OAuth2.0
-
Upload
muktadiur -
Category
Technology
-
view
250 -
download
1
description
Transcript of OAuth2.0
![Page 1: OAuth2.0](https://reader036.fdocuments.in/reader036/viewer/2022082700/54bd63cf4a79595e238b4626/html5/thumbnails/1.jpg)
BY MUKTADIUR RAHMAN
OAUTH 2.0 OVERVIEW
![Page 2: OAuth2.0](https://reader036.fdocuments.in/reader036/viewer/2022082700/54bd63cf4a79595e238b4626/html5/thumbnails/2.jpg)
AGENDA
• OAuth 2.0 • OpenID/OpenID Connect
![Page 3: OAuth2.0](https://reader036.fdocuments.in/reader036/viewer/2022082700/54bd63cf4a79595e238b4626/html5/thumbnails/3.jpg)
OAUTH
• OAuth is an open standard for authorization. OAuth provides a method for clients to access server resources on behalf of a resource owner (such as a different client or an end-user). It also provides a process for end-users to authorize third-party access to their server resources without sharing their credentials (typically, a username and password pair), using user-agent redirections.
![Page 4: OAuth2.0](https://reader036.fdocuments.in/reader036/viewer/2022082700/54bd63cf4a79595e238b4626/html5/thumbnails/4.jpg)
HISTORY
• OAuth 1.0 was developed in Oct 3,2007• OAuth 2.0 Framework and Bearer Token was
developed in Oct, 2012
![Page 5: OAuth2.0](https://reader036.fdocuments.in/reader036/viewer/2022082700/54bd63cf4a79595e238b4626/html5/thumbnails/5.jpg)
TERMINOLOGY
• Authentication• Federated Authentication• Authorization• Delegated Authorization
![Page 6: OAuth2.0](https://reader036.fdocuments.in/reader036/viewer/2022082700/54bd63cf4a79595e238b4626/html5/thumbnails/6.jpg)
ROLE
• Resource server• Resource owner• Client• Authorization server
![Page 7: OAuth2.0](https://reader036.fdocuments.in/reader036/viewer/2022082700/54bd63cf4a79595e238b4626/html5/thumbnails/7.jpg)
PROTOCOL FLOW
![Page 8: OAuth2.0](https://reader036.fdocuments.in/reader036/viewer/2022082700/54bd63cf4a79595e238b4626/html5/thumbnails/8.jpg)
OPENID
• OpenID is a decentralized authentication protocol that makes it easy for people to sign up and access web accounts• OpenID allows you to use an existing account to
sign in to multiple websites, without needing to create new passwords
• http://openid.net/specs/openid-authentication-2_0.html
![Page 9: OAuth2.0](https://reader036.fdocuments.in/reader036/viewer/2022082700/54bd63cf4a79595e238b4626/html5/thumbnails/9.jpg)
OPENID CONNECT
• A protocol built on top of OAuth 2.0 to enable using the same identity to log in (authenticate)to multiple applications
![Page 10: OAuth2.0](https://reader036.fdocuments.in/reader036/viewer/2022082700/54bd63cf4a79595e238b4626/html5/thumbnails/10.jpg)
DEMO