SlideShare uma empresa Scribd logo

OAuth you said

OAuth.io
OAuth.io

OAuth is an open standard for authorization. OAuth provides client applications a 'secure delegated access' to server resources on behalf of a resource owner. It specifies a process for resource owners to authorize third-party access to their server resources without sharing their credentials but it became a big mess.

Tecnologia
1 de 16
Baixar para ler offline
OAuth.io OAUTH YOU SAID?
Why OAuth? Provide a standard way to access protected resources, without sharing passwords. OAuth.io OAuth, You said?
OAuth.io AMAZING! BUT HOW? OAuth, You said?
OAuth.io The middle-man between the service and the OAuth provider ! Never share your Facebook credentials with a service. ! Today, almost any app needing access or permissions relies on OAuth. OAuth, You said? Tokens!
OAuth.io Users had to provide their Facebook credentials to third party services. ! Not secure. Intrusive. Inconvenient. OAuth, You said? Before? Basic Auth.
OAuth was first designed to be interoperable and super easy to implement for developers. Started as a Protocol OAuth.io OAuth, You said?
OAuth 2.0 has been reclassified as a framework. Which means no interoperability and no backward compatibility :/ Ended up as a Framework OAuth.io OAuth, You said?
30+ different implementations ! Two separate flows for token retrieval. ! Resources' names and parameters differ from one provider to another ! A nightmare for developers: lots of potential traps. No hope for a good learning curve… So yes, OAuth is broken OAuth.io OAuth, You said?
OAuth 1.0 = October 2007 OAuth 1.0a = June 2009 OAuth 2.0 first draft = early 2010
 OAuth 2.0 final = late 2011 Many versions in 5 years OAuth.io OAuth, You said?
Complex signature scheme. ! Almost no control over token expiry. ! No permission management. OAuth.io OAuth, You said? OAuth 1.0a was limited
! More flexible but less interoperable SSL rather than signatures Easier to implement No backward compatibility OAuth.io OAuth, You said? OAuth 2.0 compromise
Resource Owner: the user who wants to share a resource, e.g. owner of the facebook photos. ! Client: the application that wants to leverage a resource hosted by a third party, e.g. the photo printing website. ! Authorization Server: the entity that decides to grant access to the client (application), e.g. Facebook’s authorization server. ! Resource Server: the place where the third party resource is hosted, e.g. Facebook’s server where the photos to print are. 4 quick definitions
The Flow
Further reading https://tools.ietf.org/html/rfc6749 http://tools.ietf.org/html/rfc5849 OAuth 1.0 Specs OAuth 2.0 Specs Fuck OAuth by Eran Hammer talk http://vimeo.com/52882780 OAuth.io OAuth, You said? Read our full OAuth Tutorial
Credits The Big Lebowski Walker Texas Ranger aka Chuck (the 1st) Norris Jackie Brown 2001: A Space Odyssey R2D2: Star Wars (Dagobah) C3PO: Star Wars (Tatooine) Las Vegas Parano Terminator Forrest Gump Austin Powers OAuth.io OAuth, You said? Judge Dredd
OAuth you said

Recomendados

A simple PHP LinkedIn OAuth 2.0 example
A simple PHP LinkedIn OAuth 2.0 exampleA simple PHP LinkedIn OAuth 2.0 example
A simple PHP LinkedIn OAuth 2.0 exampleMattia Reggiani
 
OAuth2 and LinkedIn
OAuth2 and LinkedInOAuth2 and LinkedIn
OAuth2 and LinkedInKamyar Mohager
 
OpenAthens Conference 2019: How to make the most of OpenAthens
OpenAthens Conference 2019: How to make the most of OpenAthensOpenAthens Conference 2019: How to make the most of OpenAthens
OpenAthens Conference 2019: How to make the most of OpenAthensOpenAthens
 
Ntia 0900
Ntia 0900Ntia 0900
Ntia 0900gsgiles
 
Mer Morte 12 09 2007
Mer Morte 12 09 2007Mer Morte 12 09 2007
Mer Morte 12 09 2007Imhotep
 
autumn mood - beautiful images of autumn with woodland choir’s ‘autumn’
autumn mood - beautiful images of autumn with woodland choir’s ‘autumn’autumn mood - beautiful images of autumn with woodland choir’s ‘autumn’
autumn mood - beautiful images of autumn with woodland choir’s ‘autumn’P.K. ☮♫♬ ♪♩♭♪☮
 
