SlideShare une entreprise Scribd logo

Implementing OpenID for Your Social Networking Site

David Keener
David Keener

There are thousands of social networking sites, each with their own unique sign-on systems. How many user names and passwords do you really want to remember? Wouldn't it be nice if you could have a single sign-on that you could use on all of the sites that you frequent? OpenID is an open-source, decentralized sign-on technology that promises this and more. Find out how to implement OpenID for a web site using Ruby on Rails.

TechnologieDesign
1  sur  37
Implementing OpenID for Your Social Networking Web Site By David Keener http://www.keenertech.com
Introduction ,[object Object],[object Object],[object Object],[object Object]
Presentation Goals ,[object Object],[object Object],[object Object],[object Object],By the time this presentation is over, you will….
Part 1: The Basics
So, What Is OpenID? ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Hasn’t This Been Done Before? ,[object Object],[object Object],[object Object]
A Few Statistics… ,[object Object],[object Object],[object Object],[object Object]
Why Do Users Need OpenID? ,[object Object],[object Object],[object Object],[object Object],[object Object],Um, it’s the Holy Grail of the Internet…”one ID to rule them all.”
Why Do Developers Want OpenID? ,[object Object],[object Object],[object Object],[object Object]
So, What Is an OpenID? ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Well, it sounds cool. But what, exactly is an OpenID?
What Can You Do With an OpenID? ,[object Object],[object Object],[object Object],Let’s make it even simpler. An OpenID is a personal URL. This is what you can do with it:
So, How’s It Work for the User? First, you need a good Login page. Make sure to give users some info on OpenID. This sample Login page provides separate logins for OpenID and “AOL”.
Login Flow (User Perspective) 1. User provides OpenID to web site 2. Authenticate with Identity Provider 3. Re-direct user back to web site - Success: Go to desired destination - Failure: Back to Login page * Yes, there’s other complexities, but we’ll talk about them later
Part 2: The OpenID Spec
First, a Note About Modes ,[object Object],[object Object],To support as many situations as possible, the OpenID spec includes two basic modes of operation….
OpenID Terminology ,[object Object],[object Object],[object Object],[object Object],[object Object]
Our Players User (David Keener) User-Agent (the browser) Identity Provider - openid.aol.com Relying Party (Consumer) - Our sample social networking site Identifier - openid.aol.com/davidkeener01 For the discussion, here are our players in the OpenID process….
Behind the Scenes… (Part 1) ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Here’s what’s really happening behind the scenes.
Behind the Scenes… (Part 2) ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Behind the Scenes… (Part 3) ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
OpenID Provider Details ,[object Object],[object Object],[object Object],The goal of OpenID is to make accessing web sites easier for users. Many providers support “ease-of-use” options:
What’s a Delegate? ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Suppose you’d like to have your own identity, based on your own domain name (like keenertech.com/dkeener ), but you’d rather not run your own OpenID Server….
Delegate HTML Page ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],- OpenID: keenertech.com/dkeener - URL: http://www.keenertech.com/dkeener/index.html
Part 3: Implementing OpenID
Supporting OpenID in Rails ,[object Object],[object Object],[object Object],[object Object],[object Object]
Let’s Implement OpenID in Rails ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],We’re going to need the following files:
Login Partial ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Just a basic HTML form, nothing exciting…. - Hidden field indicates whether the form is for an OpenID login or an “AOL” login. - Posts to the “login” action of the OpenID Controller.
Login Page ,[object Object],[object Object],[object Object],[object Object],[object Object],The Login page is equally exciting….
The OpenID Controller (Part 1) ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],- Layout is nil because this controller will not cause any views to be displayed - Must have a “require” statement for OpenID. - Note the private function “openid_consumer” which will be used by both the “login” and “complete” functions.
The OpenID Controller (Part 2) ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
The OpenID Controller (Part 3) ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],User.check_user looks up the user ID for the identity. If not found, then it creates a new user.
Integration Recommendations ,[object Object],[object Object],[object Object],For your social networking site…
Part 4: Wrapping Up
OpenID as a Building Block ,[object Object],[object Object],[object Object],OpenID solves the problem of “identity,” not “trust”…but think of the things that can be built on top of OpenID…
More Info About OpenID (Part 1) ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
More Info About OpenID (Part 2) ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Summary ,[object Object],[object Object],[object Object],[object Object]

Recommandé

Open ID
Open IDOpen ID
Open IDdiwanshu.joshi
 
An Introduction to OpenID
An Introduction to OpenIDAn Introduction to OpenID
An Introduction to OpenIDMax Manders
 
O auth2 with angular js
O auth2 with angular jsO auth2 with angular js
O auth2 with angular jsBixlabs
 
