SlideShare ist ein Scribd-Unternehmen logo

#dd12 OAuth for Domino Developers

Dominopoint - Italian Lotus User Group
Dominopoint - Italian Lotus User Group
Technologie
1 von 69
OAuth for the Domino Developer Julian Robichaux panagenda
Too Many Logins • Every website has its own login • How many different web accounts do you have? – 5, 10, 20... ??? – I have 4 different accounts on IBM.com! • Very annoying, and bad security – You re-use passwords or write them down 2
Single-Sign On • Why isn’t there a global single-sign on (SSO)? • It would be great to have one account that logs in to everything – Google wants that. So does Facebook. • Problems: – If someone hacks the “master” account, they can log in everywhere – Websites want user information for marketing 3
The Password Problem • What if we share logins on multiple websites? • Where do you login? – If you “give” your password to one website so it can validate your account on a different website, that is a big security problem – If you are already logged in to one website, how does another website know who you are? 4
A Real World Example sort of...
Tony has a very cool disco. 6
Tony has a list of friends.Only the people on Tony’s list can come into the disco. 7
Frank has a very cool bar. 8
Frank also has a list of friends, and only the people on Frank’s list can come into his bar. 9
Tony wants Frank’s cool customers to come dance at his disco. 10
He asks for Frank’s list, so he knows who Frank’s friends are. 11
Frank says, “NO, you can’t have my list.” 12
Frank says, “NO, you can’t have my list.” “I have a better idea.” 13
We will use this special ticket (it’s called a “token”). 14
If you give this Token to someone and they come back with my signature, that means they are on my list. 15
Natalie wants to go to Tony’s disco. 16
Hi. I’m Frank’s friend!! She is not on Tony’s list, but she is a friend of Frank’s. 17
Okay, have Frank sign that. Tony gives her a blank token and asks her to get it signed by Frank. 18
Natalie brings Frank the token. Frank knows it is from Tony’s disco because it is the same token he and Tony agreed upon. 19
01-01-12 19:00 Frank knows Natalie, so he signs the token and he puts a time stamp on it. 20
01-01-12 19:00 Natalie brings the token back to Tony. He knows it’s his token, and it’s Frank’s signature. 21
01-01-12 19:00 So Tony lets Natalie in, and she dances all night. 22
End of Our Story
What Did We Learn? • Tony and Frank did NOT have to share their list of customers (logins) • All they needed was a token and a signature – Frank knew what the token looks like – Tony knew what the signature looks like • Natalie never had to give her personal information (name & password) to Tony 24
Why the Timestamp? • The timestamp means the token is good NOW • That way you can’t re-use a token from yesterday, or last week, or whatever the time-out period is • It also shows that Natalie was STILL on Frank’s friend list 01-01-12 19:00 25
What About OAuth? • This is very similar to how “3-Legged” OAuth works 26
3-Legged OAuth User Consumer Service Provider (website you want to visit) (where your account lives) #1: Create a Request Token
3-Legged OAuth User Consumer Service Provider (website you want to visit) (where your account lives) #1: Create a Request Token #2: Go to a website
3-Legged OAuth User Consumer Service Provider (website you want to visit) (where your account lives) #1: Create a Request Token #2: Go to a website
3-Legged OAuth User Consumer Service Provider (website you want to visit) (where your account lives) #1: Create a Request Token #2: Go to a website #3: Receive the Request Token, get redirected to the Service Provider
3-Legged OAuth User Consumer Service Provider (website you want to visit) (where your account lives) #1: Create a Request Token #2: Go to a website #3: Receive the Request Token, get redirected to the Service Provider
3-Legged OAuth User Consumer Service Provider (website you want to visit) (where your account lives) #1: Create a Request Token #2: Go to a website #3: Receive the Request Token, get redirected to the Service Provider #4: Log in to the Service Provider, Request Token is now Authorized 01-01-12 19:00
3-Legged OAuth User Consumer Service Provider (website you want to visit) (where your account lives) #1: Create a Request Token #2: Go to a website #3: Receive the Request Token, get redirected to the Service Provider #4: Log in to the Service Provider, Request Token is now Authorized 01-01-12 19:00 #5: Okay, you’re authenticated
3-Legged OAuth User Consumer Service Provider (website you want to visit) (where your account lives) #1: Create a Request Token #2: Go to a website #3: Receive the Request Token, get redirected to the Service Provider #4: Log in to the Service Provider, Request Token is now Authorized 01-01-12 19:00 #5: Okay, you’re authenticated if access #6: Get an Access Token to user info is allowed
3-Legged OAuth User Consumer Service Provider (website you want to visit) (where your account lives) #1: Create a Request Token #2: Go to a website #3: Receive the Request Token, get redirected to the Service Provider #4: Log in to the Service Provider, Request Token is now Authorized 01-01-12 19:00 #5: Okay, you’re authenticated if access #6: Get an Access Token to user info is allowed
3-Legged OAuth User Consumer Service Provider (website you want to visit) (where your account lives) #1: Create a Request Token #2: Go to a website #3: Receive the Request Token, get redirected to the Service Provider #4: Log in to the Service Provider, Request Token is now Authorized 01-01-12 19:00 #5: Okay, you’re authenticated if access #6: Get an Access Token to user info is We are authorized. Let’s work. allowed
OAuth Goals • Do NOT send or share passwords • Access should be limited – How much user data can be seen? – How long does the access last? • Access can be revoked 37
