Upload File

springoauth

30
Introduction to Spring OAuth

Upload: sanat-kumar-upadhyaya

Post on 13-Dec-2015

214 views

Category:

Documents


1 download

Report

Tags:

DESCRIPTION

Spring Oauth

TRANSCRIPT

Page 1: SpringOAuth

Introduction to Spring OAuth

Page 2: SpringOAuth

Volvo IT

1. Why Study about OAuth?

2. Introduction

3. Terminology

4. Specification Structure

5. Protocol Workflow

6. Overview

7. Advantages & Disadvantages

Go Through

Spring OAuth2

Page 3: SpringOAuth

Volvo ITSpring OAuth3

Why Study about Oauth?

Page 4: SpringOAuth

Volvo ITSpring OAuth4

Do you care about these sites?

Page 5: SpringOAuth

Volvo ITSpring OAuth5

Page 6: SpringOAuth

Volvo ITSpring OAuth6

Security

Page 7: SpringOAuth

Volvo ITSpring OAuth7

OAuth in a Nut Shell

Page 8: SpringOAuth

Volvo ITSpring OAuth8

Practical Example

Page 9: SpringOAuth

Volvo ITSpring OAuth9

Without OAuth

Page 10: SpringOAuth

Volvo ITSpring OAuth10

Without OAuth

Page 11: SpringOAuth

Volvo ITSpring OAuth11

Without OAuth

Page 12: SpringOAuth

Volvo ITSpring OAuth12

With OAuth

Page 13: SpringOAuth

Volvo ITSpring OAuth13

With OAuth

Page 14: SpringOAuth

Volvo ITSpring OAuth14

With OAuth

Page 15: SpringOAuth

Volvo ITSpring OAuth15

With OAuth

Page 16: SpringOAuth

Volvo IT

What are the limitations with passwords?

Trust – user not trusting

More access than required

No support for granular permissions

Phishing – helping phishing activities

Lower Reliability to API interfaces

Unable to revoke access once provided

Spring OAuth16

Why OAuth is required?

Page 17: SpringOAuth

Volvo IT

In the traditional client-server authentication model, OAuth introduces the resource owner.

OAuth is an open authorization protocol which enables applications to access each others data.

the client acts on its behalf resource owner requests access to resources hosted by the server.

OAuth has built-in support for desktop applications, mobile devices, set-top boxes, and of course websites.

Spring OAuth17

Introduction

Page 18: SpringOAuth

Volvo IT

The OAuth authorization process also uses a set of temporary credentials which are used to identify the authorization request.

Spring OAuth18

Cont…

Page 19: SpringOAuth

Volvo IT

consumer (client), service provider (server), and user (resource owner).

The client application is the application requesting access to the resources stored on the resource server.

The server is the server hosting the resources

The resource owner is the person or application that owns the data that is to be shared.

Spring OAuth19

Terminology

Page 20: SpringOAuth

Volvo IT

A protected resource is stored on the server which requires authentication in order to access it. It owned or controlled by the resource owner.

Anyone requesting access to a protected resource must be authorized to do so by the resource owner. Ex: photos, documents, contacts.

2-Legged, 3-Legged, n-Legged Oauth. The number of legs used to describe an OAuth request typically refers to the number of parties involved.

In the simple OAuth flow: a client, a server, and a resource owner, the flow is described as 3-legged.

Spring OAuth20

Cont..

Page 21: SpringOAuth

Volvo IT

OAuth uses three kinds of credentials:

1. Client credentials(consumer key and secret).

2. Temporary credentials(request token and secret).

3. Token credentials(access token and secret).

The client credentials are used to authenticate the client. This allows the server to collect information about the clients using its services.

The OAuth authorization process also uses a set of temporary credentials which are used to identify the authorization request. In order to accommodate different kind of clients

Token credentials are used in place of the resource owner’s username and password. The client uses the token credentials to access the protected resource without having to know the resource owner’s password.

Spring OAuth21

Credentials and Tokens

Page 22: SpringOAuth

Volvo IT

The OAuth specification consists of two parts:

1. a redirection-based browser process for end-users to authorize client access to their resources. User authenticate directly with server to provision tokens to the client.

