oauth 2.0 & openid connect #ma7

Post on 07-Nov-2014

8.358 Views

Category:

Technology

1 Downloads

Preview:

Click to see full reader

DESCRIPTION

 

TRANSCRIPT

OAuth 2.0 &OpenID Connect

#MA7 Mashup Caravan & Meetup in Kyoto

@nov

OpenID Foundation Japan Evangelist

OAuth.jp

Ruby Libraries

rack-oauth2

openid_connect

fb_graph

#MA7 Mashup Caravan & Meetup in Kyoto

Platform ♥ 3rd-party Developers

#MA7 Mashup Caravan & Meetup in Kyoto

Access Control for APIs

API Integration

#MA7 Mashup Caravan & Meetup in Kyoto

NG

#MA7 Mashup Caravan & Meetup in Kyoto

#MA7 Mashup Caravan & Meetup in Kyoto

OAuth 1.0 OAuth 2.0

#MA7 Mashup Caravan & Meetup in Kyoto

OAuth 1.0 in Japaneseju.mp/oauth1_ja

#MA7 Mashup Caravan & Meetup in Kyoto

#MA7 Mashup Caravan & Meetup in Kyoto

ResourceOwner

Client

ResourceServer

APIAccess

AccessToken

AuthorizationServer

AuthorizeClient Access

#MA7 Mashup Caravan & Meetup in Kyoto

Get Access TokenResource Owner Client Authorization Server

Initiate

Require Approval

Approve

Code

Code

Access Token

#MA7 Mashup Caravan & Meetup in Kyoto

Get Access TokenResource Owner Client Authorization Server

Initiate

Require Approval

Approve

Access Token

client_id=...&response_type=code&redirect_uri=https://...&scope=...

Code

Code

#MA7 Mashup Caravan & Meetup in Kyoto

Get Access TokenResource Owner Client Authorization Server

Initiate

Require Approval

Approve

Access Token

Code

Code

#MA7 Mashup Caravan & Meetup in Kyoto

Get Access TokenResource Owner Client Authorization Server

Initiate

Require Approval

Approve

Access Token

Code

Code

#MA7 Mashup Caravan & Meetup in Kyoto

Get Access TokenResource Owner Client Authorization Server

Initiate

Require Approval

Approve

Access Token

Code

Code

code=...&client_id=...&client_secret=...&grant_type=authorization_code&redirect_uri=https://...

#MA7 Mashup Caravan & Meetup in Kyoto

Get Access TokenResource Owner Client Authorization Server

Initiate

Require Approval

Approve

Access Token

Code

Code

[NOTE] Facebook API returns access token in x-www-form-urlencoded

#MA7 Mashup Caravan & Meetup in Kyoto

Access APIs

#MA7 Mashup Caravan & Meetup in Kyoto

#MA7 Mashup Caravan & Meetup in Kyoto

#MA7 Mashup Caravan & Meetup in Kyoto

OpenID is dead!?Poor UX? URL as identifier?

#MA7 Mashup Caravan & Meetup in Kyoto

Lack of API access!?You need “stream access”, don’t you?

#MA7 Mashup Caravan & Meetup in Kyoto

♥OpenID Connect

~ OpenID based on OAuth 2.0 ~

#MA7 Mashup Caravan & Meetup in Kyoto

connect-rp.heroku.com

#MA7 Mashup Caravan & Meetup in Kyotoref.) slideshare.net/oid4/openidconnect-nat

#MA7 Mashup Caravan & Meetup in Kyoto

#MA7 Mashup Caravan & Meetup in Kyoto

OpenID AsiaPac Technology Summitin Tokyo, Japan December 1, 2011

#MA7 Mashup Caravan & Meetup in Kyoto

openid-foundation-japan.github.com

slideshare.net/matake

github.com/nov

twitter.com/nov

top related