SlideShare una empresa de Scribd logo

REST, JSON and OAuth Explained

Descargar como KEY, PDF
I
ikailan

Slides for my "Esto es Google" talk about REST, JSON and OAuth

TecnologíaNoticias y política
1 de 60
REST, JSON and OAuth Ikai Lan - @ikai Esto es Google August 9th, 2011
About the speaker • Developer Relations at Google based out of San Francisco, CA • Focus: App Engine + Cloud • Twitter: @ikai • Google+: plus.ikailan.com
About the speaker BIOGRAFÍA: Ikai es ingeniero de Desarrollo de Programas en el motor de Google App. Antes de Google, trabajó como ingeniero programador construyendo aplicaciones para móviles y redes sociales en LinkedIn. Ikai es un ávido de la tecnología, consumiendo cantidades de material acerca de nuevos lenguajes de programación, estructuras o servicios. En sus ratos libres disfruta de California, ganando concursos de karaoke chino y jugando futbol de bandera. Actualmente vive en el área de la Bahía de San Francisco, donde agoniza viendo como su equipo favorito explota temporada tras temporada. English original: http://code.google.com/team/
About the speaker BIOGRAFÍA: Ikai es ingeniero de Desarrollo de Programas en el motor de Google App. Antes de Google, trabajó como ingeniero programador construyendo aplicaciones para móviles y redes sociales en LinkedIn. Ikai es un ávido de la tecnología, consumiendo cantidades de material acerca de nuevos lenguajes de programación, estructuras o servicios. En sus ratos libres disfruta de California, ganando concursos de karaoke chino y jugando futbol de bandera. Actualmente vive en el área de la Bahía de San Francisco, donde agoniza viendo como su equipo favorito explota temporada tras temporada. !!! English original: http://code.google.com/team/
This talk ... • Is mostly language independent • Can be very basic, but reviews are always good
Agenda • Learn about REST, JSON and OAuth • Leave this talk understanding the fundamentals of these standards
Tools of the trade JSON REST OAuth
REST REpresentational State Transfer
REST in action Invoking remote methods via HTTP GET /calendar/123 POST /calendar/456 PUT /calendar/888 DELETE /calendar/123/event/ 678
HTTP verbs as actions Verb Description GET Reading an object POST Creating a new object PUT Editing an existing object DELETE Deleting an object
Anatomy of a a REST request PUT /item/1 VERB and RESOURCE Accept: application/json someValue=someNewValue&secondValue =678
Anatomy of a a REST request PUT /item/1 Accept: application/json someValue=someNewValue&secondValue Accepts header =678
Anatomy of a a REST request PUT /item/1 Accept: application/json someValue=someNewValue&secondValue =678 Payload
Why REST? • Builds on existing standards - almost all languages with HTTP client are compatible • Server side: maps very well to web frameworks because of URI routing • Simple to implement, simple to debug
JSON - the language of the web { "version": "1.0", "encoding": "UTF-8", "author": [{ "name": {"$t": "Google Developer Calendar"}, "email": {"$t": "developer-calendar@google.com"} }] }
It’s just a Javascript object • Used in APIs to transfer data • Can be nested • Originally used for AJAX, now used for server to server communications
vs. XML { "version": "1.0", "encoding": "UTF-8", "author": [{ "name": {"$t": "Google Developer Calendar"}, "email": {"$t": "developer-calendar@google.com"} }] } <?xml version="1.0" encoding="UTF-8" ?> <author> <name>Google Developer Calendar</name> <email>developer-calendar@google.com</ email> </author> </feed>
vs. XML { "version": "1.0", "encoding": "UTF-8", "author": [{ FIGHT!!! "name": {"$t": "Google Developer Calendar"}, "email": {"$t": "developer-calendar@google.com"} }] } <?xml version="1.0" encoding="UTF-8" ?> <author> <name>Google Developer Calendar</name> <email>developer-calendar@google.com</ email> </author> </feed>
vs. XML • XML is structured, provides validation • JSON is more compact, easier to generate and parse • JSON maps very well to dictionary/hash object in many languages
Python example # Python 2.6 import json data = { "key" : 123 } json_value = json.dumps(data) data_restored = json.loads(json_value) 
Transport + protocol What else do we need?
Authentication
Authorization
Your guest key for the internet!
Some Google APIs
Some Google APIs Contacts
Some Google APIs Contacts Calendar
Some Google APIs Contacts Calendar Picasa Web
Some Google APIs Contacts Calendar Picasa YouTube Web
Why not just ask for the user’s password?
Because it’s bad. • You train users to give their passwords to third party sites • Once you do this, users cannot revoke third party site access without changing password • It’s really insecure and not flexible at all
SaaSy Payroll Our example app that uses OAuth so we can do things with Google APIs on behalf of the user
The OAuth Dance!
The OAuth Dance! User visits SaaSy Payroll
The OAuth Dance! User visits SaaSy Payroll SaaSy Payroll asks user to authorize data at Google
The OAuth Dance! User visits SaaSy Payroll SaaSy Payroll asks user to authorize data at Google User grants data access to app
The OAuth Dance! User visits SaaSy Payroll SaaSy Payroll asks user to authorize data at Google User grants data access to app Google tells user to return to SaaSy Payroll with code
The OAuth Dance! User visits SaaSy Payroll SaaSy Payroll asks user to authorize data at Google User grants data access to app Google tells user to return to SaaSy Payroll with code SaaSy Payroll asks Google for an access_token
The OAuth Dance! User visits SaaSy Payroll SaaSy Payroll asks user to authorize data at Google User grants data access to app Google tells user to return to SaaSy Payroll with code SaaSy Payroll asks Google for an access_token Google returns an access_token and a refresh_token
The Whole Flow (Continued)
The Whole Flow (Continued) SaaSy Payroll accesses Google Calendar using access_token
The Whole Flow (Continued) SaaSy Payroll accesses Google Calendar using access_token Google returns protected data
The Whole Flow (Continued) SaaSy Payroll accesses Google Calendar using access_token Google returns protected data Some time later
The Whole Flow (Continued) SaaSy Payroll accesses Google Calendar using access_token Google returns protected data Some time later SaaSy Payroll asks google for a new access_token
The Whole Flow (Continued) SaaSy Payroll accesses Google Calendar using access_token Google returns protected data Some time later SaaSy Payroll asks google for a new access_token Google returns a new access_token
SaaSy Payroll
Access Control Grant
Payroll on the Calendar Ikai’s Calendar
Calling an OAuth API Application makes a HTTP GET or HTTP POST request to the server containing the protected resource, including an Authorization header. Additionally, the application specifies which user’s data it is trying to access via a xoauth_requestor_id query parameter. https://www.google.com/calendar/feeds/default/private /full?xoauth_requestor_id=<email address> Header: Authorization: OAuth oauth_version=”1.0”, oauth_nonce=”1cbf231409dad9a2341856”, oauth_timtestamp=”123456789”, oauth_consumer_key=”<consumer_key>”, oauth_signature_method=”HMAC-SHA1”, oauth_signature=”1qz%2F%2BfwtsuO”
It’s all on top of standard HTTP
Our goals met! • We built an integrated, robust app that can directly manipulate a user’s Google Calendar • Never have to ask user for Google password - secure!
Recap JSON OAuth REST
REST - transport standard on HTTP GET /calendar/123 POST /calendar/456 PUT /calendar/888 DELETE /calendar/123/event/ 678
JSON - the language of the web { "version": "1.0", "encoding": "UTF-8", "author": [{ "name": {"$t": "Google Developer Calendar"}, "email": {"$t": "developer-calendar@google.com"} }] }
OAuth - third party auth • Valet key for the internet • Key terms: OAuth dance, 3 legged oauth • consumer key, consumer secret, access token, access token secret
A recipe for great apps!
Questions? • Read about OAuth: http://oauth.net/ • Google+: http://plus.ikailan.com • Twitter: @ikai

