Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Delegated Access with OAuth
Search
devNetNoord
April 04, 2024
Technology
0
33
Delegated Access with OAuth
Presentatie gegeven tijdens devCampNoord '24 in Kinepolis Groningen.
devNetNoord
April 04, 2024
Tweet
Share
More Decks by devNetNoord
See All by devNetNoord
Gebruik je broncode als documentatie voor je stakeholders
devnetnoord
0
24
Efficient and Secure Software Delivery with Azure Deployment Environments and Dev Box
devnetnoord
0
29
Toepassing van AI in de zorg; hype, hoop en haalbaarheid
devnetnoord
0
57
What's new with Azure Bicep?
devnetnoord
0
34
Copilot Beyond the Basics
devnetnoord
0
90
The Blazor Multiverse
devnetnoord
0
85
De Architectuur Odyssee
devnetnoord
0
43
Azure Kubernetes Service Quickstart
devnetnoord
0
53
The Office Copilot
devnetnoord
0
27
Other Decks in Technology
See All in Technology
ハッカソンから社内プロダクトへ AIエージェント ko☆shi 開発で学んだ4つの重要要素
leveragestech
0
450
SES向け、生成AI時代におけるエンジニアリングとセキュリティ
longbowxxx
0
250
AI with TiDD
shiraji
1
330
モダンデータスタックの理想と現実の間で~1.3億人Vポイントデータ基盤の現在地とこれから~
taromatsui_cccmkhd
2
290
ソフトウェアエンジニアとAIエンジニアの役割分担についてのある事例
kworkdev
PRO
1
340
日本の AI 開発と世界の潮流 / GenAI Development in Japan
hariby
2
710
Claude Codeを使った情報整理術
knishioka
15
11k
業務の煩悩を祓うAI活用術108選 / AI 108 Usages
smartbank
9
18k
AI駆動開発ライフサイクル(AI-DLC)の始め方
ryansbcho79
0
270
会社紹介資料 / Sansan Company Profile
sansan33
PRO
11
390k
2025年 山梨の技術コミュニティを振り返る
yuukis
0
130
ESXi のAIOps だ!2025冬
unnowataru
0
450
Featured
See All Featured
The Illustrated Children's Guide to Kubernetes
chrisshort
51
51k
More Than Pixels: Becoming A User Experience Designer
marktimemedia
2
270
[Rails World 2023 - Day 1 Closing Keynote] - The Magic of Rails
eileencodes
38
2.7k
The Myth of the Modular Monolith - Day 2 Keynote - Rails World 2024
eileencodes
26
3.3k
StorybookのUI Testing Handbookを読んだ
zakiyama
31
6.5k
Leo the Paperboy
mayatellez
0
1.3k
How to Talk to Developers About Accessibility
jct
1
92
RailsConf 2023
tenderlove
30
1.3k
Getting science done with accelerated Python computing platforms
jacobtomlinson
0
84
Stop Working from a Prison Cell
hatefulcrawdad
273
21k
What's in a price? How to price your products and services
michaelherold
246
13k
BBQ
matthewcrist
89
9.9k
Transcript
Delegated Access with OAuth Why Developers Should Care Annejan Barelds
Software Architect DevCampNoord April 4th, 2024
Annejan Barelds Software Architect - 4Dotnet Azure – .NET –
Architecture – Consultancy https://www.linkedin.com/in/barelds/ https://github.com/AnnejanBarelds
Delegated Access OAuth 2.0 On-Behalf-Of
2008 Alice Bob Charlie Alice Bob Charlie App ID
2016
2024
App ID Alice Bob Charlie
App ID Alice Bob Charlie App ID App ID ?
?
None
Office 365 The Need for Zero Trust
User Role Group Device Config Location Last Sign-in Conditional access
risk Health/Integrity Client Config Last seen High Medium Low Firewall Intrusion Detection/Prevention Forward/Reverse Proxy Source: IP Address/Port Destination: IP Address/Port Signatures Analytics Allow List Authentication Intranet Resources Actions: • Allow • Allow Restricted • Require MFA • Block • Force Remediation Actions: • Allow • Block Device
User Role Group Device Config Location Last Sign-in Conditional access
risk High Medium Low Intranet Resources Actions: • Allow • Allow Restricted • Require MFA • Block • Force Remediation Actions: • Allow • Block Health/Integrity Client Config Last seen Device Identity Permissions App Identity Permissions API Firewall Intrusion Detection/Prevention Forward/Reverse Proxy Source: IP Address/Port Destination: IP Address/Port Signatures Analytics Allow List Authentication
OK, so we need delegated access. How does it work?
Resource Server Client IdP Resource Owner Data Scopes: - Read
- Write - … Roles: - Owner - Reader App App Required access: - RS/Read AT IT AT SP SP RS/Read openid Consent?
AT AT ? Resource Server Client IdP Resource Owner Data
Scopes: - Read - Write - … Roles: - Owner - Reader App Required access: - RS/Read IT AT SP SP RS/Read openid IdP App AT API Scopes: - Read Required access: - API/Read Required access: - RS/Read App SP AT AT AT API/Read RS/Read
https://www.youtube.com/watch?v=WVNvoiA_ktw John Savill's Technical Training
Demo time
So it’s all rainbows and unicorns?
OAuth On-Behalf-Of is about user context You need user context
for - Autonomy - Auditing - Access checks Microsoft Entra ID takes some getting-used-to MSAL solves the coding part
Thanks!
devnetnoord
leveragestech
longbowxxx
shiraji
taromatsui_cccmkhd
kworkdev
hariby
knishioka
smartbank
ryansbcho79
sansan33
yuukis
unnowataru
chrisshort
marktimemedia
eileencodes
zakiyama
mayatellez
jct
tenderlove
jacobtomlinson
hatefulcrawdad
michaelherold
matthewcrist
