OAuth working with eg

 Authorization:

OAuth is an open-standard authorization protocol or framework that provides applications the ability for “secure designated access.” like taleo uses linkedin to fetch user's details.


SAML (Security Assertion Markup Language) is an alternative federated authentication standard that many enterprises use for Single-Sign On (SSO). SAML enables enterprises to monitor who has access to corporate resources.


Diff b/w OAuth and SAML:

SAML uses XML to pass messages, and OAuth uses JSON.

OAuth provides a simpler mobile experience, while SAML is geared towards enterprise security.

OAuth uses API calls extensively and SAML drops a session cookie in a browser that allows a user to access certain web pages.


OAuth working with eg:

Taleo(Customer) - LinkedIn(Service Provider)


1. Taleo asks for REQUEST TOKEN.

2. LinkedIn provides the request token and SECRET. The secret is used to prevent request forgery.  The consumer uses the secret

 to sign each request so that the service provider can verify it is actually coming from the consumer application.

3. Taleo redirects to Linkedin with token for authorization. Here phishing can occur, beware of redirected URLs.

4. User login to Linkedin to authorize the token.

5. Linkedin provides access token and secret

6. Taleo can use access token to fetch Linkedin API data.


Comments

Post a Comment

Popular posts from this blog

3 of Agile

Image
  3 Roles: 1. Product Owner: Person responsible for defining the features that are needed in the product. 2. Scrum Master: Leader of team, responsible for protecting the team and the process and keeping things going. Ensuring the relationship inside as well as outside the team 3. Team: dev, testers, writers and anyone else helping in developing the product. 3 Artifacts/Documents: 1. Product Backlog: PO create a prioritized list of features know as User Stories that could go into the product. This list evolves and changes priority with every sprint. 2. User Stories: Way of describing a feature set.  e.g., As a …………..(user)     I need ……bla bla….     So that ……reason…. 3. Sprint Backlog: The highest priority user stories go into the sprint backlog. These get estimated for size and are committed for the next sprint.  4. Burndown chart: Show the progress during the sprint. 3 Ceremonies: 1. Sprint Planning: Where PO, SM and team meet to ...
Read more

๐—Ÿ๐—ผ๐—ฎ๐—ฑ ๐—•๐—ฎ๐—น๐—ฎ๐—ป๐—ฐ๐—ฒ๐—ฟ ๐˜ƒ๐˜€. ๐—ฅ๐—ฒ๐˜ƒ๐—ฒ๐—ฟ๐˜€๐—ฒ ๐—ฃ๐—ฟ๐—ผ๐˜…๐˜† ๐˜ƒ๐˜€. ๐—”๐—ฃ๐—œ ๐—š๐—ฎ๐˜๐—ฒ๐˜„๐—ฎ๐˜†

What are the differences between a load balancer, a reverse proxy, and an API gateway? All three are used to optimise and manage web traffic. However, they vary in their function and use cases: A ๐—น๐—ผ๐—ฎ๐—ฑ ๐—ฏ๐—ฎ๐—น๐—ฎ๐—ป๐—ฐ๐—ฒ๐—ฟ is a device that distributes incoming network traffic across multiple servers. The goal is to ensure that no single server is overwhelmed with traffic, which can lead to slow response times or even downtime. Load balancers are ideal for high-traffic websites or applications that need to handle a large volume of requests. A ๐—ฟ๐—ฒ๐˜ƒ๐—ฒ๐—ฟ๐˜€๐—ฒ ๐—ฝ๐—ฟ๐—ผ๐˜…๐˜†, on the other hand, is a server that sits between the client and the webserver. The reverse proxy intercepts requests from clients and forwards them to the appropriate server. The reverse proxy can also cache frequently requested content, which can help improve performance and reduce server load. Reverse proxies are ideal for websites or applications that need to handle a large number of concurrent connections. An ๐—”๐—ฃ๐—œ ๐—ด...
Read more