Uploaded bysimonetripodi
PDF, PPTX473 views

OAuth 1.0

OAuth is an open protocol that enables secure API authorization for applications without requiring users' credentials. It works as a method for both authentication and authorization, often used in scenarios involving third-party access to user data. The document discusses the integration of OAuth with other technologies and mentions its community and implementations across various programming languages.

Embed presentation

Download as PDF, PPTX
OAuth Simone Tripodi - Asemantics S.r.l. stripodi@asemantics.com
What’s OAuth? • An Open Protocol to allow secure API authorization in a simple and standard method for mobile, desktop and web application; • a protocol for developing password less APIs; • a way for an application to interact with an API on a user’s behalf without knowing the user’s authentication credentials.
Hypothetical Scenarios “Import pictures from Picasa “Allow Dailymotion read into Virgilio Photo Album” Virgilio’s User data” End User End User Service Consumer Service Provider Consumer Provider
Authorization flow
B2B shared information • Consumer Key: a value used by the Consumer to identify itself to the Service Provider; • Consumer Secret: a secret used by the Consumer to establish ownership of the Consumer Key; • The Consumer establishes a Consumer Key and a Consumer Secret with the Service Provider to be authenticated; the Consumer needs to be registered!
OpenID & OAuth • OpenID: helps determine who you are - AUTHENTICATION; • OAuth: defines how to give access to protected data - AUTHORIZATION; • They are complementary; a site that supports OAuth could also support OpenID for authentication!!!
OpenID & OAuth: Example integration
OAuth is Production Ready!!! • Google • Yahoo! • MySpace • Digg • Twitter • Magnolia • Plaxo ... and much more!
OAuth community • Leaded by Brian Cook & Chris Messina; • Active Google-group: http://groups.google.com/group/oauth/ • Blog: http://blog.oauth.net/ • Many available implementations from OS communities: Java - C# - JavaScript - Perl - PHP ...
Where are we? here

More Related Content

PDF
CIS14: PingAccess in Action
byCloudIDSummit
 
PDF
Token, token... From SAML to OIDC
byShiu-Fun Poon
 
PPTX
IBM APIc API security protection mechanism
byShiu-Fun Poon
 
PDF
Pimping the ForgeRock Identity Platform for a Billion Users
byForgeRock
 
PDF
ForgeRock Platform Release - Summer 2016
byForgeRock
 
PPTX
User-Managed Access: Why and How? - Access Control in Digital Contract Contexts
byForgeRock
 
PPTX
K8s idm-devfest
byMarc Boorshtein
 
PPTX
K8s rbac-sso
byMarc Boorshtein
 
CIS14: PingAccess in Action
byCloudIDSummit
 
Token, token... From SAML to OIDC
byShiu-Fun Poon
 
IBM APIc API security protection mechanism
byShiu-Fun Poon
 
Pimping the ForgeRock Identity Platform for a Billion Users
byForgeRock
 
ForgeRock Platform Release - Summer 2016
byForgeRock
 
User-Managed Access: Why and How? - Access Control in Digital Contract Contexts
byForgeRock
 
K8s idm-devfest
byMarc Boorshtein
 
K8s rbac-sso
byMarc Boorshtein
 

What's hot

PPTX
GDPR Part 4: Better Together Quest & SonicWall
byAdrian Dumitrescu
 
PDF
OpenAM Best Practices - Corelio Media Case Study
byForgeRock
 
PPTX
Infosec girls training-hackcummins-college-jan-2020(v0.1)
byShrutirupa Banerjiee
 
PDF
OpenID Tutorials
byNao Haida
 
PDF
Beyond username and password it's continuous authorization webinar
byForgeRock
 
PDF
SFScon 2020 - Alex Lanz Martin Malfertheiner - OAuth2 OpenID
bySouth Tyrol Free Software Conference
 
PDF
OAuth 2.0 with IBM WebSphere DataPower
byShiu-Fun Poon
 
PPTX
NYC Identity Summit Tech Day: Best Practices for API Security
byForgeRock
 
PPTX
RESTful API Authentication
byUttom Akash
 
PPTX
Rest API Authentication - Uttom Akash
byCefalo
 
PDF
IoT Wonderland: Understanding the Magic of OAuth2 Device Registration Flow
byForgeRock
 
DOCX
Wis pr desc
bymikevizzi
 
PPTX
NYC Identity Summit Tech Day: ForgeRock Identity Platform Overview
byForgeRock
 
PPTX
NYC Identity Summit Business Day: Identity is the Center of Everything (Mike ...
byForgeRock
 
PDF
Digital Trust: How Identity Tackles the Privacy, Security and IoT Challenge
byForgeRock
 
PPTX
Keyrock - Lesson 3. Applications. How to create OAuth2 tokens.
byÁlvaro Alonso González
 
