Part 1
Nezel Yurong
Better than google.
Better than google.
Arica Santos
Your Site vs. The World
Your Site vs. The World
Jason Cosper
BETTER THAN GOOGLE
BETTER THAN GOOGLE
LeonardoAguiar52
Better than google.
Better than google.
videosdoserto
Better than google
Better than google
clevanisilva
Better than google. (1)
Better than google. (1)
WallaceHallandaCosta
Better than Google.
Better than Google.
Laise3
Better than google
Better than google
vitalhst
BETTER THAN GOOGLE.
BETTER THAN GOOGLE.
MarceloAlmeida578994
Codemotion Progressive Web Applications Pwa Webinar - Jorge Ferreiro - @jgfer...
Codemotion Progressive Web Applications Pwa Webinar - Jorge Ferreiro - @jgfer...
Jorge Ferreiro
Riann salandanan howtouse_canva
Riann salandanan howtouse_canva
Riann Salandanan
That's crazy! how to build single page web apps
That's crazy! how to build single page web apps
Chris Love
Webhooks - Creating a Programmable Internet
Webhooks - Creating a Programmable Internet
ryan teixeira
Riann salandanan howtouse_ifttt
Riann salandanan howtouse_ifttt
Riann Salandanan
Riann salandanan howtouse_dropbox
Riann salandanan howtouse_dropbox
Riann Salandanan
RabbitMQ 101 : How to cook the rabbit? - phptour 2016
RabbitMQ 101 : How to cook the rabbit? - phptour 2016
Quentin Adam
It automation & devops - devopsdays istambul 2016
It automation & devops - devopsdays istambul 2016
Quentin Adam
PHP deployment, 2016 flavor - cakefest 2016
PHP deployment, 2016 flavor - cakefest 2016
Quentin Adam
Riann salandanan howtouse_evernote -
Riann salandanan howtouse_evernote -
Riann Salandanan
HTML (or how the web got started)
HTML (or how the web got started)
Jean-Georges Perrin
Api pain points
Api pain points
Phil Sturgeon
Autopilot
Autopilot
coseng zuiken
Autopilotnew money money $$
Autopilotnew money money $$
KamilBejm1
Riann salandanan howtouse_asana
Riann salandanan howtouse_asana
Riann Salandanan
Make mobile web apps rock
Make mobile web apps rock
Chris Love
Pressbooks: WordCamp Minneapolis 2013
Pressbooks: WordCamp Minneapolis 2013
Nick Ciske
OAuth - Open API Authentication
OAuth - Open API Authentication
leahculver
Java security in the real world (Ryan Sciampacone)
Java security in the real world (Ryan Sciampacone)
Chris Bailey
More Related Content
What's hot
Better than Google.
Better than Google.
Laise3
Better than google
Better than google
vitalhst
BETTER THAN GOOGLE.
BETTER THAN GOOGLE.
MarceloAlmeida578994
Codemotion Progressive Web Applications Pwa Webinar - Jorge Ferreiro - @jgfer...
Codemotion Progressive Web Applications Pwa Webinar - Jorge Ferreiro - @jgfer...
Jorge Ferreiro
Riann salandanan howtouse_canva
Riann salandanan howtouse_canva
Riann Salandanan
That's crazy! how to build single page web apps
That's crazy! how to build single page web apps
Chris Love
Webhooks - Creating a Programmable Internet
Webhooks - Creating a Programmable Internet
ryan teixeira
Riann salandanan howtouse_ifttt
Riann salandanan howtouse_ifttt
Riann Salandanan
Riann salandanan howtouse_dropbox
Riann salandanan howtouse_dropbox
Riann Salandanan
RabbitMQ 101 : How to cook the rabbit? - phptour 2016
RabbitMQ 101 : How to cook the rabbit? - phptour 2016
Quentin Adam
It automation & devops - devopsdays istambul 2016
It automation & devops - devopsdays istambul 2016
Quentin Adam
PHP deployment, 2016 flavor - cakefest 2016
PHP deployment, 2016 flavor - cakefest 2016
Quentin Adam
Riann salandanan howtouse_evernote -
Riann salandanan howtouse_evernote -
Riann Salandanan
HTML (or how the web got started)
HTML (or how the web got started)
Jean-Georges Perrin
Api pain points
Api pain points
Phil Sturgeon
Autopilot
Autopilot
coseng zuiken
Autopilotnew money money $$
Autopilotnew money money $$
KamilBejm1
Riann salandanan howtouse_asana
Riann salandanan howtouse_asana
Riann Salandanan
Make mobile web apps rock
Make mobile web apps rock
Chris Love
Pressbooks: WordCamp Minneapolis 2013
Pressbooks: WordCamp Minneapolis 2013
Nick Ciske
What's hot
(20)
Better than Google.
