Facebook & OAuth
92
2014. By Deng Wei-Dai. For Social Web Design Workshop . 淺談 Facebook & OAuth 與 Live 實作 鄧維岱 Danny Deng 2014.05.14 @ 成電機系 92225 1 Social Web Design Workshop #1
Transcript of Facebook & OAuth
2014. By Deng Wei-Dai. For Social Web Design Workshop.
淺談Facebook & OAuth與Live實作
鄧維岱 Danny Deng 2014.05.14
@ 成⼤大電機系92225
1
Social Web Design Workshop #1
2014. By Deng Wei-Dai. For Social Web Design Workshop.
ABOUT ME
• 鄧維岱 Danny
2
2014. By Deng Wei-Dai. For Social Web Design Workshop.
ABOUT ME
• 鄧維岱 Danny
• NCKU EE104
2
2014. By Deng Wei-Dai. For Social Web Design Workshop.
ABOUT ME
• 鄧維岱 Danny
• NCKU EE104
• MOVEMENT @ SWD 2013
• www.movement-itw.com
2
2014. By Deng Wei-Dai. For Social Web Design Workshop.
ABOUT ME
• 鄧維岱 Danny
• NCKU EE104
• MOVEMENT @ SWD 2013
• www.movement-itw.com
2
2014. By Deng Wei-Dai. For Social Web Design Workshop.
ABOUT ME
• 鄧維岱 Danny
• NCKU EE104
• MOVEMENT @ SWD 2013
• www.movement-itw.com
2
2014. By Deng Wei-Dai. For Social Web Design Workshop.
What is OAuth?
3
2014. By Deng Wei-Dai. For Social Web Design Workshop.
What is OAuth?
3
Open Standard for Authorization
2014. By Deng Wei-Dai. For Social Web Design Workshop.
授權程式從_____存取資料
4
2014. By Deng Wei-Dai. For Social Web Design Workshop.
授權程式從_____存取資料
4
Website.APP
2014. By Deng Wei-Dai. For Social Web Design Workshop.
授權程式從_____存取資料
4
Website.APP
FB.GitHub.LinkedIn
2014. By Deng Wei-Dai. For Social Web Design Workshop.
授權程式從_____存取資料
4
Website.APP
FB.GitHub.LinkedIn
Name.Birth. Email.Photo
2014. By Deng Wei-Dai. For Social Web Design Workshop.
Why OAuth?
5
2014. By Deng Wei-Dai. For Social Web Design Workshop.
We do not need to sign up new accounts
Why OAuth?
5
2014. By Deng Wei-Dai. For Social Web Design Workshop. 6
So,
2014. By Deng Wei-Dai. For Social Web Design Workshop.
How OAuth works?
