OAuth 2.0

Mar 18, 20132 likes1,450 views

The document discusses two common OAuth 2.0 authorization flows: the authorization code flow which uses an authorization code to obtain an access token, and the implicit grant flow which issues an access token directly to the client. It provides diagrams illustrating the key steps in each flow including user authentication, token issuance, and accessing protected resources. The document also briefly mentions other OAuth 2.0 grant types and accessing protected APIs with obtained tokens.

OAuth 2.0
Andreas ?kre Solberg, UNINETT AS

March 19th, 2013

Authorization code Token
?ow storage

Authorization
Feide Resource server
server
aut

iss
hen

ted g
i
ap
tec sin
ues
tica

nt

pro cces
gra

tok
tes

a
ne
Client

Resource owner
(with browser)

Implicit grant Token
?ow storage

Authorization
Feide Resource server
server

grant i
ap
issues token
au
th

d
te
ent

e c
ic

ot
at

p r
es

i ng
s
c es
ac

browser

Resource owner
(with browser)

? Authorization Code

? Implicit Grant

? (Resource Owner Password Credentials)

? (Client Credentials)

? Accessing protected API

? How do we obtain the token?

Token
storage

Authorization
Feide Resource server
server

aut

iss
hen

ted g
i
ap
tec sin
ues
tica

nt

pro cces
gra

tok
tes

a
n e
Client

Resource owner
(with browser)

Authorization Code Flow

? Authorization Request

? User authenticates Token
storage

? User accepts client grant Feide
Authorization
server
Resource server

aut

iss
hen

ted g
i
ap
tec sin
ues
tica

nt

pro cces
gra

tok
tes

a
n e
Client

Resource owner
(with browser)

? Access token request

Token
storage
? Access token response
Authorization
Feide Resource server
server

aut

iss
hen

ted g
i
ap
tec sin
ues
tica

nt

pro cces
gra

tok
tes

a
n e
Client

Resource owner
(with browser)

Implicit Grant Flow

? Authorization Request

? User authenticates Token
storage

? User accepts client grant Feide
Authorization
Resource server
server

grant
i
ap

issues token
au
th ed
ent e ct
ic ot
at pr
es g
sin
c es
ac

browser

Resource owner
(with browser)

Client Token
storage storage

Client Authorization
Feide Resource server
Management server

Client

Client owner Resource owner
(with browser) (with browser)

Resource server

UWAP
Token Client
storage storage

Feide

SOA Authorization Client
Gatekeeper server Management

Client
Client
owner

When developing applications for mobile devices (Windows Store or Windows Phone) we have to deal with connected data scenarios using cloud web services, and disconnected scenarios where data is stored locally. In this session we will explore all options to store information locally and remotely (files, Isolated Storage, IndexedDB, SQLite, NoSQL DBs and Azure Mobile Services), and how to build a system for synchronizing data when using a combination of these systems.

��֧٧ڧ�� է�ܧݧѧէ� �� ݧ֧ܧ��ߧߧ�� ѧ��֧ߧ�ڧ�ڧܧѧ�ڧ� �� ԧ��էѧ��ӧ֧ߧߧ�� ڧ��֧ާѧ�Mikhail Vanin

Everyday - mongodbelliando dias

The document provides an overview of MongoDB, describing it as an open-source, high-performance, schema-free, document-oriented database. It then outlines some basic terms used in MongoDB like document, BSON, collection, and GridFS. The remainder of the document discusses technical aspects of MongoDB like administration, drivers, replication, sharding, and features such as queries, indexes, map reduce, and upserts. It concludes by reviewing several companies that use MongoDB successfully in production applications.

Nuxeo World Session: Nuxeo DistributionsNuxeo

This document discusses Nuxeo distributions, which are pre-configured bundles of Nuxeo features that can be assembled and packaged in different ways. It describes existing Nuxeo distributions like CAP, DAM, and Core Server, which provide functionality or serve as frameworks. Tools are available for building custom distributions, including Maven plugins, Ant tasks, and templates to manage configurations. Distributions can be created by selecting bundles, dependencies, packaging, and deployment targets, and customizing existing distributions.

