[B! oauth] n-segaã®ãƒ–ãƒƒã‚¯ãƒžãƒ¼ã‚¯

n-sega id:n-sega

oauthã«é–¢ã™ã‚‹n-segaã®ãƒ–ãƒƒã‚¯ãƒžãƒ¼ã‚¯ (18)

${{author_name}}$

{{{comment_expanded}}}

{{label}}

{{#is_bookmark}}ãƒªã‚¹ãƒˆ{{/is_bookmark}}{{^is_bookmark}}ãƒªãƒ³ã‚¯{{/is_bookmark}}

${{author_name}}$
{{author_name}}{{created}}
{{ #comment }}{{ comment }}{{ /comment }}
- {{ label }}

${{author_name}}$

{{{comment_expanded}}}

{{label}}

{{#is_bookmark}}ãƒªã‚¹ãƒˆ{{/is_bookmark}}{{^is_bookmark}}ãƒªãƒ³ã‚¯{{/is_bookmark}}

Twitter APIæœ€æ–°äº‹æƒ… - API Meetup Tokyo #1 #apijp
Twitter API 1.1 ã§ä½•ãŒå¤‰ã‚ã£ãŸã‹ (ä»®) / What changed about Twitter API?
n-sega 2014/07/13
twitter

api

security

oauth
ãƒªãƒ³ã‚¯
OAuth Security
n-sega 2014/05/13
oauth

security

cheatsheet
ãƒªãƒ³ã‚¯
OAuth 2.0 ã®è„†å¼±æ€§ (!?) "Covert Redirect" ã¨ã¯ - OAuth.jp
è¨‚æ£ ãƒªãƒ€ã‚¤ãƒ¬ã‚¯ãƒˆæ™‚ã® fragment ã®æ‰±ã„ã‚’å‹˜é•ã„ã—ã¦ã„ãŸãŸã‚ã€æœ¬è¨˜äº‹å…¨ä½“è¨‚æ£ã—ã¾ã™ã€‚ ç´°ã‹ãè¨‚æ£ã„ã‚Œã¦ã‚‹ã¨åˆ†ã‘ã‚ã‹ã‚“ãªããªã£ã¦ããŸã‚“ã§ã€æ–°ã—ã„è¨˜äº‹æ›¸ãã¾ã—ãŸã€‚ ã‚´ãƒ¼ãƒ«ãƒ‡ãƒ³ã‚¦ã‚£ãƒ¼ã‚¯ã¾ã£ãŸã ãªã‹ã« Twitter ã§æµ·å¤–ã® ID åŽ¨ã‹ã‚‰è¢‹ã ãŸãã«ã‚ã£ã¦ãŸã®ã§ã€ã‚‚ã†ã“ã®å•é¡Œã¯ç‰‡ä»˜ã„ãŸã ã‚ã†ã¨ã™ã£ã‹ã‚Šæ²¹æ–ã—ã¦ãŸã€ŒCovert Redirectã€ã®ä»¶ã§ã™ãŒã€æ—¥æœ¬ã§ã‚‚ã‚´ãƒ¼ãƒ«ãƒ‡ãƒ³ã‚¦ã‚£ãƒ¼ã‚¯æ˜Žã‘ã¦ãƒã‚ºã‚Šã ã—ãŸã®ã§ã€ä¸€æ—¦å•é¡Œã‚’æ•´ç†ã—ãŸæ–¹ãŒã‚ˆã•ãã†ã§ã™ãã€‚ äº‹ã®ç™ºç«¯ Wang Jing ã•ã‚“ã¦ã„ã†ã‚·ãƒ³ã‚¬ãƒãƒ¼ãƒ«ã®å¤§å¦é™¢ç”ŸãŒã€ã“ã‚“ãªã‚µã‚¤ãƒˆã‚’å…¬é–‹ã™ã‚‹ã¨å…±ã« CNet ã¯ã˜ã‚å„ç¨®ãƒ¡ãƒ‡ã‚£ã‚¢ãŒå–ã‚Šä¸Šã’ãŸã®ãŒã€ãƒã‚ºã‚Šã ã—ãŸç™ºç«¯ã®ã‚ˆã†ã§ã™ã€‚ å‰æçŸ¥è˜ OAuth 2.0 ã‚„ OpenID Connect ã ã‘ã§ãªãã€OAuth 1.0 ã‚„ OpenID 1.0/2.0 ã‚„ SAML ãªã‚“ã‹ã§ã‚‚ã€2ã¤ã®ã‚µãƒ¼ãƒ“ã‚¹ã®é–“ã§ãƒªãƒ€
n-sega 2014/05/07
Covert Redirect

