Google I/O 2012 - OAuth 2.0 for Identity and Data Access

Показать описание

Ryan Boyd

Users like to keep their data in one place on the web where it's easily accessible. Whether it's YouTube videos, Google Drive files, Google contacts or one of many other types of data, users need a way to securely grant applications access to their data. OAuth is the key web standard for delegated data access and OAuth 2.0 is the next-generation version with additional security features.

This session will cover the latest advances in how OAuth can be used for data access, but will also dive into how you can lower the barrier to entry for your application by allowing users to login using their Google accounts. You will learn, through an example written in Python, how to use OAuth 2.0 to incorporate user identity into your web application. Best practices for desktop applications, mobile applications and server-to-server use cases will also be discussed.

Рекомендации по теме

Комментарии

I like these google videos, but... they should MAKE SOME TUTORIALS. They show technology but if I want to use it - I have to read 100 help pages to learn this.

technics

Great seminar :) I finally understood something from this OAuth 2.0 :D Thank you

aleksmarino

@Enrique - SSL is required for transmission of the access tokens. This mitigates the risk of it being capture by a malicious proxy. SSL would also be used by any reasonable identity providers to protect the login screen.

OAuth does not protect users who are not taking standard security precautions (such as making sure the site they're entering the credentials into is valid)

ryguyrg

Great talk, helped me a lot. Thank you :)

DzafarSadik

Thanks for the updates... please keep them coming...

kingsmobilemarketing

great tutorial, help me a lot.... thanks.

bablubal

can't wait for more sites to implement this

ChristophBackhaus

Are these tokens and codes universally unique, application id dependent? or are re-issued later? I guess the token/code seed isn't publicly available.

tejedaAlex

very useful one for beginners to understand oauth 2

jeevaengg

I understand that using application login, we can get the user profile in my android application like email ID, Firstname and User ID, But what if I want to create an Application specific user profile for the user based on my application ? for E.G i want to know when the user logged into my application what products did he visit from my product catalogue. Does google have API's / Some place where I can store this info and retrieve it when needed or would I have to create my own data store in the cloud with the User-ID as the key? Whats the best design to accomplish this use case?

nimeshchanchani

do you have to have a redirect URL? im trying to use a client id and secret to get an access token which i can use to perform tasks in admin sdk (onboarding offboarding users). i can do this with refresh tokens via google playground but when i use my own client id and secret (which they have an option to use) it doesnt work... so i seem to be missing something but not sure what

jasonyardley

How can users login on your site using data from another website. for example I have to create a website where student will login using data from our university site, I mean instead of "login with google" or "login with facebook" they can be able to "login with university-data".. How can I make this possible?

raduursariu

I have a Web Service using Google Cloud Enpoints. How do I limit the API access only to my web application running on another domain? There is no user involved, this is a server to server authentication scenario. Which API should be used in this case?

bparanj

exactly my thoughts. i guess tokens, since they expire, limit the amount of time that damage can be done, other than that, i really don't see the point... and to add to the refresh token, what if that is exposed... then it's infinite...

tcrizzy

this speech didn't tell how auth 2.0 is better, improved, and works analytically.

troooooper

Hi, i am creating a mobile app backend in php .How can i use Oauth in it.

ashishchaturvedi

Talking about OAuth 2.0 1:48 book name

MrSaboorgee

It is amazing :P now i can login with my yahoo account on facebook and with facebook account on yahoo. :P:P:P

MrSaboorgee

Server to Server Authentication - 17:27

gcptrial

I hope this 'major' site changed their password storage scheme to a 1 way hash so they don't have to worry about having their passwords stolen cause they'll be encrypted anyway. no biggie.

ZFlyingVLover

Google I/O 2012 - OAuth 2.0 for Identity and Data Access

Google I/O 2012 - OAuth 2.0 for Identity and Data Access

Google I/O 2012 - Advanced Google+ History API

[WS] How to create OAuth credentials for desktop apps that access Google APIs

Google I/O 2012 - Building Web Applications using Google APIs and JavaScript Client for Google APIs

Google I/O 2012 - Building Android Applications that Use Web APIs with Yaniv Inbar and Sriram Saroop

Google I/O 2012 - Getting Started with Google+ History API

Google I/O 2011: Identity and Data Access: OpenID and OAuth

Google I/O 2012 - Writing Efficient Drive Apps for Android

Google I/O 2012 - Running Google on Google

Highlights from Google I/O 2012

Google I/O 2012 - Protecting your User Experience While Integrating 3rd-party Code

Google I/O 2013 - Keys to the Kingdom: Design Patterns for Using OAuth in the Cloud

Google I/O 2012 - Getting the Most Out of Python 2.7 on App Engine

Google I/O 2012 - Gaming in the Cloud

Life, Identity, and Everything

Google I/O 2012 - Integrating Google+ Into Mobile Apps

App Engine Office Hours

Google I/O 2012 - Advanced Design for Engineers

Get OAuth Credentials in Google Developer Console

Аутентификация в Google через OAuth 2 из iOS

OAuth 2.0 & Google

Google I/O 2012 - The Next Generation of Social is in a Hangout

Google I/O 2012 - Getting More from the Google+ Platform

Using OAuth 2.0 to Access Google plus API