SlideShare ist ein Scribd-Unternehmen logo

Twitter oauth #idcon7

Nov Matake
Nov Matake
TechnologieBildung
1 von 30
Downloaden Sie, um offline zu lesen
Twitter OAuth @nov 2010 6 25
OAuth Echo 2010 6 25
echofon 2010 6 25
Basic Auth id & passwd photo, message id & passwd echofon photo, message 2010 6 25
OAuth consumer key & secret access token & secret photo, message oauth header echofon photo, message 2010 6 25
with OAuth http://j.mp/with_oauth Simple, but share consumer secret 2010 6 25
2010.02.10 OAuth Echo - delegation in identity verification http://j.mp/raffi_echo 2010 6 25
OAuth Echo oauth header photo, message oauth header echofon 2010 6 25
http://j.mp/with_oauth_echo 2010 6 25
2010.05.24 Delegated identity verification for uploadAndPost (OAuth Echo for uploadAndPost) http://j.mp/raffi_echo2 2010 6 25
POST /upload with OAuth header for GET /account/verify_credentials GET /account/verify_credentials with given OAuth header 2010 6 25
POST /uploadAndPost with OAuth header for POST /statuses/update POST /satuses/update with given OAuth header 2010 6 25
POST /uploadAndPost with OAuth header for POST /statuses/update 401 Unauthorized POST /satuses/update with given OAuth header 2010 6 25
However, the Consumer has a problem because it is charged with generating the signature, but it doesn't know the final caption for the signature because it doesn't know the URL. This means Twitter is going to need to do some work. http://j.mp/raffi_echo2 2010 6 25
POST /uploadAndPost with OAuth header for POST /statuses/update + X-OAuth-Payload POST /satuses/update with given OAuth header + X-OAuth-Append-Payload 2010 6 25
photo = worldcup.png message = “GO GO #JPN” X-OAuth-Payload = message photo = http://twitpic.com/gogo_jpn message = “GO GO #JPN” X-OAuth-Append-Payload = photo 2010 6 25
photo = worldcup.png message = “GO GO #JPN” X-OAuth-Payload = message photo = http://twitpic.com/gogo_jpn message = “GO GO #JPN” X-OAuth-Append-Payload = photo 2010 6 25
This is not yet implemented on the Twitter side, but it will hopefully be soon. I'm definitely soliciting feedback. http://j.mp/raffi_echo2 2010 6 25
follow @raffi 2010 6 25
OAuth for Open Source 2010 6 25
Coming soon: a solution for Open Source applications using OAuth with the Twitter API http://j.mp/twitter_dev_talk 2010 6 25
Open Source using Twitter API ... ? 2010 6 25
termtter http://j.mp/termtter 2010 6 25
Open Source = Open consumer secret 2010 6 25
Coming soon: a solution for Open Source applications using OAuth with the Twitter API http://j.mp/twitter_dev_talk 2010 6 25
1. You store your API Consumer Key in your application distribution (but never your secret!). 2. A user downloads/installs/checks out your open source application and runs it for the first time 3. Your application builds a URL to our key exchange endpoint, using your consumer key. 4. You send the user to that URL in whatever way makes sense in your environment. 5. That user will approve your application's request to replicate itself on the user's behalf. 6. The user is presented with a string that they are asked to paste into your application. The string will contain an API key and secret, in addition to an access token and token secret for the member: everything that's needed to get the user up and running in your application. 7. The user pastes the string into your application, which then consumes and stores it to begin performing API calls using OAuth. 2010 6 25
1. You store your API Consumer Key in your application distribution (but never your secret!). 2. A user downloads/installs/checks out your open source application and runs it for the first time 3. Your application builds a URL to our key exchange endpoint, using your consumer key. 4. You send the user to that URL in whatever way makes sense in ck=KIyzzZUM7KvKYOpnst2aOw& your environment. cs=4PQk1eH4MadmzzEZ1G1KdrWHIFC1IPxv1kXZg0G3E& at=54221utEhFTv5GZZcc2R4w6thnApKtf1N1eKRedcFJthdeA& 5. That user will approve your application's request to replicate itself ats=FFdeOzzzzEwxOBWPPREd55 dKx7AAaI8NfpK7xnibv4Yls on the user's behalf. 6. The user is presented with a string that they are asked to paste into your application. The string will contain an API key and secret, in addition to an access token and token secret for the member: everything that's needed to get the user up and running in your application. 7. The user pastes the string into your application, which then consumes and stores it to begin performing API calls using OAuth. 2010 6 25
via Termtter (nov) 2010 6 25
We're only allowing open source applications for now. We may consider other use cases in the future. I'll post a new message when things are good to go and we're ready to accept applications into the feature. http://j.mp/twitter_dev_talk 2010 6 25
after #worldcup 2010 6 25

