Understanding OAuth | Implementing 'Sign-in with Twitter' in Android apps

  • Published on
    15-Oct-2014

  • View
    242

  • Download
    0

Embed Size (px)

Transcript

<p>Understanding OAuth | Sign-in with Twitter, in Android</p> <p>Aman Alam Application Developer Web &amp; Mobile, Cue Blocks Technologies Pvt. Ltd., Chandigarh, IN @AmanAlamUnderstanding OAuth | Sign-in with Twitter</p> <p>Objectives What is OAuth Why OAuth (was OpenID not enough) Types : a) Two legged b) Three legged Benefits of Using OAuth How does OAuth work - Control &amp; Data flow (e.g. Twitter) Sign-In with Twitter - OAuth in Android, the Web way Sample Application</p> <p>Understanding OAuth | Sign-in with Twitter</p> <p>Objectives What is OAuth Why OAuth (was OpenID not enough) Types : a) Two legged b) Three legged Benefits of Using OAuth How does OAuth work - Control &amp; Data flow (e.g. Twitter) Sign-In with Twitter - OAuth in Android, the Web way Sample Application</p> <p>Understanding OAuth | Sign-in with Twitter</p> <p>What is OAuth OAuth = Open Authentication : Open Standard for Authentication Lets users share their content without handing out their credentials. Applications, which access the users content, use tokens, instead of username/password Developed for Twitter, opened later Complementary but distinctive from OpenID OAuth v2.0 : focuses on client developer simplicity, not backward compatible, built while keeping in mind different devices (desktop apps, phones etc.)Understanding OAuth | Sign-in with Twitter</p> <p>Objectives What is OAuth Why OAuth (was OpenID not enough) Types : a) Two legged b) Three legged Benefits of Using OAuth How does OAuth work - Control &amp; Data flow (e.g. Twitter) Sign-In with Twitter - OAuth in Android, the Web way Sample Application</p> <p>Understanding OAuth | Sign-in with Twitter</p> <p>Why OAuth (was OpenID not enough) OAuth focuses on granting specific privileges to specific applications. OpenID focuses on verifying that the users are really who they claim to be. OpenID requires providers. If OAuth was based on OpenID, only those who could use OpenID, could use OAuth OpenID facilitates Single Sign-on in more straight forward manner OAuth helps in limiting access, in controlling privilegesUnderstanding OAuth | Sign-in with Twitter</p> <p>Objectives What is OAuth Why OAuth (was OpenID not enough) Types : a) Two legged b) Three legged Benefits of Using OAuth How does OAuth work - Control &amp; Data flow (e.g. Twitter) Sign-In with Twitter - OAuth in Android, the Web way Sample Application</p> <p>Understanding OAuth | Sign-in with Twitter</p> <p>Types of OAuth Two different usage scenarios of OAuth: 3 legged 2 legged 3 Legged OAuth: Client app gets Consumer Key &amp; Secret Client uses the above to generate a temp URL and redirects the user to this URL to login (with server) After user approves the client app, the server returns an Access Token to the client app which is used from this point forwardUnderstanding OAuth | Sign-in with Twitter</p> <p>Types of OAuth 2 Legged OAuth: Client app gets Consumer Key &amp; Secret Client uses the above and an empty token credentials to access the protected resource 2 legged is similar to Client-Server communication 2 legged doesn t require user to input credentials Twitter uses 3 legged OAuth</p> <p>Understanding OAuth | Sign-in with Twitter</p> <p>Objectives What is OAuth Why OAuth (was OpenID not enough) Types : a) Two legged b) Three legged Benefits of Using OAuth How does OAuth work - Control &amp; Data flow (e.g. Twitter) Sign-In with Twitter - OAuth in Android, the Web way Sample Application</p> <p>Understanding OAuth | Sign-in with Twitter</p> <p>Benefits of Using OAuth Helps limiting access Improves user s trust in your application (via the UX) A way with which you can directly (and with trust) interact with a Web API Even if the users change their Username/ Passwords, your AccessToken remains unaffected User s app management is centralized : They get to control access of apps from where their data is (eg. Twitter-Revoke Access)Understanding OAuth | Sign-in with Twitter</p> <p>Objectives What is OAuth Why OAuth (was OpenID not enough) Types : a) Two legged b) Three legged Benefits of Using OAuth How does OAuth work - Control &amp; Data flow (e.g. Twitter) Sign-In with Twitter - OAuth in Android, the Web way Sample Application</p> <p>Understanding OAuth | Sign-in with Twitter</p> <p>How does OAuth work</p> <p>Understanding OAuth | Sign-in with Twitter</p> <p>Objectives What is OAuth Why OAuth (was OpenID not enough) Types : a) Two legged b) Three legged Benefits of Using OAuth How does OAuth work - Control &amp; Data flow (e.g. Twitter) Sign-In with Twitter - OAuth in Android, the Web way Sample Application</p> <p>Understanding OAuth | Sign-in with Twitter</p> <p>Sign-In with TwitterOn the web Your Web app Your Web appRequests a temp URL to login page Sends the URL Sends the user To this URL</p> <p>Your Web appTwitter gives your app a PIN / Access Token</p> <p>Logs into twitter+ Approves access</p> <p>User</p> <p>Your Web app</p> <p>Accesses Users data on twitter, performs actions, On user s behalf, With the PIN/AccessToken</p> <p>Understanding OAuth | Sign-in with Twitter</p> <p>Sign-In with TwitterIn the Android App Your Android appYour Android appRequests a temp URL to login page Sends the URL Sends the user To this URL</p> <p>Your Android appTwitter gives your app a PIN / Access Token</p> <p>Logs into twitter+ Approves access</p> <p>User</p> <p>Your Android app</p> <p>Accesses Users data on twitter, performs actions, On user s behalf, With the PIN/AccessToken</p> <p>Understanding OAuth | Sign-in with Twitter</p> <p>Objectives What is OAuth Why OAuth (was OpenID not enough) Types : a) Two legged b) Three legged Benefits of Using OAuth How does OAuth work - Control &amp; Data flow (e.g. Twitter) Sign-In with Twitter - OAuth in Android, the Web way Sample Application</p> <p>Understanding OAuth | Sign-in with Twitter</p> <p>Sample Application Developed using the Twitter4J library Twitter4J an unofficial Java Library Written by a developer who now works for Twitter Yusukey Yamamoto Why Twitter4J: Why write the code once again? Vast Quite robust Certain tasks works in separate threads Well documented, Well supported, and in active development. Get it here: http://twitter4j.org Over to Eclipse nowUnderstanding OAuth | Sign-in with Twitter</p> <p>our turn to throw words at me</p> <p>Questions?(But please don t make it hard on me )</p> <p>Aman Alam Application Developer Web &amp; Mobile Cue Blocks Technologies Pvt. Ltd. Chandigarh, IN sheikhaman.com @AmanAlam</p> <p>Understanding OAuth | Sign-in with Twitter</p>