SlideShare a Scribd company logo

Hybrid authentication - Talking To Major Social Networks

Download as PPTX, PDF
Rayhan Chowdhury
Rayhan Chowdhury
Technology
1 of 28
Hybrid Authentication - Talking to major social networks Md. Rayhan Chowdhury
You have developed a Wow application. & You're sure everybody will like it. phpXperts 2011 Md. Rayhan Chowdhury | ray@raynux.com 2
Please Register to taste our WOW Service? Okey, cool, will try later... phpXperts 2011 Md. Rayhan Chowdhury | ray@raynux.com 3
How can you avoid this boring registration? phpXperts 2011 Md. Rayhan Chowdhury | ray@raynux.com 4
Hybrid Authentication Login with Facebook Login with Google Account Login with Windows Live User phpXperts 2011 Md. Rayhan Chowdhury | ray@raynux.com 5
It has Benefits too  Hassle free login/registration  More website users  Successful Business  More money You phpXperts 2011 Md. Rayhan Chowdhury | ray@raynux.com 6
There is also a bonus! You have access to user's social data, friend base phpXperts 2011 Md. Rayhan Chowdhury | ray@raynux.com 7
Cool! But .... Isn't it too complex? Is there any standard? How to implement? phpXperts 2011 Md. Rayhan Chowdhury | ray@raynux.com 8
Yes, there is a standard and its so simple with OAuth 2.0 phpXperts 2011 Md. Rayhan Chowdhury | ray@raynux.com 9
What is OAuth?  Stands for Open Authorization  Before OAuth: Google AuthSub, AOL OpenAuth, Yahoo BBAuth, Flickr API, Amazon Web Services API, FacebookAuth  First introduced in 2006  Designed for API access delegation phpXperts 2011 Md. Rayhan Chowdhury | ray@raynux.com 10
OAuth 2.0  Next evolution of OAuth 1.0  Easy to implement  More flows to support desktop and mobile and living room devices  Not backward compatible with OAuth 1.0 phpXperts 2011 Md. Rayhan Chowdhury | ray@raynux.com 11
OAuth 2.0 flows are  User-Agent Flow  Web Server Flow  Device Flow  Username and Password Flow  Client Credentials Flow  Assertion Flow phpXperts 2011 Md. Rayhan Chowdhury | ray@raynux.com 12
How does OAuth 2.0 work? Google Authorization Request Authorization Code Resource Owner Request Access Token Client Authorization Server (Your website) Access Token Access Token Protected Resource Resource Server phpXperts 2011 Md. Rayhan Chowdhury | ray@raynux.com 13
Web Flow – Implementation  Register your app @ https://code.google.com/apis/console/b/0/ phpXperts 2011 Md. Rayhan Chowdhury | ray@raynux.com 14
Web Flow – Get Authorization Code Login with Google Account https://accounts.google.com/o/oauth2/auth?client_id=...&respons e_type=code&redirect_uri=...&scope=... http://mine2share.com/labs/oauth2/callback.php?code=authoriza tion_code phpXperts 2011 Md. Rayhan Chowdhury | ray@raynux.com 15
Web Flow – Get Access Code  Now from your Redirect URI, make a post request using CURL with following parameters https://accounts.google.com/o/oauth2/token?client_id=...&client_ secret=...&grant_type=authorization_code&code=..&redirect_uri= ... { "access_token" : "...", "expires_in" : 3600 } phpXperts 2011 Md. Rayhan Chowdhury | ray@raynux.com 16
Web Flow – Get Resource Use the access_token to get granted resources https://www.googleapis.com/oauth2/v1/userinfo?access_code=... array ( 'id' => '1150948574743835905', 'email' => 'faisal@bankinfobd.com', 'verified_email' => true, 'name' => 'Faisal Morshed', 'given_name' => 'Faisal', 'family_name' => 'Morshed', ) phpXperts 2011 Md. Rayhan Chowdhury | ray@raynux.com 17
How to implement? phpXperts 2011 Md. Rayhan Chowdhury | ray@raynux.com 18
Configure OAuth2Consumer class File: config.php OAuth2Consumer::getInstance('Facebook', array( 'client_id' => 'your-client-id', 'client_secret' => 'your-client-secret', 'redirect_uri' => 'http://yoursite/callback.php', 'scope' => 'email,read_stream', 'base_uri' => 'https://graph.facebook.com/', 'authorize_uri' => 'https://graph.facebook.com/oauth/authorize', 'access_token_uri' => 'https://graph.facebook.com/oauth/access_token', )); phpXperts 2011 Md. Rayhan Chowdhury | ray@raynux.com 19
Step 1 Get user authorization File: connect.php Oauth2Consumer::getInstance('Facebook')->authorize(); phpXperts 2011 Md. Rayhan Chowdhury | ray@raynux.com 20
Redirect to OAuth 2.0 end point phpXperts 2011 Md. Rayhan Chowdhury | ray@raynux.com 21
Step 2 Grab the Access Token File: callback.php $oauth2 = Oauth2Consumer::getInstance('Facebook'); $accessToken = $oauth2->getAccessToken();  Save this access token phpXperts 2011 Md. Rayhan Chowdhury | ray@raynux.com 22
Step 3 Use the API with Access Token  Set the access token $oauth = Oauth2Consumer::getInstance('Facebook'); $oauth->setVariable('access_token', $accessToken);  Use the API as much as you want $profile = $oauth->api('me'); $friends = $oauth->api('me/friendlists'); $albums = $oauth->api('me/albums'); phpXperts 2011 Md. Rayhan Chowdhury | ray@raynux.com 23
Decide to Login or Register  User is new? create an account first  Otherwise, log him/her in to your app  keep users and connections table separate Users 1 n Connections phpXperts 2011 Md. Rayhan Chowdhury | ray@raynux.com 24
Socialize Your Application  Encourage user to add more connections  You have read/write access, so  Engage more  Respect user's opinion  Remember! never misuse phpXperts 2011 Md. Rayhan Chowdhury | ray@raynux.com 25
Who Support OAuth 2.0 phpXperts 2011 Md. Rayhan Chowdhury | ray@raynux.com 26
References Google API: Documentation: http://code.google.com/apis/accounts/docs/OAuth2.html API Console: https://code.google.com/apis/console/b/0/ Facebook: API Console: https://developers.facebook.com/apps Documentation: https://developers.facebook.com/docs/authentication/ Windows Live: API Console: https://manage.dev.live.com/ Documentation: http://msdn.microsoft.com/en-us/library/hh243647.aspx OAuth 2.0: http://tools.ietf.org/html/draft-ietf-oauth-v2-22 http://oauth.net/2/ Oauth2Consumer Class & Example: http://raynux.com/ray/labs/projects/oauth2.zip phpXperts 2011 Md. Rayhan Chowdhury | ray@raynux.com 27
Question and Answer Thank you phpXperts 2011 Md. Rayhan Chowdhury | ray@raynux.com 28

