Upload
paul-fryer
View
656
Download
0
Embed Size (px)
Citation preview
Open ID & OAuth
Paul FryerJune 2011
What we’ll cover
• What is OpenID and OAuth?• Where and why are these used?• “In the wild” examples.• Source code examples.
What is OpenID?
• OpenID is about verifying identity (authenticating).
• Prevents users from having to maintain multiple identities with websites/electronic systems.
Who uses OpenID?
• You probably already have an OpenID.• Most of the major web players have an
implementation.• You can provide your own implementation.
How does OpenID Work?1. What’s your OpenID?2. User enters OpenID.3. Request the OpenID Provider page.4. Provider returns page with
openid.server and, optionally, openid.delegate.
5. Build URL and make request to OpenID server.
6. OpenID server presents login screen.
7. User provides credentials.8. OpenID server asks user to
authorize use.9. User responds to authorization
request.10. User redirected to success or failure
URL.11. Appropriate page is rendered
depending on success or failure.
What is OAuth?
• OAuth is about authorizing 3rd party sites to access user information.
• Allows sharing of user data with other systems without providing credentials to the other systems.
Who uses OAuth?
• Most major web players.• Facebook, Twitter, Google, Flickr, more..• You can too! Just download an open source
library for your programming language of choice (Dot Net, Cold Fusion, Lisp, Java, JavaScript, Objective C, Perl, Ocaml, PHP, Ruby, Python, Erlang, more..)
Source Code Examples
• Examples using the Dot Net Open Auth library.• ASP.Net MVC example using OpenID.• ASP.Net Web Forms example using OAuth.