Data Transmission • How do the tokens get passed from client to server? • Depends on the server. Options include: – URL query string parameters – POST requests – Cookies • You should always use HTTPS 38
OAuth Security • Token signatures and shared secrets – Trust the cryptography • Two different kinds of tokens (request and access) • NONCE’s (Number used ONCE) and timestamps to prevent replay attacks • User information is not shared (unless that’s part of what’s being authorized) 39
Who Uses OAuth? • OAuth Core 1.0 • Google • Facebook • Created in 2006 • Twitter • Published December 2007 • Flickr • Finalized April 2010 • Yahoo (RFC 5849) • Amazon AWS • OAuth 2.0 • TripIt • Currently being • Instagram standardized • Evernote • Some sites are • And more... already using it 40
What’s in OAuth 2.0? • Based on more use-cases and lessons learned • Better for mobile app developers – It’s hard to do OAuth redirection on mobile – New “2-Legged” OAuth models are easier • Simplified signature process • Refreshable tokens • Easier to scale on the server side 41
OAuth on Lotus Domino • Great code already written by Niklas Heidloff and Phillippe Riand from IBM geniuses • Free! Open-source! On OpenNTF.org – Old version: http://socialenabler.openntf.org • New version in the XPages Extension Library – http://extlib.openntf.org 42
In The Toolkit • ExtLib plugins – Contain code and wrappers for using OAuth • WebSecurityStore.ntf template – Set up and store OAuth tokens • XPagesSBT.nsf database – Examples for accessing Dropbox, Facebook, Twitter, LotusLive, and more! 43
Setting Up The Toolkit • Detailed instructions in “Appendix A” of these slides • Basic overview: – Lotus Domino server 8.5.3 or higher – Create an UpdateSite for the ExtLib plugins – Create and configure WebSecurityStore.nsf – Look at the examples in XPagesSBT.nsf 44
An Example: Dropbox! 45
Resources and Links • http://oauth.net • http://hueniverse.com/oauth • http://hueniverse.com/2009/11/planning-for-oauth-2-0 • http://www.slideshare.net/briandavidcampbell/is-that-a-token-in-your- phone-in-your-pocket-or-are-you-just-glad-to-see-me-oauth-20-and- mobile-devices • https://www.pingidentity.com/resource-center/oauth-essentials.cfm • https://www.dropbox.com/developers/start • http://cgeers.com/2011/12/29/dropbox-rest-api-part-1-authentication • http://tripit.github.com/api/doc/v1 • http://blog.andydenmark.com/2009/03/how-to-build-oauth- consumer.html 46
Lotus-Specific • http://extlib.openntf.org • Niklas Heidloff’s demo of an older version of the Social Business Toolkit: http://www.youtube.com/watch?v=UAmgqP20Okw • Lotusphere 2012 sessions AD104 & AD105 • Matt White’s example of connecting to Facebook with OAuth: http://mattwhite.me/blog/2010/10/20/how-to-get- sso-for-facebook-working-with-xpages.html 47
You can read this later Appendix A Setting up the XPages Extension Library to access Dropbox
Step 1: Download ExtLib • http://extlib.openntf.org 49 49
Step 2: Set Up ExtLib • Make sure you’re running Domino 8.5.3+ • Follow the excellent instructions at: http://www- 10.lotus.com/ldd/ddwiki.nsf/dx/XPages_Extension_Library_Deployment – Create an Update Site database – Import plugins – Add notes.ini variable – Restart HTTP task 50
Step 3: WebSecurityStore.ntf • Copy WebSecurityStore.ntf to the Domino data directory • Sign the NTF with an administrator ID • Create a WebSecurityStore.nsf database from the template – Use the exact name WebSecurityStore.nsf – Use the root Domino data directory (not a subdirectory) 51
sign the template in DDE 52
no subdirectory; must be named WebSecurityStore.nsf OAuth Token Store Template (WebSecurityStore.ntf)
Step 4: Get a Dropbox App ID • Go to http://www.dropbox.com/developers – “My Apps” – Accept license agreement – “Create an App” • Fill out information for your custom App ID – Used for generating tokens for your app – Access type must be “Full Dropbox” for this 54
you will need these later important: use “Full Dropbox” 55
Step 5: Add a Token • Open http://your.server/websecuritystore.nsf/KeysApplic ations.xsp • Click the “Add Token” button: – App ID=XPagesSBT, Service Name=Dropbox – Add your Dropbox Consumer Key and Secret – Use redirection URLs from Dropbox: https://www.dropbox.com/developers/reference/api 56
App ID = XPagesSBT Service Name = Dropbox Key Type = HMAC-SHA1 Uri values from https://www.dropbox.com/developers/reference/api 57
Step 6: XPagesSBT.nsf • Copy the XPagesSBT.nsf database to your Domino server (name and location do not matter) – It is in the zip of ExtLib files you downloaded from OpenNTF • Sign it with an administrator ID 58
Step 7: Try It Out! • Go to: http://your.server/XPagesSBT.nsf/DropboxFiles.xsp • You should be prompted to log in to Dropbox... – Log in – Authorize the XPages app – View your Dropbox files in XPages 59
60
61
62
Watch the OAuth Dance • If you want to see what’s going on with your OAuth tokens when you log in • Open http://your.server/XPagesSBT.nsf/DropboxOauth.xsp – Shows token information read in from WebSecurityStore.nsf – Add, delete, and renew tokens 63
64
Overriding Defaults • Default name & location for WebSecurityStore.nsf is in the faces-config.xml file of XPagesSBT.nsf • Default app ID & service name for Dropbox is also in faces-config.xml of XPagesSBT.nsf • If you change your consumer keys or secrets in WebSecurityStore.nsf, you might need to restart the server and browser to make sure all the old information goes away 65
66
XPages ExtLib Book • More information on using the OAuth custom controls and plugins in the “XPages Extension Library” book at IbmPressBooks.com 67
Thank You! Julian Robichaux jrobichaux@panagenda.com
Grazie agli sponsor per aver reso possibile i Dominopoint Days 2012! Main Sponsor Vad sponsor Platinum sponsor Gold sponsor 69