Empfohlen

OAuth 1.0
OAuth 1.0OAuth 1.0
OAuth 1.0Nov Matake
 
OAuth 2.0 Updates #technight in Osaka
OAuth 2.0 Updates #technight in OsakaOAuth 2.0 Updates #technight in Osaka
OAuth 2.0 Updates #technight in OsakaNov Matake
 
OAuth 2.0 & OpenID Connect @ OpenSource Conference 2011 Tokyo #osc11tk
OAuth 2.0 & OpenID Connect @ OpenSource Conference 2011 Tokyo #osc11tkOAuth 2.0 & OpenID Connect @ OpenSource Conference 2011 Tokyo #osc11tk
OAuth 2.0 & OpenID Connect @ OpenSource Conference 2011 Tokyo #osc11tkNov Matake
 
Appcelerator Titanium - An Introduction to the Titanium Ecosystem
Appcelerator Titanium - An Introduction to the Titanium EcosystemAppcelerator Titanium - An Introduction to the Titanium Ecosystem
Appcelerator Titanium - An Introduction to the Titanium EcosystemBoydlee Pollentine
 
Bilan et perspectives annuels de l'équipe Verte
Bilan et perspectives annuels de l'équipe VerteBilan et perspectives annuels de l'équipe Verte
Bilan et perspectives annuels de l'équipe VerteDamien Clauzel
 
OpenID TechNight #6 - OpenID on Smart.fm
OpenID TechNight #6 - OpenID on Smart.fmOpenID TechNight #6 - OpenID on Smart.fm
OpenID TechNight #6 - OpenID on Smart.fmNov Matake
 
Des données ouvertes pour l’agglomération
Des données ouvertes pour l’agglomérationDes données ouvertes pour l’agglomération
Des données ouvertes pour l’agglomérationDamien Clauzel
 
OpenID Connect via WebIntents
OpenID Connect via WebIntentsOpenID Connect via WebIntents
OpenID Connect via WebIntentsNov Matake
 

Empfohlen

OAuth 1.0
OAuth 1.0OAuth 1.0
OAuth 1.0Nov Matake
 
OAuth 2.0 Updates #technight in Osaka
OAuth 2.0 Updates #technight in OsakaOAuth 2.0 Updates #technight in Osaka
OAuth 2.0 Updates #technight in OsakaNov Matake
 
OAuth 2.0 & OpenID Connect @ OpenSource Conference 2011 Tokyo #osc11tk
OAuth 2.0 & OpenID Connect @ OpenSource Conference 2011 Tokyo #osc11tkOAuth 2.0 & OpenID Connect @ OpenSource Conference 2011 Tokyo #osc11tk
OAuth 2.0 & OpenID Connect @ OpenSource Conference 2011 Tokyo #osc11tkNov Matake
 
Appcelerator Titanium - An Introduction to the Titanium Ecosystem
Appcelerator Titanium - An Introduction to the Titanium EcosystemAppcelerator Titanium - An Introduction to the Titanium Ecosystem
Appcelerator Titanium - An Introduction to the Titanium EcosystemBoydlee Pollentine
 
Bilan et perspectives annuels de l'équipe Verte
Bilan et perspectives annuels de l'équipe VerteBilan et perspectives annuels de l'équipe Verte
Bilan et perspectives annuels de l'équipe VerteDamien Clauzel
 
OpenID TechNight #6 - OpenID on Smart.fm
OpenID TechNight #6 - OpenID on Smart.fmOpenID TechNight #6 - OpenID on Smart.fm
OpenID TechNight #6 - OpenID on Smart.fmNov Matake
 
Des données ouvertes pour l’agglomération
Des données ouvertes pour l’agglomérationDes données ouvertes pour l’agglomération
Des données ouvertes pour l’agglomérationDamien Clauzel
 
