37
Enter the world of 0Auth & AIR acrossthinlines.com | @udayms | linkedin.com/in/udayms 1 @udayms acrossthinlines.com Flash Camp India 2010 Chennai, India

Khuljaa Sim Sim

Embed Size (px)

DESCRIPTION

From my talk @ Flash Camp India conducted at MGR University, Chennai - India. #indifc www.indiflashcamp.com

Citation preview

Page 1: Khuljaa Sim Sim

Enter the world of

0Auth & AIR December  12,  2010   acrossthinlines.com  |  @udayms  |  linkedin.com/in/udayms   1  

@udayms acrossthinlines.com

Flash Camp India 2010 Chennai, India

Page 2: Khuljaa Sim Sim

December  12,  2010   acrossthinlines.com  |  @udayms  |  linkedin.com/in/udayms   2  

•  UX/UI Evangelist •  Owns Prototyping @ Yahoo! India

Page 3: Khuljaa Sim Sim

December  12,  2010   acrossthinlines.com  |  @udayms  |  linkedin.com/in/udayms   3  

In the Beginning

API.execute(userName, passWord);

Or in other words… API.execute(“give me ur life”); // and trust me to not use it or sell it later so that someone else can F&*$K you completely!

Page 4: Khuljaa Sim Sim

December  12,  2010   acrossthinlines.com  |  @udayms  |  linkedin.com/in/udayms   4  

PLAXO  

Page 5: Khuljaa Sim Sim

December  12,  2010   acrossthinlines.com  |  @udayms  |  linkedin.com/in/udayms   5  

This even used to have a name!!

Password Anti-Pattern

Page 6: Khuljaa Sim Sim

December  12,  2010   acrossthinlines.com  |  @udayms  |  linkedin.com/in/udayms   6  

Page 7: Khuljaa Sim Sim

December  12,  2010   acrossthinlines.com  |  @udayms  |  linkedin.com/in/udayms   7  

OAuth

Page 8: Khuljaa Sim Sim

December  12,  2010   acrossthinlines.com  |  @udayms  |  linkedin.com/in/udayms   8  

Like a VALET KEY

Page 9: Khuljaa Sim Sim

December  12,  2010   acrossthinlines.com  |  @udayms  |  linkedin.com/in/udayms   9  

OAuth

Google AuthSub + aol OpenAuth + Yahoo BBAuth + Upcoming api + Flickr api + Amazon Web Services api + others

Page 10: Khuljaa Sim Sim

December  12,  2010   acrossthinlines.com  |  @udayms  |  linkedin.com/in/udayms   10  

Is…

Open, generic Standard for API access

Page 11: Khuljaa Sim Sim

December  12,  2010   acrossthinlines.com  |  @udayms  |  linkedin.com/in/udayms   11  

Is…

authorization

Page 12: Khuljaa Sim Sim

December  12,  2010   acrossthinlines.com  |  @udayms  |  linkedin.com/in/udayms   12  

Is…

not (authentication)

Page 13: Khuljaa Sim Sim

December  12,  2010   acrossthinlines.com  |  @udayms  |  linkedin.com/in/udayms   13  

How did it start?

Blain Cook, & Others

start looking at OpenId for API Services  

They realize a need for a solution & start working on it  

Dewitt Clinton from Google begins supporting the effort  

Oauth core draft 1.0 released.  

Page 14: Khuljaa Sim Sim

December  12,  2010   acrossthinlines.com  |  @udayms  |  linkedin.com/in/udayms   14  

“…these days, everyone wants to build an App Store. Because every access key is a license that you can turn on and off, OAuth makes it easier for your integrations to generate revenue, and that means more and better integrations…”

-Sunir Shah (FreshBooks)

Why?

Page 15: Khuljaa Sim Sim

December  12,  2010   acrossthinlines.com  |  @udayms  |  linkedin.com/in/udayms   15  

Page 16: Khuljaa Sim Sim

December  12,  2010   acrossthinlines.com  |  @udayms  |  linkedin.com/in/udayms   16  

Page 17: Khuljaa Sim Sim

December  12,  2010   acrossthinlines.com  |  @udayms  |  linkedin.com/in/udayms   17  

Page 18: Khuljaa Sim Sim

December  12,  2010   acrossthinlines.com  |  @udayms  |  linkedin.com/in/udayms   18  

Service Provider provides your app with Keys & Secrets to uniquely identify it.

