introduction to oauth2
TRANSCRIPT
Intro To OAuth
Sean Whitesell
@seanw122
*President of Tulsa .NET User Group*Software Ninjaneer @ Momentum3
Who are you?Authentication
AuthorizationWhat can you
access?
OAuth is about Authorization
After the user is authenticatedresources can then be accessed.
OAuth is about Authorization
resources can then be accessed.After the user is authenticated
RolesGrant Types / FlowsExampleToolsGetting StartedMore Learning
Roles
“Resource Owner”
User
“Those are my files!”
RolesResource
Server
RolesAuthorization
Server
RolesClient
The client is the application the user grantspermission to in order for resources ownedby the user to be utilized.
Grant TypesAuthorization Code
Request code then exchange for access token.
“Server”
Primary type used. Can be for Web Apps, Browser based app, and mobile apps.
Grant TypesPassword
Pass in Username and Passwordto get access token
Grant TypesClient Credentials
Used when the application needsto access resource NOT on
behalf of a user.
Grant TypesImplicit
Grants access token and does not use a secret.Used by some mobile apps and web applications.Replaced by Authorization Code without a secret.
An Example
Authorization Code
The user accesses anapplication (client)for the first time.
At some point the useris supplied a promptto enter their credentials.
Please login
CancelOk
User Name
Password
This application would like to access your profile and files.
DenyAllow
CancelOk
Application(client)
AuthorizationServer
1.
8.
9.
2.
When user logs into Authorization Server
and allows the applicationto use the resources the
application receives a onetime use code.
3.
7.
4.6.5.
Browser
seans_fake_app.com
Application(client)
AuthorizationServer
1.2.
Here the application can
store the user information
along with their associated
access token information.
Application(client)
ResourceServer
1. 2.Now the application can access allowed resources on behalf of the user using the access token.
Tools
Postmangetpostman.com
Tools
Fiddlertelerik.com/fiddler
Tools
curlcurl.haxx.se
Getting Started
Google Playgroundhttps://developers.google.com/oauthplayground
Getting Started
Google Dochttps://developers.google.com/identity/choose-auth
Getting Started
Google Consoleconsole.developers.google.com
Getting Started
Google Scopesdevelopers.google.com/identity/protocols/googlescopes#drivev3
Getting Started
Google Drive Listhttps://developers.google.com/drive/v3/reference/files/list
Future Learning
aaronparecki.com/oauth-2-simplified
digitalocean.com/community/tutorials/an-introduction-to-oauth-2
alexbilbie.com/guide-to-oauth-2-grants
Future Learning
manning.com/books/oauth-2-in-action
packtpub.com/application-development/mastering-oauth-2
Thank You!Intro To OAuth