SlideShare a Scribd company logo

Hybrid authentication - Talking To Major Social Networks

Download as PPTX, PDF
Rayhan Chowdhury
Rayhan Chowdhury
Technology
1 of 28
Hybrid Authentication - Talking to major social networks Md. Rayhan Chowdhury
You have developed a Wow application. & You're sure everybody will like it. phpXperts 2011 Md. Rayhan Chowdhury | ray@raynux.com 2
Please Register to taste our WOW Service? Okey, cool, will try later... phpXperts 2011 Md. Rayhan Chowdhury | ray@raynux.com 3
How can you avoid this boring registration? phpXperts 2011 Md. Rayhan Chowdhury | ray@raynux.com 4
Hybrid Authentication Login with Facebook Login with Google Account Login with Windows Live User phpXperts 2011 Md. Rayhan Chowdhury | ray@raynux.com 5
It has Benefits too  Hassle free login/registration  More website users  Successful Business  More money You phpXperts 2011 Md. Rayhan Chowdhury | ray@raynux.com 6
There is also a bonus! You have access to user's social data, friend base phpXperts 2011 Md. Rayhan Chowdhury | ray@raynux.com 7
Cool! But .... Isn't it too complex? Is there any standard? How to implement? phpXperts 2011 Md. Rayhan Chowdhury | ray@raynux.com 8
Yes, there is a standard and its so simple with OAuth 2.0 phpXperts 2011 Md. Rayhan Chowdhury | ray@raynux.com 9
What is OAuth?  Stands for Open Authorization  Before OAuth: Google AuthSub, AOL OpenAuth, Yahoo BBAuth, Flickr API, Amazon Web Services API, FacebookAuth  First introduced in 2006  Designed for API access delegation phpXperts 2011 Md. Rayhan Chowdhury | ray@raynux.com 10
OAuth 2.0  Next evolution of OAuth 1.0  Easy to implement  More flows to support desktop and mobile and living room devices  Not backward compatible with OAuth 1.0 phpXperts 2011 Md. Rayhan Chowdhury | ray@raynux.com 11
OAuth 2.0 flows are  User-Agent Flow  Web Server Flow  Device Flow  Username and Password Flow  Client Credentials Flow  Assertion Flow phpXperts 2011 Md. Rayhan Chowdhury | ray@raynux.com 12
How does OAuth 2.0 work? Google Authorization Request Authorization Code Resource Owner Request Access Token Client Authorization Server (Your website) Access Token Access Token Protected Resource Resource Server phpXperts 2011 Md. Rayhan Chowdhury | ray@raynux.com 13
Web Flow – Implementation  Register your app @ https://code.google.com/apis/console/b/0/ phpXperts 2011 Md. Rayhan Chowdhury | ray@raynux.com 14
Web Flow – Get Authorization Code Login with Google Account https://accounts.google.com/o/oauth2/auth?client_id=...&respons e_type=code&redirect_uri=...&scope=... http://mine2share.com/labs/oauth2/callback.php?code=authoriza tion_code phpXperts 2011 Md. Rayhan Chowdhury | ray@raynux.com 15
Web Flow – Get Access Code  Now from your Redirect URI, make a post request using CURL with following parameters https://accounts.google.com/o/oauth2/token?client_id=...&client_ secret=...&grant_type=authorization_code&code=..&redirect_uri= ... { "access_token" : "...", "expires_in" : 3600 } phpXperts 2011 Md. Rayhan Chowdhury | ray@raynux.com 16
Web Flow – Get Resource Use the access_token to get granted resources https://www.googleapis.com/oauth2/v1/userinfo?access_code=... array ( 'id' => '1150948574743835905', 'email' => 'faisal@bankinfobd.com', 'verified_email' => true, 'name' => 'Faisal Morshed', 'given_name' => 'Faisal', 'family_name' => 'Morshed', ) phpXperts 2011 Md. Rayhan Chowdhury | ray@raynux.com 17
How to implement? phpXperts 2011 Md. Rayhan Chowdhury | ray@raynux.com 18
Configure OAuth2Consumer class File: config.php OAuth2Consumer::getInstance('Facebook', array( 'client_id' => 'your-client-id', 'client_secret' => 'your-client-secret', 'redirect_uri' => 'http://yoursite/callback.php', 'scope' => 'email,read_stream', 'base_uri' => 'https://graph.facebook.com/', 'authorize_uri' => 'https://graph.facebook.com/oauth/authorize', 'access_token_uri' => 'https://graph.facebook.com/oauth/access_token', )); phpXperts 2011 Md. Rayhan Chowdhury | ray@raynux.com 19
Step 1 Get user authorization File: connect.php Oauth2Consumer::getInstance('Facebook')->authorize(); phpXperts 2011 Md. Rayhan Chowdhury | ray@raynux.com 20
Redirect to OAuth 2.0 end point phpXperts 2011 Md. Rayhan Chowdhury | ray@raynux.com 21
Step 2 Grab the Access Token File: callback.php $oauth2 = Oauth2Consumer::getInstance('Facebook'); $accessToken = $oauth2->getAccessToken();  Save this access token phpXperts 2011 Md. Rayhan Chowdhury | ray@raynux.com 22
Step 3 Use the API with Access Token  Set the access token $oauth = Oauth2Consumer::getInstance('Facebook'); $oauth->setVariable('access_token', $accessToken);  Use the API as much as you want $profile = $oauth->api('me'); $friends = $oauth->api('me/friendlists'); $albums = $oauth->api('me/albums'); phpXperts 2011 Md. Rayhan Chowdhury | ray@raynux.com 23
Decide to Login or Register  User is new? create an account first  Otherwise, log him/her in to your app  keep users and connections table separate Users 1 n Connections phpXperts 2011 Md. Rayhan Chowdhury | ray@raynux.com 24
Socialize Your Application  Encourage user to add more connections  You have read/write access, so  Engage more  Respect user's opinion  Remember! never misuse phpXperts 2011 Md. Rayhan Chowdhury | ray@raynux.com 25
Who Support OAuth 2.0 phpXperts 2011 Md. Rayhan Chowdhury | ray@raynux.com 26
References Google API: Documentation: http://code.google.com/apis/accounts/docs/OAuth2.html API Console: https://code.google.com/apis/console/b/0/ Facebook: API Console: https://developers.facebook.com/apps Documentation: https://developers.facebook.com/docs/authentication/ Windows Live: API Console: https://manage.dev.live.com/ Documentation: http://msdn.microsoft.com/en-us/library/hh243647.aspx OAuth 2.0: http://tools.ietf.org/html/draft-ietf-oauth-v2-22 http://oauth.net/2/ Oauth2Consumer Class & Example: http://raynux.com/ray/labs/projects/oauth2.zip phpXperts 2011 Md. Rayhan Chowdhury | ray@raynux.com 27
Question and Answer Thank you phpXperts 2011 Md. Rayhan Chowdhury | ray@raynux.com 28

