oauth with facebook and google using
Post on 21-Jul-2022
3 Views
Preview:
TRANSCRIPT
OAuth with Facebook and Google Using .NET
Sathyaish Chakravarthy, Independent Consultant
You
Contacts
Gmail
Resource Owner
Resource Server
Client
OAuth allows you to give a third-party application the
permission to use some of your resources on a resource
server without giving the third party your user name
and password on the resource server.
“”
REGISTERING CLIENTS
console.developers.google.com
developers.facebook.com
ROLES & FLOWS
Implicit
Flow
Authorization
Code
Flow
Resource Server
Client Credentials
Flow
Resource Owner
Password Credentials
Flow
DEMO: GOOGLE OAUTH CLIENT (AUTHORIZATION CODE FLOW)
DEMO: FACEBOOK OAUTH CLIENT (AUTHORIZATION CODE FLOW)
Summary: What’s in it for me?
Summary: What’s in it for me?
User
Client
Summary: What’s in it for me?
Limitations of OAuth 2.0
• No discovery
• Requires HTTPS
• Open redirectors – RFC 6819 – OAuth 2.0 Thread Model and Security Considerations
• Implementations differ widely
Further Reading
• RFC 6749 – The OAuth 2.0 Authorization Frameworkhttp://tools.ietf.org/html/rfc6749
• Documentation of the OAuth server
top related