Iván Fernández Perea, profile picture
Uploaded byIván Fernández Perea
2,503 views

OAuth

This 20-minute presentation introduces OAuth through defining it, explaining why it is useful, providing background information, defining key terminology, outlining the workflow, and including a live example. It defines OAuth as a method for users to grant third-party access to their resources without sharing passwords and to grant limited access. It highlights issues with traditional client-server authentication and how OAuth addresses them. The presentation then covers OAuth background, terminology like consumer and service provider, the redirection-based authorization workflow, and concludes with a live example and references for further information.

Technology
Related topics:
Internet Service Provider
In this document
Powered by AI

Overview of the presentation's focus on OAuth and its importance.

Outline includes definitions, background, terminology, workflow, examples, references, and Q&A.

OAuth allows users to grant limited third-party access without sharing passwords.

Discusses the limitations of traditional client-server authentication models, such as credential sharing.

History of OAuth's development through various protocols and standards since 2006.

Basic terms including consumer, service provider, and user, essential for understanding OAuth.

The process of granting access through redirection for applications like photo printing.

Example of authorizing WordPress to post on Facebook and Twitter.

Useful resources and links for learning more about OAuth.

Open floor for questions and answers regarding OAuth.

Embed presentation

Downloaded 42 times
A (20 minutes) introduction to Oauth.
Roadmap  Defining Oauth  Why Oauth?  Background  Terminology  Workflow  Live Example  References  Q&A
Defining Oauth ”Oauth provides a method for users to grant third-party access to their resources without sharing their passwords. It also passwords provides a way to grant limited access (in scope, duration, etc …)”
Why Oauth?  Traditional client-server authentication model. Client - Photos - Wall - Friends Credential Client - Tweets. - Tags Application - Position Credential Client - Job - Expertise - CV Credential
Why Oauth?  Issues with traditional client-service auth model  Users share their credentials (password) with the application for each service  Application needs as many credentials as services  Once the application get the user password there is no way to invalid the access to the user's resources … unless user changes his password  Application has the same privileges as the user.
Background  Based on well-established practices of many propietary industry protocols.  Google AuthSub  Yahoo BBAuth  Flickr API  Focused on website services but also desktop applications, mobile devices or set-top boxes.
Background  OpenID 2006 Blaine Cook descentralized digital idetification standard.  OpenAuth 2006 Chris Messina no sharing password and login agnostic.  OpenAuth Google 2007  AOL's implements OpenAuth protocol 2007  OauthCore 1.0 Revision 2009  Oauth Core 1.0 RFC 2010  Present-Future … OAuth 2.0 Draft http://tools.ietf.org/html/draft-ietf-oauth-v2-26
Terminology consumer Service provider user
Workflow Goal: Print on demand our last Service provider Summer photos through a web application that we previously uploaded to Facebook. Step 1 –User access to Print Service. Step 2 – Print Service gives you the choice to access to Facebook to get your photos. Step 3 – You were redirected to Facebook login page Step 4 – Once you are logged in you authorized the Print Service to access your photos on Facebook. Step 5 – You are redirected to the Print Service where you access your photos. Consumer User
Workflow  Redirection-based authorization. Credentials types.  Get temporary credentials  Obtain authorization from the resources owner.  Get token credentials (request token + secret).
Live Example  Give authorization to Wordpress to post on your Facebook's wall and your Twitter account.
References  Official page. http://oauth.net/  Beginner's guide to Oauth http://oauth.net/documentation/getting-started/  Google Oauth https://developers.google.com/accounts/  Getting Started with OAuth 2.0 by Ryan Boyd  Programming Social Applications: Building Viral Experiences with OpenSocial, OAuth, OpenID, and Distributed Web Frameworks by Jonathan LeBlanc
Q&A

More Related Content

PDF
OAuth 2.0
byUwe Friedrichsen
 
PDF
Implementing OAuth
byleahculver
 
PPTX
An Introduction to OAuth2
byAaron Parecki
 
PDF
OpenID Connect Explained
byVladimir Dzhuvinov
 
PPTX
An Introduction to OAuth 2
byAaron Parecki
 
PPT
OAuth 2.0 and OpenId Connect
bySaran Doraiswamy
 
ODP
OAuth2 - Introduction
byKnoldus Inc.
 
