Download as PDF, PPTX
![“OAuth 2 may not be perfect,
and may have been harmed by
the Enterprise crap, but the
core of Web functionality […]
seems to have survived.”
22](https://image.slidesharecdn.com/paypal-130326105746-phpapp02/85/Paypal-22-320.jpg)
Uploaded byHeinrich Seeger
Paypal
PayPal uses OpenID Connect to allow its 123 million active users to easily log in to third-party applications using their PayPal credentials. OpenID Connect builds upon OAuth 2.0 by adding user authentication on top of authorization. This allows PayPal users to securely login to other sites without needing to create new accounts. PayPal is actively working on new features for OpenID Connect to provide additional functionality like session management and accessing user profile information with their consent.
Paypal
- 1. How PayPal uses Open Identity Tim Messerschmidt Moosecon Developer Evangelist 1 March 2012, Hannover @SeraAndroid
- 2. Who am I? TimMesserschmdit Developer Evangelist Startup Mentor Author 2
- 3.
- 4.
- 5. What is identity in the Web? 5
- 6.
- 7.
- 8. PayPal Access • activeusers: 123.000.000 • Uses OpenID Connect • Interesting for commercial use cases – Adds integrity to existing applications – Clearly business- & merchant-oriented • Actively being worked on! – Expect new kick-ass features soon 8
- 9.
- 10.
- 11.
- 12.
- 13.
- 14. Authorization vs. Authentication 14
- 15. OAuth 1.0 15
- 16. OAuth 2.0 16
- 17. OAuth 2.0 & the Road to Hell Eran Hammer: http://hueniverse.com/2012/07/oauth-2-0-and-the-road-to-hell/ 17
- 18. “OAuth 2.0 offers littleto none code reusability” 18
- 19. “What 2.0 offers isa blueprint for an authorization protocol” 19
- 20. On the Deadness of OAuth 2 Tim Bray: http://www.tbray.org/ongoing/When/201x/2012/07/28/Oauth2-dead 20
- 21. OAuth 2 is usefultoday 21
- 22. “OAuth 2 maynot be perfect, and may have been harmed by the Enterprise crap, but the core of Web functionality […] seems to have survived.” 22
- 23.
- 24.
- 25.
- 26. Session management • Highlydemanded feature – Service can be used to login & logout • OAuth 2.0 requires users to revoke permission to “logout” • Token validation & refreshment • AN Optional feature 26
- 27. Authorization Flow Client Server 1. Open Authorization 2. Provide a login page Endpoint URL 3. Return the Authorization 4. Check callbacks for Token after a successful Authorization Token login 5. Request a valid Access 6. Check Authorization Token Token & return the Access Token 7. Retrieve user’s resources if it’s valid 27
- 28. OAuth 2.0 implementation can beeasily changed to OpenID Connect 28
- 29. Why should I use this? 29
- 30. People forget passwords… “45% admit to leaving a website instead of re- setting their password or answering security questions” * * Blue Inc. 2011 30
- 31. People don’t liketo register… Out of 657 surveyed users 66 % think that social sign-in is a desirable alternative. * * Blue Inc. 2011 31
- 32. Verified profiles Email –as it’s the user’s login Address – ship my stuff here! Name – makes sense, too … and much more information! 32
- 33. 1. profile 5 scopes to 2. email access the 3. address profile: 4. phone 5. attributes 33
- 34. Leverage an existing profile 34
- 35.
- 36. What’s next? 36
- 37. Help? Problems? • paypal.com/dts – Developer Technical Services – Ticketing • StackOverflow.com – Tag “PayPal” – Actively being watched by Technical Service and Developer Evangelists like me 37
- 38. Questions? 38
- 39. Thanks! tmesserschmidt@paypal.com @seraandroid /@paypaleurodev slideshare.net/PayPalEUDevs 39