Better than Google.
Better than google
Better than google
BETTER THAN GOOGLE.
BETTER THAN GOOGLE.
Codemotion Progressive Web Applications Pwa Webinar - Jorge Ferreiro - @jgfer...
Codemotion Progressive Web Applications Pwa Webinar - Jorge Ferreiro - @jgfer...
Riann salandanan howtouse_canva
Riann salandanan howtouse_canva
That's crazy! how to build single page web apps
That's crazy! how to build single page web apps
Webhooks - Creating a Programmable Internet
Webhooks - Creating a Programmable Internet
Riann salandanan howtouse_ifttt
Riann salandanan howtouse_ifttt
Riann salandanan howtouse_dropbox
Riann salandanan howtouse_dropbox
RabbitMQ 101 : How to cook the rabbit? - phptour 2016
RabbitMQ 101 : How to cook the rabbit? - phptour 2016
It automation & devops - devopsdays istambul 2016
It automation & devops - devopsdays istambul 2016
PHP deployment, 2016 flavor - cakefest 2016
PHP deployment, 2016 flavor - cakefest 2016
Riann salandanan howtouse_evernote -
Riann salandanan howtouse_evernote -
HTML (or how the web got started)
HTML (or how the web got started)
Api pain points
Api pain points
Autopilot
Autopilot
Autopilotnew money money $$
Autopilotnew money money $$
Riann salandanan howtouse_asana
Riann salandanan howtouse_asana
Make mobile web apps rock
Make mobile web apps rock
Pressbooks: WordCamp Minneapolis 2013
Pressbooks: WordCamp Minneapolis 2013
Viewers also liked
OAuth - Open API Authentication
OAuth - Open API Authentication
leahculver
Java security in the real world (Ryan Sciampacone)
Java security in the real world (Ryan Sciampacone)
Chris Bailey
Java Security Manager Reloaded - Devoxx 2014
Java Security Manager Reloaded - Devoxx 2014
Josef Cacek
Rest with Java EE 6 , Security , Backbone.js
Rest with Java EE 6 , Security , Backbone.js
Carol McDonald
Security Architecture of the Java Platform (BG OUG, Plovdiv, 13.06.2015)
Security Architecture of the Java Platform (BG OUG, Plovdiv, 13.06.2015)
Martin Toshev
Spring Security
Spring Security
Boy Tech
Spring Security 3
Spring Security 3
Jason Ferguson
Security via Java
Security via Java
Bahaa Zaid
Spring Security
Spring Security
Manish Sharma
NEPHP '12: Create a RESTful API
NEPHP '12: Create a RESTful API
Andrew Curioso
OAuth In The Real World : 10 actual implementations you can't guess
OAuth In The Real World : 10 actual implementations you can't guess
Mehdi Medjaoui
MongoDB - The database strikes back
MongoDB - The database strikes back
Steven Cooper
Deep dive into Java security architecture
Deep dive into Java security architecture
Prabath Siriwardena
Tomboy Web Sync Explained
Tomboy Web Sync Explained
Mohan Krishnan
Angular meteor for angular devs
Angular meteor for angular devs
Arc & Codementor
IBM Social Business Toolkit
IBM Social Business Toolkit
Van Staub, MBA
IBM Digital Experience Theme Customization
IBM Digital Experience Theme Customization
Van Staub, MBA
OAuth for your API - The Big Picture
OAuth for your API - The Big Picture
Apigee | Google Cloud
VMUG - Using PowerShell to call RESTful APIs
VMUG - Using PowerShell to call RESTful APIs
Chris Wahl
The never-ending REST API design debate -- Devoxx France 2016
The never-ending REST API design debate -- Devoxx France 2016
Restlet
Viewers also liked
(20)
OAuth - Open API Authentication
OAuth - Open API Authentication
Java security in the real world (Ryan Sciampacone)
Java security in the real world (Ryan Sciampacone)
Java Security Manager Reloaded - Devoxx 2014
Java Security Manager Reloaded - Devoxx 2014
Rest with Java EE 6 , Security , Backbone.js