PDF
Demystifying OAuth 2.0
byKarl McGuinness
 
OAuth 2.0
byUwe Friedrichsen
 
Implementing OAuth
byleahculver
 
An Introduction to OAuth2
byAaron Parecki
 
OpenID Connect Explained
byVladimir Dzhuvinov
 
An Introduction to OAuth 2
byAaron Parecki
 
OAuth 2.0 and OpenId Connect
bySaran Doraiswamy
 
OAuth2 - Introduction
byKnoldus Inc.
 
Demystifying OAuth 2.0
byKarl McGuinness
 

What's hot

PDF
Stateless Auth using OAuth2 & JWT
byGaurav Roy
 
PDF
OAuth & OpenID Connect Deep Dive
byNordic APIs
 
PPTX
OAuth2 + API Security
byAmila Paranawithana
 
PPTX
Web API authentication and authorization
byChalermpon Areepong
 
PDF
Introduction to OpenID Connect
byNat Sakimura
 
PPTX
REST API Design & Development
byAshok Pundit
 
PDF
SAML VS OAuth 2.0 VS OpenID Connect
byUbisecure
 
PPTX
Rest API Security - A quick understanding of Rest API Security
byMohammed Fazuluddin
 
PPTX
OAuth 2
byChrisWood262
 
PDF
OAuth2 and Spring Security
byOrest Ivasiv
 
PDF
Spring Security
byKnoldus Inc.
 
PDF
Modern API Security with JSON Web Tokens
byJonathan LeBlanc
 
PDF
What should a hacker know about WebDav?
byMikhail Egorov
 
PDF
Insecure direct object reference (null delhi meet)
byAbhinav Mishra
 
PPTX
Spring Security 5
byJesus Perez Franco
 
PPTX
OWASP Top 10 2021 What's New
byMichael Furman
 
PPTX
Rest API Security
byStormpath
 
PPTX
A Forgotten HTTP Invisibility Cloak
bySoroush Dalili
 
PDF
Securing AEM webapps by hacking them
byMikhail Egorov
 
PPTX
Directory Traversal & File Inclusion Attacks
byRaghav Bisht
 
Stateless Auth using OAuth2 & JWT
byGaurav Roy
 
OAuth & OpenID Connect Deep Dive
byNordic APIs
 
OAuth2 + API Security
byAmila Paranawithana
 
Web API authentication and authorization
byChalermpon Areepong
 
Introduction to OpenID Connect
byNat Sakimura
 
REST API Design & Development
byAshok Pundit
 
SAML VS OAuth 2.0 VS OpenID Connect
byUbisecure
 
Rest API Security - A quick understanding of Rest API Security
byMohammed Fazuluddin
 
OAuth 2
byChrisWood262
 
OAuth2 and Spring Security
byOrest Ivasiv
 
Spring Security
byKnoldus Inc.
 
Modern API Security with JSON Web Tokens
byJonathan LeBlanc
 
What should a hacker know about WebDav?
byMikhail Egorov
 
Insecure direct object reference (null delhi meet)
byAbhinav Mishra
 
Spring Security 5
byJesus Perez Franco
 
OWASP Top 10 2021 What's New
byMichael Furman
 
Rest API Security
byStormpath
 
A Forgotten HTTP Invisibility Cloak
bySoroush Dalili
 
Securing AEM webapps by hacking them
byMikhail Egorov
 
Directory Traversal & File Inclusion Attacks
byRaghav Bisht
 

Similar to OAuth

PPT
Oauth2.0
byYasmine Gaber
 
PPTX
Devteach 2017 OAuth and Open id connect demystified
byTaswar Bhatti
 
PPTX
OAuth
byTom Elrod
 
KEY
OpenID vs OAuth - Identity on the Web
byRichard Metzler
 
PDF
OAuth: Trust Issues
byLorna Mitchell
 
PDF
OAuth - Open API Authentication
byleahculver
 
PDF
OAuth for your API - The Big Picture
byApigee | Google Cloud
 
PDF
OAuth with OAuth.io : solving the OAuth Fragmentation for Identity Management...
byMehdi Medjaoui
 
PDF
OAuth 1.0
byNov Matake
 
KEY
OAuth 2.0
byAlex Bilbie
 
PDF
open id & o-auth
byPaul Fryer
 
PDF
A How-to Guide to OAuth & API Security
byCA API Management
 
PPTX
Maintest2
byMohan Kumar Tadikimalla
 
KEY
OAuth Android Göteborg
bydanieloskarsson
 
PPTX
Maintest3
byMohan Kumar Tadikimalla
 
PDF
A technical insight into the concepts and terminologies behind oauth – an ope...
byeSAT Journals
 
