Upcoming SlideShare
-
Full NameComment goes here.Delete Reply Spam Block
-
Roland Davis , Consultant at Nulli at NulliHi Victor, are the sample applications for the iPhone available for download somewhere?Reply
No Downloads
Views
Total views
8,535
On SlideShare
From Embeds
Number of Embeds
4
Actions
Shares
0
Downloads
159
Comments
1
Likes
6
Embeds
No notes for slide
Shoot Me a Token: OpenAM as an OAuth2 Provider
- 1. Open Identity SummitShoot me a TOKENOpenAM OAuth2 ProviderVíctor AkéProduct Manager for OpenAMForgeRock
- 2. Open Identity SummitNew Paradigm for the Modern Web! Converged Cloud creates new identity challenges for the enterprise! Mobile devices proliferate new granular identity dimension! As Big Data volumes grow, identity within high value data subsetsvital! Social moves the web identity experience from “anonymous” to“personal”Mobile Social Cloud Enterprise Things
- 3. Open Identity SummitForgeRock Open Identity Stack
- 4. Open Identity SummitThe Good, The Bad and The Ugly“You see, in this worldtheres two kinds ofAPIs, my friend:Those that arelightweight and thosethat make you dig”
- 5. Open Identity SummitOn-Premise vs Cloud/Social/MobileSOAPXMLRESTJSON
- 6. Open Identity SummitOAuth2, OpenID Connect, RESTREST EndpointsMobile Social Cloud Enterprise ThingsOpenAM CoreHTTP(s)JSONAuthN AuthZSessionValidationIdentityManagementOAuth2RealmMgmtOpenIDConnectLogging
- 7. Open Identity Summit
- 8. Open Identity SummitOAuth2! Authorization protocol! Grant access to third parties! Parties do not share sensitive user information, i.e. nocredentials are shared! Used to grant limited access during limited time to specificresources! Developed by the IETF Working group
- 9. Open Identity SummitWho is using OAuth2
- 10. Open Identity SummitHow does it work! Authorization Code Flow Grant! Implicit flow Grant! Resource Owner PasswordUse Case: For Web ApplicationsUse Case: For Mobile Applications! Client Credentials Flow! SAML2 Token InsertionUse Case: For Application to Application
- 11. Open Identity SummitAuthorization Code Flow23456ClientProviderProtectedResource17
- 12. Open Identity SummitResource Owner Password Flow3ClientProviderProtectedResource142
- 13. Open Identity SummitOAuth2 TokensAccess TokenREFRESH TokenUsed to access a protected resource.Obtained through one of the grant flowsLife time short (minutes, hours)Used to obtain a new access tokenObtained through one of the grant flowsLife time long (days, weeks, months)
- 14. Open Identity SummitWebAppNativeAppNativeAppWebAppLoginAppREST/OAuth2/OpenIDConnectAuthenticationAuthorizationAttribute DeliveryFederationSSOToken PersistenceSession MgmtOAuth2 ProviderOpenAMCloudEnterprise
- 15. Open Identity Summit“You see, in thisworld theres twokinds of APIs, myfriend: Those thatare lightweightand those thatmake you dig”Demo
- 16. Open Identity Summit2 Applications in the iPhoneSSO DemoObtains an OAuth2 Refresh and Access Token using theAuthorization Code Grant and then stores it locally in the iPhonekeyringAccess User Profile info with the Access TokenRefreshes the Access Token when it expires using the refresh tokenOauth2 DemoRetrieves the Access Token from the iPhone keyringAccess User Profile info with the Access Token
- 17. Open Identity Summit
- 18. Open Identity Summit
- 19. Open Identity Summit
- 20. Open Identity Summit
- 21. Q&A