Authenticating Against API Services

Caitlin Bales

Saturday 18 March 2017 from 11:00 to 11:50

Talk in English - US at Midwest PHP 2017
View Slides: https://github.com/cbales/Authorizing-Against-APIs
Short URL: https://joind.in/talk/12442 (QR-Code (opens in new window))

Avg. Rating

One of the biggest complaints from API consumers is that authenticating against third-party services is painful. I'll walk through the OAuth2 protocol as well as a few common ways to authenticate against a service. Then we'll look at how you can integrate these authentication tokens into your application.

Comments

Comments are closed.

Mike Baynton at 12:18 on 18 Mar 2017

Pros:
This is the 2nd or 3rd "wtf is oauth anyway" talk I've gone to over the years, and first where I was able to get past layers of new vocabulary to get some understanding of the flows sequences of exchanges that cross the wire. I think this is because you clearly define terms up front, and then provided animations showing the familiar experience from the user's POV, immediately followed by short but complete code samples that actually implement the flows. Great!

Cons:
Your talk may have covered what I need to know as an app developer to "get-er-done" if faced with authenticating against a particular existing API that already prescribes the flow to use, but I was left wondering why OAuth's various flows are what they are. For example, what problem is solved by having an authorization code and then an access token rather than going straight to an access token.

I confess to being a bit lost on OpenID connect still as well. Your first slide's first bullet said it was an *authentication* protocol, but my main takeaway is OpenID connect gives you *authorization* information in the form of a non-opaque access token. So still a bit confused on that.

Noah Bratzel at 19:47 on 18 Mar 2017

Good overview.

Anonymous at 09:27 on 20 Mar 2017

Personally, one of my favorite talks of the conference. Well done.

Crysta McKenney at 14:06 on 20 Mar 2017

An extremely well put together and organized presentation on how to use APIs in your own applications. I've occasionally needed to authenticate with an API before but it always felt more luck than skill when I finally got it to work, Caitlin took a lot of the "magic" out of it and helped me understand what was happening and why. I feel a lot more confident about next time I need to use an API in my app.
Slides were easy to read and understand, including the concise and helpful code examples. Excellent pacing and level of explanation that made the whole presentation easy to follow and comprehend.

Becky at 19:43 on 20 Mar 2017

This was a very good overview of OAuth. I wish I had heard this talk before I embarked on a recent project integrating with Salesforce. I have a better understanding of what I did (or stumbled through) after this talk.