SlideShare a Scribd company logo

OAuth 1.0

S
simonetripodi

An OAuth 1.0 presentation I gave to an Italian TLC Telco, before OAuth consortium joined IETF. Shows also some differences and combinations with OpenID

Technology
1 of 10
Download to read offline
OAuth Simone Tripodi - Asemantics S.r.l. stripodi@asemantics.com
What’s OAuth? • An Open Protocol to allow secure API authorization in a simple and standard method for mobile, desktop and web application; • a protocol for developing password less APIs; • a way for an application to interact with an API on a user’s behalf without knowing the user’s authentication credentials.
Hypothetical Scenarios “Import pictures from Picasa “Allow Dailymotion read into Virgilio Photo Album” Virgilio’s User data” End User End User Service Consumer Service Provider Consumer Provider
Authorization flow
B2B shared information • Consumer Key: a value used by the Consumer to identify itself to the Service Provider; • Consumer Secret: a secret used by the Consumer to establish ownership of the Consumer Key; • The Consumer establishes a Consumer Key and a Consumer Secret with the Service Provider to be authenticated; the Consumer needs to be registered!
OpenID & OAuth • OpenID: helps determine who you are - AUTHENTICATION; • OAuth: defines how to give access to protected data - AUTHORIZATION; • They are complementary; a site that supports OAuth could also support OpenID for authentication!!!
OpenID & OAuth: Example integration
OAuth is Production Ready!!! • Google • Yahoo! • MySpace • Digg • Twitter • Magnolia • Plaxo ... and much more!
OAuth community • Leaded by Brian Cook & Chris Messina; • Active Google-group: http://groups.google.com/group/oauth/ • Blog: http://blog.oauth.net/ • Many available implementations from OS communities: Java - C# - JavaScript - Perl - PHP ...
Where are we? here

Recommended

CIS14: PingAccess in Action
CIS14: PingAccess in ActionCIS14: PingAccess in Action
CIS14: PingAccess in ActionCloudIDSummit
 
Token, token... From SAML to OIDC
Token, token... From SAML to OIDCToken, token... From SAML to OIDC
Token, token... From SAML to OIDCShiu-Fun Poon
 
IBM APIc API security protection mechanism
IBM APIc API security protection mechanismIBM APIc API security protection mechanism
IBM APIc API security protection mechanismShiu-Fun Poon
 
Pimping the ForgeRock Identity Platform for a Billion Users
Pimping the ForgeRock Identity Platform for a Billion UsersPimping the ForgeRock Identity Platform for a Billion Users
Pimping the ForgeRock Identity Platform for a Billion UsersForgeRock
 
ForgeRock Platform Release - Summer 2016
ForgeRock Platform Release - Summer 2016 ForgeRock Platform Release - Summer 2016
ForgeRock Platform Release - Summer 2016 ForgeRock
 
User-Managed Access: Why and How? - Access Control in Digital Contract Contexts
User-Managed Access: Why and How? - Access Control in Digital Contract ContextsUser-Managed Access: Why and How? - Access Control in Digital Contract Contexts
User-Managed Access: Why and How? - Access Control in Digital Contract ContextsForgeRock
 
K8s idm-devfest
K8s idm-devfestK8s idm-devfest
K8s idm-devfestMarc Boorshtein
 
K8s rbac-sso
K8s rbac-ssoK8s rbac-sso
K8s rbac-ssoMarc Boorshtein
 

Recommended

CIS14: PingAccess in Action
CIS14: PingAccess in ActionCIS14: PingAccess in Action
CIS14: PingAccess in ActionCloudIDSummit
 
Token, token... From SAML to OIDC
Token, token... From SAML to OIDCToken, token... From SAML to OIDC
Token, token... From SAML to OIDCShiu-Fun Poon
 
IBM APIc API security protection mechanism
IBM APIc API security protection mechanismIBM APIc API security protection mechanism
IBM APIc API security protection mechanismShiu-Fun Poon
 
Pimping the ForgeRock Identity Platform for a Billion Users
Pimping the ForgeRock Identity Platform for a Billion UsersPimping the ForgeRock Identity Platform for a Billion Users
Pimping the ForgeRock Identity Platform for a Billion UsersForgeRock
 