Empfohlen

Powerpoint venezuela[1]
Powerpoint venezuela[1]Powerpoint venezuela[1]
Powerpoint venezuela[1]jojobear
 
La lengua vasca
La lengua vascaLa lengua vasca
La lengua vascaMoisés Carrera
 
Narcotrafico
NarcotraficoNarcotrafico
NarcotraficoBenjamin Castillo Marin
 
AD1387: Outside The Box: Integrating with Non-Domino Apps using XPages and Ja...
AD1387: Outside The Box: Integrating with Non-Domino Apps using XPages and Ja...AD1387: Outside The Box: Integrating with Non-Domino Apps using XPages and Ja...
AD1387: Outside The Box: Integrating with Non-Domino Apps using XPages and Ja...panagenda
 
Ti 1217 extend and surround your Adobe DX solutions with IBM Software
Ti 1217 extend and surround your Adobe DX solutions with IBM SoftwareTi 1217 extend and surround your Adobe DX solutions with IBM Software
Ti 1217 extend and surround your Adobe DX solutions with IBM SoftwareHeiko Voigt
 
Synergies of Cloud Identity: Putting it All Together
Synergies of Cloud Identity: Putting it All TogetherSynergies of Cloud Identity: Putting it All Together
Synergies of Cloud Identity: Putting it All TogetherTwobo Technologies
 
Transforming organizations into platforms
Transforming organizations into platformsTransforming organizations into platforms
Transforming organizations into platformsTwobo Technologies
 
Beveiliging en REST services
Beveiliging en REST servicesBeveiliging en REST services
Beveiliging en REST servicesMaurice De Beijer [MVP]
 

Empfohlen

Powerpoint venezuela[1]
Powerpoint venezuela[1]Powerpoint venezuela[1]
Powerpoint venezuela[1]jojobear
 
La lengua vasca
La lengua vascaLa lengua vasca
La lengua vascaMoisés Carrera
 
Narcotrafico
NarcotraficoNarcotrafico
NarcotraficoBenjamin Castillo Marin
 
AD1387: Outside The Box: Integrating with Non-Domino Apps using XPages and Ja...
AD1387: Outside The Box: Integrating with Non-Domino Apps using XPages and Ja...AD1387: Outside The Box: Integrating with Non-Domino Apps using XPages and Ja...
AD1387: Outside The Box: Integrating with Non-Domino Apps using XPages and Ja...panagenda
 
Ti 1217 extend and surround your Adobe DX solutions with IBM Software
Ti 1217 extend and surround your Adobe DX solutions with IBM SoftwareTi 1217 extend and surround your Adobe DX solutions with IBM Software
Ti 1217 extend and surround your Adobe DX solutions with IBM SoftwareHeiko Voigt
 
Synergies of Cloud Identity: Putting it All Together
Synergies of Cloud Identity: Putting it All TogetherSynergies of Cloud Identity: Putting it All Together
Synergies of Cloud Identity: Putting it All TogetherTwobo Technologies
 
Transforming organizations into platforms
Transforming organizations into platformsTransforming organizations into platforms
Transforming organizations into platformsTwobo Technologies
 
Beveiliging en REST services
Beveiliging en REST servicesBeveiliging en REST services
Beveiliging en REST servicesMaurice De Beijer [MVP]
 
Incorporating OAuth
Incorporating OAuthIncorporating OAuth
Incorporating OAuthTwobo Technologies
 
Designing an API
Designing an APIDesigning an API
Designing an APITwobo Technologies
 
Nordic APIs - Integrated Social Solutions for a Cloudy, Mobile World
Nordic APIs - Integrated Social Solutions for a Cloudy, Mobile WorldNordic APIs - Integrated Social Solutions for a Cloudy, Mobile World
Nordic APIs - Integrated Social Solutions for a Cloudy, Mobile WorldTwobo Technologies
 
Wie aus einer feder fünf tote hühner wurden
Wie aus einer feder fünf tote hühner wurdenWie aus einer feder fünf tote hühner wurden
Wie aus einer feder fünf tote hühner wurdenJoachim Haydecker
 
SCIM presentation from CIS 2012
SCIM presentation from CIS 2012SCIM presentation from CIS 2012
SCIM presentation from CIS 2012Twobo Technologies
 
