Upload File

keyrock - lesson 3. applications. how to create oauth2 tokens

  • Home
  • Engineering
  • Keyrock - Lesson 3. Applications. How to create OAuth2 tokens
11
Identity Management - Keyrock GE Lesson 3. Applications. How to create OAuth2 tokens. Álvaro Alonso. UPM – DIT Security Chapter. FIWARE [email protected], @larsonalonso

Upload: alvaro-alonso-gonzalez

Post on 08-Jan-2017

817 views

Category:

Engineering


1 download

Report

TRANSCRIPT

Page 1: Keyrock - Lesson 3. Applications. How to create OAuth2 tokens

Identity Management - Keyrock GELesson 3. Applications. How to create OAuth2 tokens.

Álvaro Alonso. UPM – DITSecurity Chapter. [email protected], @larsonalonso

Page 2: Keyrock - Lesson 3. Applications. How to create OAuth2 tokens

Contents

1. Registering an Application

2. Node.js web application example

Page 3: Keyrock - Lesson 3. Applications. How to create OAuth2 tokens

Main concepts. OAuth2

3

Page 4: Keyrock - Lesson 3. Applications. How to create OAuth2 tokens

Main concepts. OAuth2

4

Account

Page 5: Keyrock - Lesson 3. Applications. How to create OAuth2 tokens

Main concepts. OAuth2

5

Page 6: Keyrock - Lesson 3. Applications. How to create OAuth2 tokens

Main concepts. OAuth2

Login with

Page 7: Keyrock - Lesson 3. Applications. How to create OAuth2 tokens

Main concepts. OAuth2

7

Web App Keyrock

redirect

request access-token

access-token

access-code

OAu

th L

ibra

ry

Request user info using access-token

Page 8: Keyrock - Lesson 3. Applications. How to create OAuth2 tokens

Main concepts. OAuth2 and GEs

8

Generic Enabler

Keyrock

Requ

est +

acce

ss-t

oken

Oauth2 flows

access-token

OK + user info (roles)

Web AppO

Auth

Lib

rary

access_token

Page 9: Keyrock - Lesson 3. Applications. How to create OAuth2 tokens

Main concepts. OAuth2 and GEs

GET https://GE_URL HTTP/1.1Host: GE_hostnameX-Auth-Token: access_token

9

• Calls to other GEs

• Also for integration with Wilma PEP Proxy GE– For securing your REST APIs

Page 10: Keyrock - Lesson 3. Applications. How to create OAuth2 tokens

Documentation

• Keyrock userguide– http://fiware-idm.readthedocs.io/en/latest/user_guide.html

• How to create OAuth2 tokens– http://fiware-idm.readthedocs.io/en/latest/oauth2.html

• OAuth2 spec– http://oauth.net/2/

http://fiware-idm.readthedocs.io/en/latest/user_guide.html
http://fiware-idm.readthedocs.io/en/latest/user_guide.html
http://fiware-idm.readthedocs.io/en/latest/oauth2.html
http://fiware-idm.readthedocs.io/en/latest/oauth2.html
http://oauth.net/2/
http://oauth.net/2/
Page 11: Keyrock - Lesson 3. Applications. How to create OAuth2 tokens

Identity Management - Keyrock GELesson 3. Applications. How to create OAuth2 tokens.

Álvaro Alonso. UPM – DITSecurity Chapter. [email protected], @larsonalonso


FHNW OpenID Connect pilot SAML2 OpenID Connect OAuth2

OAuth2 - The Swiss Army Framework

SIROPE OAuth and OAuth2 Living in SIR

The State of OAuth2

The new CERN Authentication and Authorization...The new CERN Authentication and Authorization 10 Users Web app Grid nodes OAuth2/OIDC Tokens Kerberos app (AFS, LxPlus) Token conversion

Demystifying OAuth2 for PHP

OAuth2 and IdentityServer3

TPP Developer Documentation · 2021. 2. 10. · TPP Developer Documentation Introduction Definitions API Overview OAuth2 API Services API Authentication and Security Errors OAuth2

201210 RFC6749 OAuth2

Oauth2 and OWSM OAuth2 support

Guide for Claim History Appendix 1 REST API - version 3.0 Draft H · Granting Access Tokens utilize the OAuth2 standard.as illustrated below. Access token Before a company can call

Oauth2 & OpenID Connect

LINE Notify API Document · LINE Notify API Document 20161024 upload 20160929 API API OAuth2 LINE 1. LINE 2. OAuth2 authorization endpoint 3. LINE

Using oAuth2 for Mobile Api Security-Notes

python-oauth2 Documentation Release 0.5.0 - Read the Docs

JavaOne 2014 - Securing RESTful Resources with OAuth2

OAuth2 + API Security

Rails 3 / Devise / Oauth2 / Mongoid: Installation Guide

Hard Tokens vs. Soft Tokens - Home | NetIQ Tokens vs. Soft Tokens: Why Soft Tokens Are the Better Option Shortcomings of Hard Tokens: Limited deployments Device and management costs

API OAUTH2 Sandbox SK Manual - kb.cz

OAuth2lib · Introduction OAuth2lib is a library based on OAuth2 that implements the Assertion Profile of the OAuth2 standard. OAuth2 is the evolution of the OAuth protocol that defines

apiskeletons-oauth2-doctrine Documentation

Oauth2 et OpenID Connect

Introduction to OAuth2

Federated Identity for IoT with OAuth2

UC2013 Speed Geeking: Intro to OAuth2

Data Protection on Demand (DPoD) APIVersion: 1.15.0 URI scheme BasePath: /v1 Schemes: HTTPS Consumes • application/json Produces • application/json 1 Security OAuth2 Type: oauth2

Shoot Me a Token: OpenAM as an OAuth2 Provider

From Zero to Hero with REST and OAuth2 #jjug

Build Intelligent mail, contacts and calendar apps using ...€¦ · •OAuth2 client credential flow support for daemon apps •OAuth2 implicit grant flow for web apps •OAuth2

Google api oauth2 + android

HTML2PostGIS Safety and Securityokulewiczm/downloads/html/HTML... · Authorization and authentication OAuth2 OAuth2 example tutorials Notes to self: dotnet dev-certs https --trust

Introduction to OAuth2 - Meetupfiles.meetup.com/17360322/Introduction to OAuth2.pdf · About the Speaker Java developer, recently doing more in node.js :) Working at hybris (now an

Data Modelling and Identity Management with OAuth2

Security exploits of Google application specific passwords & Chrome’s OAuth2 tokens