OpenID Connect via WebIntents
OpenID Connect via WebIntentsOpenID Connect via WebIntents
OpenID Connect via WebIntentsNov Matake
 
OAuth - Don’t Throw the Baby Out with the Bathwater
OAuth - Don’t Throw the Baby Out with the Bathwater OAuth - Don’t Throw the Baby Out with the Bathwater
OAuth - Don’t Throw the Baby Out with the Bathwater Apigee | Google Cloud
 
An Introduction to OAuth2
An Introduction to OAuth2An Introduction to OAuth2
An Introduction to OAuth2Aaron Parecki
 
OAuth you said
OAuth you saidOAuth you said
OAuth you saidOAuth.io
 
The Current State of OAuth 2
The Current State of OAuth 2The Current State of OAuth 2
The Current State of OAuth 2Aaron Parecki
 
ASFWS 2012 - Contourner les conditions d’utilisation et l’API du service Twit...
ASFWS 2012 - Contourner les conditions d’utilisation et l’API du service Twit...ASFWS 2012 - Contourner les conditions d’utilisation et l’API du service Twit...
ASFWS 2012 - Contourner les conditions d’utilisation et l’API du service Twit...Cyber Security Alliance
 
Oauth
OauthOauth
OauthAakanksha Bhardwaj
 
An Introduction to OAuth 2
An Introduction to OAuth 2An Introduction to OAuth 2
An Introduction to OAuth 2Aaron Parecki
 
Securing APIs using OAuth 2.0
Securing APIs using OAuth 2.0Securing APIs using OAuth 2.0
Securing APIs using OAuth 2.0Adam Lewis
 
ORCID OAuth Dance with google playground
ORCID OAuth Dance with google playgroundORCID OAuth Dance with google playground
ORCID OAuth Dance with google playgroundORCID, Inc
 
Api security
Api security Api security
Api security teodorcotruta
 
OAuth 2 at Webvisions
OAuth 2 at WebvisionsOAuth 2 at Webvisions
OAuth 2 at WebvisionsAaron Parecki
 
Devteach 2017 OAuth and Open id connect demystified
Devteach 2017 OAuth and Open id connect demystifiedDevteach 2017 OAuth and Open id connect demystified
Devteach 2017 OAuth and Open id connect demystifiedTaswar Bhatti
 
OAuth for your API - The Big Picture
OAuth for your API - The Big PictureOAuth for your API - The Big Picture
OAuth for your API - The Big PictureApigee | Google Cloud
 
MQTT security
MQTT securityMQTT security
MQTT securityAnthony Chow
 
OAuth2 Introduction
OAuth2 IntroductionOAuth2 Introduction
OAuth2 IntroductionArpit Suthar
 
Open APIs - Risks and Rewards (Øredev 2013)
Open APIs - Risks and Rewards (Øredev 2013)Open APIs - Risks and Rewards (Øredev 2013)
Open APIs - Risks and Rewards (Øredev 2013)Nordic APIs
 
Blug2012 yellow and blue stream
Blug2012 yellow and blue streamBlug2012 yellow and blue stream
Blug2012 yellow and blue streamFrank van der Linden
 
Introduction to python scrapping
Introduction to python scrappingIntroduction to python scrapping
Introduction to python scrappingn|u - The Open Security Community
 
OAuth In The Real World : 10 actual implementations you can't guess
OAuth In The Real World : 10 actual implementations you can't guessOAuth In The Real World : 10 actual implementations you can't guess
OAuth In The Real World : 10 actual implementations you can't guessMehdi Medjaoui
 
Embedding a Jupyter Notebook - SORSE.pdf
Embedding a Jupyter Notebook - SORSE.pdfEmbedding a Jupyter Notebook - SORSE.pdf
Embedding a Jupyter Notebook - SORSE.pdfflorinpico
 
#idcon vol.29 - #fidcon WebAuthn, Next Stage
#idcon vol.29 - #fidcon WebAuthn, Next Stage#idcon vol.29 - #fidcon WebAuthn, Next Stage
#idcon vol.29 - #fidcon WebAuthn, Next StageNov Matake
 
FedCM - OpenID TechNight vol.19
FedCM - OpenID TechNight vol.19FedCM - OpenID TechNight vol.19
FedCM - OpenID TechNight vol.19Nov Matake
 

