Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Authentication in Web, API-based & Distributed Environments

Niko Köbler
March 22, 2021
Programming
0
62

Authentication in Web, API-based & Distributed Environments

Niko Köbler

March 22, 2021
Tweet

More Decks by Niko Köbler

See All by Niko Köbler
OAuth2, OIDC & JWT - Important Basics!
dasniko
0
48
Cloud Native Serverless Java with Quarkus & GraalVM on AWS Lambda
dasniko
0
110
Serverless! But Multi-Cloud?
dasniko
0
110
Containers vs. Serverless 2019
dasniko
1
110
How Do You Authenticate..?
dasniko
1
93
Serverless Security
dasniko
0
180
Containers vs. Serverless
dasniko
2
350
Serverless code-build-run pipelines
dasniko
0
50
Authentication & Authorization for Microservices and Web APIs
dasniko
2
350

Other Decks in Programming

See All in Programming
PDF_TDX_2023_Apex__What_s_New_and_What_s_Coming.pdf
fishofprey
3
840
名付けできない画面を作ってはならない - 名前を付けるとは何か
chatii
0
180
KMMのCI/CD
kubode
3
280
Spring Modulithで始めるモジュラモノリス開発
yutootsuka
2
260
CSC308 Lecture 26
javiergs
PRO
0
110
結合テストの自動化にQAはどうかかわっていったか
nagworld
0
130
K/NとNSKeyedArchiverと私
ryunen344
0
170
Learning PHP with PHP Parser
inouehi
0
160
\ 祝!/AWS 大阪リージョン 2 周年の歩み
track3jyo
PRO
0
160
Recon Slides by Anon_Y0gi
y0gi
0
210
AT Protocol (BlueSky Social)仕様解説 ~ W3C DID仕様を添えて ~
gpsnmeajp
0
120
日常業務のカイゼンで図る開発チームへの貢献 - YAPC::Kyoto 2023
koluku
4
310

Featured

See All Featured
The Success of Rails: Ensuring Growth for the Next 100 Years
eileencodes
24
5.1k
Design by the Numbers
sachag
271
18k
Stop Working from a Prison Cell
hatefulcrawdad
264
18k
Become a Pro
speakerdeck
PRO
6
3.3k
How To Stay Up To Date on Web Technology
chriscoyier
779
250k
JazzCon 2018 Closing Keynote - Leadership for the Reluctant Leader
reverentgeek
176
9.2k
Atom: Resistance is Futile
akmur
256
24k
Ruby is Unlike a Banana
tanoku
93
9.6k
Clear Off the Table
cherdarchuk
79
290k
Intergalactic Javascript Robots from Outer Space
tanoku
261
26k
Six Lessons from altMBA
skipperchong
15
2.4k
For a Future-Friendly Web
brad_frost
166
7.9k

Transcript

  1. AUTHENTICATION IN WEB, API-BASED &
    DISTRIBUTED ENVIRONMENTS
    NIKO KÖBLER (@DASNIKO)

    View Slide

  2. ABOUT ME
    ▸ Freelance Consultant/Architect/Developer/Trainer @ www.n-k.de
    ▸ Doing stuff with & without computers, writing Software, > 20 yrs
    ▸ Co-Lead of JUG DA (https://www.jug-da.de / @JUG_DA)
    ▸ Speaker at international Tech Conferences
    ▸ Author of „Serverless Computing in AWS Cloud“
    serverlessbuch.de
    ▸ Twitter: @dasniko
    SSO & AUTHENTICATION IN API-BASED ENVIRONMENTS

    View Slide

  3. AUTHENTICATION
    AUTHORIZATION

    View Slide

  4. View Slide

  5. ?

    View Slide

  6. View Slide

  7. View Slide

  8. View Slide

  9. View Slide

  10. View Slide

  11. View Slide

  12. OAUTH2
    AUTHORIZATION, NOT AUTHENTICATION!
    The OAuth 2.0 authorization framework enables
    a 3rd-party application to obtain limited access
    to an HTTP service.
    IETF, RFC 6749, 2012

    View Slide

  13. OAUTH2 GRANT TYPES
    GRANT TYPE APPS
    Authorization Code Web, Apps
    Implicit JavaScript, etc.
    Resource Owner Password Credentials Apps
    Client Credentials Web
    Refresh Web, Apps

    View Slide

  14. OAUTH2 TERMS
    Resource Owner
    Client
    Authorization Server
    Resource Server
    Redirect URI
    Response Type
    Scope
    Consent
    Client ID
    Client Secret
    Authorization Code
    Access Token

    View Slide

  15. View Slide

  16. ACCESS TOKEN
    {
    "access_token": "6041a9d7-8c39-4945-b7c6-eaf7bd5d0907",
    "token_type": "Bearer",
    "expires_in": 3600,
    "refresh_token": "e339b569-6d95-482d-9534-5c0147136ab0"
    }

    View Slide

  17. OPEN ID CONNECT
    AUTHENTICATION LAYER ON TOP OF OAUTH 2.0
    ‣ verify the identity of an end-user
    ‣ obtain basic profile information about the user
    ‣ RESTful HTTP API, using JSON as data format
    ‣ allows clients of all types (web-based, mobile, JavaScript)
    OPENID FOUNDATION, 2014

    View Slide

  18. OIDC
    {
    "access_token": "6041a9d7-8c39-4945-b7c6-eaf7bd5d0907",
    "token_type": "Bearer",
    "expires_in": 3600,
    "identity_token": "???",
    "refresh_token": "e339b569-6d95-482d-9534-5c0147136ab0"
    }
    OPENID CONNECT ADDS THE IDENTITY TOKEN

    View Slide

  19. JWT
    JSON WEB TOKEN
    RFC 7519 STANDARD, 2015

    View Slide

  20. JWT
    eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOi
    IxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiY
    WRtaW4iOnRydWV9.TJVA95OrM7E2cBab30RMHrH
    DcEfxjoYZgeFONFh7HgQ
    BASE64 ENCODED

    View Slide

  21. JSON WEB TOKEN

    View Slide

  22. JWT PAYLOAD
    {
    "sub": "1234567890",
    "iss": "https://sso.myapi.com",
    "aud": "myApi",
    "exp": 1479814753,
    "name": "John Doe",
    "admin": true
    }
    RESERVED CLAIMS:
    sub, iss, aud, exp

    View Slide

  23. OPEN ID CONNECT STANDARD CLAIMS
    http://openid.net/specs/openid-connect-core-1_0.html

    View Slide

  24. ACCESS TOKEN
    {
    "access_token": "6041a9d7-8c39-4945-b7c6-eaf7bd5d0907",
    "token_type": "Bearer",
    "expires_in": 3600,
    "identity_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
    "refresh_token": "e339b569-6d95-482d-9534-5c0147136ab0"
    }

    View Slide

  25. View Slide

  26. View Slide

  27. View Slide

  28. View Slide

  29. THANK YOU.
    ANY QUESTIONS?
    Slides: https://speakerdeck.com/dasniko
    Niko Köbler | www.n-k.de | [email protected] | @dasniko
    SSO & AUTHENTICATION IN API-BASED ENVIRONMENTS

    View Slide