OAuth.io

OAuth made easy for 90 providers


Presented by Thibaud and Mehdi - Co founders

We unify OAuth


OAuth.popup('facebook', callback)

OAuth.popup('twitter', callback)

OAuth.popup('github', callback)

...

ExAmple with facebook


Create an app on facebook

Set your API Key on OAuth.io

Add oauth.js in your header (html)

then

             OAuth.popup('facebook', function(err, res) {
                  //todo with res.access_token
             });

OAuthd


easy installation
git clone git://github.com/oauth-io/oauthd.git

Global dependancies

 npm install -g coffee-script grunt grunt-cli forever
OAuth.io dependancies
npm install
Start oauth daemon
 npm start

Adding OAuth provider


To add a provider, just add a JSON in providers folder with an icon associated


Pull requests are accepted (of course)


It can work easily with server side too


Authentication, save informations in database ...



Exchange the code against an access_token in your backend



Works with all backend langage



Create app in provider's website

&

Configure oauth.io

Generate a CSRF token


var csrf_token = secu.generateHash() 	
req.session.csrf_tokens = req.session.csrf_tokens || []
req.session.csrf_tokens.push(csrf_token)
if (req.session.csrf_tokens.length > 4)
    req.session.csrf_tokens.shift() // keep 4 tokens max
return csrf_token

Prevent cross scripting hackz

Retrieve a code client 

OAuth.initialize('MpnCNnhVAq_zL089ua883AevC1o')
OAuth.popup(provider, {
    "state": $scope.csrfToken
}, function(error, success) {
    if (error) {
        alert("error")
        return
    }
    UserService.signin(success.code, provider, function(data) {
        console.log(data)
        $location.path('/account')
    }, function(error) {
	alert('error:' + error)
    })
})

and send it to your backend (here UserService.signin make a POST on /api/signin)

Exchange the code for the access_token

request.post({
    url: 'https://oauth.io/auth/access_token',
    form: {
        code: req.body.code,
        key: "YOUR_OAUTHIO_PUBLIC_KEY",
        secret: "YOUR_OAUTHIO_SECRET_KEY"
    }
}, function (e,r,body) {
    var data = JSON.parse(body),
        check = secu.check(req, data.state)

    if (check.error) {
        return res.json(check)
    }
    callback(data)
});

The access_token is send to callback()

Request the identity of the user


if OAuth2

request.get({
    url: this.data[provider].url,
    headers: {
        access_token: data.access_token
    },
}, function(e, r, body) {
    if (body)
        callback(JSON.parse(body))
    })
})

Request the identity of the user


if OAuth1

request.get({
    url: this.data[provider].url,
    oauth: {
        consumer_key: "XXXXXX",
        consumer_secret: "YYYYYY",        perm_token: data.oauth_token        secret_token: data.oauth_token_secret
    }
}, function(e, r, body) {
    if (body)
        callback(JSON.parse(body))
})



IT Works with phonegap

Mobile SDK

Android & IOS



+ Request tools


OAuth.popup('facebook', function(err, res) {
    res.get('/me', function(data) {
       //todo with data
    });
});


GET /end
}
    error: false,
    message: "Thank you"
}


OAuth.io

By Thibaud Arnault

Made with Slides.com

OAuth.io

  • 2,177

More from Thibaud Arnault