paypal
DESCRIPTION
TRANSCRIPT
![Page 1: Paypal](https://reader036.vdocuments.us/reader036/viewer/2022081801/547ea5c8b47959a2508b4ba8/html5/thumbnails/1.jpg)
Open Identity How PayPal uses
March 2012, Hannover
Moosecon 1
Tim Messerschmidt Developer Evangelist
@SeraAndroid
![Page 2: Paypal](https://reader036.vdocuments.us/reader036/viewer/2022081801/547ea5c8b47959a2508b4ba8/html5/thumbnails/2.jpg)
2
Tim Messerschmdit
Developer Evangelist
Startup Mentor
Author
W!" #$ I?
![Page 3: Paypal](https://reader036.vdocuments.us/reader036/viewer/2022081801/547ea5c8b47959a2508b4ba8/html5/thumbnails/3.jpg)
3
![Page 4: Paypal](https://reader036.vdocuments.us/reader036/viewer/2022081801/547ea5c8b47959a2508b4ba8/html5/thumbnails/4.jpg)
4
![Page 5: Paypal](https://reader036.vdocuments.us/reader036/viewer/2022081801/547ea5c8b47959a2508b4ba8/html5/thumbnails/5.jpg)
W!"# $% $&'(#$#) $( #!' W'b?
5
![Page 6: Paypal](https://reader036.vdocuments.us/reader036/viewer/2022081801/547ea5c8b47959a2508b4ba8/html5/thumbnails/6.jpg)
6
![Page 7: Paypal](https://reader036.vdocuments.us/reader036/viewer/2022081801/547ea5c8b47959a2508b4ba8/html5/thumbnails/7.jpg)
7
![Page 8: Paypal](https://reader036.vdocuments.us/reader036/viewer/2022081801/547ea5c8b47959a2508b4ba8/html5/thumbnails/8.jpg)
• active users: 123.000.000
• Uses OpenID Connect
• Interesting for commercial use cases – Adds integrity to existing applications
– Clearly business- & merchant-oriented
• Actively being worked on! – Expect new kick-ass features soon
8
P#%P#& A''())
![Page 9: Paypal](https://reader036.vdocuments.us/reader036/viewer/2022081801/547ea5c8b47959a2508b4ba8/html5/thumbnails/9.jpg)
9 9
![Page 10: Paypal](https://reader036.vdocuments.us/reader036/viewer/2022081801/547ea5c8b47959a2508b4ba8/html5/thumbnails/10.jpg)
10 10
![Page 11: Paypal](https://reader036.vdocuments.us/reader036/viewer/2022081801/547ea5c8b47959a2508b4ba8/html5/thumbnails/11.jpg)
11
![Page 12: Paypal](https://reader036.vdocuments.us/reader036/viewer/2022081801/547ea5c8b47959a2508b4ba8/html5/thumbnails/12.jpg)
12
![Page 13: Paypal](https://reader036.vdocuments.us/reader036/viewer/2022081801/547ea5c8b47959a2508b4ba8/html5/thumbnails/13.jpg)
13
W!) O*'(ID C+((',#?
![Page 14: Paypal](https://reader036.vdocuments.us/reader036/viewer/2022081801/547ea5c8b47959a2508b4ba8/html5/thumbnails/14.jpg)
Authorization
v%. Authentication
14
![Page 15: Paypal](https://reader036.vdocuments.us/reader036/viewer/2022081801/547ea5c8b47959a2508b4ba8/html5/thumbnails/15.jpg)
OA-#! 1.0
15
![Page 16: Paypal](https://reader036.vdocuments.us/reader036/viewer/2022081801/547ea5c8b47959a2508b4ba8/html5/thumbnails/16.jpg)
OA-#! 2.0
16
![Page 17: Paypal](https://reader036.vdocuments.us/reader036/viewer/2022081801/547ea5c8b47959a2508b4ba8/html5/thumbnails/17.jpg)
OA-#! 2.0 & #!' R+"& #+ H'..
17 Eran Hammer: http://hueniverse.com/2012/07/oauth-2-0-and-the-road-to-hell/
![Page 18: Paypal](https://reader036.vdocuments.us/reader036/viewer/2022081801/547ea5c8b47959a2508b4ba8/html5/thumbnails/18.jpg)
“OAuth 2.0 offers little to none code
reusability”
18
![Page 19: Paypal](https://reader036.vdocuments.us/reader036/viewer/2022081801/547ea5c8b47959a2508b4ba8/html5/thumbnails/19.jpg)
“What 2.0 offers is a blueprint for an authorization
protocol” 19
![Page 20: Paypal](https://reader036.vdocuments.us/reader036/viewer/2022081801/547ea5c8b47959a2508b4ba8/html5/thumbnails/20.jpg)
O( #!' D'"&('%% +f OA-#! 2
20 Tim Bray: http://www.tbray.org/ongoing/When/201x/2012/07/28/Oauth2-dead
![Page 21: Paypal](https://reader036.vdocuments.us/reader036/viewer/2022081801/547ea5c8b47959a2508b4ba8/html5/thumbnails/21.jpg)
OAuth 2 is
useful today
21
![Page 22: Paypal](https://reader036.vdocuments.us/reader036/viewer/2022081801/547ea5c8b47959a2508b4ba8/html5/thumbnails/22.jpg)
“OAuth 2 may not be perfect, and may have been harmed by the Enterprise crap, but the
core of Web functionality […] seems to have survived.”
