oauth 2.0 - because api
DESCRIPTION
Separating traditional web apps often result in an API. In this presentation I argue why OAuth 2.0 is a good addition to your service.TRANSCRIPT
![Page 1: OAuth 2.0 - Because API](https://reader034.vdocument.in/reader034/viewer/2022042521/547e623db37959442b8b553c/html5/thumbnails/1.jpg)
OAuth&2.0Because'API
Emberfest)29/08/14
![Page 2: OAuth 2.0 - Because API](https://reader034.vdocument.in/reader034/viewer/2022042521/547e623db37959442b8b553c/html5/thumbnails/2.jpg)
Theodor'Tonum
@theodorton
Developer(@(Skalar
![Page 3: OAuth 2.0 - Because API](https://reader034.vdocument.in/reader034/viewer/2022042521/547e623db37959442b8b553c/html5/thumbnails/3.jpg)
Ember&=>&API
![Page 4: OAuth 2.0 - Because API](https://reader034.vdocument.in/reader034/viewer/2022042521/547e623db37959442b8b553c/html5/thumbnails/4.jpg)
![Page 5: OAuth 2.0 - Because API](https://reader034.vdocument.in/reader034/viewer/2022042521/547e623db37959442b8b553c/html5/thumbnails/5.jpg)
OAuth&101
• Open&standard&for&authoriza2on
• Access&to&a&users'&resources
• Access&tokens&represent&user&creden2als
• Can&limit&access&through&the&use&of&scopes
![Page 6: OAuth 2.0 - Because API](https://reader034.vdocument.in/reader034/viewer/2022042521/547e623db37959442b8b553c/html5/thumbnails/6.jpg)
Allowing(an(applica,on(to(act(on(your(behalf(and(access(
informa,on(from(an(applica,on(that(you(use.
—(gmoore,(Stack(Overflow
![Page 7: OAuth 2.0 - Because API](https://reader034.vdocument.in/reader034/viewer/2022042521/547e623db37959442b8b553c/html5/thumbnails/7.jpg)
Allowing(a(frontend(applica1on(to(act(on(your(
behalf(and(access(informa1on(from(an(API(that(you(use.
![Page 8: OAuth 2.0 - Because API](https://reader034.vdocument.in/reader034/viewer/2022042521/547e623db37959442b8b553c/html5/thumbnails/8.jpg)
OAuth&is&great&for&pla1orms
![Page 9: OAuth 2.0 - Because API](https://reader034.vdocument.in/reader034/viewer/2022042521/547e623db37959442b8b553c/html5/thumbnails/9.jpg)
You$now$have$a$li-leecosystem$of$your$own
![Page 10: OAuth 2.0 - Because API](https://reader034.vdocument.in/reader034/viewer/2022042521/547e623db37959442b8b553c/html5/thumbnails/10.jpg)
Your%applica+on%isa%small%pla/orm
![Page 11: OAuth 2.0 - Because API](https://reader034.vdocument.in/reader034/viewer/2022042521/547e623db37959442b8b553c/html5/thumbnails/11.jpg)
![Page 12: OAuth 2.0 - Because API](https://reader034.vdocument.in/reader034/viewer/2022042521/547e623db37959442b8b553c/html5/thumbnails/12.jpg)
In#house)applica/ons)and)OAuth
![Page 13: OAuth 2.0 - Because API](https://reader034.vdocument.in/reader034/viewer/2022042521/547e623db37959442b8b553c/html5/thumbnails/13.jpg)
Obtaining(an(access(token:The(/token(endpoint
//"POST"/token//"Content-Type:"applica5on/json{""""grant_type:""password",""""username:""[email protected]",""""password:""none-of-your-business"}//"Response{""""access_token:""my-secret-access-token"}
![Page 14: OAuth 2.0 - Because API](https://reader034.vdocument.in/reader034/viewer/2022042521/547e623db37959442b8b553c/html5/thumbnails/14.jpg)
Implicit(authen.ca.on:The(/me(endpoint
//"GET"/me//"Authoriza1on:"Bearer"my6secret6access6token{""""users:"[{""""""""id:"1,""""""""name:""Foo"Bar",""""""""email:""[email protected]"""""}]}
![Page 15: OAuth 2.0 - Because API](https://reader034.vdocument.in/reader034/viewer/2022042521/547e623db37959442b8b553c/html5/thumbnails/15.jpg)
The$access$token$must$always$be$included$in$the$Authoriza7on$header.
