How to Stop Reinventing the Auth Wheel
•
1 j'aime•1,672 vues
The document discusses authentication architectures for mobile apps. It recommends using identity providers and authentication APIs to simplify authentication rather than building it from scratch. This avoids reinventing authentication and allows developers to focus on their core product. The document outlines common authentication patterns and flows, and how to integrate identity providers, manage tokens, and implement single sign-on and multi-factor authentication. It also discusses future trends like biometrics and cross-platform authentication.
Recommandé
Recommandé
Contenu connexe
Tendances
Tendances (9)
En vedette
Similaire à How to Stop Reinventing the Auth Wheel
Similaire à How to Stop Reinventing the Auth Wheel (17)
Dernier
Dernier (20)
How to Stop Reinventing the Auth Wheel
- 1. Tuesday, September 3, 13
- 2. An iOS Authentication Architecture for All How to stop reinventing the auth wheel Tuesday, September 3, 13
- 4. What makes an app truly great? Tuesday, September 3, 13
- 9. WHAT’S THE BIG DEAL? Tuesday, September 3, 13
- 10. Identity has a Role to Play Tuesday, September 3, 13
- 13. So we end up like... Tuesday, September 3, 13
- 14. Tuesday, September 3, 13
- 15. Instead we should... Tuesday, September 3, 13
- 17. The good news... Tuesday, September 3, 13
- 18. Pattern There’s a for That Tuesday, September 3, 13
- 19. ‘Simplicity is the ultimate sophistication.’ - Steve Jobs Tuesday, September 3, 13
- 20. So, auth is complicated. Tuesday, September 3, 13
- 21. Why? Tuesday, September 3, 13
- 22. It’s not our core competency. Tuesday, September 3, 13
- 23. Tons AND TONS of Detail. Tuesday, September 3, 13
- 24. Never stops evolving. Tuesday, September 3, 13
- 25. and so... Tuesday, September 3, 13
- 26. we spend a lot of time Tuesday, September 3, 13
- 27. and, we get frustrated. Tuesday, September 3, 13
- 28. Not only is it complicated, Tuesday, September 3, 13
- 29. it can lead to poor user experiences. Tuesday, September 3, 13
- 33. Error Message: Your Password Must Be at Least 18770 Characters and Cannot Repeat Any of Your Previous 30689 Passwords Passwords Tuesday, September 3, 13
- 34. However, the big issue is... Tuesday, September 3, 13
- 35. Tuesday, September 3, 13
- 36. Tuesday, September 3, 13
- 37. So what do we need? Tuesday, September 3, 13
- 38. Tools, APIs, & Services Tuesday, September 3, 13
- 39. That are... Tuesday, September 3, 13
- 40. Easy & Secure Tuesday, September 3, 13
- 41. Simple. Accessible. Tuesday, September 3, 13
- 42. Rely on Experts Tuesday, September 3, 13
- 43. Is there a painkiller? Tuesday, September 3, 13
- 44. Tuesday, September 3, 13
- 45. But first... Tuesday, September 3, 13
- 46. Tuesday, September 3, 13
- 47. Fav MOV Tuesday, September 3, 13
- 48. Demo Tuesday, September 3, 13
- 50. Tuesday, September 3, 13
- 52. Need Username and Profile Photo Tuesday, September 3, 13
- 53. To be or not to be custom is the question. Tuesday, September 3, 13
- 55. Tuesday, September 3, 13
- 56. Salt & Hash Passwords Provide Two Factor Auth Use Modern Irreversible Hash Function Automatic Monitors Operate Help Desk Tuesday, September 3, 13
- 57. Tuesday, September 3, 13
- 58. Choose Wisely Tuesday, September 3, 13
- 59. Relying Party Tuesday, September 3, 13
- 60. Ok. Enough Vocabulary Tuesday, September 3, 13
- 61. 1 2 3 4 Pick an Identity Provider Register Client Incorporate API Code Against API Using an Identity Provider Tuesday, September 3, 13
- 62. Let’s pick an IDP... Tuesday, September 3, 13
- 63. Tuesday, September 3, 13
- 64. Tuesday, September 3, 13
- 67. Demo Tuesday, September 3, 13
- 68. ‘That’s great, but what if my users don’t have Facebook accounts.’ Tuesday, September 3, 13
- 69. Let’s pick another IDP... Tuesday, September 3, 13
- 71. Before, let’s walk through the code. Tuesday, September 3, 13
- 72. Demo Tuesday, September 3, 13
- 73. Now we can hold another IDP, which one? Tuesday, September 3, 13