ForgeRock Platform Release - Summer 2016
ForgeRock Platform Release - Summer 2016 ForgeRock Platform Release - Summer 2016
ForgeRock Platform Release - Summer 2016 ForgeRock
 
User-Managed Access: Why and How? - Access Control in Digital Contract Contexts
User-Managed Access: Why and How? - Access Control in Digital Contract ContextsUser-Managed Access: Why and How? - Access Control in Digital Contract Contexts
User-Managed Access: Why and How? - Access Control in Digital Contract ContextsForgeRock
 
K8s idm-devfest
K8s idm-devfestK8s idm-devfest
K8s idm-devfestMarc Boorshtein
 
K8s rbac-sso
K8s rbac-ssoK8s rbac-sso
K8s rbac-ssoMarc Boorshtein
 
GDPR Part 4: Better Together Quest & SonicWall
GDPR Part 4: Better Together Quest & SonicWallGDPR Part 4: Better Together Quest & SonicWall
GDPR Part 4: Better Together Quest & SonicWallAdrian Dumitrescu
 
OpenAM Best Practices - Corelio Media Case Study
OpenAM Best Practices - Corelio Media Case Study OpenAM Best Practices - Corelio Media Case Study
OpenAM Best Practices - Corelio Media Case Study ForgeRock
 
Infosec girls training-hackcummins-college-jan-2020(v0.1)
Infosec girls training-hackcummins-college-jan-2020(v0.1)Infosec girls training-hackcummins-college-jan-2020(v0.1)
Infosec girls training-hackcummins-college-jan-2020(v0.1)Shrutirupa Banerjiee
 
OpenID Tutorials
OpenID TutorialsOpenID Tutorials
OpenID TutorialsNao Haida
 
Beyond username and password it's continuous authorization webinar
Beyond username and password it's continuous authorization webinarBeyond username and password it's continuous authorization webinar
Beyond username and password it's continuous authorization webinarForgeRock
 
SFScon 2020 - Alex Lanz Martin Malfertheiner - OAuth2 OpenID
SFScon 2020 - Alex Lanz Martin Malfertheiner - OAuth2 OpenID SFScon 2020 - Alex Lanz Martin Malfertheiner - OAuth2 OpenID
SFScon 2020 - Alex Lanz Martin Malfertheiner - OAuth2 OpenIDSouth Tyrol Free Software Conference
 
OAuth 2.0 with IBM WebSphere DataPower
OAuth 2.0 with IBM WebSphere DataPowerOAuth 2.0 with IBM WebSphere DataPower
OAuth 2.0 with IBM WebSphere DataPowerShiu-Fun Poon
 
NYC Identity Summit Tech Day: Best Practices for API Security
NYC Identity Summit Tech Day: Best Practices for API SecurityNYC Identity Summit Tech Day: Best Practices for API Security
NYC Identity Summit Tech Day: Best Practices for API SecurityForgeRock
 
RESTful API Authentication
RESTful API AuthenticationRESTful API Authentication
RESTful API AuthenticationUttom Akash
 
Rest API Authentication - Uttom Akash
Rest API Authentication - Uttom AkashRest API Authentication - Uttom Akash
Rest API Authentication - Uttom AkashCefalo
 
IoT Wonderland: Understanding the Magic of OAuth2 Device Registration Flow
IoT Wonderland: Understanding the Magic of OAuth2 Device Registration FlowIoT Wonderland: Understanding the Magic of OAuth2 Device Registration Flow
IoT Wonderland: Understanding the Magic of OAuth2 Device Registration FlowForgeRock
 
Wis pr desc
Wis pr descWis pr desc
Wis pr descmikevizzi
 
NYC Identity Summit Tech Day: ForgeRock Identity Platform Overview
NYC Identity Summit Tech Day: ForgeRock Identity Platform OverviewNYC Identity Summit Tech Day: ForgeRock Identity Platform Overview
NYC Identity Summit Tech Day: ForgeRock Identity Platform OverviewForgeRock
 