GDPR Part 4: Better Together Quest & SonicWall
byAdrian Dumitrescu
 
OpenAM Best Practices - Corelio Media Case Study
byForgeRock
 
Infosec girls training-hackcummins-college-jan-2020(v0.1)
byShrutirupa Banerjiee
 
OpenID Tutorials
byNao Haida
 
Beyond username and password it's continuous authorization webinar
byForgeRock
 
SFScon 2020 - Alex Lanz Martin Malfertheiner - OAuth2 OpenID
bySouth Tyrol Free Software Conference
 
OAuth 2.0 with IBM WebSphere DataPower
byShiu-Fun Poon
 
NYC Identity Summit Tech Day: Best Practices for API Security
byForgeRock
 
RESTful API Authentication
byUttom Akash
 
Rest API Authentication - Uttom Akash
byCefalo
 
IoT Wonderland: Understanding the Magic of OAuth2 Device Registration Flow
byForgeRock
 
Wis pr desc
bymikevizzi
 
NYC Identity Summit Tech Day: ForgeRock Identity Platform Overview
byForgeRock
 
NYC Identity Summit Business Day: Identity is the Center of Everything (Mike ...
byForgeRock
 
Digital Trust: How Identity Tackles the Privacy, Security and IoT Challenge
byForgeRock
 
Keyrock - Lesson 3. Applications. How to create OAuth2 tokens.
byÁlvaro Alonso González
 

Similar to OAuth 1.0

PDF
OAuth - Open API Authentication
byleahculver
 
ODP
Mohanraj - Securing Your Web Api With OAuth
byfossmy
 
ODP
Securing your Web API with OAuth
byMohan Krishnan
 
PDF
oauth-for-credentials-security-in-rest-api-access
byidsecconf
 
PPTX
OAuth
byAdi Challa
 
PPT
Silicon Valley Code Camp 2009: OAuth: What, Why and How
byManish Pandit
 
KEY
OpenID vs OAuth - Identity on the Web
byRichard Metzler
 
PPTX
Maintest2
byMohan Kumar Tadikimalla
 
PPTX
OAuth [noddyCha]
bynoddycha
 
PDF
Oauth ebook-2012-02
byVarinder Saini
 
PDF
OAuth
byIván Fernández Perea
 
PDF
A How-to Guide to OAuth & API Security
byCA API Management
 
PDF
OAuth big picture
byMin Li
 
PDF
Introduction to OAuth2.0
byOracle Corporation
 
PPTX
Securing your APIs with OAuth, OpenID, and OpenID Connect
byManish Pandit
 
PDF
OAuth and OEmbed
byleahculver
 
PPTX
Devteach 2017 OAuth and Open id connect demystified
byTaswar Bhatti
 
PPT
UserCentric Identity based Service Invocation
byguestd5dde6
 
PPTX
Intro to OAuth2 and OpenID Connect
byLiamWadman
 
PDF
Implementing OAuth
byleahculver
 
OAuth - Open API Authentication
byleahculver
 
Mohanraj - Securing Your Web Api With OAuth
byfossmy
 
Securing your Web API with OAuth
byMohan Krishnan
 
oauth-for-credentials-security-in-rest-api-access
byidsecconf
 
OAuth
byAdi Challa
 
Silicon Valley Code Camp 2009: OAuth: What, Why and How
byManish Pandit
 
OpenID vs OAuth - Identity on the Web
byRichard Metzler
 
Maintest2
byMohan Kumar Tadikimalla
 
OAuth [noddyCha]
bynoddycha
 
Oauth ebook-2012-02
byVarinder Saini
 
OAuth
byIván Fernández Perea
 
A How-to Guide to OAuth & API Security
byCA API Management
 
OAuth big picture
byMin Li
 
Introduction to OAuth2.0
byOracle Corporation
 
Securing your APIs with OAuth, OpenID, and OpenID Connect
byManish Pandit
 
OAuth and OEmbed
byleahculver
 
Devteach 2017 OAuth and Open id connect demystified
byTaswar Bhatti
 
UserCentric Identity based Service Invocation
byguestd5dde6
 
Intro to OAuth2 and OpenID Connect
byLiamWadman
 
Implementing OAuth
byleahculver
 

Recently uploaded

PPTX
Becoming Frontier for Dynamics 365 Finance PPT
byjonbravetti
 
PPTX
Storage-and-HCI-Positioning-update-sales.pptx
byhungungphu123
 
PDF
Presentation of Cybersecurity and data protection
bytarikaityahya2
 
PDF
Best 10 Dedicated Servers in Amsterdam, Netherlands (2026 Enterprise Edition)...
byAtal Networks
 
PPTX
Design Flaws and Known Attacks in Agentic AI - ITI Business Session
byInformation Technology Institute
 
PDF
2006 IEEE International Solid-State Circuits Conference
bySlide_N
 
PDF
Adding Copilot+ PCs with Snapdragon to your HP fleet won’t require IT deploym...
byPrincipled Technologies
 
PPTX
About Computer Hardware ................
bymaratiakshaya07
 
PPTX
computer science class 11 ( phishing and fraud mails) .pptx
bybalajichess314
 
PDF
Hart, Inc. M&A Data Transition Checklist
byHart, Inc.
 