oauth

vulnerability

security
ãƒªãƒ³ã‚¯
Covert Redirect Vulnerability with OAuth 2
tl;dr Covert Redirect Vulnerability is a real, if not new, threat when combined with Implicit Grant Flow (not Code flow) This Covert Redirect Vulnerability in OAuth 2 is an interesting one. Thereâ€™s a couple of defending arguments that this isnâ€™t a flaw in OAuth itself. While I agree that it isnâ€™t a flaw in the protocol, I think the threat is a real one, combined with a) a loose validation on redir
n-sega 2014/05/07
vulnerability

security

oauth
ãƒªãƒ³ã‚¯
http://hueniverse.com/oauth/
n-sega 2013/11/02
oauth

security

document

reference
ãƒªãƒ³ã‚¯
OAuth that just works.
Integrate 100+ OAuth providers in minutes. Setup your keys, install oauth.js, and you are ready to play !
n-sega 2013/05/28
oauth

facebook

development
ãƒªãƒ³ã‚¯
The OAuth 2.0 Authorization Framework
Abstract OAuth 2.0 ã¯, ã‚µãƒ¼ãƒ‰ãƒ‘ãƒ¼ãƒ†ã‚£ãƒ¼ã‚¢ãƒ—ãƒªã‚±ãƒ¼ã‚·ãƒ§ãƒ³ã«ã‚ˆã‚‹HTTPã‚µãƒ¼ãƒ“ã‚¹ã¸ã®é™å®šçš„ãªã‚¢ã‚¯ã‚»ã‚¹ã‚’å¯èƒ½ã«ã™ã‚‹èªå¯ãƒ•ãƒ¬ãƒ¼ãƒ ãƒ¯ãƒ¼ã‚¯ã§ã‚ã‚‹. ã‚µãƒ¼ãƒ‰ãƒ‘ãƒ¼ãƒ†ã‚£ãƒ¼ã‚¢ãƒ—ãƒªã‚±ãƒ¼ã‚·ãƒ§ãƒ³ã«ã‚ˆã‚‹ã‚¢ã‚¯ã‚»ã‚¹æ¨©ã®å–å¾—ã«ã¯, ãƒªã‚½ãƒ¼ã‚¹ã‚ªãƒ¼ãƒŠãƒ¼ã¨HTTPã‚µãƒ¼ãƒ“ã‚¹ã®é–“ã§åŒæ„ã®ãŸã‚ã®ã‚¤ãƒ³ã‚¿ãƒ©ã‚¯ã‚·ãƒ§ãƒ³ã‚’ä¼´ã†å ´åˆã‚‚ã‚ã‚‹ãŒ, ã‚µãƒ¼ãƒ‰ãƒ‘ãƒ¼ãƒ†ã‚£ãƒ¼ã‚¢ãƒ—ãƒªã‚±ãƒ¼ã‚·ãƒ§ãƒ³è‡ªèº«ãŒè‡ªã‚‰ã®æ¨©é™ã«ãŠã„ã¦ã‚¢ã‚¯ã‚»ã‚¹ã‚’è¨±å¯ã™ã‚‹å ´åˆã‚‚ã‚ã‚‹. æœ¬ä»•æ§˜æ›¸ã¯RFC 5849ã«è¨˜è¼‰ã•ã‚Œã¦ã„ã‚‹OAuth 1.0 ãƒ—ãƒãƒˆã‚³ãƒ«ã‚’å»ƒæ¢ã—, ãã®ä»£æ›¿ã¨ãªã‚‹ã‚‚ã®ã§ã‚ã‚‹. Status of This Memo This is an Internet Standards Track document. This document is a product of the Internet Engineering Task Force (IETF). It re
n-sega 2013/01/23
OAuth 2.0 æ—¥æœ¬èªžè¨³ãŒå…¬é–‹ã•ã‚Œã¦ã‚‹ã€‚ã‚ã‚ŠãŒãŸã„m(__)m

