1 / 73

OAuth 2.0 in Depth

OAuth 2.0 in Depth. By Rohit Ghatol Director @ Synerzip Passionate about TechNext. Why study about OAuth?. Do you care about these or Similar Sites?. Reference - http://rainbowseo.com/wp-content/uploads/2012/06/ smm.png. Http Access. Facebook. Browser. LinkedIn. Foursquare. Twitter.

meena
Download Presentation

OAuth 2.0 in Depth

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. OAuth 2.0 in Depth By Rohit Ghatol Director @ Synerzip Passionate about TechNext

  2. Why study about OAuth?

  3. Do you care about these or Similar Sites? Reference - http://rainbowseo.com/wp-content/uploads/2012/06/smm.png

  4. Http Access Facebook Browser LinkedIn Foursquare Twitter Api Access Mashups

  5. 7155 APIs listed on http://ProgrammableWeb.com

  6. 390 APIs on http://ProgrammableWeb.com support OAuth

  7. Security Closed Closed Open Authentication Authorization

  8. OAuth In a Nut Shell Can I have your Debit Card and ATM Pin?

  9. OAuth In a Nut Shell Can I have your Credit Card?

  10. OAuth Practical Example Disclaimer before you read ahead: All product names and people names used in the following slides are not entirely accurate. They are only placeholders to explain the concept. None of that information should assumed to be correct or incorrect.

  11. Without OAuth

  12. Without OAuth

  13. Without OAuth

  14. Lets Start Again

  15. With OAuth

  16. With OAuth URL changed to http://picasa.com

  17. With OAuth URL is http://picasa.com

  18. With OAuth URL changed to http://picasa.com with code parameter

  19. With OAuth

  20. OAuth 2.0 Flow in Depth

  21. Scenario Wants to integrate with Google Services e.g Picasa BOB Owns Owns Print-Fast Picasa

  22. Roles Authorization Server Wants to integrate with Google Services e.g Picasa BOB Resource Server Client Owns Owns Print-Fast Picasa

  23. Roles Authorization Server Wants to integrate with Google Services e.g Picasa BOB David Resource Server Client Owns Owns Resource Owner Print-Fast Picasa

  24. Client Registration Authorization Server Client Registers with Authorization Server BOB Resource Server Client Owns Owns Client_Id=print-fast Client_Secret=xxx Redirect_Url= http://print-fast.com Print-Fast Picasa

  25. OAuth Flows/Grant Types • Authorization Code Grant • Implicit Grant • Resource Owner Password Credentials Grant • Client Credentials Grant

  26. Step 1 – Get Authorization Grant

  27. Authorization Request Authorization Grant URL used is http://picasa.com/?client_id=photo-fast &scope=profile,email,photos &redirect_uri=http://print-fast.com&response_type=code

  28. Authorization Grant Code = ase34 Authorization Grant

  29. Authorization Request Client_Id=print-fast Redirect_url = http://print-fast.com Scope=profile,email,photos Client Resource Owner Authorization Grant code = ase34 David Authorization Server Print-Fast Resource Server Protocol Flow

  30. Step 2 – Exchange for Access Token

  31. Client Authorization Server Code = ase34 Client_Id=print-fast Client_Secret=xxx Print-Fast access_token = x3e4 code = ase34 access_token = x3e4

  32. Client Resource Owner Authorization Grant code = ase34 Client_Id=print-fast Client_Secret=xxx David Authorization Server Access Token access_token= x3e4 Print-Fast Resource Server Protocol Flow

  33. Step 3 – Access Protected Resources

  34. Client Authorization Server Code = ase34 Client_Id=print-fast Client_Secret=xxx Print-Fast access_token = x3e4 code = ase34 Picasa http://picasa.com/ ..../usr133/photos access_token = x3e4 [“http://…/DSC34.jpg”, “http://…/DSC44.jpg”, “http://…/DSC56.jpg”, “http://…/DSC98.jpg” ]

  35. Client Resource Owner David Authorization Server Print-Fast Picasa Access Token Resource Server access_token = x3e4 Protected Resource [“http://…/DSC34.jpg”,“http://…/DSC44.jpg”, “http://…/DSC56.jpg”,“http://…/DSC98.jpg”] Protocol Flow

  36. Complete Flow at Once

  37. Client Authorization Request Resource Owner Authorization Grant Authorization Grant Authorization Server Access Token Access Token Resource Server Protected Resource Protocol Flow

  38. With Refresh Token

  39. Access Grant & Client Credentials Client Authorization Server Access Token & Refresh Token Access Token Resource Server Protected Resource Access Token Invalid Token Error Refresh Token & Client Credentials Access Token & Optional Refresh Token Protocol Flow

  40. OAuth Flows/Grant Types • Authorization Code Grant • Implicit Grant • Resource Owner Password Credentials Grant • Client Credentials Grant

  41. Step 1 – Get Access Token

  42. Implicit Grant Request Implicit Grant URL used is http://picasa.com/?client_id=photo-fast &scope=profile,email,photos &redirect_uri=http://print-fast.com&response_type=token

  43. Access token = x3e4 Implicit Grant

  44. Implicit Grant Request Client_Id=print-fast Redirect_url = http://print-fast.com Scope=profile,email,photos Client Resource Owner Access Token access_token= x3e4 David Authorization Server Print-Fast Picasa Resource Server Protocol Flow

  45. Step 2 – Access Protected Resources

  46. Picasa http://picasa.com/ ..../usr133/photos access_token = x3e4 [“http://…/DSC34.jpg”, “http://…/DSC44.jpg”, “http://…/DSC56.jpg”, “http://…/DSC98.jpg” ]

  47. Client Resource Owner David Meant for Pure Browser based Applications Access Token Picasa Resource Server access_token = x3e4 Protected Resource [“http://…/DSC34.jpg”,“http://…/DSC44.jpg”, “http://…/DSC56.jpg”,“http://…/DSC98.jpg”] Protocol Flow

  48. Complete Flow at Once

  49. Client Authorization Request Resource Owner Access Token Access Token Resource Server Protected Resource Protocol Flow

  50. OAuth Flows/Grant Types • Authorization Code Grant • Implicit Grant • Resource Owner Password Credentials Grant • Client Credentials Grant

More Related