Securing RESTful APIs using OAuth 2 and OpenID Connect
Constructing a successful and simple API is the lifeblood of your developer community, and REST is a simple standard through which this can be accomplished. As we construct our API and need to secure the system to authenticate and track applications making requests, the open standard of OAuth 2 provides us with a secure and open source method of doing just this. In this talk, we will explore REST
The OAuth 2.0 Protocol
The OAuth 2.0 Protocol draft-ietf-oauth-v2-10 Abstract ã“ã‚Œã¯OAuth 2.0プãƒãƒˆã‚³ãƒ«ã®ä»•æ§˜æ›¸ã§ã‚ã‚‹. Status of this Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is
The OAuth 2.0 Authorization Framework: Bearer Token Usage(日本語)
The OAuth 2.0 Authorization Framework: Bearer Token Usage(日本語) Abstract ã“ã®ä»•æ§˜æ›¸ã¯, OAuth 2.0ã®ä¿è·ãƒªã‚½ãƒ¼ã‚¹ã¸ã‚¢ã‚¯ã‚»ã‚¹ã™ã‚‹ãŸã‚ã«, ç½²åç„¡ã—トークンをHTTPリクエストä¸ã§ã©ã®ã‚ˆã†ã«åˆ©ç”¨ã™ã‚‹ã‹è¨˜è¿°ã—ãŸã‚‚ã®ã§ã‚ã‚‹. ç½²åç„¡ã—トークンを所有ã™ã‚‹ä»»æ„ã®ãƒ‘ーティ (æŒå‚人) ã¯, 関連ã¥ã‘られãŸãƒªã‚½ãƒ¼ã‚¹ã¸ã‚¢ã‚¯ã‚»ã‚¹ã™ã‚‹ãŸã‚ã«ç½²åç„¡ã—トークンを利用ã§ãã‚‹ (æš—å·éµã®æ‰€æœ‰ã‚’示ã™å¿…è¦ã¯ãªã„). 誤ã£ãŸåˆ©ç”¨ã‚’é¿ã‘ã‚‹ãŸã‚ã«, ç½²åç„¡ã—トークンã¯ä¿å˜å ´æ‰€ã‚„æµé€šçµŒè·¯ã§ã®å€¤ã®éœ²è¦‹ã‹ã‚‰å®ˆã‚‰ã‚Œã‚‹å¿…è¦ãŒã‚ã‚‹. Status of This Memo This is an Internet Standards Track document. This document is a product of the Internet Enginee
OAuth 2.0 Threat Model and Security Considerations