Weitere ähnliche Inhalte

Ähnlich wie Twitter oauth #idcon7

OAuth - Don’t Throw the Baby Out with the Bathwater
OAuth - Don’t Throw the Baby Out with the Bathwater OAuth - Don’t Throw the Baby Out with the Bathwater
OAuth - Don’t Throw the Baby Out with the Bathwater Apigee | Google Cloud
 
An Introduction to OAuth2
An Introduction to OAuth2An Introduction to OAuth2
An Introduction to OAuth2Aaron Parecki
 
OAuth you said
OAuth you saidOAuth you said
OAuth you saidOAuth.io
 
The Current State of OAuth 2
The Current State of OAuth 2The Current State of OAuth 2
The Current State of OAuth 2Aaron Parecki
 
ASFWS 2012 - Contourner les conditions d’utilisation et l’API du service Twit...
ASFWS 2012 - Contourner les conditions d’utilisation et l’API du service Twit...ASFWS 2012 - Contourner les conditions d’utilisation et l’API du service Twit...
ASFWS 2012 - Contourner les conditions d’utilisation et l’API du service Twit...Cyber Security Alliance
 
An Introduction to OAuth 2
An Introduction to OAuth 2An Introduction to OAuth 2
An Introduction to OAuth 2Aaron Parecki
 
Securing APIs using OAuth 2.0
Securing APIs using OAuth 2.0Securing APIs using OAuth 2.0
Securing APIs using OAuth 2.0Adam Lewis
 
ORCID OAuth Dance with google playground
ORCID OAuth Dance with google playgroundORCID OAuth Dance with google playground
ORCID OAuth Dance with google playgroundORCID, Inc
 
OAuth 2 at Webvisions
OAuth 2 at WebvisionsOAuth 2 at Webvisions
OAuth 2 at WebvisionsAaron Parecki
 
Devteach 2017 OAuth and Open id connect demystified
Devteach 2017 OAuth and Open id connect demystifiedDevteach 2017 OAuth and Open id connect demystified
Devteach 2017 OAuth and Open id connect demystifiedTaswar Bhatti
 
OAuth for your API - The Big Picture
OAuth for your API - The Big PictureOAuth for your API - The Big Picture
OAuth for your API - The Big PictureApigee | Google Cloud
 
OAuth2 Introduction
OAuth2 IntroductionOAuth2 Introduction
OAuth2 IntroductionArpit Suthar
 
Open APIs - Risks and Rewards (Øredev 2013)
Open APIs - Risks and Rewards (Øredev 2013)Open APIs - Risks and Rewards (Øredev 2013)
Open APIs - Risks and Rewards (Øredev 2013)Nordic APIs
 
OAuth In The Real World : 10 actual implementations you can't guess
OAuth In The Real World : 10 actual implementations you can't guessOAuth In The Real World : 10 actual implementations you can't guess
OAuth In The Real World : 10 actual implementations you can't guessMehdi Medjaoui
 
Embedding a Jupyter Notebook - SORSE.pdf
Embedding a Jupyter Notebook - SORSE.pdfEmbedding a Jupyter Notebook - SORSE.pdf
Embedding a Jupyter Notebook - SORSE.pdfflorinpico
 

Ähnlich wie Twitter oauth #idcon7 (20)

OAuth - Don’t Throw the Baby Out with the Bathwater
OAuth - Don’t Throw the Baby Out with the Bathwater OAuth - Don’t Throw the Baby Out with the Bathwater
OAuth - Don’t Throw the Baby Out with the Bathwater
 
An Introduction to OAuth2
An Introduction to OAuth2An Introduction to OAuth2
An Introduction to OAuth2
 
OAuth you said
OAuth you saidOAuth you said
OAuth you said
 
The Current State of OAuth 2
The Current State of OAuth 2The Current State of OAuth 2
The Current State of OAuth 2
 
ASFWS 2012 - Contourner les conditions d’utilisation et l’API du service Twit...
ASFWS 2012 - Contourner les conditions d’utilisation et l’API du service Twit...ASFWS 2012 - Contourner les conditions d’utilisation et l’API du service Twit...
ASFWS 2012 - Contourner les conditions d’utilisation et l’API du service Twit...
 