Twobo LDAP Attribute Store for ADFS
Twobo LDAP Attribute Store for ADFSTwobo LDAP Attribute Store for ADFS
Twobo LDAP Attribute Store for ADFSTwobo Technologies
 
Introduction to OAuth2.0
Introduction to OAuth2.0Introduction to OAuth2.0
Introduction to OAuth2.0Oracle Corporation
 
Neo-security Stack
Neo-security StackNeo-security Stack
Neo-security StackTwobo Technologies
 
The JSON-based Identity Protocol Suite
The JSON-based Identity Protocol SuiteThe JSON-based Identity Protocol Suite
The JSON-based Identity Protocol SuiteTwobo Technologies
 
DNUG 2012 Keynote - Social Business with IBM Connections
DNUG 2012 Keynote - Social Business with IBM ConnectionsDNUG 2012 Keynote - Social Business with IBM Connections
DNUG 2012 Keynote - Social Business with IBM ConnectionsNiklas Heidloff
 
IBM Mobile strategy for Social Business - May 2012
IBM Mobile strategy for Social Business - May 2012IBM Mobile strategy for Social Business - May 2012
IBM Mobile strategy for Social Business - May 2012Ed Brill
 
Managing Identity by Giving Up Control - Scott Morrison, SVP & Distinguished ...
Managing Identity by Giving Up Control - Scott Morrison, SVP & Distinguished ...Managing Identity by Giving Up Control - Scott Morrison, SVP & Distinguished ...
Managing Identity by Giving Up Control - Scott Morrison, SVP & Distinguished ...CA API Management
 
Keynote apertura Dominopoint Days 2013, #dd13
Keynote apertura Dominopoint Days 2013, #dd13Keynote apertura Dominopoint Days 2013, #dd13
Keynote apertura Dominopoint Days 2013, #dd13Dominopoint - Italian Lotus User Group
 
JavaOne 2014 - Securing RESTful Resources with OAuth2
JavaOne 2014 - Securing RESTful Resources with OAuth2JavaOne 2014 - Securing RESTful Resources with OAuth2
JavaOne 2014 - Securing RESTful Resources with OAuth2Rodrigo Cândido da Silva
 
Nordic APIs - Building a Secure API
Nordic APIs - Building a Secure APINordic APIs - Building a Secure API
Nordic APIs - Building a Secure APITwobo Technologies
 
OAuth and OpenID Connect for Microservices
OAuth and OpenID Connect for MicroservicesOAuth and OpenID Connect for Microservices
OAuth and OpenID Connect for MicroservicesTwobo Technologies
 
TOTP - Time-Based One Time password in Domino
TOTP - Time-Based One Time password in DominoTOTP - Time-Based One Time password in Domino
TOTP - Time-Based One Time password in DominoDominopoint - Italian Lotus User Group
 
Domino Backup V12 - Un nuovo Task
Domino Backup V12 - Un nuovo TaskDomino Backup V12 - Un nuovo Task
Domino Backup V12 - Un nuovo TaskDominopoint - Italian Lotus User Group
 
Mail Client from Traveler to Verse On-Premises
Mail Client from Traveler to Verse On-PremisesMail Client from Traveler to Verse On-Premises
Mail Client from Traveler to Verse On-PremisesDominopoint - Italian Lotus User Group
 
IBM Worspace: Towards a culture of conversations
IBM Worspace: Towards a culture of conversationsIBM Worspace: Towards a culture of conversations
IBM Worspace: Towards a culture of conversationsDominopoint - Italian Lotus User Group
 
Microsoft Outlook for Domino (IMSMO)
Microsoft Outlook for Domino (IMSMO)Microsoft Outlook for Domino (IMSMO)
Microsoft Outlook for Domino (IMSMO)Dominopoint - Italian Lotus User Group
 
Riding the Enterprise Integration train
Riding the Enterprise Integration trainRiding the Enterprise Integration train
Riding the Enterprise Integration trainDominopoint - Italian Lotus User Group
 

Weitere ähnliche Inhalte

Andere mochten auch

Nordic APIs - Integrated Social Solutions for a Cloudy, Mobile World
Nordic APIs - Integrated Social Solutions for a Cloudy, Mobile WorldNordic APIs - Integrated Social Solutions for a Cloudy, Mobile World
Nordic APIs - Integrated Social Solutions for a Cloudy, Mobile WorldTwobo Technologies
 
Wie aus einer feder fünf tote hühner wurden
Wie aus einer feder fünf tote hühner wurdenWie aus einer feder fünf tote hühner wurden
Wie aus einer feder fünf tote hühner wurdenJoachim Haydecker
 
SCIM presentation from CIS 2012
SCIM presentation from CIS 2012SCIM presentation from CIS 2012
SCIM presentation from CIS 2012Twobo Technologies
 
Twobo LDAP Attribute Store for ADFS
Twobo LDAP Attribute Store for ADFSTwobo LDAP Attribute Store for ADFS
Twobo LDAP Attribute Store for ADFSTwobo Technologies
 
The JSON-based Identity Protocol Suite
The JSON-based Identity Protocol SuiteThe JSON-based Identity Protocol Suite
The JSON-based Identity Protocol SuiteTwobo Technologies
 