Recommended

LinkedIn OAuth: Zero To Hero
LinkedIn OAuth: Zero To HeroLinkedIn OAuth: Zero To Hero
LinkedIn OAuth: Zero To HeroTaylor Singletary
 
OAuth2 Authentication
OAuth2 AuthenticationOAuth2 Authentication
OAuth2 AuthenticationIsmael Costa
 
Oauth2 and OWSM OAuth2 support
Oauth2 and OWSM OAuth2 supportOauth2 and OWSM OAuth2 support
Oauth2 and OWSM OAuth2 supportGaurav Sharma
 
A simple PHP LinkedIn OAuth 2.0 example
A simple PHP LinkedIn OAuth 2.0 exampleA simple PHP LinkedIn OAuth 2.0 example
A simple PHP LinkedIn OAuth 2.0 exampleMattia Reggiani
 
Oauth 2.0
Oauth 2.0Oauth 2.0
Oauth 2.0Manish Kumar Singh
 
OAuth2 and LinkedIn
OAuth2 and LinkedInOAuth2 and LinkedIn
OAuth2 and LinkedInKamyar Mohager
 
OAuth 2.0 - The fundamentals, the good , the bad, technical primer and commo...
OAuth 2.0 - The fundamentals, the good , the bad, technical primer and commo...OAuth 2.0 - The fundamentals, the good , the bad, technical primer and commo...
OAuth 2.0 - The fundamentals, the good , the bad, technical primer and commo...Good Dog Labs, Inc.
 