Oauth
OauthOauth
Oauth
 
An Introduction to OAuth 2
An Introduction to OAuth 2An Introduction to OAuth 2
An Introduction to OAuth 2
 
Securing APIs using OAuth 2.0
Securing APIs using OAuth 2.0Securing APIs using OAuth 2.0
Securing APIs using OAuth 2.0
 
ORCID OAuth Dance with google playground
ORCID OAuth Dance with google playgroundORCID OAuth Dance with google playground
ORCID OAuth Dance with google playground
 
Api security
Api security Api security
Api security
 
OAuth 2 at Webvisions
OAuth 2 at WebvisionsOAuth 2 at Webvisions
OAuth 2 at Webvisions
 
Devteach 2017 OAuth and Open id connect demystified
Devteach 2017 OAuth and Open id connect demystifiedDevteach 2017 OAuth and Open id connect demystified
Devteach 2017 OAuth and Open id connect demystified
 
OAuth for your API - The Big Picture
OAuth for your API - The Big PictureOAuth for your API - The Big Picture
OAuth for your API - The Big Picture
 
MQTT security
MQTT securityMQTT security
MQTT security
 
OAuth2 Introduction
OAuth2 IntroductionOAuth2 Introduction
OAuth2 Introduction
 
Open APIs - Risks and Rewards (Øredev 2013)
Open APIs - Risks and Rewards (Øredev 2013)Open APIs - Risks and Rewards (Øredev 2013)
Open APIs - Risks and Rewards (Øredev 2013)
 
Blug2012 yellow and blue stream
Blug2012 yellow and blue streamBlug2012 yellow and blue stream
Blug2012 yellow and blue stream
 
Introduction to python scrapping
Introduction to python scrappingIntroduction to python scrapping
Introduction to python scrapping
 
OAuth In The Real World : 10 actual implementations you can't guess
OAuth In The Real World : 10 actual implementations you can't guessOAuth In The Real World : 10 actual implementations you can't guess
OAuth In The Real World : 10 actual implementations you can't guess
 
Embedding a Jupyter Notebook - SORSE.pdf
Embedding a Jupyter Notebook - SORSE.pdfEmbedding a Jupyter Notebook - SORSE.pdf
Embedding a Jupyter Notebook - SORSE.pdf
 

Mehr von Nov Matake

#idcon vol.29 - #fidcon WebAuthn, Next Stage
#idcon vol.29 - #fidcon WebAuthn, Next Stage#idcon vol.29 - #fidcon WebAuthn, Next Stage
#idcon vol.29 - #fidcon WebAuthn, Next StageNov Matake
 
FedCM - OpenID TechNight vol.19
FedCM - OpenID TechNight vol.19FedCM - OpenID TechNight vol.19
FedCM - OpenID TechNight vol.19Nov Matake
 
Safari (ITP) & Chrome (SameSite=Lax as default) が Federation に与える影響 - OpenID ...
Safari (ITP) & Chrome (SameSite=Lax as default) が Federation に与える影響 - OpenID ...Safari (ITP) & Chrome (SameSite=Lax as default) が Federation に与える影響 - OpenID ...
Safari (ITP) & Chrome (SameSite=Lax as default) が Federation に与える影響 - OpenID ...Nov Matake
 
Sign in with Apple
Sign in with Apple Sign in with Apple
Sign in with Apple Nov Matake
 
FIDO @ LINE - #idcon vol.24
FIDO @ LINE - #idcon vol.24FIDO @ LINE - #idcon vol.24
FIDO @ LINE - #idcon vol.24Nov Matake
 
W3C Web Authentication - #idcon vol.24
W3C Web Authentication - #idcon vol.24W3C Web Authentication - #idcon vol.24
W3C Web Authentication - #idcon vol.24Nov Matake
 
NIST SP 800-63C - Federation and Assertions (FINAL)
NIST SP 800-63C - Federation and Assertions (FINAL)NIST SP 800-63C - Federation and Assertions (FINAL)
NIST SP 800-63C - Federation and Assertions (FINAL)Nov Matake
 
OPTiM StoreにおけるSCIM & OIDC活用事例 - ID&IT 2016
OPTiM StoreにおけるSCIM & OIDC活用事例 - ID&IT 2016OPTiM StoreにおけるSCIM & OIDC活用事例 - ID&IT 2016
OPTiM StoreにおけるSCIM & OIDC活用事例 - ID&IT 2016Nov Matake
 
NIST SP 800-63C #idcon vol.22
NIST SP 800-63C #idcon vol.22NIST SP 800-63C #idcon vol.22
NIST SP 800-63C #idcon vol.22Nov Matake
 
