OAuth Hacks A gentle introduction to OAuth 2 and Apache Oltu
OAuth 1.0
Click here to load reader
-
Upload
simonetripodi -
Category
Technology
-
view
771 -
download
0
description
Transcript of OAuth 1.0
OAuthSimone Tripodi - Asemantics S.r.l.
What’s OAuth?• An Open Protocol to allow secure API
authorization in a simple and standard method for mobile, desktop and web application;
• a protocol for developing password less APIs;
• a way for an application to interact with an API on a user’s behalf without knowing the user’s authentication credentials.
Hypothetical Scenarios
End User End User
ConsumerServiceProvider
ConsumerServiceProvider
“Import pictures from Picasainto Virgilio Photo Album”
“Allow Dailymotion readVirgilio’s User data”
Authorization flow
B2B shared information• Consumer Key: a value used by the
Consumer to identify itself to the Service Provider;
• Consumer Secret: a secret used by the Consumer to establish ownership of the Consumer Key;
• The Consumer establishes a Consumer Key and a Consumer Secret with the Service Provider to be authenticated; the Consumer needs to be registered!
OpenID & OAuth
• OpenID: helps determine who you are - AUTHENTICATION;
• OAuth: defines how to give access to protected data - AUTHORIZATION;
• They are complementary; a site that supports OAuth could also support OpenID for authentication!!!
OpenID & OAuth:Example integration
OAuth isProduction Ready!!!
• Yahoo!
• MySpace
• Digg
• Magnolia
• Plaxo
• ... and much more!
OAuth community
• Leaded by Brian Cook & Chris Messina;
• Active Google-group:http://groups.google.com/group/oauth/
• Blog: http://blog.oauth.net/
• Many available implementations from OS communities:Java - C# - JavaScript - Perl - PHP ...
Where are we?
here