Introduction to OpenID Connect
Introduction to OpenID Connect Introduction to OpenID Connect
Introduction to OpenID Connect Nat Sakimura
 
OAuth for your API - The Big Picture
OAuth for your API - The Big PictureOAuth for your API - The Big Picture
OAuth for your API - The Big PictureApigee | Google Cloud
 
An Introduction to OAuth 2
An Introduction to OAuth 2An Introduction to OAuth 2
An Introduction to OAuth 2Aaron Parecki
 
LinkedIn OAuth: Zero To Hero
LinkedIn OAuth: Zero To HeroLinkedIn OAuth: Zero To Hero
LinkedIn OAuth: Zero To HeroTaylor Singletary
 
Lecture 20101124
Lecture 20101124Lecture 20101124
Lecture 20101124Anderson Liang
 

Recommandé

Open ID
Open IDOpen ID
Open IDdiwanshu.joshi
 
An Introduction to OpenID
An Introduction to OpenIDAn Introduction to OpenID
An Introduction to OpenIDMax Manders
 
O auth2 with angular js
O auth2 with angular jsO auth2 with angular js
O auth2 with angular jsBixlabs
 
Introduction to OpenID Connect
Introduction to OpenID Connect Introduction to OpenID Connect
Introduction to OpenID Connect Nat Sakimura
 
OAuth for your API - The Big Picture
OAuth for your API - The Big PictureOAuth for your API - The Big Picture
OAuth for your API - The Big PictureApigee | Google Cloud
 
An Introduction to OAuth 2
An Introduction to OAuth 2An Introduction to OAuth 2
An Introduction to OAuth 2Aaron Parecki
 
LinkedIn OAuth: Zero To Hero
LinkedIn OAuth: Zero To HeroLinkedIn OAuth: Zero To Hero
LinkedIn OAuth: Zero To HeroTaylor Singletary
 
Lecture 20101124
Lecture 20101124Lecture 20101124
Lecture 20101124Anderson Liang
 
OAuth 2.0 and OpenId Connect
OAuth 2.0 and OpenId ConnectOAuth 2.0 and OpenId Connect
OAuth 2.0 and OpenId ConnectSaran Doraiswamy
 
OAuth 2 Presentation
OAuth 2 PresentationOAuth 2 Presentation
OAuth 2 PresentationMohamed Ahmed Abdullah
 
Linkedin & OAuth
Linkedin & OAuthLinkedin & OAuth
Linkedin & OAuthUmang Goyal
 
Oauth2.0
Oauth2.0Oauth2.0
Oauth2.0Yasmine Gaber
 
Oauth 2.0
Oauth 2.0Oauth 2.0
Oauth 2.0Manish Kumar Singh
 
CIS14: Working with OAuth and OpenID Connect
CIS14: Working with OAuth and OpenID ConnectCIS14: Working with OAuth and OpenID Connect
CIS14: Working with OAuth and OpenID ConnectCloudIDSummit
 
Getting Started with FIDO2
Getting Started with FIDO2Getting Started with FIDO2
Getting Started with FIDO2FIDO Alliance
 
Full stack security
Full stack securityFull stack security
Full stack securityDPC Consulting Ltd
 
A simple PHP LinkedIn OAuth 2.0 example
A simple PHP LinkedIn OAuth 2.0 exampleA simple PHP LinkedIn OAuth 2.0 example
A simple PHP LinkedIn OAuth 2.0 exampleMattia Reggiani
 
OAuth2 Authentication
OAuth2 AuthenticationOAuth2 Authentication
OAuth2 AuthenticationIsmael Costa
 
Understanding OpenID
Understanding OpenIDUnderstanding OpenID
Understanding OpenIDPrabath Siriwardena
 
Securing your APIs with OAuth, OpenID, and OpenID Connect
Securing your APIs with OAuth, OpenID, and OpenID ConnectSecuring your APIs with OAuth, OpenID, and OpenID Connect
Securing your APIs with OAuth, OpenID, and OpenID ConnectManish Pandit
 
Implications Of OpenID (Google Tech Talk)
Implications Of OpenID (Google Tech Talk)Implications Of OpenID (Google Tech Talk)
Implications Of OpenID (Google Tech Talk)Simon Willison
 
OpenID Connect 1.0 Explained
OpenID Connect 1.0 ExplainedOpenID Connect 1.0 Explained
OpenID Connect 1.0 ExplainedEugene Siow
 
OpenID Connect - An Emperor or Just New Cloths?
OpenID Connect - An Emperor or Just New Cloths?OpenID Connect - An Emperor or Just New Cloths?
OpenID Connect - An Emperor or Just New Cloths?Oliver Pfaff
 
