Upgrade to Pro — share decks privately, control downloads, hide ads and more …

OAuth

Aleksandrs Cudars
April 07, 2013
Technology
3
190

 OAuth

a bit of 1.0 and 2.0

Aleksandrs Cudars

April 07, 2013
Tweet

More Decks by Aleksandrs Cudars

See All by Aleksandrs Cudars
Covert Channels Using File Locking
achudars
1
950
Biometrics - Vein Patterns
achudars
0
59
Human Computer Interaction and Safety Critical Systems
achudars
0
250
Servant Leadership
achudars
2
190
Spaghetti Sorting
achudars
0
75
[01] DNS ANALYSIS
achudars
2
500
[02] IDSIPS IDENTIFICATION
achudars
1
250
[03] LIVE HOST IDENTIFICATION
achudars
0
730
[04] NETWORK SCANNERS
achudars
0
160

Other Decks in Technology

See All in Technology
DynamoDB でスロットリングが発生したとき/when_throttling_occurs_in_dynamodb_short
emiki
0
240
Terraform CI/CD パイプラインにおける AWS CodeCommit の代替手段
hiyanger
1
240
Security-JAWS【第35回】勉強会クラウドにおけるマルウェアやコンテンツ改ざんへの対策
4su_para
0
180
EventHub Startup CTO of the year 2024 ピッチ資料
eventhub
0
120
The Role of Developer Relations in AI Product Success.
giftojabu1
1
130
Oracle Cloud Infrastructure データベース・クラウド:各バージョンのサポート期間
oracle4engineer
PRO
28
13k
ISUCONに強くなるかもしれない日々の過ごしかた/Findy ISUCON 2024-11-14
fujiwara3
8
870
サイバーセキュリティと認知バイアス:対策の隙を埋める心理学的アプローチ
shumei_ito
0
390
個人でもIAM Identity Centerを使おう!(アクセス管理編)
ryder472
4
220
OCI Network Firewall 概要
oracle4engineer
PRO
0
4.1k
Terraform未経験の御様に対してどの ように導⼊を進めていったか
tkikuchi
2
450
飲食店データの分析事例とそれを支えるデータ基盤
kimujun
0
110

Featured

See All Featured
Fight the Zombie Pattern Library - RWD Summit 2016
marcelosomers
232
17k
How to train your dragon (web standard)
notwaldorf
88
5.7k
Fashionably flexible responsive web design (full day workshop)
malarkey
405
65k
Art, The Web, and Tiny UX
lynnandtonic
297
20k
Ruby is Unlike a Banana
tanoku
97
11k
A better future with KSS
kneath
238
17k
Scaling GitHub
holman
458
140k
Intergalactic Javascript Robots from Outer Space
tanoku
269
27k
A designer walks into a library…
pauljervisheath
204
24k
How to Think Like a Performance Engineer
csswizardry
20
1.1k
How to Ace a Technical Interview
jacobian
276
23k
Unsuck your backbone
ammeep
668
57k

Transcript

  1. None

  2. What is Oauth? Short answer: OAuth is an authentication protocol

    that allows users to approve application to act on their behalf without sharing their password.
  3. None

  4. Long answer: OAuth provides a method for clients to access

    server resources on behalf of a resource owner (such as a different client or an end-user). It also provides a process for end-users to authorize third-party access to their server resources without sharing their credentials (typically, a username and password pair), using user-agent redirections. What is Oauth?

  5. When the API team tries to explain why they choose

    Oauth1.0

  6. OAuth is a service that is complementary to, and therefore

    distinct from, OpenID. OAuth is also distinct from OATH, which is a reference architecture for authentication (i.e. not a standard).

  7. When discovering API documentation , I need to use oAuth1.0

  8. OAuth 2.0 OAuth 2.0 is the next evolution of the

    OAuth protocol and is not backward compatible with OAuth 1.0.

  9. When I implement Oauth2.0 for my API

  10. OAuth 2.0 OAuth 2.0 focuses on client developer simplicity while

    providing specific authorization flows for web applications, desktop applications, mobile phones, and living room devices.

  11. OAuth 2.0 The specification and associated RFCs are being developed

    within the IETF OAuth WG; the main framework was published in October 2012.

  12. OAuth 2.0 OAuth 2.0 doesn't support signature, encryption, channel binding,

    or client verification. It relies completely on SSL for some degree of confidentiality and server authentication.

  13. OAuth 2.0 OAuth 2.0 has had numerous security flaws exposed

    in implementations. The protocol itself has been described as inherently insecure by security experts and a primary contributor to the specification stated that implementation mistakes are almost inevitable.

  14. Facing Oauth problems

  15. Non-interoperability Because OAuth 2.0 is more like a framework rather

    than a defined protocol, any OAuth 2.0 implementation is unlikely to naturally be interoperable with any other OAuth 2.0 implementation. Further deployment profiling and specification is required for any interoperability.

  16. Facing Oauth problems

  17. Uses OAuth can be potentially used as an authorizing mechanism

    to consume secured (i.e., authenticated) RSS/ATOM feeds. Consumption of RSS/ATOM feeds that requires authentication has always been an issue.