understanding oauth | implementing 'sign-in with twitter' in android apps
TRANSCRIPT
Understanding OAuth | Sign-in with Twitter
Understanding OAuth | Sign-in with Twitter, in Android
Aman AlamApplication Developer – Web & Mobile,Cue Blocks Technologies Pvt. Ltd.,Chandigarh, IN @AmanAlam
Understanding OAuth | Sign-in with Twitter
Objectives
• What is OAuth• Why OAuth (was OpenID not enough)• Types : a) Two legged b) Three legged• Benefits of Using OAuth• How does OAuth work
- Control & Data flow (e.g. Twitter)• Sign-In with Twitter
- OAuth in Android, the Web way• Sample Application
Understanding OAuth | Sign-in with Twitter
Objectives
• What is OAuth• Why OAuth (was OpenID not enough)• Types : a) Two legged b) Three legged• Benefits of Using OAuth• How does OAuth work
- Control & Data flow (e.g. Twitter)• Sign-In with Twitter
- OAuth in Android, the Web way• Sample Application
Understanding OAuth | Sign-in with Twitter
What is OAuth
• OAuth = Open Authentication : Open Standard for Authentication• Lets users share their content without handing
out their credentials.• Applications, which access the users’ content,
use tokens, instead of username/password• Developed for Twitter, opened later• Complementary but distinctive from OpenID• OAuth v2.0 : focuses on client developer
simplicity, not backward compatible, built while keeping in mind different devices (desktop apps, phones etc.)
Understanding OAuth | Sign-in with Twitter
Objectives
What is OAuth• Why OAuth (was OpenID not enough)• Types : a) Two legged b) Three legged• Benefits of Using OAuth• How does OAuth work
- Control & Data flow (e.g. Twitter)• Sign-In with Twitter
- OAuth in Android, the Web way• Sample Application
Understanding OAuth | Sign-in with Twitter
Why OAuth (was OpenID not enough)
• OAuth focuses on granting specific privileges to specific applications.• OpenID focuses on verifying that the users are
really who they claim to be.• OpenID requires providers.• If OAuth was based on OpenID, only those who
could use OpenID, could use OAuth• OpenID facilitates ‘Single Sign-on’ in more
straight forward manner• OAuth helps in limiting access, in controlling
privileges
Understanding OAuth | Sign-in with Twitter
Objectives
What is OAuth Why OAuth (was OpenID not enough)• Types : a) Two legged b) Three legged• Benefits of Using OAuth• How does OAuth work
- Control & Data flow (e.g. Twitter)• Sign-In with Twitter
- OAuth in Android, the Web way• Sample Application
Understanding OAuth | Sign-in with Twitter
Types of OAuth
• Two different usage scenarios of OAuth:• 3 legged• 2 legged
• 3 Legged OAuth:• Client app gets Consumer ‘Key’ & ‘Secret’• Client uses the above to generate a temp URL
and redirects the user to this URL to login (with server)• After user approves the client app, the server
returns an ‘Access Token’ to the client app which is used from this point forward
Understanding OAuth | Sign-in with Twitter
Types of OAuth
•2 Legged OAuth:• Client app gets Consumer ‘Key’ & ‘Secret’• Client uses the above and an empty token
credentials to access the protected resource• 2 legged is similar to Client-Server
communication• 2 legged doesn’t require user to input credentials• Twitter uses 3 legged OAuth
Understanding OAuth | Sign-in with Twitter
Objectives
What is OAuth Why OAuth (was OpenID not enough) Types : a) Two legged b) Three legged• Benefits of Using OAuth• How does OAuth work
- Control & Data flow (e.g. Twitter)• Sign-In with Twitter
- OAuth in Android, the Web way• Sample Application
Understanding OAuth | Sign-in with Twitter
Benefits of Using OAuth
• Helps limiting access• Improves user’s trust in your application (via the
UX) • A way with which you can directly (and with
trust) interact with a Web API• Even if the users change their Username/
Passwords, your AccessToken remains unaffected• User’s app management is centralized : They get
to control access of apps from where their data is (eg. Twitter-Revoke Access)
Understanding OAuth | Sign-in with Twitter
Objectives
What is OAuth Why OAuth (was OpenID not enough) Types : a) Two legged b) Three legged Benefits of Using OAuth• How does OAuth work
- Control & Data flow (e.g. Twitter)• Sign-In with Twitter
- OAuth in Android, the Web way• Sample Application
Understanding OAuth | Sign-in with Twitter
How does OAuth work
Understanding OAuth | Sign-in with Twitter
Objectives
What is OAuth Why OAuth (was OpenID not enough) Types : a) Two legged b) Three legged Benefits of Using OAuth How does OAuth work
- Control & Data flow (e.g. Twitter)• Sign-In with Twitter
- OAuth in Android, the Web way• Sample Application
Understanding OAuth | Sign-in with Twitter
Sign-In with TwitterOn the web
Your Web appRequests a temp URL
to login page
Your Web appSends the URL
User
Sends the userTo this URL
Logs into twitter+Approves access
Twitter gives your app a PIN / Access Token
Your Web app
Your Web appAccesses Users data on twitter,
performs actions,On user’s behalf,
With the PIN/AccessToken
Understanding OAuth | Sign-in with Twitter
Sign-In with TwitterIn the Android App
Your Android appRequests a temp URL
to login page
Your Android appSends the URL
User
Sends the userTo this URL
Logs into twitter+Approves access
Twitter gives your app a PIN / Access Token
Your Android app
Your Android appAccesses Users data on twitter,
performs actions,On user’s behalf,
With the PIN/AccessToken
Understanding OAuth | Sign-in with Twitter
Objectives
What is OAuth Why OAuth (was OpenID not enough) Types : a) Two legged b) Three legged Benefits of Using OAuth How does OAuth work
- Control & Data flow (e.g. Twitter) Sign-In with Twitter
- OAuth in Android, the Web way• Sample Application
Understanding OAuth | Sign-in with Twitter
Sample Application
• Developed using the Twitter4J library• Twitter4J – an unofficial Java Library• Written by a developer who now works for Twitter – Yusukey Yamamoto• Why Twitter4J:• Why write the code once again?• Vast• Quite robust• Certain tasks works in separate threads• Well documented, Well supported, and in active development.
•Get it here: http://twitter4j.org
• Over to Eclipse now
Understanding OAuth | Sign-in with Twitter
Your turn to throw words at me
Aman AlamApplication Developer – Web & Mobile
Cue Blocks Technologies Pvt. Ltd.Chandigarh, IN
sheikhaman.com @AmanAlam
Questions?(But please don’t make it hard on me )