Sso every wherePaul Seiler

OpenID Connect FederationAndreas ?kre Solberg

Dataporten for grunnoppl?ringa - Workshop September 2017Andreas ?kre Solberg

Dataporten WorkshopAndreas ?kre Solberg

DataportenAndreas ?kre Solberg

Dataporten for Sigma2, HellAndreas ?kre Solberg

Dataporten intro (workshop with Difi)Andreas ?kre Solberg

UNINETT Feide Connect (Feide fagdag)Andreas ?kre Solberg

Connect (UNINETT-konferansen, Troms?)Andreas ?kre Solberg

Connect (USIT)Andreas ?kre Solberg

Connect (Feide fagdag, Gardemoen)Andreas ?kre Solberg

Norsk UH-sektor og ?kosystemer for identitet og integrasjoner i skyenAndreas ?kre Solberg

Feide Connect �C Standard Norge February 2015Andreas ?kre Solberg

Feide Connect provides single sign-on access to over 300 services for 380 Norwegian educational institutions through 75 million annual logins (2014). It uses SAML 2.0 and OAuth 2.0/OpenID Connect for authentication and authorization. Feide Connect provides APIs for user search, groups, and authentication of other services. It supports web, mobile, and desktop applications as well as long-lived access via tokens. A pilot project begins in June 2015 for service providers to connect to the platform.

Feide Connect SUHS 2014Andreas ?kre Solberg

Feide Connect (NOKIOS 2014)Andreas ?kre Solberg

Feide Connect TNC2014Andreas ?kre Solberg

Feide Connect is a next generation service platform for educational users in Norway that supports mobile and third-party interactions through standardized APIs and protocols. It addresses gaps in middleware infrastructure by building on HTTP, OAuth 2.0, OpenID Connect, and other open standards. The platform provides features like single sign-on, authorization management, user and group profiles, third-party API access, application stores, activity streams, and developer tools. It aims to simplify authentication, access control, and integration across different services and administrative domains through open protocols and established trust relationships. While still under development, the platform demonstrates widgets, apps, and tools that can be easily integrated and auto-configured to work within Feide Connect's authorization framework.

Feide connect tnc2014Andreas ?kre Solberg

Feide Connect is a next generation authentication and authorization platform for educational users in Norway that supports mobile and multi-tier applications across administrative domains. It addresses gaps in supporting these types of modern applications with today's middleware infrastructure. Feide Connect uses APIs and standards like SAML, OAuth, and JavaScript to enable single sign-on and simplify setup of services like Etherpad and Adobe Connect. It is currently in development and planning stages with prototypes of developer dashboards, activity streams, app stores, and widgets to share content to specific groups.

SCIM and VOOTAndreas ?kre Solberg

Feide Connect (IoU Fagdag)Andreas ?kre Solberg

This document discusses Feide Connect, a next generation service platform for educational users in Norway. It provides context-aware integration of services through standardized APIs and authentication. This allows small services and applications to access user data and integrate with other apps. Key benefits include avoiding vendor lock-in, enabling selection of best-of-breed services, and promoting competition. Feide Connect supports registration of applications, requesting access to APIs, viewing APIs, and single sign-on for users across services and institutions.

Feide ConnectAndreas ?kre Solberg

This document discusses Feide Connect, a next generation service platform for advanced services and collaboration in higher education. It aims to provide a more seamless user experience across services through single sign-on authentication and additional features like user profiles, groups, activity streams, and open APIs. Rather than relying solely on SAML protocols, it advocates adopting modern OAuth standards and exposing functionality through REST APIs to better support mobile and third-party clients. Key components discussed include authentication, managing user groups and roles, searchable user profiles, activity streams, notifications, open data sharing, self-service tools for third-party clients, and international collaboration.

Feide ConnectAndreas ?kre Solberg

The document describes Feide Connect, a new platform for advanced collaboration services in higher education. Feide Connect uses APIs and OAuth instead of SAML for authentication, making integration simpler for service providers. It provides additional services like group management, person search, activity streams, and federated widgets. Feide Connect also includes an API authorization management system to securely provide access to university data through third party applications and services. The goals of Feide Connect are to improve collaboration both within and between universities through open standards and easy integration.

UWAP TjenesteplattformAndreas ?kre Solberg

The document discusses the need for a service platform for the education sector that goes beyond single sign-on. It proposes a modern platform based on OAuth and REST APIs that provides common services like user management, groups, activity streams, and notifications. This would allow applications to integrate these services through simple libraries and APIs. The platform could also offer app hosting, federated widgets, and an app store. UNINETT's work on such a platform could benefit the education sector by providing a common solution for collaboration services.