NYC Identity Summit Business Day: Identity is the Center of Everything (Mike ...
NYC Identity Summit Business Day: Identity is the Center of Everything (Mike ...NYC Identity Summit Business Day: Identity is the Center of Everything (Mike ...
NYC Identity Summit Business Day: Identity is the Center of Everything (Mike ...ForgeRock
 
Digital Trust: How Identity Tackles the Privacy, Security and IoT Challenge
Digital Trust: How Identity Tackles the Privacy, Security and IoT ChallengeDigital Trust: How Identity Tackles the Privacy, Security and IoT Challenge
Digital Trust: How Identity Tackles the Privacy, Security and IoT ChallengeForgeRock
 
Keyrock - Lesson 3. Applications. How to create OAuth2 tokens.
Keyrock - Lesson 3. Applications. How to create OAuth2 tokens.Keyrock - Lesson 3. Applications. How to create OAuth2 tokens.
Keyrock - Lesson 3. Applications. How to create OAuth2 tokens.Álvaro Alonso González
 
OAuth
OAuthOAuth
OAuthAdi Challa
 
Introduction to sitecore identity
Introduction to sitecore identityIntroduction to sitecore identity
Introduction to sitecore identityGopikrishna Gujjula
 
OAuth - Open API Authentication
OAuth - Open API AuthenticationOAuth - Open API Authentication
OAuth - Open API Authenticationleahculver
 
Authorization and Authentication using IdentityServer4
Authorization and Authentication using IdentityServer4Authorization and Authentication using IdentityServer4
Authorization and Authentication using IdentityServer4Aaron Ralls
 
Mobile Authentication - Onboarding, best practices & anti-patterns
Mobile Authentication - Onboarding, best practices & anti-patternsMobile Authentication - Onboarding, best practices & anti-patterns
Mobile Authentication - Onboarding, best practices & anti-patternsPieter Ennes
 
Oauth2.0
Oauth2.0Oauth2.0
Oauth2.0Yasmine Gaber
 

More Related Content

What's hot

GDPR Part 4: Better Together Quest & SonicWall
GDPR Part 4: Better Together Quest & SonicWallGDPR Part 4: Better Together Quest & SonicWall
GDPR Part 4: Better Together Quest & SonicWallAdrian Dumitrescu
 
OpenAM Best Practices - Corelio Media Case Study
OpenAM Best Practices - Corelio Media Case Study OpenAM Best Practices - Corelio Media Case Study
OpenAM Best Practices - Corelio Media Case Study ForgeRock
 
Infosec girls training-hackcummins-college-jan-2020(v0.1)
Infosec girls training-hackcummins-college-jan-2020(v0.1)Infosec girls training-hackcummins-college-jan-2020(v0.1)
Infosec girls training-hackcummins-college-jan-2020(v0.1)Shrutirupa Banerjiee
 
OpenID Tutorials
OpenID TutorialsOpenID Tutorials
OpenID TutorialsNao Haida
 
Beyond username and password it's continuous authorization webinar
Beyond username and password it's continuous authorization webinarBeyond username and password it's continuous authorization webinar
Beyond username and password it's continuous authorization webinarForgeRock
 
OAuth 2.0 with IBM WebSphere DataPower
OAuth 2.0 with IBM WebSphere DataPowerOAuth 2.0 with IBM WebSphere DataPower
OAuth 2.0 with IBM WebSphere DataPowerShiu-Fun Poon
 
NYC Identity Summit Tech Day: Best Practices for API Security
NYC Identity Summit Tech Day: Best Practices for API SecurityNYC Identity Summit Tech Day: Best Practices for API Security
NYC Identity Summit Tech Day: Best Practices for API SecurityForgeRock
 
RESTful API Authentication
RESTful API AuthenticationRESTful API Authentication
RESTful API AuthenticationUttom Akash
 
Rest API Authentication - Uttom Akash
Rest API Authentication - Uttom AkashRest API Authentication - Uttom Akash
Rest API Authentication - Uttom AkashCefalo
 
IoT Wonderland: Understanding the Magic of OAuth2 Device Registration Flow
IoT Wonderland: Understanding the Magic of OAuth2 Device Registration FlowIoT Wonderland: Understanding the Magic of OAuth2 Device Registration Flow
IoT Wonderland: Understanding the Magic of OAuth2 Device Registration FlowForgeRock
 
