OAuth 2.0 - Assaf Arkin

•

2 j'aime•1,640 vues

Assaf Arkin, Flowtown You're building an API and the question comes up, how to let client applications authenticate against it? Giving username/password to 3rd party client applications is a security anti-pattern. You don't want to do that. API keys are better, but confusing for the average user. So we're going to look at solving that with OAuth 2.0. If you used Facebook Connect to allow a non-Facebook application restricted access to your Facebook account, you've used OAuth 2.0. Let's talk about what OAuth 2.0 is, how it works, and how to add support to your application/API. We'll cover authentication flows for Web apps, mobile, desktop and even command-line tools, and talk about access control patterns that are based, not on users and roles, but client applications and requested access scopes. This talk will cover rack-oauth2-server, an open source OAuth 2.0 Authorization Server module: https://github.com/flowtown/rack-oauth2-server

Technologie

OAuth 2.0
Assaf Arkin

Wednesday, July 27, 11

Simple to connect new application

No giving password

Authorize limited permissions

Revoke individual client application

Wednesday, July 27, 11

Each access token is tied to an
end-user, a client application, a
resource and a scope.

Wednesday, July 27, 11

OAuth 2.0 draft 10: OAuth scheme

OAuth 2.0 draft 20: two extensions

Bearer Token

MAC Access Authentication

OAuth 1.0, similar to 2.0 + MAC

Wednesday, July 27, 11

Client Application Authorization Server

Redirect user to
authorization User authenticates
endpoint Client ID, Redirect URI, Scope

User grants
authorization
request

Redirect user back
to application

Exchange access
grant for access
Authorization code
token

Grant access token
Client ID, Redirect URI

Store in safe place
Access token
(w/optional Refresh token)

Access resource Protected resource
Access token

Wednesday, July 27, 11

1. Authenticate

2.Verify application

3.Verify scope

4. Authorize

Wednesday, July 27, 11

Desktop/mobile applications open in-app
browser (e.g. UIWebView)

Command line can open <url>, ﬁnal page
asks user to copy & paste access token

High trust applications can exchange
username/password for access token

Wednesday, July 27, 11

Client applications should not ask users for
their password

OAuth provides an alternative ﬂow that
balances convenience and security

It can support Web applications, desktop and
mobile, even command line tools

Wednesday, July 27, 11

Not complicated or terribly hard, existing
tools help a lot

First time might trip and fall, some new
concepts to wrap head around

Almost one year in, ongoing maintenance
cost has been zero for us

Wednesday, July 27, 11

follow me @assaf
http://labnotes.org
Wednesday, July 27, 11

Contenu connexe

Plus de Marakana Inc.

Why Java Needs Hierarchical Data

Marakana Inc.

Video at http://mrkn.co/andsec With Android activations reaching a million devices per day, it is no surprise that security threats against our favorite mobile platform have been on the rise. In this session, you will learn all about Android's security model, including application isolation (sandboxing) and provenance (signing), its permission system and enforcement, data protection features and encryption, as well as enterprise device administration. Together, we will dig into Android's own internals to see how its security model is applied through the entire Android stack - from the Linux kernel, to the native layers, to the Application Framework services, and to the applications themselves. Finally, you’ll learn about some of the weaknesses in the Android's model (including rooting, tap-jacking, malware, social-engineering) as well as what can be done to mitigate those threats, such as SE-Linux, memory protection, anti-malware, firewall, and developer best practices. By the end of this session you will have a better understanding of what it takes to make Android a more trusted component of our personal and professional lives.

Deep Dive Into Android Security

Marakana Inc.

Learn hot techniques for developing more effective user interfaces in your Android applications from Android UI Toolkit engineers Romain Guy and Chet Haase. Romain and Chet will dive into some code examples, demo some handy tools, and show you how to optimize your UI for performance while making it look great. Didn't make it to Devoxx 2K10? Well, find out what you might have missed, as this is the same presentation Romain and Chet delivered at Devoxx. A few topics covered in this talk include: - Trash Talk: avoiding garbage creation when necessary and possible - Tools: Allocation Tracking, DDMS, Heap Analysis Tool (hat), etc. - A few tips on avoiding memory leaks - ViewStub, ListView and compound drawables - Graphics optimization techniques

Android UI Tips, Tricks and Techniques

Marakana Inc.

