SlideShare a Scribd company logo

Introduction to OAuth

Wei-Tsung Su
Wei-Tsung Su
TechnologyNews & Politics
1 of 8
Download to read offline
Introduction to OAuth Wei-Tsung Su 10/30/2013 (Ver. 1.0) Ubiquitous Computing & Ambient Networking Laboratory Page : 1
OAuth • OAuth is an open standard of authorization. (Wikipedia) • OAuth attempts to provide a standard way for developers to offer their services via an API without forcing their users to expose their passwords (and other credentials). (oauth.net) • Standard – RFC 6749: The OAuth 2.0 Authorization Framework – RFC 5849: The OAuth 1.0 Protocol • Implementation – Apache Oltu (http://oltu.apache.org/) – Others on .NET, PHP, Ruby, Python, … Ubiquitous Computing & Ambient Networking Laboratory Page : 2
OAuth 2.0 Protocol Flow (3) Authorization Request (4) Access Token (1) Authorization Request (2) Authorization Grant Resource Owner (User) Authorization Server Client (5) Access Token API (6) Protected Resource Ubiquitous Computing & Ambient Networking Laboratory Resource Server Page : 3
OAuth 2.0: Case Study • Resource owner – You • Client – Google Calendar APIs Explorer • Authorization server – Google OAuth 2.0 Server • API – Google Calendar APIs • Resource Server – Google Calendar Ubiquitous Computing & Ambient Networking Laboratory Page : 4
OAuth 2.0: Case Study (con’t) (3) Authorization Request (1) Authorization Request (2) Authorization Grant Resource Owner (User) Google Calendar APIs Explorer (4) Access Token (5) Access Token (6) Protected Resource Google OAuth 2.0 Server Google Calendar APIs Ubiquitous Computing & Ambient Networking Laboratory Google Calendar Server (to access your Google calendar data) Page : 5
Authorization Grant • There are four ways how a user grants the authorization to a client – Authorization Code • • • • The client directs the user to authorization server The user inputs ID/PWD on authorization server. The authorization server sends authorization code to client The client sends authorization code to authorization server for obtaining the access token – Implicit • Simplifying the above process, the client can directly obtain the access token – Resource Owner Password Credentials (less security) • The users inputs ID/PWD on the client • The client sends the ID/PWD to authorization server for obtaining the access token – Client Credentials • Used when the client is also the resource owner or • The authorization of access protected resources are previously arranged to the client with the authorization server Ubiquitous Computing & Ambient Networking Laboratory Page : 6
Access Token • Access token – is a credential used to access protected resources. – is a string (usually opaque to the client) representing an authorization issued to the client. – represents specific scopes and durations of access, granted by the resource owner, and enforced by the resource server and authorization server. • Standard – RFC 6750: The OAuth 2.0 Authorization Framework: Bearer Token Usage Ubiquitous Computing & Ambient Networking Laboratory Page : 7
References • OAuth Official Sites – http://oauth.net/ – http://wiki.oauth.net • OAuth 2.0 Implementations – http://wiki.oauth.net/w/page/25236487/OAuth Ubiquitous Computing & Ambient Networking Laboratory Page : 8

Recommended

OAuth2 on Ericsson Labs
OAuth2 on Ericsson LabsOAuth2 on Ericsson Labs
OAuth2 on Ericsson Labs
Ericsson Labs
 
Keystone - Openstack Identity Service
Keystone - Openstack Identity Service Keystone - Openstack Identity Service
Keystone - Openstack Identity Service
Prasad Mukhedkar
 
OpenStack Keystone
OpenStack KeystoneOpenStack Keystone
OpenStack Keystone
Deepti Ramakrishna
 
Keystone: Federated
Keystone: FederatedKeystone: Federated
Keystone: Federated
jamielennox
 
Secure Keystone Deployment
Secure Keystone DeploymentSecure Keystone Deployment
Secure Keystone Deployment
Priti Desai
 
Deep Dive into Keystone Tokens and Lessons Learned
Deep Dive into Keystone Tokens and Lessons LearnedDeep Dive into Keystone Tokens and Lessons Learned
Deep Dive into Keystone Tokens and Lessons Learned
Priti Desai
 