Recomendados

2011 aug-gdd-mexico-city-high-replication-datastore
2011 aug-gdd-mexico-city-high-replication-datastore2011 aug-gdd-mexico-city-high-replication-datastore
2011 aug-gdd-mexico-city-high-replication-datastoreikailan
 
What is App Engine? O
What is App Engine? OWhat is App Engine? O
What is App Engine? Oikailan
 
Boot camp 2010_app_engine_101
Boot camp 2010_app_engine_101Boot camp 2010_app_engine_101
Boot camp 2010_app_engine_101ikailan
 
Locking and Race Conditions in Web Applications
Locking and Race Conditions in Web ApplicationsLocking and Race Conditions in Web Applications
Locking and Race Conditions in Web ApplicationsAndrew Kandels
 
App Engine On Air: Munich
App Engine On Air: MunichApp Engine On Air: Munich
App Engine On Air: Munichdion
 
Integration Testing on Steroids: Run Your Tests on the Real Things
Integration Testing on Steroids: Run Your Tests on the Real ThingsIntegration Testing on Steroids: Run Your Tests on the Real Things
Integration Testing on Steroids: Run Your Tests on the Real ThingsAtlassian
 
Google App Engine tutorial
Google App Engine tutorialGoogle App Engine tutorial
Google App Engine tutorialNameForTheTutorial
 
Data normalization across API interactions
Data normalization across API interactionsData normalization across API interactions
Data normalization across API interactionsCloud Elements
 

Recomendados

2011 aug-gdd-mexico-city-high-replication-datastore
2011 aug-gdd-mexico-city-high-replication-datastore2011 aug-gdd-mexico-city-high-replication-datastore
2011 aug-gdd-mexico-city-high-replication-datastoreikailan
 
What is App Engine? O
What is App Engine? OWhat is App Engine? O
What is App Engine? Oikailan
 
Boot camp 2010_app_engine_101
Boot camp 2010_app_engine_101Boot camp 2010_app_engine_101
Boot camp 2010_app_engine_101ikailan
 
Locking and Race Conditions in Web Applications
Locking and Race Conditions in Web ApplicationsLocking and Race Conditions in Web Applications
Locking and Race Conditions in Web ApplicationsAndrew Kandels
 
App Engine On Air: Munich
App Engine On Air: MunichApp Engine On Air: Munich
App Engine On Air: Munichdion
 
Integration Testing on Steroids: Run Your Tests on the Real Things
Integration Testing on Steroids: Run Your Tests on the Real ThingsIntegration Testing on Steroids: Run Your Tests on the Real Things
Integration Testing on Steroids: Run Your Tests on the Real ThingsAtlassian
 
Google App Engine tutorial
Google App Engine tutorialGoogle App Engine tutorial
Google App Engine tutorialNameForTheTutorial
 
Data normalization across API interactions
Data normalization across API interactionsData normalization across API interactions
Data normalization across API interactionsCloud Elements
 
How Bitbucket Pipelines Loads Connect UI Assets Super-fast
How Bitbucket Pipelines Loads Connect UI Assets Super-fastHow Bitbucket Pipelines Loads Connect UI Assets Super-fast
How Bitbucket Pipelines Loads Connect UI Assets Super-fastAtlassian
 
Building Web APIs that Scale
Building Web APIs that ScaleBuilding Web APIs that Scale
Building Web APIs that ScaleSalesforce Developers
 
OWF12/Java Moussine pouchkine Girard
OWF12/Java Moussine pouchkine GirardOWF12/Java Moussine pouchkine Girard
OWF12/Java Moussine pouchkine GirardParis Open Source Summit
 
Google AppEngine @Open World Forum 2012 - 12 oct.2012
Google AppEngine @Open World Forum 2012 - 12 oct.2012Google AppEngine @Open World Forum 2012 - 12 oct.2012
Google AppEngine @Open World Forum 2012 - 12 oct.2012Paris Open Source Summit
 
