Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Delegated Access with OAuth
Search
devNetNoord
April 04, 2024
Technology
39
0
Share
Delegated Access with OAuth
Presentatie gegeven tijdens devCampNoord '24 in Kinepolis Groningen.
devNetNoord
April 04, 2024
More Decks by devNetNoord
See All by devNetNoord
Gebruik je broncode als documentatie voor je stakeholders
devnetnoord
0
38
Efficient and Secure Software Delivery with Azure Deployment Environments and Dev Box
devnetnoord
0
34
Toepassing van AI in de zorg; hype, hoop en haalbaarheid
devnetnoord
0
73
What's new with Azure Bicep?
devnetnoord
0
43
Copilot Beyond the Basics
devnetnoord
0
110
The Blazor Multiverse
devnetnoord
0
96
De Architectuur Odyssee
devnetnoord
0
50
Azure Kubernetes Service Quickstart
devnetnoord
0
56
The Office Copilot
devnetnoord
0
37
Other Decks in Technology
See All in Technology
『生成AI時代のクレデンシャルとパーミッション設計 — Claude Code を起点に』の執筆企画
takuros
3
2.3k
みんなの考えた最強のデータ基盤アーキテクチャ'26前期〜前夜祭〜ルーキーズ_資料_遠藤な
endonanana
0
290
カオナビに Suspenseを導入するまで / The Road to Suspense at kaonavi
kaonavi
1
450
How to learn AWS Well-Architected with AWS BuilderCards: Security Edition
coosuke
PRO
0
120
AI駆動開発で生産性を追いかけたら、行き着いたのは品質とシフトレフトだった
littlehands
0
480
PdM・Eng・QAで進めるAI駆動開発の現在地/aidd-with-pdm-eng-qa
shota_kusaba
0
200
世界の中心でApp Runnerを叫ぶ FINAL
tsukuboshi
0
260
Every Conversation Counts
kawaguti
PRO
0
200
Sociotechnical Architecture Reviews: Understanding Teams, not just Artefacts
ewolff
1
160
[Scram Fest Niigata2026]Quality as Code〜AIにQAの思考を再現させる試み〜
masamiyajiri
1
310
古今東西SRE
okaru
2
180
Swift Sequence の便利 API 再発見
treastrain
1
250
Featured
See All Featured
Accessibility Awareness
sabderemane
1
110
B2B Lead Gen: Tactics, Traps & Triumph
marketingsoph
0
110
Building a A Zero-Code AI SEO Workflow
portentint
PRO
0
500
First, design no harm
axbom
PRO
2
1.2k
What’s in a name? Adding method to the madness
productmarketing
PRO
24
4k
Practical Tips for Bootstrapping Information Extraction Pipelines
honnibal
25
1.9k
Responsive Adventures: Dirty Tricks From The Dark Corners of Front-End
smashingmag
254
22k
The Psychology of Web Performance [Beyond Tellerrand 2023]
tammyeverts
49
3.4k
Six Lessons from altMBA
skipperchong
29
4.2k
Writing Fast Ruby
sferik
630
63k
Odyssey Design
rkendrick25
PRO
2
610
ラッコキーワード サービス紹介資料
rakko
1
3.2M
Transcript
Delegated Access with OAuth Why Developers Should Care Annejan Barelds
Software Architect DevCampNoord April 4th, 2024
Annejan Barelds Software Architect - 4Dotnet Azure – .NET –
Architecture – Consultancy https://www.linkedin.com/in/barelds/ https://github.com/AnnejanBarelds
Delegated Access OAuth 2.0 On-Behalf-Of
2008 Alice Bob Charlie Alice Bob Charlie App ID
2016
2024
App ID Alice Bob Charlie
App ID Alice Bob Charlie App ID App ID ?
?
None
Office 365 The Need for Zero Trust
User Role Group Device Config Location Last Sign-in Conditional access
risk Health/Integrity Client Config Last seen High Medium Low Firewall Intrusion Detection/Prevention Forward/Reverse Proxy Source: IP Address/Port Destination: IP Address/Port Signatures Analytics Allow List Authentication Intranet Resources Actions: • Allow • Allow Restricted • Require MFA • Block • Force Remediation Actions: • Allow • Block Device
User Role Group Device Config Location Last Sign-in Conditional access
risk High Medium Low Intranet Resources Actions: • Allow • Allow Restricted • Require MFA • Block • Force Remediation Actions: • Allow • Block Health/Integrity Client Config Last seen Device Identity Permissions App Identity Permissions API Firewall Intrusion Detection/Prevention Forward/Reverse Proxy Source: IP Address/Port Destination: IP Address/Port Signatures Analytics Allow List Authentication
OK, so we need delegated access. How does it work?
Resource Server Client IdP Resource Owner Data Scopes: - Read
- Write - … Roles: - Owner - Reader App App Required access: - RS/Read AT IT AT SP SP RS/Read openid Consent?
AT AT ? Resource Server Client IdP Resource Owner Data
Scopes: - Read - Write - … Roles: - Owner - Reader App Required access: - RS/Read IT AT SP SP RS/Read openid IdP App AT API Scopes: - Read Required access: - API/Read Required access: - RS/Read App SP AT AT AT API/Read RS/Read
https://www.youtube.com/watch?v=WVNvoiA_ktw John Savill's Technical Training
Demo time
So it’s all rainbows and unicorns?
OAuth On-Behalf-Of is about user context You need user context
for - Autonomy - Auditing - Access checks Microsoft Entra ID takes some getting-used-to MSAL solves the coding part
Thanks!
devnetnoord
takuros
endonanana
kaonavi
coosuke
littlehands
.jpg){kind=avatar}
shota_kusaba
tsukuboshi
kawaguti
ewolff
masamiyajiri
okaru
treastrain
sabderemane
marketingsoph
portentint
axbom
productmarketing
honnibal
smashingmag
tammyeverts
skipperchong
sferik
rkendrick25
rakko