Recommended

LinkedIn OAuth: Zero To Hero
LinkedIn OAuth: Zero To HeroLinkedIn OAuth: Zero To Hero
LinkedIn OAuth: Zero To Hero
Taylor Singletary
 
OAuth2 Authentication
OAuth2 AuthenticationOAuth2 Authentication
OAuth2 Authentication
Ismael Costa
 
Oauth2 and OWSM OAuth2 support
Oauth2 and OWSM OAuth2 supportOauth2 and OWSM OAuth2 support
Oauth2 and OWSM OAuth2 support
Gaurav Sharma
 
A simple PHP LinkedIn OAuth 2.0 example
A simple PHP LinkedIn OAuth 2.0 exampleA simple PHP LinkedIn OAuth 2.0 example
A simple PHP LinkedIn OAuth 2.0 example
Mattia Reggiani
 
Oauth 2.0
Oauth 2.0Oauth 2.0
Oauth 2.0
Manish Kumar Singh
 
OAuth2 and LinkedIn
OAuth2 and LinkedInOAuth2 and LinkedIn
OAuth2 and LinkedIn
Kamyar Mohager
 
OAuth 2.0 - The fundamentals, the good , the bad, technical primer and commo...
OAuth 2.0 - The fundamentals, the good , the bad, technical primer and commo...OAuth 2.0 - The fundamentals, the good , the bad, technical primer and commo...
OAuth 2.0 - The fundamentals, the good , the bad, technical primer and commo...
Good Dog Labs, Inc.
 
