狠狠撸

狠狠撸Share a Scribd company logo

Facebook & OAuth

Danny Deng
Danny Deng

這份文件是鄧維岱於2014年舉辦的社會網路設計研討會上的演講稿,介紹了OAuth的基本概念及其在Facebook等社交平台上的應用。文件中詳述了OAuth的工作流程、角色分配及其安全性問題。最後,還涵蓋了使用Node.js和Facebook SDK進行實作的相關內容及資源介紹。

1 of 92
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
2014. By Deng Wei-Dai. For Social Web Design Workshop. 淺談Facebook & OAuth與Live實作 鄧維岱 Danny Deng 2014.05.14 @ 成?大電機系92225 1 Social Web Design Workshop #1
2014. By Deng Wei-Dai. For Social Web Design Workshop. ABOUT ME ? 鄧維岱 Danny 2
2014. By Deng Wei-Dai. For Social Web Design Workshop. ABOUT ME ? 鄧維岱 Danny ? NCKU EE104 2
2014. By Deng Wei-Dai. For Social Web Design Workshop. ABOUT ME ? 鄧維岱 Danny ? NCKU EE104 ? MOVEMENT @ SWD 2013 ? www.movement-itw.com 2
2014. By Deng Wei-Dai. For Social Web Design Workshop. ABOUT ME ? 鄧維岱 Danny ? NCKU EE104 ? MOVEMENT @ SWD 2013 ? www.movement-itw.com 2
2014. By Deng Wei-Dai. For Social Web Design Workshop. ABOUT ME ? 鄧維岱 Danny ? NCKU EE104 ? MOVEMENT @ SWD 2013 ? www.movement-itw.com 2
2014. By Deng Wei-Dai. For Social Web Design Workshop. What is OAuth? 3
2014. By Deng Wei-Dai. For Social Web Design Workshop. What is OAuth? 3 Open Standard for Authorization
2014. By Deng Wei-Dai. For Social Web Design Workshop. 授權程式從_____存取資料 4
2014. By Deng Wei-Dai. For Social Web Design Workshop. 授權程式從_____存取資料 4 Website.APP
2014. By Deng Wei-Dai. For Social Web Design Workshop. 授權程式從_____存取資料 4 Website.APP FB.GitHub. LinkedIn
2014. By Deng Wei-Dai. For Social Web Design Workshop. 授權程式從_____存取資料 4 Website.APP FB.GitHub. LinkedIn Name.Birth. Email.Photo
2014. By Deng Wei-Dai. For Social Web Design Workshop. Why OAuth? 5
2014. By Deng Wei-Dai. For Social Web Design Workshop. We do not need to sign up new accounts Why OAuth? 5
2014. By Deng Wei-Dai. For Social Web Design Workshop. 6 So,
2014. By Deng Wei-Dai. For Social Web Design Workshop. How OAuth works? 6 So,
2014. By Deng Wei-Dai. For Social Web Design Workshop. ROLE 7
2014. By Deng Wei-Dai. For Social Web Design Workshop. ROLE 7 授權程式從_____存取資料
2014. By Deng Wei-Dai. For Social Web Design Workshop. ROLE ? Resource Owner: 使?用者 7 授權程式從_____存取資料
2014. By Deng Wei-Dai. For Social Web Design Workshop. ROLE ? Resource Owner: 使?用者 ? Resource Server: 存放使?用者資料的伺服器 7 授權程式從_____存取資料
2014. By Deng Wei-Dai. For Social Web Design Workshop. ROLE ? Resource Owner: 使?用者 ? Resource Server: 存放使?用者資料的伺服器 ? Authorization Server: 授權Access Token的伺服器 7 授權程式從_____存取資料
2014. By Deng Wei-Dai. For Social Web Design Workshop. ROLE ? Resource Owner: 使?用者 ? Resource Server: 存放使?用者資料的伺服器 ? Authorization Server: 授權Access Token的伺服器 ? Client: Third-Party程式、APP 7 授權程式從_____存取資料
2014. By Deng Wei-Dai. For Social Web Design Workshop. CLIENT 8
2014. By Deng Wei-Dai. For Social Web Design Workshop. CLIENT 8 Client ID
2014. By Deng Wei-Dai. For Social Web Design Workshop. CLIENT 8 Client ID Client Secret
2014. By Deng Wei-Dai. For Social Web Design Workshop. CLIENT 8 Client ID Client Secret Redirect URI
2014. By Deng Wei-Dai. For Social Web Design Workshop. ? Scope: 存取資料範圍 9 more reference for scope
2014. By Deng Wei-Dai. For Social Web Design Workshop. ? Scope: 存取資料範圍 9 Public Pro?le (Default).email… more reference for scope
2014. By Deng Wei-Dai. For Social Web Design Workshop. ? Scope: 存取資料範圍 9 Public Pro?le (Default).email… more reference for scope
2014. By Deng Wei-Dai. For Social Web Design Workshop. ? Scope: 存取資料範圍 ? State: (RECOMMEND) Random, prevent CSRF 9 Public Pro?le (Default).email… more reference for scope
2014. By Deng Wei-Dai. For Social Web Design Workshop. ? Scope: 存取資料範圍 ? State: (RECOMMEND) Random, prevent CSRF ? Code: Get Access Token 9 Public Pro?le (Default).email… more reference for scope
2014. By Deng Wei-Dai. For Social Web Design Workshop. ? Scope: 存取資料範圍 ? State: (RECOMMEND) Random, prevent CSRF ? Code: Get Access Token ? Access Token: Main KEY 9 Public Pro?le (Default).email… more reference for scope
2014. By Deng Wei-Dai. For Social Web Design Workshop. OAuth Flow 10
2014. By Deng Wei-Dai. For Social Web Design Workshop. ROLE ? Resource Owner: 使?用者 ? Resource Server: 存放使?用者資料的伺服器 ? Authorization Server: 授權Access Token的伺服器 ? Client: Third-Party程式、APP 11 授權程式從_____存取資料
2014. By Deng Wei-Dai. For Social Web Design Workshop. 12
2014. By Deng Wei-Dai. For Social Web Design Workshop. 12
2014. By Deng Wei-Dai. For Social Web Design Workshop. 12 Client ID, Redirect URI,Scope, State…
2014. By Deng Wei-Dai. For Social Web Design Workshop. 12 Client ID, Redirect URI,Scope, State… Agree?
2014. By Deng Wei-Dai. For Social Web Design Workshop. 12 Client ID, Redirect URI,Scope, State… Agree? Grant code Error msg With same state
2014. By Deng Wei-Dai. For Social Web Design Workshop. 13
2014. By Deng Wei-Dai. For Social Web Design Workshop. 13 Send to Redirect URI Grant code Error msg with same state
2014. By Deng Wei-Dai. For Social Web Design Workshop. 13 Send to Redirect URI Grant code Error msg with same state CHECK state
2014. By Deng Wei-Dai. For Social Web Design Workshop. 13 Send to Redirect URI Grant code Error msg with same state Client info, Grant code CHECK state
2014. By Deng Wei-Dai. For Social Web Design Workshop. 13 Send to Redirect URI Grant code Error msg with same state Client info, Grant code CHECK state CHECK 1.Client info 2.Redirect URI
2014. By Deng Wei-Dai. For Social Web Design Workshop. 13 Send to Redirect URI Grant code Error msg with same state Client info, Grant code CHECK state Access Token CHECK 1.Client info 2.Redirect URI
2014. By Deng Wei-Dai. For Social Web Design Workshop. 14 Access Token
2014. By Deng Wei-Dai. For Social Web Design Workshop. 14 Access Token Call Graph API (FB)
2014. By Deng Wei-Dai. For Social Web Design Workshop. 14 Access Token Call Graph API (FB) GET User’s info
2014. By Deng Wei-Dai. For Social Web Design Workshop. 14 Access Token Call Graph API (FB) Login Success GET User’s info
2014. By Deng Wei-Dai. For Social Web Design Workshop. 3 PROTOCOL ENDPOINT(a little bit detail) 15
2014. By Deng Wei-Dai. For Social Web Design Workshop. 3 PROTOCOL ENDPOINT(a little bit detail) 15 Authorization Server Client
