Enviar búsqueda
Cargar
OAuth Multiple Lifetime Token
•
Descargar como PPTX, PDF
•
1 recomendación
•
935 vistas
Yusuke Kondo
Seguir
Tecnología
Noticias y política
Denunciar
Compartir
Denunciar
Compartir
1 de 9
Descargar ahora
Recomendados
Security Cas And Open Id
Security Cas And Open Id
ConSanFrancisco123
Yahoo!ボックスAPI Hackathon向け資料
Yahoo!ボックスAPI Hackathon向け資料
Yahoo!デベロッパーネットワーク
Yahoo!ボックスAPI Hackday資料
Yahoo!ボックスAPI Hackday資料
Yahoo!デベロッパーネットワーク
ux_team_of_one
ux_team_of_one
Yahoo!デベロッパーネットワーク
Leedhar Graphics & Web Protfolio
Leedhar Graphics & Web Protfolio
murugan_ad
オークション/ショッピングAPIのご紹介
オークション/ショッピングAPIのご紹介
Yahoo!デベロッパーネットワーク
Securing APIs using OAuth 2.0
Securing APIs using OAuth 2.0
Adam Lewis
An Authentication and Authorization Architecture for a Microservices World
An Authentication and Authorization Architecture for a Microservices World
VMware Tanzu
Recomendados
Security Cas And Open Id
Security Cas And Open Id
ConSanFrancisco123
Yahoo!ボックスAPI Hackathon向け資料
Yahoo!ボックスAPI Hackathon向け資料
Yahoo!デベロッパーネットワーク
Yahoo!ボックスAPI Hackday資料
Yahoo!ボックスAPI Hackday資料
Yahoo!デベロッパーネットワーク
ux_team_of_one
ux_team_of_one
Yahoo!デベロッパーネットワーク
Leedhar Graphics & Web Protfolio
Leedhar Graphics & Web Protfolio
murugan_ad
オークション/ショッピングAPIのご紹介
オークション/ショッピングAPIのご紹介
Yahoo!デベロッパーネットワーク
Securing APIs using OAuth 2.0
Securing APIs using OAuth 2.0
Adam Lewis
An Authentication and Authorization Architecture for a Microservices World
An Authentication and Authorization Architecture for a Microservices World
VMware Tanzu
CIS13: Bootcamp: Ping Identity OAuth and OpenID Connect In Action with PingFe...
CIS13: Bootcamp: Ping Identity OAuth and OpenID Connect In Action with PingFe...
CloudIDSummit
OAuth - Don’t Throw the Baby Out with the Bathwater
OAuth - Don’t Throw the Baby Out with the Bathwater
Apigee | Google Cloud
170724 JP/UK Open Banking Summit English Translation
170724 JP/UK Open Banking Summit English Translation
Nat Sakimura
Oauth2.0
Oauth2.0
Yasmine Gaber
OAuth in the Real World featuring Webshell
OAuth in the Real World featuring Webshell
CA API Management
CIS13: Introduction to OAuth 2.0
CIS13: Introduction to OAuth 2.0
CloudIDSummit
CIS 2015 Extreme OAuth - Paul Meyer
CIS 2015 Extreme OAuth - Paul Meyer
CloudIDSummit
Consideration on Holder-of-Key Bound Token < from Financial-grade API (FAPI) ...
Consideration on Holder-of-Key Bound Token < from Financial-grade API (FAPI) ...
Hitachi, Ltd. OSS Solution Center.
Single-Page-Application & REST security
Single-Page-Application & REST security
Igor Bossenko
2022 APIsecure_Why Assertion-based Access Token is preferred to Handle-based ...
2022 APIsecure_Why Assertion-based Access Token is preferred to Handle-based ...
APIsecure_ Official
Why Assertion-based Access Token is preferred to Handle-based one?
Why Assertion-based Access Token is preferred to Handle-based one?
Hitachi, Ltd. OSS Solution Center.
Open APIs - Risks and Rewards (Øredev 2013)
Open APIs - Risks and Rewards (Øredev 2013)
Nordic APIs
OAuth2 Introduction
OAuth2 Introduction
Arpit Suthar
Extend Your Use of JIRA by Solving Your Unique Concerns: An Exposé of the New...
Extend Your Use of JIRA by Solving Your Unique Concerns: An Exposé of the New...
Atlassian
Extend Your Use of JIRA by Solving Your Unique Concerns: An Exposé of the New...
Extend Your Use of JIRA by Solving Your Unique Concerns: An Exposé of the New...
Atlassian
AT&T 2012 DevLab Speech API Deep Dive
AT&T 2012 DevLab Speech API Deep Dive
Michael Owens
Authorization Architecture Patterns: How to Avoid Pitfalls in #OAuth / #OIDC ...
Authorization Architecture Patterns: How to Avoid Pitfalls in #OAuth / #OIDC ...