PDF
oauth-for-credentials-security-in-rest-api-access
byidsecconf
 
PPTX
OAuth 2.0 and Mobile Devices: Is that a token in your phone in your pocket or...
byBrian Campbell
 
PDF
OAuth 1.0
bysimonetripodi
 
PDF
Draft Ietf Oauth V2 12
byVishal Shah
 
Oauth2.0
byYasmine Gaber
 
Devteach 2017 OAuth and Open id connect demystified
byTaswar Bhatti
 
OAuth
byTom Elrod
 
OpenID vs OAuth - Identity on the Web
byRichard Metzler
 
OAuth: Trust Issues
byLorna Mitchell
 
OAuth - Open API Authentication
byleahculver
 
OAuth for your API - The Big Picture
byApigee | Google Cloud
 
OAuth with OAuth.io : solving the OAuth Fragmentation for Identity Management...
byMehdi Medjaoui
 
OAuth 1.0
byNov Matake
 
OAuth 2.0
byAlex Bilbie
 
open id & o-auth
byPaul Fryer
 
A How-to Guide to OAuth & API Security
byCA API Management
 
Maintest2
byMohan Kumar Tadikimalla
 
OAuth Android Göteborg
bydanieloskarsson
 
Maintest3
byMohan Kumar Tadikimalla
 
A technical insight into the concepts and terminologies behind oauth – an ope...
byeSAT Journals
 
oauth-for-credentials-security-in-rest-api-access
byidsecconf
 
OAuth 2.0 and Mobile Devices: Is that a token in your phone in your pocket or...
byBrian Campbell
 
OAuth 1.0
bysimonetripodi
 
Draft Ietf Oauth V2 12
byVishal Shah
 

Recently uploaded

PPTX
Combining Induction and Transduction for Abstract Reasoning.pptx
byallen578468
 
PPTX
Basics of Identity Access Management In mordern Infrastructure
byPrinceXavier18
 
PPTX
THIS IS CYBER SECURITY NOTES USED IN CLASS ON VARIOUS TOPICS USED IN CYBERSEC...
byMelissaGblinwon
 
PDF
AI Technology important knowledge ......
byutkarshj2007
 
PDF
Top Cybersecurity Threats 2025 Guide by Sureshdas
byPrintersassist
 
PDF
TrustArc Webinar - Looking Ahead: The 2026 Privacy Landscape
byTrustArc
 
PDF
Generative AI in UiPath: Mastering the Generative Extractor for Intelligent D...
byDianaGray10
 
PDF
Session 1 - Solving Semi-Structured Documents with Document Understanding
byDianaGray10
 
PDF
8 LLM Surveys https://tinyurl.com/bdz8e6fp
byBob Marcus
 
PDF
API206-S: Transforming Supply Chains with Amazon Bedrock AgentCore - AWS re:I...
byChris Bingham
 
PDF
AI and Computer Architecture: 200 Years Together
byDmitry Zinoviev
 
PDF
Vibe Coding vs. Spec-Driven Development [Free Meetup]
byHaim Michael
 
DOCX
Introduction to the World of Computers (Hardware & Software)
byALIABBAS ABASOV
 
PDF
Making Sense of Raster: From Bit Depth to Better Workflows
bySafe Software
 
PDF
Generative AI in 2026: Hype, Bubble, Winter or The Real Deal?
byDr. Tathagat Varma
 
PDF
Igniting the Future: Copilot trends, agentic transformation and product roadm...
byUni Systems S.M.S.A.
 
PDF
Unser Jahresrückblick – MarvelClient in 2025
bypanagenda
 
PDF
Ransomware_Resilience_Strategic_Playbook.pdf
byAfonso Henrique Rodrigues Alves
 
PDF
Top 7 Manufacturing Software for Small Businesses Boosting Growth in 2025
byEnvertis Software Solutions
 