Lotusz2(Sziszko)
Lotusz2(Sziszko)Lotusz2(Sziszko)
Lotusz2(Sziszko)Sziszko B.né
 
Northern Faroe Islands
Northern Faroe IslandsNorthern Faroe Islands
Northern Faroe Islandskaytwin2
 

Recomendados

A simple PHP LinkedIn OAuth 2.0 example
A simple PHP LinkedIn OAuth 2.0 exampleA simple PHP LinkedIn OAuth 2.0 example
A simple PHP LinkedIn OAuth 2.0 exampleMattia Reggiani
 
OAuth2 and LinkedIn
OAuth2 and LinkedInOAuth2 and LinkedIn
OAuth2 and LinkedInKamyar Mohager
 
OpenAthens Conference 2019: How to make the most of OpenAthens
OpenAthens Conference 2019: How to make the most of OpenAthensOpenAthens Conference 2019: How to make the most of OpenAthens
OpenAthens Conference 2019: How to make the most of OpenAthensOpenAthens
 
Ntia 0900
Ntia 0900Ntia 0900
Ntia 0900gsgiles
 
Mer Morte 12 09 2007
Mer Morte 12 09 2007Mer Morte 12 09 2007
Mer Morte 12 09 2007Imhotep
 
autumn mood - beautiful images of autumn with woodland choir’s ‘autumn’
autumn mood - beautiful images of autumn with woodland choir’s ‘autumn’autumn mood - beautiful images of autumn with woodland choir’s ‘autumn’
autumn mood - beautiful images of autumn with woodland choir’s ‘autumn’P.K. ☮♫♬ ♪♩♭♪☮
 
Lotusz2(Sziszko)
Lotusz2(Sziszko)Lotusz2(Sziszko)
Lotusz2(Sziszko)Sziszko B.né
 
Northern Faroe Islands
Northern Faroe IslandsNorthern Faroe Islands
Northern Faroe Islandskaytwin2
 
New York City
New York CityNew York City
New York Citykaytwin2
 
Photos Of The Earth
Photos Of The EarthPhotos Of The Earth
Photos Of The Earthwings
 
06 La Derniere Photo
06 La Derniere Photo06 La Derniere Photo
06 La Derniere PhotoImhotep
 
Taiwan international orchid_show
Taiwan international orchid_showTaiwan international orchid_show
Taiwan international orchid_showLilianaB2008
 
Carnival...Karneval...2(Sziszko)
Carnival...Karneval...2(Sziszko)Carnival...Karneval...2(Sziszko)
Carnival...Karneval...2(Sziszko)Sziszko B.né
 
Alaska 2010
Alaska 2010Alaska 2010
Alaska 2010kaytwin2
 
OC EMS Operation Sober Graduation
OC EMS Operation Sober GraduationOC EMS Operation Sober Graduation
OC EMS Operation Sober Graduation911cowboy
 
Tirol T
Tirol TTirol T
Tirol Tdepeer
 
That's So Gay!
That's So Gay!That's So Gay!
That's So Gay!Robert Stribley
 
Anna kostenko mdc jal
Anna kostenko mdc jalAnna kostenko mdc jal
Anna kostenko mdc jalLilianaB2008
 
LOVE doesn’t ask Why - Happy Valentine’s Day with Celine Dion’s ‘Love doesn’t...
LOVE doesn’t ask Why - Happy Valentine’s Day with Celine Dion’s ‘Love doesn’t...LOVE doesn’t ask Why - Happy Valentine’s Day with Celine Dion’s ‘Love doesn’t...
LOVE doesn’t ask Why - Happy Valentine’s Day with Celine Dion’s ‘Love doesn’t...P.K. ☮♫♬ ♪♩♭♪☮
 
Washington slideshow
Washington slideshowWashington slideshow
Washington slideshowkaytwin2
 
Balcões Floridos
Balcões FloridosBalcões Floridos
Balcões FloridosRobson Silva Espig
 
Mailbox Creations
Mailbox Creations Mailbox Creations
Mailbox CreationsBarbara Davis
 
Eduson kak vospitat liderov
Eduson kak vospitat liderovEduson kak vospitat liderov
Eduson kak vospitat liderovEduson.tv
 
Believe It Or Not (2)
Believe It Or Not (2)Believe It Or Not (2)
Believe It Or Not (2)wings
 
Portland, oregon slideshow
Portland, oregon slideshowPortland, oregon slideshow
Portland, oregon slideshowkaytwin2
 
Alaska poetry
Alaska poetryAlaska poetry
Alaska poetrykaytwin2
 
American (UN) Beauty!
American (UN) Beauty!American (UN) Beauty!
American (UN) Beauty!Ravishankar M K
 
