OAuth

Transcript

1. None

2. What is Oauth? Short answer: OAuth is an authentication protocol

   that allows users to approve application to act on their behalf without sharing their password.
3. None

4. Long answer: OAuth provides a method for clients to access

   server resources on behalf of a resource owner (such as a different client or an end-user). It also provides a process for end-users to authorize third-party access to their server resources without sharing their credentials (typically, a username and password pair), using user-agent redirections. What is Oauth?

5. When the API team tries to explain why they choose

   Oauth1.0

6. OAuth is a service that is complementary to, and therefore

   distinct from, OpenID. OAuth is also distinct from OATH, which is a reference architecture for authentication (i.e. not a standard).

7. When discovering API documentation , I need to use oAuth1.0

8. OAuth 2.0 OAuth 2.0 is the next evolution of the

   OAuth protocol and is not backward compatible with OAuth 1.0.

9. When I implement Oauth2.0 for my API

10. OAuth 2.0 OAuth 2.0 focuses on client developer simplicity while

    providing specific authorization flows for web applications, desktop applications, mobile phones, and living room devices.

11. OAuth 2.0 The specification and associated RFCs are being developed

    within the IETF OAuth WG; the main framework was published in October 2012.

12. OAuth 2.0 OAuth 2.0 doesn't support signature, encryption, channel binding,

    or client verification. It relies completely on SSL for some degree of confidentiality and server authentication.

13. OAuth 2.0 OAuth 2.0 has had numerous security flaws exposed

    in implementations. The protocol itself has been described as inherently insecure by security experts and a primary contributor to the specification stated that implementation mistakes are almost inevitable.

14. Facing Oauth problems

15. Non-interoperability Because OAuth 2.0 is more like a framework rather

    than a defined protocol, any OAuth 2.0 implementation is unlikely to naturally be interoperable with any other OAuth 2.0 implementation. Further deployment profiling and specification is required for any interoperability.

16. Facing Oauth problems

17. Uses OAuth can be potentially used as an authorizing mechanism

    to consume secured (i.e., authenticated) RSS/ATOM feeds. Consumption of RSS/ATOM feeds that requires authentication has always been an issue.