Download - Hybrid Auth: OpenID + OAuth
Hybrid Auth: OAuth + OpenID
Erik Eldridge
Engineer/Evangelist
Yahoo! Developer Network
Overview
• What, Why, and How of Hybrid Authentication
• Sample code
• Summary
• Resources
What is Hybrid Auth?
• Using OpenID for authentication and Oauth to authorize data access
• Similar to Facebook's Connect, but based on open standards
Why should we use it?
• Easy– Single flow for end-users
• Portable– Open source libraries– Any service can be an OpenID "Provider"– Transferable skill-set and technologies
How do we get started?
• Setup
• Implementation
• Sample
Setup requirements
• Visit developer.yahoo.com/dashboard
• Register an OAuth application
• Download Yahoo! Social SDK from github.com/yahoo
• Download OpenID-Enabled library from openidenabled.com
Generalized implementation
• Define a log in/out mechanism for your site• If user is not logged in, initialize authentication
via OpenID with Simple Registration• In OpenID callback, check if OAuth access
token for user is stored• If access token does not exist, exchange
request token for access token and store access token
• Log in user using local mechanism and begin fetching data using Oauth
Example
• service– index.html– openid/
• index.php• return_to.php• php-openid-2.1.3/
– oauth/• index.php• yahoo-social-php-sdk/
Service/index.html, top
Service/index.html, middle
Service/index.html, bottom
Service/openid/index.php, top
Service/openid/index.php, bottom
Service/openid/return_to.php, top
Service/openid/return_to.php, middle
Service/openid/return_to.php, bottom
Service/oauth/index.php
Summary
• What?– Combination of OpenID authentication and OAuth
authorization
• Why?– Convenient for the end-user: single auth flow
• How?– Yahoo! Social SDK + OpenID-Enabled OpenID
library (with a pinch of YUI and YQL)
Resources
• developer.yahoo.com/openid
• developer.yahoo.com/oauth
• example.erikeldridge.com/{example code}
• Find me on Twitter: @erikeldridge