CIS14: OAuth and OpenID Connect in Action
CIS14: OAuth and OpenID Connect in ActionCIS14: OAuth and OpenID Connect in Action
CIS14: OAuth and OpenID Connect in ActionCloudIDSummit
 
OAuth big picture
OAuth big pictureOAuth big picture
OAuth big pictureMin Li
 
OAuth2 and LinkedIn
OAuth2 and LinkedInOAuth2 and LinkedIn
OAuth2 and LinkedInKamyar Mohager
 
Y U No OAuth, Using Common Patterns to Secure Your Web Applications
Y U No OAuth, Using Common Patterns to Secure Your Web ApplicationsY U No OAuth, Using Common Patterns to Secure Your Web Applications
Y U No OAuth, Using Common Patterns to Secure Your Web ApplicationsJason Robert
 
Deciphering 'Claims-based Identity'
Deciphering 'Claims-based Identity'Deciphering 'Claims-based Identity'
Deciphering 'Claims-based Identity'Oliver Pfaff
 
Amical 2013 wksp multimodal projects for 21st century learning
Amical 2013 wksp multimodal projects for 21st century learningAmical 2013 wksp multimodal projects for 21st century learning
Amical 2013 wksp multimodal projects for 21st century learningHoda Mostafa
 
CUF30107 Mod AA2 OHS Presentation
CUF30107 Mod AA2 OHS PresentationCUF30107 Mod AA2 OHS Presentation
CUF30107 Mod AA2 OHS Presentationamcmills
 

Contenu connexe

Tendances

OAuth 2.0 and OpenId Connect
OAuth 2.0 and OpenId ConnectOAuth 2.0 and OpenId Connect
OAuth 2.0 and OpenId ConnectSaran Doraiswamy
 
Linkedin & OAuth
Linkedin & OAuthLinkedin & OAuth
Linkedin & OAuthUmang Goyal
 
CIS14: Working with OAuth and OpenID Connect
CIS14: Working with OAuth and OpenID ConnectCIS14: Working with OAuth and OpenID Connect
CIS14: Working with OAuth and OpenID ConnectCloudIDSummit
 
Getting Started with FIDO2
Getting Started with FIDO2Getting Started with FIDO2
Getting Started with FIDO2FIDO Alliance
 
A simple PHP LinkedIn OAuth 2.0 example
A simple PHP LinkedIn OAuth 2.0 exampleA simple PHP LinkedIn OAuth 2.0 example
A simple PHP LinkedIn OAuth 2.0 exampleMattia Reggiani
 
OAuth2 Authentication
OAuth2 AuthenticationOAuth2 Authentication
OAuth2 AuthenticationIsmael Costa
 
Securing your APIs with OAuth, OpenID, and OpenID Connect
Securing your APIs with OAuth, OpenID, and OpenID ConnectSecuring your APIs with OAuth, OpenID, and OpenID Connect
Securing your APIs with OAuth, OpenID, and OpenID ConnectManish Pandit
 
Implications Of OpenID (Google Tech Talk)
Implications Of OpenID (Google Tech Talk)Implications Of OpenID (Google Tech Talk)
Implications Of OpenID (Google Tech Talk)Simon Willison
 
OpenID Connect 1.0 Explained
OpenID Connect 1.0 ExplainedOpenID Connect 1.0 Explained
OpenID Connect 1.0 ExplainedEugene Siow
 
OpenID Connect - An Emperor or Just New Cloths?
OpenID Connect - An Emperor or Just New Cloths?OpenID Connect - An Emperor or Just New Cloths?
OpenID Connect - An Emperor or Just New Cloths?Oliver Pfaff
 
CIS14: OAuth and OpenID Connect in Action
CIS14: OAuth and OpenID Connect in ActionCIS14: OAuth and OpenID Connect in Action
CIS14: OAuth and OpenID Connect in ActionCloudIDSummit
 
OAuth big picture
OAuth big pictureOAuth big picture
OAuth big pictureMin Li
 
Y U No OAuth, Using Common Patterns to Secure Your Web Applications
Y U No OAuth, Using Common Patterns to Secure Your Web ApplicationsY U No OAuth, Using Common Patterns to Secure Your Web Applications
Y U No OAuth, Using Common Patterns to Secure Your Web ApplicationsJason Robert
 
Deciphering 'Claims-based Identity'
Deciphering 'Claims-based Identity'Deciphering 'Claims-based Identity'
Deciphering 'Claims-based Identity'Oliver Pfaff
 

Tendances (20)

OAuth 2.0 and OpenId Connect
OAuth 2.0 and OpenId ConnectOAuth 2.0 and OpenId Connect
OAuth 2.0 and OpenId Connect
 
OAuth 2 Presentation
OAuth 2 PresentationOAuth 2 Presentation
OAuth 2 Presentation
 
