We think you have liked this presentation. If you wish to download it, please recommend it to your friends in any social system. Share buttons are a little bit lower. Thank you!
Presentation is loading. Please wait.
Published byIsabella Fagan
Modified over 3 years ago
The How of OAuth OAuth Hackathon – Six Apart
The How of OAuth or: How I learned to stop worrying and fall in love with Factory Joe
OAuths Goal Website X can access your protected data at API Y – All without sharing your password off-site – especially when there isnt one like with OpenID
OAuth gives you: Signed HTTP Requests Safe, Password-less Token Exchange Signed HTTP Requests Safe, Password-less Token Exchange
The Three Actors User – My Buddy (not me) Service Provider – Chuck E. Cheese Consumer – 10 yr old kids
The Three Tokens Access Tokens – Chuck E. Cheese Tickets Request Tokens – Chuck E. Cheese Tokens Consumer Keys
The Three URLS Request Token Issuer Authorization Page Access Token Exchanger
Building a Consumer
Get a consumer key and secret
Simple enough, eh?
Get a Request Token
Authorize the Request Token
Exchange for an Access Token
Making Authenticated Calls
Building a Service Provider
Data to store Consumers: – key, secret, callback_url Request Token: – token, secret, consumer, authorizing_user Access Token: – token, secret, consumer, user
Issuing Request Tokens Verify using only the consumer credential
Issuing Request Tokens Issue the request token
Authorizing Request Tokens Ask the user to accept the authorization
Authorizing Request Tokens Connecting the logged in user go back to consumer
Exchange for an Access Token Validate using Request Token and Consumer
Exchange for an Access Token Issue the Access Token Destroy the Request Token
Protecting Resources Validate Access Token
OAuth Hackathon – Six Apart
OAuth Phil Wilson, University of Bath, what the? "OAuth provides a way to grant access to your data on some website to a third website, without.
Workflow OpenID Scenario Users get OpenID from provider Andy is given access to service, and then to workflow server. Andy installs workflow Workflow gets.
Security Considerations February 15, Proprietary and Confidential, zAgile, Inc.
THE API AN INTRODUCTION TO THE MINISTRYPLATFORM APPLICATION PROGRAMMING INTERFACE STEPHEN WAREHAM.
By: Ansuya Chauhan. What is Open ID??? Single Sign-on System Simple to use Uses proven technologies like DNS, HTTP, SSL/TLS and Diffie-Hellman It’s Decentralized.
Secure Mobile Development with NetIQ Access Manager April 2016.
Yahoo! OpenID and OAuth 1 Allen Tom Yahoo! Membership Architect OpenID Foundation Board
INF 123 SW ARCH, DIST SYS & INTEROP LECTURE 16 Prof. Crista Lopes.
Smartphone-based authorization system Advisor: Dr. Wenjun Zeng - Professor Presenter: Yilihamujiang, Ailiyasijiang Zhou, Guanlong Al-Sinani, H. S. (2011).
22 May 2008IVOA Trieste: Grid & Web Services1 Alternate security mechanisms Matthew J. Graham (Caltech, NVO) T HE US N ATIONAL V IRTUAL O BSERVATORY.
The Alfresco API Steven Glover Gethin James Peter Monks.
Hannes Tschofenig (IETF#79, SAAG, Beijing). Acknowledgements I would like to thank to Pasi Eronen. I am re- using some of his slides in this presentation.
Securing Angular Apps Brian Noyes CTO & Co-founder, Solliance Inc (www.solliance.net)www.solliance.net
Practical Steps to Secure your APIs for Mobile Mark O’Neill VP Innovation, Axway.
Esri UC 2014 | Demo Theater | Using ArcGIS Online App Logins in Node.js James Tedrick.
#SummitNow Consuming OAuth Services in Alfresco Share Alfresco Summit 2013 Will Abson
Copyright ©2012 Ping Identity Corporation. All rights reserved.1.
User signs in to WindowsUser is signed in to your app 12.
OAuth 2.0 By “PJ” (JP on meetup.com) iOS and PHP developer, and occasional lawyer Contact me via:
11 | Managing User Info Jeremy Foster Michael Palermo
Federated Shibboleth, OpenID, oAuth, and Multifactor | 1 Federated Shibboleth, OpenID, oAuth, and Multifactor Russell Beall Senior Programmer/Analyst University.
1 Trillion Azure AD authentications since the release of the service 50 M Office 365 users active every month >1 Billion authentications every.
Use Outlook Task API to access tasks stored on user’s mailbox. These REST API’s are Simple to use. Supports CRUD. JSON structured. OAuth 2.0.
Versatrans E-Link Parent look up and review of student Transportation Information.
Getting started with VendorVision Getting started with VendorVision Congratulations on using VendorVision! To get started, go to the VendorVision.
SAML & OAuth V2 Nov 19/09. Goals Explore (useful) combinations of SAML & Oauth Builds on 2008 proposal from Ping ID for combining SAML SSO & Oauth authz.
Web Login, Cookies Web Login | Old way HTML
ASP.NET 2.0 Security Alex Mackman CM Group Ltd
SSO Case Study Suchin Rengan Principal Technical Architect Salesforce.com.
Module 11: Securing a Microsoft ASP.NET Web Application.
FI-WARE Testbed Access Control temporary solution.
PHP Secure Communications Web Technologies Computing Science Thompson Rivers University.
The Design and Implementation of an OpenID-Enabled PKI Kevin Bauer University of Colorado Supervisor: Dhiva Muruganantham.
Authentication Simon Cross Partner Engineer facebook.com/sicross An Overview.
The Expressions for Internet & e-Commerce Complied by Terri Yueh.
Will Darby April What is Federated Security Security Assertion Markup Language (SAML) Overview Example Implementations Alternative.
Your Guide to Family Connection Welcome, Ms. Scasso! Your counselor has created an account for you on Family Connection, a website to help you plan for.
Session 11: Security with ASP.NET. Overview Web Application Security: Authentication vs. Authorization – What Are ASP.NET Authentication Methods? – Comparing.
How to maintain state in a stateless web Shirley Cohen
Mashing Up with User-Centric Identity America Online LLC John Panzer, Praveen Alavilli.
Creating a Canvas Account! Follow these simple directions to access the course materials for this year.
2-levels Access control for HTTP binding Group Name: WG4 (& WG2/WG3 for information) Source: Shingo Fujimoto, FUJITSU, Meeting.
OAuth 2.0 in Depth By Rohit Ghatol SynerzipSynerzip Passionate about TechNextTechNext.
The New Data Sync Solution Pete Calvert
Web Application Authentication with PKI & Other Functions Bill Weems & Mark B. Jones Academic Technology University of Texas Health Science Center at Houston.
Authority of Information Technology Application National Center of Digital Signature Authentication Ninh Binh, June 25, 2010.
Student Experience It’s your education Type the web site address into the browser given to you by your junior high or high school Select “I am a student”
CS5204 – Operating Systems 1 A Private Key System KERBEROS.
© 2017 SlidePlayer.com Inc. All rights reserved.