Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Introduction to OAuth

Introduction to OAuth

Delivered at the Eduserv Federated Access Management conference 2011 on 9th November 2011

Alex Bilbie

May 30, 2012
Tweet

More Decks by Alex Bilbie

Other Decks in Technology

Transcript

  1. These resources1 are stored on a resource server 2 1.

    personal details 2. facebook.com Wednesday, 30 May 12
  2. The client1 wants to use my resources2 1. 3rd party

    web app 2. personal details Wednesday, 30 May 12
  3. “An open protocol to allow secure API authorisation in a

    simple and standard method from desktop and web applications.” oauth.net Wednesday, 30 May 12
  4. The resource server clearly tells the user the specific data

    the client wants to access Wednesday, 30 May 12
  5. User authorises the application and is redirected back to client

    with a authorisation code in the query string Wednesday, 30 May 12
  6. The access token can then be used as authorisation by

    the client to access the specified resources for a specific length of time Wednesday, 30 May 12
  7. Developers just need to implement a redirect and a POST

    request <- Happy developers Wednesday, 30 May 12
  8. Nefarious clients can have their credentials revoked and all associated

    access tokens destroyed immediately Wednesday, 30 May 12
  9. v1.0a and v2.0 v1.0a v1.0a v2.0 (prev v1.0a) v2.0 v2.0

    (prev v1.0a) v2.0 (prev v1.0a) v2.0 Wednesday, 30 May 12
  10. Blackboard (SAML) Zendesk (SAML) Get Satisfaction (OAuth) WordPress (OAuth) Exchange

    (ADFS) Sharepoint (ADFS) Gmail (SAML) + OAuth clients (internal + external) Wednesday, 30 May 12