Spring Social: For the New Web of APIs
|
|
- Roy York
- 5 years ago
- Views:
Transcription
1 Spring Social: For the New Web of APIs Craig Walls - #springsocial 2011 SpringOne 2GX All rights reserved. Do not distribute without permission.
2 Agenda Socializing Your Applications Securing the Social Web Introducing Spring Social Demo Contributing to Spring Social Q & A 2
3 Socializing Your Applications SpringOne 2GX All rights reserved. Do not distribute without permission.
4 The Web is Social 800 million Facebook users Expected to reach 1 billion by million active Twitter users 200 million Twitter readers Nearly 4 in 5 active internet users visit social networks and blogs Opportunities Build/reenforce brand loyalty Listen for and react to customer opinion Drive qualified traffic to your site/product Enhance user experience 4
5 APIs Everywhere! Most service providers have a REST API Varying APIs Different concepts Different resource URLs Different formats (JSON, XML) Different error handling Most APIs secured with OAuth 5
6 Example: Searching Twitter 6
7 Example: Fetch a Facebook Profile Facebook Graph API in a nutshell: ID} ID}/{connection} 7
8 Example: Posting a Tweet Using Spring s RestTemplate: Uh-Oh! RestTemplate rest = new RestTemplate(); MultiValueMap<String, Object> tweetparams = new LinkedMultiValueMap<String, Object>(); tweetparams.add("status", "Hello from #springone2gx2011!"); rest.postforobject( " tweetparams, String.class); WARNING: POST request for " resulted in 401 (Unauthorized); invoking error handler org.springframework.web.client.httpclienterrorexception: 401 Unauthorized! at org.springframework.web.client.defaultresponseerrorhandler.handleerror(defaultresponseer rorhandler.java:75)! at org.springframework.web.client.resttemplate.handleresponseerror(resttemplate.java:486) 8
9 Securing the Social Web SpringOne 2GX All rights reserved. Do not distribute without permission.
10 OAuth Open standard for authorization The user is the security admin Whether to allow/deny access The scope of access Three versions of OAuth: OAuth 1.0 OAuth 1.0a OAuth 2 OAuth 2 is not final! 22 drafts of the specification 10
11 The OAuth 1 Dance A.Request an unauthorized request token B.Request token returned to consumer C.Redirect user to provider for authorization D.Authorization verifier returned to consumer (OAuth 1.0a) E.Exchange request token/verifier for access token F.Access token and secret returned to consumer G.Sign requests using access token to access API endpoints 11
12 Signing Requests in OAuth 1 Create a base string: Sort all query/form parameters Concatenate them, separated with & HTTP Method + & + URL + & + sorted parameters Encrypt the base string to create the signature HMAC-SHA1 is commonly supported Spec also allows for PLAINTEXT and RSA-SHA1 Add Authorization header to the request... Authorization: OAuth oauth_callback="oob", oauth_signature="cyajrkmsnvemfg71tqmbsfof6bu%3d", oauth_version="1.0", oauth_nonce=" ", oauth_signature_method="hmac-sha1", oauth_consumer_key="kqam0gipct2owetytlpsug", oauth_token=" st1sor9vkup65jaly2hfox8yqot0aa29jjvkrjsk", oauth_timestamp=" " 12
13 Introducing OAuth 2 Much simpler than OAuth 1.0/1.0a No concept of request token Leverages HTTPS No need to encrypt access token No signature or canonicalization of the request Simpler Authorization header Multiple grant types Scoped authorization Short-lived tokens, long-lived authorization Separate roles of authorization server and resource server 13
14 Authorization Code Grant Similar to OAuth 1.0a flow Starts with redirect to provider for authorization After authorization, redirects back to client with code query parameter Code is exchanged for access token Client is able to keep tokens confidential Commonly used for web apps connecting with providers 14
15 Implicit Grant Simplified authorization flow After authorization, redirects back to client with access token in fragment parameter Reduced round-trips Refresh token is not supported Commonly used by inbrowser JavaScript apps 15
16 Resource Owner Credentials Grant Directly exchanges user s credentials for an access token Useful where the client is well-trusted by the user and where a browser redirect would be awkward Commonly used with mobile apps 16
17 Client Credentials Grant Directly exchanges the client s credentials for an access token For accessing client-owned resources (no user involvement) 17
18 The OAuth 2 Authorization Header Much simpler than OAuth 1 Drafts Authorization: Bearer e139a950-2fc a2b572108c5 Differs across OAuth 2 drafts... Drafts Authorization: BEARER e139a950-2fc a2b572108c5 Draft 10 Authorization: OAuth e139a950-2fc a2b572108c5 Drafts 1-9 Authorization: Token token= e139a950-2fc a2b572108c5 18
19 Example: Facebook Profile Revisited 19
20 Example: Post a Tweet Revisited Using Spring s RestTemplate: RestTemplate rest = new RestTemplate(); HttpHeaders headers = new HttpHeaders(); String authorizationheader =...; // Create the header...somehow headers.add("authorization", authorizationheader); MultiValueMap<String, String> parameters = new LinkedMultiValueMap<String, String>(); parameters.set("status", "Hello from #springone2gx2011!"); HttpEntity<MultiValueMap<String, String>> requestentity = new HttpEntity<MultiValueMap<String, String>>(parameters, headers); ResponseEntity<Tweet> response = rest.exchange( " HttpMethod.POST, requestentity, Tweet.class); 20
