How to Avoid Losing Your Pants Using oAuth
•Transferir como KEY, PDF•
4 gostaram•3,088 visualizações
Applications have long provided ways to enable other applications to access their API. In the past this has involved naked, plain-text password storage that provided the illusion of users securely giving permission to access the API in their name. oAuth removes this illusion, "putting the clothes" back on authorization so user data remains secure in an open, standards-supported way.
Recomendados
Recomendados
Mais conteúdo relacionado
Semelhante a How to Avoid Losing Your Pants Using oAuth
Semelhante a How to Avoid Losing Your Pants Using oAuth (20)
Último
Último (20)
How to Avoid Losing Your Pants Using oAuth
- 1. HOW TO AVOID LOSING YOUR PANTS USING OAUTH EVERYTHING YOU NEED TO KNOW TO KEEP YOUR USERS SAFE AND MAINTAIN YOUR SANITY WITH OAUTH JESSE STAY CEO, SOCIALTOO.COM HTTP://STAYNALIVE.COM
- 2. A LONG TIME AGO, IN A GALAXY FAR, FAR AWAY, THERE WAS A STORY OF A WISE OLD EMPEROR... OKAY, NOT THIS EMPEROR!
- 3. THE “UNTOLD” TRUTH DON’T BE STUPID!
- 4. DON’T GET CAUGHT WITH YOUR PANTS DOWN! MORAL OF THE STORY PHOTO VIA HTTP://WWW.FLICKR.COM/PHOTOS/WIRETHREAD/175023943/
- 6. WHAT IS OAUTH? OAUTH IS OPEN
- 7. WHAT IS OAUTH? OAUTH IS OPEN OAUTH IS SECURE
- 8. WHAT IS OAUTH? OAUTH IS OPEN OAUTH IS SECURE OAUTH IS AUTHORIZATION
- 9. WHAT IS OAUTH? OAUTH IS OPEN OAUTH IS SECURE OAUTH IS AUTHORIZATION OAUTH IS A STANDARD
- 10. COMPONENTS OF OAUTH THE USER
- 11. COMPONENTS OF OAUTH THE CONSUMER
- 12. COMPONENTS OF OAUTH THE SERVICE PROVIDER
- 13. BASIC FLOW OF AN OAUTH APP USER VISITS APPLICATION, CLICKS “AUTHORIZE” BUTTON
- 14. BASIC FLOW OF AN OAUTH APP USER VISITS CONSUMER, CLICKS “AUTHORIZE” BUTTON CONSUMER REDIRECTS USER TO SERVICE PROVIDER FOR AUTH
- 15. BASIC FLOW OF AN OAUTH APP USER VISITS CONSUMER, CLICKS “AUTHORIZE” BUTTON CONSUMER REDIRECTS USER TO SERVICE PROVIDER FOR AUTH PROVIDER RETURNS USER TO CONSUMER W/ TOKEN TO ACT ON BEHALF OF PROVIDER FOR THAT USER
- 16. “BEHIND” THE SCENES CONSUMER FORMATS A REQUEST TO PROVIDER TO GET A REQUEST TOKEN, APPENDS REQUEST TOKEN TO THE PROVIDER AUTH URL CONSUMER THEN REDIRECTS USER TO PROVIDER AUTH URL W/ THE REQUEST TOKEN
- 17. “BEHIND” THE SCENES USER AUTHENTICATES WITH PROVIDER, AUTHORIZES CONSUMER TO MAKE CALLS ON BEHALF OF USER
- 18. “BEHIND” THE SCENES PROVIDER REDIRECTS USER BACK TO CONSUMER’S CALLBACK URL (SPECIFIED IN ORIGINAL CONSUMER TO PROVIDER REDIRECT OR IN APP SETTINGS) CONSUMER SENDS ORIGINAL REQUEST TOKEN, REQUESTING ACCESS TOKEN FROM PROVIDER
- 19. “BEHIND” THE SCENES PROVIDER SENDS CONSUMER ACCESS TOKEN AND ACCESS TOKEN SECRET, GIVING CONSUMER PERMISSION TO MAKE API CALLS ON BEHALF OF USER CONSUMER MAKES API CALLS FOR USER!
- 20. CONSUMER CALL AND REDIRECT TO PROVIDER: REAL WORLD EXAMPLE (THERE’S MORE THAN ONE WAY TO DO IT!)
- 21. CONSUMER CALLBACK ON REDIRECT FROM PROVIDER: REAL WORLD EXAMPLE (THERE’S MORE THAN ONE WAY TO DO IT!)
- 22. MAKE SOME API CALLS! REAL WORLD EXAMPLE (THERE’S MORE THAN ONE WAY TO DO IT!)
- 23. OAUTH ON THE IPHONE
- 24. OAUTH FOR DESKTOP PROVIDER ASKS USER FOR PIN USER ENTERS PIN IN CONSUMER DESKTOP APP CONSUMER SENDS PIN WITH REQUEST FOR ACCESS TOKEN
- 25. FLAWS OF OAUTH MULTIPLE STEPS FOR USER TO AUTHENTICATE USER HAS TO LEAVE THE CONSUMER SITE NOT BUILT AS AN AUTHENTICATION PLATFORM - WHEN PROVIDER IS DOWN, SO IS OAUTH FOR THAT PROVIDER
- 26. FACEBOOK CONNECT AUTHENTICATION AND AUTHORIZATION IN ONE USER NEVER LEAVES SITE MANY MORE INTEGRATED TOOLS CLOSED, PROPRIETARY
- 27. ANY QUESTIONS? HTTP://WIKI.OAUTH.NET HTTP://STAYNALIVE.COM HTTP://APIWIKI.TWITTER.COM/AUTHENTICATION