The Present Future of OAuth
•
22 likes•16,563 views
An exploration into the past, present and future of the OAuth protocol.
Recommended
More Related Content
What's hot
What's hot (20)
Viewers also liked
Viewers also liked (20)
Similar to The Present Future of OAuth
Similar to The Present Future of OAuth (20)
More from Michael Bleigh
More from Michael Bleigh (10)
Recently uploaded
Recently uploaded (20)
The Present Future of OAuth
- 1. OAUTH
- 2. MICHAEL BLEIGH PRESENTS THE PRESENT FUTURE OF OAUTH with drawings
- 3. PROLOGUE
- 5. I W O R K AT INTRIDEA
- 7. “HEY, WOULD ANYONE BE INTERESTED IN GIVING A TALK ABOUT OAUTH AT RAILSCONF?”
- 8. “NO WAY, I MIGHT FALL ASLEEP WHILE SPEAKING”
- 9. “HMM...I’D BETTER ADD SOME DRAWINGS.”
- 10. T H I S TA L K IS ABOUT OPEN WEB STANDARDS
- 11. ACT I IN WHICH THE PROBLEM IS DESCRIBED
- 12. IN THE BEGINNING, THERE WERE WEB APPS
- 13. WEB APP
- 14. WEB APP
- 15. WEB WEB APP A APP B
- 16. “HEY, MY USERS WANT TO ACCESS YOUR STUFF.” WEB WEB APP A APP B
- 17. WEB WEB APP A APP B + API
- 18. HTTP BASIC
- 19. r d@ ... swo r :p as p: //use h tt Autho dXNlc rizatio jpwYX n: Bas Nzd29 ic yZA==
- 20. OK, HERE’S THE KEYS. WEB WEB APP A APP B + API
- 21. WEB WEB APP A APP B + API
- 22. WEB WEB APP A APP B + API
- 23. FUBAR FAILED USER BAR FOR AUTHORIZATION ROBUSTNESS *COUGH*
- 25. ACT 2 IN WHICH A N E W W AY IS CREATED
- 26. CHRIS MESSINA BLAINE COOK LARRY HALFF DAVID RECORDON
- 27. “HEY, WOULDN’T IT BE G R E AT T O H AV E A N OPEN AUTHORIZATION STANDARD”
- 28. “TOTALLY, LET’S MAKE ONE AND CALL IT OAUTH.”
- 29. FOOTAGE MISSING
- 30. WEB WEB APP A APP B
- 31. WEB WEB APP A APP B
- 32. “HEY, MY USER WANTS TO ACCESS YOUR STUFF.” WEB WEB APP A APP B
- 33. WEB WEB APP A APP B
- 34. WEB WEB APP A APP B
- 35. “WHAT’S YOUR PASSWORD?” “PASSWORD” WEB WEB APP A APP B
- 37. WEB WEB APP A APP B
- 38. WEB WEB APP A APP B
- 39. ADVAN TAGES
- 40. 1. SECURE
- 41. 2. RESTRICTABLE “DELETE ALL USER DATA” “UMMM....NO” WEB WEB APP A APP B
- 42. 3. REVOCABLE K * O IN * Y WEB APP B
- 43. 3. STANDARD WEB WEB WEB APP A APP C APP D WEB WEB APP E APP F
- 45. 1. COMPLICATED “OK, SO IT’S FIST BUMP, DOUBLE-HIGH FIVE...” WEB WEB APP A “NO NO, FIRST APP B YOU REVERSE LOW FIVE...”
- 48. WE CAN DO BETTER
- 49. ACT 3 IN WHICH WE LEARN FROM OUR MISTAKES
- 52. OAUTH 2.0
- 53. IMPROVE MENTS
- 54. 1. SIMPLER WEB APP A < SSL > WEB APP B
- 55. 2. FLOWS
- 56. WEB SERVER WEB WEB APP A APP B
- 58. DEVICE WEB APP A SET-TOPPER
- 64. CLIENT CREDENTIALS WEB WEB APP A APP B
- 65. ASSERTION CERTIFICATE OF AUTHENTICITY WEB WEB APP A APP B
- 66. FLEX- IBILITY
- 67. ACT 4 IN WHICH WE GET DOWN TO BUSINESS
- 68. WHO’S DOING IT RIGHT NOW?
- 69. WHO WILL BE DOING IT SOON?
- 70. WHO WILL BE DOING IT SOON? YOU
- 71. CONSUMING OAU T H 2 . 0
- 72. # in Gemfile gem 'oauth2' $ rails g controller oauth # in routes.rb resource :oauth, :controller => 'oauth' do get :start get :callback end
- 73. class OauthController < ApplicationController def start redirect_to client.web_server.authorize_url( :redirect_uri => callback_oauth_url(:format => 'json'), :scope => 'user' ) end def callback access_token = client.web_server.get_access_token( params[:code], :redirect_uri => callback_oauth_url(:format => 'json') ) # you should store the access token info now. render :json => access_token.get('/api/v2/json/user/show') end protected def client @client ||= OAuth2::Client.new( '296e901b0e6ab74db167', '625fe65c7f74ee4a015d121efb011a45776d510d', :site => 'https://github.com', :authorize_path => '/login/oauth/authorize', :access_token_path => '/login/oauth/access_token' ) end end