Salesforce Lightning Web Components Overview
Salesforce Lightning Web Components OverviewSalesforce Lightning Web Components Overview
Salesforce Lightning Web Components OverviewNagarjuna Kaipu
 
Google Cloud - Scale With A Smile (Dec 2014)
Google Cloud - Scale With A Smile (Dec 2014)Google Cloud - Scale With A Smile (Dec 2014)
Google Cloud - Scale With A Smile (Dec 2014)Ido Green
 
Firebase Tech Talk By Atlogys
Firebase Tech Talk By AtlogysFirebase Tech Talk By Atlogys
Firebase Tech Talk By AtlogysAtlogys Technical Consulting
 
Massively Parallel Data Processing with PyWren and AWS Lambda - SRV424 - re:I...
Massively Parallel Data Processing with PyWren and AWS Lambda - SRV424 - re:I...Massively Parallel Data Processing with PyWren and AWS Lambda - SRV424 - re:I...
Massively Parallel Data Processing with PyWren and AWS Lambda - SRV424 - re:I...Amazon Web Services
 
Preparing for Data Residency and Custom Domains
Preparing for Data Residency and Custom DomainsPreparing for Data Residency and Custom Domains
Preparing for Data Residency and Custom DomainsAtlassian
 
Declaring Server App Components in Pure Java
Declaring Server App Components in Pure JavaDeclaring Server App Components in Pure Java
Declaring Server App Components in Pure JavaAtlassian
 
What’s New in Amazon Aurora
What’s New in Amazon AuroraWhat’s New in Amazon Aurora
What’s New in Amazon AuroraAmazon Web Services
 
DEV322_Continuous Integration Best Practices for Software Development Teams
DEV322_Continuous Integration Best Practices for Software Development TeamsDEV322_Continuous Integration Best Practices for Software Development Teams
DEV322_Continuous Integration Best Practices for Software Development TeamsAmazon Web Services
 
Deep dive into AWS fargate
Deep dive into AWS fargateDeep dive into AWS fargate
Deep dive into AWS fargateAmazon Web Services
 
Mobile APIs in Practice
Mobile APIs in PracticeMobile APIs in Practice
Mobile APIs in PracticeTyler Singletary
 
Design mobile efficient Apis
Design mobile efficient ApisDesign mobile efficient Apis
Design mobile efficient ApisMobile Rtpl
 
Distributed-ness: Distributed computing & the clouds
Distributed-ness: Distributed computing & the cloudsDistributed-ness: Distributed computing & the clouds
Distributed-ness: Distributed computing & the cloudsRobert Coup
 
Making connected apps with BaaS (Droidcon Bangalore 2014)
Making connected apps with BaaS (Droidcon Bangalore 2014)Making connected apps with BaaS (Droidcon Bangalore 2014)
Making connected apps with BaaS (Droidcon Bangalore 2014)Varun Torka
 
Devfest SouthWest, Nigeria - Firebase
Devfest SouthWest, Nigeria - FirebaseDevfest SouthWest, Nigeria - Firebase
Devfest SouthWest, Nigeria - FirebaseMoyinoluwa Adeyemi
 
Scaling asp.net websites to millions of users
Scaling asp.net websites to millions of usersScaling asp.net websites to millions of users
Scaling asp.net websites to millions of usersoazabir
 
Integrating Jira Software Cloud With the AWS Code Suite
Integrating Jira Software Cloud With the AWS Code SuiteIntegrating Jira Software Cloud With the AWS Code Suite
Integrating Jira Software Cloud With the AWS Code SuiteAtlassian
 
Intro to App Engine - Agency Dev Day NYC 2011
Intro to App Engine - Agency Dev Day NYC 2011Intro to App Engine - Agency Dev Day NYC 2011
Intro to App Engine - Agency Dev Day NYC 2011ikailan
 
Eme4401 Digautobio
Eme4401 DigautobioEme4401 Digautobio
Eme4401 DigautobioStef2
 

Más contenido relacionado

La actualidad más candente

How Bitbucket Pipelines Loads Connect UI Assets Super-fast
How Bitbucket Pipelines Loads Connect UI Assets Super-fastHow Bitbucket Pipelines Loads Connect UI Assets Super-fast
How Bitbucket Pipelines Loads Connect UI Assets Super-fastAtlassian
 
Google AppEngine @Open World Forum 2012 - 12 oct.2012
Google AppEngine @Open World Forum 2012 - 12 oct.2012Google AppEngine @Open World Forum 2012 - 12 oct.2012
Google AppEngine @Open World Forum 2012 - 12 oct.2012Paris Open Source Summit
 
Salesforce Lightning Web Components Overview
Salesforce Lightning Web Components OverviewSalesforce Lightning Web Components Overview
Salesforce Lightning Web Components OverviewNagarjuna Kaipu
 
Google Cloud - Scale With A Smile (Dec 2014)
Google Cloud - Scale With A Smile (Dec 2014)Google Cloud - Scale With A Smile (Dec 2014)
Google Cloud - Scale With A Smile (Dec 2014)Ido Green
 
Massively Parallel Data Processing with PyWren and AWS Lambda - SRV424 - re:I...
Massively Parallel Data Processing with PyWren and AWS Lambda - SRV424 - re:I...Massively Parallel Data Processing with PyWren and AWS Lambda - SRV424 - re:I...
Massively Parallel Data Processing with PyWren and AWS Lambda - SRV424 - re:I...Amazon Web Services
 
Preparing for Data Residency and Custom Domains
Preparing for Data Residency and Custom DomainsPreparing for Data Residency and Custom Domains
Preparing for Data Residency and Custom DomainsAtlassian
 
Declaring Server App Components in Pure Java
Declaring Server App Components in Pure JavaDeclaring Server App Components in Pure Java
Declaring Server App Components in Pure JavaAtlassian
 
DEV322_Continuous Integration Best Practices for Software Development Teams
DEV322_Continuous Integration Best Practices for Software Development TeamsDEV322_Continuous Integration Best Practices for Software Development Teams
DEV322_Continuous Integration Best Practices for Software Development TeamsAmazon Web Services
 
