Securing API data models
-
Upload
jonathan-leblanc -
Category
Technology
-
view
108 -
download
1
description
Transcript of Securing API data models
Building on the Ashes of Past Standards
Securing API Data Models
Jonathan LeBlancHead of Developer Evangelism (North
America)Github: http://github.com/jcleblanc
Slides: http://slideshare.net/jcleblancTwitter: @jcleblanc
The Ultimate Decision
Security Usability
The Path
to th
e Sta
ndard
The Insecure, Unmanageable Start
Very Secure, Long to Implement
Two Currently Widely Used Specs
Auth in
Pra
ctice
Fetching a Code
Prepare the Redirect URIAuthorization Endpointclient_id response_type (code)scope redirect_urinonce state
Browser RedirectRedirect URI
Fetching the Access Token
Fetch the Access TokenAccess Token Endpointclient_id code (query string)client_secret grant_type
HTTP POSTAccess Token Endpoint
A few implementation differences
Endpoints
Scopes (dynamic / static)
Using the Access Token in a request
Using th
e Ske
leto
n Key
How it’s Normally Used
Access user details
Push data throughuser social streams
But why?
Access token as a control structure
Improve Existing Products
Our showcase: Seamless Checkout
A Few Code Links
OAuth2 & OpenID Connect Sampleshttps://github.com/jcleblanc/oauthhttps://github.com/paypal/paypal-access
Log in with PayPalhttp://bit.ly/loginwithpaypal
http://bit.ly/securing_apis
Thank You! Questions?
Jonathan LeBlancHead of Developer Evangelism (North
America)Github: http://github.com/jcleblanc
Slides: http://slideshare.net/jcleblancTwitter: @jcleblanc