Upload File

Download - Authentication for Droids

Transcript
Page 1: Authentication for Droids

Authentication for DroidsThese are the droids you are looking for

Tim Messerschmidt@SeraAndroid

Page 2: Authentication for Droids

Developer Evangelist

Page 3: Authentication for Droids

Why am I here?

Page 4: Authentication for Droids

Rebuilding the Developer Experience:developer.paypal.com

Page 5: Authentication for Droids
Page 6: Authentication for Droids

Do we always use the same identity?

Page 7: Authentication for Droids

Should we always use the same identity?

Page 8: Authentication for Droids

Authentication vs.Authorization

Page 9: Authentication for Droids

Current standards

Page 10: Authentication for Droids

Basic Authenticationusername:password

Page 11: Authentication for Droids

Passwordswiki.scullsecurity.org/Passwords

Page 12: Authentication for Droids

Security Nightmare

4.7% of users have the password password8.5% have the passwords password or 1234569.8% have the passwords password, 123456, 1234567814% have a password from the top 10 passwords40% have a password from the top 100 passwords79% have a password from the top 500 passwords91% have a password from the top 1000 passwords

Page 13: Authentication for Droids

Allow your users to seetheir input

Page 14: Authentication for Droids

OAuth 1.0

Page 15: Authentication for Droids
Page 16: Authentication for Droids

RequestRequest Token

GrantRequest Token

Direct User to Service Obtain Authorization

Direct to ConsumerRequestAccess Token

GrantAccess Token

AccessResources

Consumer Service Provider

Page 17: Authentication for Droids

OAuth 1.0a

Page 18: Authentication for Droids

Signpost <3github.com/mttkay/signpost

Page 19: Authentication for Droids

OAuth 2.0

Page 20: Authentication for Droids

Direct User to Service Obtain Authorization

RequestAccess Token

GrantAccess Token

Direct to ConsumerAccessResources / Profile

Consumer Service Provider

Page 21: Authentication for Droids

URL url = new URL(”http://url.com/”);HttpURLConnection urlConnection =

(HttpURLConnection) url.openConnection();

setRequestProperty(”Authorization”, ”Bearer …”);

HTTP Header

“url.com/oauth?access_token=…”

URI parameter

Page 22: Authentication for Droids

Scribegithub.com/fernandezpablo85/scribe

PostmanLibgithub.com/fedepaol/PostmanLib--Rings-Twice--Android

Page 23: Authentication for Droids

OAuth 2.0 and the Road to Hellhttp://hueniverse.com/2012/07/oauth-2-0-and-the-road-to-hell/

Page 24: Authentication for Droids

http://homakov.blogspot.de/2013/03/oauth1-oauth2-oauth.html

Page 25: Authentication for Droids
Page 26: Authentication for Droids

Name

Email

Date of Birth

LocaleTime Zone

Address

Gender

Language

Phone Number

Creation Date

Page 27: Authentication for Droids

OpenID

Page 28: Authentication for Droids

BrowserIDPersona

Page 29: Authentication for Droids

How to combine both?

Page 30: Authentication for Droids

OpenID with OAuth Hybrid Extension

Page 31: Authentication for Droids

OpenID Connect

Page 32: Authentication for Droids
Page 33: Authentication for Droids

Identity ProvidersSocial vs. Concrete

Page 34: Authentication for Droids
Page 35: Authentication for Droids
Page 36: Authentication for Droids

Log in via PayPal in the browser or a WebView.

Page 37: Authentication for Droids

Yeah, nice.. but why?

People forget passwords…

45% admit to leaving a website instead of re-setting their password or answering security questions *

* Blue Inc. 2011

Page 38: Authentication for Droids

Also they hate to register

Out of 657 surveyed users 66% think that social sign-in is a desirable alternative. *

* Blue Inc. 2011

Page 39: Authentication for Droids
Page 40: Authentication for Droids

Wrap upIdentity does matterDifference between authentication and authorizationUser Experience should be enhanced not impaired

Page 41: Authentication for Droids

[email protected]@SeraAndroidslideshare.com/paypal


Top Related

Transparent Bridging Support for Authentication …...Transparent Bridging Support for Authentication Proxy Feature Information for Transparent Authentication Proxy Authentication
Transparent Bridging Support for Authentication …...Transparent Bridging Support for Authentication Proxy Feature Information for Transparent Authentication Proxy Authentication
SWd6 Droids Stats
SWd6 Droids Stats
These Aren’t the Droids You’re Looking For
These Aren’t the Droids You’re Looking For
Configuring Claims-based Authentication for Microsoft ... · PDF fileConfiguring Claims-based Authentication for ... Configure Claims-based Authentication for Microsoft Dynamics CRM
Configuring Claims-based Authentication for Microsoft ... · PDF fileConfiguring Claims-based Authentication for ... Configure Claims-based Authentication for Microsoft Dynamics CRM
INTERMEDIATE PROGRAMMING LESSON By: Droids Robotics Debugging Techniques
INTERMEDIATE PROGRAMMING LESSON By: Droids Robotics Debugging Techniques
Droids Table Guide By ShoryukenToTheChin
Droids Table Guide By ShoryukenToTheChin
These Are Not the Droids You Are Looking For: Making Social Media More Human
These Are Not the Droids You Are Looking For: Making Social Media More Human
Droids Stats
Droids Stats