Web security
Web securityWeb security
Web security
Greater Noida Institute Of Technology
 
K8s Webhook Admission
K8s Webhook AdmissionK8s Webhook Admission
K8s Webhook Admission
Huynh Thai Bao
 

Recommended

OAuth2 on Ericsson Labs
OAuth2 on Ericsson LabsOAuth2 on Ericsson Labs
OAuth2 on Ericsson Labs
Ericsson Labs
 
Keystone - Openstack Identity Service
Keystone - Openstack Identity Service Keystone - Openstack Identity Service
Keystone - Openstack Identity Service
Prasad Mukhedkar
 
OpenStack Keystone
OpenStack KeystoneOpenStack Keystone
OpenStack Keystone
Deepti Ramakrishna
 
Keystone: Federated
Keystone: FederatedKeystone: Federated
Keystone: Federated
jamielennox
 
Secure Keystone Deployment
Secure Keystone DeploymentSecure Keystone Deployment
Secure Keystone Deployment
Priti Desai
 
Deep Dive into Keystone Tokens and Lessons Learned
Deep Dive into Keystone Tokens and Lessons LearnedDeep Dive into Keystone Tokens and Lessons Learned
Deep Dive into Keystone Tokens and Lessons Learned
Priti Desai
 
Web security
Web securityWeb security
Web security
Greater Noida Institute Of Technology
 
K8s Webhook Admission
K8s Webhook AdmissionK8s Webhook Admission
K8s Webhook Admission
Huynh Thai Bao
 
Meeting 4 : proxy
Meeting 4 : proxyMeeting 4 : proxy
Meeting 4 : proxy
Syaiful Ahdan
 
OAuth2
OAuth2OAuth2
OAuth2
SPARK MEDIA
 
OpenStack Toronto Meetup - Keystone 101
OpenStack Toronto Meetup - Keystone 101OpenStack Toronto Meetup - Keystone 101
OpenStack Toronto Meetup - Keystone 101
Steve Martinelli
 
OpenStack keystone identity service
OpenStack keystone identity serviceOpenStack keystone identity service
OpenStack keystone identity service
openstackindia
 
OpenStack Identity - Keystone (liberty) by Lorenzo Carnevale and Silvio Tavilla
OpenStack Identity - Keystone (liberty) by Lorenzo Carnevale and Silvio TavillaOpenStack Identity - Keystone (liberty) by Lorenzo Carnevale and Silvio Tavilla
OpenStack Identity - Keystone (liberty) by Lorenzo Carnevale and Silvio Tavilla
Lorenzo Carnevale
 
Xplore Group - Flashtalk (Fabric8, Neo4j, GraphQL, OpenID Connect)
Xplore Group - Flashtalk (Fabric8, Neo4j, GraphQL, OpenID Connect)Xplore Group - Flashtalk (Fabric8, Neo4j, GraphQL, OpenID Connect)
Xplore Group - Flashtalk (Fabric8, Neo4j, GraphQL, OpenID Connect)
Dries Elliott
 
Building IAM for OpenStack
Building IAM for OpenStackBuilding IAM for OpenStack
Building IAM for OpenStack
Steve Martinelli
 
OpenStack Identity - Keystone (kilo) by Lorenzo Carnevale and Silvio Tavilla
OpenStack Identity - Keystone (kilo) by Lorenzo Carnevale and Silvio TavillaOpenStack Identity - Keystone (kilo) by Lorenzo Carnevale and Silvio Tavilla
OpenStack Identity - Keystone (kilo) by Lorenzo Carnevale and Silvio Tavilla
Lorenzo Carnevale
 
Proxy server
Proxy serverProxy server
Proxy server
Dlovan Salih
 
State of Solr Security 2016: Presented by Ishan Chattopadhyaya, Lucidworks
State of Solr Security 2016: Presented by Ishan Chattopadhyaya, LucidworksState of Solr Security 2016: Presented by Ishan Chattopadhyaya, Lucidworks
State of Solr Security 2016: Presented by Ishan Chattopadhyaya, Lucidworks
Lucidworks
 
