Contenu connexe Similaire à How OAuth and portable data can revolutionize your web app - Chris Messina Similaire à How OAuth and portable data can revolutionize your web app - Chris Messina (20) Plus de Carsonified Team (20) How OAuth and portable data can revolutionize your web app - Chris Messina1. (FOR THE WIN)
OAuth FTW
How OAuth and portable data can
revolutionize your web app
Chris Messina October 10, 2008
Future of Web Apps London, England
2. OAuth |ō| |ôˌθ|
Noun.
An open protocol that allows secure
API authorization in a simple and
standard method from desktop, web
and mobile applications.
8. X
(APPLICATION PROGRAMMING INTERFACE)
B-b-but what about API apps?
18. PC Load Letter?! What the f...!
23.
OAuth replaces the need for
usernames and passwords with
tokens and a hashing signature.
25. Brightkite > pings Fire Eagle for Request Token
Fire Eagle > returns authorization realm
26. Brightkite > requests that user authorize Brightkite
Fire Eagle > user authenticates through Yahoo! accounts
27. Fire Eagle > user grants authorization to Brightkite
Fire Eagle > Fire Eagle redirects user to callback URL
28. Brightkite > asks FE to exchange Request Token for Access Token
Fire Eagle > checks signature; if valid, returns Access Token
...subsequent requests are signed with this Access Token
31. or can revoke access later without having
to change their primary account password
(i.e. if they lose their phone or their computer gets stolen)
38. OpenID XRDS
<?xml version=quot;1.0quot; encoding=quot;UTF-8quot;?>
<xrds:XRDS
xmlns:xrds=quot;xri://$xrdsquot;
xmlns:openid=quot;http://openid.net/xmlns/1.0quot;
xmlns=quot;xri://$xrd*($v*2.0)quot;>
<XRD>
<Service priority=quot;0quot;>
<Type>http://specs.openid.net/auth/2.0/signon</Type>
<Type>http://openid.net/sreg/1.0</Type>
<Type>http://openid.net/extensions/sreg/1.1</Type>
<Type>http://schemas.openid.net/pape/policies/2007/06/phishing-resistant</Type>
<Type>http://schemas.openid.net/pape/policies/2007/06/multi-factor</Type>
<Type>http://schemas.openid.net/pape/policies/2007/06/multi-factor-physical</Type>
<URI>https://pip.verisignlabs.com/server</URI>
<LocalID>https://recordond.pip.verisignlabs.com/</LocalID>
</Service>
</XRD>
</xrds:XRDS>
39. XRDS-Simple for
Portable Contacts
<?xml version=quot;1.0quot; encoding=quot;UTF-8quot;?>
<xrds:XRDS
xmlns:xrds=quot;xri://$xrdsquot;
xmlns:openid=quot;http://openid.net/xmlns/1.0quot;
xmlns=quot;xri://$xrd*($v*2.0)quot;>
<XRD version=quot;2.0quot;>
<Type>xri://$xrds*simple</Type>
<Service>
<Type>http://portablecontacts.net/spec/1.0</Type>
<URI>http://pulse.plaxo.com/pulse/pdata/contacts</URI>
</Service>
<Service priority=quot;0quot;>
<Type>http://specs.openid.net/auth/2.0/signon</Type>
<Type>http://openid.net/sreg/1.0</Type>
<Type>http://openid.net/extensions/sreg/1.1</Type>
<Type>http://schemas.openid.net/pape/policies/2007/06/phishing-resistant</Type>
<Type>http://openid.net/srv/ax/1.0</Type>
<URI>http://www.myopenid.com/server</URI>
<LocalID>http://brian.myopenid.com/</LocalID>
</Service>
</XRD>
</xrds:XRDS>
40. XRDS-Simple for
Portable Contacts
<XRD version=quot;2.0quot;>
<Type>xri://$xrds*simple</Type>
<Service>
<Type>http://portablecontacts.net/spec/1.0</Type>
<URI>http://pulse.plaxo.com/pulse/pdata/contacts</URI>
</Service>
<Service priority=quot;0quot;>
<Type>http://specs.openid.net/auth/2.0/signon</Type>
<Type>http://openid.net/sreg/1.0</Type>
<Type>http://openid.net/extensions/sreg/1.1</Type>
<Type>http://schemas.openid.net/pape/policies/2007/06/...
<Type>http://openid.net/srv/ax/1.0</Type>
...
41. XRDS-Simple for
Portable Contacts
<XRD version=quot;2.0quot;>
<Type>xri://$xrds*simple</Type>
<Service>
<Type>http://portablecontacts.net/spec/1.0</Type>
<URI>http://soocial.com/contacts.xml</URI>
</Service>
<Service priority=quot;0quot;>
<Type>http://specs.openid.net/auth/2.0/signon</Type>
<Type>http://openid.net/sreg/1.0</Type>
<Type>http://openid.net/extensions/sreg/1.1</Type>
<Type>http://schemas.openid.net/pape/policies/2007/06/...
<Type>http://openid.net/srv/ax/1.0</Type>
...
43. •OpenSocial •Meetup.com
•MySpace •Ma.gnolia
•Google •Get Satisfaction
•Yahoo! (Fire Eagle) •Agree2
•Netflix •SoundCloud
•SmugMug •88Miles
•Photobucket •Pownce
•Plaxo •Brightkite
•Soocial.com •Praized
http://wiki.oauth.net/ServiceProviders
45. •C# •OCaml
•Coldfusion •Perl
•Java •PHP
•Javascript •CakePHP
•Jifty •Python
•.NET •Ruby
•Objective-C •...interest in XMPP
http://oauth.net/code
47. fin.
oauth.net
me -› factoryjoe.com