Everything OAuth

• 

  Maziar Aboualizadeh Behbahani , CTO at CourseNetworking at CourseNetworking

  1 year ago
• 

  Iwan Buetti , Freelance software developer at Autorità per l'energia elettrica e il gas

  2 years ago
• 

  ahmy

  3 years ago
• 

  J. Albert Bowden , Front-End Engineer, UI/UX at bowdenweb

  3 years ago
• 

  Stelio Gouveia , Senior Software Engineer at Skyrove

  3 years ago

---

Authorization - used most of the time
Authentication - 2 legged OAuth, “sign in with twitter”, no to be confused with OpenID
Built as an Open Protocol on top of already existing solutions (Amazon,Yahoo)

Blaine Cook from twitter, Chris Messina, David Recordon,Larry Halff from magnolia and others

RFC only published in April 2010

Authorization - used most of the time
Authentication - 2 legged OAuth, “sign in with twitter”, no to be confused with OpenID
Built as an Open Protocol on top of already existing solutions (Amazon,Yahoo)

Authorization - used most of the time
Authentication - 2 legged OAuth, “sign in with twitter”, no to be confused with OpenID
Built as an Open Protocol on top of already existing solutions (Amazon,Yahoo)

Example from twitter connections settings

Example from facebook where you can revoke apps and also individual permissions

Example from facebook where you can revoke apps and also individual permissions

Let’s see an example (next slide)

OOB = Out of Band aka PIN OAuth

Consumer sends along info about service provider and asks to verify credentials

OAuthpocalypse happened on August 31st 2010

Prevents man-in-the-middle attack

SAML: Security Assertion Markup Language