NIST SP 800-63-3 #idcon vol.22
NIST SP 800-63-3 #idcon vol.22NIST SP 800-63-3 #idcon vol.22
NIST SP 800-63-3 #idcon vol.22Nov Matake
 
ID連携入門 (実習編) - Security Camp 2016
ID連携入門 (実習編) - Security Camp 2016ID連携入門 (実習編) - Security Camp 2016
ID連携入門 (実習編) - Security Camp 2016Nov Matake
 
ID連携概要 - OpenID TechNight vol.13
ID連携概要 - OpenID TechNight vol.13ID連携概要 - OpenID TechNight vol.13
ID連携概要 - OpenID TechNight vol.13Nov Matake
 
ミスコンとプライバシー ~ IdentityDuck誕生秘話 ~ #idcon
ミスコンとプライバシー ~ IdentityDuck誕生秘話 ~ #idconミスコンとプライバシー ~ IdentityDuck誕生秘話 ~ #idcon
ミスコンとプライバシー ~ IdentityDuck誕生秘話 ~ #idconNov Matake
 
SAML / OpenID Connect / OAuth / SCIM 技術解説 - ID&IT 2014 #idit2014
SAML / OpenID Connect / OAuth / SCIM 技術解説 - ID&IT 2014 #idit2014SAML / OpenID Connect / OAuth / SCIM 技術解説 - ID&IT 2014 #idit2014
SAML / OpenID Connect / OAuth / SCIM 技術解説 - ID&IT 2014 #idit2014Nov Matake
 
FIDO alliance #idcon vol.18
FIDO alliance #idcon vol.18FIDO alliance #idcon vol.18
FIDO alliance #idcon vol.18Nov Matake
 
OpenID Connect 101 @ OpenID TechNight vol.11
OpenID Connect 101 @ OpenID TechNight vol.11OpenID Connect 101 @ OpenID TechNight vol.11
OpenID Connect 101 @ OpenID TechNight vol.11Nov Matake
 
池澤あやかと学ぼう!: はじめてのOAuthとOpenID Connect - JICS 2014
池澤あやかと学ぼう!: はじめてのOAuthとOpenID Connect - JICS 2014池澤あやかと学ぼう!: はじめてのOAuthとOpenID Connect - JICS 2014
池澤あやかと学ぼう!: はじめてのOAuthとOpenID Connect - JICS 2014Nov Matake
 
OAuth認証再考からのOpenID Connect #devlove
OAuth認証再考からのOpenID Connect #devloveOAuth認証再考からのOpenID Connect #devlove
OAuth認証再考からのOpenID Connect #devloveNov Matake
 
ID & IT 2013 - OpenID Connect Hands-on
ID & IT 2013 - OpenID Connect Hands-onID & IT 2013 - OpenID Connect Hands-on
ID & IT 2013 - OpenID Connect Hands-onNov Matake
 
JWT Translation #technight
JWT Translation #technightJWT Translation #technight
JWT Translation #technightNov Matake
 

Mehr von Nov Matake (20)

#idcon vol.29 - #fidcon WebAuthn, Next Stage
#idcon vol.29 - #fidcon WebAuthn, Next Stage#idcon vol.29 - #fidcon WebAuthn, Next Stage
#idcon vol.29 - #fidcon WebAuthn, Next Stage
 
FedCM - OpenID TechNight vol.19
FedCM - OpenID TechNight vol.19FedCM - OpenID TechNight vol.19
FedCM - OpenID TechNight vol.19
 
Safari (ITP) & Chrome (SameSite=Lax as default) が Federation に与える影響 - OpenID ...
Safari (ITP) & Chrome (SameSite=Lax as default) が Federation に与える影響 - OpenID ...Safari (ITP) & Chrome (SameSite=Lax as default) が Federation に与える影響 - OpenID ...
Safari (ITP) & Chrome (SameSite=Lax as default) が Federation に与える影響 - OpenID ...
 
