This document summarizes authentication methods for web applications, including traditional session-based authentication, federated login using services like Facebook and Google, and standards like OpenID and OAuth. It discusses the advantages of federated login over traditional methods, including established user profiles and reduced costs. It then provides an overview of OpenID and OAuth workflows and popular services that support each standard like Google, Facebook, and Twitter. Code examples are shown for integrating authentication with these services.
1 of 20
Download to read offline
More Related Content
Authentication Using Twitter, Google, Facebook, And More
2. About me
Billy Cravens
ColdFusion since 4.0 (1999)
Houston CFUG manager
Former DFWCFUG board member
Other languages: PHP, .NET; node.js ninja in training
Remember the Wrox book?
3. About me
Supporter of Cystic Fibrosis (research)
www.CureCF.com
Twitter: @bdcravens
Web:
www.billycravens.com
billy.io
5. Pain points of traditional/
Advantages of federated login
Registration and conversion rates
(statistic here would be nice!)
Established user pro鍖les
Customer care and password recovery costs
Social web
Facebook: 845 million users
Twitter: 300 millions users
Google: 350 million Gmail users
Linked In : 135 million users
15. oAuth 2.0 Work鍖ow
Send user to User logs in and grants Send token to your
authentication URI permissions callback URI
API calls using
Verify token
token
20. Integrate into existing security
Authenticate your user
Authenticate with service
Capture user ID 鍖eld of service, save to database
Editor's Notes
\n
\n
\n
Session check: briefly show /session code (no more than 1 minute)\n\nCFLogin: briefly show /cflogin code (no more than 1 minute)\n\nOS options: don’t show examples\n
\n
Trust and perception:\n* people's unwillingness to grant *your* application access to their Twitter/FB/Google data. \n* Although most of these allow a level of access that is only used for auth, many users will not understand that and so may be hesitant to allow access. \n* you are placing trust in another authority, which is also an issue.\n* privacy issues: access to your website as data to mine\n\n
TODO: short blurb about Liberty Alliance. Discuss role in standard, merger into Kantara Initiative\n\nMS Passport: proprietary solution, some early adoption, Starbucks.com; \nbegan process of migrating Windows Live ID to OpenID, but never moved past CTP\n
\n
only one we’re interested in is Google\n\nin this presentation we’re only going to look at \n\n