Submit Search
Upload
The Present Future of OAuth
•
22 likes
•
16,563 views
Michael Bleigh
Follow
An exploration into the past, present and future of the OAuth protocol.
Read less
Read more
Technology
Design
Report
Share
Report
Share
1 of 76
Download now
Download to read offline
Recommended
Elixir experiments presentation
Elixir experiments presentation
Przemyslaw Krowinski
A Step By Step Guide On Setting Up Free Wordpress Blog For Newbies Part 1
A Step By Step Guide On Setting Up Free Wordpress Blog For Newbies Part 1
Nezel Yurong
Better than google.
Better than google.
Arica Santos
Your Site vs. The World
Your Site vs. The World
Jason Cosper
BETTER THAN GOOGLE
BETTER THAN GOOGLE
LeonardoAguiar52
Better than google.
Better than google.
videosdoserto
Better than google
Better than google
clevanisilva
Better than google. (1)
Better than google. (1)
WallaceHallandaCosta
Recommended
Elixir experiments presentation
Elixir experiments presentation
Przemyslaw Krowinski
A Step By Step Guide On Setting Up Free Wordpress Blog For Newbies Part 1
A Step By Step Guide On Setting Up Free Wordpress Blog For Newbies Part 1
Nezel Yurong
Better than google.
Better than google.
Arica Santos
Your Site vs. The World
Your Site vs. The World
Jason Cosper
BETTER THAN GOOGLE
BETTER THAN GOOGLE
LeonardoAguiar52
Better than google.
Better than google.
videosdoserto
Better than google
Better than google
clevanisilva
Better than google. (1)
Better than google. (1)
WallaceHallandaCosta
Better than Google.
Better than Google.
Laise3
Better than google
Better than google
vitalhst
BETTER THAN GOOGLE.
BETTER THAN GOOGLE.
MarceloAlmeida578994
Codemotion Progressive Web Applications Pwa Webinar - Jorge Ferreiro - @jgfer...
Codemotion Progressive Web Applications Pwa Webinar - Jorge Ferreiro - @jgfer...
Jorge Ferreiro
Riann salandanan howtouse_canva
Riann salandanan howtouse_canva
Riann Salandanan
That's crazy! how to build single page web apps
That's crazy! how to build single page web apps
Chris Love
Webhooks - Creating a Programmable Internet
Webhooks - Creating a Programmable Internet
ryan teixeira
Riann salandanan howtouse_ifttt
Riann salandanan howtouse_ifttt
Riann Salandanan
Riann salandanan howtouse_dropbox
Riann salandanan howtouse_dropbox
Riann Salandanan
RabbitMQ 101 : How to cook the rabbit? - phptour 2016
RabbitMQ 101 : How to cook the rabbit? - phptour 2016
Quentin Adam
It automation & devops - devopsdays istambul 2016
It automation & devops - devopsdays istambul 2016
Quentin Adam
PHP deployment, 2016 flavor - cakefest 2016
PHP deployment, 2016 flavor - cakefest 2016
Quentin Adam
Riann salandanan howtouse_evernote -
Riann salandanan howtouse_evernote -
Riann Salandanan
HTML (or how the web got started)
HTML (or how the web got started)
Jean-Georges Perrin
Api pain points
Api pain points
Phil Sturgeon
Autopilot
Autopilot
coseng zuiken
Autopilotnew money money $$
Autopilotnew money money $$
KamilBejm1
Riann salandanan howtouse_asana
Riann salandanan howtouse_asana
Riann Salandanan
Make mobile web apps rock
Make mobile web apps rock
Chris Love
Pressbooks: WordCamp Minneapolis 2013
Pressbooks: WordCamp Minneapolis 2013
Nick Ciske
OAuth - Open API Authentication
OAuth - Open API Authentication
leahculver
Java security in the real world (Ryan Sciampacone)
Java security in the real world (Ryan Sciampacone)
Chris Bailey
More Related Content
What's hot
Better than Google.
Better than Google.