2014. By Deng Wei-Dai. For Social Web Design Workshop. 3 PROTOCOL ENDPOINT(a little bit detail) 15 Authorization Server Client Authorization Endpoint Token Endpoint
2014. By Deng Wei-Dai. For Social Web Design Workshop. 3 PROTOCOL ENDPOINT(a little bit detail) 15 Authorization Server Redirection Endpoint Client Authorization Endpoint Token Endpoint
2014. By Deng Wei-Dai. For Social Web Design Workshop. 3 PROTOCOL ENDPOINT 16 Authorization Server Redirection Endpoint Client Authorization Endpoint Token Endpoint
2014. By Deng Wei-Dai. For Social Web Design Workshop. 17 Client ID, Redirect URI,Scope, State… Agree? Grant code Error msg With same state
2014. By Deng Wei-Dai. For Social Web Design Workshop. 17 Client ID, Redirect URI,Scope, State… Agree? Grant code Error msg With same state
2014. By Deng Wei-Dai. For Social Web Design Workshop. 17 Client ID, Redirect URI,Scope, State… Agree? Grant code Error msg With same state
2014. By Deng Wei-Dai. For Social Web Design Workshop. https://www.facebook.com/dialog/oauth? client_id=580500188730688? &redirect_uri=http://merry.ee.ncku.edu.tw/redirect? &state=d41d8cd98f00b204e9800998ecf8427e? &response_type=code? &scope=email 18 向Authorization Endpoint提出請求 data which redirect back is code
2014. By Deng Wei-Dai. For Social Web Design Workshop. 19
2014. By Deng Wei-Dai. For Social Web Design Workshop. DENY OR ERROR http://your_redirect_uri?? error=error? &error_code=error_code? &error_description=description? &error_reason=error_reason? &state=state 19 more reference for error
2014. By Deng Wei-Dai. For Social Web Design Workshop. DENY OR ERROR http://your_redirect_uri?? error=error? &error_code=error_code? &error_description=description? &error_reason=error_reason? &state=state 19 more reference for error http://your_redirect_uri?? code=code? &state=state AGREE
2014. By Deng Wei-Dai. For Social Web Design Workshop. 20 Client ID, Redirect URI,Scope, State… Agree? Grant code Error msg With same state
2014. By Deng Wei-Dai. For Social Web Design Workshop. 20 Client ID, Redirect URI,Scope, State… Agree? Grant code Error msg With same state
2014. By Deng Wei-Dai. For Social Web Design Workshop. 3 PROTOCOL ENDPOINT 21 Authorization Server Redirection Endpoint Client Authorization Endpoint Token Endpoint
2014. By Deng Wei-Dai. For Social Web Design Workshop. 22 Send to Redirect URI Grant code Error msg with same state Client info, Grant code CHECK state Access Token CHECK 1.Client info 2.Redirect URI
2014. By Deng Wei-Dai. For Social Web Design Workshop. 22 Send to Redirect URI Grant code Error msg with same state Client info, Grant code CHECK state Access Token CHECK 1.Client info 2.Redirect URI
2014. By Deng Wei-Dai. For Social Web Design Workshop. 3 PROTOCOL ENDPOINT 23 Authorization Server Redirection Endpoint Client Authorization Endpoint Token Endpoint
2014. By Deng Wei-Dai. For Social Web Design Workshop. 24 Send to Redirect URI Grant code Error msg with same state Client info, Grant code CHECK state Access Token CHECK 1.Client info 2.Redirect URI
2014. By Deng Wei-Dai. For Social Web Design Workshop. 24 Send to Redirect URI Grant code Error msg with same state Client info, Grant code CHECK state Access Token CHECK 1.Client info 2.Redirect URI
2014. By Deng Wei-Dai. For Social Web Design Workshop. 24 Send to Redirect URI Grant code Error msg with same state Client info, Grant code CHECK state Access Token CHECK 1.Client info 2.Redirect URI
2014. By Deng Wei-Dai. For Social Web Design Workshop. https://graph.facebook.com/oauth/access_token? client_id=client_id ? &client_secret=client_secret? &redirect_uri=redirect_uri? &code=code 25 向Token Endpoint提出請求 Afterwards, get access_token
2014. By Deng Wei-Dai. For Social Web Design Workshop. 26 Access Token Call Graph API (FB) Login Success GET User’s info
2014. By Deng Wei-Dai. For Social Web Design Workshop. 26 Access Token Call Graph API (FB) Login Success GET User’s info
2014. By Deng Wei-Dai. For Social Web Design Workshop. https://graph.facebook.com/me? access_token=access_token 27 Graph API request access_token We will get info depending on scope
2014. By Deng Wei-Dai. For Social Web Design Workshop. So far, Question? 28
2014. By Deng Wei-Dai. For Social Web Design Workshop. Live Coding 29 Facebook SDK for JavaScript?
2014. By Deng Wei-Dai. For Social Web Design Workshop. 30 Download Materials
2014. By Deng Wei-Dai. For Social Web Design Workshop. Let’s start ! 31
2014. By Deng Wei-Dai. For Social Web Design Workshop. Create Facebook App 32
2014. By Deng Wei-Dai. For Social Web Design Workshop. PHP 33
2014. By Deng Wei-Dai. For Social Web Design Workshop. STRUCTURE PHP Folder ? index.html ? jquery-2.0.2.min.js ? facebook.php ? facebook.png 34
2014. By Deng Wei-Dai. For Social Web Design Workshop. CURL DETAIL ? curl_setopt(ch, option, value); ? CURLOPT_URL: 設定擷取網址 ? CURLOPT_RETURNTRANSFER: 回傳是否字串 ? curl_exec($ch): 執?行 ? curl_close($ch): 關閉 35
2014. By Deng Wei-Dai. For Social Web Design Workshop. NodeJS 36 If we have time…
2014. By Deng Wei-Dai. For Social Web Design Workshop. NodeJS 36 With Express and Passport If we have time…
2014. By Deng Wei-Dai. For Social Web Design Workshop. STEP npm install express-generator (Installed by Prof.) 1. ssh username@merry.ee.ncku.edu.tw 2. express XXX (XXX is a folder) 3. cd XXX & npm install 4. npm install passport 5. npm install passport-facebook 37
2014. By Deng Wei-Dai. For Social Web Design Workshop. STRUCTURE NodeJS Folder ? app.js ? routes/index.js ? html/facebook.html 38
2014. By Deng Wei-Dai. For Social Web Design Workshop. MORE REFERENCE ? Passport Authentication for Node.js Applications ? Easy Node Authentication: Facebook ? Notice: Express3.0. We have installed express 4.0 39
2014. By Deng Wei-Dai. For Social Web Design Workshop. Is OAuth safe? 40
2014. By Deng Wei-Dai. For Social Web Design Workshop. I do not think so… Is OAuth safe? 40
2014. By Deng Wei-Dai. For Social Web Design Workshop. 41 Any Question?
2014. By Deng Wei-Dai. For Social Web Design Workshop. 42 Thanks for your listening! a55660988@gmail.com
2014. By Deng Wei-Dai. For Social Web Design Workshop. MORE REFERENCE ? (Ruby)簡單易懂的 OAuth 2.0 - 如何?用 OAuth 2 鎖住 你的 API ? OAuth 和 OpenID 到底是什麼呢? ? Spec: The OAuth 2.0 Authorization Framework 43
Ad