document

oauth

security

rfc

http
ãƒªãƒ³ã‚¯
OAuthã®èªè¨¼ã«WebViewã‚’ä½¿ã†ã®ã¯ã‚„ã‚ã‚ˆã†
Androidã‹ã‚‰Twitterã¸ã‚¢ã‚¯ã‚»ã‚¹ã™ã‚‹ãŸã‚ã®ãƒ©ã‚¤ãƒ–ãƒ©ãƒªã¨ã—ã¦ï¼ŒTwitter4JãŒæœ‰åã§ã™ï¼Ž ã“ã‚Œã‚’ä½¿ã£ã¦ã¿ã‚ˆã†ã¨ï¼Œã€ŒAndroid Twitter4Jã€ã¨æ¤œç´¢ã™ã‚‹ã¨ èªè¨¼ã«WebViewã‚’ä½¿ã£ãŸä¾‹ãŒãŸãã•ã‚“å‡ºã¦ãã¾ã™ï¼Ž ãƒ»ãƒ»ãƒ»ã„ã‚„ï¼Œã¡ã‚‡ã£ã¨ã¾ã¦ï¼Ž ãã‚Œã¯ã¡ã‚‡ã£ã¨ã¾ãšã„ã ã‚ã†ï¼Ž ãã†ã„ã†ã‚ã‘ã§ã‚‚ã†ã¡ã‚‡ã£ã¨è³¢ã„æ–¹æ³•ã‚’æŽ¢ã—ã¦ã¿ã¾ã—ãŸï¼Ž ä½•ãŒã¾ãšã„ã®ã• ã€ŒAndroid Twitter4Jã€ã¨æ¤œç´¢ã™ã‚‹ã¨ï¼Œä¸Šä½ã«ã“ã‚“ãªãƒšãƒ¼ã‚¸ãŒå‡ºã¦ãã¾ã™ï¼Ž Twitter4jã‚’ä½¿ã£ã¦OAuthèªè¨¼ã‚’ã‚¢ãƒ—ãƒªå†…ã§è¡Œã†æ–¹æ³• Twitter4j-2.2.xã‚’ä½¿ã£ãŸOAuthèªè¨¼ã®ã‚³ãƒ¼ãƒ‡ã‚£ãƒ³ã‚°ä¾‹ twitter4jã§ãƒ„ã‚¤ãƒ¼ãƒˆã™ã‚‹ Android+Twitter4Jã§OAuthã™ã‚‹ãŸã‚ã®ã‚½ãƒ¼ã‚¹ã‚³ãƒ¼ãƒ‰ ä¸Šã®ã‚µã‚¤ãƒˆã§ã¯æ¬¡ã®æ§˜ã¯æ–¹æ³•ã‚’ã¨ã£ã¦ã„ã¾ã™ï¼Ž ã‚¢ãƒ—ãƒªå†…ã«WebViewã‚’è²¼ã‚Šä»˜ã‘ WebViewã§Twitterã®èªè¨¼ç”»é¢
n-sega 2012/11/29
android

oauth

twitter

security
ãƒªãƒ³ã‚¯
Twitterã®OAuthèªè¨¼ã‚’ä½¿ã† - å¼·ç«ã§é€²ã‚
(2010/06/18 è¿½è¨˜) OAuthã®ã¿ã¸ã®ç§»è¡ŒãŒãƒ¯ãƒ¼ãƒ«ãƒ‰ã‚«ãƒƒãƒ—ã«ã‚ˆã‚‹è² è·ã‚’ç†ç”±ã«8æœˆ16æ—¥ã‹ã‚‰ã«å¤‰æ›´ã•ã‚Œã¾ã—ãŸã€‚ moving the OAuth switch over date to august 16, 2010 - Twitter Development Talk | Google ã‚°ãƒ«ãƒ¼ãƒ— http://groups.google.com/group/twitter-development-talk/browse_thread/thread/dfb89d9f29f339a2?pli=1 æ®µéšŽçš„ã«ç§»è¡ŒãŒè¡Œã‚ã‚Œã€8æœˆ31æ—¥ã‹ã‚‰ã¯BASICèªè¨¼ãŒå®Œå…¨ã«ä½¿ãˆãªããªã‚‹æ§˜ã§ã™ã€‚ Twitterãƒ–ãƒã‚°: Twitter APIãƒ‡ãƒ™ãƒãƒƒãƒ‘ãƒ¼ãƒ»ã‚³ãƒŸãƒ¥ãƒ‹ãƒ†ã‚£ã¸ã®ãŠçŸ¥ã‚‰ã› (oAuthã¸ã®ç§»è¡Œã«é–¢ã—ã¦ã®æœŸé™å»¶é•·) http://blog.twitter.jp/2010/06/twitter-a
n-sega 2012/09/24
programming