Laise3
Better than google
Better than google
vitalhst
BETTER THAN GOOGLE.
BETTER THAN GOOGLE.
MarceloAlmeida578994
Codemotion Progressive Web Applications Pwa Webinar - Jorge Ferreiro - @jgfer...
Codemotion Progressive Web Applications Pwa Webinar - Jorge Ferreiro - @jgfer...
Jorge Ferreiro
Riann salandanan howtouse_canva
Riann salandanan howtouse_canva
Riann Salandanan
That's crazy! how to build single page web apps
That's crazy! how to build single page web apps
Chris Love
Webhooks - Creating a Programmable Internet
Webhooks - Creating a Programmable Internet
ryan teixeira
Riann salandanan howtouse_ifttt
Riann salandanan howtouse_ifttt
Riann Salandanan
Riann salandanan howtouse_dropbox
Riann salandanan howtouse_dropbox
Riann Salandanan
RabbitMQ 101 : How to cook the rabbit? - phptour 2016
RabbitMQ 101 : How to cook the rabbit? - phptour 2016
Quentin Adam
It automation & devops - devopsdays istambul 2016
It automation & devops - devopsdays istambul 2016
Quentin Adam
PHP deployment, 2016 flavor - cakefest 2016
PHP deployment, 2016 flavor - cakefest 2016
Quentin Adam
Riann salandanan howtouse_evernote -
Riann salandanan howtouse_evernote -
Riann Salandanan
HTML (or how the web got started)
HTML (or how the web got started)
Jean-Georges Perrin
Api pain points
Api pain points
Phil Sturgeon
Autopilot
Autopilot
coseng zuiken
Autopilotnew money money $$
Autopilotnew money money $$
KamilBejm1
Riann salandanan howtouse_asana
Riann salandanan howtouse_asana
Riann Salandanan
Make mobile web apps rock
Make mobile web apps rock
Chris Love
Pressbooks: WordCamp Minneapolis 2013
Pressbooks: WordCamp Minneapolis 2013
Nick Ciske
What's hot
(20)
Better than Google.
Better than Google.
Better than google
Better than google
BETTER THAN GOOGLE.
BETTER THAN GOOGLE.
Codemotion Progressive Web Applications Pwa Webinar - Jorge Ferreiro - @jgfer...
Codemotion Progressive Web Applications Pwa Webinar - Jorge Ferreiro - @jgfer...
Riann salandanan howtouse_canva
Riann salandanan howtouse_canva
That's crazy! how to build single page web apps
That's crazy! how to build single page web apps
Webhooks - Creating a Programmable Internet
Webhooks - Creating a Programmable Internet
Riann salandanan howtouse_ifttt
Riann salandanan howtouse_ifttt
Riann salandanan howtouse_dropbox
Riann salandanan howtouse_dropbox
RabbitMQ 101 : How to cook the rabbit? - phptour 2016
RabbitMQ 101 : How to cook the rabbit? - phptour 2016
It automation & devops - devopsdays istambul 2016
It automation & devops - devopsdays istambul 2016
PHP deployment, 2016 flavor - cakefest 2016
PHP deployment, 2016 flavor - cakefest 2016
Riann salandanan howtouse_evernote -
Riann salandanan howtouse_evernote -
HTML (or how the web got started)
HTML (or how the web got started)
Api pain points
Api pain points
Autopilot
Autopilot
Autopilotnew money money $$
Autopilotnew money money $$
Riann salandanan howtouse_asana
Riann salandanan howtouse_asana
Make mobile web apps rock
Make mobile web apps rock
Pressbooks: WordCamp Minneapolis 2013
Pressbooks: WordCamp Minneapolis 2013
Viewers also liked
OAuth - Open API Authentication
OAuth - Open API Authentication
leahculver
Java security in the real world (Ryan Sciampacone)
Java security in the real world (Ryan Sciampacone)
Chris Bailey
Java Security Manager Reloaded - Devoxx 2014
Java Security Manager Reloaded - Devoxx 2014
Josef Cacek
Rest with Java EE 6 , Security , Backbone.js
