Getting Started with OAuth

Getting Started with OAuth

Warmup

  • Share in your groups what you took away from your job shadow experience yesterday.

What is OAuth?

  • A standard for token-based authentication and authorization on the internet.
  • Allows an end user’s account information to be used by third-party services without exposing the user’s password.

Learning Goals

  • Can explain the tradeoffs of using OAuth vs. building authentication from scratch.
  • Can implement the OAuth handshake using an HTTP library.
  • Understands the value of using Omniauth to handle this handshake.
  • Understands where to store and how to use a user’s access token

Exploration

Watch & Explore

  1. OAuth Overview
  2. GitHub OAuth
  3. GitHub OAuth Docs

Draw a diagram of the requests/responses that are involved in getting a token for a user. * What parties are involved? * What information is included in the request/response?

Pros & Cons of OAuth

  • What are the advantages/disadvantages of using an outside party to verify someone’s identity?
  • Why bother with the OAuth handshake? What’s the purpose of the code the OAuth provider passes us?

Advantages Of OAuth

  • Removing security complexities
  • Service Authorization/Authentication

Disadvantages of OAuth

  • Loss of control
  • Account requirement
  • Data duplication

Omniauth

  • Take 5 minutes to read through this blog post
  • What is the value of using OmniAuth to handle the OAuth handshake?

Wrap up Questions

  • What is OAuth?
  • Where do you store a users access token?
  • How do you use the access token?

Lesson Search Results

Showing top 10 results