Linkedin & OAuth
Linkedin & OAuthLinkedin & OAuth
Linkedin & OAuth
 
Oauth2.0
Oauth2.0Oauth2.0
Oauth2.0
 
Oauth 2.0
Oauth 2.0Oauth 2.0
Oauth 2.0
 
CIS14: Working with OAuth and OpenID Connect
CIS14: Working with OAuth and OpenID ConnectCIS14: Working with OAuth and OpenID Connect
CIS14: Working with OAuth and OpenID Connect
 
Getting Started with FIDO2
Getting Started with FIDO2Getting Started with FIDO2
Getting Started with FIDO2
 
Full stack security
Full stack securityFull stack security
Full stack security
 
A simple PHP LinkedIn OAuth 2.0 example
A simple PHP LinkedIn OAuth 2.0 exampleA simple PHP LinkedIn OAuth 2.0 example
A simple PHP LinkedIn OAuth 2.0 example
 
OAuth2 Authentication
OAuth2 AuthenticationOAuth2 Authentication
OAuth2 Authentication
 
Understanding OpenID
Understanding OpenIDUnderstanding OpenID
Understanding OpenID
 
Securing your APIs with OAuth, OpenID, and OpenID Connect
Securing your APIs with OAuth, OpenID, and OpenID ConnectSecuring your APIs with OAuth, OpenID, and OpenID Connect
Securing your APIs with OAuth, OpenID, and OpenID Connect
 
Implications Of OpenID (Google Tech Talk)
Implications Of OpenID (Google Tech Talk)Implications Of OpenID (Google Tech Talk)
Implications Of OpenID (Google Tech Talk)
 
OpenID Connect 1.0 Explained
OpenID Connect 1.0 ExplainedOpenID Connect 1.0 Explained
OpenID Connect 1.0 Explained
 
OpenID Connect - An Emperor or Just New Cloths?
OpenID Connect - An Emperor or Just New Cloths?OpenID Connect - An Emperor or Just New Cloths?
OpenID Connect - An Emperor or Just New Cloths?
 
CIS14: OAuth and OpenID Connect in Action
CIS14: OAuth and OpenID Connect in ActionCIS14: OAuth and OpenID Connect in Action
CIS14: OAuth and OpenID Connect in Action
 
OAuth big picture
OAuth big pictureOAuth big picture
OAuth big picture
 
OAuth2 and LinkedIn
OAuth2 and LinkedInOAuth2 and LinkedIn
OAuth2 and LinkedIn
 
Y U No OAuth, Using Common Patterns to Secure Your Web Applications
Y U No OAuth, Using Common Patterns to Secure Your Web ApplicationsY U No OAuth, Using Common Patterns to Secure Your Web Applications
Y U No OAuth, Using Common Patterns to Secure Your Web Applications
 
Deciphering 'Claims-based Identity'
Deciphering 'Claims-based Identity'Deciphering 'Claims-based Identity'
Deciphering 'Claims-based Identity'
 

En vedette

Amical 2013 wksp multimodal projects for 21st century learning
Amical 2013 wksp multimodal projects for 21st century learningAmical 2013 wksp multimodal projects for 21st century learning
Amical 2013 wksp multimodal projects for 21st century learningHoda Mostafa
 
CUF30107 Mod AA2 OHS Presentation
CUF30107 Mod AA2 OHS PresentationCUF30107 Mod AA2 OHS Presentation
CUF30107 Mod AA2 OHS Presentationamcmills
 
Building a... Better? Summer Reading
Building a... Better? Summer ReadingBuilding a... Better? Summer Reading
Building a... Better? Summer ReadingS Bryce Kozla
 
Panelinstrph
PanelinstrphPanelinstrph
Panelinstrphskatelal
 
20120127 OCvolos Virtual Trip
20120127 OCvolos Virtual Trip20120127 OCvolos Virtual Trip
20120127 OCvolos Virtual TripDimitris Tsingos
 
Why should students learn critical thinking
Why should students learn critical thinkingWhy should students learn critical thinking
Why should students learn critical thinkingPrasad A.S
 
MedicinMan October 2012
MedicinMan October 2012MedicinMan October 2012
MedicinMan October 2012Anup Soans
 
Artikel Original Teori Ukuran Perusahaan
Artikel Original Teori Ukuran PerusahaanArtikel Original Teori Ukuran Perusahaan
Artikel Original Teori Ukuran PerusahaanTrisnadi Wijaya
 
Pegasus essentials 2012 2013
Pegasus essentials 2012 2013Pegasus essentials 2012 2013
Pegasus essentials 2012 2013Jennifer Marten
 
