Understanding OAuth | Implementing 'Sign-in with Twitter' in Android apps

  • Published on
    15-Oct-2014

  • View
    242

  • Download
    0

Transcript

Understanding OAuth | Sign-in with Twitter, in Android

Aman Alam Application Developer Web & Mobile, Cue Blocks Technologies Pvt. Ltd., Chandigarh, IN @AmanAlamUnderstanding OAuth | Sign-in with Twitter

Objectives What is OAuth Why OAuth (was OpenID not enough) Types : a) Two legged b) Three legged Benefits of Using OAuth How does OAuth work - Control & Data flow (e.g. Twitter) Sign-In with Twitter - OAuth in Android, the Web way Sample Application

Understanding OAuth | Sign-in with Twitter

Objectives What is OAuth Why OAuth (was OpenID not enough) Types : a) Two legged b) Three legged Benefits of Using OAuth How does OAuth work - Control & Data flow (e.g. Twitter) Sign-In with Twitter - OAuth in Android, the Web way Sample Application

Understanding OAuth | Sign-in with Twitter

What is OAuth OAuth = Open Authentication : Open Standard for Authentication Lets users share their content without handing out their credentials. Applications, which access the users content, use tokens, instead of username/password Developed for Twitter, opened later Complementary but distinctive from OpenID OAuth v2.0 : focuses on client developer simplicity, not backward compatible, built while keeping in mind different devices (desktop apps, phones etc.)Understanding OAuth | Sign-in with Twitter

Objectives What is OAuth Why OAuth (was OpenID not enough) Types : a) Two legged b) Three legged Benefits of Using OAuth How does OAuth work - Control & Data flow (e.g. Twitter) Sign-In with Twitter - OAuth in Android, the Web way Sample Application

Understanding OAuth | Sign-in with Twitter

Why OAuth (was OpenID not enough) OAuth focuses on granting specific privileges to specific applications. OpenID focuses on verifying that the users are really who they claim to be. OpenID requires providers. If OAuth was based on OpenID, only those who could use OpenID, could use OAuth OpenID facilitates Single Sign-on in more straight forward manner OAuth helps in limiting access, in controlling privilegesUnderstanding OAuth | Sign-in with Twitter

Objectives What is OAuth Why OAuth (was OpenID not enough) Types : a) Two legged b) Three legged Benefits of Using OAuth How does OAuth work - Control & Data flow (e.g. Twitter) Sign-In with Twitter - OAuth in Android, the Web way Sample Application

Understanding OAuth | Sign-in with Twitter

Types of OAuth Two different usage scenarios of OAuth: 3 legged 2 legged 3 Legged OAuth: Client app gets Consumer Key & Secret Client uses the above to generate a temp URL and redirects the user to this URL to login (with server) After user approves the client app, the server returns an Access Token to the client app which is used from this point forwardUnderstanding OAuth | Sign-in with Twitter

Types of OAuth 2 Legged OAuth: Client app gets Consumer Key & Secret Client uses the above and an empty token credentials to access the protected resource 2 legged is similar to Client-Server communication 2 legged doesn t require user to input credentials Twitter uses 3 legged OAuth

Understanding OAuth | Sign-in with Twitter

Objectives What is OAuth Why OAuth (was OpenID not enough) Types : a) Two legged b) Three legged Benefits of Using OAuth How does OAuth work - Control & Data flow (e.g. Twitter) Sign-In with Twitter - OAuth in Android, the Web way Sample Application

Understanding OAuth | Sign-in with Twitter

Benefits of Using OAuth Helps limiting access Improves user s trust in your application (via the UX) A way with which you can directly (and with trust) interact with a Web API Even if the users change their Username/ Passwords, your AccessToken remains unaffected User s app management is centralized : They get to control access of apps from where their data is (eg. Twitter-Revoke Access)Understanding OAuth | Sign-in with Twitter

Objectives What is OAuth Why OAuth (was OpenID not enough) Types : a) Two legged b) Three legged Benefits of Using OAuth How does OAuth work - Control & Data flow (e.g. Twitter) Sign-In with Twitter - OAuth in Android, the Web way Sample Application

Understanding OAuth | Sign-in with Twitter

How does OAuth work

Understanding OAuth | Sign-in with Twitter

Objectives What is OAuth Why OAuth (was OpenID not enough) Types : a) Two legged b) Three legged Benefits of Using OAuth How does OAuth work - Control & Data flow (e.g. Twitter) Sign-In with Twitter - OAuth in Android, the Web way Sample Application

Understanding OAuth | Sign-in with Twitter

Sign-In with TwitterOn the web Your Web app Your Web appRequests a temp URL to login page Sends the URL Sends the user To this URL

Your Web appTwitter gives your app a PIN / Access Token

Logs into twitter+ Approves access

User

Your Web app

Accesses Users data on twitter, performs actions, On user s behalf, With the PIN/AccessToken

Understanding OAuth | Sign-in with Twitter

Sign-In with TwitterIn the Android App Your Android appYour Android appRequests a temp URL to login page Sends the URL Sends the user To this URL

Your Android appTwitter gives your app a PIN / Access Token

Logs into twitter+ Approves access

User

Your Android app

Accesses Users data on twitter, performs actions, On user s behalf, With the PIN/AccessToken

Understanding OAuth | Sign-in with Twitter

Objectives What is OAuth Why OAuth (was OpenID not enough) Types : a) Two legged b) Three legged Benefits of Using OAuth How does OAuth work - Control & Data flow (e.g. Twitter) Sign-In with Twitter - OAuth in Android, the Web way Sample Application

Understanding OAuth | Sign-in with Twitter

Sample Application Developed using the Twitter4J library Twitter4J an unofficial Java Library Written by a developer who now works for Twitter Yusukey Yamamoto Why Twitter4J: Why write the code once again? Vast Quite robust Certain tasks works in separate threads Well documented, Well supported, and in active development. Get it here: http://twitter4j.org Over to Eclipse nowUnderstanding OAuth | Sign-in with Twitter

our turn to throw words at me

Questions?(But please don t make it hard on me )

Aman Alam Application Developer Web & Mobile Cue Blocks Technologies Pvt. Ltd. Chandigarh, IN sheikhaman.com @AmanAlam

Understanding OAuth | Sign-in with Twitter