Download as KEY, PPTX
Uploaded byBilly Cravens
Authentication Using Twitter, Google, Facebook, And More
This document summarizes authentication methods for web applications, including traditional session-based authentication, federated login using services like Facebook and Google, and standards like OpenID and OAuth. It discusses the advantages of federated login over traditional methods, including established user profiles and reduced costs. It then provides an overview of OpenID and OAuth workflows and popular services that support each standard like Google, Facebook, and Twitter. Code examples are shown for integrating authentication with these services.
More Related Content
Similar to Authentication Using Twitter, Google, Facebook, And More
![Coded Agents – with UiPath SDK + LangGraph [Virtual Hands-on Workshop]](https://cdn.slidesharecdn.com/ss_thumbnails/codedagentsdeck-251215155422-5497c599-thumbnail.jpg?width=640&height=640&fit=bounds)
Authentication Using Twitter, Google, Facebook, And More
- 1.
- 2. About me Billy Cravens ColdFusionsince 4.0 (1999) Houston CFUG manager Former DFWCFUG board member Other languages: PHP, .NET; node.js ninja in training Remember the Wrox book?
- 3. About me Supporter ofCystic Fibrosis (research) www.CureCF.com Twitter: @bdcravens Web: www.billycravens.com billy.io
- 4. Traditional authentication session checkper request CFLogin OS-based IIS Windows authentication, using IIS management console Apache Configure in .htaccess file
- 5. Pain points oftraditional/ Advantages of federated login Registration and conversion rates (statistic here would be nice!) Established user profiles Customer care and password recovery costs Social web Facebook: 845 million users Twitter: 300 millions users Google: 350 million Gmail users Linked In : 135 million users
- 6. Disadvantages of federatedlogin User experience Uncontrolled downtime Trust and perception
- 7. Federated identity/single signon Origins Liberty Alliance whitepaper Microsoft “Passport” OpenID OAuth
- 8. OpenId Services using The workflow Opensource CF libraries
- 9. OpenId Services using Google Yahoo WordPress Flickr Other services Roll your own
- 10. OpenId The workflow OpenID URL Authentication Permission request Shared secret Returns profile info and unique ID (URI)
- 11. OpenId Open source CFlibraries http://www.yakhnov.info/go/projects/openid/ others on RiaForge
- 12. OAuth Services using open sourceCF libraries the workflow oAuth 1.0 / 2.0 Disadvantages
- 13. OAuth Services using Twitter (originated here) Facebook (oAuth 2.0) LinkedIn
- 15. oAuth 2.0 Workflow Send user to User logs in and grants Send token to your authentication URI permissions callback URI API calls using Verify token token
- 16.
- 17.
- 18.
- 19.
- 20. Integrate into existingsecurity Authenticate your user Authenticate with service Capture user ID field of service, save to database
Editor's Notes
- #2 \n
- #3 \n
- #4 \n
- #5 Session check: briefly show /session code (no more than 1 minute)\n\nCFLogin: briefly show /cflogin code (no more than 1 minute)\n\nOS options: don’t show examples\n
- #6 \n
- #7 Trust and perception:\n* people's unwillingness to grant *your* application access to their Twitter/FB/Google data. \n* Although most of these allow a level of access that is only used for auth, many users will not understand that and so may be hesitant to allow access. \n* you are placing trust in another authority, which is also an issue.\n* privacy issues: access to your website as data to mine\n\n
- #8 TODO: short blurb about Liberty Alliance. Discuss role in standard, merger into Kantara Initiative\n\nMS Passport: proprietary solution, some early adoption, Starbucks.com; \nbegan process of migrating Windows Live ID to OpenID, but never moved past CTP\n
- #9 \n
- #10 only one we’re interested in is Google\n\nin this presentation we’re only going to look at \n\n
- #11 TODO: a workflow diagram would be good\n
- #12 TODO: a workflow diagram would be good\n
- #13 \n
- #14 not going to look at LinkedIn\n
- #15 \n
- #16 \n
- #17 \n
- #18 \n
- #19 \n
- #20 \n
- #21 \n