How to Become an Effective Front-line Manager?
How to Become an Effective Front-line Manager?How to Become an Effective Front-line Manager?
How to Become an Effective Front-line Manager?Anup Soans
 
Ihm trend2012del2 kopia
Ihm trend2012del2 kopiaIhm trend2012del2 kopia
Ihm trend2012del2 kopiaGoran Adlen
 
Wps New Concept Overview Presentation 6 14 11 E
Wps New Concept Overview Presentation 6 14 11 EWps New Concept Overview Presentation 6 14 11 E
Wps New Concept Overview Presentation 6 14 11 Eragstowealth
 
Paavlipäev
PaavlipäevPaavlipäev
PaavlipäevGrete
 
Panelinstr
PanelinstrPanelinstr
Panelinstrskatelal
 
Student Reflections: The Next Generation of African Leaders
Student Reflections: The Next Generation of African LeadersStudent Reflections: The Next Generation of African Leaders
Student Reflections: The Next Generation of African LeadersLeadership Africa USA
 

En vedette (20)

Amical 2013 wksp multimodal projects for 21st century learning
Amical 2013 wksp multimodal projects for 21st century learningAmical 2013 wksp multimodal projects for 21st century learning
Amical 2013 wksp multimodal projects for 21st century learning
 
CUF30107 Mod AA2 OHS Presentation
CUF30107 Mod AA2 OHS PresentationCUF30107 Mod AA2 OHS Presentation
CUF30107 Mod AA2 OHS Presentation
 
Smart Service@KKU Library
Smart Service@KKU LibrarySmart Service@KKU Library
Smart Service@KKU Library
 
Building a... Better? Summer Reading
Building a... Better? Summer ReadingBuilding a... Better? Summer Reading
Building a... Better? Summer Reading
 
Panelinstrph
PanelinstrphPanelinstrph
Panelinstrph
 
Encuentro 4 Evaluar con tic
Encuentro 4 Evaluar con ticEncuentro 4 Evaluar con tic
Encuentro 4 Evaluar con tic
 
20120127 OCvolos Virtual Trip
20120127 OCvolos Virtual Trip20120127 OCvolos Virtual Trip
20120127 OCvolos Virtual Trip
 
Why should students learn critical thinking
Why should students learn critical thinkingWhy should students learn critical thinking
Why should students learn critical thinking
 
MedicinMan October 2012
MedicinMan October 2012MedicinMan October 2012
MedicinMan October 2012
 
Artikel Original Teori Ukuran Perusahaan
Artikel Original Teori Ukuran PerusahaanArtikel Original Teori Ukuran Perusahaan
Artikel Original Teori Ukuran Perusahaan
 
20120113 I3A
20120113 I3A 20120113 I3A
20120113 I3A
 
eFront e-Learning
eFront e-LearningeFront e-Learning
eFront e-Learning
 
Pegasus essentials 2012 2013
Pegasus essentials 2012 2013Pegasus essentials 2012 2013
Pegasus essentials 2012 2013
 
Hot Air Hand Tools
Hot Air Hand ToolsHot Air Hand Tools
Hot Air Hand Tools
 
How to Become an Effective Front-line Manager?
How to Become an Effective Front-line Manager?How to Become an Effective Front-line Manager?
How to Become an Effective Front-line Manager?
 
Ihm trend2012del2 kopia
Ihm trend2012del2 kopiaIhm trend2012del2 kopia
Ihm trend2012del2 kopia
 
Wps New Concept Overview Presentation 6 14 11 E
Wps New Concept Overview Presentation 6 14 11 EWps New Concept Overview Presentation 6 14 11 E
Wps New Concept Overview Presentation 6 14 11 E
 
Paavlipäev
PaavlipäevPaavlipäev
Paavlipäev
 
Panelinstr
PanelinstrPanelinstr
Panelinstr
 
Student Reflections: The Next Generation of African Leaders
Student Reflections: The Next Generation of African LeadersStudent Reflections: The Next Generation of African Leaders
Student Reflections: The Next Generation of African Leaders
 

Similaire à Implementing OpenID for Your Social Networking Site

OAuth 2.0 and OpenID Connect
OAuth 2.0 and OpenID ConnectOAuth 2.0 and OpenID Connect
OAuth 2.0 and OpenID ConnectJacob Combs
 
OpenID Connect "101" Introduction -- October 23, 2018
OpenID Connect "101" Introduction -- October 23, 2018OpenID Connect "101" Introduction -- October 23, 2018
OpenID Connect "101" Introduction -- October 23, 2018OpenIDFoundation
 
OpenID and decentralised social networks
OpenID and decentralised social networksOpenID and decentralised social networks
OpenID and decentralised social networksSimon Willison
 
