User Management with LastUser
-
Upload
kiran-jonnalagadda -
Category
Technology
-
view
1.974 -
download
0
description
Transcript of User Management with LastUser
![Page 1: User Management with LastUser](https://reader033.fdocuments.in/reader033/viewer/2022042710/554bdd35b4c9058f6c8b5710/html5/thumbnails/1.jpg)
User Management with LastUserKiran Jonnalagadda, HasGeek
PyCon India, Pune, September 2011flickr.com/exfordy/128576390/
![Page 2: User Management with LastUser](https://reader033.fdocuments.in/reader033/viewer/2022042710/554bdd35b4c9058f6c8b5710/html5/thumbnails/2.jpg)
The What & The Why
![Page 3: User Management with LastUser](https://reader033.fdocuments.in/reader033/viewer/2022042710/554bdd35b4c9058f6c8b5710/html5/thumbnails/3.jpg)
LastUser is an identity aggregating web service
LastUser
Your App 1 Your App 2 Your App 3
![Page 4: User Management with LastUser](https://reader033.fdocuments.in/reader033/viewer/2022042710/554bdd35b4c9058f6c8b5710/html5/thumbnails/4.jpg)
A simple goal
Login
Password
Submit
Login identifier that users can remember
Relief from password management
No user registration. Just login and use
![Page 5: User Management with LastUser](https://reader033.fdocuments.in/reader033/viewer/2022042710/554bdd35b4c9058f6c8b5710/html5/thumbnails/5.jpg)
OpenID:URLs as Identity
![Page 6: User Management with LastUser](https://reader033.fdocuments.in/reader033/viewer/2022042710/554bdd35b4c9058f6c8b5710/html5/thumbnails/6.jpg)
OpenID in theory:
http://jace.livejournal.com/
![Page 7: User Management with LastUser](https://reader033.fdocuments.in/reader033/viewer/2022042710/554bdd35b4c9058f6c8b5710/html5/thumbnails/7.jpg)
github.comwww.
URLs in the browser:
![Page 8: User Management with LastUser](https://reader033.fdocuments.in/reader033/viewer/2022042710/554bdd35b4c9058f6c8b5710/html5/thumbnails/8.jpg)
github.com
URLs in the browser:
![Page 9: User Management with LastUser](https://reader033.fdocuments.in/reader033/viewer/2022042710/554bdd35b4c9058f6c8b5710/html5/thumbnails/9.jpg)
github.com/http://
URLs in the browser:
![Page 10: User Management with LastUser](https://reader033.fdocuments.in/reader033/viewer/2022042710/554bdd35b4c9058f6c8b5710/html5/thumbnails/10.jpg)
github.com/https://
URLs in the browser:
![Page 11: User Management with LastUser](https://reader033.fdocuments.in/reader033/viewer/2022042710/554bdd35b4c9058f6c8b5710/html5/thumbnails/11.jpg)
URLs as Identifiers1. github.com2. github.com/3. www.github.com4. www.github.com/5. http://github.com6. http://github.com/7. http://www.github.com8. http://www.github.com/9. https://github.com10. https://github.com/11. https://www.github.com12. https://www.github.com/
Multiple strings; same final URL
flickr.com/mynameisharsha/5157965638/
![Page 12: User Management with LastUser](https://reader033.fdocuments.in/reader033/viewer/2022042710/554bdd35b4c9058f6c8b5710/html5/thumbnails/12.jpg)
Contrast with email Addresses:
[email protected] one character and it’s no longer
valid. Users are conditioned to type them in exactly every time
![Page 13: User Management with LastUser](https://reader033.fdocuments.in/reader033/viewer/2022042710/554bdd35b4c9058f6c8b5710/html5/thumbnails/13.jpg)
URL Ambiguity:https://www.google.com/accounts/o8/id
One OpenID URL for all Google accounts
![Page 14: User Management with LastUser](https://reader033.fdocuments.in/reader033/viewer/2022042710/554bdd35b4c9058f6c8b5710/html5/thumbnails/14.jpg)
URL Ambiguity:https://www.google.com/accounts/o8/id?id=AItOawnGAN1Swp5zAJn9UYCw0jivCRXg8qIe_9c
https://www.google.com/accounts/o8/id?id=AItOawm3y2JBSnIo0ZdNwtIa487VpQXtpbXNmU4
Both are the same Google id, on different domains, using directed identity. If you move to a new domain,
all your users’ ids change
![Page 15: User Management with LastUser](https://reader033.fdocuments.in/reader033/viewer/2022042710/554bdd35b4c9058f6c8b5710/html5/thumbnails/15.jpg)
URLs are not reliable identifiers for users
![Page 16: User Management with LastUser](https://reader033.fdocuments.in/reader033/viewer/2022042710/554bdd35b4c9058f6c8b5710/html5/thumbnails/16.jpg)
OpenID in practice
![Page 17: User Management with LastUser](https://reader033.fdocuments.in/reader033/viewer/2022042710/554bdd35b4c9058f6c8b5710/html5/thumbnails/17.jpg)
OAuth:Delegated Identity
![Page 18: User Management with LastUser](https://reader033.fdocuments.in/reader033/viewer/2022042710/554bdd35b4c9058f6c8b5710/html5/thumbnails/18.jpg)
The delegated id model
Your Application
![Page 19: User Management with LastUser](https://reader033.fdocuments.in/reader033/viewer/2022042710/554bdd35b4c9058f6c8b5710/html5/thumbnails/19.jpg)
The delegated id model
Your Application
Synchronizing identity across services?
