khuljaa sim sim
Post on 21-Jan-2015
810 Views
Preview:
DESCRIPTION
TRANSCRIPT
Enter the world of
0Auth & AIR December 12, 2010 acrossthinlines.com | @udayms | linkedin.com/in/udayms 1
@udayms acrossthinlines.com
Flash Camp India 2010 Chennai, India
December 12, 2010 acrossthinlines.com | @udayms | linkedin.com/in/udayms 2
• UX/UI Evangelist • Owns Prototyping @ Yahoo! India
December 12, 2010 acrossthinlines.com | @udayms | linkedin.com/in/udayms 3
In the Beginning
API.execute(userName, passWord);
Or in other words… API.execute(“give me ur life”); // and trust me to not use it or sell it later so that someone else can F&*$K you completely!
December 12, 2010 acrossthinlines.com | @udayms | linkedin.com/in/udayms 4
PLAXO
December 12, 2010 acrossthinlines.com | @udayms | linkedin.com/in/udayms 5
This even used to have a name!!
Password Anti-Pattern
December 12, 2010 acrossthinlines.com | @udayms | linkedin.com/in/udayms 6
December 12, 2010 acrossthinlines.com | @udayms | linkedin.com/in/udayms 7
OAuth
December 12, 2010 acrossthinlines.com | @udayms | linkedin.com/in/udayms 8
Like a VALET KEY
December 12, 2010 acrossthinlines.com | @udayms | linkedin.com/in/udayms 9
OAuth
Google AuthSub + aol OpenAuth + Yahoo BBAuth + Upcoming api + Flickr api + Amazon Web Services api + others
December 12, 2010 acrossthinlines.com | @udayms | linkedin.com/in/udayms 10
Is…
Open, generic Standard for API access
December 12, 2010 acrossthinlines.com | @udayms | linkedin.com/in/udayms 11
Is…
authorization
December 12, 2010 acrossthinlines.com | @udayms | linkedin.com/in/udayms 12
Is…
not (authentication)
December 12, 2010 acrossthinlines.com | @udayms | linkedin.com/in/udayms 13
How did it start?
Blain Cook, & Others
start looking at OpenId for API Services
They realize a need for a solution & start working on it
Dewitt Clinton from Google begins supporting the effort
Oauth core draft 1.0 released.
December 12, 2010 acrossthinlines.com | @udayms | linkedin.com/in/udayms 14
“…these days, everyone wants to build an App Store. Because every access key is a license that you can turn on and off, OAuth makes it easier for your integrations to generate revenue, and that means more and better integrations…”
-Sunir Shah (FreshBooks)
Why?
December 12, 2010 acrossthinlines.com | @udayms | linkedin.com/in/udayms 15
December 12, 2010 acrossthinlines.com | @udayms | linkedin.com/in/udayms 16
December 12, 2010 acrossthinlines.com | @udayms | linkedin.com/in/udayms 17
December 12, 2010 acrossthinlines.com | @udayms | linkedin.com/in/udayms 18
Service Provider provides your app with Keys & Secrets to uniquely identify it.
Your users who already have an account with Service Provider. They will approve your application’s request for information.
Your application that is registered with your service provider and used by your users. Your application also stored your credentials internally.
Your Oauth layer
December 12, 2010 acrossthinlines.com | @udayms | linkedin.com/in/udayms 19
Service Provider
Your Users
Your Application
First Handshake
December 12, 2010 acrossthinlines.com | @udayms | linkedin.com/in/udayms 20
Service Provider Your Users Your Application
Next time…
December 12, 2010 acrossthinlines.com | @udayms | linkedin.com/in/udayms 21
Facebook Your Application
OAuth
December 12, 2010 acrossthinlines.com | @udayms | linkedin.com/in/udayms 22
Facebook Your Application
Dude… My user wants access to his stuff on
your server.
Sure. Send him along. Btw, I only speak Oauth.
December 12, 2010 acrossthinlines.com | @udayms | linkedin.com/in/udayms 23
Facebook Your Application
December 12, 2010 acrossthinlines.com | @udayms | linkedin.com/in/udayms 24
Facebook Your Application
What’s your Pasword?
PASSWORD1234@34
December 12, 2010 acrossthinlines.com | @udayms | linkedin.com/in/udayms 25
Facebook Your Application
Gr8! Here’s your token!
December 12, 2010 acrossthinlines.com | @udayms | linkedin.com/in/udayms 26
Facebook Your Application
Perfect!
December 12, 2010 acrossthinlines.com | @udayms | linkedin.com/in/udayms 27
Facebook Your Application
Dude!! Here’s my user’s credenVals, give me stuff! Sure. Here you go!!!
December 12, 2010 acrossthinlines.com | @udayms | linkedin.com/in/udayms 28
December 12, 2010 acrossthinlines.com | @udayms | linkedin.com/in/udayms 29
December 12, 2010 acrossthinlines.com | @udayms | linkedin.com/in/udayms 30
December 12, 2010 acrossthinlines.com | @udayms | linkedin.com/in/udayms 31
December 12, 2010 acrossthinlines.com | @udayms | linkedin.com/in/udayms 32
December 12, 2010 acrossthinlines.com | @udayms | linkedin.com/in/udayms 33
December 12, 2010 acrossthinlines.com | @udayms | linkedin.com/in/udayms 34
December 12, 2010 acrossthinlines.com | @udayms | linkedin.com/in/udayms 35
Code Ranger OAuth Library http://www.coderanger.com/blog/?p=59
as3corelib https://github.com/mikechambers/as3corelib
December 12, 2010 acrossthinlines.com | @udayms | linkedin.com/in/udayms 36
Twitter @udayms Blog acrossthinlines.com
LinkedIn linkedin.com/in/udayms
Sources I ripped off from…
• Slideshare: factoryjoe/oauth-ftw-presentation
• Slideshare: kellan/advanced-oauth-wrangling
• Slideshare: mbleigh/the-present-future-of-oauth
• http://dev.twitter.com/pages/auth
• Google Images
• Flickr
• Oauth.net
December 12, 2010 acrossthinlines.com | @udayms | linkedin.com/in/udayms 37
top related