Tatsuo Kudo
Introduction to OAuth2.0
Introduction to OAuth2.0
Oracle Corporation
Authorization Using JWTs
Authorization Using JWTs
ForgeRock Identity Tech Talks
Webinar: Identity Wars: The Unified Platform Awakens
Webinar: Identity Wars: The Unified Platform Awakens
ForgeRock
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Neo4j
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
Anna Loughnan Colquhoun
Más contenido relacionado
Similar a OAuth Multiple Lifetime Token
CIS13: Bootcamp: Ping Identity OAuth and OpenID Connect In Action with PingFe...
CIS13: Bootcamp: Ping Identity OAuth and OpenID Connect In Action with PingFe...
CloudIDSummit
OAuth - Don’t Throw the Baby Out with the Bathwater
OAuth - Don’t Throw the Baby Out with the Bathwater
Apigee | Google Cloud
170724 JP/UK Open Banking Summit English Translation
170724 JP/UK Open Banking Summit English Translation
Nat Sakimura
Oauth2.0
Oauth2.0
Yasmine Gaber
OAuth in the Real World featuring Webshell
OAuth in the Real World featuring Webshell
CA API Management
CIS13: Introduction to OAuth 2.0
CIS13: Introduction to OAuth 2.0
CloudIDSummit
CIS 2015 Extreme OAuth - Paul Meyer
CIS 2015 Extreme OAuth - Paul Meyer
CloudIDSummit
Consideration on Holder-of-Key Bound Token < from Financial-grade API (FAPI) ...
Consideration on Holder-of-Key Bound Token < from Financial-grade API (FAPI) ...
Hitachi, Ltd. OSS Solution Center.
Single-Page-Application & REST security
Single-Page-Application & REST security
Igor Bossenko
2022 APIsecure_Why Assertion-based Access Token is preferred to Handle-based ...
2022 APIsecure_Why Assertion-based Access Token is preferred to Handle-based ...
APIsecure_ Official
Why Assertion-based Access Token is preferred to Handle-based one?
Why Assertion-based Access Token is preferred to Handle-based one?
Hitachi, Ltd. OSS Solution Center.
Open APIs - Risks and Rewards (Øredev 2013)
Open APIs - Risks and Rewards (Øredev 2013)
Nordic APIs
OAuth2 Introduction
OAuth2 Introduction
Arpit Suthar
Extend Your Use of JIRA by Solving Your Unique Concerns: An Exposé of the New...
Extend Your Use of JIRA by Solving Your Unique Concerns: An Exposé of the New...
Atlassian
Extend Your Use of JIRA by Solving Your Unique Concerns: An Exposé of the New...
Extend Your Use of JIRA by Solving Your Unique Concerns: An Exposé of the New...
Atlassian
AT&T 2012 DevLab Speech API Deep Dive
AT&T 2012 DevLab Speech API Deep Dive
Michael Owens
Authorization Architecture Patterns: How to Avoid Pitfalls in #OAuth / #OIDC ...
Authorization Architecture Patterns: How to Avoid Pitfalls in #OAuth / #OIDC ...
Tatsuo Kudo
Introduction to OAuth2.0
Introduction to OAuth2.0
Oracle Corporation
Authorization Using JWTs
Authorization Using JWTs
ForgeRock Identity Tech Talks
Webinar: Identity Wars: The Unified Platform Awakens
Webinar: Identity Wars: The Unified Platform Awakens
ForgeRock
Similar a OAuth Multiple Lifetime Token
(20)
CIS13: Bootcamp: Ping Identity OAuth and OpenID Connect In Action with PingFe...
CIS13: Bootcamp: Ping Identity OAuth and OpenID Connect In Action with PingFe...
OAuth - Don’t Throw the Baby Out with the Bathwater
OAuth - Don’t Throw the Baby Out with the Bathwater
170724 JP/UK Open Banking Summit English Translation
170724 JP/UK Open Banking Summit English Translation
Oauth2.0
Oauth2.0
OAuth in the Real World featuring Webshell
OAuth in the Real World featuring Webshell
CIS13: Introduction to OAuth 2.0
CIS13: Introduction to OAuth 2.0
CIS 2015 Extreme OAuth - Paul Meyer
CIS 2015 Extreme OAuth - Paul Meyer
Consideration on Holder-of-Key Bound Token < from Financial-grade API (FAPI) ...
Consideration on Holder-of-Key Bound Token < from Financial-grade API (FAPI) ...
Single-Page-Application & REST security
Single-Page-Application & REST security
2022 APIsecure_Why Assertion-based Access Token is preferred to Handle-based ...
2022 APIsecure_Why Assertion-based Access Token is preferred to Handle-based ...
Why Assertion-based Access Token is preferred to Handle-based one?
Why Assertion-based Access Token is preferred to Handle-based one?