NYC Identity Summit Tech Day: ForgeRock Identity Platform Overview
NYC Identity Summit Tech Day: ForgeRock Identity Platform OverviewNYC Identity Summit Tech Day: ForgeRock Identity Platform Overview
NYC Identity Summit Tech Day: ForgeRock Identity Platform OverviewForgeRock
 
NYC Identity Summit Business Day: Identity is the Center of Everything (Mike ...
NYC Identity Summit Business Day: Identity is the Center of Everything (Mike ...NYC Identity Summit Business Day: Identity is the Center of Everything (Mike ...
NYC Identity Summit Business Day: Identity is the Center of Everything (Mike ...ForgeRock
 
Digital Trust: How Identity Tackles the Privacy, Security and IoT Challenge
Digital Trust: How Identity Tackles the Privacy, Security and IoT ChallengeDigital Trust: How Identity Tackles the Privacy, Security and IoT Challenge
Digital Trust: How Identity Tackles the Privacy, Security and IoT ChallengeForgeRock
 
Keyrock - Lesson 3. Applications. How to create OAuth2 tokens.
Keyrock - Lesson 3. Applications. How to create OAuth2 tokens.Keyrock - Lesson 3. Applications. How to create OAuth2 tokens.
Keyrock - Lesson 3. Applications. How to create OAuth2 tokens.Álvaro Alonso González
 

What's hot (16)

GDPR Part 4: Better Together Quest & SonicWall
GDPR Part 4: Better Together Quest & SonicWallGDPR Part 4: Better Together Quest & SonicWall
GDPR Part 4: Better Together Quest & SonicWall
 
OpenAM Best Practices - Corelio Media Case Study
OpenAM Best Practices - Corelio Media Case Study OpenAM Best Practices - Corelio Media Case Study
OpenAM Best Practices - Corelio Media Case Study
 
Infosec girls training-hackcummins-college-jan-2020(v0.1)
Infosec girls training-hackcummins-college-jan-2020(v0.1)Infosec girls training-hackcummins-college-jan-2020(v0.1)
Infosec girls training-hackcummins-college-jan-2020(v0.1)
 
OpenID Tutorials
OpenID TutorialsOpenID Tutorials
OpenID Tutorials
 
Beyond username and password it's continuous authorization webinar
Beyond username and password it's continuous authorization webinarBeyond username and password it's continuous authorization webinar
Beyond username and password it's continuous authorization webinar
 
SFScon 2020 - Alex Lanz Martin Malfertheiner - OAuth2 OpenID
SFScon 2020 - Alex Lanz Martin Malfertheiner - OAuth2 OpenID SFScon 2020 - Alex Lanz Martin Malfertheiner - OAuth2 OpenID
SFScon 2020 - Alex Lanz Martin Malfertheiner - OAuth2 OpenID
 
OAuth 2.0 with IBM WebSphere DataPower
OAuth 2.0 with IBM WebSphere DataPowerOAuth 2.0 with IBM WebSphere DataPower
OAuth 2.0 with IBM WebSphere DataPower
 
NYC Identity Summit Tech Day: Best Practices for API Security
NYC Identity Summit Tech Day: Best Practices for API SecurityNYC Identity Summit Tech Day: Best Practices for API Security
NYC Identity Summit Tech Day: Best Practices for API Security
 
RESTful API Authentication
RESTful API AuthenticationRESTful API Authentication
RESTful API Authentication
 
Rest API Authentication - Uttom Akash
Rest API Authentication - Uttom AkashRest API Authentication - Uttom Akash
Rest API Authentication - Uttom Akash
 
IoT Wonderland: Understanding the Magic of OAuth2 Device Registration Flow
IoT Wonderland: Understanding the Magic of OAuth2 Device Registration FlowIoT Wonderland: Understanding the Magic of OAuth2 Device Registration Flow
IoT Wonderland: Understanding the Magic of OAuth2 Device Registration Flow
 
Wis pr desc
Wis pr descWis pr desc
Wis pr desc
 
NYC Identity Summit Tech Day: ForgeRock Identity Platform Overview
NYC Identity Summit Tech Day: ForgeRock Identity Platform OverviewNYC Identity Summit Tech Day: ForgeRock Identity Platform Overview
NYC Identity Summit Tech Day: ForgeRock Identity Platform Overview
 
NYC Identity Summit Business Day: Identity is the Center of Everything (Mike ...
NYC Identity Summit Business Day: Identity is the Center of Everything (Mike ...NYC Identity Summit Business Day: Identity is the Center of Everything (Mike ...
NYC Identity Summit Business Day: Identity is the Center of Everything (Mike ...
 
