Oauth

Make changes yourself !
Login or register to EDIT and SAVE any of these pages.

Send this Playlist by SMS

Email this Page

OAuth 2.0 - Part 1

Order: Reorder
Duration: 3:27
Published: 24 Jul 2010
Uploaded: 05 Sep 2011
Author: davidrice000

OAuth 2.0 is a standard that allows users to share their data on one site with another site. In Part 1, we attempt to explain why OAuth 2.0 should matter to you.

Google I/O 2008 - OpenSocial, OpenID, and OAuth: Oh, My!

Order: Reorder
Duration: 60:28
Published: 09 Jun 2008
Uploaded: 10 Aug 2011
Author: GoogleDevelopers

OpenSocial, OpenID, and OAuth: Oh, My! Joseph Smarr (Plaxo) A number of emerging technologies will soon collectively enable an open social web in which users control their information and it can flow between multiple sites and services. OpenID, OAuth, microformats, OpenSocial, the Social Graph API, friends-list portability, and more will be discussed, as well as a coherent vision for how the pieces fit together and how developers can start taking advantage of them now.

OAuth Presentation

Order: Reorder
Duration: 9:27
Published: 11 Dec 2009
Uploaded: 18 Aug 2011
Author: mackintot

Google I/O 2011: Identity and Data Access: OpenID and OAuth

Order: Reorder
Duration: 59:41
Published: 13 May 2011
Uploaded: 20 Aug 2011
Author: GoogleDevelopers

Ryan Boyd Use OpenID and OAuth to stop requiring your users to type usernames and passwords. In this session, we'll demonstrate how to improve user experience and lower barriers to entry for your application by using OpenID. We'll show how to securely access powerful user data securely using OAuth. We'll also talk about which flavors of these technologies should be used for common use cases.

TwitterGadget & OAuth: How it Works

Order: Reorder
Duration: 6:16
Published: 14 Aug 2010
Uploaded: 30 Jan 2011
Author: twittergadget

This video was created to help clarify the new 'sign in with twitter' login process (OAuth), since, the old style basic authentication with username & password directly from third party applications has been eliminated as an option by the Twitter API.

Android OAUTH Example

Order: Reorder
Duration: 2:35
Published: 13 Jan 2010
Uploaded: 22 Aug 2011
Author: brione2001

Example of using Twitter OAUTH with an Android application. Source at: github.com You'll find more instruction there to actually pull the code, if you like.

Google I/O 2009 - Google Data APIs & OAuth for OpenSocial..

Order: Reorder
Duration: 42:03
Published: 01 Jun 2009
Uploaded: 14 Dec 2010
Author: GoogleDevelopers

Google I/O 2009 - Using Google Data APIs and OAuth to Create an OpenSocial Gadget Monsur Hossain, Eric Bidelman -- Contents -- 1:06 - Building an iGoogle gadget to talk to Google Services (Blogger) 1:35 - Issues with acessing private data in JS 2:45 - Solution: Use OAuth Proxy in iGoogle 3:01 - OAuth Proxy + iGoogle Technology Stack 3:44 - Basics of OAuth 7:00 - Issues with using OAuth in JS 7:50 - OAuth Proxy overview 9:03 - Enabling OAuth in a gadget 11:15 - Building a Gadget - gadget design 12:41 - Building a Gadget - presentation layer 14:40 - Demo: Blogger Post Gadget 16:55 - fetchData() using OpenSocial JS APIs 21:57 - Creating the magic OAuth popup window handler 21:49 - Making things easier: Google Data JS client library 22:32 - fetchData() using the Google Data JS APIs 25:28 - JS to post data to Blogger 27:32 - What the Oauth Proxy is doing behind the scenes 31:20 - More Demos! 33:35 - Wrap up. What did we learn? 34:48 - Q&A -- End -- Thanks to the new OAuth Proxy, developers can write JavaScript gadgets for OpenSocial containers that can securely access Google Data APIs. But did you ever wonder what goes on behind the scenes? This session will present a walkthrough of an OpenSocial gadget and will explain the components and their interactions that make such secure access possible. For presentation slides and all I/O sessions, please go to: code.google.com/events/io/sessions.html

OAuth Toolkit Demo Video

Order: Reorder
Duration: 8:29
Published: 26 Jul 2011
Uploaded: 16 Aug 2011
Author: Layer7Tech

OAuth is rapidly becoming the preferred authentication method for accessing Web-based resources.The Layer 7 SecureSpan Gateway can support OAuth 1.0a, OAuth WRAP, as well as OAuth 2.0 specifications, and can be used to simplify both two-or three-legged OAuth implementation for authorization servers and protected resource servers. The Gateway's built-in Secure Token Service (STS) can issue and validate security tokens of a variety of formats and structures, depending on the requirements of the specific OAuth implementation. Security tokens generated by the Layer 7 SecureSpan Gateway STS can used as OAuth access tokens, optionally with HMAC-SHA1 or RSA-SHA1 signature methods.

