khuljaa sim sim

Enter the world of

0Auth & AIR December  12,  2010   acrossthinlines.com  |  @udayms  |  linkedin.com/in/udayms   1  

@udayms acrossthinlines.com

Flash Camp India 2010 Chennai, India

December  12,  2010   acrossthinlines.com  |  @udayms  |  linkedin.com/in/udayms   2  

•  UX/UI Evangelist •  Owns Prototyping @ Yahoo! India

December  12,  2010   acrossthinlines.com  |  @udayms  |  linkedin.com/in/udayms   3  

In the Beginning

API.execute(userName, passWord);

Or in other words… API.execute(“give me ur life”); // and trust me to not use it or sell it later so that someone else can F&*$K you completely!

December  12,  2010   acrossthinlines.com  |  @udayms  |  linkedin.com/in/udayms   4  

PLAXO  

December  12,  2010   acrossthinlines.com  |  @udayms  |  linkedin.com/in/udayms   5  

This even used to have a name!!

Password Anti-Pattern

December  12,  2010   acrossthinlines.com  |  @udayms  |  linkedin.com/in/udayms   6  

December  12,  2010   acrossthinlines.com  |  @udayms  |  linkedin.com/in/udayms   7  

OAuth

December  12,  2010   acrossthinlines.com  |  @udayms  |  linkedin.com/in/udayms   8  

Like a VALET KEY

December  12,  2010   acrossthinlines.com  |  @udayms  |  linkedin.com/in/udayms   9  

OAuth

Google AuthSub + aol OpenAuth + Yahoo BBAuth + Upcoming api + Flickr api + Amazon Web Services api + others

December  12,  2010   acrossthinlines.com  |  @udayms  |  linkedin.com/in/udayms   10  

Is…

Open, generic Standard for API access

December  12,  2010   acrossthinlines.com  |  @udayms  |  linkedin.com/in/udayms   11  

Is…

authorization

December  12,  2010   acrossthinlines.com  |  @udayms  |  linkedin.com/in/udayms   12  

Is…

not (authentication)

December  12,  2010   acrossthinlines.com  |  @udayms  |  linkedin.com/in/udayms   13  

How did it start?

Blain Cook, & Others

start looking at OpenId for API Services  

They realize a need for a solution & start working on it  

Dewitt Clinton from Google begins supporting the effort  

Oauth core draft 1.0 released.  

December  12,  2010   acrossthinlines.com  |  @udayms  |  linkedin.com/in/udayms   14  

“…these days, everyone wants to build an App Store. Because every access key is a license that you can turn on and off, OAuth makes it easier for your integrations to generate revenue, and that means more and better integrations…”

-Sunir Shah (FreshBooks)

Why?

December  12,  2010   acrossthinlines.com  |  @udayms  |  linkedin.com/in/udayms   15  

December  12,  2010   acrossthinlines.com  |  @udayms  |  linkedin.com/in/udayms   16  

December  12,  2010   acrossthinlines.com  |  @udayms  |  linkedin.com/in/udayms   17  

December  12,  2010   acrossthinlines.com  |  @udayms  |  linkedin.com/in/udayms   18  

Service Provider provides your app with Keys & Secrets to uniquely identify it.

Your users who already have an account with Service Provider. They will approve your application’s request for information.

Your application that is registered with your service provider and used by your users. Your application also stored your credentials internally.

Your Oauth layer

December  12,  2010   acrossthinlines.com  |  @udayms  |  linkedin.com/in/udayms   19  

Service Provider

Your Users

Your Application

First Handshake

December  12,  2010   acrossthinlines.com  |  @udayms  |  linkedin.com/in/udayms   20  

Service Provider Your Users Your Application

Next time…

December  12,  2010   acrossthinlines.com  |  @udayms  |  linkedin.com/in/udayms   21  

Facebook Your Application

OAuth

December  12,  2010   acrossthinlines.com  |  @udayms  |  linkedin.com/in/udayms   22  

Facebook Your Application

Dude…  My  user  wants  access  to  his  stuff  on  

your  server.  

Sure.  Send  him  along.  Btw,  I  only  speak  Oauth.  

December  12,  2010   acrossthinlines.com  |  @udayms  |  linkedin.com/in/udayms   23  

Facebook Your Application

December  12,  2010   acrossthinlines.com  |  @udayms  |  linkedin.com/in/udayms   24  

Facebook Your Application

What’s  your  Pasword?  

PASSWORD1234@34  

December  12,  2010   acrossthinlines.com  |  @udayms  |  linkedin.com/in/udayms   25  

Facebook Your Application

Gr8!  Here’s  your  token!  

December  12,  2010   acrossthinlines.com  |  @udayms  |  linkedin.com/in/udayms   26  

Facebook Your Application

Perfect!  

December  12,  2010   acrossthinlines.com  |  @udayms  |  linkedin.com/in/udayms   27  

Facebook Your Application

Dude!!  Here’s  my      user’s  credenVals,    give  me  stuff!  Sure.  Here  you  go!!!  

December  12,  2010   acrossthinlines.com  |  @udayms  |  linkedin.com/in/udayms   28  

December  12,  2010   acrossthinlines.com  |  @udayms  |  linkedin.com/in/udayms   29  

December  12,  2010   acrossthinlines.com  |  @udayms  |  linkedin.com/in/udayms   30  

December  12,  2010   acrossthinlines.com  |  @udayms  |  linkedin.com/in/udayms   31  

December  12,  2010   acrossthinlines.com  |  @udayms  |  linkedin.com/in/udayms   32  

December  12,  2010   acrossthinlines.com  |  @udayms  |  linkedin.com/in/udayms   33  

December  12,  2010   acrossthinlines.com  |  @udayms  |  linkedin.com/in/udayms   34  

December  12,  2010   acrossthinlines.com  |  @udayms  |  linkedin.com/in/udayms   35  

Code Ranger OAuth Library http://www.coderanger.com/blog/?p=59

as3corelib https://github.com/mikechambers/as3corelib

December  12,  2010   acrossthinlines.com  |  @udayms  |  linkedin.com/in/udayms   36  

Twitter @udayms Blog acrossthinlines.com

LinkedIn linkedin.com/in/udayms

Sources I ripped off from…

•  Slideshare: factoryjoe/oauth-ftw-presentation

•  Slideshare: kellan/advanced-oauth-wrangling

•  Slideshare: mbleigh/the-present-future-of-oauth

•  http://dev.twitter.com/pages/auth

•  Google Images

•  Flickr

•  Oauth.net

December  12,  2010   acrossthinlines.com  |  @udayms  |  linkedin.com/in/udayms   37