Digital Trust: How Identity Tackles the Privacy, Security and IoT Challenge
Digital Trust: How Identity Tackles the Privacy, Security and IoT ChallengeDigital Trust: How Identity Tackles the Privacy, Security and IoT Challenge
Digital Trust: How Identity Tackles the Privacy, Security and IoT Challenge
 
Keyrock - Lesson 3. Applications. How to create OAuth2 tokens.
Keyrock - Lesson 3. Applications. How to create OAuth2 tokens.Keyrock - Lesson 3. Applications. How to create OAuth2 tokens.
Keyrock - Lesson 3. Applications. How to create OAuth2 tokens.
 

Similar to OAuth 1.0

Introduction to sitecore identity
Introduction to sitecore identityIntroduction to sitecore identity
Introduction to sitecore identityGopikrishna Gujjula
 
OAuth - Open API Authentication
OAuth - Open API AuthenticationOAuth - Open API Authentication
OAuth - Open API Authenticationleahculver
 
Authorization and Authentication using IdentityServer4
Authorization and Authentication using IdentityServer4Authorization and Authentication using IdentityServer4
Authorization and Authentication using IdentityServer4Aaron Ralls
 
Mobile Authentication - Onboarding, best practices & anti-patterns
Mobile Authentication - Onboarding, best practices & anti-patternsMobile Authentication - Onboarding, best practices & anti-patterns
Mobile Authentication - Onboarding, best practices & anti-patternsPieter Ennes
 
Intro to OAuth2 and OpenID Connect
Intro to OAuth2 and OpenID ConnectIntro to OAuth2 and OpenID Connect
Intro to OAuth2 and OpenID ConnectLiamWadman
 
Social Single Sign-On with OpenID Connect
Social Single Sign-On with OpenID ConnectSocial Single Sign-On with OpenID Connect
Social Single Sign-On with OpenID ConnectJames Melville
 
Oauth Behind The Scenes
Oauth Behind The Scenes Oauth Behind The Scenes
Oauth Behind The Scenes Thang Tran Duc
 
Web Services with OAuth
Web Services with OAuthWeb Services with OAuth
Web Services with OAuthMarcus Ramberg
 
WSO2 Identity Server - Getting Started
WSO2 Identity Server - Getting StartedWSO2 Identity Server - Getting Started
WSO2 Identity Server - Getting StartedIsmaeel Enjreny
 
The Platform Big Picture
The Platform Big PictureThe Platform Big Picture
The Platform Big PictureForgeRock
 
OpenID vs OAuth - Identity on the Web
OpenID vs OAuth - Identity on the WebOpenID vs OAuth - Identity on the Web
OpenID vs OAuth - Identity on the WebRichard Metzler
 
Securing .NET Core, ASP.NET Core applications
Securing .NET Core, ASP.NET Core applicationsSecuring .NET Core, ASP.NET Core applications
Securing .NET Core, ASP.NET Core applicationsNETUserGroupBern
 

Similar to OAuth 1.0 (20)

OAuth
OAuthOAuth
OAuth
 
Introduction to sitecore identity
Introduction to sitecore identityIntroduction to sitecore identity
Introduction to sitecore identity
 
OAuth - Open API Authentication
OAuth - Open API AuthenticationOAuth - Open API Authentication
OAuth - Open API Authentication
 
Authorization and Authentication using IdentityServer4
Authorization and Authentication using IdentityServer4Authorization and Authentication using IdentityServer4
Authorization and Authentication using IdentityServer4
 
Mobile Authentication - Onboarding, best practices & anti-patterns
Mobile Authentication - Onboarding, best practices & anti-patternsMobile Authentication - Onboarding, best practices & anti-patterns
Mobile Authentication - Onboarding, best practices & anti-patterns
 