SECURITY MECHANISM FOR WEBSERVICE USING SECURITY TOKEN SERVICE(STS
SECURITY MECHANISM FOR WEBSERVICE USING SECURITY TOKEN SERVICE(STSSECURITY MECHANISM FOR WEBSERVICE USING SECURITY TOKEN SERVICE(STS
SECURITY MECHANISM FOR WEBSERVICE USING SECURITY TOKEN SERVICE(STS
Manoj Kumar K.M
 
OpenStack keystone identity service
OpenStack keystone identity serviceOpenStack keystone identity service
OpenStack keystone identity service
openstackindia
 
Multi tenancy for docker
Multi tenancy for dockerMulti tenancy for docker
Multi tenancy for docker
Ananth Padmanabhan
 
Security_of_openstack_keystone
Security_of_openstack_keystoneSecurity_of_openstack_keystone
Security_of_openstack_keystone
UT, San Antonio
 
Information Security Systems
Information Security SystemsInformation Security Systems
Information Security Systems
Eyad Mhanna
 
UMA for ACE
UMA for ACEUMA for ACE
UMA for ACE
Hannes Tschofenig
 
Keystone Federation
Keystone Federation Keystone Federation
Keystone Federation
openstackindia
 
Integrating OpenStack with Active Directory
Integrating OpenStack with Active DirectoryIntegrating OpenStack with Active Directory
Integrating OpenStack with Active Directory
cjellick
 
OpenSSL
OpenSSLOpenSSL
OpenSSL
Timbal Mayank
 
Web Cache Poisoning
Web Cache PoisoningWeb Cache Poisoning
Web Cache Poisoning
KuldeepPandya5
 
Google Glass - Unit01: Design
Google Glass - Unit01: DesignGoogle Glass - Unit01: Design
Google Glass - Unit01: Design
Wei-Tsung Su
 
創業的藝術
創業的藝術創業的藝術
創業的藝術
Wei-Tsung Su
 

More Related Content

What's hot

OpenStack keystone identity service
OpenStack keystone identity serviceOpenStack keystone identity service
OpenStack keystone identity service
openstackindia
 
SECURITY MECHANISM FOR WEBSERVICE USING SECURITY TOKEN SERVICE(STS
SECURITY MECHANISM FOR WEBSERVICE USING SECURITY TOKEN SERVICE(STSSECURITY MECHANISM FOR WEBSERVICE USING SECURITY TOKEN SERVICE(STS
SECURITY MECHANISM FOR WEBSERVICE USING SECURITY TOKEN SERVICE(STS
Manoj Kumar K.M
 
OpenStack keystone identity service
OpenStack keystone identity serviceOpenStack keystone identity service
OpenStack keystone identity service
openstackindia
 
Security_of_openstack_keystone
Security_of_openstack_keystoneSecurity_of_openstack_keystone
Security_of_openstack_keystone
UT, San Antonio
 
Integrating OpenStack with Active Directory
Integrating OpenStack with Active DirectoryIntegrating OpenStack with Active Directory
Integrating OpenStack with Active Directory
cjellick
 

What's hot (20)

Meeting 4 : proxy
Meeting 4 : proxyMeeting 4 : proxy
Meeting 4 : proxy
 
OAuth2
OAuth2OAuth2
OAuth2
 
OpenStack Toronto Meetup - Keystone 101
OpenStack Toronto Meetup - Keystone 101OpenStack Toronto Meetup - Keystone 101
OpenStack Toronto Meetup - Keystone 101
 
OpenStack keystone identity service
OpenStack keystone identity serviceOpenStack keystone identity service
OpenStack keystone identity service
 
OpenStack Identity - Keystone (liberty) by Lorenzo Carnevale and Silvio Tavilla
OpenStack Identity - Keystone (liberty) by Lorenzo Carnevale and Silvio TavillaOpenStack Identity - Keystone (liberty) by Lorenzo Carnevale and Silvio Tavilla
OpenStack Identity - Keystone (liberty) by Lorenzo Carnevale and Silvio Tavilla
 
