OmniAuth: Flexible, Unassuming Multi-Provider Authentication for Rack - Intridea Blog The web application landscape has changed drastically in the past year or two. Where once every site was a silo unto itself and could reasonably expect users to create a unique login and password for each site, it is now a different story. I sigh every time I have to fill out yet another registration form, wishing instead for a simple "Connect with Facebook", "Sign in with Twitter", or "Log in with OpenID". At the same time, services are more interconnected than ever. One of the best ways to increase the popularity and viability of a new service is by piggybacking it onto the existing user bases of apps such as Twitter, Facebook, and Foursquare.
Federated ID Federated ID, also called Federated Identity Management (FIM), allows a Service Provider (SP) to offer a service without implementing its own authentication system, and to instead trust another entity—an Identity Provider (IdP)—to provide authenticated users to them. If that seems confusing, imagine two companies: IdentiCorp and ServiceInc. ServiceInc has great services, but they don’t like the idea of managing passwords for users. IdentiCorp, on the other hand, provides username and password management as their main business. Federated ID, OpenID, and OAuth: A Web Authentication Primer
Overlap of identity technologies - Google OAuth & Federated Login Research Here is a diagram of how the flow could work: Here is a more detailed description of the steps.Tom arrives for work one day, and before he logs into the corporate SSO system, he decides to setup a LinkedIn account using his firstname.lastname@example.org E-mail address and providing a password that he wanted to use for the account. (In Example 2 below we talk about this step could be optimized in the future)During the setup process, he provides his E-mail address to LinkedIn, and the LinkedIn servers make an inquiry in the background using XRDS to ask AlertBlue's servers if they support the Portable Contacts standard, and they respond with a yes. (This discovery step is invisible to Tom)Tom is then redirected via the OAuth protocol to the server that AlertBlue specified via XRDS that supports PortableContacts for their domain.
Last year I showed how to use pecl/oauth to write a Twitter OAuth Consumer. But what about writing the other end of that? What if you need to provide OAuth access to an API for your site? http://toys.lerdorf.com/archives/55-Writing-an-OAuth-Provider-Service.html
Introducing OAuth 2.0 by hueniverse Two weeks ago, the IETF OAuth Working Group published the first draft of the OAuth 2.0 protocol. OAuth is a security protocol that enables users to grant third-party access to their web resources without sharing their passwords. OAuth 1.0 was published in December 2007 and quickly become the industry standard for web-based access delegation. A minor revision (OAuth 1.0 Revision A) was published in June 2008 to fix a security hole.
intridea's omniauth at master - GitHub README.md OmniAuth: Standardized Multi-Provider Authentication OmniAuth 1.0 has several breaking changes from version 0.x. You can set the dependency to ~> 0.3.2 if you do not wish to make the more difficult upgrade. See the wiki for more information.
Home | Downloads | Client | Authorization Server | Resource Server | Get Involved | Extensions | Deployments | Logo leeloo has been moved permanently to the Apache Amber project (https://cwiki.apache.org/confluence/display/AMBER/Index). Please update your dependencies. We will continue development of the Apache Amber OAuth 2.0 implementation under the ASF umbrella. smartproject / oauth-2.0 / wiki / Home – Bitbucket