• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
OAuth Tokens
 

OAuth Tokens

on

  • 361 views

null Bangalore Chapter - March 2014 Meet

null Bangalore Chapter - March 2014 Meet

Statistics

Views

Total Views
361
Views on SlideShare
272
Embed Views
89

Actions

Likes
0
Downloads
7
Comments
0

1 Embed 89

http://null.co.in 89

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    OAuth Tokens OAuth Tokens Presentation Transcript

    • OAuth Tokens By Vindhya N
    • Contents
    • Understanding REST A Web service is a software system designed to support inter- operable, machine-to-machine interaction over a network. In layman terms they are the calls made by the application to a service present on the web to perform the specified actions. Two major web services: 1. REST compliant Web services, in which the primary purpose of the service is to manipulate XML representations of Web resources using a uniform set of stateless operations 2. Arbitrary Web services, in which the service may expose an arbitrary set of operations
    • REST Web Service Rest is a stateless architecture which uses a client- server, cacheable communication protocol HTTP. It is an Application Programming Interface (API) which performs all the functions using HTTP methods.
    • Why OAuth is Required? Consider a 3rd party application, like a gaming app in facebook. To login to the app, you don’t want to give your facebook password. Neither you can access the application directly So in this case, there should be an authorisation process from facebook to authorize the 3rd Party app. The authorisation is done by oAuth
    • Types of authorisation 1. Open ID: De-centralized Single Sign-on for the Web 2. Basic Authentication 3. Session based 4. OAuth
    • What is OAuth? OAuth is a simple and secure delegation protocol to access resources on behalf of a user without requiring them to share passwords. It is an authorization mechanism Provides a single point of authentication for multiple services Helps in integrating an application with an existing authentication service.
    • OAuth Jargons Client -> 3rd Party Application Resource owner -> User (You) Authorisation Server -> Application you have logged in (Facebook, twitter) Resource Server -> Server that has data
    • OAuth Mechanisms 1.Authorisation 2.Implicit Grant 3.Resource owner password credentials 4.Client Credentials Grant
    • Securing OAuth 1. Should be patched for all web application security vulnerabilities 2. Encrypt all OAuth credentials 3. OAuth token should be random 4. Signed with HMAC 5. Short lived 6. Generate verifiable consumer keys
    • References • https://developers.google.com/accounts/docs/OAuth2 • http://docs.oracle.com/cd/E39820_01/doc.11121/gatewa y_docs/content/oauth_flows.html • https://www.greendizer.com/docs/api/oauth/#flow_code • https://www.youtube.com/watch?v=tFYrq3d54Dc
    • Thank You