Loading presentation...

Present Remotely

Send the link below via email or IM

Copy

Present to your audience

Start remote presentation

  • Invited audience members will follow you as you navigate and present
  • People invited to a presentation do not need a Prezi account
  • This link expires 10 minutes after you close the presentation
  • A maximum of 30 users can follow your presentation
  • Learn more about this feature in our knowledge base article

Do you really want to delete this prezi?

Neither you, nor the coeditors you shared it with will be able to recover it again.

DeleteCancel

Make your likes visible on Facebook?

Connect your Facebook account to Prezi and let your likes appear on your timeline.
You can change this under Settings & Account at any time.

No, thanks

Intro to OAuth2

The hybris commerce API - OCC - now supports OAuth2, a flexible authorization system. This allows us to connect all kinds of API clients easily. This presentation introduces you to OAuth2 from a mostly client-side perspective.
by

Sven Haiges

on 8 April 2013

Comments (0)

Please log in to add your comment.

Report abuse

Transcript of Intro to OAuth2

Sven Haiges
@hansamann omni-channel commerce Q&A Sven Haiges
@hansamann 600
employees Munich
Gliwice
Montreal 200+
partners 500+
customers techblog.hybris.com 1980 2000 2020 touchpoints OAuth2 intro to ≠ "the OAuth 2.0 authorization framework enables a third-party application to obtain limited access to an HTTP service" http://tools.ietf.org/html/rfc6749 roles resource owner
resource server
client
authorization server Sally
flickr
iPhone App
flickr client resource
owner auth
server resource
server 1 get grant 2 get token 3 access protocol flow ways to get an authorization grant 4 variations of the protocol flow 4 server-side web app
client-side web app
mobile native app authorization
code implicit resource
owner
password
credentials client
credentials different clients require
different flows Authorization Code Flow Implicit Resource Owner
Password
Credentials Client Credentials * client authentication
* refresh tokens * NO client authentication
* NO refresh tokens
* short-lived and "live" access * client authentication ***
* refresh tokens * client access
Full transcript