Rest with Java EE 6 , Security , Backbone.js
Security Architecture of the Java Platform (BG OUG, Plovdiv, 13.06.2015)
Security Architecture of the Java Platform (BG OUG, Plovdiv, 13.06.2015)
Spring Security
Spring Security
Spring Security 3
Spring Security 3
Security via Java
Security via Java
Spring Security
Spring Security
NEPHP '12: Create a RESTful API
NEPHP '12: Create a RESTful API
OAuth In The Real World : 10 actual implementations you can't guess
OAuth In The Real World : 10 actual implementations you can't guess
MongoDB - The database strikes back
MongoDB - The database strikes back
Deep dive into Java security architecture
Deep dive into Java security architecture
Tomboy Web Sync Explained
Tomboy Web Sync Explained
Angular meteor for angular devs
Angular meteor for angular devs
IBM Social Business Toolkit
IBM Social Business Toolkit
IBM Digital Experience Theme Customization
IBM Digital Experience Theme Customization
OAuth for your API - The Big Picture
OAuth for your API - The Big Picture
VMUG - Using PowerShell to call RESTful APIs
VMUG - Using PowerShell to call RESTful APIs
The never-ending REST API design debate -- Devoxx France 2016
The never-ending REST API design debate -- Devoxx France 2016
Similar to The Present Future of OAuth
Autoscaling, Chef and New Relic
Autoscaling, Chef and New Relic
Fernando Honig
Socket applications
Socket applications
João Moura
Behavior Driven Development and Automation Testing Using Cucumber
Behavior Driven Development and Automation Testing Using Cucumber
KMS Technology
So you want to build a facebook App ?
So you want to build a facebook App ?
Nguyễn Duy Nhân
Responsive Design for Digital VU Month 2011
Responsive Design for Digital VU Month 2011
Ryan Huber
Optimizing for Change (Henrik Joreteg)
Optimizing for Change (Henrik Joreteg)
Future Insights
DPC 2007 My First Mashup (Cal Evans)
DPC 2007 My First Mashup (Cal Evans)
dpc
The dark side of the app - Todi Appy Days 2015
The dark side of the app - Todi Appy Days 2015
Todi Appy Days
The dark side of the app
The dark side of the app
Simone Di Maulo
Fronteers Workshop: Rabid Prototyping
Fronteers Workshop: Rabid Prototyping
Stephen Hay
Control USB Device from Rails App. by using WebSocket
Control USB Device from Rails App. by using WebSocket
Katsuyuki Koga
How to build Client Side Applications with WordPress and WP-API | #wcmia
How to build Client Side Applications with WordPress and WP-API | #wcmia
Roy Sivan
Learn how to use API with 2 API examples.pdf
Learn how to use API with 2 API examples.pdf
Be Problem Solver
Rails Presentation (Anton Dmitriyev)
Rails Presentation (Anton Dmitriyev)
True-Vision
Bring Your Web App to the Next Level. Wprowadzenie do Progressive Web App
Bring Your Web App to the Next Level. Wprowadzenie do Progressive Web App
The Software House
AppForum 2014 Boost Hybrid App Performance
AppForum 2014 Boost Hybrid App Performance
robgalvinjr
Mesos at OpenTable
Mesos at OpenTable
samsalisbury
Droidcon Paris: The new Android SDK
Droidcon Paris: The new Android SDK
PayPal
Web project details
Web project details
Subrat Dash
The Future of the Web - Cold Front conference 2016
The Future of the Web - Cold Front conference 2016
Robert Nyman
Similar to The Present Future of OAuth
(20)
Autoscaling, Chef and New Relic
Autoscaling, Chef and New Relic
Socket applications
Socket applications
Behavior Driven Development and Automation Testing Using Cucumber
Behavior Driven Development and Automation Testing Using Cucumber
So you want to build a facebook App ?
So you want to build a facebook App ?