Rest with Java EE 6 , Security , Backbone.js
Carol McDonald
Security Architecture of the Java Platform (BG OUG, Plovdiv, 13.06.2015)
Security Architecture of the Java Platform (BG OUG, Plovdiv, 13.06.2015)
Martin Toshev
Spring Security
Spring Security
Boy Tech
Spring Security 3
Spring Security 3
Jason Ferguson
Security via Java
Security via Java
Bahaa Zaid
Spring Security
Spring Security
Manish Sharma
NEPHP '12: Create a RESTful API
NEPHP '12: Create a RESTful API
Andrew Curioso
OAuth In The Real World : 10 actual implementations you can't guess
OAuth In The Real World : 10 actual implementations you can't guess
Mehdi Medjaoui
MongoDB - The database strikes back
MongoDB - The database strikes back
Steven Cooper
Deep dive into Java security architecture
Deep dive into Java security architecture
Prabath Siriwardena
Tomboy Web Sync Explained
Tomboy Web Sync Explained
Mohan Krishnan
Angular meteor for angular devs
Angular meteor for angular devs
Arc & Codementor
IBM Social Business Toolkit
IBM Social Business Toolkit
Van Staub, MBA
IBM Digital Experience Theme Customization
IBM Digital Experience Theme Customization
Van Staub, MBA
OAuth for your API - The Big Picture
OAuth for your API - The Big Picture
Apigee | Google Cloud
VMUG - Using PowerShell to call RESTful APIs
VMUG - Using PowerShell to call RESTful APIs
Chris Wahl
The never-ending REST API design debate -- Devoxx France 2016
The never-ending REST API design debate -- Devoxx France 2016
Restlet
Viewers also liked
(20)
OAuth - Open API Authentication
OAuth - Open API Authentication
Java security in the real world (Ryan Sciampacone)
Java security in the real world (Ryan Sciampacone)
Java Security Manager Reloaded - Devoxx 2014
Java Security Manager Reloaded - Devoxx 2014
Rest with Java EE 6 , Security , Backbone.js
Rest with Java EE 6 , Security , Backbone.js
Security Architecture of the Java Platform (BG OUG, Plovdiv, 13.06.2015)
Security Architecture of the Java Platform (BG OUG, Plovdiv, 13.06.2015)
Spring Security
Spring Security
Spring Security 3
Spring Security 3
Security via Java
Security via Java
Spring Security
Spring Security
NEPHP '12: Create a RESTful API
NEPHP '12: Create a RESTful API
OAuth In The Real World : 10 actual implementations you can't guess
OAuth In The Real World : 10 actual implementations you can't guess
MongoDB - The database strikes back
MongoDB - The database strikes back
Deep dive into Java security architecture
Deep dive into Java security architecture
Tomboy Web Sync Explained
Tomboy Web Sync Explained
Angular meteor for angular devs
Angular meteor for angular devs
IBM Social Business Toolkit
IBM Social Business Toolkit
IBM Digital Experience Theme Customization
IBM Digital Experience Theme Customization
OAuth for your API - The Big Picture
OAuth for your API - The Big Picture
VMUG - Using PowerShell to call RESTful APIs
VMUG - Using PowerShell to call RESTful APIs
The never-ending REST API design debate -- Devoxx France 2016
The never-ending REST API design debate -- Devoxx France 2016
Similar to The Present Future of OAuth
Autoscaling, Chef and New Relic
Autoscaling, Chef and New Relic
Fernando Honig
Socket applications
Socket applications
João Moura
Behavior Driven Development and Automation Testing Using Cucumber
Behavior Driven Development and Automation Testing Using Cucumber
KMS Technology
So you want to build a facebook App ?
So you want to build a facebook App ?