OAuth2 and Spring Security
OAuth2 and Spring SecurityOAuth2 and Spring Security
OAuth2 and Spring Security
Orest Ivasiv
 

Recommended

LinkedIn OAuth: Zero To Hero
LinkedIn OAuth: Zero To HeroLinkedIn OAuth: Zero To Hero
LinkedIn OAuth: Zero To Hero
Taylor Singletary
 
OAuth2 Authentication
OAuth2 AuthenticationOAuth2 Authentication
OAuth2 Authentication
Ismael Costa
 
Oauth2 and OWSM OAuth2 support
Oauth2 and OWSM OAuth2 supportOauth2 and OWSM OAuth2 support
Oauth2 and OWSM OAuth2 support
Gaurav Sharma
 
A simple PHP LinkedIn OAuth 2.0 example
A simple PHP LinkedIn OAuth 2.0 exampleA simple PHP LinkedIn OAuth 2.0 example
A simple PHP LinkedIn OAuth 2.0 example
Mattia Reggiani
 
Oauth 2.0
Oauth 2.0Oauth 2.0
Oauth 2.0
Manish Kumar Singh
 
OAuth2 and LinkedIn
OAuth2 and LinkedInOAuth2 and LinkedIn
OAuth2 and LinkedIn
Kamyar Mohager
 
OAuth 2.0 - The fundamentals, the good , the bad, technical primer and commo...
OAuth 2.0 - The fundamentals, the good , the bad, technical primer and commo...OAuth 2.0 - The fundamentals, the good , the bad, technical primer and commo...
OAuth 2.0 - The fundamentals, the good , the bad, technical primer and commo...
Good Dog Labs, Inc.
 
OAuth2 and Spring Security
OAuth2 and Spring SecurityOAuth2 and Spring Security
OAuth2 and Spring Security
Orest Ivasiv
 
Using ArcGIS with OAuth 2.0 - Esri DevSummit Dubai 2013
Using ArcGIS with OAuth 2.0 - Esri DevSummit Dubai 2013Using ArcGIS with OAuth 2.0 - Esri DevSummit Dubai 2013
Using ArcGIS with OAuth 2.0 - Esri DevSummit Dubai 2013
Aaron Parecki
 
(1) OAuth 2.0 Overview
(1) OAuth 2.0 Overview(1) OAuth 2.0 Overview
(1) OAuth 2.0 Overview
anikristo
 
An Introduction to OAuth2
An Introduction to OAuth2An Introduction to OAuth2
An Introduction to OAuth2
Aaron Parecki
 
Stateless Auth using OAuth2 & JWT
Stateless Auth using OAuth2 & JWTStateless Auth using OAuth2 & JWT
Stateless Auth using OAuth2 & JWT
Gaurav Roy
 
OAuth 2.0
OAuth 2.0OAuth 2.0
OAuth 2.0
Uwe Friedrichsen
 
Adding Identity Management and Access Control to your Application, Authorization
Adding Identity Management and Access Control to your Application, AuthorizationAdding Identity Management and Access Control to your Application, Authorization
Adding Identity Management and Access Control to your Application, Authorization
Fernando Lopez Aguilar
 
OAuth2 - Introduction
OAuth2 - IntroductionOAuth2 - Introduction
OAuth2 - Introduction
Knoldus Inc.
 
An Introduction to OAuth 2
An Introduction to OAuth 2An Introduction to OAuth 2
An Introduction to OAuth 2
Aaron Parecki
 
An introduction to OAuth 2
An introduction to OAuth 2An introduction to OAuth 2
An introduction to OAuth 2
Sanjoy Kumar Roy
 
IdM and AC
IdM and ACIdM and AC
IdM and AC
Fernando Lopez Aguilar
 
Security for oauth 2.0 - @topavankumarj
Security for oauth 2.0 - @topavankumarjSecurity for oauth 2.0 - @topavankumarj
Security for oauth 2.0 - @topavankumarj
Pavan Kumar J
 
OAuth 2 Presentation
OAuth 2 PresentationOAuth 2 Presentation
OAuth 2 Presentation
Mohamed Ahmed Abdullah
 
Securing RESTful APIs using OAuth 2 and OpenID Connect
Securing RESTful APIs using OAuth 2 and OpenID ConnectSecuring RESTful APIs using OAuth 2 and OpenID Connect
Securing RESTful APIs using OAuth 2 and OpenID Connect
Jonathan LeBlanc
 