Design mobile efficient Apis
Design mobile efficient ApisDesign mobile efficient Apis
Design mobile efficient ApisMobile Rtpl
 
Distributed-ness: Distributed computing & the clouds
Distributed-ness: Distributed computing & the cloudsDistributed-ness: Distributed computing & the clouds
Distributed-ness: Distributed computing & the cloudsRobert Coup
 
Making connected apps with BaaS (Droidcon Bangalore 2014)
Making connected apps with BaaS (Droidcon Bangalore 2014)Making connected apps with BaaS (Droidcon Bangalore 2014)
Making connected apps with BaaS (Droidcon Bangalore 2014)Varun Torka
 
Devfest SouthWest, Nigeria - Firebase
Devfest SouthWest, Nigeria - FirebaseDevfest SouthWest, Nigeria - Firebase
Devfest SouthWest, Nigeria - FirebaseMoyinoluwa Adeyemi
 
Scaling asp.net websites to millions of users
Scaling asp.net websites to millions of usersScaling asp.net websites to millions of users
Scaling asp.net websites to millions of usersoazabir
 
Integrating Jira Software Cloud With the AWS Code Suite
Integrating Jira Software Cloud With the AWS Code SuiteIntegrating Jira Software Cloud With the AWS Code Suite
Integrating Jira Software Cloud With the AWS Code SuiteAtlassian
 

La actualidad más candente (20)

How Bitbucket Pipelines Loads Connect UI Assets Super-fast
How Bitbucket Pipelines Loads Connect UI Assets Super-fastHow Bitbucket Pipelines Loads Connect UI Assets Super-fast
How Bitbucket Pipelines Loads Connect UI Assets Super-fast
 
Building Web APIs that Scale
Building Web APIs that ScaleBuilding Web APIs that Scale
Building Web APIs that Scale
 
OWF12/Java Moussine pouchkine Girard
OWF12/Java Moussine pouchkine GirardOWF12/Java Moussine pouchkine Girard
OWF12/Java Moussine pouchkine Girard
 
Google AppEngine @Open World Forum 2012 - 12 oct.2012
Google AppEngine @Open World Forum 2012 - 12 oct.2012Google AppEngine @Open World Forum 2012 - 12 oct.2012
Google AppEngine @Open World Forum 2012 - 12 oct.2012
 
Salesforce Lightning Web Components Overview
Salesforce Lightning Web Components OverviewSalesforce Lightning Web Components Overview
Salesforce Lightning Web Components Overview
 
Google Cloud - Scale With A Smile (Dec 2014)
Google Cloud - Scale With A Smile (Dec 2014)Google Cloud - Scale With A Smile (Dec 2014)
Google Cloud - Scale With A Smile (Dec 2014)
 
Firebase Tech Talk By Atlogys
Firebase Tech Talk By AtlogysFirebase Tech Talk By Atlogys
Firebase Tech Talk By Atlogys
 
Massively Parallel Data Processing with PyWren and AWS Lambda - SRV424 - re:I...
Massively Parallel Data Processing with PyWren and AWS Lambda - SRV424 - re:I...Massively Parallel Data Processing with PyWren and AWS Lambda - SRV424 - re:I...
Massively Parallel Data Processing with PyWren and AWS Lambda - SRV424 - re:I...
 
Preparing for Data Residency and Custom Domains
Preparing for Data Residency and Custom DomainsPreparing for Data Residency and Custom Domains
Preparing for Data Residency and Custom Domains
 
Declaring Server App Components in Pure Java
Declaring Server App Components in Pure JavaDeclaring Server App Components in Pure Java
Declaring Server App Components in Pure Java
 
What’s New in Amazon Aurora
What’s New in Amazon AuroraWhat’s New in Amazon Aurora
What’s New in Amazon Aurora
 
DEV322_Continuous Integration Best Practices for Software Development Teams
DEV322_Continuous Integration Best Practices for Software Development TeamsDEV322_Continuous Integration Best Practices for Software Development Teams
DEV322_Continuous Integration Best Practices for Software Development Teams
 
Deep dive into AWS fargate
Deep dive into AWS fargateDeep dive into AWS fargate
Deep dive into AWS fargate
 
Mobile APIs in Practice
Mobile APIs in PracticeMobile APIs in Practice
Mobile APIs in Practice
 
Design mobile efficient Apis
Design mobile efficient ApisDesign mobile efficient Apis
Design mobile efficient Apis
 
Distributed-ness: Distributed computing & the clouds
Distributed-ness: Distributed computing & the cloudsDistributed-ness: Distributed computing & the clouds
Distributed-ness: Distributed computing & the clouds
 
Making connected apps with BaaS (Droidcon Bangalore 2014)
Making connected apps with BaaS (Droidcon Bangalore 2014)Making connected apps with BaaS (Droidcon Bangalore 2014)
Making connected apps with BaaS (Droidcon Bangalore 2014)
 
Devfest SouthWest, Nigeria - Firebase
Devfest SouthWest, Nigeria - FirebaseDevfest SouthWest, Nigeria - Firebase
Devfest SouthWest, Nigeria - Firebase
 
Scaling asp.net websites to millions of users
Scaling asp.net websites to millions of usersScaling asp.net websites to millions of users
Scaling asp.net websites to millions of users
 
Integrating Jira Software Cloud With the AWS Code Suite
Integrating Jira Software Cloud With the AWS Code SuiteIntegrating Jira Software Cloud With the AWS Code Suite
Integrating Jira Software Cloud With the AWS Code Suite
 

Destacado

Intro to App Engine - Agency Dev Day NYC 2011
Intro to App Engine - Agency Dev Day NYC 2011Intro to App Engine - Agency Dev Day NYC 2011
Intro to App Engine - Agency Dev Day NYC 2011ikailan
 
Eme4401 Digautobio
Eme4401 DigautobioEme4401 Digautobio
Eme4401 DigautobioStef2
 
Your language doesn't scale
Your language doesn't scaleYour language doesn't scale
Your language doesn't scaleikailan
 
