Difference between revisions of "CLARIN/OAuth2 real world usage"
(add/fix ORCID) |
(add gigya) |
||
| Line 360: | Line 360: | ||
|X | |X | ||
| | | | ||
| + | | | ||
| + | | | ||
| + | | | ||
| + | | | ||
| + | |- | ||
| + | |[http://developers.gigya.com/010_Developer_Guide/85_REST/OAuth2 gigya] | ||
| + | | | ||
| + | |X | ||
| + | |X | ||
| + | | | ||
| + | |X | ||
| | | | ||
| | | | ||
| Line 394: | Line 405: | ||
** ''client authentication'' using <tt>client_secret</tt> in request parameters | ** ''client authentication'' using <tt>client_secret</tt> in request parameters | ||
** needs <tt>Accept: application/json</tt> in request header for JSON responses | ** needs <tt>Accept: application/json</tt> in request header for JSON responses | ||
| + | * ''[http://developers.gigya.com/010_Developer_Guide/85_REST/OAuth2 gigya]''' | ||
| + | ** uses <tt>Authentication: '''OAuth''' ''access_token''</tt> to pass the token | ||
Revision as of 09:21, 13 September 2012
<sidebar>
- CLARIN web service security
- CLARIN/Security_for_web_services|Analysis
- CLARIN/OAuth2|OAuth2
- CLARIN/OAuth2 use case|OAuth2 use-case
- CLARIN/OAuth2_real_world_usage|OAuth2 elsewhere
- resources
</sidebar> OAuth2 is gaining traction. To learn about how it is used in practice, I have compiled a table of known implementations. This will help in assessing how to put this technology in use for CLARIN.
Please note that this is far from complete. There must be dozens of other providers, and full documentation of existing implementations was not always publically available; information may be outdated as well.
| Provider | draft | supported flows | note | ||||||
|---|---|---|---|---|---|---|---|---|---|
| authz code | implicit | owner cred | client cred | device | assertion | custom | |||
| 12 | X | X | X | ||||||
| Github | 07 | X | |||||||
| Google, YouTube | 22+25 | X | X | jwt | |||||
| Salesforce | 10 | X | X | ||||||
| Foursquare | X | X | X | ||||||
| SoundCloud | 10 | X | X | X | refresh | ||||
| Geoloqi | 10 | X | X | X | |||||
| Glitch | 13 | X | X | ||||||
| MS Live Connect | 15 | X | X | sign-in | |||||
| bit.ly | X | xauth | |||||||
| Meetup | 15 | X | X | ||||||
| dailymile | 11 | X | X | ||||||
| LevelUp | 11 | X | |||||||
| X | |||||||||
| Yapp | |||||||||
| Viadeo | X | X | |||||||
| Dailymotion | 10 | X | X | X | |||||
| PayPal | X | ||||||||
| MailChimp | 10 | X | |||||||
| CheckFront | 20 | X | refresh, expire | ||||||
| Yammer | 20 | X | X | ||||||
| Eventbrite | X | X | |||||||
| Add to Trip | X | X | (1) | ||||||
| Numote Live | |||||||||
| Svpply | X | ||||||||
| Breezy | |||||||||
| Orcid | 22 | X | X | ||||||
| via.me | X | X | |||||||
| php-voot | 26 | X | X | VOOT in Foodle, SURFcontext, Sympa, among others | |||||
| Deutsche Telekom | 10 | ? | see here | ||||||
| Trulioo | X | refresh | |||||||
| Concur | X | ||||||||
| gigya | X | X | X | ||||||
(0) programmableweb has a nice list as well; some draft numbers here
(1) perhaps not fully compliant, SDK omits response_type parameter
Implementation notes
OAuth2 requires implementors to make decisions regarding a number of questions (profiling). This includes supported flows and client authentication. Besides that, real-world implementations sometimes differ from the (latest) draft/specification. Some very incomplete notes on that.
- bit.ly
- does not handle the state parameter in the authorization endpoint
- client authentication using client_secret in request parameters
- Github
- client authentication using client_secret in request parameters
- needs Accept: application/json in request header for JSON responses
- gigya'
- uses Authentication: OAuth access_token to pass the token
