OAuth 2.0                          Open Protocol Standard for AuthorizationSaadhvi SummitNirmal KumarDate : 2 April 2012 -...
OAuth - Overview OAuth is an open standard for authorization. It allows users to share their private resources (e.g. photo...
Need for Authorization Standard      
Secure Way to Access UserResources ?  Is there a secure way to access your Flickr Photos and Albums by someexternal applic...
Secure Way to Access UserResources ? Is there secure way to access your Gmail Addressbook or Contact Listby some external ...
Should i expose my Credentials?         Access user contacts from Gmail Account                          should i need to ...
User Credentials Compromise 
User Credentials Compromise 1.   Applications cannot be Trusted 2.   User password might be misused to access other inform...
What OAuth Standard Provides      A way for an Application to interact with a service on users behalf withoutrequiring use...
The Car Valet Parking                                                                                                     ...
How this works ?       Authorizes                            Owns   API Client Application++              API Provider Ser...
How this works ?      Import Contacts from your Google Account
Sample Twitter - Authorize              Revoke Access to Applications at any time. 
How this works ?Client Application sends Authorization Request to the API Service Providerwith the ClientId Key and Secret...
How this works ?
OAuth Benefits 1.   Can be integrated in Web, Mobile and Other Home Devices2.   No more Password or User Credentials shari...
List of OAuth Service Providersw thisworks ?Facebook     OAuth 2.0Foursquare OAuth     2.0github    OAuth 2.0Google    OAu...
References -   http://en.wikipedia.org/wiki/OAuth#OAuth_2.0-   http://oauth.net/-   http://oauth.net/documentation/getting...
Demo    Access Google Tasks from Tracksheet 
Questions ? 
Thank You..            Contact Saadhvi SummitNirmal Kumar @nirmal_kumar
Upcoming SlideShare
Loading in …5
×

Saadhvi Summit - oAuth Standards

1,212 views

Published on

Published in: Technology
0 Comments
2 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
1,212
On SlideShare
0
From Embeds
0
Number of Embeds
23
Actions
Shares
0
Downloads
57
Comments
0
Likes
2
Embeds 0
No embeds

No notes for slide

Saadhvi Summit - oAuth Standards

  1. 1. OAuth 2.0 Open Protocol Standard for AuthorizationSaadhvi SummitNirmal KumarDate : 2 April 2012 - 4:00 PM IST
  2. 2. OAuth - Overview OAuth is an open standard for authorization. It allows users to share their private resources (e.g. photos, videos, contact lists) stored on one site with another site without having to hand out their credentials, typically supplying username and password tokens instead.  
  3. 3. Need for Authorization Standard      
  4. 4. Secure Way to Access UserResources ?  Is there a secure way to access your Flickr Photos and Albums by someexternal application say example Wordpress where you already have anaccount with wordpress ?.  Access user resources (photos, albums etc)
  5. 5. Secure Way to Access UserResources ? Is there secure way to access your Gmail Addressbook or Contact Listby some external application say Facebook where are you already own anaccount in facebook?   Access user contacts from Gmail Account  
  6. 6. Should i expose my Credentials? Access user contacts from Gmail Account should i need to expose Gmail Account Credentials to facebook? should i need to expose Flickr Account Credentials to facebook? Access user resources (photos, albums etc)
  7. 7. User Credentials Compromise 
  8. 8. User Credentials Compromise 1. Applications cannot be Trusted 2. User password might be misused to access other information in that account 3. User might use the same password for a variety application and this will create a security threat 4. Changing password will not be reflected in the trusted applications 
  9. 9. What OAuth Standard Provides      A way for an Application to interact with a service on users behalf withoutrequiring user account credentials.    
  10. 10. The Car Valet Parking            Regular Key : Car Owner - Full Access - Provides necessary access to a valet through Valet Key - Can able to Revoke the Access in time of threats   Valet Key : Valet - Limited Access - Cannot change anything without authorization of the resource owner.  
  11. 11. How this works ? Authorizes Owns API Client Application++ API Provider Services User Resources Accesses
  12. 12. How this works ?  Import Contacts from your Google Account
  13. 13. Sample Twitter - Authorize       Revoke Access to Applications at any time. 
  14. 14. How this works ?Client Application sends Authorization Request to the API Service Providerwith the ClientId Key and Secret User will be redirected with a Prompt " Authorize Application X to access yourAccount ". User can either Authorize and Reject User will be redirected to the Client Application if they authorized with aAuthentication Code in the Url. API Client Web Application can use this Authentication Code and Send aRequest to the API Server to provide a Token. Client Application uses that Token to access the Authorized data from theusers account.
  15. 15. How this works ?
  16. 16. OAuth Benefits 1. Can be integrated in Web, Mobile and Other Home Devices2. No more Password or User Credentials sharing with other Applications -> So no hassles for the user in terms of security3. Developers just need to implement a redirect and a POST request -> Flexible for developers4. Users can revokeaccess tokens for specific clients at any time5. Nefarious clients can have their credentials revoked and all associated access tokens destroyed immediately  
  17. 17. List of OAuth Service Providersw thisworks ?Facebook OAuth 2.0Foursquare OAuth 2.0github OAuth 2.0Google OAuth 2.0Microsoft (Hotmail, Messenger, Xbox) OAuth 2.0LinkedIn 2.0MySpace OAuth 1.0aNetflix OAuth 1.0aStatusNet OAuth 1.0aTwitter OAuth 1.0aVimeo OAuth 1.0aYahoo! OAuth 1.0a
  18. 18. References - http://en.wikipedia.org/wiki/OAuth#OAuth_2.0- http://oauth.net/- http://oauth.net/documentation/getting-started/- https://code.google.com/apis/console/- http://hueniverse.com/oauth/guide/workflow/- https://developers.google.com/accounts/docs/OAuth2 
  19. 19. Demo Access Google Tasks from Tracksheet 
  20. 20. Questions ? 
  21. 21. Thank You..  Contact Saadhvi SummitNirmal Kumar @nirmal_kumar

×