OAuth2 and Spring Security
OAuth2 and Spring SecurityOAuth2 and Spring Security
OAuth2 and Spring SecurityOrest Ivasiv
 

Recommended

LinkedIn OAuth: Zero To Hero
LinkedIn OAuth: Zero To HeroLinkedIn OAuth: Zero To Hero
LinkedIn OAuth: Zero To HeroTaylor Singletary
 
OAuth2 Authentication
OAuth2 AuthenticationOAuth2 Authentication
OAuth2 AuthenticationIsmael Costa
 
Oauth2 and OWSM OAuth2 support
Oauth2 and OWSM OAuth2 supportOauth2 and OWSM OAuth2 support
Oauth2 and OWSM OAuth2 supportGaurav Sharma
 
A simple PHP LinkedIn OAuth 2.0 example
A simple PHP LinkedIn OAuth 2.0 exampleA simple PHP LinkedIn OAuth 2.0 example
A simple PHP LinkedIn OAuth 2.0 exampleMattia Reggiani
 
Oauth 2.0
Oauth 2.0Oauth 2.0
Oauth 2.0Manish Kumar Singh
 
OAuth2 and LinkedIn
OAuth2 and LinkedInOAuth2 and LinkedIn
OAuth2 and LinkedInKamyar Mohager
 
OAuth 2.0 - The fundamentals, the good , the bad, technical primer and commo...
OAuth 2.0 - The fundamentals, the good , the bad, technical primer and commo...OAuth 2.0 - The fundamentals, the good , the bad, technical primer and commo...
OAuth 2.0 - The fundamentals, the good , the bad, technical primer and commo...Good Dog Labs, Inc.
 
OAuth2 and Spring Security
OAuth2 and Spring SecurityOAuth2 and Spring Security
OAuth2 and Spring SecurityOrest Ivasiv
 
Using ArcGIS with OAuth 2.0 - Esri DevSummit Dubai 2013
Using ArcGIS with OAuth 2.0 - Esri DevSummit Dubai 2013Using ArcGIS with OAuth 2.0 - Esri DevSummit Dubai 2013
Using ArcGIS with OAuth 2.0 - Esri DevSummit Dubai 2013Aaron Parecki
 
(1) OAuth 2.0 Overview
(1) OAuth 2.0 Overview(1) OAuth 2.0 Overview
(1) OAuth 2.0 Overviewanikristo
 
An Introduction to OAuth2
An Introduction to OAuth2An Introduction to OAuth2
An Introduction to OAuth2Aaron Parecki
 
Stateless Auth using OAuth2 & JWT
Stateless Auth using OAuth2 & JWTStateless Auth using OAuth2 & JWT
Stateless Auth using OAuth2 & JWTGaurav Roy
 
OAuth 2.0
OAuth 2.0OAuth 2.0
OAuth 2.0Uwe Friedrichsen
 
Adding Identity Management and Access Control to your Application, Authorization
Adding Identity Management and Access Control to your Application, AuthorizationAdding Identity Management and Access Control to your Application, Authorization
Adding Identity Management and Access Control to your Application, AuthorizationFernando Lopez Aguilar
 
OAuth2 - Introduction
OAuth2 - IntroductionOAuth2 - Introduction
OAuth2 - IntroductionKnoldus Inc.
 
An Introduction to OAuth 2
An Introduction to OAuth 2An Introduction to OAuth 2
An Introduction to OAuth 2Aaron Parecki
 
An introduction to OAuth 2
An introduction to OAuth 2An introduction to OAuth 2
An introduction to OAuth 2Sanjoy Kumar Roy
 
IdM and AC
IdM and ACIdM and AC
IdM and ACFernando Lopez Aguilar
 
Security for oauth 2.0 - @topavankumarj
Security for oauth 2.0 - @topavankumarjSecurity for oauth 2.0 - @topavankumarj
Security for oauth 2.0 - @topavankumarjPavan Kumar J
 
OAuth 2 Presentation
OAuth 2 PresentationOAuth 2 Presentation
OAuth 2 PresentationMohamed Ahmed Abdullah
 
Securing RESTful APIs using OAuth 2 and OpenID Connect
Securing RESTful APIs using OAuth 2 and OpenID ConnectSecuring RESTful APIs using OAuth 2 and OpenID Connect
Securing RESTful APIs using OAuth 2 and OpenID ConnectJonathan LeBlanc
 
The State of OAuth2
The State of OAuth2The State of OAuth2
The State of OAuth2Aaron Parecki
 
Demystifying OAuth 2.0
Demystifying OAuth 2.0Demystifying OAuth 2.0
Demystifying OAuth 2.0Karl McGuinness
 