oauth

iphone

objective-c

development
ãƒªãƒ³ã‚¯
RFCã¨ãªã£ãŸã€ŒOAuth 2.0ã€â€•â€•ãã®è¦ç‚¹ã¯ï¼Ÿ
RFCã¨ãªã£ãŸã€ŒOAuth 2.0ã€â€•â€•ãã®è¦ç‚¹ã¯ï¼Ÿï¼šãƒ‡ã‚¸ã‚¿ãƒ«ãƒ»ã‚¢ã‚¤ãƒ‡ãƒ³ãƒ†ã‚£ãƒ†ã‚£æŠ€è¡“æœ€æ–°å‹•å‘ï¼ˆ2ï¼‰ï¼ˆ1/2 ãƒšãƒ¼ã‚¸ï¼‰ ã„ã¾Webã®ä¸–ç•Œã§ã¯ã€ã•ã¾ã–ã¾ãªWebã‚µãƒ¼ãƒ“ã‚¹ãŒæä¾›ã™ã‚‹ãƒ—ãƒ©ãƒƒãƒˆãƒ•ã‚©ãƒ¼ãƒ ã¨ã€ã‚µãƒ¼ ãƒ‰ãƒ‘ãƒ¼ãƒ†ã‚£ãŒæä¾›ã™ã‚‹ã‚¢ãƒ—ãƒªã‚±ãƒ¼ã‚·ãƒ§ãƒ³ãŒAPIã‚’ä¸å¿ƒã«çµã³ä»˜ãã€ä¸€ç¨®ã®ã€ŒAPIã‚¨ã‚³ãƒŽãƒŸãƒ¼ã€ã‚’å½¢æˆã—ã¦ã„ã¾ã™ã€‚ã“ã®é€£è¼‰ã§ã¯ã€ãã“ã§é‡è¦ãªå½¹å‰²ã‚’æžœãŸã™ã€Œãƒ‡ã‚¸ã‚¿ãƒ«ãƒ»ã‚¢ã‚¤ãƒ‡ãƒ³ãƒ†ã‚£ãƒ†ã‚£ã€ã«ã¤ã„ã¦ç†è§£ã‚’æ·±ã‚ã¦ã„ãã¾ã™ã€‚ å†ã³ã€ãƒ‡ã‚¸ã‚¿ãƒ«ãƒ»ã‚¢ã‚¤ãƒ‡ãƒ³ãƒ†ã‚£ãƒ†ã‚£ã®ä¸–ç•Œã¸ã‚ˆã†ã“ã å‰å›žã€Œã€ŽOAuthã€ã®åŸºæœ¬å‹•ä½œã‚’çŸ¥ã‚‹ã€ã§ã¯OAuthã®ä»•æ§˜ãŒã©ã†ã„ã†ã‚‚ã®ã‹ã«ã¤ã„ã¦èª¬æ˜Žã—ã¾ã—ãŸã€‚ä»Šå›žã¯å¼•ãç¶šãã€ OAuth 1.0ã¨OAuth 2.0ã®é•ã„ OAuth 2.0ã‚’ã‚»ã‚ãƒ¥ã‚¢ã«ä½¿ã†ãŸã‚ã«çŸ¥ã£ã¦ãŠãã¹ãã“ã¨ ã«ã¤ã„ã¦è¿°ã¹ã¦ã„ãã¾ã™ã€‚ OAuth 1.0ã¨OAuth 2.0ã®é•ã„ ã‚¯ãƒ©ã‚¤ã‚¢ãƒ³ãƒˆã‚¿ã‚¤ãƒ—ã®å®šç¾© OAuth 2.0ã§ã¯ã€O
n-sega 2012/09/13
oauth

client

api
ãƒªãƒ³ã‚¯
ã€ŒOAuthã€ã®åŸºæœ¬å‹•ä½œã‚’çŸ¥ã‚‹
ãƒ‡ã‚¸ã‚¿ãƒ«ãƒ»ã‚¢ã‚¤ãƒ‡ãƒ³ãƒ†ã‚£ãƒ†ã‚£ã®ä¸–ç•Œã¸ã‚ˆã†ã“ã ã¯ã˜ã‚ã¾ã—ã¦ã€OpenID Foundation Japanã§ã‚¨ãƒãƒ³ã‚¸ã‚§ãƒªã‚¹ãƒˆã‚’ã—ã¦ã„ã‚‹Novã§ã™ã€‚ ã“ã®é€£è¼‰ã§ã¯ã€åƒ•ã‚’å«ã‚OpenID Foundation Japanã«ã‹ã‹ã‚ã‚‹ãƒ¡ãƒ³ãƒãƒ¼ã§ã€OpenID Connectã‚„OAuthãªã©ã®ã€Œãƒ‡ã‚¸ã‚¿ãƒ«ãƒ»ã‚¢ã‚¤ãƒ‡ãƒ³ãƒ†ã‚£ãƒ†ã‚£ï¼ˆDigital Identityï¼‰ã€ã«ã‹ã‹ã‚ã‚‹æŠ€è¡“ã«ã¤ã„ã¦ç´¹ä»‹ã—ã¦ã„ãã¾ã™ã€‚ APIã‚¨ã‚³ãƒŽãƒŸãƒ¼æ™‚ä»£ã®ãƒ‡ã‚¸ã‚¿ãƒ«ãƒ»ã‚¢ã‚¤ãƒ‡ãƒ³ãƒ†ã‚£ãƒ†ã‚£ ä¸–ç•Œä¸ã§9å„„äººã®ãƒ¦ãƒ¼ã‚¶ãƒ¼ã‚’æŠ±ãˆã‚‹ã€ŒFacebookã€ã‚„5å„„äººã®ãƒ¦ãƒ¼ã‚¶ãƒ¼ã‚’æŒã¤ã€ŒTwitterã€ãªã©ã€å·¨å¤§ãªã‚½ãƒ¼ã‚·ãƒ£ãƒ«ã‚°ãƒ©ãƒ•ã‚’æŒã¤ã‚µãƒ¼ãƒ“ã‚¹ãŒã€æ—¥ã€…ãã®å˜åœ¨æ„Ÿã‚’å¢—ã—ã¦ã„ã¾ã™ã€‚æ—¥æœ¬ã§ã‚‚ã€ã‚°ãƒªãƒ¼ã‚„ãƒ¢ãƒã‚²ãƒ¼ãªã©ãŒãã‚Œãžã‚Œã‚½ãƒ¼ã‚·ãƒ£ãƒ«ã‚²ãƒ¼ãƒ ãƒ—ãƒ©ãƒƒãƒˆãƒ•ã‚©ãƒ¼ãƒ ã‚’å…¬é–‹ã—ã€å›½å†…ã«ä¸€æ°—ã«å·¨å¤§ãªã‚½ãƒ¼ã‚·ãƒ£ãƒ«ã‚²ãƒ¼ãƒ å¸‚å ´ã‚’ä½œã‚Šä¸Šã’ã¾ã—ãŸã€‚æœ€è¿‘ã§ã¯ã€ãƒ¦ãƒ¼ã‚¶ãƒ¼æ•°ãŒ5000ä¸‡äººã‚’çªç ´ã—ã€ãƒ—ãƒ©ãƒƒãƒˆ
n-sega 2012/08/28
openid