6
So,
2014. By Deng Wei-Dai. For Social Web Design Workshop.
ROLE
7
2014. By Deng Wei-Dai. For Social Web Design Workshop.
ROLE
7
授權程式從_____存取資料
2014. By Deng Wei-Dai. For Social Web Design Workshop.
ROLE
• Resource Owner: 使⽤用者
7
授權程式從_____存取資料
2014. By Deng Wei-Dai. For Social Web Design Workshop.
ROLE
• Resource Owner: 使⽤用者
• Resource Server: 存放使⽤用者資料的伺服器
7
授權程式從_____存取資料
2014. By Deng Wei-Dai. For Social Web Design Workshop.
ROLE
• Resource Owner: 使⽤用者
• Resource Server: 存放使⽤用者資料的伺服器
• Authorization Server: 授權Access Token的伺服器
7
授權程式從_____存取資料
2014. By Deng Wei-Dai. For Social Web Design Workshop.
ROLE
• Resource Owner: 使⽤用者
• Resource Server: 存放使⽤用者資料的伺服器
• Authorization Server: 授權Access Token的伺服器
• Client: Third-Party程式、APP
7
授權程式從_____存取資料
2014. By Deng Wei-Dai. For Social Web Design Workshop.
CLIENT
8
2014. By Deng Wei-Dai. For Social Web Design Workshop.
CLIENT
8
Client ID
2014. By Deng Wei-Dai. For Social Web Design Workshop.
CLIENT
8
Client ID Client Secret
2014. By Deng Wei-Dai. For Social Web Design Workshop.
CLIENT
8
Client ID Client Secret
Redirect URI
2014. By Deng Wei-Dai. For Social Web Design Workshop.
• Scope: 存取資料範圍
9
more reference for scope
2014. By Deng Wei-Dai. For Social Web Design Workshop.
• Scope: 存取資料範圍
9
Public Profile (Default).email…
more reference for scope
2014. By Deng Wei-Dai. For Social Web Design Workshop.
• Scope: 存取資料範圍
9
Public Profile (Default).email…
more reference for scope
2014. By Deng Wei-Dai. For Social Web Design Workshop.
• Scope: 存取資料範圍
• State: (RECOMMEND) Random, prevent CSRF
9
Public Profile (Default).email…
more reference for scope
2014. By Deng Wei-Dai. For Social Web Design Workshop.
• Scope: 存取資料範圍
• State: (RECOMMEND) Random, prevent CSRF
• Code: Get Access Token
9
Public Profile (Default).email…
more reference for scope
2014. By Deng Wei-Dai. For Social Web Design Workshop.
• Scope: 存取資料範圍
• State: (RECOMMEND) Random, prevent CSRF
• Code: Get Access Token
• Access Token: Main KEY
9
Public Profile (Default).email…
more reference for scope
2014. By Deng Wei-Dai. For Social Web Design Workshop.
OAuth Flow
10
2014. By Deng Wei-Dai. For Social Web Design Workshop.
ROLE
• Resource Owner: 使⽤用者
• Resource Server: 存放使⽤用者資料的伺服器
• Authorization Server: 授權Access Token的伺服器
• Client: Third-Party程式、APP
11
授權程式從_____存取資料
2014. By Deng Wei-Dai. For Social Web Design Workshop. 12
2014. By Deng Wei-Dai. For Social Web Design Workshop. 12
2014. By Deng Wei-Dai. For Social Web Design Workshop. 12
Client ID, Redirect URI,Scope, State…
2014. By Deng Wei-Dai. For Social Web Design Workshop. 12
Client ID, Redirect URI,Scope, State…
Agree?
2014. By Deng Wei-Dai. For Social Web Design Workshop. 12
Client ID, Redirect URI,Scope, State…
Agree?
Grant codeError msg
With same state
2014. By Deng Wei-Dai. For Social Web Design Workshop. 13
2014. By Deng Wei-Dai. For Social Web Design Workshop. 13
Send to Redirect URI
Grant codeError msg with same state
2014. By Deng Wei-Dai. For Social Web Design Workshop. 13
Send to Redirect URI
Grant codeError msg with same state
CHECK state
2014. By Deng Wei-Dai. For Social Web Design Workshop. 13
Send to Redirect URI
Grant codeError msg with same state
Client info, Grant code
CHECK state
2014. By Deng Wei-Dai. For Social Web Design Workshop. 13
Send to Redirect URI
Grant codeError msg with same state
Client info, Grant code
CHECK state
CHECK 1.Client info 2.Redirect URI
2014. By Deng Wei-Dai. For Social Web Design Workshop. 13
Send to Redirect URI
Grant codeError msg with same state
Client info, Grant code
CHECK state
Access Token
CHECK 1.Client info 2.Redirect URI
2014. By Deng Wei-Dai. For Social Web Design Workshop. 14
Access Token
2014. By Deng Wei-Dai. For Social Web Design Workshop. 14
Access Token
Call Graph API (FB)
2014. By Deng Wei-Dai. For Social Web Design Workshop. 14
Access Token
Call Graph API (FB)
GET User’s info
2014. By Deng Wei-Dai. For Social Web Design Workshop. 14
Access Token
Call Graph API (FB)
