This document discusses OAuth 2.0 and OpenID Connect for accessing APIs. It provides an overview of how OAuth 2.0 allows clients to obtain access tokens to access protected resources from an authorization server, including the steps to obtain an authorization code and exchange it for an access token. It then introduces OpenID Connect as an identity layer on top of OAuth 2.0 that provides authentication as well as authorization and allows clients to verify the identity of the resource owner. The document promotes OpenID Connect as an improvement over traditional OpenID that supports API access and a better user experience.

1. OAuth 2.0 &
OpenID Connect

2. @nov
OpenID Foundation Japan Evangelist
OAuth.jp
Ruby Libraries
rack-oauth2
openid_connect
fb_graph
#MA7 Mashup Caravan & Meetup in Kyoto

3. Platform 3rd-party Developers
#MA7 Mashup Caravan & Meetup in Kyoto

4. API Integration
Access Control for APIs
#MA7 Mashup Caravan & Meetup in Kyoto

5. NG
#MA7 Mashup Caravan & Meetup in Kyoto

6. #MA7 Mashup Caravan & Meetup in Kyoto

7. OAuth 1.0 OAuth 2.0
#MA7 Mashup Caravan & Meetup in Kyoto

8. OAuth 1.0 in Japanese
ju.mp/oauth1_ja
#MA7 Mashup Caravan & Meetup in Kyoto

9. #MA7 Mashup Caravan & Meetup in Kyoto

10. Authorization
Server
Authorize
Client Access
Access
Token
Resource
Server
Resource
Owner API
Client
Access
#MA7 Mashup Caravan & Meetup in Kyoto

11. Get Access Token
Resource Owner Client Authorization Server
Initiate
Require Approval
Approve
Code
Code
Access Token
#MA7 Mashup Caravan & Meetup in Kyoto

12. Get Access Token
Resource Owner Client Authorization Server
client_id=...&
Initiate response_type=code&
redirect_uri=https://...&
scope=...
Require Approval
Approve
Code
Code
Access Token
#MA7 Mashup Caravan & Meetup in Kyoto

13. Get Access Token
Resource Owner Client Authorization Server
Initiate
Require Approval
Approve
Code
Code
Access Token
#MA7 Mashup Caravan & Meetup in Kyoto

14. Get Access Token
Resource Owner Client Authorization Server
Initiate
Require Approval
Approve
Code
Code
Access Token
#MA7 Mashup Caravan & Meetup in Kyoto

15. Get Access Token
Resource Owner Client Authorization Server
Initiate
Require Approval
code=...&
Approve client_id=...&
client_secret=...&
grant_type=authorization_code&
Code
redirect_uri=https://...
Code
Access Token
#MA7 Mashup Caravan & Meetup in Kyoto

16. Get Access Token
Resource Owner Client Authorization Server
Initiate
Require Approval
Approve
[NOTE] Facebook API returns access token in Code
x-www-form-urlencoded
Code
Access Token
#MA7 Mashup Caravan & Meetup in Kyoto

17. Access APIs
#MA7 Mashup Caravan & Meetup in Kyoto

18. #MA7 Mashup Caravan & Meetup in Kyoto

19. #MA7 Mashup Caravan & Meetup in Kyoto

20. OpenID is dead!?
Poor UX? URL as identifier?
#MA7 Mashup Caravan & Meetup in Kyoto

21. Lack of API access!?
You need “stream access”, don’t you?
#MA7 Mashup Caravan & Meetup in Kyoto

22. OpenID Connect
~ OpenID based on OAuth 2.0 ~
#MA7 Mashup Caravan & Meetup in Kyoto

23. connect-rp.heroku.com
#MA7 Mashup Caravan & Meetup in Kyoto

24. ref.) slideshare.net/oid4/openidconnect-nat
#MA7 Mashup Caravan & Meetup in Kyoto

25. #MA7 Mashup Caravan & Meetup in Kyoto

26. OpenID AsiaPac Technology Summit
in Tokyo, Japan December 1, 2011
#MA7 Mashup Caravan & Meetup in Kyoto

27. twitter.com/nov
slideshare.net/matake
github.com/nov
openid-foundation-japan.github.com
#MA7 Mashup Caravan & Meetup in Kyoto