Linkedin & OAuth
Linkedin & OAuthLinkedin & OAuth
Linkedin & OAuthUmang Goyal
 
FI-WARE Account and OAuth solution
FI-WARE Account and OAuth solutionFI-WARE Account and OAuth solution
FI-WARE Account and OAuth solutionJavier Cerviño
 
Oauth2.0
Oauth2.0Oauth2.0
Oauth2.0Yasmine Gaber
 
OAuth2 Protocol with Grails Spring Security
OAuth2 Protocol with Grails Spring SecurityOAuth2 Protocol with Grails Spring Security
OAuth2 Protocol with Grails Spring SecurityNexThoughts Technologies
 
Intro to API Security with Oauth 2.0
Intro to API Security with Oauth 2.0Intro to API Security with Oauth 2.0
Intro to API Security with Oauth 2.0Functional Imperative
 
FIware Identity Manager
FIware Identity ManagerFIware Identity Manager
FIware Identity ManagerJoaquín Salvachúa
 
Adding Identity Management and Access Control to your Application
Adding Identity Management and Access Control to your ApplicationAdding Identity Management and Access Control to your Application
Adding Identity Management and Access Control to your ApplicationFernando Lopez Aguilar
 

More Related Content

What's hot

Using ArcGIS with OAuth 2.0 - Esri DevSummit Dubai 2013
Using ArcGIS with OAuth 2.0 - Esri DevSummit Dubai 2013Using ArcGIS with OAuth 2.0 - Esri DevSummit Dubai 2013
Using ArcGIS with OAuth 2.0 - Esri DevSummit Dubai 2013Aaron Parecki
 
(1) OAuth 2.0 Overview
(1) OAuth 2.0 Overview(1) OAuth 2.0 Overview
(1) OAuth 2.0 Overviewanikristo
 
An Introduction to OAuth2
An Introduction to OAuth2An Introduction to OAuth2
An Introduction to OAuth2Aaron Parecki
 
Stateless Auth using OAuth2 & JWT
Stateless Auth using OAuth2 & JWTStateless Auth using OAuth2 & JWT
Stateless Auth using OAuth2 & JWTGaurav Roy
 
Adding Identity Management and Access Control to your Application, Authorization
Adding Identity Management and Access Control to your Application, AuthorizationAdding Identity Management and Access Control to your Application, Authorization
Adding Identity Management and Access Control to your Application, AuthorizationFernando Lopez Aguilar
 
OAuth2 - Introduction
OAuth2 - IntroductionOAuth2 - Introduction
OAuth2 - IntroductionKnoldus Inc.
 
An Introduction to OAuth 2
An Introduction to OAuth 2An Introduction to OAuth 2
An Introduction to OAuth 2Aaron Parecki
 
An introduction to OAuth 2
An introduction to OAuth 2An introduction to OAuth 2
An introduction to OAuth 2Sanjoy Kumar Roy
 
Security for oauth 2.0 - @topavankumarj
Security for oauth 2.0 - @topavankumarjSecurity for oauth 2.0 - @topavankumarj
Security for oauth 2.0 - @topavankumarjPavan Kumar J
 
Securing RESTful APIs using OAuth 2 and OpenID Connect
Securing RESTful APIs using OAuth 2 and OpenID ConnectSecuring RESTful APIs using OAuth 2 and OpenID Connect
Securing RESTful APIs using OAuth 2 and OpenID ConnectJonathan LeBlanc
 
Linkedin & OAuth
Linkedin & OAuthLinkedin & OAuth
Linkedin & OAuthUmang Goyal
 
FI-WARE Account and OAuth solution
FI-WARE Account and OAuth solutionFI-WARE Account and OAuth solution
FI-WARE Account and OAuth solutionJavier Cerviño
 
OAuth2 Protocol with Grails Spring Security
OAuth2 Protocol with Grails Spring SecurityOAuth2 Protocol with Grails Spring Security
OAuth2 Protocol with Grails Spring SecurityNexThoughts Technologies
 
Intro to API Security with Oauth 2.0
Intro to API Security with Oauth 2.0Intro to API Security with Oauth 2.0
Intro to API Security with Oauth 2.0Functional Imperative
 

What's hot (20)