![Page 20: User Management with LastUser](https://reader033.fdocuments.in/reader033/viewer/2022042710/554bdd35b4c9058f6c8b5710/html5/thumbnails/20.jpg)
Need a common identifier across services. It’s usually
an email address
![Page 21: User Management with LastUser](https://reader033.fdocuments.in/reader033/viewer/2022042710/554bdd35b4c9058f6c8b5710/html5/thumbnails/21.jpg)
LastUser as abstraction layer
LastUser — OAuth Server
Your App 1 Your App 2 Your App 3
![Page 22: User Management with LastUser](https://reader033.fdocuments.in/reader033/viewer/2022042710/554bdd35b4c9058f6c8b5710/html5/thumbnails/22.jpg)
Multiple apps, all connected to
one LastUser instance
![Page 23: User Management with LastUser](https://reader033.fdocuments.in/reader033/viewer/2022042710/554bdd35b4c9058f6c8b5710/html5/thumbnails/23.jpg)
1. Login screen provider
![Page 24: User Management with LastUser](https://reader033.fdocuments.in/reader033/viewer/2022042710/554bdd35b4c9058f6c8b5710/html5/thumbnails/24.jpg)
Connecting identitiesUsers sometimes login with a different service provider
Accounts can be connected if there is a common id
Twitter does not provide an email address
GitHub provides only md5sum of email via Gravatar. Can be connected if email is already known
![Page 25: User Management with LastUser](https://reader033.fdocuments.in/reader033/viewer/2022042710/554bdd35b4c9058f6c8b5710/html5/thumbnails/25.jpg)
Supported id providers
GitHub
OpenID (but not delegation)
Upcoming: LinkedIn, Facebook
![Page 26: User Management with LastUser](https://reader033.fdocuments.in/reader033/viewer/2022042710/554bdd35b4c9058f6c8b5710/html5/thumbnails/26.jpg)
OAuth: There is no single standard called OAuth. Every
implementation is different
![Page 27: User Management with LastUser](https://reader033.fdocuments.in/reader033/viewer/2022042710/554bdd35b4c9058f6c8b5710/html5/thumbnails/27.jpg)
There is no up-to-date Python library for OAuth2. Every service
provider has their own library.Contrast: Ruby has OmniAuth
![Page 28: User Management with LastUser](https://reader033.fdocuments.in/reader033/viewer/2022042710/554bdd35b4c9058f6c8b5710/html5/thumbnails/28.jpg)
LastUser implements OAuth 2.0 draft 16
(with gaps filled in)
![Page 29: User Management with LastUser](https://reader033.fdocuments.in/reader033/viewer/2022042710/554bdd35b4c9058f6c8b5710/html5/thumbnails/29.jpg)
OAuth 2.0 has two parts
OAuthAuthorization
Server
OAuthResource
Server
OAuth Client1. Request anaccess token
2. Use token toaccess resource
![Page 30: User Management with LastUser](https://reader033.fdocuments.in/reader033/viewer/2022042710/554bdd35b4c9058f6c8b5710/html5/thumbnails/30.jpg)
OAuth 2.0 has two parts
OAuthAuthorization
Server
OAuthResource
Server
OAuth Client1. Request anaccess token
2. Use token toaccess resource
OAuth 2.0 doesn’tspecify how this
bit works
LastUser does
![Page 31: User Management with LastUser](https://reader033.fdocuments.in/reader033/viewer/2022042710/554bdd35b4c9058f6c8b5710/html5/thumbnails/31.jpg)
2. Resource providers(work in progress)
![Page 32: User Management with LastUser](https://reader033.fdocuments.in/reader033/viewer/2022042710/554bdd35b4c9058f6c8b5710/html5/thumbnails/32.jpg)
3. Central access control
![Page 33: User Management with LastUser](https://reader033.fdocuments.in/reader033/viewer/2022042710/554bdd35b4c9058f6c8b5710/html5/thumbnails/33.jpg)
Pending work
Seamless login UI and pure client-side JS login API
Non-web login flow
Authorization to resource server communication protocol
Support for token types other than bearer tokens
![Page 34: User Management with LastUser](https://reader033.fdocuments.in/reader033/viewer/2022042710/554bdd35b4c9058f6c8b5710/html5/thumbnails/34.jpg)
LastUser is BSD-licensedhttps://github.com/hasgeek/lastuser