Authentication Using Twitter, Google, Facebook, And More
•Descargar como KEY, PDF•
1 recomendación•1,432 vistas
From my hands-on session at NCDevCon 2012
Recomendados
Recomendados
Más contenido relacionado
La actualidad más candente
La actualidad más candente (20)
Similar a Authentication Using Twitter, Google, Facebook, And More
Similar a Authentication Using Twitter, Google, Facebook, And More (20)
Último
Último (20)
Authentication Using Twitter, Google, Facebook, And More
- 1. Authentication made Easy NCDevCon 2012 Billy Cravens
- 2. About me Billy Cravens ColdFusion since 4.0 (1999) Houston CFUG manager Former DFWCFUG board member Other languages: PHP, .NET; node.js ninja in training Remember the Wrox book?
- 3. About me Supporter of Cystic Fibrosis (research) www.CureCF.com Twitter: @bdcravens Web: www.billycravens.com billy.io
- 4. Traditional authentication session check per request CFLogin OS-based IIS Windows authentication, using IIS management console Apache Configure in .htaccess file
- 5. Pain points of traditional/ Advantages of federated login Registration and conversion rates (statistic here would be nice!) Established user profiles Customer care and password recovery costs Social web Facebook: 845 million users Twitter: 300 millions users Google: 350 million Gmail users Linked In : 135 million users
- 6. Disadvantages of federated login User experience Uncontrolled downtime Trust and perception
- 7. Federated identity/single sign on Origins Liberty Alliance whitepaper Microsoft “Passport” OpenID OAuth
- 8. OpenId Services using The workflow Open source CF libraries
- 9. OpenId Services using Google Yahoo WordPress Flickr Other services Roll your own
- 10. OpenId The workflow OpenID URL Authentication Permission request Shared secret Returns profile info and unique ID (URI)
- 11. OpenId Open source CF libraries http://www.yakhnov.info/go/projects/openid/ others on RiaForge
- 12. OAuth Services using open source CF libraries the workflow oAuth 1.0 / 2.0 Disadvantages
- 13. OAuth Services using Twitter (originated here) Facebook (oAuth 2.0) LinkedIn
- 15. oAuth 2.0 Workflow Send user to User logs in and grants Send token to your authentication URI permissions callback URI API calls using Verify token token
- 17. Google Show me the code
- 18. Facebook Show me the code
- 19. Twitter Show me the code
- 20. Integrate into existing security Authenticate your user Authenticate with service Capture user ID field of service, save to database
Notas del editor
- \n
- \n
- \n
- Session check: briefly show /session code (no more than 1 minute)\n\nCFLogin: briefly show /cflogin code (no more than 1 minute)\n\nOS options: don’t show examples\n
- \n
- Trust and perception:\n* people's unwillingness to grant *your* application access to their Twitter/FB/Google data. \n* Although most of these allow a level of access that is only used for auth, many users will not understand that and so may be hesitant to allow access. \n* you are placing trust in another authority, which is also an issue.\n* privacy issues: access to your website as data to mine\n\n
- TODO: short blurb about Liberty Alliance. Discuss role in standard, merger into Kantara Initiative\n\nMS Passport: proprietary solution, some early adoption, Starbucks.com; \nbegan process of migrating Windows Live ID to OpenID, but never moved past CTP\n
- \n
- only one we’re interested in is Google\n\nin this presentation we’re only going to look at \n\n
- TODO: a workflow diagram would be good\n
- TODO: a workflow diagram would be good\n
- \n
- not going to look at LinkedIn\n
- \n
- \n
- \n
- \n
- \n
- \n
- \n