The document outlines PayPal Access, a service introduced in 2011 that allows users to log in using their existing PayPal credentials, leveraging OAuth 2.0 and OpenID Connect for authentication. It highlights the advantages of using social sign-ins, user verification, and the implementation process, along with relevant technical details. Additionally, it provides resources for developers and links to further information on integrating PayPal Access into applications.

1. IDENTIFY YOURSELF
WITH ACCESS
Tim Messerschmidt
Developer Evangelist
GDG DEVFEST 2012
developer.PayPal
1
November 2012, Karlsruhe (via Hangout)
@SeraAndroid

2. Who am I?
2

3. Agenda
• What is PayPal Access?
• How does it work?
• Why should I use this?
• How to implement that?
3

4. Slides
goo.gl/u3Rix
SlideShare:
PayPalEuDevs
4

5. WHAT IS
ACCESS?
5

6. Can be used to login
with your existing
PayPal credentials
6

7. Figure:
Q3 2012
active
users
7

8. Leverage existing
technology to push
your own service(s)
8

9. Based on OAuth 2.0 or
OpenID Connect
9

10. Not related to payments
10

11. Free to use
11

12. Introduced in 2011
12

13. Additional features
coming soon!
13

14. Registration of apps:
devportal.x.com
14

15. 15

16. HOW DOES IT
LOOK LIKE?
16

17. 17

18. 18

19. 19

20. HOW DOES
IT WORK?
20
20

21. OAuth?
OpenID?
OpenID Connect?
21

22. OAuth 1.0
22

23. OAuth 2.0
23

24. OPINIONS ON
OAUTH 2
24

25. OAuth 2.0 &
the Road to Hell
Eran Hammer: http://hueniverse.com/2012/07/oauth-2-0-and-the-road-to-hell/
25

26. “OAuth 2.0 offers little to
none code re-usability”
26

27. “What 2.0 offers is a
blueprint for an
authorization protocol”
27

28. On the Deadness
of OAuth 2
Tim Bray: http://www.tbray.org/ongoing/When/201x/2012/07/28/Oauth2-dead
28

29. “OAuth 2 is
useful today.”
29

30. “OAuth 2 may not be
perfect, and may have been
harmed by the Enterprise
crap, but the core of Web
functionality […] seems to
have survived.”
30

31. OpenID
Connect
31

32. 5 scopes 1. profile
2. email
for access
3. address
to the
4. phone
profile:
5. attributes
32

33. THE
DIFFERENCE
33

34. OAuth 2.0 implementation
can be easily changed to
OpenID Connect
Jonathan LeBlanc: https://www.x.com/developers/community/blogs/
jcleblanc/migrating-paypal-access-integration-oauth-2-openid-connect
34

35. WHY
SHOULD I
USE THIS?
35

36. People forget passwords…
“45 % admit to leaving a website
instead of re-setting their password
or answering security questions” *
* Blue Inc. 2011
36

37. People don’t like to register…
Out of 657 surveyed users 66 %
think that social sign-in is a desirable
alternative. *
* Blue Inc. 2011
37

38. THE VALUE
38

39. Leverage
an existing
profile
39

40. Verified user
accounts
40

41. THE FLOW
&
SOME CODE
41

42. Authorization Flow
Client
Server
1. Open Authorization 2. Provide login page
Endpoint URL
3. Return Authorization
4. Check callbacks for Token after
Authorization Token
successful login
5. Request a valid 6. Check Authorization
Access Token
Token & return
7. Retrieve user’s Access Token if valid
resources
42

43. Your components (OAuth 2)
Server endpoints:
Client details:
43

44. Load the Authorization URL in
a WebView and…
44

45. … start checking the URLs your
WebView is loading
45

46. Retrieve the Access Token
46

47. THE REPLY
{
"access_token": "something not so long",
"token_type": "Bearer",
"refresh_token": ”something not so long",
"expires_in": 900,
"id_token": "something very long"
}
47

48. REFRESHING A TOKEN
Do a POST including the
Refresh Token to this endpoint:
https://www.paypal.com/
webapps/auth/protocol/
openidconnect/v1/tokenservice
48

49. REFRESHING A TOKEN
Change the Grant Type:
grant_type=refresh_token
Add the profile’s scope
scope=profile
49

50. VALIDATION
Do a POST including the
Access Token to this endpoint:
https://www.paypal.com/
webapps/auth/protocol/
openidconnect/v1/checkid
50

51. VALIDATION
Provide the id_token value
you got when receiving
the Access Token
access_token=myToken
51

52. LOGGING OUT THE USER
Do a POST including the
Access Token to this endpoint:
https://www.paypal.com/
webapps/auth/protocol/
openidconnect/v1/endsession
52

53. LOGGING OUT THE USER
Furthermore you have to
add the following parameters
to the POST:
redirect_url=myFancyUrl.com
logout=true
53

54. FURTHER
INFORMATION
54

55. Useful links
• goo.gl/y9HKO
– Migrating PayPal Access to from OAuth 2
to OpenID Connect (Jonathan LeBlanc)
• goo.gl/1wjRV
– Sample project which has some helper classes
that enable easy integration Access into your
Android app
– Apache V2
55

56. Official developer resources
• x.com/identity
– PayPal Access Developer Guide
• x.com/mobile
– PayPal payment products
• Mobile Payments Library (native)
• Mobile Express Checkout (web)
56

57. Help!!?! Problems?
• paypal.com/dts
– Developer Technical Services
– Ticketing
• x.com/developers/paypal/forums
– PayPal Developer Forums
57

58. INNOVATION
58

59. QR Code adoption
between different
countries
59

60. % of Smartphone Audience
20
18
16
14
12
10
8
6
4
2
0
Germany
France
UK
Italy
Spain
* comScore MobiLens July 2012
60

61. Adoption of QR Codes
70% of 30.000.000 surveyed
German households recognize QR
Codes and know how to use them *
* Nielsen 2011
61

62. Available"
for "
Android"
& iOS
62

63. TL;DR
PayPal Access enhances
applications by adding a
verified user-base
63

64. QUESTIONS?
64

65. THANKS!
tmesserschmidt@paypal.com
@seraandroid / @paypaleurodev
+tim messerschmidt
slideshare.net/PayPalEuDev
65