2. a method for making authenticated HTTP requests using two sets of credentials, one identifying the client making the request, and the other identifying the resource owner on whose behalf the request is being made.

Spring OAuth22

Specification Structure

Page 23: SpringOAuth

Volvo IT

The outline of the OAuth 1.0 protocol specification:

1. Introduction: The terminology sub-section defines the terms used and their relation to the HTTP specification.

2. Redirection-Based Authorization: It is the process in which the user is redirected to the server to provide access by Obtaining Temporary Credentials, Requesting Resource Owner Authorization, and Obtaining Token Credentials.

3. Authenticated Requests: This section describes how the client makes authenticated HTTP requests, how the server verifies them, and the various steps and cryptographic options available.

4. Security Considerations: It provides a comprehensive list of issues which can greatly impact the security properties of any given implementation.

Spring OAuth23

Cont…

Page 24: SpringOAuth

Volvo IT

Using OAuth terminology, Jane who is resource owner has uploaded 2 photos(protected resources) to Faji the server.

Jane wants to print those 2 photos and send it to her friend. Jane visits beppa.com (photo printing service) and order prints. Jane selects the photos source and clicks Continue.

Spring OAuth24

Protocol Workflow

After clicking continue

Page 25: SpringOAuth

Volvo IT

When Beppa receives the temporary credentials, it redirects Jane to the Faji OAuth User Authorization URL and requested to sign into the site. OAuth requires that servers first authenticate the resource owner, and then ask them to grant access to the client.

OAuth allows Jane to keep her username and password private and not share them with Beppa or any other site. After successfully logging into Faji, Jane is asked to grant access to Beppa, the client.

Spring OAuth25

Cont…

After clicking approve

Page 26: SpringOAuth

Volvo IT

Beppa successfully fetched Jane’s photo without asking for her username and password. They are presented her to pick and place her order.

Spring OAuth26

Cont…

Page 27: SpringOAuth

Volvo ITSpring OAuth27

Overview

Page 28: SpringOAuth

Volvo IT

It’s incredibly time saving in the long run.

OAuth allows you to use one account to comment on several different sites.

It hides private information(bank details) from those you do business with online.

All OAuth data transfers must take place on SSL (Secure Sockets Layer) to ensure the most trusted cryptography.

it’s an open standard for authorization. So expense is less.

Traffic is less and more popular.

Spring OAuth28

Advantages

Page 29: SpringOAuth

Volvo IT

If you use Facebook to comment on a different site, they can see you profile details.(Lack of anonymity)

The number of other sites that support OAuth as clients is still very limited. (Lack of market saturation)

There is chances of misusing the data.

If the central account becomes hacked, or you simply choose to close the account, the serious repercussions are felt across several sites.

Spring OAuth29

Disadvantages

Page 30: SpringOAuth

Volvo ITSpring OAuth30


Keyboard Shortcuts for the Opera Browser for Mac OS X

Bodybuilding - The Rock Hard Challenge (Month 1 Training)

Plato - Symposium

Aesops Fables

Rubik's cube solution

Personality Development

European Colinization of Latin America

The Last Carnival I Ever Saw

The Best American Humorous Short Stories

Barclays1

One Flew Over the Cuckoo's Nest

Fortran

Physical Modelling Synthesis Overview

How Computer Monitors Work

18 Tricks to Teach Your Body

Daniel Zanella and Alexander Weygers

United States Constitution

Chapter 23

Effective Parenting: Establishing Boundaries

(Tesla) - The Tesla Magnetic Car Engine

Algorithms

Cakes Recipes

Chapter-01

Compressing And Decompressing Folders

Explore The Levels of Creation

Disclaimer

I Am a Holocaust Denier and I Am Unafraid

Improve the Color Quality Of Your Monitor

Star Wars Prequel Trilogy Trivia (Episodes I-III)

Acetone Peroxide

Steve Jobs' Commencement Speech at Stanford

Star Wars Original Trilogy Trivia (Episodes IV-VI)

Simple Functions in Haskell

Heidegger Kritik

Iron Mills Essay