Securing APIs

@steffoweber

Walkthrough

Access AQUA print service
Getting images from Bookface (requires authZ)
Grant AQUA to retrieve photos from Bookface

User accesses AQUA.COM

… and clicks 'Get my shots'

API Gateway. client_ID

Redirecting to bookface.com

Code for loginform

<form id="loginform" action="/oauth/login" method="post">
    <input type="hidden" name="continue" id="continue" value="${continue.value}" />
    <input type="hidden" name="txn" id="txn" value="${continue.value}" />
        <fieldset>
            <div class="clearfix">
                <input type="text" placeholder="Username" name="UserName" id="UserName">
            </div>
            <div class="clearfix">
                <input type="password" placeholder="Password" name="Passwd" id="Passwd">
            </div>
                <button class="btn btn-primary btn-small" type="submit">Sign inx</button>
        </fieldset>
</form>

Securing APIs

Walkthrough

User accesses AQUA.COM

… and clicks 'Get my shots'

API Gateway. client_ID

Redirecting to bookface.com

Code for loginform

after submitting creds

Done.