WordPress + OAuthWill Norris
http://will.norris.name/
WordCamp SF 2008 2008 Aug 16
Will Norris
Early 2007
Dec 2007
April 2008
DiSo - seeking a viable model for a distributed social networkcomponents - people, friends, identity, activities, sharing & permissions, messaging, groups
Vidoop - strong authentication for the consumer web
What is OAuth?
OAuth is...
... a protocol for developingpassword less APIs.
OAuth is...
... a way for an application to interact witha service on a user’s behalf without havingto know the user’s credentials.
OAuth is...
... “your valet key for the Web.”
OAuth is...
... not OpenID.
OAuth is...
... not OpenID.
(OpenID does authentication. OAuth does authorization.)
OAuth is...
... not OpenID.
(OpenID identifies users. OAuth identifies applications.)
Why do we need OAuth?
The Love Triangle
Service Provider
End User
Consumer Application
The Love Triangle
Service Provider
End User
Consumer Application
The Password Anti-Pattern
teaching people bad habits
Importing Contacts
Importing Contacts
Accessing WordPress
Accessing WordPress
Problems
Full account access
Non-revokable
Sharing your credentials is giving away the keys to the kingdom. It’s the equivalent of giving the waiter your ATM card and PIN in order to pay for dinner.You can’t revoke your password once you’ve shared it... all you can do is change your password. And then you have to update it everywhere.
OAuth Tokens can...
Be constrained ... by source ... by time ... by function ... by _____
Limit by IP Address. Allow access only during certain times of the day or for the next two months. Allow basic functions, but not administrative functions.
OAuth Tokens can...
Be revoked ... automatically ... manually
Revoke token after a certain number of uses or period of time.
WordPress OAuth Demopictu
res
The Love Triangle
Service Provider
End User
Consumer Application
Note that we only enter the blog URL now, not the username and password.
We login at our WordPress blog, through the normal login page.
Grant or deny access for this particular application.
Managing your Applications
Who’s using OAuth?
...and more
Google - All GData APIs, Google Friend ConnectYahoo! - FireEagle, Y! Open Strategy, Flickr(?)
Questions ?
Slide credits:
“OAuth: Basic Introduction” - Leah Culver“Advanced OAuth Wrangling” - Kellen Elliot-McCrea
Top Related