21 Introducing Spring Social SpringOne 2GX All rights reserved. Do not distribute without permission.
22 API Challenges Differing APIs Different approaches endpoint URL Binding JSON/XML responses to Java objects Inconsistency in error handling Multiple versions and drafts of OAuth Signing requests for OAuth Especially challenging with OAuth 1 Long-term storage of access tokens 22
23 Spring Social Extension to Spring Framework to enable connectivity with Software-as-a-Service providers Features... An extensible connection framework A connect controller Java API bindings A sign-in controller 23
24 Spring Social Projects Spring Social Core Spring Social Facebook Spring Social Twitter Spring Social LinkedIn Spring Social TripIt Spring Social GitHub Spring Social Gowalla Spring Social Samples Includes Showcase, Quickstart, Movies, Canvas, Twitter4J, Popup 24
25 Spring Social s Key Components Connection Factories Creates connections; Handles back-end of authorization flow Connect Controller Orchestrates the web-based connection flow Connection Repository Persists connections for long-term use Connection Factory Locator Used by connect controller and connection repository to find connection factories API Bindings Perform requests to APIs, binding to domain objects, error-handling Provider Sign-In Controller Signs a user into an application based on an existing connection 25
26 Key Steps to Socializing an Application Configure Spring Social beans Connection Factory Locator and Connection Factories Connection Repository Connect Controller API Bindings Create connection status views Inject/use API bindings 26
27 proxymode=scopedproxymode.interfaces) public ConnectionFactoryLocator connectionfactorylocator() { ConnectionFactoryRegistry registry = new ConnectionFactoryRegistry(); registry.addconnectionfactory( new TwitterConnectionFactory( environment.getproperty("twitter.consumerkey"), environment.getproperty("twitter.consumersecret"))); registry.addconnectionfactory( new FacebookConnectionFactory( environment.getproperty("facebook.clientid"), environment.getproperty("facebook.clientsecret"))); } return registry; 27
28 Configuration: proxymode=scopedproxymode.interfaces)! public ConnectionRepository connectionrepository() { Authentication authentication = SecurityContextHolder.getContext().getAuthentication(); if (authentication == null) { throw new IllegalStateException( "Unable to get a ConnectionRepository: no user signed in"); } return usersconnectionrepository().createconnectionrepository( proxymode=scopedproxymode.interfaces) public UsersConnectionRepository usersconnectionrepository() { return new JdbcUsersConnectionRepository( datasource, connectionfactorylocator(), Encryptors.noOpText()); } 28
29 Configuration: public ConnectController connectcontroller() { return new ConnectController(connectionFactoryLocator(), connectionrepository()); } 29
30 Configuration: proxymode=scopedproxymode.interfaces)! public Facebook facebook() { Connection<Facebook> facebook = connectionrepository().findprimaryconnection(facebook.class); return facebook!= null? facebook.getapi() : new proxymode=scopedproxymode.interfaces)! public Twitter twitter() { Connection<Twitter> twitter = connectionrepository().findprimaryconnection(twitter.class); return twitter!= null? twitter.getapi() : new TwitterTemplate(); } 30
31 Injecting and Using the API public class TwitterTimelineController {! private final Twitter public TwitterTimelineController(Twitter twitter) {!! this.twitter = twitter;! method=requestmethod.post)! public String posttweet(string message) {!! twitter.timelineoperations().updatestatus(message);!! return "redirect:/twitter";! } 31
32 ConnectController Endpoints GET /connect Displays connection status for all providers GET /connect/{provider} Displays connection status for a given provider POST /connect/{provider} Initiates the authorization flow, redirecting to the provider GET /connect/{provider}?oauth_token={token} Handles an OAuth 1 callback GET /connect/{provider}?code={authorization code} Handles an OAuth 2 callback DELETE /connect/{provider} Removes all connections for a user to the given provider DELETE /connect/{provider}/{provider user ID} Removes a specific connection for the user to the given provider 32
33 ConnectController Flow Your Application GET /connect/{provider ID} ConnectController Service Provider (Twitter, Facebook, etc) Display connection status page 33
34 ConnectController Flow Your Application POST /connect/{provider ID} ConnectController Service Provider (Twitter, Facebook, etc) Initiate connection flow 33
35 ConnectController Flow Your Application ConnectController Service Provider (Twitter, Facebook, etc) Fetch request token (OAuth 1.0/1.0a only) 33
36 ConnectController Flow Your Application ConnectController Service Provider (Twitter, Facebook, etc) Redirect browser to provider s authorization page 33
37 ConnectController Flow Your Application ConnectController Service Provider (Twitter, Facebook, etc) Redirect browser to provider s authorization page 33
38 ConnectController Flow Your Application GET /connect/{provider ID}?oauth_token={token} GET /connect/{provider ID}?code={code} ConnectController Service Provider (Twitter, Facebook, etc) Provider redirects to callback URL 33
39 ConnectController Flow Your Application ConnectController Service Provider (Twitter, Facebook, etc) Exchange request token and/or code for access token 33
40 ConnectController Flow Your Application ConnectController Service Provider (Twitter, Facebook, etc) Application can make API calls via API binding 33
41 Connection Status Page View <form action="<c:url value="/connect/twitter" />" method="post"> <div class="forminfo"> <p> You haven't created any connections with Twitter yet. Click the button to connect with your Twitter account. </p> </div> <p> <button type="submit"> <img src="<c:url value="/resources/social/twitter/connect-with-twitter.png" />"/> </button> </p> </form> 34
42 Provider Sign In A convenience for users Enables authentication to an app using their connection as credentials Implemented with ProviderSignInController Works consistently with any provider 35
43 Configuration: ProviderSignInController Performs a similar flow as ConnectController Compares connections (by user ID) If there s a match, the user is signed into the application Otherwise, the user is sent to signup page Connection is be established after public ProviderSignInController providersignincontroller( RequestCache requestcache) { return new ProviderSignInController(connectionFactoryLocator(), usersconnectionrepository(), new SimpleSignInAdapter(requestCache)); } 36
44 ProviderSignInController Endpoints POST /signin/{provider} Initiates the authorization flow, redirecting to the provider GET /signin/{provider}?oauth_token={token} Handles an OAuth 1 callback GET /signin/{provider}?code={authorization code} Handles an OAuth 2 callback GET /signin Handles a callback when no oauth token or code is sent Likely indicates that the user declined authorization 37