UNINETT IoU - UWAP PrototypeAndreas ?kre Solberg

Technology use over time and its impact on consumers and businesses.pptxkaylagaze

Both Feet on the Ground - Generative Artificial IntelligencePete Nieminen

More Related Content

More from Andreas ?kre Solberg (20)

Dataporten WorkshopAndreas ?kre Solberg

DataportenAndreas ?kre Solberg

Dataporten for Sigma2, HellAndreas ?kre Solberg

Dataporten intro (workshop with Difi)Andreas ?kre Solberg

UNINETT Feide Connect (Feide fagdag)Andreas ?kre Solberg

Connect (UNINETT-konferansen, Troms?)Andreas ?kre Solberg

Connect (USIT)Andreas ?kre Solberg

Connect (Feide fagdag, Gardemoen)Andreas ?kre Solberg

Norsk UH-sektor og ?kosystemer for identitet og integrasjoner i skyenAndreas ?kre Solberg

Feide Connect �C Standard Norge February 2015Andreas ?kre Solberg

Feide Connect SUHS 2014Andreas ?kre Solberg

Feide Connect (NOKIOS 2014)Andreas ?kre Solberg

Feide Connect TNC2014Andreas ?kre Solberg

Feide connect tnc2014Andreas ?kre Solberg

SCIM and VOOTAndreas ?kre Solberg

Feide Connect (IoU Fagdag)Andreas ?kre Solberg

Feide ConnectAndreas ?kre Solberg

UWAP TjenesteplattformAndreas ?kre Solberg

UNINETT IoU - UWAP PrototypeAndreas ?kre Solberg

Dataporten WorkshopAndreas ?kre Solberg

DataportenAndreas ?kre Solberg

Dataporten for Sigma2, HellAndreas ?kre Solberg

Dataporten intro (workshop with Difi)Andreas ?kre Solberg

UNINETT Feide Connect (Feide fagdag)Andreas ?kre Solberg

Connect (UNINETT-konferansen, Troms?)Andreas ?kre Solberg

Connect (USIT)Andreas ?kre Solberg

Connect (Feide fagdag, Gardemoen)Andreas ?kre Solberg

Norsk UH-sektor og ?kosystemer for identitet og integrasjoner i skyenAndreas ?kre Solberg

Feide Connect �C Standard Norge February 2015Andreas ?kre Solberg

Feide Connect SUHS 2014Andreas ?kre Solberg

Feide Connect (NOKIOS 2014)Andreas ?kre Solberg

Feide Connect TNC2014Andreas ?kre Solberg

Feide connect tnc2014Andreas ?kre Solberg

SCIM and VOOTAndreas ?kre Solberg

Feide Connect (IoU Fagdag)Andreas ?kre Solberg

Feide ConnectAndreas ?kre Solberg

UWAP TjenesteplattformAndreas ?kre Solberg

UNINETT IoU - UWAP PrototypeAndreas ?kre Solberg

Recently uploaded (20)

Technology use over time and its impact on consumers and businesses.pptxkaylagaze

Both Feet on the Ground - Generative Artificial IntelligencePete Nieminen

Replacing RocksDB with ScyllaDB in Kafka Streams by Almog GavraScyllaDB

Stronger Together: Combining Data Quality and Governance for Confident AI & A...Precisely

Integrated Operating Window - A Gateway to PMFarhan Tariq

DAO UTokyo 2025 DLT mass adoption case studies IBM Tsuyoshi Hirayama (ƽɽ��)Tsuyoshi Hirayama

What Makes "Deep Research"? A Dive into AI AgentsZilliz

About this webinar: Unless you live under a rock, you will have heard about OpenAI��s release of Deep Research on Feb 2, 2025. This new product promises to revolutionize how we answer questions requiring the synthesis of large amounts of diverse information. But how does this technology work, and why is Deep Research a noticeable improvement over previous attempts? In this webinar, we will examine the concepts underpinning modern agents using our basic clone, Deep Searcher, as an example. Topics covered: Tool use Structured output Reflection Reasoning models Planning Types of agentic memory

L01 Introduction to Nanoindentation - What is hardnessRostislavDaniel

Unlock AI Creativity: Image Generation with DALL��EExpeed Software

Discover the power of AI image generation with DALL��E, an advanced AI model that transforms text prompts into stunning, high-quality visuals. This presentation explores how artificial intelligence is revolutionizing digital creativity, from graphic design to content creation and marketing. Learn about the technology behind DALL��E, its real-world applications, and how businesses can leverage AI-generated art for innovation. Whether you're a designer, developer, or marketer, this guide will help you unlock new creative possibilities with AI-driven image synthesis.

