Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Delegated Access with OAuth
Search
devNetNoord
April 04, 2024
Technology
0
26
Delegated Access with OAuth
Presentatie gegeven tijdens devCampNoord '24 in Kinepolis Groningen.
devNetNoord
April 04, 2024
Tweet
Share
More Decks by devNetNoord
See All by devNetNoord
Gebruik je broncode als documentatie voor je stakeholders
devnetnoord
0
14
Efficient and Secure Software Delivery with Azure Deployment Environments and Dev Box
devnetnoord
0
19
Toepassing van AI in de zorg; hype, hoop en haalbaarheid
devnetnoord
0
32
What's new with Azure Bicep?
devnetnoord
0
18
Copilot Beyond the Basics
devnetnoord
0
67
The Blazor Multiverse
devnetnoord
0
60
De Architectuur Odyssee
devnetnoord
0
30
Azure Kubernetes Service Quickstart
devnetnoord
0
41
The Office Copilot
devnetnoord
0
19
Other Decks in Technology
See All in Technology
モニタリング統一への道のり - 分散モニタリングツール統合のためのオブザーバビリティプロジェクト
niftycorp
PRO
1
330
United™️ Airlines®️ Customer®️ USA Contact Numbers: Complete 2025 Support Guide
flyunitedguide
0
780
United Airlines Customer Service– Call 1-833-341-3142 Now!
airhelp
0
180
公開初日に Gemini CLI を試した話や FFmpeg と組み合わせてみた話など / Gemini CLI 初学者勉強会(#AI道場)
you
PRO
0
990
20250708オープンエンドな探索と知識発見
sakana_ai
PRO
4
810
CDK Vibe Coding Fes
tomoki10
1
510
Reach American Airlines®️ Instantly: 19 Calling Methods for Fast Support in the USA
flyamerican
1
180
推し書籍📚 / Books and a QA Engineer
ak1210
0
120
[SRE NEXT] ARR150億円_エンジニア140名_27チーム_17プロダクトから始めるSLO.pdf
satos
4
2k
Sansanのデータプロダクトマネジメントのアプローチ
sansantech
PRO
0
220
AI エージェントと考え直すデータ基盤
na0
17
7.2k
対話型音声AIアプリケーションの信頼性向上の取り組み
ivry_presentationmaterials
1
670
Featured
See All Featured
Fight the Zombie Pattern Library - RWD Summit 2016
marcelosomers
233
17k
The Success of Rails: Ensuring Growth for the Next 100 Years
eileencodes
45
7.5k
[Rails World 2023 - Day 1 Closing Keynote] - The Magic of Rails
eileencodes
35
2.4k
Raft: Consensus for Rubyists
vanstee
140
7k
Thoughts on Productivity
jonyablonski
69
4.7k
Statistics for Hackers
jakevdp
799
220k
Product Roadmaps are Hard
iamctodd
PRO
54
11k
Navigating Team Friction
lara
187
15k
It's Worth the Effort
3n
185
28k
Embracing the Ebb and Flow
colly
86
4.7k
No one is an island. Learnings from fostering a developers community.
thoeni
21
3.4k
The Straight Up "How To Draw Better" Workshop
denniskardys
235
140k
Transcript
Delegated Access with OAuth Why Developers Should Care Annejan Barelds
Software Architect DevCampNoord April 4th, 2024
Annejan Barelds Software Architect - 4Dotnet Azure – .NET –
Architecture – Consultancy https://www.linkedin.com/in/barelds/ https://github.com/AnnejanBarelds
Delegated Access OAuth 2.0 On-Behalf-Of
2008 Alice Bob Charlie Alice Bob Charlie App ID
2016
2024
App ID Alice Bob Charlie
App ID Alice Bob Charlie App ID App ID ?
?
None
Office 365 The Need for Zero Trust
User Role Group Device Config Location Last Sign-in Conditional access
risk Health/Integrity Client Config Last seen High Medium Low Firewall Intrusion Detection/Prevention Forward/Reverse Proxy Source: IP Address/Port Destination: IP Address/Port Signatures Analytics Allow List Authentication Intranet Resources Actions: • Allow • Allow Restricted • Require MFA • Block • Force Remediation Actions: • Allow • Block Device
User Role Group Device Config Location Last Sign-in Conditional access
risk High Medium Low Intranet Resources Actions: • Allow • Allow Restricted • Require MFA • Block • Force Remediation Actions: • Allow • Block Health/Integrity Client Config Last seen Device Identity Permissions App Identity Permissions API Firewall Intrusion Detection/Prevention Forward/Reverse Proxy Source: IP Address/Port Destination: IP Address/Port Signatures Analytics Allow List Authentication
OK, so we need delegated access. How does it work?
Resource Server Client IdP Resource Owner Data Scopes: - Read
- Write - … Roles: - Owner - Reader App App Required access: - RS/Read AT IT AT SP SP RS/Read openid Consent?
AT AT ? Resource Server Client IdP Resource Owner Data
Scopes: - Read - Write - … Roles: - Owner - Reader App Required access: - RS/Read IT AT SP SP RS/Read openid IdP App AT API Scopes: - Read Required access: - API/Read Required access: - RS/Read App SP AT AT AT API/Read RS/Read
https://www.youtube.com/watch?v=WVNvoiA_ktw John Savill's Technical Training
Demo time
So it’s all rainbows and unicorns?
OAuth On-Behalf-Of is about user context You need user context
for - Autonomy - Auditing - Access checks Microsoft Entra ID takes some getting-used-to MSAL solves the coding part
Thanks!
devnetnoord
niftycorp
flyunitedguide
airhelp
you
%20(1).jpg){kind=avatar}
sakana_ai
tomoki10
flyamerican
ak1210
satos
sansantech
na0
ivry_presentationmaterials
marcelosomers
eileencodes
vanstee
jonyablonski
jakevdp
iamctodd
lara
3n
colly
thoeni
denniskardys