Nguyễn Duy Nhân
Responsive Design for Digital VU Month 2011
Responsive Design for Digital VU Month 2011
Ryan Huber
Optimizing for Change (Henrik Joreteg)
Optimizing for Change (Henrik Joreteg)
Future Insights
DPC 2007 My First Mashup (Cal Evans)
DPC 2007 My First Mashup (Cal Evans)
dpc
The dark side of the app - Todi Appy Days 2015
The dark side of the app - Todi Appy Days 2015
Todi Appy Days
The dark side of the app
The dark side of the app
Simone Di Maulo
Fronteers Workshop: Rabid Prototyping
Fronteers Workshop: Rabid Prototyping
Stephen Hay
Control USB Device from Rails App. by using WebSocket
Control USB Device from Rails App. by using WebSocket
Katsuyuki Koga
How to build Client Side Applications with WordPress and WP-API | #wcmia
How to build Client Side Applications with WordPress and WP-API | #wcmia
Roy Sivan
Learn how to use API with 2 API examples.pdf
Learn how to use API with 2 API examples.pdf
Be Problem Solver
Rails Presentation (Anton Dmitriyev)
Rails Presentation (Anton Dmitriyev)
True-Vision
Bring Your Web App to the Next Level. Wprowadzenie do Progressive Web App
Bring Your Web App to the Next Level. Wprowadzenie do Progressive Web App
The Software House
AppForum 2014 Boost Hybrid App Performance
AppForum 2014 Boost Hybrid App Performance
robgalvinjr
Mesos at OpenTable
Mesos at OpenTable
samsalisbury
Droidcon Paris: The new Android SDK
Droidcon Paris: The new Android SDK
PayPal
Web project details
Web project details
Subrat Dash
The Future of the Web - Cold Front conference 2016
The Future of the Web - Cold Front conference 2016
Robert Nyman
Similar to The Present Future of OAuth
(20)
Autoscaling, Chef and New Relic
Autoscaling, Chef and New Relic
Socket applications
Socket applications
Behavior Driven Development and Automation Testing Using Cucumber
Behavior Driven Development and Automation Testing Using Cucumber
So you want to build a facebook App ?
So you want to build a facebook App ?
Responsive Design for Digital VU Month 2011
Responsive Design for Digital VU Month 2011
Optimizing for Change (Henrik Joreteg)
Optimizing for Change (Henrik Joreteg)
DPC 2007 My First Mashup (Cal Evans)
DPC 2007 My First Mashup (Cal Evans)
The dark side of the app - Todi Appy Days 2015
The dark side of the app - Todi Appy Days 2015
The dark side of the app
The dark side of the app
Fronteers Workshop: Rabid Prototyping
Fronteers Workshop: Rabid Prototyping
Control USB Device from Rails App. by using WebSocket
Control USB Device from Rails App. by using WebSocket
How to build Client Side Applications with WordPress and WP-API | #wcmia
How to build Client Side Applications with WordPress and WP-API | #wcmia
Learn how to use API with 2 API examples.pdf
Learn how to use API with 2 API examples.pdf
Rails Presentation (Anton Dmitriyev)
Rails Presentation (Anton Dmitriyev)
Bring Your Web App to the Next Level. Wprowadzenie do Progressive Web App
Bring Your Web App to the Next Level. Wprowadzenie do Progressive Web App
AppForum 2014 Boost Hybrid App Performance
AppForum 2014 Boost Hybrid App Performance
Mesos at OpenTable
Mesos at OpenTable
Droidcon Paris: The new Android SDK
Droidcon Paris: The new Android SDK
Web project details
Web project details
The Future of the Web - Cold Front conference 2016
The Future of the Web - Cold Front conference 2016
More from Michael Bleigh
OmniAuth: From the Ground Up (RailsConf 2011)
OmniAuth: From the Ground Up (RailsConf 2011)
Michael Bleigh
OmniAuth: From the Ground Up
OmniAuth: From the Ground Up
Michael Bleigh
The Grapes of Rapid (RubyConf 2010)
The Grapes of Rapid (RubyConf 2010)
Michael Bleigh
Upgrading to Rails 3
Upgrading to Rails 3
Michael Bleigh
Deciphering the Interoperable Web
Deciphering the Interoperable Web
Michael Bleigh
Node.js and Ruby
Node.js and Ruby
Michael Bleigh