Open APIs - Risks and Rewards (Øredev 2013)
Open APIs - Risks and Rewards (Øredev 2013)
OAuth2 Introduction
OAuth2 Introduction
Extend Your Use of JIRA by Solving Your Unique Concerns: An Exposé of the New...
Extend Your Use of JIRA by Solving Your Unique Concerns: An Exposé of the New...
Extend Your Use of JIRA by Solving Your Unique Concerns: An Exposé of the New...
Extend Your Use of JIRA by Solving Your Unique Concerns: An Exposé of the New...
AT&T 2012 DevLab Speech API Deep Dive
AT&T 2012 DevLab Speech API Deep Dive
Authorization Architecture Patterns: How to Avoid Pitfalls in #OAuth / #OIDC ...
Authorization Architecture Patterns: How to Avoid Pitfalls in #OAuth / #OIDC ...
Introduction to OAuth2.0
Introduction to OAuth2.0
Authorization Using JWTs
Authorization Using JWTs
Webinar: Identity Wars: The Unified Platform Awakens
Webinar: Identity Wars: The Unified Platform Awakens
Último
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Neo4j
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
Anna Loughnan Colquhoun
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
Maria Levchenko
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
hans926745
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
debabhi2
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
Khem
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
Michael W. Hawkins
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
Andrey Devyatkin
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
HampshireHUG
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
The Digital Insurer
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
Radu Cotescu
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Joaquim Jorge
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
apidays
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
apidays
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
vu2urc
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
Rafal Los
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
ThousandEyes
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Safe Software
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
wesley chun
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
UK Journal
Último
(20)
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
OAuth Multiple Lifetime Token
1.
OAuth Multiple lifetime
token by Yahoo! Japan
2.
1 Copyright ©
2010 Yahoo Japan Corporation. All Rights Reserved. 無断引用・転載禁止 Summary –Proposal toward OAuth v2 spec –multiple lifetime tokens (access_token & refresh_token) –no change in process of OAuth, only change in token,lifetime and scope parameter. –Introduction of Yahoo! JAPAN OAuth API and security policy
3.
2 Copyright ©
2010 Yahoo Japan Corporation. All Rights Reserved. 無断引用・転載禁止 Yahoo! JAPAN OAuth APIs Payment API ”Credit Card Payment” Point API ”Award and use Y!Points” Contacts API ”Read Contact List of Y!Mail” Social API ”Read & Update Y!Profiles” Attribute API ”Read User Attributes” Auction API ”Bidding or Selling at Y!Auction”
4.
3 Copyright ©
2010 Yahoo Japan Corporation. All Rights Reserved. 無断引用・転載禁止 Security Level of APIs Security Level Token Lifetime Payment API Y! Point API high short Attribute API Contacts API middle medium Social APIs (User Status & Updates) low long
5.
4 Copyright ©
2010 Yahoo Japan Corporation. All Rights Reserved. 無断引用・転載禁止 Current issue – Moba-ge-town(http://yahoo-mbga.jp/) – Social API (security level: low) – Update Yahoo! Profile – Contacts API (security level: middle) – Find Friends, Send Invitation to Friends – Payment API (security level: high) – Purchase Avatar Item, Virtual coin expires in 2w
6.
5 Copyright ©
2010 Yahoo Japan Corporation. All Rights Reserved. 無断引用・転載禁止 Web Server Profile User-Agent (Web browser) Client (Web App) AuthZ Server (Service Provider) Access Grant Ask for Permission Authorization Request w/ multiple scopes Authorization code & multiple scopes Authorization code & multiple scopes Access(and refresh) Tokens with different lifetime w/ multiple scopes
7.
6 Copyright ©
2010 Yahoo Japan Corporation. All Rights Reserved. 無断引用・転載禁止 User-agent Profile – Still needs consideration about the URL lengh User-Agent (Web browser) AuthZ Server (Service provider Access Grant Ask for Permission Authorization Request w/ multiple scopes multiple Access(or refresh) Token with different lifetime w/ multiple scopes
8.
7 Copyright ©
2010 Yahoo Japan Corporation. All Rights Reserved. 無断引用・転載禁止 Idea of multiple liftetime access token – Manage each access token lifetime by “expires_in” { “scope": “payment social" "access_token": "SlAV32hkKG V2v5ehmLY" "expires_in": "3600 1206900" } expires in 1h. expires in 2w
9.
8 Copyright ©
2010 Yahoo Japan Corporation. All Rights Reserved. 無断引用・転載禁止 Idea of multiple lifetime refresh_token – set access token lifetimes short and set refresh_token lifetimes longer { “scope": “payment social" "access_token": "SlAV32hkKG V2v5ehmLY" "expires_in": "3600 3600" "refresh_token": "8xLOxBtZp8 7euhZh4E" } expires in 1h. expires in 2w
Descargar ahora