OAuth 2.0: Theory and Practice
嚜燈Auth 2.0:
Theory and Practice
Daniel Correia
Pedro F谷lix
1
whoami
? Daniel Correia
? Fast learner Junior Software Engineer
? Passionate about everything Web-related
? Currently working with the SAPO SDB team
? Pedro F谷lix
? Teacher at ISEL 每 the engineering school of the Lisbon Polytechnic Institute
? Independent consultant working with the SAPO SDB team
2
OAuth History
? OAuth started circa 2007
? 2008 - IETF normalization started in 2008
? 2010 - RFC 5849 defines OAuth 1.0
? 2010 - WRAP (Web Resource Authorization Profiles) proposed by
Microsoft, Yahoo! And Google
? 2010 - OAuth 2.0 work begins in IETF
? 2012
? RFC 6749 - The OAuth 2.0 Authorization Framework
? RFC 6750 - The OAuth 2.0 Authorization Framework: Bearer Token Usage
3
An use case
? The cast of characters
? storecode.example 每 code repository service (e.g. )
? checkcode.example 每 code analysis service (e.g. travis-)
? Alice 每 a fictional developer
? The problem
? How can Alice allow checkcode to access her private code stored at storecode?
build and analyze code
Alice
checkcode.example
stores private code
storecode.example
fetch Alice*s code
4
The password anti-pattern
? A solution: Alice shares her password with checkcode
? Problems:
? Unrestricted access 每 checkcode has all of Alice*s permissions
? read and write on all code repositories, issues, wiki, ...
? No easy revocation
? Changing password implies revoking all other client applications
? Password management
? Changing password implies updating all the delegated applications
5
................
................
In order to avoid copyright disputes, this page is only a partial summary.
To fulfill the demand for quickly locating and searching documents.
It is intelligent file search solution for home and business.
Related searches
- financial management theory and practice pdf
- financial management theory and practice 15th edition
- trid 2 0 and construction loans
- planning theory and practice journal
- theory and practice pdf
- management theory and practice notes
- ethics theory and practice pdf
- leadership theory and practice pdf
- ethical theory and moral practice journal
- ethics theory and practice 11th
- ethics theory and practice quiz
- difference between 1 5 ah and 2 0 ah