45 Demo Spring Social Showcase SpringOne 2GX All rights reserved. Do not distribute without permission.
46 Contributing to Spring Social SpringOne 2GX All rights reserved. Do not distribute without permission.
47 Spring Social is a Social Open-Source Project You re invited to join in! Discuss in the forum Suggest improvements and report bugs Core: Facebook: Twitter: LinkedIn: TripIt: GitHub: Gowalla: Contribute improvements and fixes Create new service provider modules 40
48 Contributing Improvements and Bug Fixes Spring Social is on GitHub! Basic Steps: Fork the project Make your changes Submit a pull request 41
49 Creating a New Provider Module Create the 4 Components of Provider Connectivity: An API Binding A Service Provider An API Adapter A Connection Factory 42
50 API Binding Design Guidelines Separate binding interface from implementation Organize API hierarchically public interface Twitter extends ApiBinding { DirectMessageOperations directmessageoperations(); FriendOperations friendoperations(); GeoOperations geooperations(); ListOperations listoperations(); public interface DirectMessageOperations { SearchOperations searchoperations(); List<DirectMessage> getdirectmessagesreceived(); TimelineOperations timelineoperations(); List<DirectMessage> getdirectmessagessent(); UserOperations useroperations(); void senddirectmessage(string toscreenname, String text); } void senddirectmessage(long touserid, String text); void deletedirectmessage(long messageid); } 43
51 API Binding Implementation Support May extend AbstractOAuth1Binding or AbstractOAuth2Binding public class TwitterTemplate extends AbstractOAuth1ApiBinding { public TwitterTemplate(String consumerkey, String consumersecret, String accesstoken, String accesstokensecret) { super(consumerkey, consumersecret, accesstoken, accesstokensecret); } } Call getresttemplate() when implementing API calls public TwitterProfile getuserprofile() { return getresttemplate().getforobject( builduri("account/verify_credentials.json"), TwitterProfile.class); } 44
52 Service Provider Allows users to authorize with the remote provider public final class TwitterServiceProvider extends AbstractOAuth1ServiceProvider<Twitter> { } public TwitterServiceProvider(String consumerkey, String consumersecret) { super(consumerkey, consumersecret, new OAuth1Template( consumerkey, consumersecret, " " " " } public Twitter getapi(string accesstoken, String secret) { return new TwitterTemplate(getConsumerKey(), getconsumersecret(), accesstoken, secret); } 45
53 API Adapter Maps provider s native API onto Spring Social s connection model public class TwitterAdapter implements ApiAdapter<Twitter> { public boolean test(twitter twitter) {... } public void setconnectionvalues(twitter twitter, ConnectionValues values) {... } public UserProfile fetchuserprofile(twitter twitter) {... } public void updatestatus(twitter twitter, String message) {... } } 46
54 API Adapter Maps provider s native API onto Spring Social s connection model public class TwitterAdapter implements ApiAdapter<Twitter> { } public boolean test(twitter twitter) { try { twitter.useroperations().getuserprofile(); return true; } catch (ApiException e) { return false; } } public void setconnectionvalues(twitter twitter, ConnectionValues values) {... } public UserProfile fetchuserprofile(twitter twitter) {... } public void updatestatus(twitter twitter, String message) {... } 47
55 API Adapter Maps provider s native API onto Spring Social s connection model public class TwitterAdapter implements ApiAdapter<Twitter> { } public boolean test(twitter twitter) {... } public void setconnectionvalues(twitter twitter, ConnectionValues values) { TwitterProfile profile = twitter.useroperations().getuserprofile(); values.setprovideruserid(long.tostring(profile.getid())); values.setdisplayname("@" + profile.getscreenname()); values.setprofileurl(profile.getprofileurl()); values.setimageurl(profile.getprofileimageurl()); } public UserProfile fetchuserprofile(twitter twitter) {... } public void updatestatus(twitter twitter, String message) {... } 48
56 API Adapter Maps provider s native API onto Spring Social s connection model public class TwitterAdapter implements ApiAdapter<Twitter> { } public boolean test(twitter twitter) {... } public void setconnectionvalues(twitter twitter, ConnectionValues values) {... } public UserProfile fetchuserprofile(twitter twitter) { TwitterProfile profile = twitter.useroperations().getuserprofile(); return new UserProfileBuilder().setName(profile.getName()).setUsername( profile.getscreenname()).build(); } public void updatestatus(twitter twitter, String message) {... } 49
57 API Adapter Maps provider s native API onto Spring Social s connection model public class TwitterAdapter implements ApiAdapter<Twitter> { } public boolean test(twitter twitter) {... } public void setconnectionvalues(twitter twitter, ConnectionValues values) {... } public UserProfile fetchuserprofile(twitter twitter) {... } public void updatestatus(twitter twitter, String message) { twitter.timelineoperations().updatestatus(message);! } 50
58 Connection Factory Brings together the Service Provider, API Binding, and API Adapter public class TwitterConnectionFactory extends OAuth1ConnectionFactory<Facebook> { public TwitterConnectionFactory(String consumerkey, String consumersecret) { super("twitter", new TwitterServiceProvider(consumerKey, consumersecret), new TwitterAdapter()); } Provider ID } Connection factory can be used on its own or configured into a connection factory locator 51
59 Community Contributions Spring Social Foursquare Spring Social Instagram Spring Social Yammer Spring Social Google Spring Social Dropbox 52
60 Community Contributions (continued) Spring Social Viadeo Spring Social Vkontakte (VK) Spring Social/Spring Security Module Spring Social Grails Plugin Spring Social??? 53