プログラミング言語に関する学生へのアンケート
プログラミング言語に関する学生へのアンケートプログラミング言語に関する学生へのアンケート
プログラミング言語に関する学生へのアンケートHiroto Yamakawa
 
From 0-1 billion in 46 days
From 0-1 billion in 46 daysFrom 0-1 billion in 46 days
From 0-1 billion in 46 daysikailan
 
Building TweetEngine
Building TweetEngineBuilding TweetEngine
Building TweetEngineikailan
 
札幌のJavaコミュニティ Java Doを立ち上げた話
札幌のJavaコミュニティ Java Doを立ち上げた話札幌のJavaコミュニティ Java Doを立ち上げた話
札幌のJavaコミュニティ Java Doを立ち上げた話Hiroto Yamakawa
 
2011 june-kuala-lumpur-gtug-hackathon
2011 june-kuala-lumpur-gtug-hackathon2011 june-kuala-lumpur-gtug-hackathon
2011 june-kuala-lumpur-gtug-hackathonikailan
 

Destacado (8)

Intro to App Engine - Agency Dev Day NYC 2011
Intro to App Engine - Agency Dev Day NYC 2011Intro to App Engine - Agency Dev Day NYC 2011
Intro to App Engine - Agency Dev Day NYC 2011
 
Eme4401 Digautobio
Eme4401 DigautobioEme4401 Digautobio
Eme4401 Digautobio
 
Your language doesn't scale
Your language doesn't scaleYour language doesn't scale
Your language doesn't scale
 
プログラミング言語に関する学生へのアンケート
プログラミング言語に関する学生へのアンケートプログラミング言語に関する学生へのアンケート
プログラミング言語に関する学生へのアンケート
 
From 0-1 billion in 46 days
From 0-1 billion in 46 daysFrom 0-1 billion in 46 days
From 0-1 billion in 46 days
 
Building TweetEngine
Building TweetEngineBuilding TweetEngine
Building TweetEngine
 
札幌のJavaコミュニティ Java Doを立ち上げた話
札幌のJavaコミュニティ Java Doを立ち上げた話札幌のJavaコミュニティ Java Doを立ち上げた話
札幌のJavaコミュニティ Java Doを立ち上げた話
 
2011 june-kuala-lumpur-gtug-hackathon
2011 june-kuala-lumpur-gtug-hackathon2011 june-kuala-lumpur-gtug-hackathon
2011 june-kuala-lumpur-gtug-hackathon
 

Similar a REST, JSON and OAuth Explained

The Big Picture and How to Get Started
The Big Picture and How to Get StartedThe Big Picture and How to Get Started
The Big Picture and How to Get Startedguest1af57e
 
Build with ALL of Google Cloud
Build with ALL of Google CloudBuild with ALL of Google Cloud
Build with ALL of Google Cloudwesley chun
 
Build an AI/ML-driven image archive processing workflow: Image archive, analy...
Build an AI/ML-driven image archive processing workflow: Image archive, analy...Build an AI/ML-driven image archive processing workflow: Image archive, analy...
Build an AI/ML-driven image archive processing workflow: Image archive, analy...wesley chun
 
Cloud computing overview & Technical intro to Google Cloud
Cloud computing overview & Technical intro to Google CloudCloud computing overview & Technical intro to Google Cloud
Cloud computing overview & Technical intro to Google Cloudwesley chun
 
Introduction to Web APIs and the Google+ API - BarCamp Phnom Penh 2011
Introduction to Web APIs and the Google+ API - BarCamp Phnom Penh 2011Introduction to Web APIs and the Google+ API - BarCamp Phnom Penh 2011
Introduction to Web APIs and the Google+ API - BarCamp Phnom Penh 2011traactivity
 
Exploring Google APIs 102: Cloud vs. non-GCP Google APIs
Exploring Google APIs 102: Cloud vs. non-GCP Google APIsExploring Google APIs 102: Cloud vs. non-GCP Google APIs
Exploring Google APIs 102: Cloud vs. non-GCP Google APIswesley chun
 
JBUG 11 - Django-The Web Framework For Perfectionists With Deadlines
JBUG 11 - Django-The Web Framework For Perfectionists With DeadlinesJBUG 11 - Django-The Web Framework For Perfectionists With Deadlines
JBUG 11 - Django-The Web Framework For Perfectionists With DeadlinesTikal Knowledge
 
Exploring Google (Cloud) APIs & Cloud Computing overview
Exploring Google (Cloud) APIs & Cloud Computing overviewExploring Google (Cloud) APIs & Cloud Computing overview
Exploring Google (Cloud) APIs & Cloud Computing overviewwesley chun
 
Are you getting Sleepy. REST in SharePoint Apps
Are you getting Sleepy. REST in SharePoint AppsAre you getting Sleepy. REST in SharePoint Apps
Are you getting Sleepy. REST in SharePoint AppsLiam Cleary [MVP]
 
Power your apps with Gmail, Google Drive, Calendar, Sheets, Slides & more
Power your apps with Gmail, Google Drive, Calendar, Sheets, Slides & morePower your apps with Gmail, Google Drive, Calendar, Sheets, Slides & more
Power your apps with Gmail, Google Drive, Calendar, Sheets, Slides & morewesley chun
 
Powerful Google developer tools for immediate impact! (2023-24 A)
Powerful Google developer tools for immediate impact! (2023-24 A)Powerful Google developer tools for immediate impact! (2023-24 A)
Powerful Google developer tools for immediate impact! (2023-24 A)wesley chun
 
Exploring Google APIs with Python
Exploring Google APIs with PythonExploring Google APIs with Python
Exploring Google APIs with Pythonwesley chun
 
Entrepreneurship Tips With HTML5 & App Engine Startup Weekend (June 2012)
Entrepreneurship Tips With HTML5 & App Engine Startup Weekend (June 2012)Entrepreneurship Tips With HTML5 & App Engine Startup Weekend (June 2012)
Entrepreneurship Tips With HTML5 & App Engine Startup Weekend (June 2012)Ido Green
 