Responsive Design for Digital VU Month 2011
Responsive Design for Digital VU Month 2011
Optimizing for Change (Henrik Joreteg)
Optimizing for Change (Henrik Joreteg)
DPC 2007 My First Mashup (Cal Evans)
DPC 2007 My First Mashup (Cal Evans)
The dark side of the app - Todi Appy Days 2015
The dark side of the app - Todi Appy Days 2015
The dark side of the app
The dark side of the app
Fronteers Workshop: Rabid Prototyping
Fronteers Workshop: Rabid Prototyping
Control USB Device from Rails App. by using WebSocket
Control USB Device from Rails App. by using WebSocket
How to build Client Side Applications with WordPress and WP-API | #wcmia
How to build Client Side Applications with WordPress and WP-API | #wcmia
Learn how to use API with 2 API examples.pdf
Learn how to use API with 2 API examples.pdf
Rails Presentation (Anton Dmitriyev)
Rails Presentation (Anton Dmitriyev)
Bring Your Web App to the Next Level. Wprowadzenie do Progressive Web App
Bring Your Web App to the Next Level. Wprowadzenie do Progressive Web App
AppForum 2014 Boost Hybrid App Performance
AppForum 2014 Boost Hybrid App Performance
Mesos at OpenTable
Mesos at OpenTable
Droidcon Paris: The new Android SDK
Droidcon Paris: The new Android SDK
Web project details
Web project details
The Future of the Web - Cold Front conference 2016
The Future of the Web - Cold Front conference 2016
More from Michael Bleigh
OmniAuth: From the Ground Up (RailsConf 2011)
OmniAuth: From the Ground Up (RailsConf 2011)
Michael Bleigh
OmniAuth: From the Ground Up
OmniAuth: From the Ground Up
Michael Bleigh
The Grapes of Rapid (RubyConf 2010)
The Grapes of Rapid (RubyConf 2010)
Michael Bleigh
Upgrading to Rails 3
Upgrading to Rails 3
Michael Bleigh
Deciphering the Interoperable Web
Deciphering the Interoperable Web
Michael Bleigh
Node.js and Ruby
Node.js and Ruby
Michael Bleigh
Persistence Smoothie: Blending SQL and NoSQL (RubyNation Edition)
Persistence Smoothie: Blending SQL and NoSQL (RubyNation Edition)
Michael Bleigh
Persistence Smoothie
Persistence Smoothie
Michael Bleigh
Twitter on Rails
Twitter on Rails
Michael Bleigh
Hacking the Mid-End (Great Lakes Ruby Bash Edition)
Hacking the Mid-End (Great Lakes Ruby Bash Edition)
Michael Bleigh
More from Michael Bleigh
(10)
OmniAuth: From the Ground Up (RailsConf 2011)
OmniAuth: From the Ground Up (RailsConf 2011)
OmniAuth: From the Ground Up
OmniAuth: From the Ground Up
The Grapes of Rapid (RubyConf 2010)
The Grapes of Rapid (RubyConf 2010)
Upgrading to Rails 3
Upgrading to Rails 3
Deciphering the Interoperable Web
Deciphering the Interoperable Web
Node.js and Ruby
Node.js and Ruby
Persistence Smoothie: Blending SQL and NoSQL (RubyNation Edition)
Persistence Smoothie: Blending SQL and NoSQL (RubyNation Edition)
Persistence Smoothie
Persistence Smoothie
Twitter on Rails
Twitter on Rails
Hacking the Mid-End (Great Lakes Ruby Bash Edition)
Hacking the Mid-End (Great Lakes Ruby Bash Edition)
Recently uploaded
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Mark Simos
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
Manik S Magar
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine Tuning
Lars Bell
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
NavinnSomaal
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
Lonnie McRorey
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
null - The Open Security Community
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
Dubai Multi Commodity Centre
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
Sergiu Bodiu
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
BookNet Canada
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
Stephanie Beckett
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
Fwdays
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
comworks
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
LoriGlavin3
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
Alfredo García Lavilla
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
Hervé Boutemy
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
Commit University
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
Miki Katsuragi
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Precisely
How to write a Business Continuity Plan
How to write a Business Continuity Plan
Databarracks
Recently uploaded
(20)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine Tuning
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
How to write a Business Continuity Plan
How to write a Business Continuity Plan
The Present Future of OAuth
1.
OAUTH
2.
MICHAEL BLEIGH PRESENTS THE
PRESENT FUTURE OF OAUTH with drawings
3.
PROLOGUE
4.
MY NAME IS MICHAEL BLEIGH
5.
I W O
R K AT INTRIDEA
6.
ON TWITTER @MBLEIGH
7.
“HEY, WOULD ANYONE
BE INTERESTED IN GIVING A TALK ABOUT OAUTH AT RAILSCONF?”
8.
“NO WAY, I
MIGHT FALL ASLEEP WHILE SPEAKING”
9.
“HMM...I’D BETTER ADD SOME
DRAWINGS.”
10.
T H I
S TA L K IS ABOUT OPEN WEB STANDARDS
11.
ACT I IN WHICH
THE PROBLEM IS DESCRIBED
12.
IN THE BEGINNING, THERE WERE
WEB APPS
13.
WEB APP
14.
WEB APP
15.
WEB
WEB APP A APP B
16.
“HEY, MY USERS
WANT TO ACCESS YOUR STUFF.” WEB WEB APP A APP B
17.