Abstract 本ドã‚ュメントã§ã¯, OAuth 2.0仕様ãŒå®šã‚ã‚‹Security Considerationsã®ç¯„囲を超ãˆ, OAuth 2.0プãƒãƒˆã‚³ãƒ«ã«é–¢ã™ã‚‹åŒ…括的脅å¨ãƒ¢ãƒ‡ãƒ«ã‚’基ã«, ã•ã‚‰ãªã‚‹ã‚»ã‚ュリティ上ã®æ¤œè¨Žé …目を示ã™. Status of This Memo This document is not an Internet Standards Track specification; it is published for informational purposes. This document is a product of the Internet Engineering Task Force (IETF). It represents the consensus of the IETF community. It has received public review
OAuth2.0ã®å‚™å¿˜éŒ²çš„ã¾ã¨ã‚ - Ari-Press
Web系技術をå¦ã¶ä¸Šã§ï¼Œã‚„ã¯ã‚Šã‚»ã‚ュリティ周りã®æŠ€è¡“ã¯å¤–ã›ã¾ã›ã‚“。OAuth1.0ãªã‚‰ã°Twitter APIを触ã£ã¦ã„ãŸã‚“ã§ã™ãŒã€ã€ã„ã¤ã®é–“ã«2.0ã«ï¼ã¨ã„ã†ã“ã¨ã§ã€é ‘å¼µã£ã¦ä»•æ§˜æ›¸ã‚’èªã¿ã¤ã¤è‡ªåˆ†ãªã‚Šã«ã¾ã¨ã‚ã¦ã¿ã¾ã—ãŸã€‚ The OAuth 2.0 Protocol draft-ietf-oauth-v2-10 ã‚’å‚考ã«ã—ã¦ã„ã¾ã™ã€‚ ã¾ãŸã€ä»¥ä¸‹ã§ç‰¹ã«æ˜Žç¤ºã•ã‚Œãªã„引用部分ã¯å…¨ã¦ The OAuth 2.0 Protocol draft-ietf-oauth-v2-10 ã‹ã‚‰å¼•ç”¨ã—ãŸã‚‚ã®ã¨ã—ã¾ã™ã€‚ æ›´ã«ã€ä»¥ä¸‹ã®æ–‡ç« ã¯2012/12/28時点ã§ã®Ariã®ç†è§£ã‚’ã¾ã¨ã‚ãŸã‚‚ã®ã§ã‚ã‚Šã€å†…容をä¿è¨¼ã™ã‚‹ã®ã¯ã“ã®æ™‚点ã§ã®Ariã®èªè§£åŠ›ã®ã¿ã§ã™ã€‚ OAuth2.0ã®å¿…è¦æ€§ 通常ã€ãƒã‚°ã‚¤ãƒ³ãŒå¿…è¦ãªã‚µãƒ¼ãƒ“スを利用ã™ã‚‹éš›ã¯ãƒã‚°ã‚¤ãƒ³ID/パスワードã®æƒ…å ±ãŒå¿…è¦ã«ãªã‚Šã¾ã™ã€‚ 特定ã®Webサービスã«å¿…è¦ãªæ™‚ã«ã‚¢ã‚¯ã‚»ã‚¹ã™ã‚‹
OAuth | Hatena Developer Center
ã¯ã¦ãªã‚µãƒ¼ãƒ“スã«ãŠã‘ã‚‹ OAuth ã¯ã¦ãªã§ã¯ã€ã•ã¾ã–ã¾ãª API 㧠OAuth ã«å¯¾å¿œã—ã¦ã„ã¾ã™ã€‚ OAuth を使ã†ã¨ã€èªè¨¼ã—ãŸã¯ã¦ãªãƒ¦ãƒ¼ã‚¶ãƒ¼ã®æ¨©é™ã§ã€ãƒ‡ãƒ¼ã‚¿ã®èªã¿æ›¸ããªã©å„種æ“作を行ãˆã¾ã™ã€‚ Consumer key ã‚’å–å¾—ã—㦠OAuth 開発をã¯ã˜ã‚よã†â€‹ OAuth consumer key ã‚’å–å¾—ã—ã€ã¯ã¦ãªã® OAuth 対応 API を利用ã™ã‚‹ãŸã‚ã®æ‰‹é †ã‚’説明ã—ã¦ã„ã¾ã™ã€‚ scope (許å¯æ“作) 