ฝัง
- เผยแพร่เมื่อ 20 ม.ค. 2020
- In this video we cover what OAuth is and why we even have it in the first place. OAuth in Five Minutes is a series where we deep-dive on various topics around OAuth in just five minutes!
Buy the book! amzn.to/2S6Uj4e
Check out our video course! The Nuts and Bolts of OAuth 2.0
oauth2simplified.com/course
Learn more about OAuth at oauth.net
--
Okta is a developer API service that stores user accounts for your web apps, mobile apps, and APIs.
* Sign up for Okta for free at developer.okta.com/signup/
* For more info visit us at developer.okta.com/
* Developer Blog: developer.okta.com/blog/
* Sign up for our monthly newsletter! a0.to/zeroindex
* Follow us on Twitter: / oktadev
* Follow us on FB: / oktadevelopers
* Follow us on LinkedIn: / oktadev - วิทยาศาสตร์และเทคโนโลยี
I don't think I've ever seen a tutorial this informative, clear, and helpful before!
I got more out of this 5 minute video than reading a ton of articles! Thanks so much!
A very clear and helpful introduction. Thanks for shooting this video
I’ve been wondering why the heck anyone would want to use OAuth in a strictly first party situation. You really explained it well and I’m finally convinced. Big thanks for a great video.
Absolutely!!! Same. He sure did. It reduced the Attack Surface Area as explained.
Thank you for keeping it simple and to the point!
Good explanation. Background music is a bit distracting.
yeah, I kept saying "what the heck is that noise??"
Thank you, that explanation was exactly what I was looking for!
This is the best introduction video for OAuth concepts. Thank you for the material.
Simple and clear explanation. I have used oauth before in my projects, but to be honest, I learnt its exact flow today :)
Thanks, great to get a good human explanation. These things are not that complicated, but all the new terms that are introduced muddy the waters for me. Your explanation is excellent.
Very interesting point about companies' internal 1st part apps using OAuth as Authentication vs just for Authorization👌
Nicely explained. Appreciate your efforts
great explanation! Thanks for the video
the best 5 minutes of my entire day, thank you!
Just getting acquainted with oauth and this is a great intro!
Concise and well explained.
Wow! Very clear.
Thank you :)
I am extremely green in this space - this was such an amazing introduction to OAuth for me. Thank you thank you thank you
Wow! Beautifully explained.
You made the world a better place by making this video.
Awesome video tutorial guys ✌️✌️
Thanks a whole lot for this video. It served its intended purpose.
Very useful, thank you!
Super insightful, thanks
Epic. Super helpful, thanks for posting.
a great talk: thx and keep them coming!
Thank you for posting the video!
very clear thanks!
Graphical representation would be extremely beneficial. Great work👍
We need tutorials on Google fit api as well as other APIs..
Thanks
How about this one! developer.okta.com/blog/2019/10/21/illustrated-guide-to-oauth-and-oidc
One word - Awesome!!!!
very nice video!!
Thank you! I never understood giving up my twitter password to another website for authentication, but I see that option ALL the time.
Really good one
Thanks great video
Wow..Brilliant... too good... and all other good superlatives here.... :) ... thank you
!!! awesome video!
OAuth IS AWESOME!!!
thanks
thank you
Thanks !!
Welcome!
very helpful, described video. Like oAuth101.
Why is sms mfa insecure?
Also, when you rely on Google for Oauth are you sharing application specific data? Or does Google only know that you use that service and when you log in
SMS MFA is prone to SIM swap attacks. An attacker can also break into the cellular network and intercept SMS messages to your phone. However, it's still better to have SMS MFA on than no MFA at all.
4:47 reasons why you should use OAuth for everything
Basically, OAuth is a protocol that redirects user from the 3rd party application and authenticate themselves through the OAuth server (I got confused here so Google, Twitter, and other trusted applications have their own OAuth server?) while having the ability to understand what data the 3rd party application able and unable to access, right?
3:30 basically SSO isn't it? So, OAuth protocol allows 3rd party application (external) to access data/API of the trusted application securely while SSO allows the user to access various services of the same application (internal) without needing to login over and over again, isn't it?
awesome.. thanks... just need to slowdown a bit ...
If I do that, then people are just gonna complain that I talk too slow!
@@aaronpk I am happy in both cases ... :) :+1:
me too. but it only means i need improve my listening skills.
how can we make our own? If we have our own brand
4:18 people makes mistakes so true 🙈
what if they're working for an Intelligence Office?
I have seen his videos before, and have always been confused on something… I understand why he says third-party applications, when saying Oauth was created for accessing them from the client applications, so that the client application doesn’t have to ask the user for the password, but why does he call client applications first party? What is a second party application then?
Yelp is third party.. for the app resource (Yelp content), they are also first party. Unfortunately, they want your Google password, for which they are a third party between you and Google)
Rather than hand waving, and use of “the app”, why not give us some images so it’s very clear and not confusing
why should we not use messages multi factor auth
Hello, thanks for your question. Could you expand a bit more on what you mean by messages for MFA, please? Thanks!
@@OktaDev on the video you said its a bad idea to use messages for MFA
¿A qué clase de cerebrito se le ocurrió presentar información técnica en vídeo?
Good explanation, only guy speaks too fast for majority of audience, and would have been great to have some graphics illustrating his explanations.
He really wanted to make it 5 minutes 😅
Nice explanation… but Next time please remove the BGM when you are explaining, I could hardly concentrate😢
4:19 lol when you discover that your application has logging password in a text file for months (? 🤣 I hope that never happens🙏 let's use OAuth
What happened to Justin
when is the last time you blinked?
tante ciacoe
The background music is quite distracting.
Oh yeas, lets put one monolith point of failure in our application and let google run it. I'm sure they're doing this out of the goodness of their heart. Also if you want any support better hope the community addresses it cuz google corporate wilil not give AF. Better hope the project manager doesn't get promoted then google depreciates the service cuz no one wants to maintain code they want to create fancy products looking for a problem.
To be clear, Google in this example is providing a service to Google itself.
Samikhadris
Would help if you speak 50 words per minute instead of 200
too fast
You repeat yourself a lot. Video could have been 2:30