Maintest
-
Upload
mohan-kumar-tadikimalla -
Category
Technology
-
view
913 -
download
3
Transcript of Maintest
Oaths is an authorization standard for API’s thatdoes away with logins and passwords to grantauthorization to a third-party
Every day a new websites are launchedwhich tie services from different sitesand offer you
Service provider
The website or web-service where the restricted resources are located
User
User have ‘stuff’ they don’t want to make pubic on the service provider butthey do want to share it with another site
Consumer
The name for the application trying access the users resources
Protected Resources
The ‘stuff’ oauth protects and allow access.
TokensTokens are used instead of user credentials to access resources
Jane wants to share some of her vacation photos with her friends. Jane usesFaji, a photo sharing site, for sharing journey photos. She signs into herfaji.com account, and uploads two photos which she marks private.
Using OAuth terminology
Jane is the User
Faji is the Service Provider.
The 2 photos Jane uploaded are the Protected Resources.
Jane wants to share them with her grandmother. But grandma doesn’t have
an internet connection so Jane plans to order prints and have them mailed to
grandma. Being a responsible person, Jane uses Beppa, an environmentally
friendly photo printing service.
Using OAuth terminology, ◦ Beppa is the Consumer.
◦ Beppa must use OAuth to gain access to the photos in order to print them.
When Beppa added support for Faji photo import, a Beppa developer known
in OAuth as a Consumer Developer obtained a Consumer Key and
Consumer Secret from Faji to be used with Faji’s OAuth-enabled API.
Using OAuth terminology, ◦ Consumer Key
◦ Consumer secret
Beppa requests from Faji a Request Token. At this point, the Request Token
is not User-specific, and can be used by Beppa to gain User approval from
Jane to access her private photos.
Using OAuth terminology, ◦ Request Token
When Beppa receives the Request Token, it redirects Jane to the Faji OAuth
User Authorization URL with the Request Token and asks Faji to redirect
Jane back once approval has been granted to http://beppa.com/order.
Using OAuth terminology, ◦ Oauth User Authorization URL
◦ Call Back URL
After successfully logging into Faji, Jane is asked to grant access to
Beppa, the Consumer. Faji informs Jane of who is requesting access (in this
case Beppa) and the type of access being granted. Jane can approve or deny
access.
Jane waits for Beppa to present her with her
photos fetched from her Faji account.
While Jane waits, Beppa uses the authorized Request Token and exchanges
it for an Access Token. Request Tokens are only good for obtaining User
approval, while Access Tokens are used to access Protected Resources, in
this case Jane’s photos.
In the first request, Beppa exchanges the Request Token for an Access
Token and in the second (can be multiple requests, one for a list of
photos, and a few more to get each photo) request gets the photos.
Using OAuth terminology, ◦ Access Token
Jane is very impressed how Beppa grabbed her photos
without asking for her username and password. She likes
what she sees and place the print order.
Credentials and tokens Oauth uses three types of credentials
◦ Client credentilas(consumer key and secret)◦ Temporary credentials(request token and secret)◦ Token credentilas(access token and secret)
Client credentials◦ Allows server to authenticate server◦ Allows server to get information about the client
Token credentials◦ Token credentials are in place of username and password◦ The client uses token credentials to access resource owner procted
resource◦ Token credentials are limited in scope and duration
Temporary credentials◦ Used to identify the authorization reuest◦ To accommodate different clients ike desktop,mobile erc◦ Add extra flexibilyt and security