oauth

programming
ãƒªãƒ³ã‚¯
Webã‚¢ãƒ—ãƒªã«SNSã‚¢ã‚«ã‚¦ãƒ³ãƒˆã§ã®ãƒã‚°ã‚¤ãƒ³ã‚’å®Ÿè£…ã™ã‚‹
CodeZineç·¨é›†éƒ¨ã§ã¯ã€ç¾å ´ã§æ´»èºã™ã‚‹ãƒ‡ãƒ™ãƒãƒƒãƒ‘ãƒ¼ã‚’ã‚¹ã‚¿ãƒ¼ã«ã™ã‚‹ãŸã‚ã®ã‚«ãƒ³ãƒ•ã‚¡ãƒ¬ãƒ³ã‚¹ã€ŒDevelopers Summitã€ã‚„ã€ã‚¨ãƒ³ã‚¸ãƒ‹ã‚¢ã®ç”Ÿãã–ã¾ã‚’ãƒ–ãƒ¼ã‚¹ãƒˆã™ã‚‹ãŸã‚ã®ã‚¤ãƒ™ãƒ³ãƒˆã€ŒDevelopers Boostã€ãªã©ã€ã•ã¾ã–ã¾ãªã‚«ãƒ³ãƒ•ã‚¡ãƒ¬ãƒ³ã‚¹ã‚’ä¼ç”»ãƒ»é‹å–¶ã—ã¦ã„ã¾ã™ã€‚
n-sega 2012/06/02
ã‚ã‹ã‚Šã‚„ã™ã„ã‚ãƒ¼ã€‚ç†Ÿèªã—ã¨ã“ã£ã¨ã€‚

sns

oauth

api
ãƒªãƒ³ã‚¯
http://hueniverse.com/2010/05/introducing-oauth-2-0/
n-sega 2012/05/05
oauth
ãƒªãƒ³ã‚¯
ç¬¬1å›žã€€OAuthã¨ã¯ï¼Ÿâ€•OAuthã®æ¦‚å¿µã¨OAuthã§ã§ãã‚‹ã“ã¨ | gihyo.jp
ä»Šå›žã‹ã‚‰å§‹ã¾ã£ãŸã€Œã‚¼ãƒã‹ã‚‰å¦ã¶OAuthâ ã€â ã€‚å…¨4å›žã®ç‰¹é›†ã«ã¦ã€ã“ã‚Œã‹ã‚‰ã®Webã‚µãƒ¼ãƒ“ã‚¹ã‚’é–‹ç™ºã™ã‚‹ä¸Šã§ä¸å¯æ¬ ãªæŠ€è¡“ã€ŒOAuthã€ã«ã¤ã„ã¦å–ã‚Šä¸Šã’ã¾ã™ã€‚åˆå›žã¯ã€OAuthã®æ¦‚å¿µã«ã¤ã„ã¦å–ã‚Šä¸Šã’ã¾ã™ã€‚ ã¯ã˜ã‚ã« ã¯ã˜ã‚ã¾ã—ã¦ã€iKnow!æ”¹ã‚smart.fmã®çœŸæ¦ã§ã™ã€‚ç¾åœ¨smart.fmã§ã¯ã€OAuthã‚„OpenIDã€OpenSocialã€Semantic Webã‚„Activity Streamãªã©ã¨ã„ã£ãŸæ–°ã—ã„æŠ€è¡“ã®å°Žå…¥ã‚’ç©æ¥µçš„ã«è¡Œã„ã‚µã‚¤ãƒˆã‚’æ´»æ€§åŒ–ã•ã›ã‚‹ã¨ã¨ã‚‚ã«ã€smart.fm APIã‚’é€šã˜ã¦æˆ‘ã€…ã®æŠ€è¡“ã‚’å¤–éƒ¨ã®ãƒ‡ãƒ™ãƒãƒƒãƒ‘ã®æ–¹ã€…ã«ã‚‚æä¾›ã—ã¦ã„ã¾ã™ã€‚ smart.fmã¯æ—¥æœ¬æœ€å¤§ã®OpenID Relying Partyã§ã‚ã‚‹ã ã‘ã§ãªãã€å›½å†…ã§ã¯æ•°å°‘ãªã„OAuth Consumerï¼ˆå¾Œè¿°ï¼‰ãŠã‚ˆã³OAuth Service Providerï¼ˆå¾Œè¿°ï¼‰ã‚’å…¼ãã‚‹ã‚µãƒ¼ãƒ“ã‚¹ã¨ãªã£ã¦ã„ã¾ã™ã€‚ã“ã†ã„ã£ãŸèƒŒæ™¯
n-sega 2012/04/27
oauth