The State of OAuth2
The State of OAuth2The State of OAuth2
The State of OAuth2
Aaron Parecki
 
Demystifying OAuth 2.0
Demystifying OAuth 2.0Demystifying OAuth 2.0
Demystifying OAuth 2.0
Karl McGuinness
 
Linkedin & OAuth
Linkedin & OAuthLinkedin & OAuth
Linkedin & OAuth
Umang Goyal
 
FI-WARE Account and OAuth solution
FI-WARE Account and OAuth solutionFI-WARE Account and OAuth solution
FI-WARE Account and OAuth solution
Javier Cerviño
 
Oauth2.0
Oauth2.0Oauth2.0
Oauth2.0
Yasmine Gaber
 
OAuth2 Protocol with Grails Spring Security
OAuth2 Protocol with Grails Spring SecurityOAuth2 Protocol with Grails Spring Security
OAuth2 Protocol with Grails Spring Security
NexThoughts Technologies
 
Intro to API Security with Oauth 2.0
Intro to API Security with Oauth 2.0Intro to API Security with Oauth 2.0
Intro to API Security with Oauth 2.0
Functional Imperative
 
FIware Identity Manager
FIware Identity ManagerFIware Identity Manager
FIware Identity Manager
Joaquín Salvachúa
 
Adding Identity Management and Access Control to your Application
Adding Identity Management and Access Control to your ApplicationAdding Identity Management and Access Control to your Application
Adding Identity Management and Access Control to your Application
Fernando Lopez Aguilar
 

More Related Content

What's hot

Using ArcGIS with OAuth 2.0 - Esri DevSummit Dubai 2013
Using ArcGIS with OAuth 2.0 - Esri DevSummit Dubai 2013Using ArcGIS with OAuth 2.0 - Esri DevSummit Dubai 2013
Using ArcGIS with OAuth 2.0 - Esri DevSummit Dubai 2013
Aaron Parecki
 
Security for oauth 2.0 - @topavankumarj
Security for oauth 2.0 - @topavankumarjSecurity for oauth 2.0 - @topavankumarj
Security for oauth 2.0 - @topavankumarj
Pavan Kumar J
 

What's hot (20)

Using ArcGIS with OAuth 2.0 - Esri DevSummit Dubai 2013
Using ArcGIS with OAuth 2.0 - Esri DevSummit Dubai 2013Using ArcGIS with OAuth 2.0 - Esri DevSummit Dubai 2013
Using ArcGIS with OAuth 2.0 - Esri DevSummit Dubai 2013
 
(1) OAuth 2.0 Overview
(1) OAuth 2.0 Overview(1) OAuth 2.0 Overview
(1) OAuth 2.0 Overview
 
An Introduction to OAuth2
An Introduction to OAuth2An Introduction to OAuth2
An Introduction to OAuth2
 
Stateless Auth using OAuth2 & JWT
Stateless Auth using OAuth2 & JWTStateless Auth using OAuth2 & JWT
Stateless Auth using OAuth2 & JWT
 
OAuth 2.0
OAuth 2.0OAuth 2.0
OAuth 2.0
 
Adding Identity Management and Access Control to your Application, Authorization
Adding Identity Management and Access Control to your Application, AuthorizationAdding Identity Management and Access Control to your Application, Authorization
Adding Identity Management and Access Control to your Application, Authorization
 
OAuth2 - Introduction
OAuth2 - IntroductionOAuth2 - Introduction
OAuth2 - Introduction
 
An Introduction to OAuth 2
An Introduction to OAuth 2An Introduction to OAuth 2
An Introduction to OAuth 2
 
An introduction to OAuth 2
An introduction to OAuth 2An introduction to OAuth 2
An introduction to OAuth 2
 
IdM and AC
IdM and ACIdM and AC
IdM and AC
 
Security for oauth 2.0 - @topavankumarj
Security for oauth 2.0 - @topavankumarjSecurity for oauth 2.0 - @topavankumarj
Security for oauth 2.0 - @topavankumarj
 
OAuth 2 Presentation
OAuth 2 PresentationOAuth 2 Presentation
OAuth 2 Presentation
 