- 74. Tuesday, September 3, 13
- 75. Tuesday, September 3, 13
- 79. What if my identity provider does not have an iOS API? Tuesday, September 3, 13
- 80. Tuesday, September 3, 13
- 81. Tuesday, September 3, 13
- 82. Tuesday, September 3, 13
- 83. Tuesday, September 3, 13
- 85. Backend as a Service Tuesday, September 3, 13
- 86. Tuesday, September 3, 13
- 87. Now, you need custom accounts. Tuesday, September 3, 13
- 88. Sign In vs Sign Up Tuesday, September 3, 13
- 89. What about custom back-ends? Tuesday, September 3, 13
- 90. Tuesday, September 3, 13
- 91. Tuesday, September 3, 13
- 92. Tuesday, September 3, 13
- 93. 1 2 3 Secrets & Tokens Single Sign On Two Factor Authentication Tuesday, September 3, 13
- 94. 1 2 3 Secrets & Tokens Single Sign On Two Factor Authentication Tuesday, September 3, 13
- 95. Tuesday, September 3, 13
- 96. Tuesday, September 3, 13
- 98. Getting Tokens Tuesday, September 3, 13
- 100. Tuesday, September 3, 13
- 101. The Access Token Tuesday, September 3, 13
- 102. A word about OAuth 1 Tuesday, September 3, 13
- 103. OAUTH 1 Tuesday, September 3, 13
- 104. Where to Store? Tuesday, September 3, 13
- 105. The Keychain Tuesday, September 3, 13
- 106. The Operating System Tuesday, September 3, 13
- 108. Browser Cookies Tuesday, September 3, 13
- 109. The Flows Tuesday, September 3, 13
- 110. App App App App IDP App Browser UIWebView OS Tuesday, September 3, 13
- 111. How to Use Tokens Tuesday, September 3, 13
- 112. HTTP Authentication Tuesday, September 3, 13
- 113. 1 2 3 Secrets & Tokens Single Sign On Two Factor Authentication Tuesday, September 3, 13
- 114. 1 2 3 Secrets & Tokens Single Sign On Two Factor Authentication Tuesday, September 3, 13
- 115. Sharable Tokens Tuesday, September 3, 13
- 117. Across Devices Tuesday, September 3, 13
- 118. Across Platforms Tuesday, September 3, 13
- 119. 1 2 3 Secrets & Tokens Single Sign On Two Factor Authentication Tuesday, September 3, 13
- 120. 1 2 3 Secrets & Tokens Single Sign On Two Factor Authentication Tuesday, September 3, 13
- 121. Tuesday, September 3, 13
- 122. Tuesday, September 3, 13
- 123. Tuesday, September 3, 13
- 124. Thefuture Tuesday, September 3, 13
- 125. biometrics Tuesday, September 3, 13
- 126. ID Tuesday, September 3, 13
- 131. WHAT’S THE BIG DEAL? Tuesday, September 3, 13
- 132. Taking care of identity has many benefits... Tuesday, September 3, 13
- 134. MoreUsage Tuesday, September 3, 13
- 135. Tuesday, September 3, 13
- 136. Tuesday, September 3, 13
- 137. Tuesday, September 3, 13
- 138. Lessofthis Tuesday, September 3, 13
- 140. remember Tuesday, September 3, 13
- 142. Resources Tuesday, September 3, 13
- 143. Tuesday, September 3, 13
- 144. Tuesday, September 3, 13
- 145. http://www.ietf.org/rfc/rfc6749.txt OAuth 2.0 RFC http://www.ietf.org/rfc/rfc2617.txt HTTP Authentication RFC http://openid.net/connect/ OpenID Connect Tuesday, September 3, 13
- 146. Twitter Integration WWDC 2011 Integrating With Facebook, Twitter and Sina Weibo WWDC 2012 Protecting Secrets with the Keychain WWDC 2013 Tuesday, September 3, 13
- 147. Google IO 2013 https://developers.google.com/live/shows/576883641 Identity Tech Overview: Less Pain, More Gain https://developers.google.com/live/shows/601975672 How to Offer Google+ Sign-In Alongside Other Social Sign-In Services Tuesday, September 3, 13
- 148. http://www.parse.com Parse http://www.windowsazure.com/en-us/develop/mobile/ Windows Azure Mobile Services Backend as a Service Tuesday, September 3, 13
- 149. http://www.accountchooser.com Account Chooser https://www.tbray.org/ongoing/ Tim Bray’s Ongoing Blog Tuesday, September 3, 13
- 150. https://code.google.com/p/gtm-oauth/ GTM OAuth https://github.com/facebook/facebook-ios-sdk Facebook iOS SDK Libraries https://developers.google.com/+/ Google+ Sign In Tuesday, September 3, 13
- 152. René Cacheaux iOS Architect rene.cacheaux@mutualmobile.com rene.cacheaux@gmail.com @RCachATX Tuesday, September 3, 13
- 153. Tuesday, September 3, 13