Your SlideShare is downloading. ×
OAuth Tokens
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

OAuth Tokens

431

Published on

null Bangalore Chapter - March 2014 Meet

null Bangalore Chapter - March 2014 Meet

Published in: Education
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
431
On Slideshare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
9
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. OAuth Tokens By Vindhya N
  • 2. Contents
  • 3. Understanding REST A Web service is a software system designed to support inter- operable, machine-to-machine interaction over a network. In layman terms they are the calls made by the application to a service present on the web to perform the specified actions. Two major web services: 1. REST compliant Web services, in which the primary purpose of the service is to manipulate XML representations of Web resources using a uniform set of stateless operations 2. Arbitrary Web services, in which the service may expose an arbitrary set of operations
  • 4. REST Web Service Rest is a stateless architecture which uses a client- server, cacheable communication protocol HTTP. It is an Application Programming Interface (API) which performs all the functions using HTTP methods.
  • 5. Why OAuth is Required? Consider a 3rd party application, like a gaming app in facebook. To login to the app, you don’t want to give your facebook password. Neither you can access the application directly So in this case, there should be an authorisation process from facebook to authorize the 3rd Party app. The authorisation is done by oAuth
  • 6. Types of authorisation 1. Open ID: De-centralized Single Sign-on for the Web 2. Basic Authentication 3. Session based 4. OAuth
  • 7. What is OAuth? OAuth is a simple and secure delegation protocol to access resources on behalf of a user without requiring them to share passwords. It is an authorization mechanism Provides a single point of authentication for multiple services Helps in integrating an application with an existing authentication service.
  • 8. OAuth Jargons Client -> 3rd Party Application Resource owner -> User (You) Authorisation Server -> Application you have logged in (Facebook, twitter) Resource Server -> Server that has data
  • 9. OAuth Mechanisms 1.Authorisation 2.Implicit Grant 3.Resource owner password credentials 4.Client Credentials Grant
  • 10. Securing OAuth 1. Should be patched for all web application security vulnerabilities 2. Encrypt all OAuth credentials 3. OAuth token should be random 4. Signed with HMAC 5. Short lived 6. Generate verifiable consumer keys
  • 11. References • https://developers.google.com/accounts/docs/OAuth2 • http://docs.oracle.com/cd/E39820_01/doc.11121/gatewa y_docs/content/oauth_flows.html • https://www.greendizer.com/docs/api/oauth/#flow_code • https://www.youtube.com/watch?v=tFYrq3d54Dc
  • 12. Thank You

×