Ems Stamps
Ems StampsEms Stamps
Ems Stamps911cowboy
 
OAuth In The Real World : 10 actual implementations you can't guess
OAuth In The Real World : 10 actual implementations you can't guessOAuth In The Real World : 10 actual implementations you can't guess
OAuth In The Real World : 10 actual implementations you can't guessMehdi Medjaoui
 
OAuth - Don’t Throw the Baby Out with the Bathwater
OAuth - Don’t Throw the Baby Out with the Bathwater OAuth - Don’t Throw the Baby Out with the Bathwater
OAuth - Don’t Throw the Baby Out with the Bathwater Apigee | Google Cloud
 

Mais conteúdo relacionado

Destaque

New York City
New York CityNew York City
New York Citykaytwin2
 
Photos Of The Earth
Photos Of The EarthPhotos Of The Earth
Photos Of The Earthwings
 
06 La Derniere Photo
06 La Derniere Photo06 La Derniere Photo
06 La Derniere PhotoImhotep
 
Taiwan international orchid_show
Taiwan international orchid_showTaiwan international orchid_show
Taiwan international orchid_showLilianaB2008
 
Carnival...Karneval...2(Sziszko)
Carnival...Karneval...2(Sziszko)Carnival...Karneval...2(Sziszko)
Carnival...Karneval...2(Sziszko)Sziszko B.né
 
Alaska 2010
Alaska 2010Alaska 2010
Alaska 2010kaytwin2
 
OC EMS Operation Sober Graduation
OC EMS Operation Sober GraduationOC EMS Operation Sober Graduation
OC EMS Operation Sober Graduation911cowboy
 
Tirol T
Tirol TTirol T
Tirol Tdepeer
 
Anna kostenko mdc jal
Anna kostenko mdc jalAnna kostenko mdc jal
Anna kostenko mdc jalLilianaB2008
 
LOVE doesn’t ask Why - Happy Valentine’s Day with Celine Dion’s ‘Love doesn’t...
LOVE doesn’t ask Why - Happy Valentine’s Day with Celine Dion’s ‘Love doesn’t...LOVE doesn’t ask Why - Happy Valentine’s Day with Celine Dion’s ‘Love doesn’t...
LOVE doesn’t ask Why - Happy Valentine’s Day with Celine Dion’s ‘Love doesn’t...P.K. ☮♫♬ ♪♩♭♪☮
 
Washington slideshow
Washington slideshowWashington slideshow
Washington slideshowkaytwin2
 
Eduson kak vospitat liderov
Eduson kak vospitat liderovEduson kak vospitat liderov
Eduson kak vospitat liderovEduson.tv
 
Believe It Or Not (2)
Believe It Or Not (2)Believe It Or Not (2)
Believe It Or Not (2)wings
 
Portland, oregon slideshow
Portland, oregon slideshowPortland, oregon slideshow
Portland, oregon slideshowkaytwin2
 
Alaska poetry
Alaska poetryAlaska poetry
Alaska poetrykaytwin2
 

Destaque (20)

New York City
New York CityNew York City
New York City
 
Photos Of The Earth
Photos Of The EarthPhotos Of The Earth
Photos Of The Earth
 
06 La Derniere Photo
06 La Derniere Photo06 La Derniere Photo
06 La Derniere Photo
 
Taiwan international orchid_show
Taiwan international orchid_showTaiwan international orchid_show
Taiwan international orchid_show
 
Carnival...Karneval...2(Sziszko)
Carnival...Karneval...2(Sziszko)Carnival...Karneval...2(Sziszko)
Carnival...Karneval...2(Sziszko)
 
Alaska 2010
Alaska 2010Alaska 2010
Alaska 2010
 
OC EMS Operation Sober Graduation
OC EMS Operation Sober GraduationOC EMS Operation Sober Graduation
OC EMS Operation Sober Graduation
 
Tirol T
Tirol TTirol T
Tirol T
 
That's So Gay!
That's So Gay!That's So Gay!
That's So Gay!
 
Anna kostenko mdc jal
Anna kostenko mdc jalAnna kostenko mdc jal
Anna kostenko mdc jal
 
LOVE doesn’t ask Why - Happy Valentine’s Day with Celine Dion’s ‘Love doesn’t...
LOVE doesn’t ask Why - Happy Valentine’s Day with Celine Dion’s ‘Love doesn’t...LOVE doesn’t ask Why - Happy Valentine’s Day with Celine Dion’s ‘Love doesn’t...
LOVE doesn’t ask Why - Happy Valentine’s Day with Celine Dion’s ‘Love doesn’t...
 
