Your SlideShare is downloading. ×
O auth无痛入门指南
O auth无痛入门指南
O auth无痛入门指南
O auth无痛入门指南
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

O auth无痛入门指南

2,540

Published on

0 Comments
2 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
2,540
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
29
Comments
0
Likes
2
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. 51-21-9002 南 指 门 入 痛 无htuAo est's blog Mobilis in Mobili 04 oAuth Web, programming #1 yeeyan , #2 rollingcode.org oAuth http://oauth.net/core/1.0/ oAuth oAuth oAuth 3 1. 2. / A 3. B oAuth senario A B B A Flickr xiaonei.com SNS Hotmail 1. Ctrl+C, Ctrl+V 2. —— 3. ID —— oAuth B URL A A B Yes/No Yes A B / 3 1. 2 B A Obtaining an Unauthorized Request Token “ ” A 2. A / Obtaining User Authorization 3. B B / A Obtaining an Access Token “ (Access Token)” “ ” B A A oauth_token oauth_token oauth_token_secret other_parameters oauth_token oauth_token oAuth 108336/sevihcra/nc.2oy.evitaitini 4/1
  • 2. 51-21-9002 南 指 门 入 痛 无htuAo Technically 2 oAuth Consumer Request Parameters oAuth 1.0 5.2 oAuth 3 1. HTTP GET URL ? iframe img XSS 2. HTTP POST Content-Type 3. HTTP OAuth HTTP Authorization Scheme “ ” Signature “ ” oAuth 3 HMAC-SHA1, RSA-SHA1 PLAINTEXT oAuth 1. HTTP GET, POST HEAD 2. HTTP URL 3. oAuth 3 & hmac RSA oAuth “ ” PLAINTEXT oAuth secret key oAuth B B A douban Douban API Key Douban API Key Douban API Key oAuth “ ” “ ” B A SHA1, RSA-SHA1 PLAINTEXT oAuth timestamp google library oAuth 108336/sevihcra/nc.2oy.evitaitini 4/2
  • 3. 51-21-9002 南 指 门 入 痛 无htuAo oAuth Web “ (authorization)” oAuth Web widget javascript webapps oAuth est cookiejar + Flash LSO oAuth oAuth / / API Digg, Jaiku, Flickr, Ma.gnolia, Plaxo, Pownce, Twitter, Google, Yahoo, and others soon to follow oAuth 1.0 email B Douban oAuth oAuth A X Y Z 9 Responses to “oAuth ” 1. Pan Says: 11th, 2009 at 14:58 Reply 2. Says: 20th, 2009 at 19:35 Reply 3. Says: 20th, 2009 at 19:37 Reply 4. 3D Says: 20th, 2009 at 19:37 Reply 5. sunny Says: 12th, 2009 at 11:39 Reply 6. kkppccdd Says: 14th, 2009 at 13:32 Reply 7. rocyhua Says: 3rd, 2009 at 15:05 108336/sevihcra/nc.2oy.evitaitini 4/3
  • 4. 51-21-9002 南 指 门 入 痛 无htuAo Reply 8. liuxingyuyuni Says: 9th, 2009 at 13:30 Reply 9. Symphony Says: 29th, 2009 at 14:28 Reply 108336/sevihcra/nc.2oy.evitaitini 4/4

×