security

api

openid
ãƒªãƒ³ã‚¯
å˜ãªã‚‹ OAuth 2.0 ã‚’èªè¨¼ã«ä½¿ã†ã¨ã€è»ŠãŒé€šã‚Œã‚‹ã»ã©ã®ã©ã§ã‹ã„ã‚»ã‚ãƒ¥ãƒªãƒ†ã‚£ãƒ¼ãƒ»ãƒ›ãƒ¼ãƒ«ãŒã§ãã‚‹
In some of the feedback I have gotten on the openID Connect spec, the statement is made that Connect is too complicated. That OAuth 2.0 is all you need to do authentication. Many point to Identity Proâ€¦ è‹±èªžèªã¿ãŸããªã„ã¨ã„ã†äººã®ãŸã‚ã«ç°¡å˜ã«è§£èª¬ã™ã‚‹ã¨â€¦ OAuth 2.0 ã® implicit flow ã‚’ä½¿ã£ã¦ã€Œèªè¨¼ã€ã‚’ã—ã‚ˆã†ã¨ã™ã‚‹ã¨ã€ã¨ã£ã¦ã‚‚å¤§ããªç©´ãŒé–‹ãã¾ã™ã€‚ ã‚«ãƒƒãƒˆï¼†ãƒšãƒ¼ã‚¹ãƒˆã‚¢ã‚¿ãƒƒã‚¯ãŒå¯èƒ½ã ã‹ã‚‰ã§ã™ã€‚ OAuth èªè¨¼ï¼Ÿã¯ã€å›³ï¼‘ã®ã‚ˆã†ãªæµã‚Œã«ãªã‚Šã¾ã™ã€‚ å›³ï¼‘ OAuth èªè¨¼ï¼Ÿã®æµã‚Œ ä¸€è¦‹ã€å•é¡Œãªã•ãã†ã«è¦‹ãˆã¾ã™ã€‚ã—ã‹ã—ã€ãã‚Œã¯ã™ã¹ã¦ã®ã‚µã‚¤ãƒˆãŒã€Œè‰¯ã„ã‚µã‚¤ãƒˆã€ãªã‚‰ã°ã§ã™ã€‚ Site_A
n-sega 2012/02/05
oauth