Oauth2.0
Oauth2.0Oauth2.0
Oauth2.0
 
Intro to OAuth2 and OpenID Connect
Intro to OAuth2 and OpenID ConnectIntro to OAuth2 and OpenID Connect
Intro to OAuth2 and OpenID Connect
 
Social Single Sign-On with OpenID Connect
Social Single Sign-On with OpenID ConnectSocial Single Sign-On with OpenID Connect
Social Single Sign-On with OpenID Connect
 
OAuth2.0
OAuth2.0OAuth2.0
OAuth2.0
 
Oauth Behind The Scenes
Oauth Behind The Scenes Oauth Behind The Scenes
Oauth Behind The Scenes
 
OAuth
OAuthOAuth
OAuth
 
OAuth
OAuthOAuth
OAuth
 
OAuth
OAuthOAuth
OAuth
 
OAuth
OAuthOAuth
OAuth
 
Web Services with OAuth
Web Services with OAuthWeb Services with OAuth
Web Services with OAuth
 
WSO2 Identity Server - Getting Started
WSO2 Identity Server - Getting StartedWSO2 Identity Server - Getting Started
WSO2 Identity Server - Getting Started
 
The Platform Big Picture
The Platform Big PictureThe Platform Big Picture
The Platform Big Picture
 
Enhancing your Security APIs
Enhancing your Security APIsEnhancing your Security APIs
Enhancing your Security APIs
 
OpenID vs OAuth - Identity on the Web
OpenID vs OAuth - Identity on the WebOpenID vs OAuth - Identity on the Web
OpenID vs OAuth - Identity on the Web
 
Securing .NET Core, ASP.NET Core applications
Securing .NET Core, ASP.NET Core applicationsSecuring .NET Core, ASP.NET Core applications
Securing .NET Core, ASP.NET Core applications
 

Recently uploaded

Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelMcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelDeepika Singh
 
Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityPlatformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityWSO2
 
Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Zilliz
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyKhushali Kathiriya
 
WSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...apidays
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Jeffrey Haguewood
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesrafiqahmad00786416
 
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​Bhuvaneswari Subramani
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamUiPathCommunity
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...Zilliz
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDropbox
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MIND CTI
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc
 
Vector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxVector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxRemote DBA Services
 

Recently uploaded (20)

Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelMcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
 
Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityPlatformless Horizons for Digital Adaptability
Platformless Horizons for Digital Adaptability
 
Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
WSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering Developers
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
 
Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Vector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxVector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptx
 

OAuth 1.0

  • 1. OAuth Simone Tripodi - Asemantics S.r.l. stripodi@asemantics.com
  • 2. What’s OAuth? • An Open Protocol to allow secure API authorization in a simple and standard method for mobile, desktop and web application; • a protocol for developing password less APIs; • a way for an application to interact with an API on a user’s behalf without knowing the user’s authentication credentials.
  • 3. Hypothetical Scenarios “Import pictures from Picasa “Allow Dailymotion read into Virgilio Photo Album” Virgilio’s User data” End User End User Service Consumer Service Provider Consumer Provider
  • 5. B2B shared information • Consumer Key: a value used by the Consumer to identify itself to the Service Provider; • Consumer Secret: a secret used by the Consumer to establish ownership of the Consumer Key; • The Consumer establishes a Consumer Key and a Consumer Secret with the Service Provider to be authenticated; the Consumer needs to be registered!
  • 6. OpenID & OAuth • OpenID: helps determine who you are - AUTHENTICATION; • OAuth: defines how to give access to protected data - AUTHORIZATION; • They are complementary; a site that supports OAuth could also support OpenID for authentication!!!
  • 7. OpenID & OAuth: Example integration
  • 8. OAuth is Production Ready!!! • Google • Yahoo! • MySpace • Digg • Twitter • Magnolia • Plaxo ... and much more!
  • 9. OAuth community • Leaded by Brian Cook & Chris Messina; • Active Google-group: http://groups.google.com/group/oauth/ • Blog: http://blog.oauth.net/ • Many available implementations from OS communities: Java - C# - JavaScript - Perl - PHP ...