Open ID & OAuth

Paul FryerJune 2011

What we’ll cover

• What is OpenID and OAuth?• Where and why are these used?• “In the wild” examples.• Source code examples.

What is OpenID?

• OpenID is about verifying identity (authenticating).

• Prevents users from having to maintain multiple identities with websites/electronic systems.

Who uses OpenID?

• You probably already have an OpenID.• Most of the major web players have an

implementation.• You can provide your own implementation.

How does OpenID Work?1. What’s your OpenID?2. User enters OpenID.3. Request the OpenID Provider page.4. Provider returns page with

openid.server and, optionally, openid.delegate.

5. Build URL and make request to OpenID server.

6. OpenID server presents login screen.

7. User provides credentials.8. OpenID server asks user to

authorize use.9. User responds to authorization

request.10. User redirected to success or failure

URL.11. Appropriate page is rendered

depending on success or failure.

What is OAuth?

• OAuth is about authorizing 3rd party sites to access user information.

• Allows sharing of user data with other systems without providing credentials to the other systems.

Who uses OAuth?

• Most major web players.• Facebook, Twitter, Google, Flickr, more..• You can too! Just download an open source

library for your programming language of choice (Dot Net, Cold Fusion, Lisp, Java, JavaScript, Objective C, Perl, Ocaml, PHP, Ruby, Python, Erlang, more..)

Live Example

• Stackoverflow.com• Built on

Source Code Examples

• Examples using the Dot Net Open Auth library.• ASP.Net MVC example using OpenID.• ASP.Net Web Forms example using OAuth.