This Week In Google 47: OAuth You Didn't

Order: Reorder
Duration: 76:46
Published: 17 Jun 2010
Uploaded: 30 Dec 2010
Author: twit

Hosts:Leo Laporte, Jeff Jarvis, and Gina Trapani. Interoperability balance, Facebook and Twitter log-ins, OAuth and OpenID, and more. Guest: Chris Messina We invite you to read, add to, and amend our show notes. Friendfeed links for this episode Thanks to Cachefly for the bandwidth for this show.

YoruFukurou OAuth Process

Order: Reorder
Duration: 0:24
Published: 21 Jan 2010
Uploaded: 27 Aug 2010
Author: koroshiya1

The implementation of OAuth authentication workflow for Twitter client YoruFukurou.

Eric Bidelman (w. Monsur Hossain) - Google Data APIs & Oauth

Order: Reorder
Duration: 1:58
Published: 04 May 2009
Uploaded: 14 Dec 2010
Author: GoogleDevelopers

Using Google Data APIs and OAuth to Create an OpenSocial Gadget - Eric Bidelman & Monsur Hossain Thanks to the new OAuth Proxy, developers can write JavaScript gadgets for OpenSocial containers that can securely access Google Data APIs. But did you ever wonder what goes on behind the scenes? This session will present a walkthrough of an OpenSocial gadget and will explain the components and their interactions that make such secure access possible. For those who are attending I/O, we thought it might be useful to hear from some of the speakers in advance. These videos provide a preview of one or more topics that will be covered in their talks.

OAuth 2.0 - Part 4

Order: Reorder
Duration: 5:51
Published: 24 Jul 2010
Uploaded: 12 Aug 2011
Author: davidrice000

A step-by-step walkthrough of how OAuth 2.0 Access Token granting works.

OAuth 2.0 - Part 2

Order: Reorder
Duration: 2:12
Published: 24 Jul 2010
Uploaded: 06 Jul 2011
Author: davidrice000

OAuth Client services and OAuth Provider services must first exchange a shared secret before users can grant access tokens.

Using the Salesforce.com OAuth Playground

Order: Reorder
Duration: 6:46
Published: 27 Jul 2010
Uploaded: 21 Jul 2011
Author: jeffdonthemic

Demo of setting up and using the Salesforce OAuth Playground

REST Api & OAuth 2 Sneek peak

Order: Reorder
Duration: 2:09
Published: 09 Aug 2010
Uploaded: 07 Jun 2011
Author: salesforce

Quick sneak peak of the upcoming REST Api and OAuth2 support in Force.com. The sample app is a Java Webapp authenticating against Force.com, then performing a REST query on Contacts, and returning the results as a JSON object.

Google I/O 2010 - OpenID-based SSO & OAuth for Google Apps

Order: Reorder
Duration: 71:01
Published: 27 May 2010
Uploaded: 23 Jun 2011
Author: GoogleDevelopers

Google I/O 2010 - OpenID-based single sign on and OAuth data access for Google Apps Enterprise, Google APIs 201 Ryan Boyd, David Primmer A discussion of all the auth tangles you've encountered so far -- OpenID, SSO, 2-Legged OAuth, 3-Legged OAuth, and Hybrid OAuth. We'll show you when and where to use the APIs, code some example apps, and demonstrate how they all integrate with Google APIs and other developer products. We'll also talk about how these technologies relate to apps sold on the Google Apps Marketplace. For all I/O 2010 sessions, please go to code.google.com

OAuth 2.0 - Part 3

Order: Reorder
Duration: 2:55
Published: 24 Jul 2010
Uploaded: 28 Aug 2011
Author: davidrice000

Here we demonstrate how a user grants an access token, allowing parsley.com to access her records at acme bank.

IETF works to bridge SAML and OAuth

Order: Reorder
Duration: 2:07
Published: 05 Aug 2010
Uploaded: 30 Dec 2010
Author: PingIdentityTV

Brian Campbell, principal engineer for Ping Identity, explains the IETF draft spec he co-authored that is designed to bridge SAML and OAuth 2.0.

Authentication OAuth 2.0

Order: Reorder
Duration: 19:55
Published: 29 Jul 2011
Uploaded: 02 Sep 2011
Author: MarakanaTechTV

You're building an API and the question comes up, how to let client applications authenticate against it? Giving username/password to 3rd party client applications is a security anti-pattern. You don't want to do that. API keys are better, but confusing for the average user. So we're going to look at solving that with OAuth 2.0. ** Get the slides at mrkn.co

Connect Twitter OAuth Ruby

Order: Reorder
Duration: 11:24
Published: 26 Sep 2010
Uploaded: 13 May 2011
Author: webdistortion

A video tutorial on how to connect to Twitter with OAuth in PHP, used in the blog post describing a number of social signon products including Facebook connect and Twitter OAuth. blog.webdistortion.com

Second Life OAuth Integration With Twitter

Order: Reorder
Duration: 5:19
Published: 22 Jan 2010
Uploaded: 26 Aug 2010
Author: JimPurbrick

A demo of a Second Life script talking OAuth to twitter.