Login Success
GET User’s info
2014. By Deng Wei-Dai. For Social Web Design Workshop.
3 PROTOCOL ENDPOINT(a little bit detail)
15
2014. By Deng Wei-Dai. For Social Web Design Workshop.
3 PROTOCOL ENDPOINT(a little bit detail)
15
Authorization Server Client
2014. By Deng Wei-Dai. For Social Web Design Workshop.
3 PROTOCOL ENDPOINT(a little bit detail)
15
Authorization Server Client
Authorization Endpoint
Token Endpoint
2014. By Deng Wei-Dai. For Social Web Design Workshop.
3 PROTOCOL ENDPOINT(a little bit detail)
15
Authorization Server
Redirection Endpoint
Client
Authorization Endpoint
Token Endpoint
2014. By Deng Wei-Dai. For Social Web Design Workshop.
3 PROTOCOL ENDPOINT
16
Authorization Server
Redirection Endpoint
Client
Authorization Endpoint
Token Endpoint
2014. By Deng Wei-Dai. For Social Web Design Workshop. 17
Client ID, Redirect URI,Scope, State…
Agree?
Grant codeError msg
With same state
2014. By Deng Wei-Dai. For Social Web Design Workshop. 17
Client ID, Redirect URI,Scope, State…
Agree?
Grant codeError msg
With same state
2014. By Deng Wei-Dai. For Social Web Design Workshop. 17
Client ID, Redirect URI,Scope, State…
Agree?
Grant codeError msg
With same state
2014. By Deng Wei-Dai. For Social Web Design Workshop.
https://www.facebook.com/dialog/oauth?
client_id=580500188730688
&redirect_uri=http://merry.ee.ncku.edu.tw/redirect
&state=d41d8cd98f00b204e9800998ecf8427e
&response_type=code
&scope=email
18
向Authorization Endpoint提出請求
data which redirect back is code
2014. By Deng Wei-Dai. For Social Web Design Workshop. 19
2014. By Deng Wei-Dai. For Social Web Design Workshop.
DENY OR ERRORhttp://your_redirect_uri?error=error&error_code=error_code &error_description=description&error_reason=error_reason &state=state
19
more reference for error
2014. By Deng Wei-Dai. For Social Web Design Workshop.
DENY OR ERRORhttp://your_redirect_uri?error=error&error_code=error_code &error_description=description&error_reason=error_reason &state=state
19
more reference for error
http://your_redirect_uri?code=code&state=state
AGREE
2014. By Deng Wei-Dai. For Social Web Design Workshop. 20
Client ID, Redirect URI,Scope, State…
Agree?
Grant codeError msg
With same state
2014. By Deng Wei-Dai. For Social Web Design Workshop. 20
Client ID, Redirect URI,Scope, State…
Agree?
Grant codeError msg
With same state
2014. By Deng Wei-Dai. For Social Web Design Workshop.
3 PROTOCOL ENDPOINT
21
Authorization Server
Redirection Endpoint
Client
Authorization Endpoint
Token Endpoint
2014. By Deng Wei-Dai. For Social Web Design Workshop. 22
Send to Redirect URI
Grant codeError msg with same state
Client info, Grant code
CHECK state
Access Token
CHECK 1.Client info 2.Redirect URI
2014. By Deng Wei-Dai. For Social Web Design Workshop. 22
Send to Redirect URI
Grant codeError msg with same state
Client info, Grant code
CHECK state
Access Token
CHECK 1.Client info 2.Redirect URI
2014. By Deng Wei-Dai. For Social Web Design Workshop.
3 PROTOCOL ENDPOINT
23
Authorization Server
Redirection Endpoint
Client
Authorization Endpoint
Token Endpoint
2014. By Deng Wei-Dai. For Social Web Design Workshop. 24
Send to Redirect URI
Grant codeError msg with same state
Client info, Grant code
CHECK state
Access Token
CHECK 1.Client info 2.Redirect URI
2014. By Deng Wei-Dai. For Social Web Design Workshop. 24
Send to Redirect URI
Grant codeError msg with same state
Client info, Grant code
CHECK state
Access Token
CHECK 1.Client info 2.Redirect URI
2014. By Deng Wei-Dai. For Social Web Design Workshop. 24
Send to Redirect URI
Grant codeError msg with same state
Client info, Grant code
CHECK state
Access Token
CHECK 1.Client info 2.Redirect URI
2014. By Deng Wei-Dai. For Social Web Design Workshop.
https://graph.facebook.com/oauth/access_token?