PDF
TrustArc Webinar - Assessing AI Risk with Confidence
byTrustArc
 
Combining Induction and Transduction for Abstract Reasoning.pptx
byallen578468
 
Basics of Identity Access Management In mordern Infrastructure
byPrinceXavier18
 
THIS IS CYBER SECURITY NOTES USED IN CLASS ON VARIOUS TOPICS USED IN CYBERSEC...
byMelissaGblinwon
 
AI Technology important knowledge ......
byutkarshj2007
 
Top Cybersecurity Threats 2025 Guide by Sureshdas
byPrintersassist
 
TrustArc Webinar - Looking Ahead: The 2026 Privacy Landscape
byTrustArc
 
Generative AI in UiPath: Mastering the Generative Extractor for Intelligent D...
byDianaGray10
 
Session 1 - Solving Semi-Structured Documents with Document Understanding
byDianaGray10
 
8 LLM Surveys https://tinyurl.com/bdz8e6fp
byBob Marcus
 
API206-S: Transforming Supply Chains with Amazon Bedrock AgentCore - AWS re:I...
byChris Bingham
 
AI and Computer Architecture: 200 Years Together
byDmitry Zinoviev
 
Vibe Coding vs. Spec-Driven Development [Free Meetup]
byHaim Michael
 
Introduction to the World of Computers (Hardware & Software)
byALIABBAS ABASOV
 
Making Sense of Raster: From Bit Depth to Better Workflows
bySafe Software
 
Generative AI in 2026: Hype, Bubble, Winter or The Real Deal?
byDr. Tathagat Varma
 
Igniting the Future: Copilot trends, agentic transformation and product roadm...
byUni Systems S.M.S.A.
 
Unser Jahresrückblick – MarvelClient in 2025
bypanagenda
 
Ransomware_Resilience_Strategic_Playbook.pdf
byAfonso Henrique Rodrigues Alves
 
Top 7 Manufacturing Software for Small Businesses Boosting Growth in 2025
byEnvertis Software Solutions
 
TrustArc Webinar - Assessing AI Risk with Confidence
byTrustArc
 

OAuth

  • 1.
  • 2.
    Roadmap  Defining Oauth  Why Oauth?  Background  Terminology  Workflow  Live Example  References  Q&A
  • 3.
    Defining Oauth ”Oauthprovides a method for users to grant third-party access to their resources without sharing their passwords. It also passwords provides a way to grant limited access (in scope, duration, etc …)”
  • 4.
    Why Oauth?  Traditional client-server authentication model. Client - Photos - Wall - Friends Credential Client - Tweets. - Tags Application - Position Credential Client - Job - Expertise - CV Credential
  • 5.
    Why Oauth?  Issues with traditional client-service auth model  Users share their credentials (password) with the application for each service  Application needs as many credentials as services  Once the application get the user password there is no way to invalid the access to the user's resources … unless user changes his password  Application has the same privileges as the user.
  • 6.
    Background  Based on well-established practices of many propietary industry protocols.  Google AuthSub  Yahoo BBAuth  Flickr API  Focused on website services but also desktop applications, mobile devices or set-top boxes.
  • 7.
    Background  OpenID 2006 Blaine Cook descentralized digital idetification standard.  OpenAuth 2006 Chris Messina no sharing password and login agnostic.  OpenAuth Google 2007  AOL's implements OpenAuth protocol 2007  OauthCore 1.0 Revision 2009  Oauth Core 1.0 RFC 2010  Present-Future … OAuth 2.0 Draft http://tools.ietf.org/html/draft-ietf-oauth-v2-26
  • 8.
    Terminology consumer Service provider user
  • 9.
    Workflow Goal: Print ondemand our last Service provider Summer photos through a web application that we previously uploaded to Facebook. Step 1 –User access to Print Service. Step 2 – Print Service gives you the choice to access to Facebook to get your photos. Step 3 – You were redirected to Facebook login page Step 4 – Once you are logged in you authorized the Print Service to access your photos on Facebook. Step 5 – You are redirected to the Print Service where you access your photos. Consumer User
  • 10.
    Workflow  Redirection-based authorization. Credentials types.  Get temporary credentials  Obtain authorization from the resources owner.  Get token credentials (request token + secret).
  • 11.
    Live Example  Give authorization to Wordpress to post on your Facebook's wall and your Twitter account.
  • 12.
    References  Official page. http://oauth.net/  Beginner's guide to Oauth http://oauth.net/documentation/getting-started/  Google Oauth https://developers.google.com/accounts/  Getting Started with OAuth 2.0 by Ryan Boyd  Programming Social Applications: Building Viral Experiences with OpenSocial, OAuth, OpenID, and Distributed Web Frameworks by Jonathan LeBlanc
  • 13.