30B Images and Counting: Scaling Canva's Content-Understanding Pipelines by K...ScyllaDB

[Webinar] Scaling Made Simple: Getting Started with No-Code Web AppsSafe Software

Ready to simplify workflow sharing across your organization without diving into complex coding? With FME Flow Apps, you can build no-code web apps that make your data work harder for you �� fast. In this webinar, we��ll show you how to: Build and deploy Workspace Apps to create an intuitive user interface for self-serve data processing and validation. Automate processes using Automation Apps. Learn to create a no-code web app to kick off workflows tailored to your needs, trigger multiple workspaces and external actions, and use conditional filtering within automations to control your workflows. Create a centralized portal with Gallery Apps to share a collection of no-code web apps across your organization. Through real-world examples and practical demos, you��ll learn how to transform your workflows into intuitive, self-serve solutions that empower your team and save you time. We can��t wait to show you what��s possible!

AIXMOOC 2.3 - Modelli di reti neurali con esperimenti di addestramentoAlessandro Bogliolo

FinTech - US Annual Funding Report - 2024.pptxTracxn

Formal Methods: Whence and Whither? [Martin Fr?nzle Festkolloquium, 2025]Jonathan Bowen

Alan Turing arguably wrote the first paper on formal methods 75 years ago. Since then, there have been claims and counterclaims about formal methods. Tool development has been slow but aided by Moore��s Law with the increasing power of computers. Although formal methods are not widespread in practical usage at a heavyweight level, their influence as crept into software engineering practice to the extent that they are no longer necessarily called formal methods in their use. In addition, in areas where safety and security are important, with the increasing use of computers in such applications, formal methods are a viable way to improve the reliability of such software-based systems. Their use in hardware where a mistake can be very costly is also important. This talk explores the journey of formal methods to the present day and speculates on future directions.

Field Device Management Market Report 2030 - TechSci ResearchVipin Mishra

The Global Field Device Management (FDM) Market is expected to experience significant growth in the forecast period from 2026 to 2030, driven by the integration of advanced technologies aimed at improving industrial operations. ? According to TechSci Research, the Global Field Device Management Market was valued at USD 1,506.34 million in 2023 and is anticipated to grow at a CAGR of 6.72% through 2030. FDM plays a vital role in the centralized oversight and optimization of industrial field devices, including sensors, actuators, and controllers. Key tasks managed under FDM include: Configuration Monitoring Diagnostics Maintenance Performance optimization FDM solutions offer a comprehensive platform for real-time data collection, analysis, and decision-making, enabling: Proactive maintenance Predictive analytics Remote monitoring By streamlining operations and ensuring compliance, FDM enhances operational efficiency, reduces downtime, and improves asset reliability, ultimately leading to greater performance in industrial processes. FDM��s emphasis on predictive maintenance is particularly important in ensuring the long-term sustainability and success of industrial operations. For more information, explore the full report: https://shorturl.at/EJnzR Major companies operating in Global?Field Device Management Market are: General Electric Co Siemens AG ABB Ltd Emerson Electric Co Aveva Group Ltd Schneider Electric SE STMicroelectronics Inc Techno Systems Inc Semiconductor Components Industries LLC International Business Machines Corporation (IBM) #FieldDeviceManagement #IndustrialAutomation #PredictiveMaintenance #TechInnovation #IndustrialEfficiency #RemoteMonitoring #TechAdvancements #MarketGrowth #OperationalExcellence #SensorsAndActuators

Understanding Traditional AI with Custom Vision & MuleSoft.pptxshyamraj55

Understanding Traditional AI with Custom Vision & MuleSoft.pptx | ### �ݺ�ߣ Deck Description: This presentation features Atul, a Senior Solution Architect at NTT DATA, sharing his journey into traditional AI using Azure's Custom Vision tool. He discusses how AI mimics human thinking and reasoning, differentiates between predictive and generative AI, and demonstrates a real-world use case. The session covers the step-by-step process of creating and training an AI model for image classification and object detection��specifically, an ad display that adapts based on the viewer's gender. Atulavan highlights the ease of implementation without deep software or programming expertise. The presentation concludes with a Q&A session addressing technical and privacy concerns.