Recommended

Evaluation g324
Evaluation g324
iwehfkhvwhdl
?
Pdhpe
Pdhpe
752975
?
Sample ????????
Sample ????????
Jonghyun Park
?
COS-PROFILE
COS-PROFILE
osaka_wild
?
Pipeline
Pipeline
Trump Wu
?
Le domaine ingénierie et Architecture de la HES-SO
Sylvie Villa
?
Kent Muer - Creating Business for Local Companies
Kent Muer - Creating Business for Local Companies
Kent Muer
?
The Circulatory system Complete
The Circulatory system Complete
Harshgurawaliya
?
Swiss engineering rts mars 2011
Swiss engineering rts mars 2011
Sylvie Villa
?
LinkedIn - Creating your Business & Professional Profile
LinkedIn - Creating your Business & Professional Profile
Kieran Desmond
?
A3 no4 de?cembre 2008
Sylvie Villa
?
Seerwan's CV
Seerwan's CV
seerwan Salih
?
2016 Dec_CV_Angel Lee
2016 Dec_CV_Angel Lee
Angel LEE
?
101 marketing for recruitment branding
101 marketing for recruitment branding
Andreea Bucur
?
AnteIntroduction
AnteIntroduction
Jerry Huang
?
2013 輔大資工 暑期宅學營 Facebook API
2013 輔大資工 暑期宅學營 Facebook API
Huang-I Yang
?
Ritou idcon7
Ritou idcon7
Ryo Ito
?
Oauth
Oauth
Rob Paok
?
OAuth Introduction
OAuth Introduction
h_marvin
?
Technical Background of VZ-ID
Technical Background of VZ-ID
Bastian Hofmann
?
OAuth 2.0 & OpenID Connect @ OpenSource Conference 2011 Tokyo #osc11tk
OAuth 2.0 & OpenID Connect @ OpenSource Conference 2011 Tokyo #osc11tk
Nov Matake
?
Oauth 2.0 security
Oauth 2.0 security
vinoth kumar
?
Distributed Identities with OpenID
Distributed Identities with OpenID
Bastian Hofmann
?
Distributed Identities with OpenID
Distributed Identities with OpenID
Bastian Hofmann
?
OAuth 2.0 Updates #technight
OAuth 2.0 Updates #technight
Nov Matake
?
Hta f43
Hta f43
SelectedPresentations
?
OAuth 2.0 and Mobile Devices: Is that a token in your phone in your pocket or...
OAuth 2.0 and Mobile Devices: Is that a token in your phone in your pocket or...
Brian Campbell
?
OAuth: Trust Issues
OAuth: Trust Issues
Lorna Mitchell
?
Privacy Codes of Practice for the Social Web: The Analysis of Existing Privac...
Privacy Codes of Practice for the Social Web: The Analysis of Existing Privac...
guest1dfa6b0
?
Hands-on with OAuth, Facebook and the Force.com Platform
Hands-on with OAuth, Facebook and the Force.com Platform
Pat Patterson
?