Using ArcGIS with OAuth 2.0 - Esri DevSummit Dubai 2013
Using ArcGIS with OAuth 2.0 - Esri DevSummit Dubai 2013Using ArcGIS with OAuth 2.0 - Esri DevSummit Dubai 2013
Using ArcGIS with OAuth 2.0 - Esri DevSummit Dubai 2013
 
(1) OAuth 2.0 Overview
(1) OAuth 2.0 Overview(1) OAuth 2.0 Overview
(1) OAuth 2.0 Overview
 
An Introduction to OAuth2
An Introduction to OAuth2An Introduction to OAuth2
An Introduction to OAuth2
 
Stateless Auth using OAuth2 & JWT
Stateless Auth using OAuth2 & JWTStateless Auth using OAuth2 & JWT
Stateless Auth using OAuth2 & JWT
 
OAuth 2.0
OAuth 2.0OAuth 2.0
OAuth 2.0
 
Adding Identity Management and Access Control to your Application, Authorization
Adding Identity Management and Access Control to your Application, AuthorizationAdding Identity Management and Access Control to your Application, Authorization
Adding Identity Management and Access Control to your Application, Authorization
 
OAuth2 - Introduction
OAuth2 - IntroductionOAuth2 - Introduction
OAuth2 - Introduction
 
An Introduction to OAuth 2
An Introduction to OAuth 2An Introduction to OAuth 2
An Introduction to OAuth 2
 
An introduction to OAuth 2
An introduction to OAuth 2An introduction to OAuth 2
An introduction to OAuth 2
 
IdM and AC
IdM and ACIdM and AC
IdM and AC
 
Security for oauth 2.0 - @topavankumarj
Security for oauth 2.0 - @topavankumarjSecurity for oauth 2.0 - @topavankumarj
Security for oauth 2.0 - @topavankumarj
 
OAuth 2 Presentation
OAuth 2 PresentationOAuth 2 Presentation
OAuth 2 Presentation
 
Securing RESTful APIs using OAuth 2 and OpenID Connect
Securing RESTful APIs using OAuth 2 and OpenID ConnectSecuring RESTful APIs using OAuth 2 and OpenID Connect
Securing RESTful APIs using OAuth 2 and OpenID Connect
 
The State of OAuth2
The State of OAuth2The State of OAuth2
The State of OAuth2
 
Demystifying OAuth 2.0
Demystifying OAuth 2.0Demystifying OAuth 2.0
Demystifying OAuth 2.0
 
Linkedin & OAuth
Linkedin & OAuthLinkedin & OAuth
Linkedin & OAuth
 
FI-WARE Account and OAuth solution
FI-WARE Account and OAuth solutionFI-WARE Account and OAuth solution
FI-WARE Account and OAuth solution
 
Oauth2.0
Oauth2.0Oauth2.0
Oauth2.0
 
OAuth2 Protocol with Grails Spring Security
OAuth2 Protocol with Grails Spring SecurityOAuth2 Protocol with Grails Spring Security
OAuth2 Protocol with Grails Spring Security
 
Intro to API Security with Oauth 2.0
Intro to API Security with Oauth 2.0Intro to API Security with Oauth 2.0
Intro to API Security with Oauth 2.0
 

Similar to Hybrid authentication - Talking To Major Social Networks

Adding Identity Management and Access Control to your Application
Adding Identity Management and Access Control to your ApplicationAdding Identity Management and Access Control to your Application
Adding Identity Management and Access Control to your ApplicationFernando Lopez Aguilar
 
Stateless Auth using OAUTH2 & JWT
Stateless Auth using OAUTH2 & JWTStateless Auth using OAUTH2 & JWT
Stateless Auth using OAUTH2 & JWTMobiliya
 
Implementing open authentication_in_your_app
Implementing open authentication_in_your_appImplementing open authentication_in_your_app
Implementing open authentication_in_your_appNuhil Mehdy
 
FIWARE Global Summit - Adding Identity Management, Access Control and API Man...
FIWARE Global Summit - Adding Identity Management, Access Control and API Man...FIWARE Global Summit - Adding Identity Management, Access Control and API Man...
FIWARE Global Summit - Adding Identity Management, Access Control and API Man...FIWARE
 
How to Build an Indivo X Personal Health App
How to Build an Indivo X Personal Health AppHow to Build an Indivo X Personal Health App
How to Build an Indivo X Personal Health AppBen Adida
 