Xplore Group - Flashtalk (Fabric8, Neo4j, GraphQL, OpenID Connect)
Xplore Group - Flashtalk (Fabric8, Neo4j, GraphQL, OpenID Connect)Xplore Group - Flashtalk (Fabric8, Neo4j, GraphQL, OpenID Connect)
Xplore Group - Flashtalk (Fabric8, Neo4j, GraphQL, OpenID Connect)
 
Building IAM for OpenStack
Building IAM for OpenStackBuilding IAM for OpenStack
Building IAM for OpenStack
 
OpenStack Identity - Keystone (kilo) by Lorenzo Carnevale and Silvio Tavilla
OpenStack Identity - Keystone (kilo) by Lorenzo Carnevale and Silvio TavillaOpenStack Identity - Keystone (kilo) by Lorenzo Carnevale and Silvio Tavilla
OpenStack Identity - Keystone (kilo) by Lorenzo Carnevale and Silvio Tavilla
 
Proxy server
Proxy serverProxy server
Proxy server
 
State of Solr Security 2016: Presented by Ishan Chattopadhyaya, Lucidworks
State of Solr Security 2016: Presented by Ishan Chattopadhyaya, LucidworksState of Solr Security 2016: Presented by Ishan Chattopadhyaya, Lucidworks
State of Solr Security 2016: Presented by Ishan Chattopadhyaya, Lucidworks
 
SECURITY MECHANISM FOR WEBSERVICE USING SECURITY TOKEN SERVICE(STS
SECURITY MECHANISM FOR WEBSERVICE USING SECURITY TOKEN SERVICE(STSSECURITY MECHANISM FOR WEBSERVICE USING SECURITY TOKEN SERVICE(STS
SECURITY MECHANISM FOR WEBSERVICE USING SECURITY TOKEN SERVICE(STS
 
OpenStack keystone identity service
OpenStack keystone identity serviceOpenStack keystone identity service
OpenStack keystone identity service
 
Multi tenancy for docker
Multi tenancy for dockerMulti tenancy for docker
Multi tenancy for docker
 
Security_of_openstack_keystone
Security_of_openstack_keystoneSecurity_of_openstack_keystone
Security_of_openstack_keystone
 
Information Security Systems
Information Security SystemsInformation Security Systems
Information Security Systems
 
UMA for ACE
UMA for ACEUMA for ACE
UMA for ACE
 
Keystone Federation
Keystone Federation Keystone Federation
Keystone Federation
 
Integrating OpenStack with Active Directory
Integrating OpenStack with Active DirectoryIntegrating OpenStack with Active Directory
Integrating OpenStack with Active Directory
 
OpenSSL
OpenSSLOpenSSL
OpenSSL
 
Web Cache Poisoning
Web Cache PoisoningWeb Cache Poisoning
Web Cache Poisoning
 

Viewers also liked

Introduction to Version Control
Introduction to Version ControlIntroduction to Version Control
Introduction to Version Control
Wei-Tsung Su
 
Introduction to Wi-Fi Direct
Introduction to Wi-Fi DirectIntroduction to Wi-Fi Direct
Introduction to Wi-Fi Direct
Wei-Tsung Su
 
Introducing MQTT
Introducing MQTTIntroducing MQTT
Introducing MQTT
Andy Piper
 

Viewers also liked (12)

Google Glass - Unit01: Design
Google Glass - Unit01: DesignGoogle Glass - Unit01: Design
Google Glass - Unit01: Design
 
創業的藝術
創業的藝術創業的藝術
創業的藝術
 
Introduction to Version Control
Introduction to Version ControlIntroduction to Version Control
Introduction to Version Control
 
軟體系統測試簡介
軟體系統測試簡介軟體系統測試簡介
軟體系統測試簡介
 
Arduino Yun Mini - 使用SQLite
Arduino Yun Mini - 使用SQLiteArduino Yun Mini - 使用SQLite
Arduino Yun Mini - 使用SQLite
 