Google developers consoles
Google developers consolesGoogle developers consoles
Google developers consolesVineet Gupta
 
Cloud computing overview & running your code on Google Cloud (Jun 2019)
Cloud computing overview & running your code on Google Cloud (Jun 2019)Cloud computing overview & running your code on Google Cloud (Jun 2019)
Cloud computing overview & running your code on Google Cloud (Jun 2019)wesley chun
 
Building APIs in an easy way using API Platform
Building APIs in an easy way using API PlatformBuilding APIs in an easy way using API Platform
Building APIs in an easy way using API PlatformAntonio Peric-Mazar
 
Take Mobile and Web Apps to the Next Level with AWS AppSync and AWS Amplify
Take Mobile and Web Apps to the Next Level with AWS AppSync and AWS Amplify Take Mobile and Web Apps to the Next Level with AWS AppSync and AWS Amplify
Take Mobile and Web Apps to the Next Level with AWS AppSync and AWS Amplify Amazon Web Services
 

Similar a REST, JSON and OAuth Explained (20)

The Big Picture and How to Get Started
The Big Picture and How to Get StartedThe Big Picture and How to Get Started
The Big Picture and How to Get Started
 
Build with ALL of Google Cloud
Build with ALL of Google CloudBuild with ALL of Google Cloud
Build with ALL of Google Cloud
 
Build an AI/ML-driven image archive processing workflow: Image archive, analy...
Build an AI/ML-driven image archive processing workflow: Image archive, analy...Build an AI/ML-driven image archive processing workflow: Image archive, analy...
Build an AI/ML-driven image archive processing workflow: Image archive, analy...
 
Introduction to Google Apps Platform
Introduction to Google Apps PlatformIntroduction to Google Apps Platform
Introduction to Google Apps Platform
 
Cloud computing overview & Technical intro to Google Cloud
Cloud computing overview & Technical intro to Google CloudCloud computing overview & Technical intro to Google Cloud
Cloud computing overview & Technical intro to Google Cloud
 
Introduction to Web APIs and the Google+ API - BarCamp Phnom Penh 2011
Introduction to Web APIs and the Google+ API - BarCamp Phnom Penh 2011Introduction to Web APIs and the Google+ API - BarCamp Phnom Penh 2011
Introduction to Web APIs and the Google+ API - BarCamp Phnom Penh 2011
 
Exploring Google APIs 102: Cloud vs. non-GCP Google APIs
Exploring Google APIs 102: Cloud vs. non-GCP Google APIsExploring Google APIs 102: Cloud vs. non-GCP Google APIs
Exploring Google APIs 102: Cloud vs. non-GCP Google APIs
 
Hi5 Open Social
Hi5 Open SocialHi5 Open Social
Hi5 Open Social
 
JBUG 11 - Django-The Web Framework For Perfectionists With Deadlines
JBUG 11 - Django-The Web Framework For Perfectionists With DeadlinesJBUG 11 - Django-The Web Framework For Perfectionists With Deadlines
JBUG 11 - Django-The Web Framework For Perfectionists With Deadlines
 
Exploring Google (Cloud) APIs & Cloud Computing overview
Exploring Google (Cloud) APIs & Cloud Computing overviewExploring Google (Cloud) APIs & Cloud Computing overview
Exploring Google (Cloud) APIs & Cloud Computing overview
 
Are you getting Sleepy. REST in SharePoint Apps
Are you getting Sleepy. REST in SharePoint AppsAre you getting Sleepy. REST in SharePoint Apps
Are you getting Sleepy. REST in SharePoint Apps
 
Power your apps with Gmail, Google Drive, Calendar, Sheets, Slides & more
Power your apps with Gmail, Google Drive, Calendar, Sheets, Slides & morePower your apps with Gmail, Google Drive, Calendar, Sheets, Slides & more
Power your apps with Gmail, Google Drive, Calendar, Sheets, Slides & more
 
Powerful Google developer tools for immediate impact! (2023-24 A)
Powerful Google developer tools for immediate impact! (2023-24 A)Powerful Google developer tools for immediate impact! (2023-24 A)
Powerful Google developer tools for immediate impact! (2023-24 A)
 
Exploring Google APIs with Python
Exploring Google APIs with PythonExploring Google APIs with Python
Exploring Google APIs with Python
 
Entrepreneurship Tips With HTML5 & App Engine Startup Weekend (June 2012)
Entrepreneurship Tips With HTML5 & App Engine Startup Weekend (June 2012)Entrepreneurship Tips With HTML5 & App Engine Startup Weekend (June 2012)
Entrepreneurship Tips With HTML5 & App Engine Startup Weekend (June 2012)
 
Cqrs api v2
Cqrs api v2Cqrs api v2
Cqrs api v2
 
Google developers consoles
Google developers consolesGoogle developers consoles
Google developers consoles
 
Cloud computing overview & running your code on Google Cloud (Jun 2019)
Cloud computing overview & running your code on Google Cloud (Jun 2019)Cloud computing overview & running your code on Google Cloud (Jun 2019)
Cloud computing overview & running your code on Google Cloud (Jun 2019)
 
Building APIs in an easy way using API Platform
Building APIs in an easy way using API PlatformBuilding APIs in an easy way using API Platform
Building APIs in an easy way using API Platform
 
Take Mobile and Web Apps to the Next Level with AWS AppSync and AWS Amplify
Take Mobile and Web Apps to the Next Level with AWS AppSync and AWS Amplify Take Mobile and Web Apps to the Next Level with AWS AppSync and AWS Amplify
Take Mobile and Web Apps to the Next Level with AWS AppSync and AWS Amplify
 

Más de ikailan

2011 july-nyc-gtug-go
2011 july-nyc-gtug-go2011 july-nyc-gtug-go
2011 july-nyc-gtug-goikailan
 