61 Q&A SpringOne 2GX All rights reserved. Do not distribute without permission.
Multi Client Development with Spring
Multi Client Development with Spring Josh Long Spring Developer Advocate, SpringSource, a Division of VMWare http://www.joshlong.com @starbuxman josh.long@springsource.com 2012 SpringOne 2GX 2012. All
More informationSpring Social Twitter Reference Manual. Craig Walls Keith Donald
Reference Manual Craig Walls Keith Donald Reference Manual by Craig Walls and Keith Donald SpringSource Inc., 2011 Table of Contents 1. Overview... 1 1.1. Introduction... 1 1.2. How to get... 1 2. Configuring
More informationSpring Social Reference Manual. Craig Walls Keith Donald
Reference Manual Craig Walls Keith Donald Reference Manual by Craig Walls and Keith Donald 1.0.0.M2 SpringSource Inc., 2011 Table of Contents 1. Spring Social Overview... 1 1.1. Introduction... 1 1.2.
More informationThe Current State of OAuth 2. Aaron Open Source Bridge Portland, June 2011
The Current State of OAuth 2 Aaron Parecki Open Source Bridge Portland, June 2011 A Brief History Before OAuth aka the Dark Ages If a third party wanted access to an account, you d give them your password.
More informationIdentity and Data Access: OpenID & OAuth
Feedback: http://goo.gl/dpubh #io2011 #TechTalk Identity and Data Access: OpenID & OAuth Ryan Boyd @ryguyrg https://profiles.google.com/ryanboyd May 11th 2011 Agenda Feedback: http://goo.gl/dpubh #io2011
More informationAuthorization and Authentication
CHAPTER 2 Cisco WebEx Social API requests must come through an authorized API consumer and be issued by an authenticated Cisco WebEx Social user. The Cisco WebEx Social API uses the Open Authorization
More informationPowerExchange for Facebook: How to Configure Open Authentication using the OAuth Utility
PowerExchange for Facebook: How to Configure Open Authentication using the OAuth Utility 2013 Informatica Corporation. No part of this document may be reproduced or transmitted in any form, by any means
More informationUsing OAuth 2.0 to Access ionbiz APIs
Using OAuth 2.0 to Access ionbiz APIs ionbiz APIs use the OAuth 2.0 protocol for authentication and authorization. ionbiz supports common OAuth 2.0 scenarios such as those for web server, installed, and
More informationONE SOCIAL. A Writing Project. Presented to. The Faculty of the Department of Computer Science. San José State University
ONE SOCIAL A Writing Project Presented to The Faculty of the Department of Computer Science San José State University In Partial Fulfillment of the Requirements for the Degree Master of Computer Science
More informationAPI Gateway. Version 7.5.1
O A U T H U S E R G U I D E API Gateway Version 7.5.1 15 September 2017 Copyright 2017 Axway All rights reserved. This documentation describes the following Axway software: Axway API Gateway 7.5.1 No part
More informationSOCIAL LOGIN FOR MAGENTO 2 USER GUIDE
1 User Guide Social Login for Magento 2 Extension SOCIAL LOGIN FOR MAGENTO 2 USER GUIDE BSSCOMMERCE 1 2 User Guide Social Login for Magento 2 Extension Contents 1. Social Login for Magento 2 Extension
More informationSOCIAL LOGIN FOR MAGENTO 2
1 User Guide Social Login for Magento 2 SOCIAL LOGIN FOR MAGENTO 2 USER GUIDE BSS COMMERCE 1 2 User Guide Social Login for Magento 2 Contents 1. Social Login for Magento 2 Extension Overview... 3 2. How
More informationSocial Media Login M2 USER MANUAL MAGEDELIGHT.COM SUPPORT E:
Social Media Login M2 USER MANUAL MAGEDELIGHT.COM SUPPORT E: SUPPORT@MAGEDELIGHT.COM P: +1-(248)-275-1202 License Key After successfully installing the Store Pickup extension on your Magento store, First
More informationIntegrating with ClearPass HTTP APIs
Integrating with ClearPass HTTP APIs HTTP based APIs The world of APIs is full concepts that are not immediately obvious to those of us without software development backgrounds and terms like REST, RPC,
More informationConnecting To Twitter & Google+ Using Python
Connecting To Twitter & Google+ Using Python +Wesley Chun @wescpy corepython.com OSCON, Jul 2012 I Teach (SF, Aug 1-3) 1 I Write (mainly Core Python books) I Code (now @ Google) 2 About You and This Talk
More informationOAuth2 Autoconfig. Copyright
Copyright Table of Contents... iii 1. Downloading... 1 1.1. Source... 1 1.2. Maven... 1 1.3. Gradle... 2 2. Authorization Server... 3 3. Resource Server... 4 I. Token Type in User Info... 5 II. Customizing
More informationMicrosoft Graph API Deep Dive
Microsoft Graph API Deep Dive Donald Hessing Lead Architect, Capgemini, The Netherlands Microsoft Certified Master (MCM) Agenda Introduction to Microsoft Graph API What is now and what is new in GA and
More informationopenid connect all the things
openid connect all the things @pquerna CTO, ScaleFT CoreOS Fest 2017-2017-07-01 Problem - More Client Devices per-human - Many Cloud Accounts - More Apps: yay k8s - More Distributed Teams - VPNs aren
More informationIntroduction to Kony Fabric
Kony Fabric Introduction to Kony Fabric Release V8 Document Relevance and Accuracy This document is considered relevant to the Release stated on this title page and the document version stated on the Revision
More informationAEM Mobile: Setting up Google as an Identity Provider
AEM Mobile: Setting up Google as an Identity Provider Requirement: Prerequisite knowledge Understanding of AEM Mobile Required Products AEM Mobile Google Account Generating the client ID and secret To
More informationsanction Documentation
sanction Documentation Release 0.4 Demian Brecht May 14, 2014 Contents 1 Overview 3 2 Quickstart 5 2.1 Instantiation............................................... 5 2.2 Authorization Request..........................................