Washington slideshow
Washington slideshowWashington slideshow
Washington slideshow
 
Balcões Floridos
Balcões FloridosBalcões Floridos
Balcões Floridos
 
Mailbox Creations
Mailbox Creations Mailbox Creations
Mailbox Creations
 
Eduson kak vospitat liderov
Eduson kak vospitat liderovEduson kak vospitat liderov
Eduson kak vospitat liderov
 
Believe It Or Not (2)
Believe It Or Not (2)Believe It Or Not (2)
Believe It Or Not (2)
 
Portland, oregon slideshow
Portland, oregon slideshowPortland, oregon slideshow
Portland, oregon slideshow
 
Alaska poetry
Alaska poetryAlaska poetry
Alaska poetry
 
American (UN) Beauty!
American (UN) Beauty!American (UN) Beauty!
American (UN) Beauty!
 
Ems Stamps
Ems StampsEms Stamps
Ems Stamps
 

Semelhante a OAuth you said

OAuth In The Real World : 10 actual implementations you can't guess
OAuth In The Real World : 10 actual implementations you can't guessOAuth In The Real World : 10 actual implementations you can't guess
OAuth In The Real World : 10 actual implementations you can't guessMehdi Medjaoui
 
OAuth - Don’t Throw the Baby Out with the Bathwater
OAuth - Don’t Throw the Baby Out with the Bathwater OAuth - Don’t Throw the Baby Out with the Bathwater
OAuth - Don’t Throw the Baby Out with the Bathwater Apigee | Google Cloud
 
OAuth2 Introduction
OAuth2 IntroductionOAuth2 Introduction
OAuth2 IntroductionArpit Suthar
 
Ladies Be Architects - Study Group III: OAuth 2.0 (Ep 1)
Ladies Be Architects - Study Group III: OAuth 2.0 (Ep 1)Ladies Be Architects - Study Group III: OAuth 2.0 (Ep 1)
Ladies Be Architects - Study Group III: OAuth 2.0 (Ep 1)gemziebeth
 
A How-to Guide to OAuth & API Security
A How-to Guide to OAuth & API SecurityA How-to Guide to OAuth & API Security
A How-to Guide to OAuth & API SecurityCA API Management
 
Securing APIs using OAuth 2.0
Securing APIs using OAuth 2.0Securing APIs using OAuth 2.0
Securing APIs using OAuth 2.0Adam Lewis
 
Demystifying OAuth 2.0
Demystifying OAuth 2.0Demystifying OAuth 2.0
Demystifying OAuth 2.0Yury Roa
 
Social Network Intergration
Social Network IntergrationSocial Network Intergration
Social Network IntergrationDinesh Kumar
 
OAuth is a mess!
OAuth is a mess!OAuth is a mess!
OAuth is a mess!OAuth.io
 
OAuth2 - Introduction
OAuth2 - IntroductionOAuth2 - Introduction
OAuth2 - IntroductionKnoldus Inc.
 
The Many Flavors of OAuth - Understand Everything About OAuth2
The Many Flavors of OAuth - Understand Everything About OAuth2The Many Flavors of OAuth - Understand Everything About OAuth2
The Many Flavors of OAuth - Understand Everything About OAuth2Khor SoonHin
 
OAuth - Open API Authentication
OAuth - Open API AuthenticationOAuth - Open API Authentication
OAuth - Open API Authenticationleahculver
 

Semelhante a OAuth you said (20)

OAuth In The Real World : 10 actual implementations you can't guess
OAuth In The Real World : 10 actual implementations you can't guessOAuth In The Real World : 10 actual implementations you can't guess
OAuth In The Real World : 10 actual implementations you can't guess
 
OAuth - Don’t Throw the Baby Out with the Bathwater
OAuth - Don’t Throw the Baby Out with the Bathwater OAuth - Don’t Throw the Baby Out with the Bathwater
OAuth - Don’t Throw the Baby Out with the Bathwater
 
OAuth2 Introduction
OAuth2 IntroductionOAuth2 Introduction
OAuth2 Introduction
 
Oauth2.0
Oauth2.0Oauth2.0
Oauth2.0
 
OAuth
OAuthOAuth
OAuth
 
Ladies Be Architects - Study Group III: OAuth 2.0 (Ep 1)
Ladies Be Architects - Study Group III: OAuth 2.0 (Ep 1)Ladies Be Architects - Study Group III: OAuth 2.0 (Ep 1)
Ladies Be Architects - Study Group III: OAuth 2.0 (Ep 1)
 
