Upgrade to Pro — share decks privately, control downloads, hide ads and more …

OAuth

Aleksandrs Cudars
April 07, 2013
Technology
3
180

 OAuth

a bit of 1.0 and 2.0

Aleksandrs Cudars

April 07, 2013
Tweet

More Decks by Aleksandrs Cudars

See All by Aleksandrs Cudars
Covert Channels Using File Locking
achudars
1
880
Biometrics - Vein Patterns
achudars
0
55
Human Computer Interaction and Safety Critical Systems
achudars
0
230
Servant Leadership
achudars
2
180
Spaghetti Sorting
achudars
0
71
[01] DNS ANALYSIS
achudars
2
490
[02] IDSIPS IDENTIFICATION
achudars
1
230
[03] LIVE HOST IDENTIFICATION
achudars
0
680
[04] NETWORK SCANNERS
achudars
0
160

Other Decks in Technology

See All in Technology
チームでロジカルシンキングに改めて向き合っている話 〜学習環境と実践⽅法〜
sansantech
PRO
2
1.6k
非同期推論システムによるコスト削減と信頼性向上
koki_nishihara
0
140
Janus
bkuhlmann
1
490
Vertex AI を中心に 生成AIのアップデートを共有します
kaz1437
0
290
プラットフォームってつくることより計測することが重要なんじゃないかという話 / Platform Engineering Meetup #8
taishin
1
340
Oracle Cloud Infrastructure:2024年4月度サービス・アップデート
oracle4engineer
PRO
1
190
Next'24 事例セッションの紹介とクラウド資格を活用したキャリア形成について語りMuscle
yasumuusan
1
430
ServiceNow Knowledge 24の歩き方 EYストラテジー・アンド・コンサルティング
manarobot
0
180
Cloud Native Java with Spring Boot (CNCF Aarhus, April 2024)
thomasvitale
1
160
ゼロから始めるVue.jsコミュニティ貢献 / first-vuejs-community-contribution-link-and-motivation
lmi
1
110
開発パフォーマンスを最大化するための開発体制
ham0215
2
180
元インフラエンジニアに成る / Human Resources to Human Relations
bobtani
4
890

Featured

See All Featured
Designing the Hi-DPI Web
ddemaree
276
33k
Music & Morning Musume
bryan
41
5.6k
Code Reviewing Like a Champion
maltzj
514
39k
GraphQLの誤解/rethinking-graphql
sonatard
50
9.2k
Atom: Resistance is Futile
akmur
259
25k
From Idea to $5000 a Month in 5 Months
shpigford
377
45k
RailsConf 2023
tenderlove
3
540
Dealing with People You Can't Stand - Big Design 2015
cassininazir
357
22k
個人開発の失敗を避けるイケてる考え方 / tips for indie hackers
panda_program
60
14k
KATA
mclloyd
15
12k
Principles of Awesome APIs and How to Build Them.
keavy
121
16k
ParisWeb 2013: Learning to Love: Crash Course in Emotional UX Design
dotmariusz
104
6.6k

Transcript

  1. None

  2. What is Oauth? Short answer: OAuth is an authentication protocol

    that allows users to approve application to act on their behalf without sharing their password.
  3. None

  4. Long answer: OAuth provides a method for clients to access

    server resources on behalf of a resource owner (such as a different client or an end-user). It also provides a process for end-users to authorize third-party access to their server resources without sharing their credentials (typically, a username and password pair), using user-agent redirections. What is Oauth?

  5. When the API team tries to explain why they choose

    Oauth1.0

  6. OAuth is a service that is complementary to, and therefore

    distinct from, OpenID. OAuth is also distinct from OATH, which is a reference architecture for authentication (i.e. not a standard).

  7. When discovering API documentation , I need to use oAuth1.0

  8. OAuth 2.0 OAuth 2.0 is the next evolution of the

    OAuth protocol and is not backward compatible with OAuth 1.0.

  9. When I implement Oauth2.0 for my API

  10. OAuth 2.0 OAuth 2.0 focuses on client developer simplicity while

    providing specific authorization flows for web applications, desktop applications, mobile phones, and living room devices.

  11. OAuth 2.0 The specification and associated RFCs are being developed

    within the IETF OAuth WG; the main framework was published in October 2012.

  12. OAuth 2.0 OAuth 2.0 doesn't support signature, encryption, channel binding,

    or client verification. It relies completely on SSL for some degree of confidentiality and server authentication.

  13. OAuth 2.0 OAuth 2.0 has had numerous security flaws exposed

    in implementations. The protocol itself has been described as inherently insecure by security experts and a primary contributor to the specification stated that implementation mistakes are almost inevitable.

  14. Facing Oauth problems

  15. Non-interoperability Because OAuth 2.0 is more like a framework rather

    than a defined protocol, any OAuth 2.0 implementation is unlikely to naturally be interoperable with any other OAuth 2.0 implementation. Further deployment profiling and specification is required for any interoperability.

  16. Facing Oauth problems

  17. Uses OAuth can be potentially used as an authorizing mechanism

    to consume secured (i.e., authenticated) RSS/ATOM feeds. Consumption of RSS/ATOM feeds that requires authentication has always been an issue.