Authenticating Against API Services

Caitlin Bales (18.Mar.2017 at 11:00, 50 min)
Talk at Midwest PHP 2017 (English - US)

Rating: 5 of 5

One of the biggest complaints from API consumers is that authenticating against third-party services is painful. I'll walk through the OAuth2 protocol as well as a few common ways to authenticate against a service. Then we'll look at how you can integrate these authentication tokens into your application.

Who are you?

Claim talk

Talk claims have been moved to the new site.

Please login to the new site to claim your talk

Comments closed.


Rating: 5 of 5

18.Mar.2017 at 12:18 by Mike Baynton (12 comments) via Web2 LIVE

This is the 2nd or 3rd "wtf is oauth anyway" talk I've gone to over the years, and first where I was able to get past layers of new vocabulary to get some understanding of the flows sequences of exchanges that cross the wire. I think this is because you clearly define terms up front, and then provided animations showing the familiar experience from the user's POV, immediately followed by short but complete code samples that actually implement the flows. Great!

Your talk may have covered what I need to know as an app developer to "get-er-done" if faced with authenticating against a particular existing API that already prescribes the flow to use, but I was left wondering why OAuth's various flows are what they are. For example, what problem is solved by having an authorization code and then an access token rather than going straight to an access token.

I confess to being a bit lost on OpenID connect still as well. Your first slide's first bullet said it was an *authentication* protocol, but my main takeaway is OpenID connect gives you *authorization* information in the form of a non-opaque access token. So still a bit confused on that.

Rating: 4 of 5

18.Mar.2017 at 19:47 by Noah Bratzel (38 comments) via Web2 LIVE

Good overview.

Rating: 5 of 5

20.Mar.2017 at 09:27 by Anonymous

Personally, one of my favorite talks of the conference. Well done.

Rating: 5 of 5

20.Mar.2017 at 14:06 by Crysta McKenney (20 comments) via Web2 LIVE

An extremely well put together and organized presentation on how to use APIs in your own applications. I've occasionally needed to authenticate with an API before but it always felt more luck than skill when I finally got it to work, Caitlin took a lot of the "magic" out of it and helped me understand what was happening and why. I feel a lot more confident about next time I need to use an API in my app.
Slides were easy to read and understand, including the concise and helpful code examples. Excellent pacing and level of explanation that made the whole presentation easy to follow and comprehend.

Rating: 4 of 5

20.Mar.2017 at 19:43 by Becky (34 comments) via Web2 LIVE

This was a very good overview of OAuth. I wish I had heard this talk before I embarked on a recent project integrating with Salesforce. I have a better understanding of what I did (or stumbled through) after this talk.

© 2019