Arduino Yun Mini簡介
Arduino Yun Mini簡介Arduino Yun Mini簡介
Arduino Yun Mini簡介
 
Google App Engine for Python - Unit01: Basic
Google App Engine for Python - Unit01: BasicGoogle App Engine for Python - Unit01: Basic
Google App Engine for Python - Unit01: Basic
 
LinkIt Smart 7688程式開發
LinkIt Smart 7688程式開發LinkIt Smart 7688程式開發
LinkIt Smart 7688程式開發
 
MQTT簡介與使用開放原始碼
MQTT簡介與使用開放原始碼MQTT簡介與使用開放原始碼
MQTT簡介與使用開放原始碼
 
Introduction to Wi-Fi Direct
Introduction to Wi-Fi DirectIntroduction to Wi-Fi Direct
Introduction to Wi-Fi Direct
 
Introducing MQTT
Introducing MQTTIntroducing MQTT
Introducing MQTT
 
Introduction to NFC
Introduction to NFCIntroduction to NFC
Introduction to NFC
 

Similar to Introduction to OAuth

Oauth2 and OWSM OAuth2 support
Oauth2 and OWSM OAuth2 supportOauth2 and OWSM OAuth2 support
Oauth2 and OWSM OAuth2 support
Gaurav Sharma
 
CIS13: Bootcamp: Ping Identity OAuth and OpenID Connect In Action with PingFe...
CIS13: Bootcamp: Ping Identity OAuth and OpenID Connect In Action with PingFe...CIS13: Bootcamp: Ping Identity OAuth and OpenID Connect In Action with PingFe...
CIS13: Bootcamp: Ping Identity OAuth and OpenID Connect In Action with PingFe...
CloudIDSummit
 
Twitter Authentication
Twitter AuthenticationTwitter Authentication
Twitter Authentication
Vishal Shah
 
GSoC Mideterm-OAuth2 Module
GSoC Mideterm-OAuth2 ModuleGSoC Mideterm-OAuth2 Module
GSoC Mideterm-OAuth2 Module
Mayank Sharma
 
AllTheTalks.Online 2020: "Basics of OAuth 2.0 and OpenID Connect"
AllTheTalks.Online 2020: "Basics of OAuth 2.0 and OpenID Connect"AllTheTalks.Online 2020: "Basics of OAuth 2.0 and OpenID Connect"
AllTheTalks.Online 2020: "Basics of OAuth 2.0 and OpenID Connect"
Andreas Falk
 
Globus Auth: A Research Identity and Access Management Platform
Globus Auth: A Research Identity and Access Management PlatformGlobus Auth: A Research Identity and Access Management Platform
Globus Auth: A Research Identity and Access Management Platform
Ian Foster
 

Similar to Introduction to OAuth (20)

Introduction to OAuth2.0
Introduction to OAuth2.0Introduction to OAuth2.0
Introduction to OAuth2.0
 
Oauth2 and OWSM OAuth2 support
Oauth2 and OWSM OAuth2 supportOauth2 and OWSM OAuth2 support
Oauth2 and OWSM OAuth2 support
 
CIS13: Bootcamp: Ping Identity OAuth and OpenID Connect In Action with PingFe...
CIS13: Bootcamp: Ping Identity OAuth and OpenID Connect In Action with PingFe...CIS13: Bootcamp: Ping Identity OAuth and OpenID Connect In Action with PingFe...
CIS13: Bootcamp: Ping Identity OAuth and OpenID Connect In Action with PingFe...
 
Twitter Authentication
Twitter AuthenticationTwitter Authentication
Twitter Authentication
 
Rfc5849aut
Rfc5849autRfc5849aut
Rfc5849aut
 
OAuth 2.0 - The fundamentals, the good , the bad, technical primer and commo...
OAuth 2.0 - The fundamentals, the good , the bad, technical primer and commo...OAuth 2.0 - The fundamentals, the good , the bad, technical primer and commo...
OAuth 2.0 - The fundamentals, the good , the bad, technical primer and commo...
 