Stateless authentication with OAuth 2 and JWT - JavaZone 2015
Stateless authentication with OAuth 2 and JWT - JavaZone 2015Stateless authentication with OAuth 2 and JWT - JavaZone 2015
Stateless authentication with OAuth 2 and JWT - JavaZone 2015Alvaro Sanchez-Mariscal
 
Demystifying OAuth 2.0
Demystifying OAuth 2.0Demystifying OAuth 2.0
Demystifying OAuth 2.0Yury Roa
 
How to authenticate users in your apps using FI-WARE Account - Introduction
How to authenticate users in your apps using FI-WARE Account - IntroductionHow to authenticate users in your apps using FI-WARE Account - Introduction
How to authenticate users in your apps using FI-WARE Account - IntroductionJavier Cerviño
 
Stateless authentication for microservices - Greach 2015
Stateless authentication for microservices - Greach 2015Stateless authentication for microservices - Greach 2015
Stateless authentication for microservices - Greach 2015Alvaro Sanchez-Mariscal
 
Understanding Identity in the World of Web APIs – Ronnie Mitra, API Architec...
Understanding Identity in the World of Web APIs – Ronnie Mitra, API Architec...Understanding Identity in the World of Web APIs – Ronnie Mitra, API Architec...
Understanding Identity in the World of Web APIs – Ronnie Mitra, API Architec...CA API Management
 
Stateless authentication for microservices - GR8Conf 2015
Stateless authentication for microservices - GR8Conf 2015Stateless authentication for microservices - GR8Conf 2015
Stateless authentication for microservices - GR8Conf 2015Alvaro Sanchez-Mariscal
 
Stateless authentication for microservices - Spring I/O 2015
Stateless authentication for microservices - Spring I/O 2015Stateless authentication for microservices - Spring I/O 2015
Stateless authentication for microservices - Spring I/O 2015Alvaro Sanchez-Mariscal
 
Api security with OAuth
Api security with OAuthApi security with OAuth
Api security with OAuththariyarox
 
Devteach 2017 OAuth and Open id connect demystified
Devteach 2017 OAuth and Open id connect demystifiedDevteach 2017 OAuth and Open id connect demystified
Devteach 2017 OAuth and Open id connect demystifiedTaswar Bhatti
 

Similar to Hybrid authentication - Talking To Major Social Networks (20)

FIware Identity Manager
FIware Identity ManagerFIware Identity Manager
FIware Identity Manager
 
Adding Identity Management and Access Control to your Application
Adding Identity Management and Access Control to your ApplicationAdding Identity Management and Access Control to your Application
Adding Identity Management and Access Control to your Application
 
Id fiware upm-dit
Id fiware upm-ditId fiware upm-dit
Id fiware upm-dit
 
FIWARE ID Management
FIWARE ID ManagementFIWARE ID Management
FIWARE ID Management
 
Stateless Auth using OAUTH2 & JWT
Stateless Auth using OAUTH2 & JWTStateless Auth using OAUTH2 & JWT
Stateless Auth using OAUTH2 & JWT
 
Api security
Api security Api security
Api security
 
Implementing open authentication_in_your_app
Implementing open authentication_in_your_appImplementing open authentication_in_your_app
Implementing open authentication_in_your_app
 
FIWARE Global Summit - Adding Identity Management, Access Control and API Man...
FIWARE Global Summit - Adding Identity Management, Access Control and API Man...FIWARE Global Summit - Adding Identity Management, Access Control and API Man...
FIWARE Global Summit - Adding Identity Management, Access Control and API Man...
 
How to Build an Indivo X Personal Health App
How to Build an Indivo X Personal Health AppHow to Build an Indivo X Personal Health App
How to Build an Indivo X Personal Health App
 
Stateless authentication with OAuth 2 and JWT - JavaZone 2015
Stateless authentication with OAuth 2 and JWT - JavaZone 2015Stateless authentication with OAuth 2 and JWT - JavaZone 2015
Stateless authentication with OAuth 2 and JWT - JavaZone 2015
 
Demystifying OAuth 2.0
Demystifying OAuth 2.0Demystifying OAuth 2.0
Demystifying OAuth 2.0
 
How to authenticate users in your apps using FI-WARE Account - Introduction
How to authenticate users in your apps using FI-WARE Account - IntroductionHow to authenticate users in your apps using FI-WARE Account - Introduction
How to authenticate users in your apps using FI-WARE Account - Introduction
 
Stateless authentication for microservices - Greach 2015
Stateless authentication for microservices - Greach 2015Stateless authentication for microservices - Greach 2015
Stateless authentication for microservices - Greach 2015
 
Understanding Identity in the World of Web APIs – Ronnie Mitra, API Architec...
Understanding Identity in the World of Web APIs – Ronnie Mitra, API Architec...Understanding Identity in the World of Web APIs – Ronnie Mitra, API Architec...
Understanding Identity in the World of Web APIs – Ronnie Mitra, API Architec...
 
