Upgrade to Pro — share decks privately, control downloads, hide ads and more …

OAuth at Logos

Ian Duncan
December 14, 2012
Programming
3
140

OAuth at Logos

Ian Duncan

December 14, 2012
Tweet

More Decks by Ian Duncan

See All by Ian Duncan
Make frontend development radical with Angular
iand675
4
220

Other Decks in Programming

See All in Programming
IaCにおけるテスト考察 / Tests in IaC
linyows
2
260
Event Exhibition with Hono
naporin0624
0
150
terraform-provider-aws にプルリクして マージされるまで
exoego
2
200
5分でわかるExplicitly Built Modules
giginet
PRO
0
190
CSC307 Lecture 04
javiergs
PRO
0
220
【Gemini本発売記念】npaka による マルチモーダルとローカルLLMの現在と未来
npaka
3
1.2k
設計の考え方 - インターフェースと腐敗防止層編 #phpconfuk / Interface and Anti Corruption Layer
okashoi
8
1.7k
【Go言語】ジェネリクス
tomo1227
0
120
How to send distibuted traces to Datadog using build own OpenTelemetry-Lambda distribution
aereal
3
130
凝集性から考えるLaravelのmiddleware、routingに書くか? Policyに書くか?
newnomad
1
170
有効な使い方を正しく理解して実装する PHP8.3の最新機能 / Proper understanding and implementation of effective usage Latest features in PHP 8.3
seike460
PRO
2
230
データのマスタが変わっても継続的に分析したい!
tjmtmmnk
1
110

Featured

See All Featured
The Illustrated Children's Guide to Kubernetes
chrisshort
36
47k
How to name files
jennybc
66
95k
Stop Working from a Prison Cell
hatefulcrawdad
266
20k
Bootstrapping a Software Product
garrettdimon
PRO
302
110k
Statistics for Hackers
jakevdp
791
220k
How to Create Impact in a Changing Tech Landscape [PerfNow 2023]
tammyeverts
31
1.8k
Why Our Code Smells
bkeepers
PRO
331
56k
StorybookのUI Testing Handbookを読んだ
zakiyama
14
4.8k
No one is an island. Learnings from fostering a developers community.
thoeni
16
2.2k
The Pragmatic Product Professional
lauravandoore
28
6k
The Success of Rails: Ensuring Growth for the Next 100 Years
eileencodes
34
6.2k
Fontdeck: Realign not Redesign
paulrobertlloyd
78
5k

Transcript

  1. OAuth all the things

  2. What is OAuth? In a nutshell: A secure way for

    3rd parties to use our APIs without ever handling our users’ username & password.

  3. Is that it? Yes! (mostly) Using OAuth gives us some

    other advantages: Remote kill-switch in case a user is hacked Rate Limiting Analytics. Who is using what apps?

  4. How does it work? There are three participants: The User

    The App The Server The goal is to never share private credentials between the user & the app.

  5. Here we go! Marty McFly wants users to comment on

    his church’s blog using Faithlife. He registers his app, Hill Valley Baptist Church Blog at developer.faithlife.com, and hooks comments into his site.

  6. The Consumer Key & Consumer Secret are like the ‘username’

    and ‘password’ for the app itself.

  7. A wild user appears! And they want to post an

    angry comment at their pastor on the blog. So they click on the ‘sign in with Faithlife!’ button. blog.hillvalley.com sends a message to our server saying “I have a user that wants to sign in, but I don’t know who they are yet.”

  8. We say, no problem. And we give the app a

    temporary identifier to substitute for the user information until the user signs in. The App sends The User to a sign-in page that we provide. We tell the user what The App is allowed to do.

  9. Meanwhile... The App is doing other stuff while waiting for

    The User to sign in. When The User gives permission, we send a Verifier that says that everything checks out OK.

  10. Finally... The App sends the verifier to The Server along

    with the temporary token, and the server sends The App an Access Token & Access Secret. These substitute for the user’s username & password, and The App signs all of its API requests with these credentials.

  11. A happy ending. The User may be angry at his

    pastor, but he won’t have to be angry about his Faithlife account being hacked.

  12. The nitty gritty The OAuth server runs at: https://auth.logos.com/oauth/v1/ You

    can start building apps using the documentation and app registration facilities at: https://developer.faithlife.com/

  13. Plug it in. We have OAuth clients implemented for Objective-C

    and C# in the OAuth repository. I built a small website written in Haskell that uses OAuth. The developer portal is written using Node, and uses OAuth for sign-in & registration.

  14. Questions?