oauth with facebook and google using
TRANSCRIPT
OAuth with Facebook and Google Using .NET
Sathyaish Chakravarthy, Independent Consultant
You
Contacts
Gmail
Resource Owner
Resource Server
Client
OAuth allows you to give a third-party application the
permission to use some of your resources on a resource
server without giving the third party your user name
and password on the resource server.
“”
REGISTERING CLIENTS
console.developers.google.com
developers.facebook.com
ROLES & FLOWS
Implicit
Flow
Authorization
Code
Flow
Resource Server
Client Credentials
Flow
Resource Owner
Password Credentials
Flow
DEMO: GOOGLE OAUTH CLIENT (AUTHORIZATION CODE FLOW)
DEMO: FACEBOOK OAUTH CLIENT (AUTHORIZATION CODE FLOW)
Summary: What’s in it for me?
Summary: What’s in it for me?
User
Client
Summary: What’s in it for me?
Limitations of OAuth 2.0
• No discovery
• Requires HTTPS
• Open redirectors – RFC 6819 – OAuth 2.0 Thread Model and Security Considerations
• Implementations differ widely
Further Reading
• RFC 6749 – The OAuth 2.0 Authorization Frameworkhttp://tools.ietf.org/html/rfc6749
• Documentation of the OAuth server