DNUG 2012 Keynote - Social Business with IBM Connections
DNUG 2012 Keynote - Social Business with IBM ConnectionsDNUG 2012 Keynote - Social Business with IBM Connections
DNUG 2012 Keynote - Social Business with IBM ConnectionsNiklas Heidloff
 
IBM Mobile strategy for Social Business - May 2012
IBM Mobile strategy for Social Business - May 2012IBM Mobile strategy for Social Business - May 2012
IBM Mobile strategy for Social Business - May 2012Ed Brill
 
Managing Identity by Giving Up Control - Scott Morrison, SVP & Distinguished ...
Managing Identity by Giving Up Control - Scott Morrison, SVP & Distinguished ...Managing Identity by Giving Up Control - Scott Morrison, SVP & Distinguished ...
Managing Identity by Giving Up Control - Scott Morrison, SVP & Distinguished ...CA API Management
 
JavaOne 2014 - Securing RESTful Resources with OAuth2
JavaOne 2014 - Securing RESTful Resources with OAuth2JavaOne 2014 - Securing RESTful Resources with OAuth2
JavaOne 2014 - Securing RESTful Resources with OAuth2Rodrigo Cândido da Silva
 
Nordic APIs - Building a Secure API
Nordic APIs - Building a Secure APINordic APIs - Building a Secure API
Nordic APIs - Building a Secure APITwobo Technologies
 
OAuth and OpenID Connect for Microservices
OAuth and OpenID Connect for MicroservicesOAuth and OpenID Connect for Microservices
OAuth and OpenID Connect for MicroservicesTwobo Technologies
 

Andere mochten auch (16)

Incorporating OAuth
Incorporating OAuthIncorporating OAuth
Incorporating OAuth
 
Designing an API
Designing an APIDesigning an API
Designing an API
 
Nordic APIs - Integrated Social Solutions for a Cloudy, Mobile World
Nordic APIs - Integrated Social Solutions for a Cloudy, Mobile WorldNordic APIs - Integrated Social Solutions for a Cloudy, Mobile World
Nordic APIs - Integrated Social Solutions for a Cloudy, Mobile World
 
Wie aus einer feder fünf tote hühner wurden
Wie aus einer feder fünf tote hühner wurdenWie aus einer feder fünf tote hühner wurden
Wie aus einer feder fünf tote hühner wurden
 
SCIM presentation from CIS 2012
SCIM presentation from CIS 2012SCIM presentation from CIS 2012
SCIM presentation from CIS 2012
 
Twobo LDAP Attribute Store for ADFS
Twobo LDAP Attribute Store for ADFSTwobo LDAP Attribute Store for ADFS
Twobo LDAP Attribute Store for ADFS
 
Introduction to OAuth2.0
Introduction to OAuth2.0Introduction to OAuth2.0
Introduction to OAuth2.0
 
Neo-security Stack
Neo-security StackNeo-security Stack
Neo-security Stack
 
The JSON-based Identity Protocol Suite
The JSON-based Identity Protocol SuiteThe JSON-based Identity Protocol Suite
The JSON-based Identity Protocol Suite
 
DNUG 2012 Keynote - Social Business with IBM Connections
DNUG 2012 Keynote - Social Business with IBM ConnectionsDNUG 2012 Keynote - Social Business with IBM Connections
DNUG 2012 Keynote - Social Business with IBM Connections
 
IBM Mobile strategy for Social Business - May 2012
IBM Mobile strategy for Social Business - May 2012IBM Mobile strategy for Social Business - May 2012
IBM Mobile strategy for Social Business - May 2012
 
Managing Identity by Giving Up Control - Scott Morrison, SVP & Distinguished ...
Managing Identity by Giving Up Control - Scott Morrison, SVP & Distinguished ...Managing Identity by Giving Up Control - Scott Morrison, SVP & Distinguished ...
Managing Identity by Giving Up Control - Scott Morrison, SVP & Distinguished ...
 
Keynote apertura Dominopoint Days 2013, #dd13
Keynote apertura Dominopoint Days 2013, #dd13Keynote apertura Dominopoint Days 2013, #dd13
Keynote apertura Dominopoint Days 2013, #dd13
 
JavaOne 2014 - Securing RESTful Resources with OAuth2
JavaOne 2014 - Securing RESTful Resources with OAuth2JavaOne 2014 - Securing RESTful Resources with OAuth2
JavaOne 2014 - Securing RESTful Resources with OAuth2
 
Nordic APIs - Building a Secure API
Nordic APIs - Building a Secure APINordic APIs - Building a Secure API
Nordic APIs - Building a Secure API
 
OAuth and OpenID Connect for Microservices
OAuth and OpenID Connect for MicroservicesOAuth and OpenID Connect for Microservices
OAuth and OpenID Connect for Microservices
 

Mehr von Dominopoint - Italian Lotus User Group

IBM Connections How to use existing data to increase adoption success with IB...
IBM Connections How to use existing data to increase adoption success with IB...IBM Connections How to use existing data to increase adoption success with IB...
IBM Connections How to use existing data to increase adoption success with IB...Dominopoint - Italian Lotus User Group
 

Mehr von Dominopoint - Italian Lotus User Group (20)