Sign in with Apple
Sign in with Apple Sign in with Apple
Sign in with Apple
 
FIDO @ LINE - #idcon vol.24
FIDO @ LINE - #idcon vol.24FIDO @ LINE - #idcon vol.24
FIDO @ LINE - #idcon vol.24
 
W3C Web Authentication - #idcon vol.24
W3C Web Authentication - #idcon vol.24W3C Web Authentication - #idcon vol.24
W3C Web Authentication - #idcon vol.24
 
NIST SP 800-63C - Federation and Assertions (FINAL)
NIST SP 800-63C - Federation and Assertions (FINAL)NIST SP 800-63C - Federation and Assertions (FINAL)
NIST SP 800-63C - Federation and Assertions (FINAL)
 
OPTiM StoreにおけるSCIM & OIDC活用事例 - ID&IT 2016
OPTiM StoreにおけるSCIM & OIDC活用事例 - ID&IT 2016OPTiM StoreにおけるSCIM & OIDC活用事例 - ID&IT 2016
OPTiM StoreにおけるSCIM & OIDC活用事例 - ID&IT 2016
 
NIST SP 800-63C #idcon vol.22
NIST SP 800-63C #idcon vol.22NIST SP 800-63C #idcon vol.22
NIST SP 800-63C #idcon vol.22
 
NIST SP 800-63-3 #idcon vol.22
NIST SP 800-63-3 #idcon vol.22NIST SP 800-63-3 #idcon vol.22
NIST SP 800-63-3 #idcon vol.22
 
ID連携入門 (実習編) - Security Camp 2016
ID連携入門 (実習編) - Security Camp 2016ID連携入門 (実習編) - Security Camp 2016
ID連携入門 (実習編) - Security Camp 2016
 
ID連携概要 - OpenID TechNight vol.13
ID連携概要 - OpenID TechNight vol.13ID連携概要 - OpenID TechNight vol.13
ID連携概要 - OpenID TechNight vol.13
 
ミスコンとプライバシー ~ IdentityDuck誕生秘話 ~ #idcon
ミスコンとプライバシー ~ IdentityDuck誕生秘話 ~ #idconミスコンとプライバシー ~ IdentityDuck誕生秘話 ~ #idcon
ミスコンとプライバシー ~ IdentityDuck誕生秘話 ~ #idcon
 
SAML / OpenID Connect / OAuth / SCIM 技術解説 - ID&IT 2014 #idit2014
SAML / OpenID Connect / OAuth / SCIM 技術解説 - ID&IT 2014 #idit2014SAML / OpenID Connect / OAuth / SCIM 技術解説 - ID&IT 2014 #idit2014
SAML / OpenID Connect / OAuth / SCIM 技術解説 - ID&IT 2014 #idit2014
 
FIDO alliance #idcon vol.18
FIDO alliance #idcon vol.18FIDO alliance #idcon vol.18
FIDO alliance #idcon vol.18
 
OpenID Connect 101 @ OpenID TechNight vol.11
OpenID Connect 101 @ OpenID TechNight vol.11OpenID Connect 101 @ OpenID TechNight vol.11
OpenID Connect 101 @ OpenID TechNight vol.11
 
池澤あやかと学ぼう!: はじめてのOAuthとOpenID Connect - JICS 2014
池澤あやかと学ぼう!: はじめてのOAuthとOpenID Connect - JICS 2014池澤あやかと学ぼう!: はじめてのOAuthとOpenID Connect - JICS 2014
池澤あやかと学ぼう!: はじめてのOAuthとOpenID Connect - JICS 2014
 
OAuth認証再考からのOpenID Connect #devlove
OAuth認証再考からのOpenID Connect #devloveOAuth認証再考からのOpenID Connect #devlove
OAuth認証再考からのOpenID Connect #devlove
 
ID & IT 2013 - OpenID Connect Hands-on
ID & IT 2013 - OpenID Connect Hands-onID & IT 2013 - OpenID Connect Hands-on
ID & IT 2013 - OpenID Connect Hands-on
 
JWT Translation #technight
JWT Translation #technightJWT Translation #technight
JWT Translation #technight
 

Kürzlich hochgeladen

Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxLoriGlavin3
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfMounikaPolabathina
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxLoriGlavin3
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 

Kürzlich hochgeladen (20)

Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdf
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 