security

programming
ãƒªãƒ³ã‚¯
ã‚¯ã‚¤ãƒƒã‚¯ã‚¹ã‚¿ãƒ¼ãƒˆ - JavaScriptç”¨Facebook SDK - ãƒ‰ã‚ãƒ¥ãƒ¡ãƒ³ãƒ†ãƒ¼ã‚·ãƒ§ãƒ³ - Meta for Developers
ã“ã®ã‚¯ã‚¤ãƒƒã‚¯ã‚¹ã‚¿ãƒ¼ãƒˆã§ã¯ã€SDKã®è¨å®šæ–¹æ³•ã¨ã€åŸºæœ¬çš„ãªã‚°ãƒ©ãƒ•APIå‘¼ã³å‡ºã—ã‚’è¡Œã†æ–¹æ³•ã«ã¤ã„ã¦èª¬æ˜Žã—ã¾ã™ã€‚ä»Šã™ãã«è¨å®šã—ãªã„å ´åˆã€JavaScriptãƒ†ã‚¹ãƒˆã‚³ãƒ³ã‚½ãƒ¼ãƒ«ã‚’ä½¿ã£ã¦ã€SDKã®ã™ã¹ã¦ã®ãƒ¡ã‚½ãƒƒãƒ‰ã‚’ä½¿ç”¨ã—ã€ã„ãã¤ã‹ã®ã‚µãƒ³ãƒ—ãƒ«ã‚‚è©¦ã™ã“ã¨ãŒã§ãã¾ã™(è¨å®šæ‰‹é †ã‚’ã‚¹ã‚ãƒƒãƒ—ã—ã¦ã‚‚ã€ã“ã®ã‚¯ã‚¤ãƒƒã‚¯ã‚¹ã‚¿ãƒ¼ãƒˆã®æ®‹ã‚Šã®éƒ¨åˆ†ã‚’ã‚³ãƒ³ã‚½ãƒ¼ãƒ«ã§è©¦ã™ã“ã¨ã¯å¯èƒ½ã§ã™)ã€‚ ã‚µãƒãƒ¼ãƒˆã•ã‚Œã‚‹ãƒ–ãƒ©ã‚¦ã‚¶ãƒ¼ JavaScriptç”¨Facebook SDKã¯ã€æ¬¡ã®ä¸€èˆ¬ã«è‰¯ãä½¿ç”¨ã•ã‚Œã¦ã„ã‚‹ãƒ–ãƒ©ã‚¦ã‚¶ãƒ¼ã®ã€æœ€æ–°ã®2ã¤ã®ãƒãƒ¼ã‚¸ãƒ§ãƒ³ã‚’ã‚µãƒãƒ¼ãƒˆã—ã¦ã„ã¾ã™:Chromeã€Firefoxã€Edgeã€Safari (iOSã‚’å«ã‚€)ã€Internet Explorer (ãƒãƒ¼ã‚¸ãƒ§ãƒ³11ã®ã¿)ã€‚ åŸºæœ¬è¨å®šJavaScriptç”¨Facebook SDKã«ã¯ã€ãƒ€ã‚¦ãƒ³ãƒãƒ¼ãƒ‰ã‚„ã‚¤ãƒ³ã‚¹ãƒˆãƒ¼ãƒ«ãŒå¿…è¦ãªã‚¹ã‚¿ãƒ³ãƒ‰ã‚¢ãƒãƒ¼ãƒ³ãƒ•ã‚¡ã‚¤ãƒ«ã¯ã‚ã‚Šã¾ã›ã‚“ã€‚å¿…è¦ãªã®ã¯ã€é€šå¸¸ã®å°ã•ã„Ja
n-sega 2011/12/28
social

facebook

guide

reference

api

oauth
ãƒªãƒ³ã‚¯
éžæŠ€è¡“è€…ã®ãŸã‚ã®OAuthèªè¨¼(?)ã¨OpenIDã®é•ã„å…¥é–€ã€2023å¹´ç‰ˆã€‘
æ˜”ã‹ã‚‰ã€ã€ŒOpenIDã¯èªè¨¼ã§OAuthã¯èªå¯ã ã€ãªã©ã¨ã„ã†ã“ã¨ãŒè¨€ã‚ã‚Œã¾ã™ã€‚ã—ã‹ã—ã€ãã®è¨€èªžã®æ„å‘³ã‚’å–ã‚Šé•ãˆã¦ã„ã‚‹æ–¹ãŒçµæ§‹å¤šã„æ°—ãŒã—ã¦ã„ã¾ã™ã€‚ã€Œã‚‚ã†OpenIDãªã‚“ã¦ã„ã‚‰ãã€‚OAuthã ã‘ã§ã„ã„ã˜ã‚ƒã‚“ã€ã¨ã„ã†ã‚ˆã†ãªè¨€èª¬ãŒã‚ˆãæµã‚Œã¦ãã‚‹ã®ãŒãã®è¨¼æ‹ ã ã¨æ€ã„ã¾ã™ã€‚OAuthèªè¨¼ã¨ã„ã†ã®ã‚‚ãã®é¡žã§ã™ãã€‚ ãã“ã§ã€ä»Šæ—¥ã¯OAuthã¨OpenIDã®é•ã„ã‚’è€ƒãˆã¦ã¿ãŸã„ã¨æ€ã„ã¾ã™ã€‚ OpenIDã¯ç´¹ä»‹çŠ¶ã€OAuthã¯åˆéµ ã¾ãšã¯OpenIDã®æ¦‚è¦ã®å¾©ç¿’ã§ã™ã€‚ã€ŒOpenIDã¯èªè¨¼ã€ã¨ã„ã†è¨€è‘‰ã®å†…å®¹ã‚’ã¾ãšã¯å¾©ç¿’ã—ã¦ã¿ã¾ã—ã‚‡ã†ã€‚ ã€Œèªè¨¼ã€ã¨ã¯å¤§å¤‰åºƒã„è¨€è‘‰ã§ã„ã‚ã„ã‚ãªå ´é¢ã§ä½¿ã‚ã‚Œã¾ã™ãŒã€ã€ŒOpenIDã¯èªè¨¼ã€ã¨ã„ã†ä½¿ã„æ–¹ã®æ™‚ã¯ã€ã€ŒOpenIDã¯ã€ã„ã¾æ¥ã¦ã„ã‚‹äººã®èº«å…ƒã‚’èªè¨¼ã€ï¼ˆãƒ¦ãƒ¼ã‚¶èªè¨¼ï¼‰ã¨ã„ã†æ„å‘³ã§ã™ã€‚å›³ã«ã™ã‚‹ã¨å›³1ã®ã‚ˆã†ãªæµã‚Œã«ãªã‚Šã¾ã™ã€‚ ã“ã®ä¾‹ã§ã¯ã€æœ‰æ –ã•ã‚“ãŒãŠå®¢ã¨ã—ã¦ã‚µãƒ¼ãƒ“ã‚¹æä¾›ã‚’ã—ã¦ã„ã‚‹ã‚µã‚¤ãƒˆã§ã‚ã‚‹ä¼Š
n-sega 2011/10/06
oauth

