Web 2.0: The How Of OAuth

The How of OAuth OAuth Hackathon – 4/26 @ Six Apart http://icanhaz.com/oauth

The How of OAuth or: How I learned to stop worrying and fall in love with Factory Joe

OAuth’s Goal
Website X can access your protected data at API Y
All without sharing your password off-site
especially when there isn’t one like with OpenID

OAuth gives you:
Signed HTTP Requests
Safe, Password-less Token Exchange

The Three Actors
User – My Buddy ( not me)
Service Provider – Chuck E. Cheese
Consumer – 10 yr old kids

The Three Tokens
Access Tokens – Chuck E. Cheese Tickets
Request Tokens – Chuck E. Cheese Tokens
Consumer Keys

The Three URLS
Request Token Issuer
Authorization Page
Access Token Exchanger

Building a Consumer

Get a consumer key and secret

Simple enough, eh?

Get a Request Token

Authorize the Request Token

Exchange for an Access Token

Making Authenticated Calls

Building a Service Provider

Data to store
Consumers:
key, secret, callback_url
Request Token:
token, secret, consumer , authorizing_user
Access Token:
token, secret, consumer, user

Registering Consumers

Issuing Request Tokens
Verify using only the consumer credential

Issuing Request Tokens
Issue the request token

Authorizing Request Tokens
Ask the user to accept the authorization

Authorizing Request Tokens
Connecting the logged in user
go back to consumer

Validate using Request Token and Consumer

Issue the Access Token
Destroy the Request Token

Protecting Resources
Validate Access Token

OAuth Hackathon – 4/26 @ Six Apart http://icanhaz.com/oauth

Thanks!

http://blog.getsatisfaction.com	37
http://www.slideshare.net	12
http://www.informationweek.com	4
http://inet.cmpnet.com	2
http://feeds.feedburner.com	1

Web 2.0: The How Of OAuth

by nullstyle on Apr 25, 2008

Accessibility

Categories

Tags

Upload Details

Usage Rights

5 Embeds 56

Statistics

Web 2.0: The How Of OAuth — Presentation Transcript