Twitter oauth #idcon7

  • 1. Twitter OAuth @nov 2010 6 25
  • 4. Basic Auth id & passwd photo, message id & passwd echofon photo, message 2010 6 25
  • 5. OAuth consumer key & secret access token & secret photo, message oauth header echofon photo, message 2010 6 25
  • 6. with OAuth http://j.mp/with_oauth Simple, but share consumer secret 2010 6 25
  • 7. 2010.02.10 OAuth Echo - delegation in identity verification http://j.mp/raffi_echo 2010 6 25
  • 8. OAuth Echo oauth header photo, message oauth header echofon 2010 6 25
  • 10. 2010.05.24 Delegated identity verification for uploadAndPost (OAuth Echo for uploadAndPost) http://j.mp/raffi_echo2 2010 6 25
  • 11. POST /upload with OAuth header for GET /account/verify_credentials GET /account/verify_credentials with given OAuth header 2010 6 25
  • 12. POST /uploadAndPost with OAuth header for POST /statuses/update POST /satuses/update with given OAuth header 2010 6 25
  • 13. POST /uploadAndPost with OAuth header for POST /statuses/update 401 Unauthorized POST /satuses/update with given OAuth header 2010 6 25
  • 14. However, the Consumer has a problem because it is charged with generating the signature, but it doesn't know the final caption for the signature because it doesn't know the URL. This means Twitter is going to need to do some work. http://j.mp/raffi_echo2 2010 6 25
  • 15. POST /uploadAndPost with OAuth header for POST /statuses/update + X-OAuth-Payload POST /satuses/update with given OAuth header + X-OAuth-Append-Payload 2010 6 25
  • 16. photo = worldcup.png message = “GO GO #JPN” X-OAuth-Payload = message photo = http://twitpic.com/gogo_jpn message = “GO GO #JPN” X-OAuth-Append-Payload = photo 2010 6 25
  • 17. photo = worldcup.png message = “GO GO #JPN” X-OAuth-Payload = message photo = http://twitpic.com/gogo_jpn message = “GO GO #JPN” X-OAuth-Append-Payload = photo 2010 6 25
  • 18. This is not yet implemented on the Twitter side, but it will hopefully be soon. I'm definitely soliciting feedback. http://j.mp/raffi_echo2 2010 6 25
  • 20. OAuth for Open Source 2010 6 25
  • 21. Coming soon: a solution for Open Source applications using OAuth with the Twitter API http://j.mp/twitter_dev_talk 2010 6 25
  • 22. Open Source using Twitter API ... ? 2010 6 25
  • 23. termtter http://j.mp/termtter 2010 6 25
  • 24. Open Source = Open consumer secret 2010 6 25
  • 25. Coming soon: a solution for Open Source applications using OAuth with the Twitter API http://j.mp/twitter_dev_talk 2010 6 25
  • 26. 1. You store your API Consumer Key in your application distribution (but never your secret!). 2. A user downloads/installs/checks out your open source application and runs it for the first time 3. Your application builds a URL to our key exchange endpoint, using your consumer key. 4. You send the user to that URL in whatever way makes sense in your environment. 5. That user will approve your application's request to replicate itself on the user's behalf. 6. The user is presented with a string that they are asked to paste into your application. The string will contain an API key and secret, in addition to an access token and token secret for the member: everything that's needed to get the user up and running in your application. 7. The user pastes the string into your application, which then consumes and stores it to begin performing API calls using OAuth. 2010 6 25
  • 27. 1. You store your API Consumer Key in your application distribution (but never your secret!). 2. A user downloads/installs/checks out your open source application and runs it for the first time 3. Your application builds a URL to our key exchange endpoint, using your consumer key. 4. You send the user to that URL in whatever way makes sense in ck=KIyzzZUM7KvKYOpnst2aOw& your environment. cs=4PQk1eH4MadmzzEZ1G1KdrWHIFC1IPxv1kXZg0G3E& at=54221utEhFTv5GZZcc2R4w6thnApKtf1N1eKRedcFJthdeA& 5. That user will approve your application's request to replicate itself ats=FFdeOzzzzEwxOBWPPREd55 dKx7AAaI8NfpK7xnibv4Yls on the user's behalf. 6. The user is presented with a string that they are asked to paste into your application. The string will contain an API key and secret, in addition to an access token and token secret for the member: everything that's needed to get the user up and running in your application. 7. The user pastes the string into your application, which then consumes and stores it to begin performing API calls using OAuth. 2010 6 25
  • 29. We're only allowing open source applications for now. We may consider other use cases in the future. I'll post a new message when things are good to go and we're ready to accept applications into the feature. http://j.mp/twitter_dev_talk 2010 6 25