Mastering the Basics of OAuth2


Comments are closed.

Good talk about OAuth 2 and how it works and how to make it work. Well done.

Colin O'Dell at 15:07 on 26 May 2016

Overall I thought this was a great talk explaining what OAuth2 is and how to implement it. The diagrams and code examples were great - very simple and to the point. Showing both the manual and library-based approaches were a nice touch.

The candy bar example was a nifty idea, but I don't know it was that effective. If you re-use this in the future, I'd suggest a few small adjustments:

1. Use other objects to represent the different tokens/codes being passed around. This helps enforce that they're different things with different purposes.
2. For data which is only passed directly between the app and provider, instruct those two demonstrators to make that exchange instead of doing it for them.
3. Ensure the escrow person is the only one with candy bars until the final step.

Changes like that will make it much clearer what is going on and how all the pieces fit together.

Otherwise I found this talk to be very informative. OAuth2 doesn't seem so scary and complicated any more!

I've had trouble dealing with OAuth, especially for non-web apps (in my case for PHPMailer), and while Joseph's presentation was clear and entertaining, I found it mostly confirmed my experience that OAuth is pretty hard! There is a great deal of complex terminology that there really isn't any way to avoid, so it's difficult subject to simplify - but Joseph made a very good effort to do so.