2010 07-18.wa.rails tdd-6

Marakana Inc.

Learn how to apply the test-first approach to all of your Rails projects. In this six class series, experienced Rails engineer and consultant, Wolfram Arnold applies his real-world perspective to teaching you effective patterns for testing. In this sixth of six classes, Wolf discusses: - Integration frameworks (Cucumber, Webrat, Capybara, and Selenium) - Integration testing with Selenium (advantages and problems) - Page Objects - Locators (Selenium, CSS and XPath locators - RSpec Custom Matchers - Testing for Access Control ** You can get the slides and source code from this presentation at: http://marakana.com/f/215 ** Find more videos, tutorials, and code examples at http://marakana.com/techtv

Efficient Rails Test-Driven Development - Week 6

Marakana Inc.

Graphicsand animations devoxx2010 (1)

Marakana Inc.

In this talk jQuery Project Team member, Johnathan Sharp, sets out to answer four main questions: Where'd jQuery Come from?, Why is it so popular? How has it changed development? How will it drive innovation? **see the video at http://marakana.com/f/211 ** In the scope of his talk Johnathan also touches on: - What jQuery is not - Core concepts to understand before jumping into jQuery (CSS & Selectors, DOM, Events, JavaScript patterns, etc) - jQuery core, and jQuery project plugins - The larger jQuery Project including the jQuery core, jQuery UI, and jQuery mobile - jQuery going forward (HTML5, mobile browser support, official Plugins, growing corporate support services) Finally, Johnathan will dig deep into a few code demos to illustrate some of the core concepts of jQuery, like events, JavaScript patterns, and making Ajax requests.

What's this jQuery? Where it came from, and how it will drive innovation

Marakana Inc.

What's the state of the most popular JavaScript library today? What's in-store for upcoming releases? At an event hosted at Microsoft on November 9th, 2010, Yehuda Katz (a core member of the jQuery team) talked about updates planned for jQuery 1.4.3 and plans for jQuery 1.5, due next year. He also covers: - initiatives of the jQuery project - jQuery mobile - formalizing governance of the jQuery project ** See the video at: http://marakana.com/f/12312 ** Stay tuned for videos of these presentations from this event: - jQuery jump start (15 min. session to get you productive with the JavaScript frameworks) - jQuery with ASP.NET and Visual Studio Walk-through - How jQuery continues to drive innovation with emerging technologies In the meantime, check out more videos on open source development at: http://marakana.com/techtv

jQuery State of the Union - Yehuda Katz

Marakana Inc.

Pictures from an event where James Gosling spoke on: - His departure from Oracle - Oracle's stewardship of Java - Android's use of Java, and what he would've done - Apple's "deprecation" of Java - IBM and Oracle relationship - Apache Software Foundation's recent worries - What's he's been up to lately - His other favorite programming languages and technologies - The future of Java ** Check out the full video from his talk at: www.marakana.com/f/205 **

Pics from: "James Gosling on Apple, Apache, Google, Oracle and the Future of ...

Marakana Inc.

Learn how to apply the test-first approach to all of your Rails projects. In this six class series, experienced Rails engineer and consultant, Wolfram Arnold applies his real-world perspective to teaching you effective patterns for testing. In this fourth of six classes, Wolf covers: - Refactoring code & tests, custom matchers - API Testing - Remote data setup - Cucumber for API testing & documentation ** You can get the video and source code from this presentation at: http://marakana.com/f/204 ** All six classes will be available online, so stay tuned! And be sure to check out marakana.com/techtv for more videos on open source training. Presented by: Wolfram Arnold, in collaboration with Sarah Allen, BlazingCloud.net Produced by: Marakana

Efficient Rails Test Driven Development (class 4) by Wolfram Arnold

Marakana Inc.