TOTP - Time-Based One Time password in Domino
TOTP - Time-Based One Time password in DominoTOTP - Time-Based One Time password in Domino
TOTP - Time-Based One Time password in Domino
 
Domino Backup V12 - Un nuovo Task
Domino Backup V12 - Un nuovo TaskDomino Backup V12 - Un nuovo Task
Domino Backup V12 - Un nuovo Task
 
Mail Client from Traveler to Verse On-Premises
Mail Client from Traveler to Verse On-PremisesMail Client from Traveler to Verse On-Premises
Mail Client from Traveler to Verse On-Premises
 
IBM Worspace: Towards a culture of conversations
IBM Worspace: Towards a culture of conversationsIBM Worspace: Towards a culture of conversations
IBM Worspace: Towards a culture of conversations
 
Microsoft Outlook for Domino (IMSMO)
Microsoft Outlook for Domino (IMSMO)Microsoft Outlook for Domino (IMSMO)
Microsoft Outlook for Domino (IMSMO)
 
Riding the Enterprise Integration train
Riding the Enterprise Integration trainRiding the Enterprise Integration train
Riding the Enterprise Integration train
 
Ortocloud l'applicazione per fare orto su Bluemix
Ortocloud l'applicazione per fare orto su BluemixOrtocloud l'applicazione per fare orto su Bluemix
Ortocloud l'applicazione per fare orto su Bluemix
 
Meetit16 KeyNote di Apertura
Meetit16 KeyNote di AperturaMeetit16 KeyNote di Apertura
Meetit16 KeyNote di Apertura
 
IBM Domino Modernizing apps with Angularjs
IBM Domino Modernizing apps with AngularjsIBM Domino Modernizing apps with Angularjs
IBM Domino Modernizing apps with Angularjs
 
IBM Connections How to use existing data to increase adoption success with IB...
IBM Connections How to use existing data to increase adoption success with IB...IBM Connections How to use existing data to increase adoption success with IB...
IBM Connections How to use existing data to increase adoption success with IB...
 
Cloudant e XPages
Cloudant e XPagesCloudant e XPages
Cloudant e XPages
 
IBM Bluemix
IBM BluemixIBM Bluemix
IBM Bluemix
 
IBM Connections 10 things every user should know
IBM Connections 10 things every user should knowIBM Connections 10 things every user should know
IBM Connections 10 things every user should know
 
IBM Verse New Way To Work
IBM Verse New Way To WorkIBM Verse New Way To Work
IBM Verse New Way To Work
 
Crossware MailSignature
Crossware MailSignatureCrossware MailSignature
Crossware MailSignature
 
Cooperteam soluzioni
Cooperteam soluzioniCooperteam soluzioni
Cooperteam soluzioni
 
Notes and Domino Roadmap
Notes and Domino RoadmapNotes and Domino Roadmap
Notes and Domino Roadmap
 
La Collaborazione Europea
La Collaborazione EuropeaLa Collaborazione Europea
La Collaborazione Europea
 
the future of work
the future of workthe future of work
the future of work
 
Dominopoint meet the experts 2015 - XPages
Dominopoint meet the experts 2015 - XPagesDominopoint meet the experts 2015 - XPages
Dominopoint meet the experts 2015 - XPages
 

Kürzlich hochgeladen

Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxLoriGlavin3
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxLoriGlavin3
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxLoriGlavin3
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxLoriGlavin3
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfMounikaPolabathina
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfPrecisely
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 

Kürzlich hochgeladen (20)

Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdf
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 