一覧​ OAuth 対応 API を利用ã™ã‚‹ãŸã‚ã«å¿…è¦ãªæ¨©é™ã‚’表㙠scope ã«ã¤ã„ã¦èª¬æ˜Žã—ã¦ã„ã¾ã™ã€‚ ã¯ã¦ãªã® OAuth アプリケーション用 API​ ã¯ã¦ãªã® OAuth 対応 API を利用ã—ãŸã‚¢ãƒ—リケーションã§å…±é€šã—ã¦ã”利用ã„ãŸã ã‘ã‚‹ API ã«ã¤ã„ã¦èª¬æ˜Žã—ã¦ã„ã¾ã™ã€‚ OAuth 対応 API 一覧​ ã¯ã¦ãªãŒæä¾›ã™ã‚‹ OAuth 対応 API ã®ä¸€è¦§ã§ã™ã€‚ èªè¨¼æ™‚
tweepyã§twitterã®3-legged OAuthèªè¨¼ã‚’試ã—ã¦ã¿ãŸ(GoogleAppEngine) – taichino.com
ãã‚ãã‚GAE上ã§ãƒ¦ãƒ¼ã‚¶ç™»éŒ²ãŒå¿…è¦ãªã‚µãƒ¼ãƒ“スを作りãŸã„ã®ã§ã™ãŒã€ãƒ¦ãƒ¼ã‚¶ç™»éŒ²å‘¨ã‚Šã®å®Ÿè£…ã¯ã‚„ã‚ŠãŸããªã„ã®ã§ã€twitterã®OAuthを代ã‚ã‚Šã«ä½¿ã£ã¦ã¿ã‚‹äº‹ã«ã—ã¾ã—ãŸã€‚twitterã®APIã‚’å©ãã®ã«ã“ã‚Œã¾ã§ã¯twythonを使ã£ã¦ã„ãŸã®ã§ã™ãŒï¼ŒOAuthã«å¯¾å¿œã—ã¦ã„ãªã‹ã£ãŸã®ã§ã€ä»Šå›žã¯tweepyを使ã„ã¾ã™ã€‚以å‰2-legged OAuthを試ã—ã¦ã¿ã¾ã—ãŸãŒã€ä»Šå›žã¯3-legged OAuthã§ã™ã€‚ twitterã®OAuthèªè¨¼ã«ã‚ˆã‚‹ãƒã‚°ã‚¤ãƒ³ã€ãƒã‚°ã‚¢ã‚¦ãƒˆã¨ãƒã‚°ã‚¤ãƒ³å¾Œã«ãƒ¦ãƒ¼ã‚¶ã®ã‚¿ã‚¤ãƒ ライン表示ã¨ã€tweetを実装ã—ã¦ã„ã¾ã™ã€‚ãƒã‚¸ãƒƒã‚¯ã®ã‚½ãƒ¼ã‚¹ã¯ä»¥ä¸‹ã«ãªã‚Šã¾ã™ãŒã€ã¾ãšå‹•ä½œã—ã¦ã„るサンプルを見るã®ãŒæ—©ã„ã¨æ€ã„ã¾ã™ã€‚ # -*- coding: utf-8 -*- import os import cgi import logging from google.appengine.ext.webapp
Account Suspended
Account Suspended This Account has been suspended. Contact your hosting provider for more information.
iepsen/python-omniauth - GitHub
Dismiss Octotip: You've activated the file finder by pressing t Start typing to filter the file list. Use ↑ and ↓ to navigate, enter to view files.
Authentication overview