More informationChris Schalk Ryan Boyd
Creating Server-Side and Mobile Mashups with OpenSocial's JavaTM Client Libraries Chris Schalk Ryan Boyd Google JavaOne 2009 Agenda OpenSocial Background/Overview OpenSocial REST support Introducing the
More informationOAuth with On-Premise ReportPlus Server Installation Guide
OAuth with On-Premise ReportPlus Server Installation Guide ReportPlus Server OAuth On-Premise ReportPlus Server Installation 1.0 Disclaimer THE INFORMATION CONTAINED IN THIS DOCUMENT IS PROVIDED AS IS
More informationMobile Procurement REST API (MOBPROC): Access Tokens
Mobile Procurement REST API (MOBPROC): Access Tokens Tangoe, Inc. 35 Executive Blvd. Orange, CT 06477 +1.203.859.9300 www.tangoe.com TABLE OF CONTENTS HOW TO REQUEST AN ACCESS TOKEN USING THE PASSWORD
More informationLogin with Amazon. Getting Started Guide for Websites
Login with Amazon Getting Started Guide for Websites Login with Amazon: Getting Started Guide for Websites Copyright 2017 Amazon Services, LLC or its affiliates. All rights reserved. Amazon and the Amazon
More informationLogin with Amazon How-to Guide
PDF last generated: August 28, 2017 Login with Amazon How-to Guide Version 3.02 Last generated: August 28, 2017 Login with Amazon How-to Guide Page 1 PDF last generated: August 28, 2017 Copyright 2017
More informationAuthentication in the Cloud. Stefan Seelmann
Authentication in the Cloud Stefan Seelmann Agenda Use Cases View Points Existing Solutions Upcoming Solutions Use Cases End user needs login to a site or service End user wants to share access to resources
More informationWEB API. Nuki Home Solutions GmbH. Münzgrabenstraße 92/ Graz Austria F
WEB API v 1. 1 0 8. 0 5. 2 0 1 8 1. Introduction 2. Calling URL 3. Swagger Interface Example API call through Swagger 4. Authentication API Tokens OAuth 2 Code Flow OAuth2 Authentication Example 1. Authorization
More informationOAuth App Impersonation Attack
OAuth App Impersonation Attack HOW TO LEAK A 100-MILLION-NODE SOCIAL GRAPH IN JUST ONE WEEK? A REFLECTION ON OAUTH AND API DESIGN IN ONLINE SOCIAL NETWORKS Pili Hu & Prof. Wing Cheong Lau The Chinese University
More informationSupported 3rd Party Authentication Providers for Odyssys
Supported 3rd Party Authentication Providers for Odyssys 1. Introduction... 3 1.1 Authentication Provider Menu... 3 1.2 Gateway Configuration... 4 2. Google+/Google Apps... 4 2.1 Prerequisites... 4 2.2
More informationConnect. explained. Vladimir Dzhuvinov. :
Connect explained Vladimir Dzhuvinov Email: vladimir@dzhuvinov.com : Twitter: @dzhivinov Married for 15 years to Java C Python JavaScript JavaScript on a bad day So what is OpenID Connect? OpenID Connect
More informationAdvanced API Security
Advanced API Security ITANA Group Nuwan Dias Architect 22/06/2017 Agenda 2 HTTP Basic Authentication Authorization: Basic QWxhZGRpbjpPcGVuU2VzYW1l 3 API Security is about controlling Access Delegation
More informationDeveloping Solutions for Google Cloud Platform (CPD200) Course Agenda
Developing Solutions for Google Cloud Platform (CPD200) Course Agenda Module 1: Developing Solutions for Google Cloud Platform Identify the advantages of Google Cloud Platform for solution development
More informationBuilding the Modern Research Data Portal using the Globus Platform. Rachana Ananthakrishnan GlobusWorld 2017
Building the Modern Research Data Portal using the Globus Platform Rachana Ananthakrishnan rachana@globus.org GlobusWorld 2017 Platform Questions How do you leverage Globus services in your own applications?
More information[SocialLogin] CED COMMERCE. ALL RIGHTS RESERVED.
CED COMMERCE. ALL RIGHTS RESERVED. SUPPORT@CEDCOMMERCE.COM [SocialLogin] SocialLogin extension is very useful extension for the magento ecommerce platform. It provides your store the feature to login /
More informationDownloading Tweet Streams and Parsing
and Parsing Ayan Bandyopadhyay IR Lab. CVPR Unit Indian Statistical Institute (Kolkata) To download this slide go to: https://goo.gl/aywi1s 1 and Parsing Downloading Tweet Streams It is imagined that Tweets
More informationSingle Sign-On for PCF. User's Guide
Single Sign-On for PCF Version 1.2 User's Guide 2018 Pivotal Software, Inc. Table of Contents Table of Contents Single Sign-On Overview Installation Getting Started with Single Sign-On Manage Service Plans
More informationDJOAuth2 Documentation
DJOAuth2 Documentation Release 0.6.0 Peter Downs Sep 27, 2017 Contents 1 Important Links 1 2 What is DJOAuth2? 3 3 Why use DJOAuth2? 5 4 What is implemented? 7 5 Quickstart Guide 9 5.1 Requirements...............................................
