introduction to oauth2

34
Intro To OAuth

Upload: seanw

Post on 03-Mar-2017

140 views

Category:

Technology


2 download

TRANSCRIPT

Page 1: Introduction to OAuth2

Intro To OAuth

Page 2: Introduction to OAuth2

Sean Whitesell

@seanw122

*President of Tulsa .NET User Group*Software Ninjaneer @ Momentum3

Page 3: Introduction to OAuth2

Who are you?Authentication

AuthorizationWhat can you

access?

Page 4: Introduction to OAuth2

OAuth is about Authorization

After the user is authenticatedresources can then be accessed.

Page 5: Introduction to OAuth2

OAuth is about Authorization

resources can then be accessed.After the user is authenticated

Page 6: Introduction to OAuth2

RolesGrant Types / FlowsExampleToolsGetting StartedMore Learning

Page 7: Introduction to OAuth2

Roles

“Resource Owner”

User

“Those are my files!”

Page 8: Introduction to OAuth2

RolesResource

Server

Page 9: Introduction to OAuth2

RolesAuthorization

Server

Page 10: Introduction to OAuth2

RolesClient

The client is the application the user grantspermission to in order for resources ownedby the user to be utilized.

Page 11: Introduction to OAuth2

Grant TypesAuthorization Code

Request code then exchange for access token.

“Server”

Primary type used. Can be for Web Apps, Browser based app, and mobile apps.

Page 12: Introduction to OAuth2

Grant TypesPassword

Pass in Username and Passwordto get access token

Page 13: Introduction to OAuth2

Grant TypesClient Credentials

Used when the application needsto access resource NOT on

behalf of a user.

Page 14: Introduction to OAuth2

Grant TypesImplicit

Grants access token and does not use a secret.Used by some mobile apps and web applications.Replaced by Authorization Code without a secret.

Page 15: Introduction to OAuth2

An Example

Authorization Code

Page 16: Introduction to OAuth2

The user accesses anapplication (client)for the first time.

At some point the useris supplied a promptto enter their credentials.

Page 17: Introduction to OAuth2

Please login

CancelOk

User Name

Password

Page 18: Introduction to OAuth2

This application would like to access your profile and files.

DenyAllow

Page 19: Introduction to OAuth2

CancelOk

Page 20: Introduction to OAuth2

Application(client)

AuthorizationServer

1.

8.

9.

2.

When user logs into Authorization Server

and allows the applicationto use the resources the

application receives a onetime use code.

3.

7.

4.6.5.

Browser

seans_fake_app.com

Page 21: Introduction to OAuth2

Application(client)

AuthorizationServer

1.2.

Here the application can

store the user information

along with their associated

access token information.

Page 22: Introduction to OAuth2

Application(client)

ResourceServer

1. 2.Now the application can access allowed resources on behalf of the user using the access token.

Page 23: Introduction to OAuth2
Page 24: Introduction to OAuth2

Tools

Postmangetpostman.com

Page 25: Introduction to OAuth2

Tools

Fiddlertelerik.com/fiddler

Page 26: Introduction to OAuth2

Tools

curlcurl.haxx.se

Page 27: Introduction to OAuth2

Getting Started

Google Playgroundhttps://developers.google.com/oauthplayground

Page 28: Introduction to OAuth2

Getting Started

Google Dochttps://developers.google.com/identity/choose-auth

Page 29: Introduction to OAuth2

Getting Started

Google Consoleconsole.developers.google.com

Page 30: Introduction to OAuth2

Getting Started

Google Scopesdevelopers.google.com/identity/protocols/googlescopes#drivev3

Page 31: Introduction to OAuth2

Getting Started

Google Drive Listhttps://developers.google.com/drive/v3/reference/files/list

Page 32: Introduction to OAuth2

Future Learning

aaronparecki.com/oauth-2-simplified

digitalocean.com/community/tutorials/an-introduction-to-oauth-2

alexbilbie.com/guide-to-oauth-2-grants

Page 33: Introduction to OAuth2

Future Learning

manning.com/books/oauth-2-in-action

packtpub.com/application-development/mastering-oauth-2

Page 34: Introduction to OAuth2

Thank You!Intro To OAuth