Securing RESTful APIs using OAuth 2 and OpenID Connect
Securing RESTful APIs using OAuth 2 and OpenID ConnectSecuring RESTful APIs using OAuth 2 and OpenID Connect
Securing RESTful APIs using OAuth 2 and OpenID Connect
 
The State of OAuth2
The State of OAuth2The State of OAuth2
The State of OAuth2
 
Demystifying OAuth 2.0
Demystifying OAuth 2.0Demystifying OAuth 2.0
Demystifying OAuth 2.0
 
Linkedin & OAuth
Linkedin & OAuthLinkedin & OAuth
Linkedin & OAuth
 
FI-WARE Account and OAuth solution
FI-WARE Account and OAuth solutionFI-WARE Account and OAuth solution
FI-WARE Account and OAuth solution
 
Oauth2.0
Oauth2.0Oauth2.0
Oauth2.0
 
OAuth2 Protocol with Grails Spring Security
OAuth2 Protocol with Grails Spring SecurityOAuth2 Protocol with Grails Spring Security
OAuth2 Protocol with Grails Spring Security
 
Intro to API Security with Oauth 2.0
Intro to API Security with Oauth 2.0Intro to API Security with Oauth 2.0
Intro to API Security with Oauth 2.0
 

Similar to Hybrid authentication - Talking To Major Social Networks

Stateless authentication with OAuth 2 and JWT - JavaZone 2015
Stateless authentication with OAuth 2 and JWT - JavaZone 2015Stateless authentication with OAuth 2 and JWT - JavaZone 2015
Stateless authentication with OAuth 2 and JWT - JavaZone 2015
Alvaro Sanchez-Mariscal
 
Stateless authentication for microservices - Spring I/O 2015
Stateless authentication for microservices - Spring I/O 2015Stateless authentication for microservices - Spring I/O 2015
Stateless authentication for microservices - Spring I/O 2015
Alvaro Sanchez-Mariscal
 

Similar to Hybrid authentication - Talking To Major Social Networks (20)

FIware Identity Manager
FIware Identity ManagerFIware Identity Manager
FIware Identity Manager
 
Adding Identity Management and Access Control to your Application
Adding Identity Management and Access Control to your ApplicationAdding Identity Management and Access Control to your Application
Adding Identity Management and Access Control to your Application
 
Id fiware upm-dit
Id fiware upm-ditId fiware upm-dit
Id fiware upm-dit
 
FIWARE ID Management
FIWARE ID ManagementFIWARE ID Management
FIWARE ID Management
 
Stateless Auth using OAUTH2 & JWT
Stateless Auth using OAUTH2 & JWTStateless Auth using OAUTH2 & JWT
Stateless Auth using OAUTH2 & JWT
 
Api security
Api security Api security
Api security
 
Implementing open authentication_in_your_app
Implementing open authentication_in_your_appImplementing open authentication_in_your_app
Implementing open authentication_in_your_app
 
FIWARE Global Summit - Adding Identity Management, Access Control and API Man...
FIWARE Global Summit - Adding Identity Management, Access Control and API Man...FIWARE Global Summit - Adding Identity Management, Access Control and API Man...
FIWARE Global Summit - Adding Identity Management, Access Control and API Man...
 
How to Build an Indivo X Personal Health App
How to Build an Indivo X Personal Health AppHow to Build an Indivo X Personal Health App
How to Build an Indivo X Personal Health App
 
Stateless authentication with OAuth 2 and JWT - JavaZone 2015
Stateless authentication with OAuth 2 and JWT - JavaZone 2015Stateless authentication with OAuth 2 and JWT - JavaZone 2015
Stateless authentication with OAuth 2 and JWT - JavaZone 2015
 
Demystifying OAuth 2.0
Demystifying OAuth 2.0Demystifying OAuth 2.0
Demystifying OAuth 2.0
 
How to authenticate users in your apps using FI-WARE Account - Introduction
How to authenticate users in your apps using FI-WARE Account - IntroductionHow to authenticate users in your apps using FI-WARE Account - Introduction
How to authenticate users in your apps using FI-WARE Account - Introduction
 
Stateless authentication for microservices - Greach 2015
Stateless authentication for microservices - Greach 2015Stateless authentication for microservices - Greach 2015
Stateless authentication for microservices - Greach 2015
 
Understanding Identity in the World of Web APIs – Ronnie Mitra, API Architec...
Understanding Identity in the World of Web APIs – Ronnie Mitra, API Architec...Understanding Identity in the World of Web APIs – Ronnie Mitra, API Architec...
Understanding Identity in the World of Web APIs – Ronnie Mitra, API Architec...
 