More informationNETSUITE INTEGRATION. Guide to Setting up Token-Based Authentication in NetSuite
NETSUITE INTEGRATION Guide to Setting up Token-Based Authentication in NetSuite +1 (877) 563-1405 contact@techfino.com This walk-thru guide will provide a step-bystep guide to getting started with token-based
More informationA How-to Guide to OAuth & API Security
WHITE PAPER NOVEMBER 2014 A How-to Guide to OAuth & API Security Make OAuth implementation simple for your organization 2 WHITE PAPER: MAKE OAUTH IMPLEMENTATION SIMPLE FOR YOUR ORGANIZATION Table of Contents
More informationAruba Central Application Programming Interface
Aruba Central Application Programming Interface User Guide Copyright Information Copyright 2016 Hewlett Packard Enterprise Development LP. Open Source Code This product includes code licensed under the
More informationThis tutorial is meant for software developers who want to learn how to lose less time on API integrations!
CloudRail About the Tutorial CloudRail is an API integration solution that speeds up the process of integrating third-party APIs into an application and maintaining them. It does so by providing libraries
More information1. License. 2. Introduction. a. Read Leaderboard b. Write and Flush Leaderboards Custom widgets, 3D widgets and VR mode...
Contents 1. License... 3 2. Introduction... 3 3. Plugin updates... 5 a. Update from previous versions to 2.7.0... 5 4. Example project... 6 5. GitHub Repository... 6 6. Getting started... 7 7. Plugin usage...
More informationAPI Signup Instructions
API Signup Instructions Pixabay The API Key for Pixabay is already included in the FotoPress plugin, so you don t need to do anything with it. Flickr 1. Flickr is also a part of Yahoo. If you already have
More informationDistributed Systems. 25. Authentication Paul Krzyzanowski. Rutgers University. Fall 2018
Distributed Systems 25. Authentication Paul Krzyzanowski Rutgers University Fall 2018 2018 Paul Krzyzanowski 1 Authentication For a user (or process): Establish & verify identity Then decide whether to
More informationOracle Fusion Middleware. API Gateway OAuth User Guide 11g Release 2 ( )
Oracle Fusion Middleware API Gateway OAuth User Guide 11g Release 2 (11.1.2.2.0) August 2013 Oracle API Gateway OAuth User Guide, 11g Release 2 (11.1.2.2.0) Copyright 1999, 2013, Oracle and/or its affiliates.
More informationConnect your Lotus Notes app to the Activity Stream with XPages. Frank van der Linden
Connect your Lotus Notes app to the Activity Stream with XPages Frank van der Linden Agenda Introduction Social Business oauth and OpenSocial Let s connect to the Activity Stream Post to the Activity Stream
More informationOAuth at Interactive Brokers
OAuth at Interactive Brokers November 9, 2017 1 Consumer Registration Consumers will need to provide the following in order to register as an authorized oauth consumer with Interactive Brokers. 1. A 2048-bit
More informationCS November 2018
Authentication Distributed Systems 25. Authentication For a user (or process): Establish & verify identity Then decide whether to allow access to resources (= authorization) Paul Krzyzanowski Rutgers University
More informationSOCIAL LOGIN USER GUIDE Version 1.0
support@magestore.com sales@magestore.com Phone: +1-415-954-7137 SOCIAL LOGIN USER GUIDE Version 1.0 Table of Contents 1. INTRODUCTION... 3 2. HOW TO USE... 4 2.1. Show Social Login buttons at many positions
More informationIf you are not registered as Developer yet, you need to click blue button Register.
Facebook 1. Login to your Facebook account. 2. Go to the Developers page: https://developers.facebook.com/ If you are not registered as Developer yet, you need to click blue button Register. FAQ: Question:
More informationSalesforce IoT REST API Getting Started Guide
Salesforce IoT REST API Getting Started Guide Version 42.0, Spring 18 @salesforcedocs Last updated: March 9, 2018 Copyright 2000 2018 salesforce.com, inc. All rights reserved. Salesforce is a registered
More informationOAuth 2.0 Incremental Auth
OAuth 2.0 Incremental Auth IETF 99 Prague, July 2017 William Denniss Incremental Auth Problem Statement Asking for the kitchen sink of scopes up-front is a bad thing. Users should have the context of the
More informationEnhancing cloud applications by using external authentication services. 2015, 2016 IBM Corporation
Enhancing cloud applications by using external authentication services After you complete this section, you should understand: Terminology such as authentication, identity, and ID token The benefits of
More informationGPII Security. Washington DC, November 2015
GPII Security Washington DC, November 2015 Outline User data User's device GPII Configuration use cases Preferences access and privacy filtering Work still to do Demo GPII User Data Preferences Device
More informationBlackBerry AtHoc Networked Crisis Communication. BlackBerry AtHoc API Quick Start Guide
BlackBerry AtHoc Networked Crisis Communication BlackBerry AtHoc API Quick Start Guide Release 7.6, September 2018 Copyright 2018 BlackBerry Limited. All Rights Reserved. This document may not be copied,
More informationNIELSEN API PORTAL USER REGISTRATION GUIDE
NIELSEN API PORTAL USER REGISTRATION GUIDE 1 INTRODUCTION In order to access the Nielsen API Portal services, there are three steps that need to be followed sequentially by the user: 1. User Registration
More informationOracle Fusion Middleware. Oracle API Gateway OAuth User Guide 11g Release 2 ( )
Oracle Fusion Middleware Oracle API Gateway OAuth User Guide 11g Release 2 (11.1.2.3.0) April 2014 Oracle API Gateway OAuth User Guide, 11g Release 2 (11.1.2.3.0) Copyright 1999, 2014, Oracle and/or its
More informationAccessing Web Files in Python
Accessing Web Files in Python Learning Objectives Understand simple web-based model of data Learn how to access web page content through Python Understand web services & API architecture/model See how
More informationExercise for OAuth2 security. Andreas Falk
Exercise for OAuth2 security Andreas Falk Table of Contents 1. What we will build....................................................................... 1 2. Step 1....................................................................................
