►
Description
Restream helps you multistream & reach your audience, wherever they are.
B
Bit,
what
was
it
about
yeah?
So
my
colleague
Brian
and
I
presented
a
talk
based
on
our
colleague
Aaron's
work
with
the
oauth
standards
committee.
We
were
talking
about
what
the
heck
is
oauth,
because
it's
one
of
those
things
that
you'll
find
yourself
using.
You
see
it
in
the
URL.
You
go
I
recognize
that
I
feel
like
I
should
know
what
that
is.
But
someone
asks
you
what
it
is
and
you're
like
it's
that
thing
when
you
log
in
oh.
B
So
you
know
how
back
in
the
before
times
when
you
needed
to
share
some,
but
not
all
of
your
data
with
a
website.
It
might
just
ask
you
for
your
username
and
your
password
like,
let's
say
the
example
we
used
in
our
talk,
is
you're
logging
into
Yelp,
and
so
you
want
to
share
your
contacts
with
Yelp,
and
so
you
share
your.
B
B
A
A
B
B
So
what
it
has
to
do
with
Kong
is
that,
if
you're
building
an
API
that
you
want
users
to
be
able
to
have
some
data
shared
with
your
app
say
via
OA,
then,
if
you're
using
an
API
Gateway
like
Kong,
provides
net
Gateway
can
handle
all
of
the
hard
stuff
about
implementing
oauth
for
you.
It
can
just
give
you
the
token,
or
even
just
give
you
the
information.
You
really
probably
don't
want
to
be
managing
an
oauth
implementation
within
your
app.
It's
just
a
simple
little
app
that
you're
trying
to
build
and.
B
A
Excellent,
so
how
do
I
go
about
setting
it
up?
Let's
say:
I
have
now
an
application
that
I
want
to
to
authenticate
the
users
and
then
I
don't
want
to
do
like
any
of
this
stuff
by
hand.
Instead,
I
want
to
use
Kong
as
an
API,
Gateway
and
an
oath
provider.
Let's
say
OCTA
I
heard
they're
pretty
good
and
as
my
oath
provider.
So
how
do
I
Tire
all
those
three
pieces
together,
my
application?
They
be
a
Gateway
and
or
provider.
B
So
that'll
depend
on
the
particular
things
that
you're
using
I
would
recommend
just
searching
Kong
with
oauth,
and
you
will
drop
right
on
into
a
tutorial
there
for
your
particular
use
case.
If
you're
using
a
particular
framework,
you
may
just
be
able
to
flip
a
switch
and
have
oauth
enabled
anyways.
There
will
be
a
handshake
that
you
do
to
set
it
up
with
the
identity
provider
that
you're
using
if
you're
the
one
providing
the
identity
stuff.
If
you're
just
consuming
it,
then
all
you
need
is
something
that
works
with
the
spec.
B
Absolutely
I
mean
I,
don't
think
you're
going
to
be
picking
your
framework
based
on
it,
so
lost
compliance.
If
you've.
If
you
found
yourself
implementing
from
scratch,
you
found
yourself
in
a
framework
that
doesn't
have
great
compliance.
You're,
probably
just
going
to
want
to
use
a
sidecar
pattern,
just
handle
it
off
in
that
sidecar
pass
back
either
the
token
or
the
data
that
you
got
from
the
oauth
server
or
from
openid
connect,
and
since
most
identity
providers
will
use
both
oauth
and
then
on
top
of
it
oidc.