presentation
OAuth with Facebook and Google Using .NET Sathyaish Chakravarthy, Independent Consultant Gmail You Resource Server Resource Owner Contacts Client “ OAuth allows you to give a third-party application the permission to use some of your resources on a resource server without giving the third party your user name and password on the resource server. ” REGISTERING CLIENTS console.developers.google.com developers.facebook.com ROLES & FLOWS Resource Server Implicit Flow Authorization Code Flow Client Credentials Flow Resource Owner Password Credentials Flow DEMO: GOOGLE OAUTH CLIENT (AUTHORIZATION CODE FLOW) DEMO: FACEBOOK OAUTH CLIENT (AUTHORIZATION CODE FLOW) Summary: What’s in it for me? Summary: What’s in it for me? User Client Summary: What’s in it for me? Limitations of OAuth 2.0 • No discovery • Requires HTTPS • Open redirectors – RFC 6819 – OAuth 2.0 Thread Model and Security Considerations • Implementations differ widely Further Reading • RFC 6749 – The OAuth 2.0 Authorization Framework http://tools.ietf.org/html/rfc6749 • Documentation of the OAuth server
© Copyright 2024