More Related Content

Viewers also liked (7)

Swiss engineering rts mars 2011
Swiss engineering rts mars 2011
Sylvie Villa
?
LinkedIn - Creating your Business & Professional Profile
LinkedIn - Creating your Business & Professional Profile
Kieran Desmond
?
A3 no4 de?cembre 2008
Sylvie Villa
?
Seerwan's CV
Seerwan's CV
seerwan Salih
?
2016 Dec_CV_Angel Lee
2016 Dec_CV_Angel Lee
Angel LEE
?
101 marketing for recruitment branding
101 marketing for recruitment branding
Andreea Bucur
?
AnteIntroduction
AnteIntroduction
Jerry Huang
?
Swiss engineering rts mars 2011
Swiss engineering rts mars 2011
Sylvie Villa
?
LinkedIn - Creating your Business & Professional Profile
LinkedIn - Creating your Business & Professional Profile
Kieran Desmond
?
A3 no4 de?cembre 2008
Sylvie Villa
?
Seerwan's CV
Seerwan's CV
seerwan Salih
?
2016 Dec_CV_Angel Lee
2016 Dec_CV_Angel Lee
Angel LEE
?
101 marketing for recruitment branding
101 marketing for recruitment branding
Andreea Bucur
?
AnteIntroduction
AnteIntroduction
Jerry Huang
?

Similar to Facebook & OAuth (20)

2013 輔大資工 暑期宅學營 Facebook API
2013 輔大資工 暑期宅學營 Facebook API
Huang-I Yang
?
Ritou idcon7
Ritou idcon7
Ryo Ito
?
Oauth
Oauth
Rob Paok
?
OAuth Introduction
OAuth Introduction
h_marvin
?
Technical Background of VZ-ID
Technical Background of VZ-ID
Bastian Hofmann
?
OAuth 2.0 & OpenID Connect @ OpenSource Conference 2011 Tokyo #osc11tk
OAuth 2.0 & OpenID Connect @ OpenSource Conference 2011 Tokyo #osc11tk
Nov Matake
?
Oauth 2.0 security
Oauth 2.0 security
vinoth kumar
?
Distributed Identities with OpenID
Distributed Identities with OpenID
Bastian Hofmann
?
Distributed Identities with OpenID
Distributed Identities with OpenID
Bastian Hofmann
?
OAuth 2.0 Updates #technight
OAuth 2.0 Updates #technight
Nov Matake
?
Hta f43
Hta f43
SelectedPresentations
?
OAuth 2.0 and Mobile Devices: Is that a token in your phone in your pocket or...
OAuth 2.0 and Mobile Devices: Is that a token in your phone in your pocket or...
Brian Campbell
?
OAuth: Trust Issues
OAuth: Trust Issues
Lorna Mitchell
?
Privacy Codes of Practice for the Social Web: The Analysis of Existing Privac...
Privacy Codes of Practice for the Social Web: The Analysis of Existing Privac...
guest1dfa6b0
?
Hands-on with OAuth, Facebook and the Force.com Platform
Hands-on with OAuth, Facebook and the Force.com Platform
Pat Patterson
?
Facebook Login & Open Graph Introduction
Facebook Login & Open Graph Introduction
Eric Ping
?
20091029 OpenID Talk
20091029 OpenID Talk
Shih-Chieh Li
?
Navigating OAuth and OIDC: From Access Tokens to SSO
Navigating OAuth and OIDC: From Access Tokens to SSO
Maysam Mousa
?
OAuth 2.0
OAuth 2.0
Alex Bilbie
?
Making Sense of API Access Control
Making Sense of API Access Control
CA API Management
?
2013 輔大資工 暑期宅學營 Facebook API
2013 輔大資工 暑期宅學營 Facebook API
Huang-I Yang
?
Ritou idcon7
Ritou idcon7
Ryo Ito
?
Oauth
Oauth
Rob Paok
?
OAuth Introduction
OAuth Introduction
h_marvin
?
Technical Background of VZ-ID
Technical Background of VZ-ID
Bastian Hofmann
?
OAuth 2.0 & OpenID Connect @ OpenSource Conference 2011 Tokyo #osc11tk
OAuth 2.0 & OpenID Connect @ OpenSource Conference 2011 Tokyo #osc11tk
Nov Matake
?
Oauth 2.0 security
Oauth 2.0 security
vinoth kumar
?
Distributed Identities with OpenID
Distributed Identities with OpenID
Bastian Hofmann
?
Distributed Identities with OpenID
Distributed Identities with OpenID
Bastian Hofmann
?
OAuth 2.0 Updates #technight
OAuth 2.0 Updates #technight
Nov Matake
?
Hta f43
Hta f43
SelectedPresentations
?
OAuth 2.0 and Mobile Devices: Is that a token in your phone in your pocket or...
OAuth 2.0 and Mobile Devices: Is that a token in your phone in your pocket or...
Brian Campbell
?
OAuth: Trust Issues
OAuth: Trust Issues
Lorna Mitchell
?
Privacy Codes of Practice for the Social Web: The Analysis of Existing Privac...
Privacy Codes of Practice for the Social Web: The Analysis of Existing Privac...
guest1dfa6b0
?
Hands-on with OAuth, Facebook and the Force.com Platform
Hands-on with OAuth, Facebook and the Force.com Platform
Pat Patterson
?
Facebook Login & Open Graph Introduction
Facebook Login & Open Graph Introduction
Eric Ping
?
20091029 OpenID Talk
20091029 OpenID Talk
Shih-Chieh Li
?
Navigating OAuth and OIDC: From Access Tokens to SSO
Navigating OAuth and OIDC: From Access Tokens to SSO
Maysam Mousa
?
OAuth 2.0
OAuth 2.0
Alex Bilbie
?
Making Sense of API Access Control
Making Sense of API Access Control
CA API Management
?
Ad