client_id=client_id
&client_secret=client_secret
&redirect_uri=redirect_uri
&code=code
25
向Token Endpoint提出請求
Afterwards, get access_token
2014. By Deng Wei-Dai. For Social Web Design Workshop. 26
Access Token
Call Graph API (FB)
Login Success
GET User’s info
2014. By Deng Wei-Dai. For Social Web Design Workshop. 26
Access Token
Call Graph API (FB)
Login Success
GET User’s info
2014. By Deng Wei-Dai. For Social Web Design Workshop.
https://graph.facebook.com/me?
access_token=access_token
27
Graph API request access_token
We will get info depending on scope
2014. By Deng Wei-Dai. For Social Web Design Workshop.
So far, Question?
28
2014. By Deng Wei-Dai. For Social Web Design Workshop.
Live Coding
29
Facebook SDK for JavaScript?
2014. By Deng Wei-Dai. For Social Web Design Workshop. 30
Download Materials
2014. By Deng Wei-Dai. For Social Web Design Workshop.
Let’s start !
31
2014. By Deng Wei-Dai. For Social Web Design Workshop.
Create Facebook App
32
2014. By Deng Wei-Dai. For Social Web Design Workshop.
PHP
33
2014. By Deng Wei-Dai. For Social Web Design Workshop.
STRUCTURE
PHP Folder
• index.html
• jquery-2.0.2.min.js
• facebook.php
• facebook.png
34
2014. By Deng Wei-Dai. For Social Web Design Workshop.
CURL DETAIL
• curl_setopt(ch, option, value);
• CURLOPT_URL: 設定擷取網址
• CURLOPT_RETURNTRANSFER: 回傳是否字串
• curl_exec($ch): 執⾏行
• curl_close($ch): 關閉
35
2014. By Deng Wei-Dai. For Social Web Design Workshop.
NodeJS
36
If we have time…
2014. By Deng Wei-Dai. For Social Web Design Workshop.
NodeJS
36
With Express and Passport
If we have time…
2014. By Deng Wei-Dai. For Social Web Design Workshop.
STEP
npm install express-generator (Installed by Prof.)
1. ssh [email protected]
2. express XXX (XXX is a folder)
3. cd XXX & npm install
4. npm install passport
5. npm install passport-facebook
37
2014. By Deng Wei-Dai. For Social Web Design Workshop.
STRUCTURE
NodeJS Folder
• app.js
• routes/index.js
• html/facebook.html
38
2014. By Deng Wei-Dai. For Social Web Design Workshop.
MORE REFERENCE
• Passport Authentication for Node.js Applications
• Easy Node Authentication: Facebook
• Notice: Express3.0. We have installed express 4.0
39
2014. By Deng Wei-Dai. For Social Web Design Workshop.
Is OAuth safe?
40
2014. By Deng Wei-Dai. For Social Web Design Workshop.
I do not think so…
Is OAuth safe?
40
2014. By Deng Wei-Dai. For Social Web Design Workshop. 41
Any Question?
2014. By Deng Wei-Dai. For Social Web Design Workshop. 42
Thanks for your listening!
2014. By Deng Wei-Dai. For Social Web Design Workshop.
MORE REFERENCE
• (Ruby)簡單易懂的 OAuth 2.0 - 如何⽤用 OAuth 2 鎖住你的 API
• OAuth 和 OpenID 到底是什麼呢?
• Spec: The OAuth 2.0 Authorization Framework
43
