2. What we’ll cover
• What is OpenID and OAuth?
• Where and why are these used?
• “In the wild” examples.
• Source code examples.
3. What is OpenID?
• OpenID is about verifying identity
(authenticating).
• Prevents users from having to maintain
multiple identities with websites/electronic
systems.
4. Who uses OpenID?
• You probably already have an OpenID.
• Most of the major web players have an
implementation.
• You can provide your own implementation.
5. How does OpenID Work?
1. What’s your OpenID?
2. User enters OpenID.
3. Request the OpenID Provider page.
4. Provider returns page with
openid.server and, optionally,
openid.delegate.
5. Build URL and make request to
OpenID server.
6. OpenID server presents login
screen.
7. User provides credentials.
8. OpenID server asks user to
authorize use.
9. User responds to authorization
request.
10. User redirected to success or failure
URL.
11. Appropriate page is rendered
depending on success or failure.
6. What is OAuth?
• OAuth is about authorizing 3rd party sites to
access user information.
• Allows sharing of user data with other systems
without providing credentials to the other
systems.
7. Who uses OAuth?
• Most major web players.
• Facebook, Twitter, Google, Flickr, more..
• You can too! Just download an open source
library for your programming language of
choice (Dot Net, Cold Fusion, Lisp, Java,
JavaScript, Objective C, Perl, Ocaml, PHP, Ruby,
Python, Erlang, more..)