#dd12 OAuth for Domino Developers

  • 1. OAuth for the Domino Developer Julian Robichaux panagenda
  • 2. Too Many Logins • Every website has its own login • How many different web accounts do you have? – 5, 10, 20... ??? – I have 4 different accounts on IBM.com! • Very annoying, and bad security – You re-use passwords or write them down 2
  • 3. Single-Sign On • Why isn’t there a global single-sign on (SSO)? • It would be great to have one account that logs in to everything – Google wants that. So does Facebook. • Problems: – If someone hacks the “master” account, they can log in everywhere – Websites want user information for marketing 3
  • 4. The Password Problem • What if we share logins on multiple websites? • Where do you login? – If you “give” your password to one website so it can validate your account on a different website, that is a big security problem – If you are already logged in to one website, how does another website know who you are? 4
  • 5. A Real World Example sort of...
  • 6. Tony has a very cool disco. 6
  • 7. Tony has a list of friends.Only the people on Tony’s list can come into the disco. 7
  • 8. Frank has a very cool bar. 8
  • 9. Frank also has a list of friends, and only the people on Frank’s list can come into his bar. 9
  • 10. Tony wants Frank’s cool customers to come dance at his disco. 10
  • 11. He asks for Frank’s list, so he knows who Frank’s friends are. 11
  • 12. Frank says, “NO, you can’t have my list.” 12
  • 13. Frank says, “NO, you can’t have my list.” “I have a better idea.” 13
  • 14. We will use this special ticket (it’s called a “token”). 14
  • 15. If you give this Token to someone and they come back with my signature, that means they are on my list. 15
  • 16. Natalie wants to go to Tony’s disco. 16
  • 17. Hi. I’m Frank’s friend!! She is not on Tony’s list, but she is a friend of Frank’s. 17
  • 18. Okay, have Frank sign that. Tony gives her a blank token and asks her to get it signed by Frank. 18
  • 19. Natalie brings Frank the token. Frank knows it is from Tony’s disco because it is the same token he and Tony agreed upon. 19
  • 20. 01-01-12 19:00 Frank knows Natalie, so he signs the token and he puts a time stamp on it. 20
  • 21. 01-01-12 19:00 Natalie brings the token back to Tony. He knows it’s his token, and it’s Frank’s signature. 21
  • 22. 01-01-12 19:00 So Tony lets Natalie in, and she dances all night. 22
  • 23. End of Our Story
  • 24. What Did We Learn? • Tony and Frank did NOT have to share their list of customers (logins) • All they needed was a token and a signature – Frank knew what the token looks like – Tony knew what the signature looks like • Natalie never had to give her personal information (name & password) to Tony 24
  • 25. Why the Timestamp? • The timestamp means the token is good NOW • That way you can’t re-use a token from yesterday, or last week, or whatever the time-out period is • It also shows that Natalie was STILL on Frank’s friend list 01-01-12 19:00 25
  • 26. What About OAuth? • This is very similar to how “3-Legged” OAuth works 26
  • 27. 3-Legged OAuth User Consumer Service Provider (website you want to visit) (where your account lives) #1: Create a Request Token
  • 28. 3-Legged OAuth User Consumer Service Provider (website you want to visit) (where your account lives) #1: Create a Request Token #2: Go to a website
  • 29. 3-Legged OAuth User Consumer Service Provider (website you want to visit) (where your account lives) #1: Create a Request Token #2: Go to a website
  • 30. 3-Legged OAuth User Consumer Service Provider (website you want to visit) (where your account lives) #1: Create a Request Token #2: Go to a website #3: Receive the Request Token, get redirected to the Service Provider
  • 31. 3-Legged OAuth User Consumer Service Provider (website you want to visit) (where your account lives) #1: Create a Request Token #2: Go to a website #3: Receive the Request Token, get redirected to the Service Provider
  • 32. 3-Legged OAuth User Consumer Service Provider (website you want to visit) (where your account lives) #1: Create a Request Token #2: Go to a website #3: Receive the Request Token, get redirected to the Service Provider #4: Log in to the Service Provider, Request Token is now Authorized 01-01-12 19:00
  • 33. 3-Legged OAuth User Consumer Service Provider (website you want to visit) (where your account lives) #1: Create a Request Token #2: Go to a website #3: Receive the Request Token, get redirected to the Service Provider #4: Log in to the Service Provider, Request Token is now Authorized 01-01-12 19:00 #5: Okay, you’re authenticated
  • 34. 3-Legged OAuth User Consumer Service Provider (website you want to visit) (where your account lives) #1: Create a Request Token #2: Go to a website #3: Receive the Request Token, get redirected to the Service Provider #4: Log in to the Service Provider, Request Token is now Authorized 01-01-12 19:00 #5: Okay, you’re authenticated if access #6: Get an Access Token to user info is allowed
  • 35. 3-Legged OAuth User Consumer Service Provider (website you want to visit) (where your account lives) #1: Create a Request Token #2: Go to a website #3: Receive the Request Token, get redirected to the Service Provider #4: Log in to the Service Provider, Request Token is now Authorized 01-01-12 19:00 #5: Okay, you’re authenticated if access #6: Get an Access Token to user info is allowed
  • 36. 3-Legged OAuth User Consumer Service Provider (website you want to visit) (where your account lives) #1: Create a Request Token #2: Go to a website #3: Receive the Request Token, get redirected to the Service Provider #4: Log in to the Service Provider, Request Token is now Authorized 01-01-12 19:00 #5: Okay, you’re authenticated if access #6: Get an Access Token to user info is We are authorized. Let’s work. allowed
  • 37. OAuth Goals • Do NOT send or share passwords • Access should be limited – How much user data can be seen? – How long does the access last? • Access can be revoked 37
