Everything OAuth

Nov. 12, 2010
Everything OAuth
Everything OAuth
Everything OAuth
Everything OAuth
Everything OAuth
Everything OAuth
Everything OAuth
Everything OAuth
Everything OAuth
Everything OAuth
Everything OAuth
Everything OAuth
Everything OAuth
Everything OAuth
Everything OAuth
Everything OAuth
Everything OAuth
Everything OAuth
Everything OAuth
Everything OAuth
Everything OAuth
Everything OAuth
Everything OAuth
Everything OAuth
Everything OAuth
Everything OAuth
Everything OAuth
Everything OAuth
Everything OAuth
Everything OAuth
Everything OAuth
Everything OAuth
Everything OAuth
Everything OAuth
Everything OAuth
Everything OAuth
Everything OAuth
Everything OAuth
Everything OAuth
Everything OAuth
Everything OAuth
Everything OAuth
Everything OAuth
Everything OAuth
Everything OAuth
Everything OAuth
Everything OAuth
Everything OAuth
Everything OAuth
Everything OAuth
Everything OAuth
Everything OAuth
Everything OAuth
Everything OAuth
Everything OAuth
Everything OAuth
Everything OAuth
Everything OAuth
Everything OAuth
Everything OAuth
Everything OAuth
Everything OAuth
Everything OAuth
Everything OAuth
Everything OAuth
Everything OAuth
Everything OAuth
1 of 67

More Related Content

Viewers also liked

Native Cross-Platform-Apps mit Titanium Mobile und AlloyNative Cross-Platform-Apps mit Titanium Mobile und Alloy
Native Cross-Platform-Apps mit Titanium Mobile und AlloyMayflower GmbH
Test-Driven JavaScript Development IPCTest-Driven JavaScript Development IPC
Test-Driven JavaScript Development IPCMayflower GmbH
Mongo DB - Segen oder FluchMongo DB - Segen oder Fluch
Mongo DB - Segen oder FluchMayflower GmbH
Api Design & The Paris SubwayApi Design & The Paris Subway
Api Design & The Paris SubwayBruno Pedro
Activity Streams And ContextsActivity Streams And Contexts
Activity Streams And ContextsBruno Pedro
Maintainable consumersMaintainable consumers
Maintainable consumersBruno Pedro

More from Bruno Pedro

What are Web APIsWhat are Web APIs
What are Web APIsBruno Pedro
Growing your business with an APIGrowing your business with an API
Growing your business with an APIBruno Pedro
Product growth with an APIProduct growth with an API
Product growth with an APIBruno Pedro
How to grow your business with an APIHow to grow your business with an API
How to grow your business with an APIBruno Pedro
How to Automate API TestingHow to Automate API Testing
How to Automate API TestingBruno Pedro
OAuth checklistOAuth checklist
OAuth checklistBruno Pedro

Recently uploaded

Product Listing Presentation_Cathy.pptxProduct Listing Presentation_Cathy.pptx
Product Listing Presentation_Cathy.pptxCatarinaTorrenuevaMa
Improving Employee Experiences on Cisco RoomOS Devices, Webex, and Microsoft ...Improving Employee Experiences on Cisco RoomOS Devices, Webex, and Microsoft ...
Improving Employee Experiences on Cisco RoomOS Devices, Webex, and Microsoft ...ThousandEyes
Announcing InfluxDB ClusteredAnnouncing InfluxDB Clustered
Announcing InfluxDB ClusteredInfluxData
Navigating the FutureNavigating the Future
Navigating the FutureOnBoard
Scaling out with WordPressScaling out with WordPress
Scaling out with WordPressKonstantin Kovshenin
Understanding Wireguard, TLS and Workload IdentityUnderstanding Wireguard, TLS and Workload Identity
Understanding Wireguard, TLS and Workload IdentityChristian Posta

Editor's Notes

  1. Authorization - used most of the time Authentication - 2 legged OAuth, “sign in with twitter”, no to be confused with OpenID Built as an Open Protocol on top of already existing solutions (Amazon,Yahoo)
  2. Blaine Cook from twitter, Chris Messina, David Recordon,Larry Halff from magnolia and others
  3. RFC only published in April 2010
  4. Authorization - used most of the time Authentication - 2 legged OAuth, “sign in with twitter”, no to be confused with OpenID Built as an Open Protocol on top of already existing solutions (Amazon,Yahoo)
  5. Authorization - used most of the time Authentication - 2 legged OAuth, “sign in with twitter”, no to be confused with OpenID Built as an Open Protocol on top of already existing solutions (Amazon,Yahoo)
  6. Example from twitter connections settings
  7. Example from facebook where you can revoke apps and also individual permissions
  8. Example from facebook where you can revoke apps and also individual permissions
  9. Let’s see an example (next slide)
  10. OOB = Out of Band aka PIN OAuth
  11. Consumer sends along info about service provider and asks to verify credentials
  12. OAuthpocalypse happened on August 31st 2010
  13. Prevents man-in-the-middle attack
  14. SAML: Security Assertion Markup Language