Overview

vzaar uses oAuth as an Authentication System to protect users resources. For information about the protocol refer to http://oauth.net.

The oAuth protocol is traditional designed for 3 party system where there is a user, a consumer and a service provider. This is defined in the oAuth documentation as follows.

  • User: An individual who has an account with the Service Provider.
  • Consumer: A website or application that uses OAuth to access the Service Provider on behalf of the user.
  • Service Provider: A web application that allows access via OAuth.

vzaar also has implemented a 2-legged system where there is no consumer (or more accurately the consumer and the user are the same entity).

vzaar breaks these implementations down logically as

  1. 2-legged Authentication / User Level Authentication NOT CURRENTLY IMPLEMENTED
  2. 3-legged Authentication / System Level Authentication)

Below is detailed simple versions for oAuth example workflows for both implementations. These are between a imaginary user and fictitious consumer and are to help understand the different roles of the three parties and highlight the difference between Three Legged / User Level Authentication and Two Legged / Systems Level Authentication.

oAuth Code Libraries

There are code libraries for all the major languages on the oAuth website. For samples and libraries please check http://oauth.net/code

There is support for many popular development laguages including ColdFusion, Java, .Net, Perl, PHP, JavaScript, Python and Ruby.

2-legged Authentication

For illustrative purposes, below is detailed an abridged version of an oAuth example workflow, between a imaginary 3rd Party who wants to integrate vzaar into their system.

The scenario below imagines a 3rd Party company (AuctionsInc) who wants to access a protected resource (videos marked private) on a service provider (vzaar) via a custom integration on their own platform. This is what’s described in the section titled “Manual Access Token Provisioning” on Eran Hammer-Lahav’s Hueniverse blog post - Beyond the OAuth Web Redirection Flow.

vzaar_oauth_implementation.001.png

3-legged Authentication

NOTE: This implementation is not currently supported via vzaar.

For illustrative purposes, below is detailed an abridged version of an oAuth example workflow, between a imaginary 3rd Party who wants to integrate vzaar into their system.

The scenario below imagines a user (Bob Smith) who wants to access a protected resource (videos marked private) on a service provider (vzaar) via a consumer (AuctionsInc). A more detailed version is available on Eran Hammer-Lahav’s Hueniverse blog - Beginner's Guide to OAuth - Part II : Protocol Workflow.

vzaar_oauth_implementation.002.png


contact us   by phone, mail or twitter...
libraries
ruby java php .net node
affiliates
affiliate program


Powered by Olark