Presentations
Templates
Features
Teams
Pricing
Log in
Sign up

Log in
Sign up

OAuth

Objectives

Draw and explain the OAuth data flow
Identify use-cases for OAuth
Implement OAuth using Passport

What is OAuth

OAuth is a authentication protocol.

It allows our users to login to our applications via a third party such as Facebook or Google

What is OAuth

Our users grant us permission to access some of their account information from a 3rd party provider.

What is OAuth

Our users provide the 3rd party with their login credentials for the 3rd party website.

What is OAuth

If verified, the 3rd party gives our server an access token for that user.

Additionally, WE log them in to OUR application.

OAuth Flow

Client

Our Server

3rd party server

These are the 3 machines involved in OAuth

OAuth Flow

Client

Our Server

3rd party server

Before any authentication, a developer for our server registers with Facebook.

We provide Facebook with a specific "redirect URL" and get a "client_id" and a "client_secret"

OAuth Flow

Client

Our Server

3rd party server

First a client goes to our webpage. We respond with our landing page.

OAuth Flow

Client

Our Server

3rd party server

Then, a user clicks "Login with Facebook" which sends a request directly to FB, often in a new tab.

OAuth Flow

Client

Our Server

3rd party server

Our user provides Facebook with their credentials, and authorizes OUR application to use their Facebook data.

OAuth Flow

Client

Our Server

3rd party server

Facebook's response redirects the client (our user) to our "redirect URL" and provides a query-parameter called an "authentication code".

OAuth Flow

Client

Our Server

3rd party server

Our server now provides the authentication code, client_id, and client_secret to Facebook.

OAuth Flow

Client

Our Server

3rd party server

Finally, Facebook responds with an "Authorization Token" which grants our application access to our users Facebook information

OAuth Flow

Client

Our Server

3rd party server

After all this, we can log the user into our service.

You Try!

Grab a Mini-Whiteboard and draw the OAuth flow.

Compare Notes

Discuss your drawing with a fellow student!

Why OAuth?

How to OAuth

Grab a partner and try to implement this simple server:

https://github.com/gSchool/express-passport-linkedin

How to OAuth

There is a shorter reference example here:

https://github.com/jaredhanson/passport-linkedin/tree/master/examples/login

How to OAuth

There is a longer reference example here:

https://github.com/gSchool/express-passport-linkedin-solution

OAuth

By Tyler Bettilyon

Made with Slides.com

OAuth

9 years ago
1,822

Tyler Bettilyon

More from Tyler Bettilyon

Westerosi Ride Sharing

Tyler Bettilyon

1568
Asynchronous

Tyler Bettilyon

1720
Syllabus Lecture

Tyler Bettilyon

1650
Authentication Basics

Tyler Bettilyon

1672

Tour

Presentations Trending decks Templates Features Pricing Slides for Teams Slides for Developers

Help

Forum Knowledge Base Developers Docs Leave Feedback Report an Issue

Company

News Changelog About Slides Security Partners

Resources

Make slides with AI Embed Google Maps Embed Google Forms Embed YouTube Convert PDF to Slides Convert PPT to Slides Convert Markdown to Slides

BESbswyBESbswyBESbswyBESbswy