Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Practical Auth in a Serverless World

Practical Auth in a Serverless World

It became essential for businesses to protect their applications, services and customer data from attackers. If you want to stay competitive, knowing how to efficiently and easily apply security and auth while being aware of the most common pitfalls is key in today's serverless world.
Traditional machine-to-machine auth approaches where you can rely on a stateful environment fall short in a modern serverless and thus stateless world.
After a short recap of some auth fundamentals, you'll learn how to efficiently apply authentication to Azure Functions without compromising security - using an external Identity Provider like Auth0, OAuth 2, JWT, the secrets management system Azure Key Vault, Azure Managed Identities and Cloudflare Workers.

Andreas Grimm

June 04, 2019
Tweet

More Decks by Andreas Grimm

Other Decks in Technology

Transcript

  1. @_andreasgrimm Akelius Real Estate Internal Business Software 2/3 K8S, 1/3

    serverless IAM Architecture / Security DDD (trying to) Community
  2. @_andreasgrimm Agenda Serverless My Serverless Story Serverless & Auth Auth

    Fundamentals Securing a Serverless API Serverless Machine-to-Machine Client
  3. @_andreasgrimm – Gojko Adzic (@gojkoadzic) “Serverless is without servers like

    WiFi (Wireless Fidelity) is without wires. With WiFi there are still wires (e.g. router attached to cable modem), but you don't care about them anymore.”
  4. @_andreasgrimm Auth Examples -> Auth0 (IDP) Azure Functions (FaaS) Azure

    API Management (API Gateway) Cloudflare Workers (API Gateway) Azure KeyVault (Security Management System) Azure Managed Identities (IAM for cloud resources)
  5. @_andreasgrimm JWT Validation in Function App "Function App": - Group

    of functions deployed together - Sharing one identity
  6. @_andreasgrimm ___________.__ __ \__ ___/| |__ _____ ____ | |

    __ ______ | | | | \\__ \ / \| |/ / / ___/ | | | Y \/ __ \| | \ < \___ \ |____| |___| (____ /___| /__|_ \/____ > \/ \/ \/ \/ \/ ___( ) ( _) (_ __)) (( _____) (_________)----' _/ / / _/ _/ / / __/ _/ / /__/ // /' - Blog: andreasgrimm.com - Twitter: @_andreasgrimm - LinkedIn: linkedin.com/in/andreas-grimm/ - Meetup Organizer: @DDDBER, @FullstackJS, Serverless Berlin