An overview of the protocols that allow a Service Provider (SP) to re-use the authentication services provided by a remote Identity Provider (IdP).
Will cover Security Assertion Markup Language (SAML), its nomenclature, and its handshake strategies for authenticating users across federated services. Will show examples of SAML using PHP libraries such as LightSAML for identity providers and OneLogin's php-saml for service providers. Will discuss XML documents used for metadata and x509 certificates used to authenticate transactions. Will show the steps for initiating a SAML authentication validation request, generating a validation assertion, and decoding a validation assertion.
Will cover OAuth 1.0 and real-life application using IMS Global's Learning Tools Interoperability (LTI) protocol. Will show examples in the PHP League's OAuth 1 client to accept inbound requests from Instructure's Canvas client. Will discuss shared client keys and shared client secrets used to generate OAuth 1.0 encryption values.
Will cover OAuth 2.0, its differences from OAuth 1.0, and real-life application with Facebook and Google. Will show how to register a web application with these identity providers, and how to initiate handshakes using various redirect strategies. Will discuss the difference between authentication and authorization. Will also review the additional layer of extending proxy authorization for tasks and how to use refresh tokens to gain access to authorized services.