OAuth 2.0

•

2 likes•1,446 views

The document discusses two common OAuth 2.0 authorization flows: the authorization code flow which uses an authorization code to obtain an access token, and the implicit grant flow which issues an access token directly to the client. It provides diagrams illustrating the key steps in each flow including user authentication, token issuance, and accessing protected resources. The document also briefly mentions other OAuth 2.0 grant types and accessing protected APIs with obtained tokens.

Technology

OAuth 2.0
Andreas Åkre Solberg, UNINETT AS

March 19th, 2013

Authorization code Token
ﬂow storage

Authorization
Feide Resource server
server
aut

iss
hen

ted g
i
ap
tec sin
ues
tica

nt

pro cces
gra

tok
tes

a
ne
Client

Resource owner
(with browser)

Implicit grant Token
ﬂow storage

Authorization
Feide Resource server
server

grant i
ap
issues token
au
th

d
te
ent

e c
ic

ot
at

p r
es

i ng
s
c es
ac

browser

Resource owner
(with browser)

✤ Authorization Code

✤ Implicit Grant

✤ (Resource Owner Password Credentials)

✤ (Client Credentials)

✤ Accessing protected API

✤ How do we obtain the token?

Token
storage

Authorization
Feide Resource server
server

aut

iss
hen

ted g
i
ap
tec sin
ues
tica

nt

pro cces
gra

tok
tes

a
n e
Client

Resource owner
(with browser)

Authorization Code Flow

✤ Authorization Request

✤ User authenticates Token
storage

✤ User accepts client grant Feide
Authorization
server
Resource server

aut

iss
hen

ted g
i
ap
tec sin
ues
tica

nt

pro cces
gra

tok
tes

a
n e
Client

Resource owner
(with browser)

✤ Access token request

Token
storage
✤ Access token response
Authorization
Feide Resource server
server

aut

iss
hen

ted g
i
ap
tec sin
ues
tica

nt

pro cces
gra

tok
tes

a
n e
Client

Resource owner
(with browser)

Implicit Grant Flow

✤ Authorization Request

✤ User authenticates Token
storage

✤ User accepts client grant Feide
Authorization
Resource server
server

grant
i
ap

issues token
au
th ed
ent e ct
ic ot
at pr
es g
sin
c es
ac

browser

Resource owner
(with browser)

Client Token
storage storage

Client Authorization
Feide Resource server
Management server

Client

Client owner Resource owner
(with browser) (with browser)

Resource server

UWAP
Token Client
storage storage

Feide

SOA Authorization Client
Gatekeeper server Management

Client
Client
owner

When developing applications for mobile devices (Windows Store or Windows Phone) we have to deal with connected data scenarios using cloud web services, and disconnected scenarios where data is stored locally. In this session we will explore all options to store information locally and remotely (files, Isolated Storage, IndexedDB, SQLite, NoSQL DBs and Azure Mobile Services), and how to build a system for synchronizing data when using a combination of these systems.

тезисы к докладу по электронной аутентификации в государственных системах

Mikhail Vanin

Everyday - mongodbelliando dias

Nuxeo World Session: Nuxeo Distributions

Nuxeo

Sso every where

Paul Seiler

OpenID Connect Federation

Andreas Åkre Solberg

Dataporten for grunnopplæringa - Workshop September 2017

Andreas Åkre Solberg

Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management. The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM). Speakers: Bob Boule Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle. Gopinath Rebala Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.

Recently uploaded

From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...

Product School

GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...

James Anderson

FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf

FIDO Alliance

To Graph or Not to Graph Knowledge Graph Architectures and LLMs

Paul Groth

The Future of Platform Engineering

Jemma Hussein Allen

Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality

Inflectra

In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring. Learn about: • The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks. • Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective. • Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification. • Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process. Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.

From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...

Product School

Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...

UiPathCommunity

💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™: See how to accelerate model training and optimize model performance with active learning Learn about the latest enhancements to out-of-the-box document processing – with little to no training required Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath. Speakers: 👨‍🏫 Andras Palfi, Senior Product Manager, UiPath 👩‍🏫 Lenka Dulovicova, Product Program Manager, UiPath

Leading Change strategies and insights for effective change management pdf 1.pdf

OnBoard

GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...

