Oauth Vs Password Antipattern
-
Upload
bruceboughton -
Category
Technology
-
view
4.900 -
download
1
description
Transcript of Oauth Vs Password Antipattern
![Page 1: Oauth Vs Password Antipattern](https://reader033.fdocuments.net/reader033/viewer/2022061114/545ca671af7959af098b4912/html5/thumbnails/1.jpg)
Barcamp Brighton 3
OAuth versus the Password Anti-PatternBruce Boughton
6-7 September 2008
http://lab.madgex.com/oauth-net/[email protected]://siliconbea.ch/
![Page 2: Oauth Vs Password Antipattern](https://reader033.fdocuments.net/reader033/viewer/2022061114/545ca671af7959af098b4912/html5/thumbnails/2.jpg)
The Password Anti-Pattern
![Page 3: Oauth Vs Password Antipattern](https://reader033.fdocuments.net/reader033/viewer/2022061114/545ca671af7959af098b4912/html5/thumbnails/3.jpg)
Problem Solved
Google Contacts Data APIWindows Live Contacts APIYahoo! Address Book API
AuthSubWL ID Delegated AuthBBAuth
And this is just for authentication!
![Page 4: Oauth Vs Password Antipattern](https://reader033.fdocuments.net/reader033/viewer/2022061114/545ca671af7959af098b4912/html5/thumbnails/4.jpg)
OAuth
An open protocol to allow secure API authentication in a simple and standard method from desktop and web applications.
![Page 5: Oauth Vs Password Antipattern](https://reader033.fdocuments.net/reader033/viewer/2022061114/545ca671af7959af098b4912/html5/thumbnails/5.jpg)
http://lab.madgex.com/oauth-net/googlecontacts/
![Page 6: Oauth Vs Password Antipattern](https://reader033.fdocuments.net/reader033/viewer/2022061114/545ca671af7959af098b4912/html5/thumbnails/6.jpg)
http://whereami.lab.madgex.com/
![Page 7: Oauth Vs Password Antipattern](https://reader033.fdocuments.net/reader033/viewer/2022061114/545ca671af7959af098b4912/html5/thumbnails/7.jpg)
consumers
service providers
users
![Page 8: Oauth Vs Password Antipattern](https://reader033.fdocuments.net/reader033/viewer/2022061114/545ca671af7959af098b4912/html5/thumbnails/8.jpg)
Asserting Identity and Authority
Requests signed using consumer & token secrets
Request token: consumer identified, requesting authorization
Access token: consumer authorized by user to act on their behalf, may now fetch protected resources
![Page 9: Oauth Vs Password Antipattern](https://reader033.fdocuments.net/reader033/viewer/2022061114/545ca671af7959af098b4912/html5/thumbnails/9.jpg)
Extensible and Flexible
OAuth Core 1.0 provides base
Supports at least web, desktop consumers
Extensions add functionality
![Page 11: Oauth Vs Password Antipattern](https://reader033.fdocuments.net/reader033/viewer/2022061114/545ca671af7959af098b4912/html5/thumbnails/11.jpg)
Bringing OAuth to .NET developers
Build consumers and service providers for .NET 2.0 and newer
Hides complexity of protocol from developer
Very permissive MIT license
Developed as part of ongoing innovation work
![Page 12: Oauth Vs Password Antipattern](https://reader033.fdocuments.net/reader033/viewer/2022061114/545ca671af7959af098b4912/html5/thumbnails/12.jpg)
Configuring the Fire Eagle service
![Page 13: Oauth Vs Password Antipattern](https://reader033.fdocuments.net/reader033/viewer/2022061114/545ca671af7959af098b4912/html5/thumbnails/13.jpg)
Requesting the user’s location
![Page 14: Oauth Vs Password Antipattern](https://reader033.fdocuments.net/reader033/viewer/2022061114/545ca671af7959af098b4912/html5/thumbnails/14.jpg)
Handling authorization (when required)
![Page 15: Oauth Vs Password Antipattern](https://reader033.fdocuments.net/reader033/viewer/2022061114/545ca671af7959af098b4912/html5/thumbnails/15.jpg)
Using the protected resource
![Page 16: Oauth Vs Password Antipattern](https://reader033.fdocuments.net/reader033/viewer/2022061114/545ca671af7959af098b4912/html5/thumbnails/16.jpg)
http://oauthproviderdemo.madgex.com/
![Page 17: Oauth Vs Password Antipattern](https://reader033.fdocuments.net/reader033/viewer/2022061114/545ca671af7959af098b4912/html5/thumbnails/17.jpg)
Want to know more?
http://lab.madgex.com/oauth-net/[email protected]
http://siliconbea.ch/[email protected]