Recently uploaded (20)

SAP_S4HANA_eCommerce_Integration_Presentation.pptx
SAP_S4HANA_eCommerce_Integration_Presentation.pptx
vemulavenu484
?
SAP_S4HANA_ChatGPT_Integration_Presentation.pptx
SAP_S4HANA_ChatGPT_Integration_Presentation.pptx
vemulavenu484
?
Topic 2 - Cloud Computing Basics,,,.pptx
Topic 2 - Cloud Computing Basics,,,.pptx
oneillp100
?
COMPUTER ETHICS AND CRIME.......................................................
COMPUTER ETHICS AND CRIME.......................................................
FOOLKUMARI
?
IAREUOUSTPIDWHY$)CHARACTERARERWUEEJJSKWNSND
IAREUOUSTPIDWHY$)CHARACTERARERWUEEJJSKWNSND
notgachabite123
?
Dark Web Presentation - 1.pdf about internet which will help you to get to kn...
Dark Web Presentation - 1.pdf about internet which will help you to get to kn...
ragnaralpha7199
?
Topic 1 Foundational IT Infrastructure_.pptx
Topic 1 Foundational IT Infrastructure_.pptx
oneillp100
?
Internet & Protocols : A Blueprint of the Internet System
Internet & Protocols : A Blueprint of the Internet System
cpnabil59
?
cybercrime investigation and digital forensics
cybercrime investigation and digital forensics
goverdhankumar137300
?
AMOR PROHIBIDO MURMURAN POR LAS CALLES PORQUE
AMOR PROHIBIDO MURMURAN POR LAS CALLES PORQUE
GFGLaboratorios
?
inside the internet - understanding the TCP/IP protocol
inside the internet - understanding the TCP/IP protocol
shainweniton02
?
3 years of Quarkus in production, what have we learned - Devoxx Polen
3 years of Quarkus in production, what have we learned - Devoxx Polen
Jago de Vreede
?
Fast Reroute in SR-MPLS, presented at bdNOG 19
Fast Reroute in SR-MPLS, presented at bdNOG 19
APNIC
?
DDos Mitigation Strategie, presented at bdNOG 19
DDos Mitigation Strategie, presented at bdNOG 19
APNIC
?
Common Pitfalls in Magento to Shopify Migration and How to Avoid Them.pdf
Common Pitfalls in Magento to Shopify Migration and How to Avoid Them.pdf
CartCoders
?
LpQuantueer rtwrt 1e erere errerqer m.ppt
LpQuantueer rtwrt 1e erere errerqer m.ppt
cyberesearchprof
?
CBUSDAW - Ash Lewis - Reducing LLM Hallucinations
CBUSDAW - Ash Lewis - Reducing LLM Hallucinations
Jason Packer
?
Top Mobile App Development Trends Shaping the Future
Top Mobile App Development Trends Shaping the Future
ChicMic Studios
?
In order to install and use the device software, your computer must meet the ...
In order to install and use the device software, your computer must meet the ...
raguclc
?
最新版美国威斯康星大学绿湾分校毕业证(鲍奥骋叠毕业证书)原版定制
最新版美国威斯康星大学绿湾分校毕业证(鲍奥骋叠毕业证书)原版定制
Taqyea
?
SAP_S4HANA_eCommerce_Integration_Presentation.pptx
SAP_S4HANA_eCommerce_Integration_Presentation.pptx
vemulavenu484
?
SAP_S4HANA_ChatGPT_Integration_Presentation.pptx
SAP_S4HANA_ChatGPT_Integration_Presentation.pptx
vemulavenu484
?
Topic 2 - Cloud Computing Basics,,,.pptx
Topic 2 - Cloud Computing Basics,,,.pptx
oneillp100
?
COMPUTER ETHICS AND CRIME.......................................................
COMPUTER ETHICS AND CRIME.......................................................
FOOLKUMARI
?
IAREUOUSTPIDWHY$)CHARACTERARERWUEEJJSKWNSND
IAREUOUSTPIDWHY$)CHARACTERARERWUEEJJSKWNSND
notgachabite123
?
Dark Web Presentation - 1.pdf about internet which will help you to get to kn...
Dark Web Presentation - 1.pdf about internet which will help you to get to kn...
ragnaralpha7199
?
Topic 1 Foundational IT Infrastructure_.pptx
Topic 1 Foundational IT Infrastructure_.pptx
oneillp100
?
Internet & Protocols : A Blueprint of the Internet System
Internet & Protocols : A Blueprint of the Internet System
cpnabil59
?
cybercrime investigation and digital forensics
cybercrime investigation and digital forensics
goverdhankumar137300
?
AMOR PROHIBIDO MURMURAN POR LAS CALLES PORQUE
AMOR PROHIBIDO MURMURAN POR LAS CALLES PORQUE
GFGLaboratorios
?
inside the internet - understanding the TCP/IP protocol
inside the internet - understanding the TCP/IP protocol
shainweniton02
?
3 years of Quarkus in production, what have we learned - Devoxx Polen
3 years of Quarkus in production, what have we learned - Devoxx Polen
Jago de Vreede
?
Fast Reroute in SR-MPLS, presented at bdNOG 19
Fast Reroute in SR-MPLS, presented at bdNOG 19
APNIC
?
DDos Mitigation Strategie, presented at bdNOG 19
DDos Mitigation Strategie, presented at bdNOG 19
APNIC
?
Common Pitfalls in Magento to Shopify Migration and How to Avoid Them.pdf
Common Pitfalls in Magento to Shopify Migration and How to Avoid Them.pdf
CartCoders
?
LpQuantueer rtwrt 1e erere errerqer m.ppt
LpQuantueer rtwrt 1e erere errerqer m.ppt
cyberesearchprof
?
CBUSDAW - Ash Lewis - Reducing LLM Hallucinations
CBUSDAW - Ash Lewis - Reducing LLM Hallucinations
Jason Packer
?
Top Mobile App Development Trends Shaping the Future
Top Mobile App Development Trends Shaping the Future
ChicMic Studios
?
In order to install and use the device software, your computer must meet the ...
In order to install and use the device software, your computer must meet the ...
raguclc
?
最新版美国威斯康星大学绿湾分校毕业证(鲍奥骋叠毕业证书)原版定制
最新版美国威斯康星大学绿湾分校毕业证(鲍奥骋叠毕业证书)原版定制
Taqyea
?
Ad