Stateless authentication for microservices - GR8Conf 2015
Stateless authentication for microservices - GR8Conf 2015Stateless authentication for microservices - GR8Conf 2015
Stateless authentication for microservices - GR8Conf 2015
 
OAuth in the Wild
OAuth in the WildOAuth in the Wild
OAuth in the Wild
 
Stateless authentication for microservices - Spring I/O 2015
Stateless authentication for microservices - Spring I/O 2015Stateless authentication for microservices - Spring I/O 2015
Stateless authentication for microservices - Spring I/O 2015
 
API Security with OAuth2.0.
API Security with OAuth2.0.API Security with OAuth2.0.
API Security with OAuth2.0.
 
Api security with OAuth
Api security with OAuthApi security with OAuth
Api security with OAuth
 
Devteach 2017 OAuth and Open id connect demystified
Devteach 2017 OAuth and Open id connect demystifiedDevteach 2017 OAuth and Open id connect demystified
Devteach 2017 OAuth and Open id connect demystified
 

Recently uploaded

How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?XfilesPro
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 

Recently uploaded (20)

How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 

Hybrid authentication - Talking To Major Social Networks

  • 1. Hybrid Authentication - Talking to major social networks Md. Rayhan Chowdhury
  • 2. You have developed a Wow application. & You're sure everybody will like it. phpXperts 2011 Md. Rayhan Chowdhury | ray@raynux.com 2
  • 3. Please Register to taste our WOW Service? Okey, cool, will try later... phpXperts 2011 Md. Rayhan Chowdhury | ray@raynux.com 3
  • 4. How can you avoid this boring registration? phpXperts 2011 Md. Rayhan Chowdhury | ray@raynux.com 4
  • 5. Hybrid Authentication Login with Facebook Login with Google Account Login with Windows Live User phpXperts 2011 Md. Rayhan Chowdhury | ray@raynux.com 5
  • 6. It has Benefits too  Hassle free login/registration  More website users  Successful Business  More money You phpXperts 2011 Md. Rayhan Chowdhury | ray@raynux.com 6
  • 7. There is also a bonus! You have access to user's social data, friend base phpXperts 2011 Md. Rayhan Chowdhury | ray@raynux.com 7
  • 8. Cool! But .... Isn't it too complex? Is there any standard? How to implement? phpXperts 2011 Md. Rayhan Chowdhury | ray@raynux.com 8
  • 9. Yes, there is a standard and its so simple with OAuth 2.0 phpXperts 2011 Md. Rayhan Chowdhury | ray@raynux.com 9
  • 10. What is OAuth?  Stands for Open Authorization  Before OAuth: Google AuthSub, AOL OpenAuth, Yahoo BBAuth, Flickr API, Amazon Web Services API, FacebookAuth  First introduced in 2006  Designed for API access delegation phpXperts 2011 Md. Rayhan Chowdhury | ray@raynux.com 10
  • 11. OAuth 2.0  Next evolution of OAuth 1.0  Easy to implement  More flows to support desktop and mobile and living room devices  Not backward compatible with OAuth 1.0 phpXperts 2011 Md. Rayhan Chowdhury | ray@raynux.com 11
  • 12. OAuth 2.0 flows are  User-Agent Flow  Web Server Flow  Device Flow  Username and Password Flow  Client Credentials Flow  Assertion Flow phpXperts 2011 Md. Rayhan Chowdhury | ray@raynux.com 12
  • 13. How does OAuth 2.0 work? Google Authorization Request Authorization Code Resource Owner Request Access Token Client Authorization Server (Your website) Access Token Access Token Protected Resource Resource Server phpXperts 2011 Md. Rayhan Chowdhury | ray@raynux.com 13
  • 14. Web Flow – Implementation  Register your app @ https://code.google.com/apis/console/b/0/ phpXperts 2011 Md. Rayhan Chowdhury | ray@raynux.com 14