Learn how to apply the test-first approach to all of your Rails projects. In this six class series, experienced Rails engineer and consultant, Wolfram Arnold applies his real-world perspective to teaching you effective patterns for testing. In this third of six classes, Wolf covers: - Controller testing - View, Helper, Routes Testing - How much is enough? How much is too much? ** You can get the video and source code from this presentation at: http://marakana.com/f/201 ** All six classes will be available online, so stay tuned! And be sure to check out marakana.com/techtv for more videos on open source training. Presented by: Wolfram Arnold, in collaboration with Sarah Allen, BlazingCloud.net Produced by: Marakana

Efficient Rails Test Driven Development (class 3) by Wolfram Arnold

Marakana Inc.

Learn about JRuby Internals from one of the JRuby Lead Developers, Thomas Enebo

Marakana Inc.

At an event hosted at LinkedIn on November 2, 2010, Noah Gibbs delivers a presentation on how On-Site.com is using JRuby to leverage its old Java codebase. ** Check out the video from this presentation at: http://marakana.com/f/198 ** Noah talks about: - The advantages of using JRuby to leverage a legacy Java codebase - Integration with JSP pages - Java models and Active Record wrappers - Call Java-to-Ruby ...And if you're looking for more educational videos on Ruby and open-source, head on over to: http://marakana.com/techtv

Replacing Java Incrementally

Marakana Inc.

Learn to Build like you Code with Apache Buildr

Marakana Inc.

Robolectric is an open source Android unit testing framework that makes it possible to run unit tests against your Android application code outside of the emulator - in the IDE. Robolectric gives you the scaffolding to run your tests quickly so you can make fast iterations and refactor your code with confidence. ** Check out the video for this presentation at marakana.com: http://mrkn.co/f/192 ** This presentation was given at the San Francisco Android User Group on Oct. 26, 2010.

Learn How to Unit Test Your Android Application (with Robolectric)

Marakana Inc.

Learn Learn how to build your mobile back-end with MongoDB

Marakana Inc.

A hands on overview of the semantic web

Marakana Inc.

Jena framework

Marakana Inc.

The Latest on Semantic Web

Marakana Inc.

Super simple application security with Apache Shiro

Marakana Inc.

Plus de Marakana Inc. (20)

Why Java Needs Hierarchical Data

Deep Dive Into Android Security

Android UI Tips, Tricks and Techniques

2010 07-18.wa.rails tdd-6

Efficient Rails Test-Driven Development - Week 6

Graphicsand animations devoxx2010 (1)

What's this jQuery? Where it came from, and how it will drive innovation

jQuery State of the Union - Yehuda Katz

Pics from: "James Gosling on Apple, Apache, Google, Oracle and the Future of ...

Efficient Rails Test Driven Development (class 4) by Wolfram Arnold

Efficient Rails Test Driven Development (class 3) by Wolfram Arnold

Learn about JRuby Internals from one of the JRuby Lead Developers, Thomas Enebo

Replacing Java Incrementally

Learn to Build like you Code with Apache Buildr

Learn How to Unit Test Your Android Application (with Robolectric)

Learn Learn how to build your mobile back-end with MongoDB

A hands on overview of the semantic web

Jena framework

The Latest on Semantic Web

Super simple application security with Apache Shiro

Dernier

FWD Group - Insurer Innovation Award 2024

The Digital Insurer

ICT role in 21st century education and its challenges

rafiqahmad00786416

Accelerating FinTech Innovation: Unleashing API Economy and GenAI Vasa Krishnan, Chief Technology Officer - FinResults Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...

