Hybrid Authentication - Talking to major            social networks                          Md. Rayhan Chowdhury
You have developed a Wow application.                  &        Youre sure everybody will like it.phpXperts 2011    Md. Ra...
Please Register to       taste our     WOW Service?           Okey, cool,  will try later...phpXperts 2011           Md. R...
How can you avoid this boring                 registration?phpXperts 2011      Md. Rayhan Chowdhury | ray@raynux.com   4
Hybrid Authentication                  Login with Facebook            Login with Google Account                 Login with...
It has Benefits too      Hassle free login/registration      More website users      Successful Business      More mon...
There is also a bonus!        You have access to users social               data, friend basephpXperts 2011        Md. Ray...
Cool! But ....Isnt it too complex?             Is there any standard?                  How to implement?phpXperts 2011    ...
Yes, there is a standard and its so simple with                   OAuth 2.0phpXperts 2011   Md. Rayhan Chowdhury | ray@ray...
What is OAuth?      Stands for Open Authorization      Before OAuth: Google AuthSub, AOL OpenAuth, Yahoo BBAuth,       F...
OAuth 2.0      Next evolution of OAuth 1.0      Easy to implement      More flows to support desktop and mobile       a...
OAuth 2.0 flows are      User-Agent Flow      Web Server Flow      Device Flow      Username and Password Flow      C...
How does OAuth 2.0 work?                                                             Google                    Authorizati...
Web Flow – Implementation      Register your app @ https://code.google.com/apis/console/b/0/phpXperts 2011              M...
Web Flow – Get Authorization Code                  Login with Google Account https://accounts.google.com/o/oauth2/auth?cli...
Web Flow – Get Access Code        Now from your Redirect URI, make a post request using         CURL with following param...
Web Flow – Get ResourceUse the access_token to get granted resources https://www.googleapis.com/oauth2/v1/userinfo?access_...
How to implement?phpXperts 2011      Md. Rayhan Chowdhury | ray@raynux.com   18
Configure OAuth2Consumer classFile: config.phpOAuth2Consumer::getInstance(Facebook, array(   client_id       => your-clien...
Step 1 Get user authorizationFile: connect.phpOauth2Consumer::getInstance(Facebook)->authorize(); phpXperts 2011     Md. R...
Redirect to OAuth 2.0 end pointphpXperts 2011   Md. Rayhan Chowdhury | ray@raynux.com   21
Step 2Grab the Access Token   File: callback.php   $oauth2 = Oauth2Consumer::getInstance(Facebook);   $accessToken = $oaut...
Step 3    Use the API with Access Token   Set the access token$oauth = Oauth2Consumer::getInstance(Facebook);$oauth->setV...
Decide to Login or Register      User is new? create an account first      Otherwise, log him/her in to your app      k...
Socialize Your Application     Encourage user to add more connections     You have read/write access, so          Engag...
Who Support OAuth 2.0phpXperts 2011   Md. Rayhan Chowdhury | ray@raynux.com   26
References Google API:    Documentation: http://code.google.com/apis/accounts/docs/OAuth2.html    API Console: https://cod...
Question and Answer                        Thank youphpXperts 2011       Md. Rayhan Chowdhury | ray@raynux.com   28
Upcoming SlideShare
Loading in …5
×

Hybrid authentication - Talking To Major Social Networks

8,608 views

Published on

Published in: Technology
0 Comments
2 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
8,608
On SlideShare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
26
Comments
0
Likes
2
Embeds 0
No embeds