<g> <g> <defs> <rect id="SVGID_1_" x="-468" y="-1360" width="1440" height="3027" /> </defs> <clippath id="SVGID_2_"> <use xlink:href="#SVGID_1_" style="overflow:visible;" /> </clippath> </g> </g> <rect x="-468" y="-1360" class="st0" width="1440" height="3027" style="fill:rgb(0,0,0,0);stroke-width:3;stroke:rgb(0,0,0)" /> <path d="M13.4,12l5.8-5.8c0.4-0.4,0.4-1,0-1.4c-0.4-0.4-1-0.4-1.4,0L12,10.6L6.2
OAuth 2.0ã§Webサービスã®åˆ©ç”¨æ–¹æ³•ã¯ã©ã†å¤‰ã‚ã‚‹ã‹ï¼ˆ1/3)- ï¼ IT
OAuth 2.0㧠Webサービスã®åˆ©ç”¨æ–¹æ³•ã¯ã©ã†å¤‰ã‚る㋠ソーシャルAPI活用ã«å¿…é ˆã®â€œOAuthâ€ã®åŸºç¤ŽçŸ¥è˜ æ ªå¼ä¼šç¤¾ãƒ“ーコンIT 木æ‘篤彦 2011/2/2 TwitterãŒOAuth 1.0を採用ã—ãŸã®ã‚’皮切りã«ã€ä»Šã§ã¯å¤šãã®ã‚µãƒ¼ãƒ“スãŒOAuth 1.0ã«å¯¾å¿œã—ã¦ã„ã¾ã™ã€‚国内ã§ã‚‚ã€ä¾‹ãˆã°ã€ãƒžã‚¤ã‚¯ãƒãƒ–ãƒã‚°åž‹ã‚³ãƒ©ãƒœãƒ„ール「youRoomã€ã€å°è¦æ¨¡ã‚°ãƒ«ãƒ¼ãƒ—å‘ã‘グループウェア「サイボウズLiveã€ã€ã€Œã¯ã¦ãªã€ã®ã„ãã¤ã‹ã®ã‚µãƒ¼ãƒ“スã€ã€ŒYahoo!オークションã€ã€ãƒªã‚¢ãƒ«ã‚¿ã‚¤ãƒ ドãƒãƒ¼ãƒ„ール「Cacooã€ãªã©ãŒOAuth 1.0ã«å¯¾å¿œã—ãŸAPIを公開ã—ã¦ã„ã¾ã™ã€‚ ã“ã“æ•°å¹´ã§OAuthã¯ã•ã¾ã–ã¾ãªWebサービスã®ãƒªã‚½ãƒ¼ã‚¹ã‚’利用ã™ã‚‹éš›ã®èªè¨¼æ–¹å¼ã¨ã—ã¦æ™®åŠã—ã¦ãã¾ã—ãŸã€‚ã“ã‚Œã¯å¤§ããªãƒ—レーヤーãŒã‚µãƒãƒ¼ãƒˆã—ãŸã“ã¨ã‚‚ä¸€å› ã§ã™ãŒã€OAuthã®æŒã¤ä»¥ä¸‹ã®2ã¤ã®ç‰¹å¾´ã«ã‚ˆã£ã¦ã€ã€ŒOAuthを使ã†ã¨ã€ã‚µãƒ¼ãƒ“スプãƒãƒã‚¤
OAuthプãƒãƒˆã‚³ãƒ«ã®ä¸èº«ã‚’ã–ã£ãり解説ã—ã¦ã¿ã‚‹ã‚ˆ - ( ꒪⌓꒪) ゆるよã‚日記
「ãŠãƒ¼ãŠãƒ¼ã£ã™ã£!〠ã¦ãªã“ã£ã¦ã€Twitterã®APIã®BASICèªè¨¼ã‚‚6月末ã«çµ‚了ã—ã¦OAuth/xAuthã«ç§»è¡Œã™ã‚‹ã¨ã„ã†ã“ã®æ™‚期ã«ã€ã‚らãŸã‚ã¦OAuthã«ã¤ã„ã¦å‹‰å¼·ã—ã¦ã¿ãŸã‚“ã§ã™ã®ã‚ˆ? OAuthèªè¨¼ã‚’利用ã™ã‚‹ãƒ©ã‚¤ãƒ–ラリã¯å„言語ã§å‡ºãã‚ã£ã¦ãã¦ã‚‹ã®ã§ãれを使ãˆã°ã„ã‚“ã˜ã‚ƒã¾ã„ã‹? ã¨ã„ã†ã¨è©±ãŒçµ‚ã‚ã‚‹ã®ã§ã€ã˜ã‚ƒã‚ãã®ãƒ©ã‚¤ãƒ–ラリã®ä¸èº«ã¯ãªã«ã‚„ã£ã¦ã‚“ã®ã‚ˆã£ã¦ã“ã¨ã‚’ã€OAuthã™ã‚‹Scalaã®ãƒ©ã‚¤ãƒ–ラリ作りãªãŒã‚‰èª¿ã¹ãŸã“ã¨ã‚’ã¾ã¨ã‚ã¦ã¿ã¾ã—ãŸã€‚ é–“é•ã£ã¦ã„ã‚‹ã¨ã“ã‚ã‚‚ã‚ã‚‹ã¨æ€ã†ã®ã§ãƒ„ッコミæ“è¿Žã§ã™ï¼žï¼œ OAuthã£ã¦ãã‚‚ãã‚‚ãªã‚“ãªã®? ã‚‚ã®ã™ã”ãã–ã£ãã‚Šã¨ã„ã†ã¨ã€ŒAPI利用å´ãŒã€ãƒ¦ãƒ¼ã‚¶èªè¨¼ã‚’APIæ供サービスå´ã«ã‚„ã£ã¦ã‚‚らã†ãŸã‚ã®ä»•æ§˜ã€ã£ã¦æ„Ÿã˜ã§ã—ょã†ã‹? BASICèªè¨¼ã®å ´åˆã€API利用å´ãŒèªè¨¼ã«å¿…è¦ãªã‚¢ã‚«ã‚¦ãƒ³ãƒˆã‚„パスワードをé ã‹ã‚‹å¿…è¦ãŒã‚ã‚‹ã‚ã‘ã§ã™ã€‚悪æ„ã®ã‚ã‚‹API利用å´ãŒã€Œãªã‚“ã¨ã‹ãƒ¡ãƒ¼ã‚«ãƒ¼
第1回 OAuthã¨ã¯ï¼Ÿâ€•OAuthã®æ¦‚念ã¨OAuthã§ã§ãã‚‹ã“㨠| gihyo.jp
今回ã‹ã‚‰å§‹ã¾ã£ãŸã€Œã‚¼ãƒã‹ã‚‰å¦ã¶OAuthâ ã€â 。全4回ã®ç‰¹é›†ã«ã¦ã€ã“ã‚Œã‹ã‚‰ã®Webサービスを開発ã™ã‚‹ä¸Šã§ä¸å¯æ¬ ãªæŠ€è¡“「OAuthã€ã«ã¤ã„ã¦å–り上ã’ã¾ã™ã€‚åˆå›žã¯ã€OAuthã®æ¦‚念ã«ã¤ã„ã¦å–り上ã’ã¾ã™ã€‚ ã¯ã˜ã‚ã« ã¯ã˜ã‚ã¾ã—ã¦ã€iKnow!改ã‚smart.fmã®çœŸæ¦ã§ã™ã€‚ç¾åœ¨smart.fmã§ã¯ã€OAuthã‚„OpenIDã€OpenSocialã€Semantic Webã‚„Activity Streamãªã©ã¨ã„ã£ãŸæ–°ã—ã„技術ã®å°Žå…¥ã‚’ç©æ¥µçš„ã«è¡Œã„サイトを活性化ã•ã›ã‚‹ã¨ã¨ã‚‚ã«ã€smart.fm APIを通ã˜ã¦æˆ‘々ã®æŠ€è¡“を外部ã®ãƒ‡ãƒ™ãƒãƒƒãƒ‘ã®æ–¹ã€…ã«ã‚‚æä¾›ã—ã¦ã„ã¾ã™ã€‚ smart.fmã¯æ—¥æœ¬æœ€å¤§ã®OpenID Relying Partyã§ã‚ã‚‹ã ã‘ã§ãªãã€å›½å†…ã§ã¯æ•°å°‘ãªã„OAuth Consumer(後述)ãŠã‚ˆã³OAuth Service Provider(後述)を兼ãるサービスã¨ãªã£ã¦ã„ã¾ã™ã€‚ã“ã†ã„ã£ãŸèƒŒæ™¯
1
ランã‚ング
ランã‚ング
ランã‚ング
リリースã€éšœå®³æƒ…å ±ãªã©ã®ã‚µãƒ¼ãƒ“スã®ãŠçŸ¥ã‚‰ã›
最新ã®äººæ°—エントリーã®é…ä¿¡
j次ã®ãƒ–ックマーク
kå‰ã®ãƒ–ックマーク
lã‚ã¨ã§èªã‚€
eコメント一覧を開ã
oページを開ã
How to Integrate OAuth 2 Into Your Django/DRF Back-end Without Going Insane | Toptal®
cloudfoundr.org
Twitterã®OAuthã®å•é¡Œã¾ã¨ã‚
http://www.machu.jp/posts/20110522/p01/
{{#tags}}- {{label}}
{{/tags}}