Introduction to OAuth
Wei-Tsung Su
10/30/2013 (Ver. 1.0)

Ubiquitous Computing & Ambient Networking Laboratory

Page : 1
OAuth
• OAuth is an open standard of authorization. (Wikipedia)
• OAuth attempts to provide a standard way for developers ...
OAuth 2.0 Protocol Flow

(3) Authorization
Request
(4) Access
Token

(1) Authorization
Request
(2) Authorization
Grant

Re...
OAuth 2.0: Case Study
• Resource owner
– You

• Client
– Google Calendar APIs Explorer

• Authorization server
– Google OA...
OAuth 2.0: Case Study (con’t)

(3) Authorization
Request
(1) Authorization
Request
(2) Authorization
Grant

Resource Owner...
Authorization Grant
•

There are four ways how a user grants the authorization to a client
– Authorization Code
•
•
•
•

T...
Access Token
• Access token
– is a credential used to access protected resources.
– is a string (usually opaque to the cli...
References
• OAuth Official Sites
– http://oauth.net/
– http://wiki.oauth.net

• OAuth 2.0 Implementations
– http://wiki.o...
Upcoming SlideShare
Loading in …5
×

Introduction to OAuth

981 views

Published on

Published in: Technology, News & Politics
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
981
On SlideShare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
10
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Introduction to OAuth

  1. 1. Introduction to OAuth Wei-Tsung Su 10/30/2013 (Ver. 1.0) Ubiquitous Computing & Ambient Networking Laboratory Page : 1
  2. 2. OAuth • OAuth is an open standard of authorization. (Wikipedia) • OAuth attempts to provide a standard way for developers to offer their services via an API without forcing their users to expose their passwords (and other credentials). (oauth.net) • Standard – RFC 6749: The OAuth 2.0 Authorization Framework – RFC 5849: The OAuth 1.0 Protocol • Implementation – Apache Oltu (http://oltu.apache.org/) – Others on .NET, PHP, Ruby, Python, … Ubiquitous Computing & Ambient Networking Laboratory Page : 2
  3. 3. OAuth 2.0 Protocol Flow (3) Authorization Request (4) Access Token (1) Authorization Request (2) Authorization Grant Resource Owner (User) Authorization Server Client (5) Access Token API (6) Protected Resource Ubiquitous Computing & Ambient Networking Laboratory Resource Server Page : 3
  4. 4. OAuth 2.0: Case Study • Resource owner – You • Client – Google Calendar APIs Explorer • Authorization server – Google OAuth 2.0 Server • API – Google Calendar APIs • Resource Server – Google Calendar Ubiquitous Computing & Ambient Networking Laboratory Page : 4
  5. 5. OAuth 2.0: Case Study (con’t) (3) Authorization Request (1) Authorization Request (2) Authorization Grant Resource Owner (User) Google Calendar APIs Explorer (4) Access Token (5) Access Token (6) Protected Resource Google OAuth 2.0 Server Google Calendar APIs Ubiquitous Computing & Ambient Networking Laboratory Google Calendar Server (to access your Google calendar data) Page : 5
  6. 6. Authorization Grant • There are four ways how a user grants the authorization to a client – Authorization Code • • • • The client directs the user to authorization server The user inputs ID/PWD on authorization server. The authorization server sends authorization code to client The client sends authorization code to authorization server for obtaining the access token – Implicit • Simplifying the above process, the client can directly obtain the access token – Resource Owner Password Credentials (less security) • The users inputs ID/PWD on the client • The client sends the ID/PWD to authorization server for obtaining the access token – Client Credentials • Used when the client is also the resource owner or • The authorization of access protected resources are previously arranged to the client with the authorization server Ubiquitous Computing & Ambient Networking Laboratory Page : 6
  7. 7. Access Token • Access token – is a credential used to access protected resources. – is a string (usually opaque to the client) representing an authorization issued to the client. – represents specific scopes and durations of access, granted by the resource owner, and enforced by the resource server and authorization server. • Standard – RFC 6750: The OAuth 2.0 Authorization Framework: Bearer Token Usage Ubiquitous Computing & Ambient Networking Laboratory Page : 7
  8. 8. References • OAuth Official Sites – http://oauth.net/ – http://wiki.oauth.net • OAuth 2.0 Implementations – http://wiki.oauth.net/w/page/25236487/OAuth Ubiquitous Computing & Ambient Networking Laboratory Page : 8

×