With the OAuth wave crashing down on the identity space, Scott Tomilson is in an enviable position – up on a hill side taking it all in.
The good thing is Tomilson, a technical product manager at Ping, wants to share his knowledge and will do so at the Cloud Identity Summit during a three-hour workshop July 17 entitled: Going Mobile with PingFederate and OAuth 2.0.
Tomilson will focus specifically on OAuth and integration with mobile applications. He will sweeten the pot for PingFederate users by showing how it fits in the mix with a special configuration as an OAuth Authorization Server.
“There is so much momentum behind OAuth that it is clear it is going to be around for a long, long time,” says Tomilson.
Tomilson will open his workshop by getting everyone to a baseline understanding of OAuth, what he describes as a standard way to protect RESTful APIs. He will show how to leverage existing enterprise authentication systems and solve issues that today force users to often submit credentials to an application they might not fully trust.
“We will explain what OAuth is trying to solve and how it applies to mobile applications, we will get into grant types and which ones you should choose,” he said. “If you are writing an enterprise application, how you implement OAuth is very different from how you implement it in a partner type application that interacts with a third-party API.”
Tomilson says he will spend the first half of the workshop going through the practical information before moving to hands-on activity. He will use Ping’s OAuth Playground, and set up PingFederate to interact with the tools and give users an understanding of the inputs and outputs of a standard OAuth Authorization Server.
He then plans to review some iOS and Android applications and highlight some of the code changes needed in applications to make use of OAuth.
Tomilson also will spend time on other pieces of the infrastructure including authentication, what kinds of adapters to use, and designs used to get OAuth tokens.
“There are so many big players implementing OAuth if you don’t keep up now, you will fall far behind,” he said.
Below, hear Scott in his own words outline his workshop.