Oauth boilerplate

Order: Reorder
Duration: 1:30
Published: 27 Jan 2011
Uploaded: 27 Jan 2011
Author: mfairchi

Oauth flow

Authorizing Force.com Web Applications with OAuth

Order: Reorder
Duration: 1:53
Published: 21 Apr 2010
Uploaded: 30 May 2010
Author: jeffdonthemic

You can view the accompaning article for this demo at developer.force.com.

OAuth

OAuth (Open Authorization) is an open standard for authorization. It allows users to share their private resources (e.g. photos, videos, contact lists) stored on one site with another site without having to hand out their credentials, typically username and password.

OAuth allows users to hand out tokens instead of credentials to their data hosted by a given service provider. Each token grants access to a specific site (e.g. a video editing site) for specific resources (e.g. just videos from a specific album) and for a defined duration (e.g. the next 2 hours). This allows a user to grant a third party site access to their information stored with another service provider, without sharing their access permissions or the full extent of their data.

OAuth is a service that is complementary to, but distinct from, OpenID.

History

OAuth began in November 2006, during which Blaine Cook was developing the Twitter OpenID implementation. Meanwhile, Ma.gnolia needed a solution to allow its members with OpenIDs to authorize Dashboard Widgets to access their service. Cook, Chris Messina and Larry Halff from Ma.gnolia met with David Recordon to discuss using OpenID with the Twitter and Ma.gnolia APIs to delegate authentication. They concluded that there were no open standards for API access delegation.

The OAuth discussion group was created in April 2007, for the small group of implementers to write the draft proposal for an open protocol. DeWitt Clinton from Google learned of the OAuth project, and expressed his interest in supporting the effort. In July 2007 the team drafted an initial specification. Eran Hammer-Lahav joined and coordinated the many OAuth contributions, creating a more formal specification. On October 3, 2007, the OAuth Core 1.0 final draft was released.

At the 73rd Internet Engineering Task Force meeting in Minneapolis in November of 2008, an OAuth BOF was held to discuss bringing the protocol into the IETF for further standardization work. The event was well attended and there was wide support for formally chartering an OAuth working group within the IETF.

The OAuth 1.0 Protocol was published as RFC 5849, an informational Request for Comments, in April 2010.

Since August 31, 2010, all third party Twitter applications have been required to use OAuth.

OAuth 2.0

OAuth 2.0 is the next evolution of the OAuth protocol and is not backward compatible with OAuth 1.0. OAuth 2.0 focuses on client developer simplicity while providing specific authorization flows for web applications, desktop applications, mobile phones, and living room devices. The specification is being developed within the IETF OAuth WG and is expected to be finalized by the end of 2010 according to Eran Hammer-Lahav.

Facebook's new Graph API only supports OAuth 2.0 and is the largest implementation of the emerging standard. As of 2011, both Google and Microsoft had added OAuth 2.0 experimental support to its APIs.

Security

On April 23, 2009, a security flaw in the 1.0 protocol was announced. It affects the OAuth authorization flow (also known as "3-legged OAuth") in OAuth Core 1.0 Section 6. Version 1.0a of the OAuth Core protocol was issued to address this issue.

It has been suggested that design decisions to make OAuth 2 easier to program may have serious long term security implications, if the version under consideration in late September 2010 is adopted.

Uses

OAuth can be potentially used as an authorizing mechanism to consume secured (i.e. authenticated) RSS/ATOM feeds. Consumption of RSS/ATOM feeds that requires authentication has always been an issue. For example; an RSS feed from a secured Google Sites can not be consumed using Google Reader. 3-Legged OAuth can be utilized to authorize Google Reader to the RSS feed from that Google Site.

References

External links

RFC5849 at the IETF

OAuth.net

OAuth WG at the IETF

OAuth Code Library Support on Google Groups

OAuth Beginner's Guide and Resource Center on Hueniverse

Google OAuth & Federated Login Research

Yahoo! OAuth Quick Start Guide

How-to: Real-time Linux system monitoring on Twitter using OAuth and perl

OAuth Checklist

Category:Cloud standards Category:Internet protocols Category:2007 introductions Category:Computer access control

This text is licensed under the Creative Commons CC-BY-SA License. This text was originally published on Wikipedia and was developed by the Wikipedia community.