OAuth In The Real World : 10 actual implementations you can't guess
OAuth In The Real World : 10 actual implementations you can't guessOAuth In The Real World : 10 actual implementations you can't guess
OAuth In The Real World : 10 actual implementations you can't guessMehdi Medjaoui
 
Stateless Auth using OAuth2 & JWT
Stateless Auth using OAuth2 & JWTStateless Auth using OAuth2 & JWT
Stateless Auth using OAuth2 & JWTGaurav Roy
 
Introduction to OAuth 2.0 - the technology you need but never really learned
Introduction to OAuth 2.0 - the technology you need but never really learnedIntroduction to OAuth 2.0 - the technology you need but never really learned
Introduction to OAuth 2.0 - the technology you need but never really learnedMikkel Flindt Heisterberg
 
Accessing APIs using OAuth on the federated (WordPress) web
Accessing APIs using OAuth on the federated (WordPress) webAccessing APIs using OAuth on the federated (WordPress) web
Accessing APIs using OAuth on the federated (WordPress) webFelix Arntz
 
SSO with the WSO2 Identity Server
SSO with the WSO2 Identity ServerSSO with the WSO2 Identity Server
SSO with the WSO2 Identity ServerWSO2
 
Sso with the wso2 identity server
Sso with the wso2 identity serverSso with the wso2 identity server
Sso with the wso2 identity serversureshattanayake
 
Introduction To Open Web Protocols
Introduction To Open Web ProtocolsIntroduction To Open Web Protocols
Introduction To Open Web ProtocolsMohan Krishnan
 
Auth proxy pattern on Kubernetes
Auth proxy pattern on KubernetesAuth proxy pattern on Kubernetes
Auth proxy pattern on KubernetesMichał Wcisło
 
Mobile Authentication - Onboarding, best practices & anti-patterns
Mobile Authentication - Onboarding, best practices & anti-patternsMobile Authentication - Onboarding, best practices & anti-patterns
Mobile Authentication - Onboarding, best practices & anti-patternsPieter Ennes
 
Live Identity Services Drilldown - PDC 2008
Live Identity Services Drilldown - PDC 2008Live Identity Services Drilldown - PDC 2008
Live Identity Services Drilldown - PDC 2008Jorgen Thelin
 
OAuth with Salesforce - Demystified
OAuth with Salesforce - DemystifiedOAuth with Salesforce - Demystified
OAuth with Salesforce - DemystifiedCalvin Noronha
 
Openid & Oauth: An Introduction
Openid & Oauth: An IntroductionOpenid & Oauth: An Introduction
Openid & Oauth: An IntroductionSteve Ivy
 
OpenID Tutorials
OpenID TutorialsOpenID Tutorials
OpenID TutorialsNao Haida
 

Similaire à Implementing OpenID for Your Social Networking Site (20)

OpenID Connect Explained
OpenID Connect ExplainedOpenID Connect Explained
OpenID Connect Explained
 
OpenID and OAuth
OpenID and OAuthOpenID and OAuth
OpenID and OAuth
 
OAuth 2.0 and OpenID Connect
OAuth 2.0 and OpenID ConnectOAuth 2.0 and OpenID Connect
OAuth 2.0 and OpenID Connect
 
OpenID Connect "101" Introduction -- October 23, 2018
OpenID Connect "101" Introduction -- October 23, 2018OpenID Connect "101" Introduction -- October 23, 2018
OpenID Connect "101" Introduction -- October 23, 2018
 
OpenID and decentralised social networks
OpenID and decentralised social networksOpenID and decentralised social networks
OpenID and decentralised social networks
 
SFScon 2020 - Alex Lanz Martin Malfertheiner - OAuth2 OpenID
SFScon 2020 - Alex Lanz Martin Malfertheiner - OAuth2 OpenID SFScon 2020 - Alex Lanz Martin Malfertheiner - OAuth2 OpenID
SFScon 2020 - Alex Lanz Martin Malfertheiner - OAuth2 OpenID
 
OAuth In The Real World : 10 actual implementations you can't guess
OAuth In The Real World : 10 actual implementations you can't guessOAuth In The Real World : 10 actual implementations you can't guess
OAuth In The Real World : 10 actual implementations you can't guess
 
Stateless Auth using OAuth2 & JWT
Stateless Auth using OAuth2 & JWTStateless Auth using OAuth2 & JWT
Stateless Auth using OAuth2 & JWT
 
Introduction to OAuth 2.0 - the technology you need but never really learned
Introduction to OAuth 2.0 - the technology you need but never really learnedIntroduction to OAuth 2.0 - the technology you need but never really learned
Introduction to OAuth 2.0 - the technology you need but never really learned
 