apidays

[BuildWithAI] Introduction to Gemini.pdf

Sandro Moreira

EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER

MadyBayot

💉💊+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHABI}}+971581248768 +971581248768 Mtp-Kit (500MG) Prices » Dubai [(+971581248768**)] Abortion Pills For Sale In Dubai, UAE, Mifepristone and Misoprostol Tablets Available In Dubai, UAE CONTACT DR.Maya Whatsapp +971581248768 We Have Abortion Pills / Cytotec Tablets /Mifegest Kit Available in Dubai, Sharjah, Abudhabi, Ajman, Alain, Fujairah, Ras Al Khaimah, Umm Al Quwain, UAE, Buy cytotec in Dubai +971581248768''''Abortion Pills near me DUBAI | ABU DHABI|UAE. Price of Misoprostol, Cytotec” +971581248768' Dr.DEEM ''BUY ABORTION PILLS MIFEGEST KIT, MISOPROTONE, CYTOTEC PILLS IN DUBAI, ABU DHABI,UAE'' Contact me now via What's App…… abortion Pills Cytotec also available Oman Qatar Doha Saudi Arabia Bahrain Above all, Cytotec Abortion Pills are Available In Dubai / UAE, you will be very happy to do abortion in Dubai we are providing cytotec 200mg abortion pill in Dubai, UAE. Medication abortion offers an alternative to Surgical Abortion for women in the early weeks of pregnancy. We only offer abortion pills from 1 week-6 Months. We then advise you to use surgery if its beyond 6 months. Our Abu Dhabi, Ajman, Al Ain, Dubai, Fujairah, Ras Al Khaimah (RAK), Sharjah, Umm Al Quwain (UAQ) United Arab Emirates Abortion Clinic provides the safest and most advanced techniques for providing non-surgical, medical and surgical abortion methods for early through late second trimester, including the Abortion By Pill Procedure (RU 486, Mifeprex, Mifepristone, early options French Abortion Pill), Tamoxifen, Methotrexate and Cytotec (Misoprostol). The Abu Dhabi, United Arab Emirates Abortion Clinic performs Same Day Abortion Procedure using medications that are taken on the first day of the office visit and will cause the abortion to occur generally within 4 to 6 hours (as early as 30 minutes) for patients who are 3 to 12 weeks pregnant. When Mifepristone and Misoprostol are used, 50% of patients complete in 4 to 6 hours; 75% to 80% in 12 hours; and 90% in 24 hours. We use a regimen that allows for completion without the need for surgery 99% of the time. All advanced second trimester and late term pregnancies at our Tampa clinic (17 to 24 weeks or greater) can be completed within 24 hours or less 99% of the time without the need surgery. The procedure is completed with minimal to no complications. Our Women's Health Center located in Abu Dhabi, United Arab Emirates, uses the latest medications for medical abortions (RU-486, Mifeprex, Mifegyne, Mifepristone, early options French abortion pill), Methotrexate and Cytotec (Misoprostol). The safety standards of our Abu Dhabi, United Arab Emirates Abortion Doctors remain unparalleled. They consistently maintain the lowest complication rates throughout the nation. Our Physicians and staff are always available to answer questions and care for women in one of the most difficult times in their lives. The decision to have an abortion at the Abortion Cl

+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...

?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@

Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood

Juan lago vázquez

The Good, the Bad and the Governed - Why is governance a dirty word? David O'Neill, Chief Operating Officer - APIContext Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...

apidays

MINDCTI Revenue Release Quarter One 2024

MIND CTI

Webinar Recording: https://www.panagenda.com/webinars/why-teams-call-analytics-is-critical-to-your-entire-business Nothing is as frustrating and noticeable as being in an important call and being unable to see or hear the other person. Not surprising then, that issues with Teams calls are among the most common problems users call their helpdesk for. Having in depth insight into everything relevant going on at the user’s device, local network, ISP and Microsoft itself during the call is crucial for good Microsoft Teams Call quality support. To ensure a quick and adequate solution and to ensure your users get the most out of their Microsoft 365. But did you know that ‘bad calls’ are also an excellent indicator of other problems arising? Precisely because it is so noticeable!? Like the canary in the mine, bad calls can be early indicators of problems. Problems that might otherwise not have been noticed for a while but can have a big impact on productivity and satisfaction. Join this session by Christoph Adler to learn how true Microsoft Teams call quality analytics helped other organizations troubleshoot bad calls and identify and fix problems that impacted Teams calls or the use of Microsoft365 in general. See what it can do to keep your users happy and productive! In this session we will cover - Why CQD data alone is not enough to troubleshoot call problems - The importance of attributing call problems to the right call participant - What call quality analytics can do to help you quickly find, fix-, and prevent problems - Why having retrospective detailed insights matters - Real life examples of how others have used Microsoft Teams call quality monitoring to problem shoot problems with their ISP, network, device health and more.

