PayPal uses Open Identity to provide authentication for its 123 million active users. It uses OpenID Connect, which allows users to login once and access their profile information across multiple applications. OpenID Connect builds upon OAuth 2.0 by adding standard identity features like profile information and login/logout sessions. This allows PayPal to offer a simple and secure sign-in process while also giving users control over how their profile data is shared.
7. PayPal Access
• active users: 123.000.000
• Uses OpenID Connect
• Interesting for commercial use cases
– Adds integrity to existing applications
– Clearly business- & merchant-oriented
• Actively being worked on!
– Expect new kick-ass features soon
7
25. Session management
• Highly demanded feature
– Service can be used to login & logout
• OAuth 2.0 requires users to revoke
permission to “logout”
• Token validation & refreshment
• AN Optional feature
25
26. Authorization Flow
Client Server
1. Open Authorization 2. Provide a login page
Endpoint URL 3. Return the Authorization
4. Check callbacks for Token after a successful
Authorization Token login
5. Request a valid Access 6. Check Authorization Token
Token & return the Access Token
7. Retrieve user’s resources if it’s valid
26
29. People forget passwords…
“45 % admit to leaving a website instead of re-
setting their password or answering security
questions” *
* Blue Inc. 2011
29
30. People don’t like to register…
Out of 657 surveyed users 66 % think that
social sign-in is a desirable alternative. *
* Blue Inc. 2011
30
31. Verified profiles
Email – as it’s the user’s login
Address – ship my stuff here!
Name – makes sense, too
… and much more information!
31
32. 1. profile
5 scopes to 2. email
access the 3. address
profile: 4. phone
5. attributes
32
35. Help? Problems?
• paypal.com/dts
– Developer Technical Services
– Ticketing
• StackOverflow.com
– Tag “PayPal”
– Actively being watched by Technical Service and Developer
Evangelists like me
35