Stateless authentication for microservices - GR8Conf 2015
Stateless authentication for microservices - GR8Conf 2015Stateless authentication for microservices - GR8Conf 2015
Stateless authentication for microservices - GR8Conf 2015
 
OAuth in the Wild
OAuth in the WildOAuth in the Wild
OAuth in the Wild
 
Stateless authentication for microservices - Spring I/O 2015
Stateless authentication for microservices - Spring I/O 2015Stateless authentication for microservices - Spring I/O 2015
Stateless authentication for microservices - Spring I/O 2015
 
API Security with OAuth2.0.
API Security with OAuth2.0.API Security with OAuth2.0.
API Security with OAuth2.0.
 
Api security with OAuth
Api security with OAuthApi security with OAuth
Api security with OAuth
 
Devteach 2017 OAuth and Open id connect demystified
Devteach 2017 OAuth and Open id connect demystifiedDevteach 2017 OAuth and Open id connect demystified
Devteach 2017 OAuth and Open id connect demystified
 

Recently uploaded

Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
vu2urc
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
Enterprise Knowledge
 

Recently uploaded (20)

Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 

Hybrid authentication - Talking To Major Social Networks

  • 1. Hybrid Authentication - Talking to major social networks Md. Rayhan Chowdhury
  • 2. You have developed a Wow application. & You're sure everybody will like it. phpXperts 2011 Md. Rayhan Chowdhury | ray@raynux.com 2
  • 3. Please Register to taste our WOW Service? Okey, cool, will try later... phpXperts 2011 Md. Rayhan Chowdhury | ray@raynux.com 3
  • 4. How can you avoid this boring registration? phpXperts 2011 Md. Rayhan Chowdhury | ray@raynux.com 4
  • 5. Hybrid Authentication Login with Facebook Login with Google Account Login with Windows Live User phpXperts 2011 Md. Rayhan Chowdhury | ray@raynux.com 5
  • 6. It has Benefits too  Hassle free login/registration  More website users  Successful Business  More money You phpXperts 2011 Md. Rayhan Chowdhury | ray@raynux.com 6
  • 7. There is also a bonus! You have access to user's social data, friend base phpXperts 2011 Md. Rayhan Chowdhury | ray@raynux.com 7
  • 8. Cool! But .... Isn't it too complex? Is there any standard? How to implement? phpXperts 2011 Md. Rayhan Chowdhury | ray@raynux.com 8
  • 9. Yes, there is a standard and its so simple with OAuth 2.0 phpXperts 2011 Md. Rayhan Chowdhury | ray@raynux.com 9
  • 10. What is OAuth?  Stands for Open Authorization  Before OAuth: Google AuthSub, AOL OpenAuth, Yahoo BBAuth, Flickr API, Amazon Web Services API, FacebookAuth  First introduced in 2006  Designed for API access delegation phpXperts 2011 Md. Rayhan Chowdhury | ray@raynux.com 10
  • 11. OAuth 2.0  Next evolution of OAuth 1.0  Easy to implement  More flows to support desktop and mobile and living room devices  Not backward compatible with OAuth 1.0 phpXperts 2011 Md. Rayhan Chowdhury | ray@raynux.com 11
  • 12. OAuth 2.0 flows are  User-Agent Flow  Web Server Flow  Device Flow  Username and Password Flow  Client Credentials Flow  Assertion Flow phpXperts 2011 Md. Rayhan Chowdhury | ray@raynux.com 12
  • 13. How does OAuth 2.0 work? Google Authorization Request Authorization Code Resource Owner Request Access Token Client Authorization Server (Your website) Access Token Access Token Protected Resource Resource Server phpXperts 2011 Md. Rayhan Chowdhury | ray@raynux.com 13
  • 14. Web Flow – Implementation  Register your app @ https://code.google.com/apis/console/b/0/ phpXperts 2011 Md. Rayhan Chowdhury | ray@raynux.com 14