O auth
O authO auth
O auth
 
A How-to Guide to OAuth & API Security
A How-to Guide to OAuth & API SecurityA How-to Guide to OAuth & API Security
A How-to Guide to OAuth & API Security
 
OAuth Android Göteborg
OAuth Android GöteborgOAuth Android Göteborg
OAuth Android Göteborg
 
Securing APIs using OAuth 2.0
Securing APIs using OAuth 2.0Securing APIs using OAuth 2.0
Securing APIs using OAuth 2.0
 
Demystifying OAuth 2.0
Demystifying OAuth 2.0Demystifying OAuth 2.0
Demystifying OAuth 2.0
 
Social Network Intergration
Social Network IntergrationSocial Network Intergration
Social Network Intergration
 
Oauth 2.0
Oauth 2.0Oauth 2.0
Oauth 2.0
 
OAuth is a mess!
OAuth is a mess!OAuth is a mess!
OAuth is a mess!
 
OAuth2 - Introduction
OAuth2 - IntroductionOAuth2 - Introduction
OAuth2 - Introduction
 
OAuth Tokens
OAuth TokensOAuth Tokens
OAuth Tokens
 
Secure Webservices
Secure WebservicesSecure Webservices
Secure Webservices
 
Oauth2.0 tutorial
Oauth2.0 tutorialOauth2.0 tutorial
Oauth2.0 tutorial
 
The Many Flavors of OAuth - Understand Everything About OAuth2
The Many Flavors of OAuth - Understand Everything About OAuth2The Many Flavors of OAuth - Understand Everything About OAuth2
The Many Flavors of OAuth - Understand Everything About OAuth2
 
OAuth - Open API Authentication
OAuth - Open API AuthenticationOAuth - Open API Authentication
OAuth - Open API Authentication
 

Último

Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 

Último (20)

Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 

OAuth you said

  • 2. Why OAuth? Provide a standard way to access protected resources, without sharing passwords. OAuth.io OAuth, You said?
  • 4. OAuth.io The middle-man between the service and the OAuth provider ! Never share your Facebook credentials with a service. ! Today, almost any app needing access or permissions relies on OAuth. OAuth, You said? Tokens!
  • 5. OAuth.io Users had to provide their Facebook credentials to third party services. ! Not secure. Intrusive. Inconvenient. OAuth, You said? Before? Basic Auth.
  • 6. OAuth was first designed to be interoperable and super easy to implement for developers. Started as a Protocol OAuth.io OAuth, You said?
  • 7. OAuth 2.0 has been reclassified as a framework. Which means no interoperability and no backward compatibility :/ Ended up as a Framework OAuth.io OAuth, You said?
  • 8. 30+ different implementations ! Two separate flows for token retrieval. ! Resources' names and parameters differ from one provider to another ! A nightmare for developers: lots of potential traps. No hope for a good learning curve… So yes, OAuth is broken OAuth.io OAuth, You said?
  • 9. OAuth 1.0 = October 2007 OAuth 1.0a = June 2009 OAuth 2.0 first draft = early 2010
 OAuth 2.0 final = late 2011 Many versions in 5 years OAuth.io OAuth, You said?
  • 10. Complex signature scheme. ! Almost no control over token expiry. ! No permission management. OAuth.io OAuth, You said? OAuth 1.0a was limited
  • 11. ! More flexible but less interoperable SSL rather than signatures Easier to implement No backward compatibility OAuth.io OAuth, You said? OAuth 2.0 compromise
  • 12. Resource Owner: the user who wants to share a resource, e.g. owner of the facebook photos. ! Client: the application that wants to leverage a resource hosted by a third party, e.g. the photo printing website. ! Authorization Server: the entity that decides to grant access to the client (application), e.g. Facebook’s authorization server. ! Resource Server: the place where the third party resource is hosted, e.g. Facebook’s server where the photos to print are. 4 quick definitions
  • 14. Further reading https://tools.ietf.org/html/rfc6749 http://tools.ietf.org/html/rfc5849 OAuth 1.0 Specs OAuth 2.0 Specs Fuck OAuth by Eran Hammer talk http://vimeo.com/52882780 OAuth.io OAuth, You said? Read our full OAuth Tutorial
  • 15. Credits The Big Lebowski Walker Texas Ranger aka Chuck (the 1st) Norris Jackie Brown 2001: A Space Odyssey R2D2: Star Wars (Dagobah) C3PO: Star Wars (Tatooine) Las Vegas Parano Terminator Forrest Gump Austin Powers OAuth.io OAuth, You said? Judge Dredd