• Save
Summary of OAuth 2.0 draft 8 memo
Upcoming SlideShare
Loading in...5
×

Like this? Share it with your network

Share

Summary of OAuth 2.0 draft 8 memo

  • 1,555 views
Uploaded on

OAuth 2.0 draft 8時点のSpec+αを並べただけの自分用メモです。

OAuth 2.0 draft 8時点のSpec+αを並べただけの自分用メモです。

More in: Technology
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
No Downloads

Views

Total Views
1,555
On Slideshare
1,555
From Embeds
0
Number of Embeds
0

Actions

Shares
Downloads
0
Comments
0
Likes
1

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. Summary of OAuth 2.0 memo (based draft 8 Spec) 2010/06/20 =ritou 1
  • 2. Warning! ‫ ﻪ‬This document is summary of OAuth 2.0 spec at Draft 8. 2
  • 3. Overview ‫ ﻪ‬Client Type and Profile ‫ ﻪ‬Endpoint ‫ ﻪ‬Resource Access 3
  • 4. Client Type and Profile ‫ 4 ﻪ‬Client types ‫ﻩ‬ Web Servers ‫ﻩ‬ User-Agents ‫ﻩ‬ Native Applications ‫ﻩ‬ Autonomous Clients 4
  • 5. Web Server Profile ‫ ﻪ‬Client Credential ‫ ﻩ‬Client ID User-Agent AuthZ Server ‫ ﻩ‬Client Secret ‫ ﻪ‬Facebook ‫ ﻪ‬Diff with OAuth 1.0a ‫ ﻩ‬No Request Token Web Client Protected Resource Characters 5
  • 6. 6
  • 7. User-Agent Profile ‫ ﻪ‬Client on User-Agent ‫ ﻩ‬Twitter : @anywhere User-Agent AuthZ Server ‫ ﻩ‬Facebook : JavaScript- Based Authentication ‫ ﻪ‬Client Credential ‫ ﻩ‬Client ID Client in Protected Browser Resource ‫ ﻪ‬Access Token as URI Fragment Identifier Characters 7
  • 8. 8
  • 9. Native Applications ‫ ﻪ‬External User-Agent : UA Profile ‫ ﻩ‬Use custom URI scheme ‫ ﻩ‬Polling UA window ‫ ﻪ‬Embedded User-Agent ‫ ﻩ‬Check URL Redirection ‫ ﻪ‬Prompt for user credential ‫ ﻩ‬ID/PW to Access Token ‫( ﻯ‬Username and Password Flow) 9
  • 10. Autonomous Clients ‫ ﻪ‬Clients = Resource Owner ‫( ﻩ‬Client Credential Profile) ‫ ﻪ‬Exsisting Trust Relationship / Framework ‫( ﻩ‬Assertion Profile) 10
  • 11. Client credential ‫ ﻪ‬Client credential ‫ ﻩ‬client identifier ‫ ﻩ‬client secret(option) ‫ ﻪ‬AuthN schemes ‫ ﻩ‬Request parameters ‫ ﻩ‬HTTP Basic authN 11
  • 12. Endpoint ‫ ﻪ‬End-user authZ endpoint : Indirect Communication ‫ ﻩ‬Obtaining End-User Authorization ‫ ﻪ‬Token Endpoint : Direct Communication ‫ﻩ‬ Authrorized Code2Access Token ‫ﻩ‬ Resource Owner Credentials2Access Token ‫ﻩ‬ Assertion2Access Token ‫ﻩ‬ Refresh Token 12
  • 13. End-user authZ endpoint ‫ ﻪ‬Request format ‫ ﻩ‬HTTP GET ‫ ﻪ‬Request Params ‫ ﻩ‬type,client_id,redirect_uri,state,scope ‫ ﻩ‬Proposal to use request_url parameter ‫ ﻯ‬Request by Reference ver.1.0 for OAuth 2.0 13
  • 14. End-user authZ endpoint ‫ ﻪ‬Response format ‫ ﻩ‬type = web_server : query parameters ‫ ﻩ‬type = user_agent : URI fragment identifier ‫ ﻪ‬Response params ‫ ﻩ‬type = web_server : code,state ‫ ﻩ‬type = user_agent : access_token,expired_in,state 14
  • 15. Token endpoint ‫ ﻪ‬Request format ‫ ﻩ‬HTTP POST ‫ ﻪ‬Request params ‫ ﻩ‬Client credential + Specific params ‫ ﻩ‬grant_type, scope ‫ ﻯ‬code, redirect_uri ‫ ﻯ‬username, password ‫ ﻯ‬assertion_type, assertion ‫ ﻩ‬refresh_token 15
  • 16. Token endpoint ‫ ﻪ‬Response format ‫ ﻩ‬JSON ‫ ﻪ‬Response params ‫ ﻩ‬access_token, expires_in, refresh_token, scope 16
  • 17. Accessing a Protected Resource ‫ ﻪ‬Params ‫ ﻩ‬Access Token ‫ ﻪ‬Method ‫ ﻩ‬The Authorization Request Header Field ‫ ﻩ‬URI Query Parameter ‫ ﻩ‬Form-Encoded Body Parameter 17
  • 18. OLD SPEC 18
  • 19. Username and Password Profile ‫ ﻪ‬Like Twitter xAuth End-User AuthZ Server Client Protected Resource Characters 19
  • 20. Client Credentials Profile ‫ ﻪ‬Like OAuth Consumer Request (2-legged AuthZ Server OAuth Request) Client Protected Resource Characters 20
  • 21. Assertion Profile ‫ ﻪ‬SAML etc... AuthZ Server Client Protected Resource Characters 21