Your users who already have an account with Service Provider. They will approve your application’s request for information.

Your application that is registered with your service provider and used by your users. Your application also stored your credentials internally.

Your Oauth layer

Page 19: Khuljaa Sim Sim

December  12,  2010   acrossthinlines.com  |  @udayms  |  linkedin.com/in/udayms   19  

Service Provider

Your Users

Your Application

First Handshake

Page 20: Khuljaa Sim Sim

December  12,  2010   acrossthinlines.com  |  @udayms  |  linkedin.com/in/udayms   20  

Service Provider Your Users Your Application

Next time…

Page 21: Khuljaa Sim Sim

December  12,  2010   acrossthinlines.com  |  @udayms  |  linkedin.com/in/udayms   21  

Facebook Your Application

OAuth

Page 22: Khuljaa Sim Sim

December  12,  2010   acrossthinlines.com  |  @udayms  |  linkedin.com/in/udayms   22  

Facebook Your Application

Dude…  My  user  wants  access  to  his  stuff  on  

your  server.  

Sure.  Send  him  along.  Btw,  I  only  speak  Oauth.  

Page 23: Khuljaa Sim Sim

December  12,  2010   acrossthinlines.com  |  @udayms  |  linkedin.com/in/udayms   23  

Facebook Your Application

Page 24: Khuljaa Sim Sim

December  12,  2010   acrossthinlines.com  |  @udayms  |  linkedin.com/in/udayms   24  

Facebook Your Application

What’s  your  Pasword?  

PASSWORD1234@34  

Page 25: Khuljaa Sim Sim

December  12,  2010   acrossthinlines.com  |  @udayms  |  linkedin.com/in/udayms   25  

Facebook Your Application

Gr8!  Here’s  your  token!  

Page 26: Khuljaa Sim Sim

December  12,  2010   acrossthinlines.com  |  @udayms  |  linkedin.com/in/udayms   26  

Facebook Your Application

Perfect!  

Page 27: Khuljaa Sim Sim

December  12,  2010   acrossthinlines.com  |  @udayms  |  linkedin.com/in/udayms   27  

Facebook Your Application

Dude!!  Here’s  my      user’s  credenVals,    give  me  stuff!  Sure.  Here  you  go!!!  

Page 28: Khuljaa Sim Sim

December  12,  2010   acrossthinlines.com  |  @udayms  |  linkedin.com/in/udayms   28  

Page 29: Khuljaa Sim Sim

December  12,  2010   acrossthinlines.com  |  @udayms  |  linkedin.com/in/udayms   29  

Page 30: Khuljaa Sim Sim

December  12,  2010   acrossthinlines.com  |  @udayms  |  linkedin.com/in/udayms   30  

Page 31: Khuljaa Sim Sim

December  12,  2010   acrossthinlines.com  |  @udayms  |  linkedin.com/in/udayms   31  

Page 32: Khuljaa Sim Sim

December  12,  2010   acrossthinlines.com  |  @udayms  |  linkedin.com/in/udayms   32  

Page 33: Khuljaa Sim Sim

December  12,  2010   acrossthinlines.com  |  @udayms  |  linkedin.com/in/udayms   33  

Page 34: Khuljaa Sim Sim

December  12,  2010   acrossthinlines.com  |  @udayms  |  linkedin.com/in/udayms   34  

Page 35: Khuljaa Sim Sim

December  12,  2010   acrossthinlines.com  |  @udayms  |  linkedin.com/in/udayms   35  

Code Ranger OAuth Library http://www.coderanger.com/blog/?p=59

as3corelib https://github.com/mikechambers/as3corelib

Page 36: Khuljaa Sim Sim

December  12,  2010   acrossthinlines.com  |  @udayms  |  linkedin.com/in/udayms   36  

Twitter @udayms Blog acrossthinlines.com

LinkedIn linkedin.com/in/udayms

Page 37: Khuljaa Sim Sim

Sources I ripped off from…

•  Slideshare: factoryjoe/oauth-ftw-presentation

•  Slideshare: kellan/advanced-oauth-wrangling

•  Slideshare: mbleigh/the-present-future-of-oauth

•  http://dev.twitter.com/pages/auth

•  Google Images

•  Flickr

•  Oauth.net

December  12,  2010   acrossthinlines.com  |  @udayms  |  linkedin.com/in/udayms   37