Facebook & OAuth

  • 1. 2014. By Deng Wei-Dai. For Social Web Design Workshop. 淺談Facebook & OAuth與Live實作 鄧維岱 Danny Deng 2014.05.14 @ 成?大電機系92225 1 Social Web Design Workshop #1
  • 2. 2014. By Deng Wei-Dai. For Social Web Design Workshop. ABOUT ME ? 鄧維岱 Danny 2
  • 3. 2014. By Deng Wei-Dai. For Social Web Design Workshop. ABOUT ME ? 鄧維岱 Danny ? NCKU EE104 2
  • 4. 2014. By Deng Wei-Dai. For Social Web Design Workshop. ABOUT ME ? 鄧維岱 Danny ? NCKU EE104 ? MOVEMENT @ SWD 2013 ? www.movement-itw.com 2
  • 5. 2014. By Deng Wei-Dai. For Social Web Design Workshop. ABOUT ME ? 鄧維岱 Danny ? NCKU EE104 ? MOVEMENT @ SWD 2013 ? www.movement-itw.com 2
  • 6. 2014. By Deng Wei-Dai. For Social Web Design Workshop. ABOUT ME ? 鄧維岱 Danny ? NCKU EE104 ? MOVEMENT @ SWD 2013 ? www.movement-itw.com 2
  • 7. 2014. By Deng Wei-Dai. For Social Web Design Workshop. What is OAuth? 3
  • 8. 2014. By Deng Wei-Dai. For Social Web Design Workshop. What is OAuth? 3 Open Standard for Authorization
  • 9. 2014. By Deng Wei-Dai. For Social Web Design Workshop. 授權程式從_____存取資料 4
  • 10. 2014. By Deng Wei-Dai. For Social Web Design Workshop. 授權程式從_____存取資料 4 Website.APP
  • 11. 2014. By Deng Wei-Dai. For Social Web Design Workshop. 授權程式從_____存取資料 4 Website.APP FB.GitHub. LinkedIn
  • 12. 2014. By Deng Wei-Dai. For Social Web Design Workshop. 授權程式從_____存取資料 4 Website.APP FB.GitHub. LinkedIn Name.Birth. Email.Photo
  • 13. 2014. By Deng Wei-Dai. For Social Web Design Workshop. Why OAuth? 5
  • 14. 2014. By Deng Wei-Dai. For Social Web Design Workshop. We do not need to sign up new accounts Why OAuth? 5
  • 15. 2014. By Deng Wei-Dai. For Social Web Design Workshop. 6 So,
  • 16. 2014. By Deng Wei-Dai. For Social Web Design Workshop. How OAuth works? 6 So,
  • 17. 2014. By Deng Wei-Dai. For Social Web Design Workshop. ROLE 7
  • 18. 2014. By Deng Wei-Dai. For Social Web Design Workshop. ROLE 7 授權程式從_____存取資料
  • 19. 2014. By Deng Wei-Dai. For Social Web Design Workshop. ROLE ? Resource Owner: 使?用者 7 授權程式從_____存取資料
  • 20. 2014. By Deng Wei-Dai. For Social Web Design Workshop. ROLE ? Resource Owner: 使?用者 ? Resource Server: 存放使?用者資料的伺服器 7 授權程式從_____存取資料
  • 21. 2014. By Deng Wei-Dai. For Social Web Design Workshop. ROLE ? Resource Owner: 使?用者 ? Resource Server: 存放使?用者資料的伺服器 ? Authorization Server: 授權Access Token的伺服器 7 授權程式從_____存取資料
  • 22. 2014. By Deng Wei-Dai. For Social Web Design Workshop. ROLE ? Resource Owner: 使?用者 ? Resource Server: 存放使?用者資料的伺服器 ? Authorization Server: 授權Access Token的伺服器 ? Client: Third-Party程式、APP 7 授權程式從_____存取資料
  • 23. 2014. By Deng Wei-Dai. For Social Web Design Workshop. CLIENT 8
  • 24. 2014. By Deng Wei-Dai. For Social Web Design Workshop. CLIENT 8 Client ID
  • 25. 2014. By Deng Wei-Dai. For Social Web Design Workshop. CLIENT 8 Client ID Client Secret
  • 26. 2014. By Deng Wei-Dai. For Social Web Design Workshop. CLIENT 8 Client ID Client Secret Redirect URI
  • 27. 2014. By Deng Wei-Dai. For Social Web Design Workshop. ? Scope: 存取資料範圍 9 more reference for scope
  • 28. 2014. By Deng Wei-Dai. For Social Web Design Workshop. ? Scope: 存取資料範圍 9 Public Pro?le (Default).email… more reference for scope
  • 29. 2014. By Deng Wei-Dai. For Social Web Design Workshop. ? Scope: 存取資料範圍 9 Public Pro?le (Default).email… more reference for scope
  • 30. 2014. By Deng Wei-Dai. For Social Web Design Workshop. ? Scope: 存取資料範圍 ? State: (RECOMMEND) Random, prevent CSRF 9 Public Pro?le (Default).email… more reference for scope
  • 31. 2014. By Deng Wei-Dai. For Social Web Design Workshop. ? Scope: 存取資料範圍 ? State: (RECOMMEND) Random, prevent CSRF ? Code: Get Access Token 9 Public Pro?le (Default).email… more reference for scope
  • 32. 2014. By Deng Wei-Dai. For Social Web Design Workshop. ? Scope: 存取資料範圍 ? State: (RECOMMEND) Random, prevent CSRF ? Code: Get Access Token ? Access Token: Main KEY 9 Public Pro?le (Default).email… more reference for scope
  • 33. 2014. By Deng Wei-Dai. For Social Web Design Workshop. OAuth Flow 10
  • 34. 2014. By Deng Wei-Dai. For Social Web Design Workshop. ROLE ? Resource Owner: 使?用者 ? Resource Server: 存放使?用者資料的伺服器 ? Authorization Server: 授權Access Token的伺服器 ? Client: Third-Party程式、APP 11 授權程式從_____存取資料
  • 35. 2014. By Deng Wei-Dai. For Social Web Design Workshop. 12
