OAuth
Tokens
By
Vindhya N
Contents
Understanding REST
A Web service is a software system designed to support inter-
operable, machine-to-machine interaction ...
REST Web Service
Rest is a stateless architecture which uses a client-
server, cacheable communication protocol HTTP. It
i...
Why OAuth is Required?
Consider a 3rd party application, like a gaming app in facebook.
To login to the app, you don’t wan...
Types of authorisation
1. Open ID:
De-centralized Single Sign-on for the Web
2. Basic Authentication
3. Session based
4. O...
What is OAuth?
OAuth is a simple and secure delegation protocol to
access resources on behalf of a user without requiring
...
OAuth Jargons
Client -> 3rd Party Application
Resource owner -> User (You)
Authorisation Server -> Application you have
lo...
OAuth Mechanisms
1.Authorisation
2.Implicit Grant
3.Resource owner password
credentials
4.Client Credentials Grant
Securing OAuth
1. Should be patched for all web application
security vulnerabilities
2. Encrypt all OAuth credentials
3. O...
References
• https://developers.google.com/accounts/docs/OAuth2
• http://docs.oracle.com/cd/E39820_01/doc.11121/gatewa
y_d...
Thank You
Upcoming SlideShare
Loading in...5
×

OAuth Tokens

479

Published on

null Bangalore Chapter - March 2014 Meet

Published in: Education
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
479
On Slideshare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
10
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Transcript of "OAuth Tokens"

  1. 1. OAuth Tokens By Vindhya N
  2. 2. Contents
  3. 3. Understanding REST A Web service is a software system designed to support inter- operable, machine-to-machine interaction over a network. In layman terms they are the calls made by the application to a service present on the web to perform the specified actions. Two major web services: 1. REST compliant Web services, in which the primary purpose of the service is to manipulate XML representations of Web resources using a uniform set of stateless operations 2. Arbitrary Web services, in which the service may expose an arbitrary set of operations
  4. 4. REST Web Service Rest is a stateless architecture which uses a client- server, cacheable communication protocol HTTP. It is an Application Programming Interface (API) which performs all the functions using HTTP methods.
  5. 5. Why OAuth is Required? Consider a 3rd party application, like a gaming app in facebook. To login to the app, you don’t want to give your facebook password. Neither you can access the application directly So in this case, there should be an authorisation process from facebook to authorize the 3rd Party app. The authorisation is done by oAuth
  6. 6. Types of authorisation 1. Open ID: De-centralized Single Sign-on for the Web 2. Basic Authentication 3. Session based 4. OAuth
  7. 7. What is OAuth? OAuth is a simple and secure delegation protocol to access resources on behalf of a user without requiring them to share passwords. It is an authorization mechanism Provides a single point of authentication for multiple services Helps in integrating an application with an existing authentication service.
  8. 8. OAuth Jargons Client -> 3rd Party Application Resource owner -> User (You) Authorisation Server -> Application you have logged in (Facebook, twitter) Resource Server -> Server that has data
  9. 9. OAuth Mechanisms 1.Authorisation 2.Implicit Grant 3.Resource owner password credentials 4.Client Credentials Grant
  10. 10. Securing OAuth 1. Should be patched for all web application security vulnerabilities 2. Encrypt all OAuth credentials 3. OAuth token should be random 4. Signed with HMAC 5. Short lived 6. Generate verifiable consumer keys
  11. 11. References • https://developers.google.com/accounts/docs/OAuth2 • http://docs.oracle.com/cd/E39820_01/doc.11121/gatewa y_docs/content/oauth_flows.html • https://www.greendizer.com/docs/api/oauth/#flow_code • https://www.youtube.com/watch?v=tFYrq3d54Dc
  12. 12. Thank You
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×