  • 38. Data Transmission • How do the tokens get passed from client to server? • Depends on the server. Options include: – URL query string parameters – POST requests – Cookies • You should always use HTTPS 38
  • 39. OAuth Security • Token signatures and shared secrets – Trust the cryptography • Two different kinds of tokens (request and access) • NONCE’s (Number used ONCE) and timestamps to prevent replay attacks • User information is not shared (unless that’s part of what’s being authorized) 39
  • 40. Who Uses OAuth? • OAuth Core 1.0 • Google • Facebook • Created in 2006 • Twitter • Published December 2007 • Flickr • Finalized April 2010 • Yahoo (RFC 5849) • Amazon AWS • OAuth 2.0 • TripIt • Currently being • Instagram standardized • Evernote • Some sites are • And more... already using it 40
  • 41. What’s in OAuth 2.0? • Based on more use-cases and lessons learned • Better for mobile app developers – It’s hard to do OAuth redirection on mobile – New “2-Legged” OAuth models are easier • Simplified signature process • Refreshable tokens • Easier to scale on the server side 41
  • 42. OAuth on Lotus Domino • Great code already written by Niklas Heidloff and Phillippe Riand from IBM geniuses • Free! Open-source! On OpenNTF.org – Old version: http://socialenabler.openntf.org • New version in the XPages Extension Library – http://extlib.openntf.org 42
  • 43. In The Toolkit • ExtLib plugins – Contain code and wrappers for using OAuth • WebSecurityStore.ntf template – Set up and store OAuth tokens • XPagesSBT.nsf database – Examples for accessing Dropbox, Facebook, Twitter, LotusLive, and more! 43
  • 44. Setting Up The Toolkit • Detailed instructions in “Appendix A” of these slides • Basic overview: – Lotus Domino server 8.5.3 or higher – Create an UpdateSite for the ExtLib plugins – Create and configure WebSecurityStore.nsf – Look at the examples in XPagesSBT.nsf 44
  • 46. Resources and Links • http://oauth.net • http://hueniverse.com/oauth • http://hueniverse.com/2009/11/planning-for-oauth-2-0 • http://www.slideshare.net/briandavidcampbell/is-that-a-token-in-your- phone-in-your-pocket-or-are-you-just-glad-to-see-me-oauth-20-and- mobile-devices • https://www.pingidentity.com/resource-center/oauth-essentials.cfm • https://www.dropbox.com/developers/start • http://cgeers.com/2011/12/29/dropbox-rest-api-part-1-authentication • http://tripit.github.com/api/doc/v1 • http://blog.andydenmark.com/2009/03/how-to-build-oauth- consumer.html 46
  • 47. Lotus-Specific • http://extlib.openntf.org • Niklas Heidloff’s demo of an older version of the Social Business Toolkit: http://www.youtube.com/watch?v=UAmgqP20Okw • Lotusphere 2012 sessions AD104 & AD105 • Matt White’s example of connecting to Facebook with OAuth: http://mattwhite.me/blog/2010/10/20/how-to-get- sso-for-facebook-working-with-xpages.html 47
  • 48. You can read this later Appendix A Setting up the XPages Extension Library to access Dropbox
  • 49. Step 1: Download ExtLib • http://extlib.openntf.org 49 49
  • 50. Step 2: Set Up ExtLib • Make sure you’re running Domino 8.5.3+ • Follow the excellent instructions at: http://www- 10.lotus.com/ldd/ddwiki.nsf/dx/XPages_Extension_Library_Deployment – Create an Update Site database – Import plugins – Add notes.ini variable – Restart HTTP task 50
  • 51. Step 3: WebSecurityStore.ntf • Copy WebSecurityStore.ntf to the Domino data directory • Sign the NTF with an administrator ID • Create a WebSecurityStore.nsf database from the template – Use the exact name WebSecurityStore.nsf – Use the root Domino data directory (not a subdirectory) 51
  • 52. sign the template in DDE 52
  • 53. no subdirectory; must be named WebSecurityStore.nsf OAuth Token Store Template (WebSecurityStore.ntf)
  • 54. Step 4: Get a Dropbox App ID • Go to http://www.dropbox.com/developers – “My Apps” – Accept license agreement – “Create an App” • Fill out information for your custom App ID – Used for generating tokens for your app – Access type must be “Full Dropbox” for this 54
  • 55. you will need these later important: use “Full Dropbox” 55
  • 56. Step 5: Add a Token • Open http://your.server/websecuritystore.nsf/KeysApplic ations.xsp • Click the “Add Token” button: – App ID=XPagesSBT, Service Name=Dropbox – Add your Dropbox Consumer Key and Secret – Use redirection URLs from Dropbox: https://www.dropbox.com/developers/reference/api 56
  • 57. App ID = XPagesSBT Service Name = Dropbox Key Type = HMAC-SHA1 Uri values from https://www.dropbox.com/developers/reference/api 57
  • 58. Step 6: XPagesSBT.nsf • Copy the XPagesSBT.nsf database to your Domino server (name and location do not matter) – It is in the zip of ExtLib files you downloaded from OpenNTF • Sign it with an administrator ID 58
  • 59. Step 7: Try It Out! • Go to: http://your.server/XPagesSBT.nsf/DropboxFiles.xsp • You should be prompted to log in to Dropbox... – Log in – Authorize the XPages app – View your Dropbox files in XPages 59
  • 60. 60
  • 61. 61
  • 62. 62
  • 63. Watch the OAuth Dance • If you want to see what’s going on with your OAuth tokens when you log in • Open http://your.server/XPagesSBT.nsf/DropboxOauth.xsp – Shows token information read in from WebSecurityStore.nsf – Add, delete, and renew tokens 63
  • 64. 64
  • 65. Overriding Defaults • Default name & location for WebSecurityStore.nsf is in the faces-config.xml file of XPagesSBT.nsf • Default app ID & service name for Dropbox is also in faces-config.xml of XPagesSBT.nsf • If you change your consumer keys or secrets in WebSecurityStore.nsf, you might need to restart the server and browser to make sure all the old information goes away 65
  • 66. 66
  • 67. XPages ExtLib Book • More information on using the OAuth custom controls and plugins in the “XPages Extension Library” book at IbmPressBooks.com 67
  • 68. Thank You! Julian Robichaux jrobichaux@panagenda.com
  • 69. Grazie agli sponsor per aver reso possibile i Dominopoint Days 2012! Main Sponsor Vad sponsor Platinum sponsor Gold sponsor 69