Why Teams call analytics are critical to your entire business

panagenda

Effective data discovery is crucial for maintaining compliance and mitigating risks in today's rapidly evolving privacy landscape. However, traditional manual approaches often struggle to keep pace with the growing volume and complexity of data. Join us for an insightful webinar where industry leaders from TrustArc and Privya will share their expertise on leveraging AI-powered solutions to revolutionize data discovery. You'll learn how to: - Effortlessly maintain a comprehensive, up-to-date data inventory - Harness code scanning insights to gain complete visibility into data flows leveraging the advantages of code scanning over DB scanning - Simplify compliance by leveraging Privya's integration with TrustArc - Implement proven strategies to mitigate third-party risks Our panel of experts will discuss real-world case studies and share practical strategies for overcoming common data discovery challenges. They'll also explore the latest trends and innovations in AI-driven data management, and how these technologies can help organizations stay ahead of the curve in an ever-changing privacy landscape.

TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery

TrustArc

Keynote 2: APIs in 2030: The Risk of Technological Sleepwalk Paolo Malinverno, Growth Advisor - The Business of Technology Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...

apidays

Following the popularity of “Cloud Revolution: Exploring the New Wave of Serverless Spatial Data,” we’re thrilled to announce this much-anticipated encore webinar. In this sequel, we’ll dive deeper into the Cloud-Native realm by uncovering practical applications and FME support for these new formats, including COGs, COPC, FlatGeoBuf, GeoParquet, STAC, and ZARR. Building on the foundation laid by industry leaders Michelle Roby of Radiant Earth and Chris Holmes of Planet in the first webinar, this second part offers an in-depth look at the real-world application and behind-the-scenes dynamics of these cutting-edge formats. We will spotlight specific use-cases and workflows, showcasing their efficiency and relevance in practical scenarios. Discover the vast possibilities each format holds, highlighted through detailed discussions and demonstrations. Our expert speakers will dissect the key aspects and provide critical takeaways for effective use, ensuring attendees leave with a thorough understanding of how to apply these formats in their own projects. Elevate your understanding of how FME supports these cutting-edge technologies, enhancing your ability to manage, share, and analyze spatial data. Whether you’re building on knowledge from our initial session or are new to the serverless spatial data landscape, this webinar is your gateway to mastering cloud-native formats in your workflows.

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME

Safe Software

Architecting Cloud Native Applications

WSO2

Artificial Intelligence Chap.5 : Uncertainty

Khushali Kathiriya

Three things you will take away from the session: • How to run an effective tenant-to-tenant migration • Best practices for before, during, and after migration • Tips for using migration as a springboard to prepare for Copilot in Microsoft 365 Main ideas: Migration Overview: The presentation covers the current reality of cross-tenant migrations, the triggers, phases, best practices, and benefits of a successful tenant migration Considerations: When considering a migration, it is important to consider the migration scope, performance, customization, flexibility, user-friendly interface, automation, monitoring, support, training, scalability, data integrity, data security, cost, and licensing structure Next Wave: The next wave of change includes the launch of Copilot, which requires businesses to be prepared for upcoming changes related to Copilot and the cloud, and to consolidate data and tighten governance ShareGate: ShareGate can help with pre-migration analysis, configurable migration tool, and automated, end-user driven collaborative governance

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff

sammart93

presentation ICT roal in 21st century education

jfdjdjcjdnsjd

Retrieval augmented generation (RAG) is the most popular style of large language model application to emerge from 2023. The most basic style of RAG works by vectorizing your data and injecting it into a vector database like Milvus for retrieval to augment the text output generated by an LLM. This is just the beginning. One of the ways that we can extend RAG, and extend AI, is through multilingual use cases. Typical RAG is done in English using embedding models that are trained in English. In this talk, we’ll explore how RAG could work in languages other than English. We’ll explore French, Chinese, and Polish.