Persistence Smoothie: Blending SQL and NoSQL (RubyNation Edition)
Persistence Smoothie: Blending SQL and NoSQL (RubyNation Edition)
Michael Bleigh
Persistence Smoothie
Persistence Smoothie
Michael Bleigh
Twitter on Rails
Twitter on Rails
Michael Bleigh
Hacking the Mid-End (Great Lakes Ruby Bash Edition)
Hacking the Mid-End (Great Lakes Ruby Bash Edition)
Michael Bleigh
More from Michael Bleigh
(10)
OmniAuth: From the Ground Up (RailsConf 2011)
OmniAuth: From the Ground Up (RailsConf 2011)
OmniAuth: From the Ground Up
OmniAuth: From the Ground Up
The Grapes of Rapid (RubyConf 2010)
The Grapes of Rapid (RubyConf 2010)
Upgrading to Rails 3
Upgrading to Rails 3
Deciphering the Interoperable Web
Deciphering the Interoperable Web
Node.js and Ruby
Node.js and Ruby
Persistence Smoothie: Blending SQL and NoSQL (RubyNation Edition)
Persistence Smoothie: Blending SQL and NoSQL (RubyNation Edition)
Persistence Smoothie
Persistence Smoothie
Twitter on Rails
Twitter on Rails
Hacking the Mid-End (Great Lakes Ruby Bash Edition)
Hacking the Mid-End (Great Lakes Ruby Bash Edition)
Recently uploaded
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
BookNet Canada
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
panagenda
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc
A Framework for Development in the AI Age
A Framework for Development in the AI Age
Cprime
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
LoriGlavin3
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Alkin Tezuysal
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
Curtis Poe
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software Developers
Nicole Novielli
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...
Rick Flair
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdf
LoriGlavin3
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Pim van der Noll
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024
Hiroshi SHIBATA
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Mark Goldstein
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
LoriGlavin3
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdf
MounikaPolabathina
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
LoriGlavin3
Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a reality
IES VE
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
panagenda
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
ThousandEyes
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to Hero
UiPathCommunity
Recently uploaded
(20)
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
A Framework for Development in the AI Age
A Framework for Development in the AI Age
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software Developers
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdf
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a reality
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to Hero
The Present Future of OAuth
1.
OAUTH
2.
MICHAEL BLEIGH PRESENTS THE
PRESENT FUTURE OF OAUTH with drawings
3.
PROLOGUE
4.
MY NAME IS MICHAEL BLEIGH
5.
I W O
R K AT INTRIDEA
6.
ON TWITTER @MBLEIGH
7.
“HEY, WOULD ANYONE
BE INTERESTED IN GIVING A TALK ABOUT OAUTH AT RAILSCONF?”
8.
“NO WAY, I
MIGHT FALL ASLEEP WHILE SPEAKING”
9.
“HMM...I’D BETTER ADD SOME
DRAWINGS.”
10.
T H I
S TA L K IS ABOUT OPEN WEB STANDARDS
11.
ACT I IN WHICH
THE PROBLEM IS DESCRIBED
12.
IN THE BEGINNING, THERE WERE
WEB APPS
13.
WEB APP
14.
WEB APP
15.
WEB
WEB APP A APP B
16.
“HEY, MY USERS
WANT TO ACCESS YOUR STUFF.” WEB WEB APP A APP B
17.
WEB
WEB APP A APP B + API
18.
HTTP BASIC
19.
r d@ ...
swo r :p as p: //use h tt Autho dXNlc rizatio jpwYX n: Bas Nzd29 ic yZA==
20.
OK, HERE’S THE
KEYS. WEB WEB APP A APP B + API
21.
WEB
WEB APP A APP B + API
22.
WEB
WEB APP A APP B + API
23.
FUBAR FAILED USER BAR
FOR AUTHORIZATION ROBUSTNESS *COUGH*
24.