Accessing APIs using OAuth on the federated (WordPress) web
Accessing APIs using OAuth on the federated (WordPress) webAccessing APIs using OAuth on the federated (WordPress) web
Accessing APIs using OAuth on the federated (WordPress) web
 
SSO with the WSO2 Identity Server
SSO with the WSO2 Identity ServerSSO with the WSO2 Identity Server
SSO with the WSO2 Identity Server
 
Sso with the wso2 identity server
Sso with the wso2 identity serverSso with the wso2 identity server
Sso with the wso2 identity server
 
Introduction To Open Web Protocols
Introduction To Open Web ProtocolsIntroduction To Open Web Protocols
Introduction To Open Web Protocols
 
Owasp top 10 2013
Owasp top 10 2013Owasp top 10 2013
Owasp top 10 2013
 
Auth proxy pattern on Kubernetes
Auth proxy pattern on KubernetesAuth proxy pattern on Kubernetes
Auth proxy pattern on Kubernetes
 
Mobile Authentication - Onboarding, best practices & anti-patterns
Mobile Authentication - Onboarding, best practices & anti-patternsMobile Authentication - Onboarding, best practices & anti-patterns
Mobile Authentication - Onboarding, best practices & anti-patterns
 
Live Identity Services Drilldown - PDC 2008
Live Identity Services Drilldown - PDC 2008Live Identity Services Drilldown - PDC 2008
Live Identity Services Drilldown - PDC 2008
 
OAuth with Salesforce - Demystified
OAuth with Salesforce - DemystifiedOAuth with Salesforce - Demystified
OAuth with Salesforce - Demystified
 
Openid & Oauth: An Introduction
Openid & Oauth: An IntroductionOpenid & Oauth: An Introduction
Openid & Oauth: An Introduction
 
OpenID Tutorials
OpenID TutorialsOpenID Tutorials
OpenID Tutorials
 

Plus de David Keener

Writing Killer Fight Scenes
Writing Killer Fight ScenesWriting Killer Fight Scenes
Writing Killer Fight ScenesDavid Keener
 
Build a Space Battle
Build a Space BattleBuild a Space Battle
Build a Space BattleDavid Keener
 
Creating an Adaptive Setting
Creating an Adaptive SettingCreating an Adaptive Setting
Creating an Adaptive SettingDavid Keener
 
Public Speaking for Writers
Public Speaking for WritersPublic Speaking for Writers
Public Speaking for WritersDavid Keener
 
21st Century Writer
21st Century Writer21st Century Writer
21st Century WriterDavid Keener
 
Titanic: The Forgotten Passengers
Titanic: The Forgotten PassengersTitanic: The Forgotten Passengers
Titanic: The Forgotten PassengersDavid Keener
 
Rails Tips and Best Practices
Rails Tips and Best PracticesRails Tips and Best Practices
Rails Tips and Best PracticesDavid Keener
 
Elevator Up, Please!
Elevator Up, Please!Elevator Up, Please!
Elevator Up, Please!David Keener
 
Rails and the Apache SOLR Search Engine
Rails and the Apache SOLR Search EngineRails and the Apache SOLR Search Engine
Rails and the Apache SOLR Search EngineDavid Keener
 
Killer Business Models
Killer Business ModelsKiller Business Models
Killer Business ModelsDavid Keener
 
Building Facebook Apps
Building Facebook AppsBuilding Facebook Apps
Building Facebook AppsDavid Keener
 
Leveraging Rails to Build Facebook Apps
Leveraging Rails to Build Facebook AppsLeveraging Rails to Build Facebook Apps
Leveraging Rails to Build Facebook AppsDavid Keener
 
Quick Start: ActiveScaffold
Quick Start: ActiveScaffoldQuick Start: ActiveScaffold
Quick Start: ActiveScaffoldDavid Keener
 
Creating Custom Charts With Ruby Vector Graphics
Creating Custom Charts With Ruby Vector GraphicsCreating Custom Charts With Ruby Vector Graphics
Creating Custom Charts With Ruby Vector GraphicsDavid Keener
 
A Tour of Ruby On Rails
A Tour of Ruby On RailsA Tour of Ruby On Rails
A Tour of Ruby On RailsDavid Keener
 
Using Rails to Create an Enterprise App: A Real-Life Case Study
Using Rails to Create an Enterprise App: A Real-Life Case StudyUsing Rails to Create an Enterprise App: A Real-Life Case Study
Using Rails to Create an Enterprise App: A Real-Life Case StudyDavid Keener
 
Creating Dynamic Charts With JFreeChart
Creating Dynamic Charts With JFreeChartCreating Dynamic Charts With JFreeChart
Creating Dynamic Charts With JFreeChartDavid Keener
 
