Tweet
Tweet

Slide 1

Slide 1 text

OAuth 2.0 Authorization Code Flow

Slide 2

Slide 2 text

Authentication

Slide 3

Slide 3 text

Email login Password

Slide 4

Slide 4 text

Email login Password username email password WHERE email = ? AND password = ?

Slide 5

Slide 5 text

Email login Password username email password WHERE email = ? AND password = ? hi {username} login failed

Slide 6

Slide 6 text

Delegated Authorization with OAuth 2.0

Slide 7

Slide 7 text

https://blog.yorkxin.org/2013/09/30/oauth2-4-1-auth-code-grant-flow.html

Slide 8

Slide 8 text

login with google Email Password twjug-lite.com accounts.google.com login

Slide 9

Slide 9 text

login with google Email Password twjug-lite.com accounts.google.com login No Yes 你同意 TWJUG lite 使 用 OOO XXX 嗎? accounts.google.com

Slide 10

Slide 10 text

login with google Email Password twjug-lite.com accounts.google.com login No Yes accounts.google.com twjug-lite.com/callback loading ... xxx.google.com 你同意 TWJUG lite 使 用 OOO XXX 嗎?

Slide 11

Slide 11 text

login with google Email Password twjug-lite.com accounts.google.com login Yes accounts.google.com twjug-lite.com/callback loading ... xxx.google.com Client Authorization Sserver Resource Server User-Agent, a.k.a. 瀏覽器 Consent Resource Owner 你同意 TWJUG lite 使 用 OOO XXX 嗎?

Slide 12

Slide 12 text

RE: 重零開始的 OAuth Flow 細節⽣活

Slide 13

Slide 13 text

login with google Email Password twjug-lite.com accounts.google.com login No Yes accounts.google.com 1 response_type: code redirect_uri: twjut-lite.com/callback go to authorization server 你同意 TWJUG lite 使 用 OOO XXX 嗎?

Slide 14

Slide 14 text

login with google Email Password twjug-lite.com accounts.google.com login No Yes accounts.google.com twjug-lite.com/callback loading ... 1 2 response_type: code redirect_uri: twjut-lite.com/callback go to authorization server Back to redirect URI with authorization code 你同意 TWJUG lite 使 用 OOO XXX 嗎?

Slide 15

Slide 15 text

login with google Email Password twjug-lite.com accounts.google.com login No Yes accounts.google.com twjug-lite.com/callback loading ... 1 2 3 response_type: code redirect_uri: twjut-lite.com/callback go to authorization server Back to redirect URI with authorization code Exchange authorization code for access token 你同意 TWJUG lite 使 用 OOO XXX 嗎?

Slide 16

Slide 16 text

login with google Email Password twjug-lite.com accounts.google.com login No Yes accounts.google.com twjug-lite.com/callback loading ... 1 2 xxx.google.com 3 4 response_type: code redirect_uri: twjut-lite.com/callback go to authorization server Back to redirect URI with authorization code Exchange authorization code for access token Talk to resource server with access token 你同意 TWJUG lite 使 用 OOO XXX 嗎?

Slide 17

Slide 17 text

動⼿做看看 https://auth0.com/docs/api-auth/tutorials/authorization-code-grant

Slide 18

Slide 18 text

login with google Email Password twjug-lite.com accounts.google.com login 1 client_id: xxxx response_type: code redirect_uri: twjut-lite.com/callback go to authorization server 0 向 OAuth Provider 註冊你的 Client 取得 client_id, client_secret

Slide 19

Slide 19 text

Email Password accounts.google.com login No Yes accounts.google.com twjug-lite.com/callback loading ... 2 Back to redirect URI with authorization code Exchange authorization code for access token 你同意 TWJUG lite 使 用 OOO XXX 嗎? 3