Mastering the Basics of OAuth2

Joseph Maxwell (26.May.2016 at 14:00, 1 hr )
Talk at php[tek] 2016 (English - US)

Rating: 4 of 5

Mastering the Basics of OAuth2

Who are you?

Claim talk

Talk claims have been moved to the new site.

Please login to the new site to claim your talk

Comments closed.


Rating: 5 of 5

26.May.2016 at 14:57 by David Stockton (189 comments) via Web2 LIVE

Good talk about OAuth 2 and how it works and how to make it work. Well done.

Rating: 4 of 5

26.May.2016 at 15:07 by Colin O'Dell (122 comments) via Web2 LIVE

Overall I thought this was a great talk explaining what OAuth2 is and how to implement it. The diagrams and code examples were great - very simple and to the point. Showing both the manual and library-based approaches were a nice touch.

The candy bar example was a nifty idea, but I don't know it was that effective. If you re-use this in the future, I'd suggest a few small adjustments:

1. Use other objects to represent the different tokens/codes being passed around. This helps enforce that they're different things with different purposes.
2. For data which is only passed directly between the app and provider, instruct those two demonstrators to make that exchange instead of doing it for them.
3. Ensure the escrow person is the only one with candy bars until the final step.

Changes like that will make it much clearer what is going on and how all the pieces fit together.

Otherwise I found this talk to be very informative. OAuth2 doesn't seem so scary and complicated any more!

Rating: 4 of 5

26.May.2016 at 15:44 by Marcus Bointon (21 comments) via Web2 LIVE

I've had trouble dealing with OAuth, especially for non-web apps (in my case for PHPMailer), and while Joseph's presentation was clear and entertaining, I found it mostly confirmed my experience that OAuth is pretty hard! There is a great deal of complex terminology that there really isn't any way to avoid, so it's difficult subject to simplify - but Joseph made a very good effort to do so.

© 2019