More informationTutorial: Building the Services Ecosystem
Tutorial: Building the Services Ecosystem GlobusWorld 2018 Steve Tuecke tuecke@globus.org What is a services ecosystem? Anybody can build services with secure REST APIs App Globus Transfer Your Service
More informationDreamFactory Security Guide
DreamFactory Security Guide This white paper is designed to provide security information about DreamFactory. The sections below discuss the inherently secure characteristics of the platform and the explicit
More informationVelruse Documentation
Velruse Documentation Release 1.1.1 Ben Bangert Oct 01, 2017 Contents 1 Architecture 3 1.1 Auth Providers............................................. 4 1.2 Provider HTML Examples......................................
More informationCM Social Post Documentation
CM Social Post Documentation Release 1.0.1 CMExtension March 15, 2016 Contents 1 Overview 3 2 Install & update 5 3 Facebook application 7 4 Facebook personal timeline plugin 13 5 Facebook page timeline
More informationRKN 2015 Application Layer Short Summary
RKN 2015 Application Layer Short Summary HTTP standard version now: 1.1 (former 1.0 HTTP /2.0 in draft form, already used HTTP Requests Headers and body counterpart: answer Safe methods (requests): GET,
More informationUsage of "OAuth2" policy action in CentraSite and Mediator
Usage of "OAuth2" policy action in CentraSite and Mediator Introduction Prerequisite Configurations Mediator Configurations watt.server.auth.skipformediator The pg.oauth2 Parameters Asset Creation and
More informationCUSTOMER PORTAL. Connectors Guide
CUSTOMER PORTAL Connectors Guide Connectors Clicking into this area will display connectors that can be linked to the portal. Once linked to the portal certain connectors will display information in the
More informationAccount Activity Migration guide & set up
Account Activity Migration guide & set up Agenda 1 2 3 4 5 What is the Account Activity (AAAPI)? User Streams & Site Streams overview What s different & what s changing? How to migrate to AAAPI? Questions?
More information1000 Ways to Die in Mobile OAuth. Eric Chen, Yutong Pei, Yuan Tian, Shuo Chen,Robert Kotcher and Patrick Tague
1000 Ways to Die in Mobile OAuth Eric Chen, Yutong Pei, Yuan Tian, Shuo Chen,Robert Kotcher and Patrick Tague What is this work about? In 2014, Studied OAuth usage in 200 Android/iOS OAuth applications.
More informationChat Connect Pro Setup Guide
Chat Connect Pro Setup Guide Wordpress plugin data manager Live Streaming / Video Production Data Feed Plugin Setup Setup Process: Step 1 Purchase Plugin Step 2 Install plugin by uploading plugin inside
More informationSAS Event Stream Processing 4.3: Security
SAS Event Stream Processing 4.3: Security Enabling Encryption on Sockets Overview to Enabling Encryption You can enable encryption on TCP/IP connections within an event stream processing engine. Specifically,
More informationOPENID CONNECT 101 WHITE PAPER
OPENID CONNECT 101 TABLE OF CONTENTS 03 04 EXECUTIVE OVERVIEW WHAT IS OPENID CONNECT? Connect Terminology Relationship to OAuth 08 Relationship to SAML CONNECT IN MORE DETAIL Trust Model Discovery Dynamic
More informationPrivacy and Security in Online Social Networks Department of Computer Science and Engineering Indian Institute of Technology, Madras
Privacy and Security in Online Social Networks Department of Computer Science and Engineering Indian Institute of Technology, Madras Lecture 12 Tutorial 3 Part 1 Twitter API In this tutorial, we will learn
More informationOAuth securing the insecure
Black Hat US 2011 khash kiani khash@thinksec.com OAuth securing the insecure roadmap OAuth flow malicious sample applications mobile OAuth google app web-based OAuth facebook app insecure implementation
More informationUsing Twitter & Facebook API. INF5750/ Lecture 10 (Part II)
Using Twitter & Facebook API INF5750/9750 - Lecture 10 (Part II) Lecture contents Connecting to popular social APIs Authentication Authorization Common calls Privacy and understanding data storage Social
More informationAccount Activity Migration guide & set up
Account Activity Migration guide & set up Agenda 1 2 3 4 5 What is the Account Activity (AAAPI)? User Streams & Site Streams overview What s different & what s changing? How to migrate to AAAPI? Questions?
More informationWP Voting Plugin - Ohiowebtech Video Extension - Youtube Documentation
WP Voting Plugin - Ohiowebtech Video Extension - Youtube Documentation Overview This documentation includes details about the WP Voting Plugin - Video Extension Plugin for Youtube. This extension will
More informationPAS for OpenEdge Support for JWT and OAuth Samples -
PAS for OpenEdge Support for JWT and OAuth 2.0 - Samples - Version 1.0 November 21, 2017 Copyright 2017 and/or its subsidiaries or affiliates. All Rights Reserved. 2 TABLE OF CONTENTS INTRODUCTION... 3
More informationGitHub-Flask Documentation
GitHub-Flask Documentation Release 3.2.0 Cenk Altı Jul 01, 2018 Contents 1 Installation 3 2 Configuration 5 3 Authenticating / Authorizing Users 7 4 Invoking Remote Methods 9 5 Full Example 11 6 API Reference
More informationWhat's New in IBM WebSphere Portal Version 8? Open Mic November 6, 2012
What's New in IBM WebSphere Portal Version 8? Open Mic November 6, 2012 Stefan Liesche Web Experience Solution and Platform Chief Architect, STSM Stefan Koch Chief Programmer - WebSphere Portal IBM Collaboration
More informationRunning the ESPM Twitter Integration sample app on SAP Cloud Platform
Running the ESPM Twitter Integration sample app on SAP Cloud Platform By Daniel Gomes da Silva Learn how to download, build, deploy, configure and run the ESPM Twitter Integration JAVA sample app on SAP
More informationCanonical Identity Provider Documentation
Canonical Identity Provider Documentation Release Canonical Ltd. December 14, 2018 Contents 1 API 3 1.1 General considerations.......................................... 3 1.2 Rate limiting...............................................
