Diese Präsentation wurde erfolgreich gemeldet.
Wir verwenden Ihre LinkedIn Profilangaben und Informationen zu Ihren Aktivitäten, um Anzeigen zu personalisieren und Ihnen relevantere Inhalte anzuzeigen. Sie können Ihre Anzeigeneinstellungen jederzeit ändern.

OAuth you said

11.633 Aufrufe

Veröffentlicht am

OAuth is an open standard for authorization. OAuth provides client applications a 'secure delegated access' to server resources on behalf of a resource owner. It specifies a process for resource owners to authorize third-party access to their server resources without sharing their credentials but it became a big mess.

Veröffentlicht in: Technologie
  • Hello! Get Your Professional Job-Winning Resume Here - Check our website! https://vk.cc/818RFv
       Antworten 
    Sind Sie sicher, dass Sie …  Ja  Nein
    Ihre Nachricht erscheint hier

OAuth you said

  1. OAuth.io OAUTH YOU SAID?
  2. Why OAuth? Provide a standard way to access protected resources, without sharing passwords. OAuth.io OAuth, You said?
  3. OAuth.io AMAZING! BUT HOW? OAuth, You said?
  4. OAuth.io The middle-man between the service and the OAuth provider ! Never share your Facebook credentials with a service. ! Today, almost any app needing access or permissions relies on OAuth. OAuth, You said? Tokens!
  5. OAuth.io Users had to provide their Facebook credentials to third party services. ! Not secure. Intrusive. Inconvenient. OAuth, You said? Before? Basic Auth.
  6. OAuth was first designed to be interoperable and super easy to implement for developers. Started as a Protocol OAuth.io OAuth, You said?
  7. OAuth 2.0 has been reclassified as a framework. Which means no interoperability and no backward compatibility :/ Ended up as a Framework OAuth.io OAuth, You said?
  8. 30+ different implementations ! Two separate flows for token retrieval. ! Resources' names and parameters differ from one provider to another ! A nightmare for developers: lots of potential traps. No hope for a good learning curve… So yes, OAuth is broken OAuth.io OAuth, You said?
  9. OAuth 1.0 = October 2007 OAuth 1.0a = June 2009 OAuth 2.0 first draft = early 2010
 OAuth 2.0 final = late 2011 Many versions in 5 years OAuth.io OAuth, You said?
  10. Complex signature scheme. ! Almost no control over token expiry. ! No permission management. OAuth.io OAuth, You said? OAuth 1.0a was limited
  11. ! More flexible but less interoperable SSL rather than signatures Easier to implement No backward compatibility OAuth.io OAuth, You said? OAuth 2.0 compromise
  12. Resource Owner: the user who wants to share a resource, e.g. owner of the facebook photos. ! Client: the application that wants to leverage a resource hosted by a third party, e.g. the photo printing website. ! Authorization Server: the entity that decides to grant access to the client (application), e.g. Facebook’s authorization server. ! Resource Server: the place where the third party resource is hosted, e.g. Facebook’s server where the photos to print are. 4 quick definitions
  13. The Flow
  14. Further reading https://tools.ietf.org/html/rfc6749 http://tools.ietf.org/html/rfc5849 OAuth 1.0 Specs OAuth 2.0 Specs Fuck OAuth by Eran Hammer talk http://vimeo.com/52882780 OAuth.io OAuth, You said? Read our full OAuth Tutorial
  15. Credits The Big Lebowski Walker Texas Ranger aka Chuck (the 1st) Norris Jackie Brown 2001: A Space Odyssey R2D2: Star Wars (Dagobah) C3PO: Star Wars (Tatooine) Las Vegas Parano Terminator Forrest Gump Austin Powers OAuth.io OAuth, You said? Judge Dredd

×