![Page 16: OAuth 2.0 - Because API](https://reader034.vdocument.in/reader034/viewer/2022042521/547e623db37959442b8b553c/html5/thumbnails/16.jpg)
Ember&libraryember%simple%auth
![Page 17: OAuth 2.0 - Because API](https://reader034.vdocument.in/reader034/viewer/2022042521/547e623db37959442b8b553c/html5/thumbnails/17.jpg)
Third&party+applica.ons+and+OAuth
![Page 18: OAuth 2.0 - Because API](https://reader034.vdocument.in/reader034/viewer/2022042521/547e623db37959442b8b553c/html5/thumbnails/18.jpg)
Obtaining(an(access(token:The(/oauth/authorize(endpoint
var$redirectUri$=$encodeURIComponent("h6p://www.myapp.com/redirect.html");window.loca?on$=$"h6p://www.example.com/oauth/authorize?"+$$"response_type=token&"+$$"client_id=CLIENT_ID&"+$$"scopes=public"+$$"redirect_uri="+redirectUri;
![Page 19: OAuth 2.0 - Because API](https://reader034.vdocument.in/reader034/viewer/2022042521/547e623db37959442b8b553c/html5/thumbnails/19.jpg)
![Page 20: OAuth 2.0 - Because API](https://reader034.vdocument.in/reader034/viewer/2022042521/547e623db37959442b8b553c/html5/thumbnails/20.jpg)
Receiving(the(token
//"Success"returns"to:".../redirect.html#access_token=my:secret:access:token"
//"Fail".../redirect.html#error=access_denied"
![Page 21: OAuth 2.0 - Because API](https://reader034.vdocument.in/reader034/viewer/2022042521/547e623db37959442b8b553c/html5/thumbnails/21.jpg)
![Page 22: OAuth 2.0 - Because API](https://reader034.vdocument.in/reader034/viewer/2022042521/547e623db37959442b8b553c/html5/thumbnails/22.jpg)
Scopes
• Categorizes,resources,(and,ac2ons),you,want,to,protect
• Combina2on,of,nouns,and,verbs
• Presented,to,the,user,in,the,authoriza2on,step
• Examples,from,Github:,user,,public_repo,,delete_repo
![Page 23: OAuth 2.0 - Because API](https://reader034.vdocument.in/reader034/viewer/2022042521/547e623db37959442b8b553c/html5/thumbnails/23.jpg)
Ember&libraryember%oauth2
![Page 24: OAuth 2.0 - Because API](https://reader034.vdocument.in/reader034/viewer/2022042521/547e623db37959442b8b553c/html5/thumbnails/24.jpg)
Authen'ca'on+is+a+means+to+an+end,you+want+access+to+resources
• Not%part%of%the%domain
• Authoriza3on%is%clear%with%its%intent:"I%want%access%to%your%resource%X"
• Makes%perfect%sense%for%third?party%apps
• In?house%apps%are%authorized%by%default%(skip%UI)
• Note:%OAuth%doesn't%replace%Devise%or%whatever%authen3ca3on%library%you%use%on%the%server
![Page 25: OAuth 2.0 - Because API](https://reader034.vdocument.in/reader034/viewer/2022042521/547e623db37959442b8b553c/html5/thumbnails/25.jpg)
Let's&talk&about&pla.orm
![Page 26: OAuth 2.0 - Because API](https://reader034.vdocument.in/reader034/viewer/2022042521/547e623db37959442b8b553c/html5/thumbnails/26.jpg)
Your%data%may%go%places%you've%never%expected
![Page 27: OAuth 2.0 - Because API](https://reader034.vdocument.in/reader034/viewer/2022042521/547e623db37959442b8b553c/html5/thumbnails/27.jpg)
Third&party+applica.ons+are+good
![Page 28: OAuth 2.0 - Because API](https://reader034.vdocument.in/reader034/viewer/2022042521/547e623db37959442b8b553c/html5/thumbnails/28.jpg)
Users%create%their%own%small%applica1ons
IFTTT$&$Zapier$makes$users$into$developers
![Page 29: OAuth 2.0 - Because API](https://reader034.vdocument.in/reader034/viewer/2022042521/547e623db37959442b8b553c/html5/thumbnails/29.jpg)
When%does%it%make%sense?
• The$modern$web$app"You"have"separated"frontend"and"backend"with"an"Ember8app"and"an"API,"and"you"need"a"way"of"authen>ca>ng"with"the"API
• The$pla/orm"You're"building"a"plaBorm,"want"to"let"developers"create"third8party"clients"and"you"care"about"your"users
• Organiza4on"Your"organiza>on"manages"a"several"applica>ons"and"you"want"to"turn"authen>ca>on"and"authoriza>on"into"a"service
![Page 30: OAuth 2.0 - Because API](https://reader034.vdocument.in/reader034/viewer/2022042521/547e623db37959442b8b553c/html5/thumbnails/30.jpg)
Main%problems%with%OAuth?
![Page 31: OAuth 2.0 - Because API](https://reader034.vdocument.in/reader034/viewer/2022042521/547e623db37959442b8b553c/html5/thumbnails/31.jpg)
For$clients:Opinionated$
implementa2ons
![Page 32: OAuth 2.0 - Because API](https://reader034.vdocument.in/reader034/viewer/2022042521/547e623db37959442b8b553c/html5/thumbnails/32.jpg)
For$providers:Opinionated$libraries
![Page 33: OAuth 2.0 - Because API](https://reader034.vdocument.in/reader034/viewer/2022042521/547e623db37959442b8b553c/html5/thumbnails/33.jpg)
Summary• Modern(mechanism(for(auth
• Control(over(third5party(applica8ons
• Made(with(Ember.js(in(mind(5(so(simple!
![Page 34: OAuth 2.0 - Because API](https://reader034.vdocument.in/reader034/viewer/2022042521/547e623db37959442b8b553c/html5/thumbnails/34.jpg)
Ques%ons?