Sri Ambati

Assuring Contact Center Experiences for Your Customers With ThousandEyes

ThousandEyes

UiPath Test Automation using UiPath Test Suite series, part 3

DianaGray10

Encryption in Microsoft 365 - ExpertsLive Netherlands 2024

Albert Hoitingh

FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf

FIDO Alliance

UiPath Test Automation using UiPath Test Suite series, part 4

DianaGray10

Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap. The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies. Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques What will you get from this session? 1. Insights into SAP testing best practices 2. Heatmap utilization for testing 3. Optimization of testing processes 4. Demo Topics covered: Execution from the test manager Orchestrator execution result Defect reporting SAP heatmap example with demo Speaker: Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP

Essentials of Automations: Optimizing FME Workflows with Parameters

Safe Software

Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place. Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects. Here’s what you’ll gain: - Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows. - Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy. - Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency. - Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity. We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic. Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.

Securing your Kubernetes cluster_ a step-by-step guide to success !

KatiaHIMEUR1

Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster. However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks. In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.

Transcript: Selling digital books in 2024: Insights from industry leaders - T...

BookNet Canada

The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more. Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/ Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.

JMeter webinar - integration with InfluxDB and Grafana

RTTS

Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application. In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics. Length: 30 minutes Session Overview ------------------------------------------- During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana: - What out-of-the-box solutions are available for real-time monitoring JMeter tests? - What are the benefits of integrating InfluxDB and Grafana into the load testing stack? - Which features are provided by Grafana? - Demonstration of InfluxDB and Grafana using a practice web application To view the webinar recording, go to: https://www.rttsweb.com/jmeter-integration-webinar

When stars align: studies in data quality, knowledge graphs, and machine lear...

Elena Simperl

Recently uploaded (20)

From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...

GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...

FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf

To Graph or Not to Graph Knowledge Graph Architectures and LLMs

The Future of Platform Engineering

Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality

From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...

Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...

Leading Change strategies and insights for effective change management pdf 1.pdf

GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...

Assuring Contact Center Experiences for Your Customers With ThousandEyes

UiPath Test Automation using UiPath Test Suite series, part 3

Encryption in Microsoft 365 - ExpertsLive Netherlands 2024

FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf

UiPath Test Automation using UiPath Test Suite series, part 4

Essentials of Automations: Optimizing FME Workflows with Parameters

Securing your Kubernetes cluster_ a step-by-step guide to success !

Transcript: Selling digital books in 2024: Insights from industry leaders - T...

JMeter webinar - integration with InfluxDB and Grafana

When stars align: studies in data quality, knowledge graphs, and machine lear...

OAuth 2.0

1. OAuth 2.0 Andreas Åkre Solberg, UNINETT AS March 19th, 2013

2. Authorization code Token ﬂow storage Authorization Feide Resource server server aut iss hen ted g i ap tec sin ues tica nt pro cces gra tok tes a ne Client Resource owner (with browser)

3. Implicit grant Token ﬂow storage Authorization Feide Resource server server grant i ap issues token au th d te ent e c ic ot at p r es i ng s c es ac browser Resource owner (with browser)

4. ✤ Authorization Code ✤ Implicit Grant ✤ (Resource Owner Password Credentials) ✤ (Client Credentials)

5. ✤ Accessing protected API ✤ How do we obtain the token? Token storage Authorization Feide Resource server server aut iss hen ted g i ap tec sin ues tica nt pro cces gra tok tes a n e Client Resource owner (with browser)

6. Authorization Code Flow ✤ Authorization Request ✤ User authenticates Token storage ✤ User accepts client grant Feide Authorization server Resource server aut iss hen ted g i ap tec sin ues tica nt pro cces gra tok tes a n e Client Resource owner (with browser)

7. ✤ Access token request Token storage ✤ Access token response Authorization Feide Resource server server aut iss hen ted g i ap tec sin ues tica nt pro cces gra tok tes a n e Client Resource owner (with browser)

8. Implicit Grant Flow ✤ Authorization Request ✤ User authenticates Token storage ✤ User accepts client grant Feide Authorization Resource server server grant i ap issues token au th ed ent e ct ic ot at pr es g sin c es ac browser Resource owner (with browser)

9. Client Token storage storage Client Authorization Feide Resource server Management server Client Client owner Resource owner (with browser) (with browser)

10. Resource server UWAP Token Client storage storage Feide SOA Authorization Client Gatekeeper server Management Client Client owner

OAuth 2.0

Recommended

Recommended

More Related Content

More from Andreas Åkre Solberg

More from Andreas Åkre Solberg (20)

Recently uploaded

Recently uploaded (20)

OAuth 2.0