Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Web 2.0: The How Of OAuth


Published on

Published in: Technology, Self Improvement
  • Be the first to comment

Web 2.0: The How Of OAuth

  1. 1. The How of OAuth OAuth Hackathon – 4/26 @ Six Apart
  2. 2. The How of OAuth or: How I learned to stop worrying and fall in love with Factory Joe
  3. 3. OAuth’s Goal <ul><li>Website X can access your protected data at API Y </li></ul><ul><ul><li>All without sharing your password off-site </li></ul></ul><ul><ul><li>especially when there isn’t one like with OpenID </li></ul></ul>
  4. 4. OAuth gives you: <ul><li>Signed HTTP Requests </li></ul><ul><li>Safe, Password-less Token Exchange </li></ul>
  5. 5. The Three Actors <ul><li>User – My Buddy ( not me) </li></ul><ul><li>Service Provider – Chuck E. Cheese </li></ul><ul><li>Consumer – 10 yr old kids </li></ul>
  6. 6. The Three Tokens <ul><li>Access Tokens – Chuck E. Cheese Tickets </li></ul><ul><li>Request Tokens – Chuck E. Cheese Tokens </li></ul><ul><li>Consumer Keys </li></ul>
  7. 7. The Three URLS <ul><li>Request Token Issuer </li></ul><ul><li>Authorization Page </li></ul><ul><li>Access Token Exchanger </li></ul>
  8. 8. Building a Consumer
  9. 9. Get a consumer key and secret
  10. 10. Simple enough, eh?
  11. 11. Get a Request Token
  12. 12. Authorize the Request Token
  13. 13. Exchange for an Access Token
  14. 14. Making Authenticated Calls
  15. 15. Building a Service Provider
  16. 16. Data to store <ul><li>Consumers: </li></ul><ul><ul><li>key, secret, callback_url </li></ul></ul><ul><li>Request Token: </li></ul><ul><ul><li>token, secret, consumer , authorizing_user </li></ul></ul><ul><li>Access Token: </li></ul><ul><ul><li>token, secret, consumer, user </li></ul></ul>
  17. 17. Registering Consumers
  18. 18. Issuing Request Tokens <ul><li>Verify using only the consumer credential </li></ul>
  19. 19. Issuing Request Tokens <ul><li>Issue the request token </li></ul>
  20. 20. Authorizing Request Tokens <ul><li>Ask the user to accept the authorization </li></ul>
  21. 21. Authorizing Request Tokens <ul><li>Connecting the logged in user </li></ul><ul><li>go back to consumer </li></ul>
  22. 22. Exchange for an Access Token <ul><li>Validate using Request Token and Consumer </li></ul>
  23. 23. Exchange for an Access Token <ul><li>Issue the Access Token </li></ul><ul><li>Destroy the Request Token </li></ul>
  24. 24. Protecting Resources <ul><li>Validate Access Token </li></ul>
  25. 25. OAuth Hackathon – 4/26 @ Six Apart
  26. 26. Thanks!