Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Kaunas jug presentation

78 views

Published on

Oauth presentation

Published in: Internet
  • Be the first to comment

  • Be the first to like this

Kaunas jug presentation

  1. 1. 1 Introduction to Oauth
  2. 2. 2 About me Adomas Greičius Java /Scala developer
  3. 3. 3 Pre Oauth time If You want to send invitation to everyone that is in your email address book using third party service, you need to share credential It could not work if there is two factor authentication If it works that third party has access to all additional services like Wallet or Pictures
  4. 4. 4 Glossary of OAuth terms ● * Resource owner (a.k.a. the User) - An entity capable of granting access to a protected resource. When the resource owner is a person, it is referred to as an end-user. ● * Resource server (a.k.a. the API server) - The server hosting the protected resources, capable of accepting and responding to protected resource requests using access tokens. ● * Client - An application making protected resource requests on behalf of the resource owner and with its authorization. The term client does not imply any particular implementation characteristics (e.g. whether the application executes on a server, a desktop, or other devices). ● * Authorization server - The server issuing access tokens to the client after successfully authenticating the resource owner and obtaining authorization.
  5. 5. 5 How it work with oauth? User Client Protected Resource Oauth2
  6. 6. 6 Oauth Endpoint Authorization Endpoint The authorization endpoint is the endpoint on the authorization server where the resource owner logs in, and grants authorization to the client application. Token Endpoint The token endpoint is the endpoint on the authorization server where the client application exchanges the authorization code, client ID and client secret, for an access token.
  7. 7. 7 Type oauth ● Authorization code grant ● Implicit grant ● Resource owner credentials grant ● Client credentials grant ● Refresh token grant
  8. 8. 8 Authorization code grant Browser Client Protected Resource OAuth server 1.Get mail 2. Get Mail 3. Get mail 4. Not authorized 5. Redirect to Oauth 6.openoauthpage 7.Loginpage 9. Puts credentials 10putscrediantails 11.Redirecttoclient 12.Get main 15. Get mail 16. Return mail 17. Return mail 8 .Ask credentials 13.Getaccesstoken 14.Returnaccesstoken 18. Return mail
  9. 9. 9 Authorization Request The authorization request is sent to the authorization endpoint to obtain an authorization code. Here are the parameters used in the request: ● response_type Required. Must be set to code ● client_id Required. The client identifier as assigned by the authorization server, when the client was registered. ● redirect_uri Optional. The redirect URI registered by the client. ● scopeOptional. The possible scope of the request. ● state Optional (recommended). Any client state that needs to be passed on to the client request URI.
  10. 10. 10 Token Request client_id Required. The client application's id. client_secret Required. The client application's client secret . grant_type Required. Must be set to authorization_code . code Required. The authorization code received by the authorization server. redirect_uri Required, if the request URI was included in the authorization request. Must be identical then.
  11. 11. 11 Demo
  12. 12. 12 Implicit grant Browser Client Protected Resource OAuth server 1.Get mail 2. Get Mail 3. Get mail 4. Not authorized 5. Redirect to Oauth 6.openoauthpage 7.Loginpage 9. Puts credentials 10putscrediantails 11.Redirecttoclient 12.Get main 13. Get mail 14. Return mail 15. Return mail 8 .Ask credentials 16. Return mail
  13. 13. 13 Demo
  14. 14. 14 Resource owner credentials grant Browser Client Protected Resource OAuth server 1.Get mail 2. Get Mail 3. Get mail 4. Not authorized 5. Redirect to Login page 10Returntoken 7. Puts credentials 9Gettoken 8.Pass credentials 11. Get mail 12. Return mail 13. Return mail 6 .Ask credentials 14. Return mail
  15. 15. 15 Demo
  16. 16. 16 Client credentials grant Browser Client Protected Resource OAuth server 1.Get mail 2. Get Mail 6. Get mail 5Returntoken 4Gettoken 7. Return mail 9. Return mail 10. Return mail
  17. 17. 17 Props ● Ease. ● Time. ● Privacy. ● Security. ● Control. ● Save Expenses. ● Popularity.
  18. 18. 18 Cons ● Lack of anonymity. ● Lack of market saturation. ● Phishing. ● Many eggs in one basket. ● Bad precedents.

×