security

twitter

openid
ãƒªãƒ³ã‚¯
OAuth 2.0ã§Webã‚µãƒ¼ãƒ“ã‚¹ã®åˆ©ç”¨æ–¹æ³•ã¯ã©ã†å¤‰ã‚ã‚‹ã‹ï¼ˆ1/3ï¼‰- ï¼ IT
OAuth 2.0ã§ Webã‚µãƒ¼ãƒ“ã‚¹ã®åˆ©ç”¨æ–¹æ³•ã¯ã©ã†å¤‰ã‚ã‚‹ã‹ ã‚½ãƒ¼ã‚·ãƒ£ãƒ«APIæ´»ç”¨ã«å¿…é ˆã®â€œOAuthâ€ã®åŸºç¤ŽçŸ¥è˜ æ ªå¼ä¼šç¤¾ãƒ“ãƒ¼ã‚³ãƒ³IT æœ¨æ‘ç¯¤å½¦ 2011/2/2 OAuthã®ç¾çŠ¶ã¨1.0ã®å•é¡Œç‚¹ã€2.0ã§ã®ç‰¹å¾´ãªã©ã‚’è§£èª¬ã—ã€2.0ã®ä¾‹ã¨ã—ã¦Facebookã®APIã®åˆ©ç”¨ä¾‹ã‚’ç´¹ä»‹ã—ã¾ã™ OAuthã®ç¾çŠ¶ TwitterãŒOAuth 1.0ã‚’æŽ¡ç”¨ã—ãŸã®ã‚’çš®åˆ‡ã‚Šã«ã€ä»Šã§ã¯å¤šãã®ã‚µãƒ¼ãƒ“ã‚¹ãŒOAuth 1.0ã«å¯¾å¿œã—ã¦ã„ã¾ã™ã€‚å›½å†…ã§ã‚‚ã€ä¾‹ãˆã°ã€ãƒžã‚¤ã‚¯ãƒãƒ–ãƒã‚°åž‹ã‚³ãƒ©ãƒœãƒ„ãƒ¼ãƒ«ã€ŒyouRoomã€ã€å°è¦æ¨¡ã‚°ãƒ«ãƒ¼ãƒ—å‘ã‘ã‚°ãƒ«ãƒ¼ãƒ—ã‚¦ã‚§ã‚¢ã€Œã‚µã‚¤ãƒœã‚¦ã‚ºLiveã€ã€ã€Œã¯ã¦ãªã€ã®ã„ãã¤ã‹ã®ã‚µãƒ¼ãƒ“ã‚¹ã€ã€ŒYahoo!ã‚ªãƒ¼ã‚¯ã‚·ãƒ§ãƒ³ã€ã€ãƒªã‚¢ãƒ«ã‚¿ã‚¤ãƒ ãƒ‰ãƒãƒ¼ãƒ„ãƒ¼ãƒ«ã€ŒCacooã€ãªã©ãŒOAuth 1.0ã«å¯¾å¿œã—ãŸAPIã‚’å…¬é–‹ã—ã¦ã„ã¾ã™ã€‚ ã“ã“æ•°å¹´ã§OAuthã¯ã•ã¾ã–ã¾ãªWebã‚µãƒ¼ãƒ“ã‚¹ã®ãƒªã‚½ãƒ¼ã‚¹ã‚’åˆ©ç”¨ã™ã‚‹éš›ã®èªè¨¼æ–¹å¼ã¨ã—ã¦æ™®åŠã—ã¦ã
n-sega 2011/09/30
api

facebook

oauth

twitter

mixi
ãƒªãƒ³ã‚¯
1