  • 36. 2014. By Deng Wei-Dai. For Social Web Design Workshop. 12
  • 37. 2014. By Deng Wei-Dai. For Social Web Design Workshop. 12 Client ID, Redirect URI,Scope, State…
  • 38. 2014. By Deng Wei-Dai. For Social Web Design Workshop. 12 Client ID, Redirect URI,Scope, State… Agree?
  • 39. 2014. By Deng Wei-Dai. For Social Web Design Workshop. 12 Client ID, Redirect URI,Scope, State… Agree? Grant code Error msg With same state
  • 40. 2014. By Deng Wei-Dai. For Social Web Design Workshop. 13
  • 41. 2014. By Deng Wei-Dai. For Social Web Design Workshop. 13 Send to Redirect URI Grant code Error msg with same state
  • 42. 2014. By Deng Wei-Dai. For Social Web Design Workshop. 13 Send to Redirect URI Grant code Error msg with same state CHECK state
  • 43. 2014. By Deng Wei-Dai. For Social Web Design Workshop. 13 Send to Redirect URI Grant code Error msg with same state Client info, Grant code CHECK state
  • 44. 2014. By Deng Wei-Dai. For Social Web Design Workshop. 13 Send to Redirect URI Grant code Error msg with same state Client info, Grant code CHECK state CHECK 1.Client info 2.Redirect URI
  • 45. 2014. By Deng Wei-Dai. For Social Web Design Workshop. 13 Send to Redirect URI Grant code Error msg with same state Client info, Grant code CHECK state Access Token CHECK 1.Client info 2.Redirect URI
  • 46. 2014. By Deng Wei-Dai. For Social Web Design Workshop. 14 Access Token
  • 47. 2014. By Deng Wei-Dai. For Social Web Design Workshop. 14 Access Token Call Graph API (FB)
  • 48. 2014. By Deng Wei-Dai. For Social Web Design Workshop. 14 Access Token Call Graph API (FB) GET User’s info
  • 49. 2014. By Deng Wei-Dai. For Social Web Design Workshop. 14 Access Token Call Graph API (FB) Login Success GET User’s info
  • 50. 2014. By Deng Wei-Dai. For Social Web Design Workshop. 3 PROTOCOL ENDPOINT(a little bit detail) 15
  • 51. 2014. By Deng Wei-Dai. For Social Web Design Workshop. 3 PROTOCOL ENDPOINT(a little bit detail) 15 Authorization Server Client
  • 52. 2014. By Deng Wei-Dai. For Social Web Design Workshop. 3 PROTOCOL ENDPOINT(a little bit detail) 15 Authorization Server Client Authorization Endpoint Token Endpoint
  • 53. 2014. By Deng Wei-Dai. For Social Web Design Workshop. 3 PROTOCOL ENDPOINT(a little bit detail) 15 Authorization Server Redirection Endpoint Client Authorization Endpoint Token Endpoint
  • 54. 2014. By Deng Wei-Dai. For Social Web Design Workshop. 3 PROTOCOL ENDPOINT 16 Authorization Server Redirection Endpoint Client Authorization Endpoint Token Endpoint
  • 55. 2014. By Deng Wei-Dai. For Social Web Design Workshop. 17 Client ID, Redirect URI,Scope, State… Agree? Grant code Error msg With same state
  • 56. 2014. By Deng Wei-Dai. For Social Web Design Workshop. 17 Client ID, Redirect URI,Scope, State… Agree? Grant code Error msg With same state
  • 57. 2014. By Deng Wei-Dai. For Social Web Design Workshop. 17 Client ID, Redirect URI,Scope, State… Agree? Grant code Error msg With same state
  • 58. 2014. By Deng Wei-Dai. For Social Web Design Workshop. https://www.facebook.com/dialog/oauth? client_id=580500188730688? &redirect_uri=http://merry.ee.ncku.edu.tw/redirect? &state=d41d8cd98f00b204e9800998ecf8427e? &response_type=code? &scope=email 18 向Authorization Endpoint提出請求 data which redirect back is code
  • 59. 2014. By Deng Wei-Dai. For Social Web Design Workshop. 19
  • 60. 2014. By Deng Wei-Dai. For Social Web Design Workshop. DENY OR ERROR http://your_redirect_uri?? error=error? &error_code=error_code? &error_description=description? &error_reason=error_reason? &state=state 19 more reference for error
  • 61. 2014. By Deng Wei-Dai. For Social Web Design Workshop. DENY OR ERROR http://your_redirect_uri?? error=error? &error_code=error_code? &error_description=description? &error_reason=error_reason? &state=state 19 more reference for error http://your_redirect_uri?? code=code? &state=state AGREE
  • 62. 2014. By Deng Wei-Dai. For Social Web Design Workshop. 20 Client ID, Redirect URI,Scope, State… Agree? Grant code Error msg With same state
  • 63. 2014. By Deng Wei-Dai. For Social Web Design Workshop. 20 Client ID, Redirect URI,Scope, State… Agree? Grant code Error msg With same state
  • 64. 2014. By Deng Wei-Dai. For Social Web Design Workshop. 3 PROTOCOL ENDPOINT 21 Authorization Server Redirection Endpoint Client Authorization Endpoint Token Endpoint