Quick Start: Rails
Quick Start: RailsQuick Start: Rails
Quick Start: RailsDavid Keener
 

Plus de David Keener (20)

Writing Killer Fight Scenes
Writing Killer Fight ScenesWriting Killer Fight Scenes
Writing Killer Fight Scenes
 
Build a Space Battle
Build a Space BattleBuild a Space Battle
Build a Space Battle
 
Creating an Adaptive Setting
Creating an Adaptive SettingCreating an Adaptive Setting
Creating an Adaptive Setting
 
Public Speaking for Writers
Public Speaking for WritersPublic Speaking for Writers
Public Speaking for Writers
 
21st Century Writer
21st Century Writer21st Century Writer
21st Century Writer
 
Titanic: The Forgotten Passengers
Titanic: The Forgotten PassengersTitanic: The Forgotten Passengers
Titanic: The Forgotten Passengers
 
Rails Tips and Best Practices
Rails Tips and Best PracticesRails Tips and Best Practices
Rails Tips and Best Practices
 
Elevator Up, Please!
Elevator Up, Please!Elevator Up, Please!
Elevator Up, Please!
 
Rails and the Apache SOLR Search Engine
Rails and the Apache SOLR Search EngineRails and the Apache SOLR Search Engine
Rails and the Apache SOLR Search Engine
 
Killer Business Models
Killer Business ModelsKiller Business Models
Killer Business Models
 
Rails Security
Rails SecurityRails Security
Rails Security
 
Building Facebook Apps
Building Facebook AppsBuilding Facebook Apps
Building Facebook Apps
 
Leveraging Rails to Build Facebook Apps
Leveraging Rails to Build Facebook AppsLeveraging Rails to Build Facebook Apps
Leveraging Rails to Build Facebook Apps
 
Quick Start: ActiveScaffold
Quick Start: ActiveScaffoldQuick Start: ActiveScaffold
Quick Start: ActiveScaffold
 
Creating Custom Charts With Ruby Vector Graphics
Creating Custom Charts With Ruby Vector GraphicsCreating Custom Charts With Ruby Vector Graphics
Creating Custom Charts With Ruby Vector Graphics
 
A Tour of Ruby On Rails
A Tour of Ruby On RailsA Tour of Ruby On Rails
A Tour of Ruby On Rails
 
Using Rails to Create an Enterprise App: A Real-Life Case Study
Using Rails to Create an Enterprise App: A Real-Life Case StudyUsing Rails to Create an Enterprise App: A Real-Life Case Study
Using Rails to Create an Enterprise App: A Real-Life Case Study
 
Practical JRuby
Practical JRubyPractical JRuby
Practical JRuby
 
Creating Dynamic Charts With JFreeChart
Creating Dynamic Charts With JFreeChartCreating Dynamic Charts With JFreeChart
Creating Dynamic Charts With JFreeChart
 
Quick Start: Rails
Quick Start: RailsQuick Start: Rails
Quick Start: Rails
 

Dernier

Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxLoriGlavin3
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxLoriGlavin3
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3
 
What is Artificial Intelligence?????????
What is Artificial Intelligence?????????What is Artificial Intelligence?????????
What is Artificial Intelligence?????????blackmambaettijean
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 

Dernier (20)

Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
 
What is Artificial Intelligence?????????
What is Artificial Intelligence?????????What is Artificial Intelligence?????????
What is Artificial Intelligence?????????
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 

Implementing OpenID for Your Social Networking Site

  • 1. Implementing OpenID for Your Social Networking Web Site By David Keener http://www.keenertech.com
  • 2.
  • 3.
  • 4. Part 1: The Basics
  • 5.
  • 6.
  • 7.
  • 8.
  • 9.
  • 10.
  • 11.
  • 12. So, How’s It Work for the User? First, you need a good Login page. Make sure to give users some info on OpenID. This sample Login page provides separate logins for OpenID and “AOL”.
  • 13. Login Flow (User Perspective) 1. User provides OpenID to web site 2. Authenticate with Identity Provider 3. Re-direct user back to web site - Success: Go to desired destination - Failure: Back to Login page * Yes, there’s other complexities, but we’ll talk about them later
  • 14. Part 2: The OpenID Spec
  • 15.
  • 16.
  • 17. Our Players User (David Keener) User-Agent (the browser) Identity Provider - openid.aol.com Relying Party (Consumer) - Our sample social networking site Identifier - openid.aol.com/davidkeener01 For the discussion, here are our players in the OpenID process….
  • 18.
  • 19.
  • 20.
  • 21.
  • 22.
  • 23.
  • 25.
  • 26.
  • 27.
  • 28.
  • 29.
  • 30.
  • 31.
  • 32.
  • 34.
  • 35.
  • 36.
  • 37.