DealBook of Ukraine: 2025 edition | AVentures CapitalYevgen Sysoyev

SMART SENTRY CYBER THREAT INTELLIGENCE IN IIOTTanmaiArni

Early Adopter's Guide to AI Moderation (Preview)nick896721

Cloud of everything Tech of the 21 century in AviationAssem mousa

Technology use over time and its impact on consumers and businesses.pptxkaylagaze

Both Feet on the Ground - Generative Artificial IntelligencePete Nieminen

Replacing RocksDB with ScyllaDB in Kafka Streams by Almog GavraScyllaDB

Stronger Together: Combining Data Quality and Governance for Confident AI & A...Precisely

Integrated Operating Window - A Gateway to PMFarhan Tariq

DAO UTokyo 2025 DLT mass adoption case studies IBM Tsuyoshi Hirayama (ƽɽ��)Tsuyoshi Hirayama

What Makes "Deep Research"? A Dive into AI AgentsZilliz

L01 Introduction to Nanoindentation - What is hardnessRostislavDaniel

Unlock AI Creativity: Image Generation with DALL��EExpeed Software

30B Images and Counting: Scaling Canva's Content-Understanding Pipelines by K...ScyllaDB

[Webinar] Scaling Made Simple: Getting Started with No-Code Web AppsSafe Software

AIXMOOC 2.3 - Modelli di reti neurali con esperimenti di addestramentoAlessandro Bogliolo

FinTech - US Annual Funding Report - 2024.pptxTracxn

Formal Methods: Whence and Whither? [Martin Fr?nzle Festkolloquium, 2025]Jonathan Bowen

Field Device Management Market Report 2030 - TechSci ResearchVipin Mishra

Understanding Traditional AI with Custom Vision & MuleSoft.pptxshyamraj55

DealBook of Ukraine: 2025 edition | AVentures CapitalYevgen Sysoyev

SMART SENTRY CYBER THREAT INTELLIGENCE IN IIOTTanmaiArni

Early Adopter's Guide to AI Moderation (Preview)nick896721

Cloud of everything Tech of the 21 century in AviationAssem mousa

OAuth 2.0

1. OAuth 2.0 Andreas ?kre Solberg, UNINETT AS March 19th, 2013

2. Authorization code Token ?ow storage Authorization Feide Resource server server aut iss hen ted g i ap tec sin ues tica nt pro cces gra tok tes a ne Client Resource owner (with browser)

3. Implicit grant Token ?ow storage Authorization Feide Resource server server grant i ap issues token au th d te ent e c ic ot at p r es i ng s c es ac browser Resource owner (with browser)

4. ? Authorization Code ? Implicit Grant ? (Resource Owner Password Credentials) ? (Client Credentials)

5. ? Accessing protected API ? How do we obtain the token? Token storage Authorization Feide Resource server server aut iss hen ted g i ap tec sin ues tica nt pro cces gra tok tes a n e Client Resource owner (with browser)

6. Authorization Code Flow ? Authorization Request ? User authenticates Token storage ? User accepts client grant Feide Authorization server Resource server aut iss hen ted g i ap tec sin ues tica nt pro cces gra tok tes a n e Client Resource owner (with browser)

7. ? Access token request Token storage ? Access token response Authorization Feide Resource server server aut iss hen ted g i ap tec sin ues tica nt pro cces gra tok tes a n e Client Resource owner (with browser)

8. Implicit Grant Flow ? Authorization Request ? User authenticates Token storage ? User accepts client grant Feide Authorization Resource server server grant i ap issues token au th ed ent e ct ic ot at pr es g sin c es ac browser Resource owner (with browser)

9. Client Token storage storage Client Authorization Feide Resource server Management server Client Client owner Resource owner (with browser) (with browser)

10. Resource server UWAP Token Client storage storage Feide SOA Authorization Client Gatekeeper server Management Client Client owner

�ݺ�ߣ

OAuth 2.0

Recommended

More Related Content

More from Andreas ?kre Solberg (20)

Recently uploaded (20)

OAuth 2.0