PDF
Are AI Hallucinations Getting Better or Worse? We Analyzed the Data.
byScott M. Graffius
 
PDF
Effective Ai powered mock interview .pdf
byamazingnishusingh766
 
PDF
UiPath Coded Agents - A Developer Driven Agentic Automation Era
byUiPathCommunity
 
PDF
A paper in the leading academic journal Telecommunication Policy cited Scott ...
byScott M. Graffius
 
PDF
Profiting from Technological Innovation: Managing Intellectual Property to Bu...
byDavid Teece
 
PDF
Top 10 Dedicated Server Providers in Stockholm (Updated Edition).pdf
byAtal Networks
 
PPTX
Spacewalk 2026 - Presented at the IMAX in Raleigh, NC
byAll Things Open
 
PDF
Top 5 Best Dedicated Server Providers in Los Angeles (Updated Edition)
byAtal Networks
 
PPT
connectives-linking words in English.ppt
byAmrMohammed82
 
PDF
One String, Many Prompts: AI Code Generation
byGeoffrey Goetz
 
Becoming Frontier for Dynamics 365 Finance PPT
byjonbravetti
 
Storage-and-HCI-Positioning-update-sales.pptx
byhungungphu123
 
Presentation of Cybersecurity and data protection
bytarikaityahya2
 
Best 10 Dedicated Servers in Amsterdam, Netherlands (2026 Enterprise Edition)...
byAtal Networks
 
Design Flaws and Known Attacks in Agentic AI - ITI Business Session
byInformation Technology Institute
 
2006 IEEE International Solid-State Circuits Conference
bySlide_N
 
Adding Copilot+ PCs with Snapdragon to your HP fleet won’t require IT deploym...
byPrincipled Technologies
 
About Computer Hardware ................
bymaratiakshaya07
 
computer science class 11 ( phishing and fraud mails) .pptx
bybalajichess314
 
Hart, Inc. M&A Data Transition Checklist
byHart, Inc.
 
Are AI Hallucinations Getting Better or Worse? We Analyzed the Data.
byScott M. Graffius
 
Effective Ai powered mock interview .pdf
byamazingnishusingh766
 
UiPath Coded Agents - A Developer Driven Agentic Automation Era
byUiPathCommunity
 
A paper in the leading academic journal Telecommunication Policy cited Scott ...
byScott M. Graffius
 
Profiting from Technological Innovation: Managing Intellectual Property to Bu...
byDavid Teece
 
Top 10 Dedicated Server Providers in Stockholm (Updated Edition).pdf
byAtal Networks
 
Spacewalk 2026 - Presented at the IMAX in Raleigh, NC
byAll Things Open
 
Top 5 Best Dedicated Server Providers in Los Angeles (Updated Edition)
byAtal Networks
 
connectives-linking words in English.ppt
byAmrMohammed82
 
One String, Many Prompts: AI Code Generation
byGeoffrey Goetz
 

OAuth 1.0

  • 1.
    OAuth Simone Tripodi -Asemantics S.r.l. stripodi@asemantics.com
  • 2.
    What’s OAuth? • AnOpen Protocol to allow secure API authorization in a simple and standard method for mobile, desktop and web application; • a protocol for developing password less APIs; • a way for an application to interact with an API on a user’s behalf without knowing the user’s authentication credentials.
  • 3.
    Hypothetical Scenarios “Import picturesfrom Picasa “Allow Dailymotion read into Virgilio Photo Album” Virgilio’s User data” End User End User Service Consumer Service Provider Consumer Provider
  • 4.
  • 5.
    B2B shared information •Consumer Key: a value used by the Consumer to identify itself to the Service Provider; • Consumer Secret: a secret used by the Consumer to establish ownership of the Consumer Key; • The Consumer establishes a Consumer Key and a Consumer Secret with the Service Provider to be authenticated; the Consumer needs to be registered!
  • 6.
    OpenID & OAuth •OpenID: helps determine who you are - AUTHENTICATION; • OAuth: defines how to give access to protected data - AUTHORIZATION; • They are complementary; a site that supports OAuth could also support OpenID for authentication!!!
  • 7.
    OpenID & OAuth: Example integration
  • 8.
    OAuth is Production Ready!!! • Google • Yahoo! • MySpace • Digg • Twitter • Magnolia • Plaxo ... and much more!
  • 9.
    OAuth community • Leadedby Brian Cook & Chris Messina; • Active Google-group: http://groups.google.com/group/oauth/ • Blog: http://blog.oauth.net/ • Many available implementations from OS communities: Java - C# - JavaScript - Perl - PHP ...
  • 10.