• Banyak alasan untuk percaya masa depan akan lebih baik. Fight!

    Apa itu OAuth?


    Konsep baru yang gw dapet kemarin di kantor, OAuth. Selagi masih inget dan biar ga cepat terlupakan, ya ditulislah ya. Sekalian barangkali ada yang mau menambahkan atau mengkoreksi pemahaman gw tentang OAuth. Karena barang baru buat gw, hal pertama yang dicari adalah 'Apa itu OAuth?'.

    Yap, OAuth merupakan authorization framework yang memungkinkan aplikasi third-party untuk memperoleh limited access ke http service, OAuth ini bertindak sebagai perantara interaksi approval antara pemilik resource dan layanan http, atau memungkinkan juga aplikasi third party untuk memperoleh resource yang ada pada aplikasi lain dengan menggunakan akses terhadap aplikasi pemilik resource tersebut. Dengan OAuth, aplikasi third party tidak perlu melemparkan username dan password di web untuk mendapatkan akses ke aplikasi pemilik resource. Hal ini dirasa lebih secure dan simple untuk otorisasi user.

    Contoh kasus misalnya Kaskus dan twitter, kita ingin login kaskus namun menggunakan username dan password twitter, sehingga dalam kasus ini kaskus adalah client dan twitter adalah pemilik resource. Agar kaskus dapat mengakses resource twitter sekaligus sebagai otorosasi username dan password, mekanisme yang dilakukan OAuth adalah sebagai berikut:

    Protocol Flow
    1. The client requests authorization from the resource owner. The authorization request can be made directly to the resource owner, or preferably indirectly via the authorization server as an intermediary.
    2. The client receives an authorization grant, which is a credential representing the resource owner's authorization, expressed using one of four grant types defined in this specification or using an extension grant type. The authorization grant type depends on the method used by the client to request authorization and the types supported by the authorization server.
    3. The client requests an access token by authenticating with the authorization server and presenting the authorization grant. 
    4. The authorization server authenticates the client and validates the authorization grant, and if valid issues an access token. 
    5. The client requests the protected resource from the resource server and authenticates by presenting the access token.
    6. The resource server validates the access token, and if valid, serves the request.

    cmiiw :)

    sumber : http://oauth.net/documentation/

    3 comments:

    1. jadi cara menggunakan OAuth itu gimana, misalnya pada web kita sendiri?

      ReplyDelete
      Replies
      1. untuk menggunakannya, kita harus menambahkan library OAuth itu sendiri ke web kita. Untuk lebih detailnya, ada banyak contoh code sesuai dengan bahasa pemrograman yg kita pakai disini http://oauth.net/code/
        cmiiw :)

        Delete
    2. Important Nutrition: Each and every rolex replica submariner offers dependence on correct quantity of meats, nutritional vitamins, carbs, fat, drinking water as well as mineral deposits. Your pet can also be not really outstanding. Correct quantity of consumption could keep your pet omega replica as well as energetic in history. Nutritional requirements differ along with grow older, exercise degree as well as variety of your dog. A number of real canine food-manufacturing businesses put together high quality canine meals ideal for just about all with regard to each pup as well as older. Generally typical grow older canine requirements 5 oz . for each 10 lbs pounds within the subsequent fake omega from complete consumption. This particular seafood essential oil may enhance the capability of the individual in order to focus as well as boost the considering degree. The reason being of the cause which just about all the actual swiss fake watches tend to be recommending seafood essential oil pills because dietary supplements. An additional appealing point is actually which, it doesn't possess any kind of unwanted effects since it is actually organic and it is removed through seafood. Simply because utilizing omega replica weapons tend to be secure, it's also employed for training within army camps.

      ReplyDelete

    Salam blogger...

     

    Blog Status

    Free Hit Counter
    HTML Counter
    free counters

    Followers