Loading...
Flash Player 9 (or above) is needed to view slideshows. We have detected that you do not have it on your computer.To install it, go here
- All Comments (0)
- Notes on Slide 1
-
guestb2de93 said 12 months Edit Deletesuckage... how much slower can this site be...
-
craigs favorited this 1 week ago
-
rawwell favorited this 3 weeks ago
-
Eyelid favorited this 1 month ago
-
Vetruve favorited this 2 months ago
-
artxtra favorited this 2 months ago
-
simstu favorited this 3 months ago
-
charlenopires favorited this 3 months ago
-
yining favorited this 4 months ago
-
josebenjaminp favorited this 4 months ago
-
prabathsiriwardena favorited this 5 months ago
-
bryanzk favorited this 6 months ago
-
igeek favorited this 6 months ago
-
jayslide favorited this 6 months ago
-
davidcoxon favorited this 6 months ago
-
laurentfp favorited this 6 months ago
-
sethop favorited this 7 months ago
-
tim.lossen.de favorited this 7 months ago
-
yypower favorited this 7 months ago
-
iolo favorited this 7 months ago
-
nickdenardis favorited this 8 months ago
-
Ylodi favorited this 8 months ago
-
bartek.sekula favorited this 8 months ago
-
oozin favorited this 8 months ago
-
portenkirchner favorited this 10 months ago
-
schee favorited this 11 months ago
-
alexchaffee favorited this 11 months ago
-
narain favorited this 11 months ago
-
coelhotv favorited this 12 months ago
-
krishnan favorited this 2 years ago
-
factoryjoe favorited this 2 years ago
-
Added to the group OAuth by factoryjoe
-
thegrid favorited this 2 years ago
OAuth - Open API Authentication
7565 views | 1 comments | 31 favorites | embeds (Stats)
Desc: http://www.justin.tv/hackertv/49975/Tech_Talk_1_Leah_Culver_on_OAuth
Tech talk about OAuth, and open standard for API authentication. Originally broadcast on Justin.tv.
More Info
This slideshow is Public
Views: 7565 Comments: 1 Favorites: 31 Downloads: 311
View Details:
7344 on Slideshare
from embeds
Most viewed embeds (Top 5):
- 145 views: http://www.simpleentrepreneur.com
- 45 views: http://www.netvibes.com
- 11 views: http://www.etonfinance.com
- 9 views: http://www.poso.dk
- 4 views: http://wiki.reunion.com
All Embeds:
- 145 views: http://www.simpleentrepreneur.com
- 45 views: http://www.netvibes.com
- 11 views: http://www.etonfinance.com
- 9 views: http://www.poso.dk
- 4 views: http://wiki.reunion.com
- 3 views: http://dev2.fossbolivia.com
- 1 views: http://tepper.pl
- 1 views: http://local.simpleentrepreneur.com
- 1 views: http://static.slideshare.net
- 1 views: http://www.identites-numeriques.net
Slideshow Transcript
- Slide 1: OAuth Basic Introduction
- Slide 2: What is OAuth? A simple open standard for secure API authentication.
- Slide 3: The Love Triangle End User Service Provider Consumer Application (fake applications by EHL) http://www.hueniverse.com/hueniverse/2007/10/oauth-end-user-.html
- Slide 4: Specifically OAuth is... • Authentication Need to log in to access parts of a website ex: bookmark a link, post a photo, add a friend, view a private message • Token-based Authentication Logged-in user has a unique token used to access data from the site
- Slide 5: Similar to... • Flickr Auth • Google’s AuthSub • Yahoo’s BBAuth • Facebook Auth • and others...
- Slide 6: Who is involved?
- Slide 7: Goals: Be Simple • standard for website API authentication • consistent for developers • easy for users to understand * * this is hard
- Slide 8: Goals: Be Secure • secure for users • easy to implement security features for developers • balance security with ease of use
- Slide 9: Goals: Be Open • any website can implement OAuth • any developer can use OAuth • open source client libraries • published technical specifications
- Slide 10: Goals: Be Flexible • don’t need a username and password • authentication method agnostic • can use OpenID (or not!) • whatever works best for the web service • developers don’t need to handle auth
- Slide 11: What the end user sees... an example from ma.gnolia and nsyght.
- Slide 12: OMG! Need to login!
- Slide 13: Login with service provider
- Slide 14: Authorize
- Slide 15: Done!
- Slide 16: How Does OAuth Work? (for developers)
- Slide 17: Register a Consumer Application • Provide service provider with data about your application (name, creator, url etc...) • Service provider assigns consumer a consumer key and consumer secret • Service provider gives documentation of authorization URLs and methods
- Slide 18: Authorization Process 1. Obtain request token 2. User authorizes request token 3. Exchange request token for access token 4. Use access token to obtain protected resources
- Slide 19: OAuth Parameters • oauth_consumer_key • oauth_token • oauth_signature • oauth_signature_method • oauth_timestamp • oauth_nonce
- Slide 20: Where is this information passed? • HTTP Authorization header • HTTP POST request body (form params) • URL query string parameters
- Slide 21: Security • Tokens - aren’t passing username/password • Timestamp and nonce - verify unique requests • Signature - encrypted parameters help service provider recognize consumer • Signature methods - HMAC-SHA1, RSA- SHA1, Plaintext over a secure channel (such as SSL)
- Slide 22: Current Status of OAuth • oauth.net • Auth Core 1.0 Draft 7 • several libraries Python, Ruby, Perl, C# ...) for consumers and service providers (PHP, • Ma.gnolia and Twitter implementations • more implementations soon!
- Slide 23: Thanks! Chris is still working on the logo...
