Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Delegated Access with OAuth
Search
devNetNoord
April 04, 2024
Technology
0
28
Delegated Access with OAuth
Presentatie gegeven tijdens devCampNoord '24 in Kinepolis Groningen.
devNetNoord
April 04, 2024
Tweet
Share
More Decks by devNetNoord
See All by devNetNoord
Gebruik je broncode als documentatie voor je stakeholders
devnetnoord
0
16
Efficient and Secure Software Delivery with Azure Deployment Environments and Dev Box
devnetnoord
0
20
Toepassing van AI in de zorg; hype, hoop en haalbaarheid
devnetnoord
0
37
What's new with Azure Bicep?
devnetnoord
0
23
Copilot Beyond the Basics
devnetnoord
0
75
The Blazor Multiverse
devnetnoord
0
65
De Architectuur Odyssee
devnetnoord
0
33
Azure Kubernetes Service Quickstart
devnetnoord
0
46
The Office Copilot
devnetnoord
0
22
Other Decks in Technology
See All in Technology
AIのグローバルトレンド 2025 / ai global trend 2025
kyonmm
PRO
1
160
20250807 Applied Engineer Open House
sakana_ai
PRO
2
540
専門分化が進む分業下でもユーザーが本当に欲しかったものを追求するプロダクトマネジメント/Focus on real user needs despite deep specialization and division of labor
moriyuya
2
1.4k
Findy Freelance 利用シーン別AI活用例
ness
0
670
LLM 機能を支える Langfuse / ClickHouse のサーバレス化
yuu26
9
2.5k
UDDのススメ - 拡張版 -
maguroalternative
1
600
Claude Codeから我々が学ぶべきこと
oikon48
10
2.8k
意志の力が9割。アニメから学ぶAI時代のこれから。
endohizumi
1
100
Foundation Model × VisionKit で実現するローカル OCR
sansantech
PRO
1
400
AWS DDoS攻撃防御の最前線
ryutakondo
1
170
Claude Codeは仕様駆動の夢を見ない
gotalab555
23
7k
結局QUICで通信は速くなるの?
kota_yata
8
7.4k
Featured
See All Featured
GraphQLの誤解/rethinking-graphql
sonatard
71
11k
How STYLIGHT went responsive
nonsquared
100
5.7k
The MySQL Ecosystem @ GitHub 2015
samlambert
251
13k
Statistics for Hackers
jakevdp
799
220k
Why Our Code Smells
bkeepers
PRO
338
57k
Practical Orchestrator
shlominoach
190
11k
Designing for Performance
lara
610
69k
Code Review Best Practice
trishagee
69
19k
Distributed Sagas: A Protocol for Coordinating Microservices
caitiem20
333
22k
実際に使うSQLの書き方 徹底解説 / pgcon21j-tutorial
soudai
PRO
183
54k
Gamification - CAS2011
davidbonilla
81
5.4k
Improving Core Web Vitals using Speculation Rules API
sergeychernyshev
18
1.1k
Transcript
Delegated Access with OAuth Why Developers Should Care Annejan Barelds
Software Architect DevCampNoord April 4th, 2024
Annejan Barelds Software Architect - 4Dotnet Azure – .NET –
Architecture – Consultancy https://www.linkedin.com/in/barelds/ https://github.com/AnnejanBarelds
Delegated Access OAuth 2.0 On-Behalf-Of
2008 Alice Bob Charlie Alice Bob Charlie App ID
2016
2024
App ID Alice Bob Charlie
App ID Alice Bob Charlie App ID App ID ?
?
None
Office 365 The Need for Zero Trust
User Role Group Device Config Location Last Sign-in Conditional access
risk Health/Integrity Client Config Last seen High Medium Low Firewall Intrusion Detection/Prevention Forward/Reverse Proxy Source: IP Address/Port Destination: IP Address/Port Signatures Analytics Allow List Authentication Intranet Resources Actions: • Allow • Allow Restricted • Require MFA • Block • Force Remediation Actions: • Allow • Block Device
User Role Group Device Config Location Last Sign-in Conditional access
risk High Medium Low Intranet Resources Actions: • Allow • Allow Restricted • Require MFA • Block • Force Remediation Actions: • Allow • Block Health/Integrity Client Config Last seen Device Identity Permissions App Identity Permissions API Firewall Intrusion Detection/Prevention Forward/Reverse Proxy Source: IP Address/Port Destination: IP Address/Port Signatures Analytics Allow List Authentication
OK, so we need delegated access. How does it work?
Resource Server Client IdP Resource Owner Data Scopes: - Read
- Write - … Roles: - Owner - Reader App App Required access: - RS/Read AT IT AT SP SP RS/Read openid Consent?
AT AT ? Resource Server Client IdP Resource Owner Data
Scopes: - Read - Write - … Roles: - Owner - Reader App Required access: - RS/Read IT AT SP SP RS/Read openid IdP App AT API Scopes: - Read Required access: - API/Read Required access: - RS/Read App SP AT AT AT API/Read RS/Read
https://www.youtube.com/watch?v=WVNvoiA_ktw John Savill's Technical Training
Demo time
So it’s all rainbows and unicorns?
OAuth On-Behalf-Of is about user context You need user context
for - Autonomy - Auditing - Access checks Microsoft Entra ID takes some getting-used-to MSAL solves the coding part
Thanks!
devnetnoord
kyonmm
%20(1).jpg){kind=avatar}
sakana_ai
moriyuya
ness
yuu26
maguroalternative
oikon48
endohizumi
sansantech
ryutakondo
gotalab555
kota_yata
sonatard
nonsquared
samlambert
jakevdp
bkeepers
shlominoach
lara
trishagee
caitiem20
soudai
davidbonilla
sergeychernyshev
