The Current State of OAuth 2*
If you've ever written any code to authenticate wtih Twitter, you may have been confused by all the signature methods and base strings. You'll be happy to know that OAuth 2 has vastly simplified the process, but at what cost?
This talk will give an overview of the OAuth 2 spec, starting with the various options the standard gives to developers for building web apps and native apps. We’ll look at what the end user sees, work our way to what developers using an OAuth 2 API deal with, and we’ll end up at what developers of OAuth-2-compliant APIs will need to know to successfully implement the standard.
Many large providers have recently deployed APIs using OAuth 2, including Facebook, Foursquare, Google, and more. But since OAuth 2 is technically still a “draft,” many aspects of the spec change from month to month and it’s sometimes hard to keep up. We’ll cover the commonalities and differences between some of the major providers and draft versions. The security implications of some of the changes between versions 1 and 2 will be covered, along with recommendations for best practices. You’ll also get a glimpse of the debates currently raging on the internal OAuth 2 mailing list.
Aaron Parecki is the co-founder of IndieWebCamp, a yearly conference on data ownership and online identity. He is the editor of the W3C Webmention and Micropub specifications, and maintains oauth.net. He has spoken at conferences around the world about owning your data, OAuth, quantified self, and even explained why R is a vowel.
Aaron has tracked his location at 5 second intervals since 2008, and is the co-founder and former CTO of Geoloqi, a location-based software company acquired by Esri in 2012. His work has been featured in Wired, Fast Company and more. He made Inc. Magazine’s 30 Under 30 for his work on Geoloqi.
- Title: Location-Based Hacks - How to Automate Your Life with SMS and GPS
- Track: Hacks
- Room: B204
- Time: 1:30 – 2:15pm
Have you ever wanted to automatically turn on your lights when you get home, or turn them back off when you leave? What about controlling your lights by SMS or IRC? This presentation will teach you how to automate your life with location-based hacks and SMS.
- Speakers: Amber Case, Aaron Parecki
- Title: The Current State of OAuth 2
- Track: Chemistry
- Room: B302/03
- Time: 1:30 – 2:15pm
If you’ve ever written any code to authenticate wtih Twitter, you may have been confused by all the signature methods and base strings. You’ll be happy to know that OAuth 2 has vastly simplified the process, but at what cost?
- Speakers: Aaron Parecki