WarsawJS Presentation Template

oAuth in JS

Daniel Kopka @danielkopka

Topics

What?

Why?

How?

Why not?

What is oAuth?

Authentication

OAuth is an open protocol to allow secure authorization in a simple and standard method from web, mobile, and desktop applications.

oAuth1.0a

The client obtains an unauthorized request token.
The client redirects the user to a login dialog at the provider.
The user authorizes the request token, associating it with their account.
The provider redirects the user back to the client.
The client exchanges the request token for an access token.
The access token allows the client to access a protected resource at the provider, on behalf of the user.

oAuth2.0

The client redirects the user to a login dialog at the provider.
The user authorizes the client.
The provider redirects the user back to the client, additionally returning an access_token.
The client validates the access token.
The access token allows the client to access a protected resource at the provider.

Whyshould I use it?

Why should I use it?

Before oAuth - aka the Dark Ages
Apps shouldn't store your password
Apps shouldn't have full access to your account
Compromised apps expose user's password
Facebook is so cool (or not) because...

How can I do this?

1. Get your credentials

2. Generate code for login button

Facebook example

                <div id="fb-root"></div>
                <script>(function(d, s, id) {
                  var js, fjs = d.getElementsByTagName(s)[0];
                  if (d.getElementById(id)) return;
                  js = d.createElement(s); js.id = id;
                  js.src = "//connect.facebook.net/pl_PL/sdk.js#xfbml=1&
appId=1234567&version=v2.0";
                  fjs.parentNode.insertBefore(js, fjs);
                }(document, 'script', 'facebook-jssdk'));</script>

3. Prepare your "success/failure" page

How it looks in practice?

Plain JavaScript
With native JavaScript SDK
With support of hello.js
With support of oauth.io
Ember.js
AngularJS

Plain JavaScript

Don't do this, just don't

JavaScript SDK - Include

                (function(d, s, id) {
                 var js, fjs = d.getElementsByTagName(s)[0];
                 if (d.getElementById(id)) return;
                 js = d.createElement(s); js.id = id;
                 js.src = "//connect.facebook.net/en_US/sdk.js";
                 fjs.parentNode.insertBefore(js, fjs);
                }(document, 'script', 'facebook-jssdk'));

JavaScript SDK - Callback

                function statusChangeCallback(response) {
                  console.log('statusChangeCallback');
                  console.log(response);
                }
                function checkLoginState() {
                 FB.getLoginStatus(function(response) {
                  statusChangeCallback(response);
                 });
                }

JavaScript SDK - Configure

                window.fbAsyncInit = function() {
                 FB.init({
                  appId      : '{your-app-id}',
                  cookie     : true, 
                  xfbml      : true,
                  version    : 'v2.1'
                 });
                 FB.getLoginStatus(statusChangeCallback);
                };

JavaScript SDK - Button

                <fb:login-button 
                  scope="public_profile,email" 
                  onlogin="checkLoginState();">
                </fb:login-button>

Hello.js - Include

                <script src="./dist/hello.all.js">

Hello.js - Configure

                hello.init({ 
                  facebook : FACEBOOK_CLIENT_ID,
                  windows  : WINDOWS_CLIENT_ID,
                  google   : GOOGLE_CLIENT_ID
                },{redirect_uri:'redirect.html'});

Hello.js - Callback

                hello.on('auth.login', function(auth){
                 hello( auth.network ).api( '/me' ).then( function(r){
                  label.innerHTML = 'Hey ' + r.name;
                 });
                });

Hello.js - Button

                <button
                  onclick="hello( 'facebook' ).login()">
                  Facebook
                </button>

oAuth.io - Include & Config

                <script src="path/to/oauth.js"></script>
                <script>
                  OAuth.initialize('your_app_key');
                </script>

oAuth.io - Callback

                OAuth.popup('provider')
                  .done(function (result) {
                    // Perform API calls
                  })
                  .fail(function (error) {
                    // Handle errors
                  });

WarsawJS Presentation Template

oAuth in JS

Topics

What?

Why?

How?

Why not?

What is oAuth?

Authentication

oAuth1.0a

oAuth2.0

Whyshould I use it?

Why should I use it?

How can I do this?

1. Get your credentials

2. Generate code for login button

Facebook example

3. Prepare your "success/failure" page

How it looks in practice?

Plain JavaScript

Don't do this, just don't

JavaScript SDK - Include

JavaScript SDK - Callback

JavaScript SDK - Configure

JavaScript SDK - Button

Hello.js - Include

Hello.js - Configure

Hello.js - Callback

Hello.js - Button

oAuth.io - Include & Config

oAuth.io - Callback

Ember.js

AngularJS

Why not?

Why not?

Thank you!

Questions?

10Clouds is hiring!