WEB
WEB APP A APP B + API
18.
HTTP BASIC
19.
r d@ ...
swo r :p as p: //use h tt Autho dXNlc rizatio jpwYX n: Bas Nzd29 ic yZA==
20.
OK, HERE’S THE
KEYS. WEB WEB APP A APP B + API
21.
WEB
WEB APP A APP B + API
22.
WEB
WEB APP A APP B + API
23.
FUBAR FAILED USER BAR
FOR AUTHORIZATION ROBUSTNESS *COUGH*
24.
THIS IS A PROBLEM
25.
ACT 2 IN WHICH
A N E W W AY IS CREATED
26.
CHRIS MESSINA
BLAINE COOK LARRY HALFF DAVID RECORDON
27.
“HEY, WOULDN’T IT
BE G R E AT T O H AV E A N OPEN AUTHORIZATION STANDARD”
28.
“TOTALLY, LET’S MAKE ONE
AND CALL IT OAUTH.”
29.
FOOTAGE MISSING
30.
WEB
WEB APP A APP B
31.
WEB
WEB APP A APP B
32.
“HEY, MY USER
WANTS TO ACCESS YOUR STUFF.” WEB WEB APP A APP B
33.
WEB
WEB APP A APP B
34.
WEB
WEB APP A APP B
35.
“WHAT’S YOUR
PASSWORD?” “PASSWORD” WEB WEB APP A APP B
36.
37.
WEB
WEB APP A APP B
38.
WEB
WEB APP A APP B
39.
ADVAN TAGES
40.
1. SECURE
41.
2. RESTRICTABLE
“DELETE ALL USER DATA” “UMMM....NO” WEB WEB APP A APP B
42.
3. REVOCABLE
K * O IN * Y WEB APP B
43.
3. STANDARD WEB
WEB WEB APP A APP C APP D WEB WEB APP E APP F
44.
NOT QUITE PERFECT
45.
1. COMPLICATED
“OK, SO IT’S FIST BUMP, DOUBLE-HIGH FIVE...” WEB WEB APP A “NO NO, FIRST APP B YOU REVERSE LOW FIVE...”
46.
2. BROWSER- DEPENDENT ?
47.
2. BROWSER- DEPENDENT
48.
WE CAN DO BETTER
49.
ACT 3 IN WHICH
WE LEARN FROM OUR MISTAKES
50.
51.
52.
OAUTH 2.0
53.
IMPROVE MENTS
54.
1. SIMPLER WEB APP
A < SSL > WEB APP B
55.
2. FLOWS
56.
WEB SERVER WEB
WEB APP A APP B
57.
USER-AGENT WEB APP A
58.
DEVICE WEB APP A
SET-TOPPER
59.
PASSWORD WEB APP A
60.
PASSWORD WEB APP A
61.
PASSWORD WEB APP A
62.
PASSWORD WEB APP A
63.
PASSWORD WEB APP A
64.
CLIENT CREDENTIALS WEB
WEB APP A APP B
65.
ASSERTION
CERTIFICATE OF AUTHENTICITY WEB WEB APP A APP B
66.
FLEX- IBILITY
67.
ACT 4 IN WHICH
WE GET DOWN TO BUSINESS
68.
WHO’S DOING IT
RIGHT NOW?
69.
WHO WILL BE DOING
IT SOON?
70.
WHO WILL BE DOING
IT SOON? YOU
71.
CONSUMING OAU T H
2 . 0
72.
# in Gemfile gem
'oauth2' $ rails g controller oauth # in routes.rb resource :oauth, :controller => 'oauth' do get :start get :callback end
73.
class OauthController <
ApplicationController def start redirect_to client.web_server.authorize_url( :redirect_uri => callback_oauth_url(:format => 'json'), :scope => 'user' ) end def callback access_token = client.web_server.get_access_token( params[:code], :redirect_uri => callback_oauth_url(:format => 'json') ) # you should store the access token info now. render :json => access_token.get('/api/v2/json/user/show') end protected def client @client ||= OAuth2::Client.new( '296e901b0e6ab74db167', '625fe65c7f74ee4a015d121efb011a45776d510d', :site => 'https://github.com', :authorize_path => '/login/oauth/authorize', :access_token_path => '/login/oauth/access_token' ) end end
74.
PROVIDING OAUTH 2.0
75.
READ THE SPEC http://bit.ly/oauth2-spec
76.
NO SERIOUSLY, READ THE SPEC http://bit.ly/oauth2-spec
Download now