THIS IS A PROBLEM
25.
ACT 2 IN WHICH
A N E W W AY IS CREATED
26.
CHRIS MESSINA
BLAINE COOK LARRY HALFF DAVID RECORDON
27.
“HEY, WOULDN’T IT
BE G R E AT T O H AV E A N OPEN AUTHORIZATION STANDARD”
28.
“TOTALLY, LET’S MAKE ONE
AND CALL IT OAUTH.”
29.
FOOTAGE MISSING
30.
WEB
WEB APP A APP B
31.
WEB
WEB APP A APP B
32.
“HEY, MY USER
WANTS TO ACCESS YOUR STUFF.” WEB WEB APP A APP B
33.
WEB
WEB APP A APP B
34.
WEB
WEB APP A APP B
35.
“WHAT’S YOUR
PASSWORD?” “PASSWORD” WEB WEB APP A APP B
36.
37.
WEB
WEB APP A APP B
38.
WEB
WEB APP A APP B
39.
ADVAN TAGES
40.
1. SECURE
41.
2. RESTRICTABLE
“DELETE ALL USER DATA” “UMMM....NO” WEB WEB APP A APP B
42.
3. REVOCABLE
K * O IN * Y WEB APP B
43.
3. STANDARD WEB
WEB WEB APP A APP C APP D WEB WEB APP E APP F
44.
NOT QUITE PERFECT
45.
1. COMPLICATED
“OK, SO IT’S FIST BUMP, DOUBLE-HIGH FIVE...” WEB WEB APP A “NO NO, FIRST APP B YOU REVERSE LOW FIVE...”
46.
2. BROWSER- DEPENDENT ?
47.
2. BROWSER- DEPENDENT
48.
WE CAN DO BETTER
49.
ACT 3 IN WHICH
WE LEARN FROM OUR MISTAKES
50.
51.
52.
OAUTH 2.0
53.
IMPROVE MENTS
54.
1. SIMPLER WEB APP
A < SSL > WEB APP B
55.
2. FLOWS
56.
WEB SERVER WEB
WEB APP A APP B
57.
USER-AGENT WEB APP A
58.
DEVICE WEB APP A
SET-TOPPER
59.
PASSWORD WEB APP A
60.
PASSWORD WEB APP A
61.
PASSWORD WEB APP A
62.
PASSWORD WEB APP A
63.
PASSWORD WEB APP A
64.
CLIENT CREDENTIALS WEB
WEB APP A APP B
65.
ASSERTION
CERTIFICATE OF AUTHENTICITY WEB WEB APP A APP B
66.
FLEX- IBILITY
67.
ACT 4 IN WHICH
WE GET DOWN TO BUSINESS
68.
WHO’S DOING IT
RIGHT NOW?
69.
WHO WILL BE DOING
IT SOON?
70.
WHO WILL BE DOING
IT SOON? YOU
71.
CONSUMING OAU T H
2 . 0
72.
# in Gemfile gem
'oauth2' $ rails g controller oauth # in routes.rb resource :oauth, :controller => 'oauth' do get :start get :callback end
73.
class OauthController <
ApplicationController def start redirect_to client.web_server.authorize_url( :redirect_uri => callback_oauth_url(:format => 'json'), :scope => 'user' ) end def callback access_token = client.web_server.get_access_token( params[:code], :redirect_uri => callback_oauth_url(:format => 'json') ) # you should store the access token info now. render :json => access_token.get('/api/v2/json/user/show') end protected def client @client ||= OAuth2::Client.new( '296e901b0e6ab74db167', '625fe65c7f74ee4a015d121efb011a45776d510d', :site => 'https://github.com', :authorize_path => '/login/oauth/authorize', :access_token_path => '/login/oauth/access_token' ) end end
74.
PROVIDING OAUTH 2.0
75.
READ THE SPEC http://bit.ly/oauth2-spec
76.
NO SERIOUSLY, READ THE SPEC http://bit.ly/oauth2-spec
Download now