On 19 January 2009, Microsoft released the Windows Feature Pack For Storage 1.0.
On 26 June 2007, this version was released as an update for Windows XP and Windows Server 2003 after Microsoft received requests from hardware and software vendors. IMAPI version 2.0 was released with Windows Vista and Windows Server 2008. If GoodApp ever got compromised, or got acquired by Evil Corp, you could go to Facebook and revoke GoodApp's access.IMAPI was originally introduced with Windows XP. There is a way to revoke access: OAuth 2.0 provides the ability for a service provider to revoke access to a client.
You don't have to change your Facebook password if GoodApp ever gets hacked: This is because of the next point. If GoodApp has federated identities with Facebook, you would have to send your password even less frequently. You send your password across the Internet less frequently: If you already had an active session with Facebook, you actually wouldn't need to reauthenticate with them. Since you aren't giving your credentials, GoodApp no longer needs to store them: With your authority delegated from Facebook, you don't need to worry that GoodApp is storing, or even seeing, your Facebook password. Now, GoodApp doesn't have to even worry about your Facebook credentials. Instead, you are giving it directly to Facebook.
You aren't giving it the "keys to the city" anymore: Notice, in this example, you aren't giving your Facebook username and password to GoodApp. There is no way to revoke access: If GoodApp was acquired by EvilCorp and started doing things that you didn't like, the only way to revoke access would be to change your Facebook credentials. You would then need to change your Facebook password as a result of GoodApp getting owned. You have to change your Facebook password if GoodApp ever gets hacked: If GoodApp somehow got compromised, your Facebook credentials will also have been compromised. The more times you do this, the more risk there is for someone to steal it. You are giving more chances for your password to get stolen: You are sending your username and password across the Internet. To make things worse, different companies enforce different standards of security, some of which are shockingly low. The act of storing your password is an extremely bad practice and should be avoided at all times. GoodApp may save your password, and may do so insecurely: In order for GoodApp to maintain access to your account, they would need to store your credentials. It's easy to see how this becomes very dangerous. You have essentially given GoodApp access to everything in your account, as if they were you. You have given GoodApp the power to do *anything* with your account: This is known proverbially as giving it the "keys to the city". In addition, you will also come across support resources for OAuth and credentials grant. You will also have a look at special considerations to integrate with OAuth service providers via native mobile applications.
You will explore the security considerations and effective methods to debug your applications using appropriate tools.
You will discover more about the access token, how you can use it with your application, and how to refresh it after expiration.īy the end of the book, you will know how to make your application architecture robust. After obtaining an overview of OAuth, you will move on to the second part of the book where you will learn the need for and importance of registering your application and types of supported workflows. With a focus on practicality and security, this book takes a detailed and hands-on approach to explaining the protocol, highlighting important pieces of information along the way.Īt the beginning, you will learn what OAuth is, how it works at a high level, and the steps involved in creating an application. Want to log your user in to your application with their Facebook account? Want to display an interactive Google Map in your application? How about posting an update to your user's LinkedIn feed? This is all achievable through the power of OAuth. Proper use of this protocol will enable your application to interact with the world's most popular service providers, allowing you to leverage their world-class technologies in your own application. OAuth 2.0 is a powerful authentication and authorization framework that has been adopted as a standard in the technical community.