Intro To OAuth

Sean Whitesell

@seanw122

*President of Tulsa .NET User Group*Software Ninjaneer @ Momentum3

Who are you?Authentication

AuthorizationWhat can you

access?

OAuth is about Authorization

After the user is authenticatedresources can then be accessed.

OAuth is about Authorization

resources can then be accessed.After the user is authenticated

RolesGrant Types / FlowsExampleToolsGetting StartedMore Learning

Roles

“Resource Owner”

User

“Those are my files!”

RolesResource

Server

RolesAuthorization

Server

RolesClient

The client is the application the user grantspermission to in order for resources ownedby the user to be utilized.

Grant TypesAuthorization Code

Request code then exchange for access token.

“Server”

Primary type used. Can be for Web Apps, Browser based app, and mobile apps.

Grant TypesPassword

Pass in Username and Passwordto get access token

Grant TypesClient Credentials

Used when the application needsto access resource NOT on

behalf of a user.

Grant TypesImplicit

Grants access token and does not use a secret.Used by some mobile apps and web applications.Replaced by Authorization Code without a secret.

An Example

Authorization Code

The user accesses anapplication (client)for the first time.

At some point the useris supplied a promptto enter their credentials.

Please login

CancelOk

User Name

Password

This application would like to access your profile and files.

DenyAllow

CancelOk

Application(client)

AuthorizationServer

1.

8.

9.

2.

When user logs into Authorization Server

and allows the applicationto use the resources the

application receives a onetime use code.

3.

7.

4.6.5.

Browser

seans_fake_app.com

Application(client)

AuthorizationServer

1.2.

Here the application can

store the user information

along with their associated

access token information.

Application(client)

ResourceServer

1. 2.Now the application can access allowed resources on behalf of the user using the access token.

Tools

Postmangetpostman.com

Tools

Fiddlertelerik.com/fiddler

Tools

curlcurl.haxx.se

Getting Started

Google Playgroundhttps://developers.google.com/oauthplayground

Getting Started

Google Dochttps://developers.google.com/identity/choose-auth

Getting Started

Google Consoleconsole.developers.google.com

Getting Started

Google Scopesdevelopers.google.com/identity/protocols/googlescopes#drivev3

Getting Started

Google Drive Listhttps://developers.google.com/drive/v3/reference/files/list

Future Learning

aaronparecki.com/oauth-2-simplified

digitalocean.com/community/tutorials/an-introduction-to-oauth-2

alexbilbie.com/guide-to-oauth-2-grants

Future Learning

manning.com/books/oauth-2-in-action

packtpub.com/application-development/mastering-oauth-2

Thank You!Intro To OAuth