2011 july-gtug-high-replication-datastore
2011 july-gtug-high-replication-datastore2011 july-gtug-high-replication-datastore
2011 july-gtug-high-replication-datastoreikailan
 
2011 June - Singapore GTUG presentation. App Engine program update + intro to Go
2011 June - Singapore GTUG presentation. App Engine program update + intro to Go2011 June - Singapore GTUG presentation. App Engine program update + intro to Go
2011 June - Singapore GTUG presentation. App Engine program update + intro to Goikailan
 
Rapid web development using tornado web and mongodb
Rapid web development using tornado web and mongodbRapid web development using tornado web and mongodb
Rapid web development using tornado web and mongodbikailan
 
Introducing the App Engine datastore
Introducing the App Engine datastoreIntroducing the App Engine datastore
Introducing the App Engine datastoreikailan
 
OSCON Google App Engine Codelab - July 2010
OSCON Google App Engine Codelab - July 2010OSCON Google App Engine Codelab - July 2010
OSCON Google App Engine Codelab - July 2010ikailan
 

Más de ikailan (6)

2011 july-nyc-gtug-go
2011 july-nyc-gtug-go2011 july-nyc-gtug-go
2011 july-nyc-gtug-go
 
2011 july-gtug-high-replication-datastore
2011 july-gtug-high-replication-datastore2011 july-gtug-high-replication-datastore
2011 july-gtug-high-replication-datastore
 
2011 June - Singapore GTUG presentation. App Engine program update + intro to Go
2011 June - Singapore GTUG presentation. App Engine program update + intro to Go2011 June - Singapore GTUG presentation. App Engine program update + intro to Go
2011 June - Singapore GTUG presentation. App Engine program update + intro to Go
 
Rapid web development using tornado web and mongodb
Rapid web development using tornado web and mongodbRapid web development using tornado web and mongodb
Rapid web development using tornado web and mongodb
 
Introducing the App Engine datastore
Introducing the App Engine datastoreIntroducing the App Engine datastore
Introducing the App Engine datastore
 
OSCON Google App Engine Codelab - July 2010
OSCON Google App Engine Codelab - July 2010OSCON Google App Engine Codelab - July 2010
OSCON Google App Engine Codelab - July 2010
 

Último

DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningLars Bell
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfPrecisely
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersRaghuram Pandurangan
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxBkGupta21
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESmohitsingh558521
 

Último (20)

DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine Tuning
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information Developers
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptx
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
 

