Talk in English - US at Midwest PHP 2017
View Slides: https://github.com/cbales/Authorizing-Against-APIs
Short URL: https://joind.in/talk/12442
(QR-Code (opens in new window))
One of the biggest complaints from API consumers is that authenticating against third-party services is painful. I'll walk through the OAuth2 protocol as well as a few common ways to authenticate against a service. Then we'll look at how you can integrate these authentication tokens into your application.
Comments
Comments are closed.
Pros:
This is the 2nd or 3rd "wtf is oauth anyway" talk I've gone to over the years, and first where I was able to get past layers of new vocabulary to get some understanding of the flows sequences of exchanges that cross the wire. I think this is because you clearly define terms up front, and then provided animations showing the familiar experience from the user's POV, immediately followed by short but complete code samples that actually implement the flows. Great!
Cons:
Your talk may have covered what I need to know as an app developer to "get-er-done" if faced with authenticating against a particular existing API that already prescribes the flow to use, but I was left wondering why OAuth's various flows are what they are. For example, what problem is solved by having an authorization code and then an access token rather than going straight to an access token.
I confess to being a bit lost on OpenID connect still as well. Your first slide's first bullet said it was an *authentication* protocol, but my main takeaway is OpenID connect gives you *authorization* information in the form of a non-opaque access token. So still a bit confused on that.
Good overview.
Personally, one of my favorite talks of the conference. Well done.
An extremely well put together and organized presentation on how to use APIs in your own applications. I've occasionally needed to authenticate with an API before but it always felt more luck than skill when I finally got it to work, Caitlin took a lot of the "magic" out of it and helped me understand what was happening and why. I feel a lot more confident about next time I need to use an API in my app.
Slides were easy to read and understand, including the concise and helpful code examples. Excellent pacing and level of explanation that made the whole presentation easy to follow and comprehend.
This was a very good overview of OAuth. I wish I had heard this talk before I embarked on a recent project integrating with Salesforce. I have a better understanding of what I did (or stumbled through) after this talk.