  • 15. Web Flow – Get Authorization Code Login with Google Account https://accounts.google.com/o/oauth2/auth?client_id=...&respons e_type=code&redirect_uri=...&scope=... http://mine2share.com/labs/oauth2/callback.php?code=authoriza tion_code phpXperts 2011 Md. Rayhan Chowdhury | ray@raynux.com 15
  • 16. Web Flow – Get Access Code  Now from your Redirect URI, make a post request using CURL with following parameters https://accounts.google.com/o/oauth2/token?client_id=...&client_ secret=...&grant_type=authorization_code&code=..&redirect_uri= ... { "access_token" : "...", "expires_in" : 3600 } phpXperts 2011 Md. Rayhan Chowdhury | ray@raynux.com 16
  • 17. Web Flow – Get Resource Use the access_token to get granted resources https://www.googleapis.com/oauth2/v1/userinfo?access_code=... array ( 'id' => '1150948574743835905', 'email' => 'faisal@bankinfobd.com', 'verified_email' => true, 'name' => 'Faisal Morshed', 'given_name' => 'Faisal', 'family_name' => 'Morshed', ) phpXperts 2011 Md. Rayhan Chowdhury | ray@raynux.com 17
  • 18. How to implement? phpXperts 2011 Md. Rayhan Chowdhury | ray@raynux.com 18
  • 19. Configure OAuth2Consumer class File: config.php OAuth2Consumer::getInstance('Facebook', array( 'client_id' => 'your-client-id', 'client_secret' => 'your-client-secret', 'redirect_uri' => 'http://yoursite/callback.php', 'scope' => 'email,read_stream', 'base_uri' => 'https://graph.facebook.com/', 'authorize_uri' => 'https://graph.facebook.com/oauth/authorize', 'access_token_uri' => 'https://graph.facebook.com/oauth/access_token', )); phpXperts 2011 Md. Rayhan Chowdhury | ray@raynux.com 19
  • 20. Step 1 Get user authorization File: connect.php Oauth2Consumer::getInstance('Facebook')->authorize(); phpXperts 2011 Md. Rayhan Chowdhury | ray@raynux.com 20
  • 21. Redirect to OAuth 2.0 end point phpXperts 2011 Md. Rayhan Chowdhury | ray@raynux.com 21
  • 22. Step 2 Grab the Access Token File: callback.php $oauth2 = Oauth2Consumer::getInstance('Facebook'); $accessToken = $oauth2->getAccessToken();  Save this access token phpXperts 2011 Md. Rayhan Chowdhury | ray@raynux.com 22
  • 23. Step 3 Use the API with Access Token  Set the access token $oauth = Oauth2Consumer::getInstance('Facebook'); $oauth->setVariable('access_token', $accessToken);  Use the API as much as you want $profile = $oauth->api('me'); $friends = $oauth->api('me/friendlists'); $albums = $oauth->api('me/albums'); phpXperts 2011 Md. Rayhan Chowdhury | ray@raynux.com 23
  • 24. Decide to Login or Register  User is new? create an account first  Otherwise, log him/her in to your app  keep users and connections table separate Users 1 n Connections phpXperts 2011 Md. Rayhan Chowdhury | ray@raynux.com 24
  • 25. Socialize Your Application  Encourage user to add more connections  You have read/write access, so  Engage more  Respect user's opinion  Remember! never misuse phpXperts 2011 Md. Rayhan Chowdhury | ray@raynux.com 25
  • 26. Who Support OAuth 2.0 phpXperts 2011 Md. Rayhan Chowdhury | ray@raynux.com 26
  • 27. References Google API: Documentation: http://code.google.com/apis/accounts/docs/OAuth2.html API Console: https://code.google.com/apis/console/b/0/ Facebook: API Console: https://developers.facebook.com/apps Documentation: https://developers.facebook.com/docs/authentication/ Windows Live: API Console: https://manage.dev.live.com/ Documentation: http://msdn.microsoft.com/en-us/library/hh243647.aspx OAuth 2.0: http://tools.ietf.org/html/draft-ietf-oauth-v2-22 http://oauth.net/2/ Oauth2Consumer Class & Example: http://raynux.com/ray/labs/projects/oauth2.zip phpXperts 2011 Md. Rayhan Chowdhury | ray@raynux.com 27
  • 28. Question and Answer Thank you phpXperts 2011 Md. Rayhan Chowdhury | ray@raynux.com 28