Introduction to Multilingual Retrieval Augmented Generation (RAG)

Zilliz

Exploring Multimodal Embeddings with Milvus

Zilliz

Elevate Developer Efficiency & build GenAI Application with Amazon Q

Bhuvaneswari Subramani

Dernier (20)

FWD Group - Insurer Innovation Award 2024

ICT role in 21st century education and its challenges

Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...

[BuildWithAI] Introduction to Gemini.pdf

EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER

+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...

Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood

Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...

MINDCTI Revenue Release Quarter One 2024

Why Teams call analytics are critical to your entire business

TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery

Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME

Architecting Cloud Native Applications

Artificial Intelligence Chap.5 : Uncertainty

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff

presentation ICT roal in 21st century education

Introduction to Multilingual Retrieval Augmented Generation (RAG)

Exploring Multimodal Embeddings with Milvus

Elevate Developer Efficiency & build GenAI Application with Amazon Q

OAuth 2.0 - Assaf Arkin

1. OAuth 2.0 Assaf Arkin Wednesday, July 27, 11

2. Wednesday, July 27, 11

3. Wednesday, July 27, 11

4. OWNED!!! Wednesday, July 27, 11

5. Wednesday, July 27, 11

6. Wednesday, July 27, 11

7. Wednesday, July 27, 11

8. Wednesday, July 27, 11

9. Simple to connect new application No giving password Authorize limited permissions Revoke individual client application Wednesday, July 27, 11

10. Each access token is tied to an end-user, a client application, a resource and a scope. Wednesday, July 27, 11

11. Wednesday, July 27, 11

12. Wednesday, July 27, 11

13. OAuth 2.0 draft 10: OAuth scheme OAuth 2.0 draft 20: two extensions Bearer Token MAC Access Authentication OAuth 1.0, similar to 2.0 + MAC Wednesday, July 27, 11

14. Wednesday, July 27, 11

15. Client Application Authorization Server Redirect user to authorization User authenticates endpoint Client ID, Redirect URI, Scope User grants authorization request Redirect user back to application Exchange access grant for access Authorization code token Grant access token Client ID, Redirect URI Store in safe place Access token (w/optional Refresh token) Access resource Protected resource Access token Wednesday, July 27, 11

16. Wednesday, July 27, 11

17. 1. Authenticate 2.Verify application 3.Verify scope 4. Authorize Wednesday, July 27, 11

18. Wednesday, July 27, 11

19. Wednesday, July 27, 11

20. Wednesday, July 27, 11

21. Wednesday, July 27, 11

22. Wednesday, July 27, 11

23. Wednesday, July 27, 11

24. Wednesday, July 27, 11

25. Wednesday, July 27, 11

26. Desktop/mobile applications open in-app browser (e.g. UIWebView) Command line can open <url>, ﬁnal page asks user to copy & paste access token High trust applications can exchange username/password for access token Wednesday, July 27, 11

27. Client applications should not ask users for their password OAuth provides an alternative ﬂow that balances convenience and security It can support Web applications, desktop and mobile, even command line tools Wednesday, July 27, 11

28. Not complicated or terribly hard, existing tools help a lot First time might trip and fall, some new concepts to wrap head around Almost one year in, ongoing maintenance cost has been zero for us Wednesday, July 27, 11

29. follow me @assaf http://labnotes.org Wednesday, July 27, 11

OAuth 2.0 - Assaf Arkin

Recommandé

Recommandé

Contenu connexe

Plus de Marakana Inc.

Plus de Marakana Inc. (20)

Dernier

Dernier (20)

OAuth 2.0 - Assaf Arkin