  • 15. Web Flow – Get Authorization Code Login with Google Account https://accounts.google.com/o/oauth2/auth?client_id=...&respons e_type=code&redirect_uri=...&scope=... http://mine2share.com/labs/oauth2/callback.php?code=authoriza tion_code phpXperts 2011 Md. Rayhan Chowdhury | ray@raynux.com 15
  • 16. Web Flow – Get Access Code  Now from your Redirect URI, make a post request using CURL with following parameters https://accounts.google.com/o/oauth2/token?client_id=...&client_ secret=...&grant_type=authorization_code&code=..&redirect_uri= ... { "access_token" : "...", "expires_in" : 3600 } phpXperts 2011 Md. Rayhan Chowdhury | ray@raynux.com 16
  • 17. Web Flow – Get Resource Use the access_token to get granted resources https://www.googleapis.com/oauth2/v1/userinfo?access_code=... array ( 'id' => '1150948574743835905', 'email' => 'faisal@bankinfobd.com', 'verified_email' => true, 'name' => 'Faisal Morshed', 'given_name' => 'Faisal', 'family_name' => 'Morshed', ) phpXperts 2011 Md. Rayhan Chowdhury | ray@raynux.com 17
  • 18. How to implement? phpXperts 2011 Md. Rayhan Chowdhury | ray@raynux.com 18
  • 19. Configure OAuth2Consumer class File: config.php OAuth2Consumer::getInstance('Facebook', array( 'client_id' => 'your-client-id', 'client_secret' => 'your-client-secret', 'redirect_uri' => 'http://yoursite/callback.php', 'scope' => 'email,read_stream', 'base_uri' => 'https://graph.facebook.com/', 'authorize_uri' => 'https://graph.facebook.com/oauth/authorize', 'access_token_uri' => 'https://graph.facebook.com/oauth/access_token', )); phpXperts 2011 Md. Rayhan Chowdhury | ray@raynux.com 19
  • 20. Step 1 Get user authorization File: connect.php Oauth2Consumer::getInstance('Facebook')->authorize(); phpXperts 2011 Md. Rayhan Chowdhury | ray@raynux.com 20
  • 21. Redirect to OAuth 2.0 end point phpXperts 2011 Md. Rayhan Chowdhury | ray@raynux.com 21
  • 22. Step 2 Grab the Access Token File: callback.php $oauth2 = Oauth2Consumer::getInstance('Facebook'); $accessToken = $oauth2->getAccessToken();  Save this access token phpXperts 2011 Md. Rayhan Chowdhury | ray@raynux.com 22
  • 23. Step 3 Use the API with Access Token  Set the access token $oauth = Oauth2Consumer::getInstance('Facebook'); $oauth->setVariable('access_token', $accessToken);  Use the API as much as you want $profile = $oauth->api('me'); $friends = $oauth->api('me/friendlists'); $albums = $oauth->api('me/albums'); phpXperts 2011 Md. Rayhan Chowdhury | ray@raynux.com 23
  • 24. Decide to Login or Register  User is new? create an account first  Otherwise, log him/her in to your app  keep users and connections table separate Users 1 n Connections phpXperts 2011 Md. Rayhan Chowdhury | ray@raynux.com 24
  • 25. Socialize Your Application  Encourage user to add more connections  You have read/write access, so  Engage more  Respect user's opinion  Remember! never misuse phpXperts 2011 Md. Rayhan Chowdhury | ray@raynux.com 25
  • 26. Who Support OAuth 2.0 phpXperts 2011 Md. Rayhan Chowdhury | ray@raynux.com 26
  • 27. References Google API: Documentation: http://code.google.com/apis/accounts/docs/OAuth2.html API Console: https://code.google.com/apis/console/b/0/ Facebook: API Console: https://developers.facebook.com/apps Documentation: https://developers.facebook.com/docs/authentication/ Windows Live: API Console: https://manage.dev.live.com/ Documentation: http://msdn.microsoft.com/en-us/library/hh243647.aspx OAuth 2.0: http://tools.ietf.org/html/draft-ietf-oauth-v2-22 http://oauth.net/2/ Oauth2Consumer Class & Example: http://raynux.com/ray/labs/projects/oauth2.zip phpXperts 2011 Md. Rayhan Chowdhury | ray@raynux.com 27
  • 28. Question and Answer Thank you phpXperts 2011 Md. Rayhan Chowdhury | ray@raynux.com 28