GSoC Mideterm-OAuth2 Module
GSoC Mideterm-OAuth2 ModuleGSoC Mideterm-OAuth2 Module
GSoC Mideterm-OAuth2 Module
 
Adding Identity Management and Access Control to your App
Adding Identity Management and Access Control to your AppAdding Identity Management and Access Control to your App
Adding Identity Management and Access Control to your App
 
OAuth [noddyCha]
OAuth [noddyCha]OAuth [noddyCha]
OAuth [noddyCha]
 
.NET Core, ASP.NET Core Course, Session 19
.NET Core, ASP.NET Core Course, Session 19 .NET Core, ASP.NET Core Course, Session 19
.NET Core, ASP.NET Core Course, Session 19
 
Oauth2.0
Oauth2.0Oauth2.0
Oauth2.0
 
Api security
Api security Api security
Api security
 
AllTheTalks.Online 2020: "Basics of OAuth 2.0 and OpenID Connect"
AllTheTalks.Online 2020: "Basics of OAuth 2.0 and OpenID Connect"AllTheTalks.Online 2020: "Basics of OAuth 2.0 and OpenID Connect"
AllTheTalks.Online 2020: "Basics of OAuth 2.0 and OpenID Connect"
 
JavaOne 2014 - Securing RESTful Resources with OAuth2
JavaOne 2014 - Securing RESTful Resources with OAuth2JavaOne 2014 - Securing RESTful Resources with OAuth2
JavaOne 2014 - Securing RESTful Resources with OAuth2
 
ConFoo 2015 - Securing RESTful resources with OAuth2
ConFoo 2015 - Securing RESTful resources with OAuth2ConFoo 2015 - Securing RESTful resources with OAuth2
ConFoo 2015 - Securing RESTful resources with OAuth2
 
Adding identity management and access control to your app
Adding identity management and access control to your appAdding identity management and access control to your app
Adding identity management and access control to your app
 
Web API 2 Token Based Authentication
Web API 2 Token Based AuthenticationWeb API 2 Token Based Authentication
Web API 2 Token Based Authentication
 
SFScon 2020 - Alex Lanz Martin Malfertheiner - OAuth2 OpenID
SFScon 2020 - Alex Lanz Martin Malfertheiner - OAuth2 OpenID SFScon 2020 - Alex Lanz Martin Malfertheiner - OAuth2 OpenID
SFScon 2020 - Alex Lanz Martin Malfertheiner - OAuth2 OpenID
 
An introduction to OAuth 2
An introduction to OAuth 2An introduction to OAuth 2
An introduction to OAuth 2
 
Globus Auth: A Research Identity and Access Management Platform
Globus Auth: A Research Identity and Access Management PlatformGlobus Auth: A Research Identity and Access Management Platform
Globus Auth: A Research Identity and Access Management Platform
 

Recently uploaded

API Governance and Monetization - The evolution of API governance
API Governance and Monetization - The evolution of API governanceAPI Governance and Monetization - The evolution of API governance
API Governance and Monetization - The evolution of API governance
WSO2
 
The Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and InsightThe Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and Insight
Safe Software
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Jeffrey Haguewood
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Less Is More: Utilizing Ballerina to Architect a Cloud Data Platform
Less Is More: Utilizing Ballerina to Architect a Cloud Data PlatformLess Is More: Utilizing Ballerina to Architect a Cloud Data Platform
Less Is More: Utilizing Ballerina to Architect a Cloud Data Platform
WSO2
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Victor Rentea
 

Recently uploaded (20)

WSO2 Micro Integrator for Enterprise Integration in a Decentralized, Microser...
WSO2 Micro Integrator for Enterprise Integration in a Decentralized, Microser...WSO2 Micro Integrator for Enterprise Integration in a Decentralized, Microser...
WSO2 Micro Integrator for Enterprise Integration in a Decentralized, Microser...
 
WSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering Developers
 
Simplifying Mobile A11y Presentation.pptx
Simplifying Mobile A11y Presentation.pptxSimplifying Mobile A11y Presentation.pptx
Simplifying Mobile A11y Presentation.pptx
 
API Governance and Monetization - The evolution of API governance
API Governance and Monetization - The evolution of API governanceAPI Governance and Monetization - The evolution of API governance
API Governance and Monetization - The evolution of API governance
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
The Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and InsightThe Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and Insight
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
TEST BANK For Principles of Anatomy and Physiology, 16th Edition by Gerard J....
TEST BANK For Principles of Anatomy and Physiology, 16th Edition by Gerard J....TEST BANK For Principles of Anatomy and Physiology, 16th Edition by Gerard J....
TEST BANK For Principles of Anatomy and Physiology, 16th Edition by Gerard J....
 
JohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard-hybrid-app-RailsConf2024.pptxJohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard-hybrid-app-RailsConf2024.pptx
 
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..
 
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Less Is More: Utilizing Ballerina to Architect a Cloud Data Platform
Less Is More: Utilizing Ballerina to Architect a Cloud Data PlatformLess Is More: Utilizing Ballerina to Architect a Cloud Data Platform
Less Is More: Utilizing Ballerina to Architect a Cloud Data Platform
 
Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityPlatformless Horizons for Digital Adaptability
Platformless Horizons for Digital Adaptability
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 

Introduction to OAuth

  • 1. Introduction to OAuth Wei-Tsung Su 10/30/2013 (Ver. 1.0) Ubiquitous Computing & Ambient Networking Laboratory Page : 1
  • 2. OAuth • OAuth is an open standard of authorization. (Wikipedia) • OAuth attempts to provide a standard way for developers to offer their services via an API without forcing their users to expose their passwords (and other credentials). (oauth.net) • Standard – RFC 6749: The OAuth 2.0 Authorization Framework – RFC 5849: The OAuth 1.0 Protocol • Implementation – Apache Oltu (http://oltu.apache.org/) – Others on .NET, PHP, Ruby, Python, … Ubiquitous Computing & Ambient Networking Laboratory Page : 2
  • 3. OAuth 2.0 Protocol Flow (3) Authorization Request (4) Access Token (1) Authorization Request (2) Authorization Grant Resource Owner (User) Authorization Server Client (5) Access Token API (6) Protected Resource Ubiquitous Computing & Ambient Networking Laboratory Resource Server Page : 3
  • 4. OAuth 2.0: Case Study • Resource owner – You • Client – Google Calendar APIs Explorer • Authorization server – Google OAuth 2.0 Server • API – Google Calendar APIs • Resource Server – Google Calendar Ubiquitous Computing & Ambient Networking Laboratory Page : 4
  • 5. OAuth 2.0: Case Study (con’t) (3) Authorization Request (1) Authorization Request (2) Authorization Grant Resource Owner (User) Google Calendar APIs Explorer (4) Access Token (5) Access Token (6) Protected Resource Google OAuth 2.0 Server Google Calendar APIs Ubiquitous Computing & Ambient Networking Laboratory Google Calendar Server (to access your Google calendar data) Page : 5
  • 6. Authorization Grant • There are four ways how a user grants the authorization to a client – Authorization Code • • • • The client directs the user to authorization server The user inputs ID/PWD on authorization server. The authorization server sends authorization code to client The client sends authorization code to authorization server for obtaining the access token – Implicit • Simplifying the above process, the client can directly obtain the access token – Resource Owner Password Credentials (less security) • The users inputs ID/PWD on the client • The client sends the ID/PWD to authorization server for obtaining the access token – Client Credentials • Used when the client is also the resource owner or • The authorization of access protected resources are previously arranged to the client with the authorization server Ubiquitous Computing & Ambient Networking Laboratory Page : 6
  • 7. Access Token • Access token – is a credential used to access protected resources. – is a string (usually opaque to the client) representing an authorization issued to the client. – represents specific scopes and durations of access, granted by the resource owner, and enforced by the resource server and authorization server. • Standard – RFC 6750: The OAuth 2.0 Authorization Framework: Bearer Token Usage Ubiquitous Computing & Ambient Networking Laboratory Page : 7
  • 8. References • OAuth Official Sites – http://oauth.net/ – http://wiki.oauth.net • OAuth 2.0 Implementations – http://wiki.oauth.net/w/page/25236487/OAuth Ubiquitous Computing & Ambient Networking Laboratory Page : 8