22
![Page 23: Paypal](https://reader036.vdocuments.us/reader036/viewer/2022081801/547ea5c8b47959a2508b4ba8/html5/thumbnails/23.jpg)
O*'(ID C+((',#
23
![Page 24: Paypal](https://reader036.vdocuments.us/reader036/viewer/2022081801/547ea5c8b47959a2508b4ba8/html5/thumbnails/24.jpg)
24
![Page 25: Paypal](https://reader036.vdocuments.us/reader036/viewer/2022081801/547ea5c8b47959a2508b4ba8/html5/thumbnails/25.jpg)
25
![Page 26: Paypal](https://reader036.vdocuments.us/reader036/viewer/2022081801/547ea5c8b47959a2508b4ba8/html5/thumbnails/26.jpg)
S())*"+ $#+#,($(+-
• Highly demanded feature – Service can be used to login & logout
• OAuth 2.0 requires users to revoke permission to “logout”
• Token validation & refreshment
• AN Optional feature
26
![Page 27: Paypal](https://reader036.vdocuments.us/reader036/viewer/2022081801/547ea5c8b47959a2508b4ba8/html5/thumbnails/27.jpg)
A.-!"r/#-*"+ F&"w
C!"#$% 1. Open Authorization
Endpoint URL
4. Check callbacks for Authorization Token
5. Request a valid Access Token
7. Retrieve user’s resources
S#rv#r 2. Provide a login page 3. Return the Authorization
Token after a successful login
6. Check Authorization Token & return the Access Token if it’s valid
27
![Page 28: Paypal](https://reader036.vdocuments.us/reader036/viewer/2022081801/547ea5c8b47959a2508b4ba8/html5/thumbnails/28.jpg)
OA.-! 2.0 *$0&($(+-#-*"+ '#+ b( (#)*&% '!#+,(1 -"
O0(+ID C"++('- 28
![Page 29: Paypal](https://reader036.vdocuments.us/reader036/viewer/2022081801/547ea5c8b47959a2508b4ba8/html5/thumbnails/29.jpg)
W!) %!+-.& I -%' #!$%?
29
![Page 30: Paypal](https://reader036.vdocuments.us/reader036/viewer/2022081801/547ea5c8b47959a2508b4ba8/html5/thumbnails/30.jpg)
30
P("0&( f"r,(- 0#))w"r1)… “45 % admit to leaving a website instead of re-setting their password or answering security questions” * * B&.( I+'. 2011
![Page 31: Paypal](https://reader036.vdocuments.us/reader036/viewer/2022081801/547ea5c8b47959a2508b4ba8/html5/thumbnails/31.jpg)
31
P("0&( 1"+’- &*2( -" r(,*)-(r… Out of 657 surveyed users 66 % think that social sign-in is a desirable alternative. * * B&.( I+'. 2011
![Page 32: Paypal](https://reader036.vdocuments.us/reader036/viewer/2022081801/547ea5c8b47959a2508b4ba8/html5/thumbnails/32.jpg)
32
V(r*3(1 0r"3&() Email – as it’s the user’s login
Address – ship my stuff here!
Name – makes sense, too … #+1 $.'! $"r( *+f"r$#-*"+!
![Page 33: Paypal](https://reader036.vdocuments.us/reader036/viewer/2022081801/547ea5c8b47959a2508b4ba8/html5/thumbnails/33.jpg)
5 scopes to access the
profile:
1. profile
2. email
3. address
4. phone
5. attributes
33
![Page 34: Paypal](https://reader036.vdocuments.us/reader036/viewer/2022081801/547ea5c8b47959a2508b4ba8/html5/thumbnails/34.jpg)
34
Leverage an existing
profile
![Page 35: Paypal](https://reader036.vdocuments.us/reader036/viewer/2022081801/547ea5c8b47959a2508b4ba8/html5/thumbnails/35.jpg)
x.com/identity
35
![Page 36: Paypal](https://reader036.vdocuments.us/reader036/viewer/2022081801/547ea5c8b47959a2508b4ba8/html5/thumbnails/36.jpg)
36
W!#-’) +4-?
![Page 37: Paypal](https://reader036.vdocuments.us/reader036/viewer/2022081801/547ea5c8b47959a2508b4ba8/html5/thumbnails/37.jpg)
H(&0? Pr"b&($)?
• paypal.com/dts – Developer Technical Services
– Ticketing
• StackOverflow.com – Tag “PayPal”
– Actively being watched by Technical Service and Developer Evangelists like me
37
![Page 38: Paypal](https://reader036.vdocuments.us/reader036/viewer/2022081801/547ea5c8b47959a2508b4ba8/html5/thumbnails/38.jpg)
Q&#'%"($'? 38