  • 65. 2014. By Deng Wei-Dai. For Social Web Design Workshop. 22 Send to Redirect URI Grant code Error msg with same state Client info, Grant code CHECK state Access Token CHECK 1.Client info 2.Redirect URI
  • 66. 2014. By Deng Wei-Dai. For Social Web Design Workshop. 22 Send to Redirect URI Grant code Error msg with same state Client info, Grant code CHECK state Access Token CHECK 1.Client info 2.Redirect URI
  • 67. 2014. By Deng Wei-Dai. For Social Web Design Workshop. 3 PROTOCOL ENDPOINT 23 Authorization Server Redirection Endpoint Client Authorization Endpoint Token Endpoint
  • 68. 2014. By Deng Wei-Dai. For Social Web Design Workshop. 24 Send to Redirect URI Grant code Error msg with same state Client info, Grant code CHECK state Access Token CHECK 1.Client info 2.Redirect URI
  • 69. 2014. By Deng Wei-Dai. For Social Web Design Workshop. 24 Send to Redirect URI Grant code Error msg with same state Client info, Grant code CHECK state Access Token CHECK 1.Client info 2.Redirect URI
  • 70. 2014. By Deng Wei-Dai. For Social Web Design Workshop. 24 Send to Redirect URI Grant code Error msg with same state Client info, Grant code CHECK state Access Token CHECK 1.Client info 2.Redirect URI
  • 71. 2014. By Deng Wei-Dai. For Social Web Design Workshop. https://graph.facebook.com/oauth/access_token? client_id=client_id ? &client_secret=client_secret? &redirect_uri=redirect_uri? &code=code 25 向Token Endpoint提出請求 Afterwards, get access_token
  • 72. 2014. By Deng Wei-Dai. For Social Web Design Workshop. 26 Access Token Call Graph API (FB) Login Success GET User’s info
  • 73. 2014. By Deng Wei-Dai. For Social Web Design Workshop. 26 Access Token Call Graph API (FB) Login Success GET User’s info
  • 74. 2014. By Deng Wei-Dai. For Social Web Design Workshop. https://graph.facebook.com/me? access_token=access_token 27 Graph API request access_token We will get info depending on scope
  • 75. 2014. By Deng Wei-Dai. For Social Web Design Workshop. So far, Question? 28
  • 76. 2014. By Deng Wei-Dai. For Social Web Design Workshop. Live Coding 29 Facebook SDK for JavaScript?
  • 77. 2014. By Deng Wei-Dai. For Social Web Design Workshop. 30 Download Materials
  • 78. 2014. By Deng Wei-Dai. For Social Web Design Workshop. Let’s start ! 31
  • 79. 2014. By Deng Wei-Dai. For Social Web Design Workshop. Create Facebook App 32
  • 80. 2014. By Deng Wei-Dai. For Social Web Design Workshop. PHP 33
  • 81. 2014. By Deng Wei-Dai. For Social Web Design Workshop. STRUCTURE PHP Folder ? index.html ? jquery-2.0.2.min.js ? facebook.php ? facebook.png 34
  • 82. 2014. By Deng Wei-Dai. For Social Web Design Workshop. CURL DETAIL ? curl_setopt(ch, option, value); ? CURLOPT_URL: 設定擷取網址 ? CURLOPT_RETURNTRANSFER: 回傳是否字串 ? curl_exec($ch): 執?行 ? curl_close($ch): 關閉 35
  • 83. 2014. By Deng Wei-Dai. For Social Web Design Workshop. NodeJS 36 If we have time…
  • 84. 2014. By Deng Wei-Dai. For Social Web Design Workshop. NodeJS 36 With Express and Passport If we have time…
  • 85. 2014. By Deng Wei-Dai. For Social Web Design Workshop. STEP npm install express-generator (Installed by Prof.) 1. ssh username@merry.ee.ncku.edu.tw 2. express XXX (XXX is a folder) 3. cd XXX & npm install 4. npm install passport 5. npm install passport-facebook 37
  • 86. 2014. By Deng Wei-Dai. For Social Web Design Workshop. STRUCTURE NodeJS Folder ? app.js ? routes/index.js ? html/facebook.html 38
  • 87. 2014. By Deng Wei-Dai. For Social Web Design Workshop. MORE REFERENCE ? Passport Authentication for Node.js Applications ? Easy Node Authentication: Facebook ? Notice: Express3.0. We have installed express 4.0 39
  • 88. 2014. By Deng Wei-Dai. For Social Web Design Workshop. Is OAuth safe? 40
  • 89. 2014. By Deng Wei-Dai. For Social Web Design Workshop. I do not think so… Is OAuth safe? 40
  • 90. 2014. By Deng Wei-Dai. For Social Web Design Workshop. 41 Any Question?
  • 91. 2014. By Deng Wei-Dai. For Social Web Design Workshop. 42 Thanks for your listening! a55660988@gmail.com
  • 92. 2014. By Deng Wei-Dai. For Social Web Design Workshop. MORE REFERENCE ? (Ruby)簡單易懂的 OAuth 2.0 - 如何?用 OAuth 2 鎖住 你的 API ? OAuth 和 OpenID 到底是什麼呢? ? Spec: The OAuth 2.0 Authorization Framework 43
About
? 2025 狠狠撸