More informationAuthentication CS 4720 Mobile Application Development
Authentication Mobile Application Development System Security Human: social engineering attacks Physical: steal the server itself Network: treat your server like a 2 year old Operating System: the war
More informationMxVision WeatherSentry Web Services REST Programming Guide
MxVision WeatherSentry Web Services REST Programming Guide DTN 11400 Rupp Drive Minneapolis, MN 55337 00.1.952.890.0609 This document and the software it describes are copyrighted with all rights reserved.
More informationBest Practices: Authentication & Authorization Infrastructure. Massimo Benini HPCAC - April,
Best Practices: Authentication & Authorization Infrastructure Massimo Benini HPCAC - April, 03 2019 Agenda - Common Vocabulary - Keycloak Overview - OAUTH2 and OIDC - Microservices Auth/Authz techniques
More informationAdministrator's and Developer's Guide
Administrator's and Developer's Guide Rev: 23 May 2016 Administrator's and Developer's Guide A Quick Start Guide and Configuration Reference for Administrators and Developers Table of Contents Chapter
More informationReportPlus Embedded Web SDK Guide
ReportPlus Embedded Web SDK Guide ReportPlus Web Embedding Guide 1.4 Disclaimer THE INFORMATION CONTAINED IN THIS DOCUMENT IS PROVIDED AS IS WITHOUT ANY EXPRESS REPRESENTATIONS OF WARRANTIES. IN ADDITION,
More informationSalesforce External Identity Implementation Guide
Salesforce External Identity Implementation Guide Salesforce, Winter 18 @salesforcedocs Last updated: December 20, 2017 Copyright 2000 2017 salesforce.com, inc. All rights reserved. Salesforce is a registered
More informationHow to offer Google+ alongside other social sign-in options
Developers How to offer Google+ alongside other social sign-in options Managing Multiple Authentication Providers Ian Barber Google+ Developer Advocate Sign in with Google Log In Sign In Connect Sign in
More informationSalesforce External Identity Implementation Guide
Salesforce External Identity Implementation Guide Salesforce, Summer 17 @salesforcedocs Last updated: September 28, 2017 Copyright 2000 2017 salesforce.com, inc. All rights reserved. Salesforce is a registered
More informationSAS Event Stream Processing 4.2: Security
SAS Event Stream Processing 4.2: Security Encryption on Sockets Overview to Enabling Encryption You can enable encryption on TCP/IP connections within an event stream processing engine. Specifically, you
More informationClickToCall SkypeTest Documentation
ClickToCall SkypeTest Documentation Release 0.0.1 Andrea Mucci August 04, 2015 Contents 1 Requirements 3 2 Installation 5 3 Database Installation 7 4 Usage 9 5 Contents 11 5.1 REST API................................................
More informationRequest for Comments: 5849 April 2010 Category: Informational ISSN:
Internet Engineering Task Force (IETF) E. Hammer-Lahav, Ed. Request for Comments: 5849 April 2010 Category: Informational ISSN: 2070-1721 Abstract The OAuth 1.0 Protocol OAuth provides a method for clients
More informationWriting REST APIs with OpenAPI and Swagger Ada
Writing REST APIs with OpenAPI and Swagger Ada Stéphane Carrez FOSDEM 2018 OpenAPI and Swagger Ada Introduction to OpenAPI and Swagger Writing a REST Ada client Writing a REST Ada server Handling security
More informationSecurity. SWE 432, Fall 2017 Design and Implementation of Software for the Web
Security SWE 432, Fall 2017 Design and Implementation of Software for the Web Today Security What is it? Most important types of attacks Authorization oauth 2 Security Why is it important? Users data is
More informationEIN. Java Forum Stuttgart Dominik Schadow bridgingit
EIN VAULT FÜRALLE FÄLLE Java Forum Stuttgart 2018 Dominik Schadow bridgingit spring: datasource: name: mydatabase username: mydatabaseuser password: mysupersecretdatabasepassword management: context-path:
More informationAT&T Developer Best Practices Guide
Version 1.2 June 6, 2018 Developer Delivery Team (DDT) Legal Disclaimer This document and the information contained herein (collectively, the "Information") is provided to you (both the individual receiving
More information5 System architecture
5 System architecture This chapter provides an overview of the system architecture. The first section presents a superficial explanation of the entire systems architecture. In section two, architectural
More informationCoveo Platform 7.0. Yammer Connector Guide
Coveo Platform 7.0 Yammer Connector Guide Notice The content in this document represents the current view of Coveo as of the date of publication. Because Coveo continually responds to changing market conditions,
More informationNative Android Development Practices
Native Android Development Practices Roy Clarkson & Josh Long SpringSource, a division of VMware 1 About Roy Clarkson (Spring Android Lead) @royclarkson 2 About Roy Clarkson (Spring Android Lead) @royclarkson
More information