Your users need to sign up, authenticate, retrieve their password, change their password, etc. Building your own system takes time and resources, so why not do what developers do best…abstract it away! Places like Twitter, Facebook, and Google have given developers the sweet gift of third-party authentication, allowing your users to use their existing credentials to access your application. Learn about the pros and cons of offloading authentication to these services and see how they work while exploring options using both OpenID and OAuth.
8. What is Offloading?
• Authentication via third trusted party
• User creates an account there (or likely already
has one)
• They manage passwords and usernames
• Host application passes user to authentication
provider
• No passwords pass over your wire
Thursday, May 26, 2011
9. Why Offload?
• Dirty work is done for you
• No Passwords. Ever. None.
• No Username Selections
• Implementation is quick and easy
• Signup is fast
Thursday, May 26, 2011
10. Effectiveness
• Quick Conversion
• Personal Information
• Demographic Information
Thursday, May 26, 2011
11. Downsides
• Indentured to a provider
• Require a third party for a critical aspect of
your application
Thursday, May 26, 2011
19. OpenID
• Hasn’t really caught on
• Thought of as “geek speak”
• Service providers include
• Google
• Yahoo
• Many more...
Thursday, May 26, 2011
20. OAuth
• Open standard for access delegation
• With authentication, provides ability for
SSO
• Valet key to the internet
Thursday, May 26, 2011
21. OAuth Players
• Service Provider (Server)- Has the
information you want
• Consumer (Client) - Wants the information
from the Service Provider
• User (Resource Owner) - Can grant access
to the Consumer to acquire information
about your account from the Service
Provider
Thursday, May 26, 2011
25. Get Started
• Register your app with Twitter
• https://dev.twitter.com/apps/new
• Add some UI to your app
• Choose an OAuth lib to help
Thursday, May 26, 2011
32. A Few Things To
Remember...
• What if the external key changes?
• Changed OpenID URL
• Changed Twitter ID
• Multiple accounts from the same user
Thursday, May 26, 2011
33. Account Management
• Have an internal application account id
• Link external accounts to internal id
• Allow management of external
authentication sources by the user
Thursday, May 26, 2011
34. Have A Backup Plan
• Downtime
• Removal of service
• Change in service
Thursday, May 26, 2011
35. Questions?
Jason Austin - @jason_austin - jfaustin@gmail.com
http://joind.in/3431
Code Available at
http://github.com/jfaustin/tek11-twitter-auth
Thursday, May 26, 2011