REST, JSON and OAuth Explained

  • 1.
  • 2. REST, JSON and OAuth Ikai Lan - @ikai Esto es Google August 9th, 2011
  • 3. About the speaker • Developer Relations at Google based out of San Francisco, CA • Focus: App Engine + Cloud • Twitter: @ikai • Google+: plus.ikailan.com
  • 4. About the speaker BIOGRAFÍA: Ikai es ingeniero de Desarrollo de Programas en el motor de Google App. Antes de Google, trabajó como ingeniero programador construyendo aplicaciones para móviles y redes sociales en LinkedIn. Ikai es un ávido de la tecnología, consumiendo cantidades de material acerca de nuevos lenguajes de programación, estructuras o servicios. En sus ratos libres disfruta de California, ganando concursos de karaoke chino y jugando futbol de bandera. Actualmente vive en el área de la Bahía de San Francisco, donde agoniza viendo como su equipo favorito explota temporada tras temporada. English original: http://code.google.com/team/
  • 5. About the speaker BIOGRAFÍA: Ikai es ingeniero de Desarrollo de Programas en el motor de Google App. Antes de Google, trabajó como ingeniero programador construyendo aplicaciones para móviles y redes sociales en LinkedIn. Ikai es un ávido de la tecnología, consumiendo cantidades de material acerca de nuevos lenguajes de programación, estructuras o servicios. En sus ratos libres disfruta de California, ganando concursos de karaoke chino y jugando futbol de bandera. Actualmente vive en el área de la Bahía de San Francisco, donde agoniza viendo como su equipo favorito explota temporada tras temporada. !!! English original: http://code.google.com/team/
  • 6. This talk ... • Is mostly language independent • Can be very basic, but reviews are always good
  • 7. Agenda • Learn about REST, JSON and OAuth • Leave this talk understanding the fundamentals of these standards
  • 8. Tools of the trade JSON REST OAuth
  • 10. REST in action Invoking remote methods via HTTP GET /calendar/123 POST /calendar/456 PUT /calendar/888 DELETE /calendar/123/event/ 678
  • 11. HTTP verbs as actions Verb Description GET Reading an object POST Creating a new object PUT Editing an existing object DELETE Deleting an object
  • 12. Anatomy of a a REST request PUT /item/1 VERB and RESOURCE Accept: application/json someValue=someNewValue&secondValue =678
  • 13. Anatomy of a a REST request PUT /item/1 Accept: application/json someValue=someNewValue&secondValue Accepts header =678
  • 14. Anatomy of a a REST request PUT /item/1 Accept: application/json someValue=someNewValue&secondValue =678 Payload
  • 15. Why REST? • Builds on existing standards - almost all languages with HTTP client are compatible • Server side: maps very well to web frameworks because of URI routing • Simple to implement, simple to debug
  • 16. JSON - the language of the web { "version": "1.0", "encoding": "UTF-8", "author": [{ "name": {"$t": "Google Developer Calendar"}, "email": {"$t": "developer-calendar@google.com"} }] }
  • 17. It’s just a Javascript object • Used in APIs to transfer data • Can be nested • Originally used for AJAX, now used for server to server communications
  • 18. vs. XML { "version": "1.0", "encoding": "UTF-8", "author": [{ "name": {"$t": "Google Developer Calendar"}, "email": {"$t": "developer-calendar@google.com"} }] } <?xml version="1.0" encoding="UTF-8" ?> <author> <name>Google Developer Calendar</name> <email>developer-calendar@google.com</ email> </author> </feed>
  • 19. vs. XML { "version": "1.0", "encoding": "UTF-8", "author": [{ FIGHT!!! "name": {"$t": "Google Developer Calendar"}, "email": {"$t": "developer-calendar@google.com"} }] } <?xml version="1.0" encoding="UTF-8" ?> <author> <name>Google Developer Calendar</name> <email>developer-calendar@google.com</ email> </author> </feed>
  • 20. vs. XML • XML is structured, provides validation • JSON is more compact, easier to generate and parse • JSON maps very well to dictionary/hash object in many languages
  • 21. Python example # Python 2.6 import json data = { "key" : 123 } json_value = json.dumps(data) data_restored = json.loads(json_value) 
  • 22. Transport + protocol What else do we need?
  • 23.
  • 25.
  • 27. Your guest key for the internet!
  • 29. Some Google APIs Contacts
  • 30. Some Google APIs Contacts Calendar
  • 31. Some Google APIs Contacts Calendar Picasa Web
  • 32. Some Google APIs Contacts Calendar Picasa YouTube Web
  • 33. Why not just ask for the user’s password?
  • 34. Because it’s bad. • You train users to give their passwords to third party sites • Once you do this, users cannot revoke third party site access without changing password • It’s really insecure and not flexible at all
  • 35. SaaSy Payroll Our example app that uses OAuth so we can do things with Google APIs on behalf of the user
  • 37. The OAuth Dance! User visits SaaSy Payroll
  • 38. The OAuth Dance! User visits SaaSy Payroll SaaSy Payroll asks user to authorize data at Google
  • 39. The OAuth Dance! User visits SaaSy Payroll SaaSy Payroll asks user to authorize data at Google User grants data access to app
  • 40. The OAuth Dance! User visits SaaSy Payroll SaaSy Payroll asks user to authorize data at Google User grants data access to app Google tells user to return to SaaSy Payroll with code
  • 41. The OAuth Dance! User visits SaaSy Payroll SaaSy Payroll asks user to authorize data at Google User grants data access to app Google tells user to return to SaaSy Payroll with code SaaSy Payroll asks Google for an access_token
  • 42. The OAuth Dance! User visits SaaSy Payroll SaaSy Payroll asks user to authorize data at Google User grants data access to app Google tells user to return to SaaSy Payroll with code SaaSy Payroll asks Google for an access_token Google returns an access_token and a refresh_token
  • 43. The Whole Flow (Continued)
  • 44. The Whole Flow (Continued) SaaSy Payroll accesses Google Calendar using access_token
  • 45. The Whole Flow (Continued) SaaSy Payroll accesses Google Calendar using access_token Google returns protected data
  • 46. The Whole Flow (Continued) SaaSy Payroll accesses Google Calendar using access_token Google returns protected data Some time later
  • 47. The Whole Flow (Continued) SaaSy Payroll accesses Google Calendar using access_token Google returns protected data Some time later SaaSy Payroll asks google for a new access_token
  • 48. The Whole Flow (Continued) SaaSy Payroll accesses Google Calendar using access_token Google returns protected data Some time later SaaSy Payroll asks google for a new access_token Google returns a new access_token
  • 51. Payroll on the Calendar Ikai’s Calendar
  • 52. Calling an OAuth API Application makes a HTTP GET or HTTP POST request to the server containing the protected resource, including an Authorization header. Additionally, the application specifies which user’s data it is trying to access via a xoauth_requestor_id query parameter. https://www.google.com/calendar/feeds/default/private /full?xoauth_requestor_id=<email address> Header: Authorization: OAuth oauth_version=”1.0”, oauth_nonce=”1cbf231409dad9a2341856”, oauth_timtestamp=”123456789”, oauth_consumer_key=”<consumer_key>”, oauth_signature_method=”HMAC-SHA1”, oauth_signature=”1qz%2F%2BfwtsuO”
  • 53. It’s all on top of standard HTTP
  • 54. Our goals met! • We built an integrated, robust app that can directly manipulate a user’s Google Calendar • Never have to ask user for Google password - secure!
  • 55. Recap JSON OAuth REST
  • 56. REST - transport standard on HTTP GET /calendar/123 POST /calendar/456 PUT /calendar/888 DELETE /calendar/123/event/ 678
  • 57. JSON - the language of the web { "version": "1.0", "encoding": "UTF-8", "author": [{ "name": {"$t": "Google Developer Calendar"}, "email": {"$t": "developer-calendar@google.com"} }] }
  • 58. OAuth - third party auth • Valet key for the internet • Key terms: OAuth dance, 3 legged oauth • consumer key, consumer secret, access token, access token secret
  • 59. A recipe for great apps!
  • 60. Questions? • Read about OAuth: http://oauth.net/ • Google+: http://plus.ikailan.com • Twitter: @ikai

Notas del editor

  1. \n
  2. \n
  3. \n
  4. \n
  5. \n
  6. \n
  7. \n
  8. \n
  9. \n
  10. \n
  11. \n
  12. \n
  13. \n
  14. \n
  15. \n
  16. \n
  17. \n
  18. \n
  19. \n
  20. \n
  21. \n
  22. \n
  23. \n
  24. \n
  25. \n
  26. \n
  27. \n
  28. \n
  29. \n
  30. \n
  31. \n
  32. \n
  33. \n
  34. \n
  35. \n
  36. \n
  37. \n
  38. \n
  39. \n
  40. \n
  41. \n
  42. \n
  43. \n
  44. \n
  45. \n
  46. \n
  47. \n
  48. \n
  49. \n
  50. \n
  51. \n
  52. \n
  53. \n
  54. \n
  55. \n
  56. \n
  57. \n
  58. \n
  59. \n
  60. \n
  61. \n
  62. \n
  63. \n
  64. \n
  65. \n
  66. \n
  67. \n
  68. \n
  69. \n
  70. \n
  71. \n
  72. \n
  73. \n
  74. \n
  75. \n
  76. \n
  77. \n
  78. \n
  79. \n
  80. \n
  81. \n
  82. \n
  83. \n
  84. \n