No notes for slide

Hybrid authentication - Talking To Major Social Networks

  1. 1. Hybrid Authentication - Talking to major social networks Md. Rayhan Chowdhury
  2. 2. You have developed a Wow application. & Youre sure everybody will like it.phpXperts 2011 Md. Rayhan Chowdhury | ray@raynux.com 2
  3. 3. Please Register to taste our WOW Service? Okey, cool, will try later...phpXperts 2011 Md. Rayhan Chowdhury | ray@raynux.com 3
  4. 4. How can you avoid this boring registration?phpXperts 2011 Md. Rayhan Chowdhury | ray@raynux.com 4
  5. 5. Hybrid Authentication Login with Facebook Login with Google Account Login with Windows Live UserphpXperts 2011 Md. Rayhan Chowdhury | ray@raynux.com 5
  6. 6. It has Benefits too  Hassle free login/registration  More website users  Successful Business  More money YouphpXperts 2011 Md. Rayhan Chowdhury | ray@raynux.com 6
  7. 7. There is also a bonus! You have access to users social data, friend basephpXperts 2011 Md. Rayhan Chowdhury | ray@raynux.com 7
  8. 8. Cool! But ....Isnt it too complex? Is there any standard? How to implement?phpXperts 2011 Md. Rayhan Chowdhury | ray@raynux.com 8
  9. 9. Yes, there is a standard and its so simple with OAuth 2.0phpXperts 2011 Md. Rayhan Chowdhury | ray@raynux.com 9
  10. 10. What is OAuth?  Stands for Open Authorization  Before OAuth: Google AuthSub, AOL OpenAuth, Yahoo BBAuth, Flickr API, Amazon Web Services API, FacebookAuth  First introduced in 2006  Designed for API access delegationphpXperts 2011 Md. Rayhan Chowdhury | ray@raynux.com 10
  11. 11. OAuth 2.0  Next evolution of OAuth 1.0  Easy to implement  More flows to support desktop and mobile and living room devices  Not backward compatible with OAuth 1.0phpXperts 2011 Md. Rayhan Chowdhury | ray@raynux.com 11
  12. 12. OAuth 2.0 flows are  User-Agent Flow  Web Server Flow  Device Flow  Username and Password Flow  Client Credentials Flow  Assertion FlowphpXperts 2011 Md. Rayhan Chowdhury | ray@raynux.com 12
  13. 13. How does OAuth 2.0 work? Google Authorization Request Authorization Code Resource Owner Request Access Token Client Authorization Server (Your website) Access Token Access Token Protected Resource Resource ServerphpXperts 2011 Md. Rayhan Chowdhury | ray@raynux.com 13
  14. 14. Web Flow – Implementation  Register your app @ https://code.google.com/apis/console/b/0/phpXperts 2011 Md. Rayhan Chowdhury | ray@raynux.com 14
  15. 15. Web Flow – Get Authorization Code Login with Google Account https://accounts.google.com/o/oauth2/auth?client_id=...&respons e_type=code&redirect_uri=...&scope=... http://mine2share.com/labs/oauth2/callback.php?code=authoriza tion_codephpXperts 2011 Md. Rayhan Chowdhury | ray@raynux.com 15
  16. 16. Web Flow – Get Access Code  Now from your Redirect URI, make a post request using CURL with following parameters https://accounts.google.com/o/oauth2/token?client_id=...&client_ secret=...&grant_type=authorization_code&code=..&redirect_uri= ... { "access_token" : "...", "expires_in" : 3600 }phpXperts 2011 Md. Rayhan Chowdhury | ray@raynux.com 16
  17. 17. Web Flow – Get ResourceUse the access_token to get granted resources https://www.googleapis.com/oauth2/v1/userinfo?access_code=... array ( id => 1150948574743835905, email => faisal@bankinfobd.com, verified_email => true, name => Faisal Morshed, given_name => Faisal, family_name => Morshed, )phpXperts 2011 Md. Rayhan Chowdhury | ray@raynux.com 17
  18. 18. How to implement?phpXperts 2011 Md. Rayhan Chowdhury | ray@raynux.com 18
  19. 19. Configure OAuth2Consumer classFile: config.phpOAuth2Consumer::getInstance(Facebook, array( client_id => your-client-id, client_secret => your-client-secret, redirect_uri => http://yoursite/callback.php, scope => email,read_stream, base_uri => https://graph.facebook.com/, authorize_uri => https://graph.facebook.com/oauth/authorize, access_token_uri => https://graph.facebook.com/oauth/access_token, )); phpXperts 2011 Md. Rayhan Chowdhury | ray@raynux.com 19
  20. 20. Step 1 Get user authorizationFile: connect.phpOauth2Consumer::getInstance(Facebook)->authorize(); phpXperts 2011 Md. Rayhan Chowdhury | ray@raynux.com 20
  21. 21. Redirect to OAuth 2.0 end pointphpXperts 2011 Md. Rayhan Chowdhury | ray@raynux.com 21
  22. 22. Step 2Grab the Access Token File: callback.php $oauth2 = Oauth2Consumer::getInstance(Facebook); $accessToken = $oauth2->getAccessToken();  Save this access tokenphpXperts 2011 Md. Rayhan Chowdhury | ray@raynux.com 22
  23. 23. Step 3 Use the API with Access Token Set the access token$oauth = Oauth2Consumer::getInstance(Facebook);$oauth->setVariable(access_token, $accessToken); Use the API as much as you want$profile = $oauth->api(me);$friends = $oauth->api(me/friendlists);$albums = $oauth->api(me/albums); phpXperts 2011 Md. Rayhan Chowdhury | ray@raynux.com 23
  24. 24. Decide to Login or Register  User is new? create an account first  Otherwise, log him/her in to your app  keep users and connections table separate Users 1 n ConnectionsphpXperts 2011 Md. Rayhan Chowdhury | ray@raynux.com 24
  25. 25. Socialize Your Application  Encourage user to add more connections  You have read/write access, so  Engage more  Respect users opinion  Remember! never misusephpXperts 2011 Md. Rayhan Chowdhury | ray@raynux.com 25
  26. 26. Who Support OAuth 2.0phpXperts 2011 Md. Rayhan Chowdhury | ray@raynux.com 26
  27. 27. References Google API: Documentation: http://code.google.com/apis/accounts/docs/OAuth2.html API Console: https://code.google.com/apis/console/b/0/ Facebook: API Console: https://developers.facebook.com/apps Documentation: https://developers.facebook.com/docs/authentication/ Windows Live: API Console: https://manage.dev.live.com/ Documentation: http://msdn.microsoft.com/en-us/library/hh243647.aspx OAuth 2.0: http://tools.ietf.org/html/draft-ietf-oauth-v2-22 http://oauth.net/2/ Oauth2Consumer Class & Example: http://raynux.com/ray/labs/projects/oauth2.zipphpXperts 2011 Md. Rayhan Chowdhury | ray@raynux.com 27
  28. 28. Question and Answer Thank youphpXperts 2011 Md. Rayhan Chowdhury | ray@raynux.com 28

×