Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Delegated Access with OAuth
Search
devNetNoord
April 04, 2024
Technology
0
34
Delegated Access with OAuth
Presentatie gegeven tijdens devCampNoord '24 in Kinepolis Groningen.
devNetNoord
April 04, 2024
Tweet
Share
More Decks by devNetNoord
See All by devNetNoord
Gebruik je broncode als documentatie voor je stakeholders
devnetnoord
0
29
Efficient and Secure Software Delivery with Azure Deployment Environments and Dev Box
devnetnoord
0
33
Toepassing van AI in de zorg; hype, hoop en haalbaarheid
devnetnoord
0
65
What's new with Azure Bicep?
devnetnoord
0
39
Copilot Beyond the Basics
devnetnoord
0
100
The Blazor Multiverse
devnetnoord
0
89
De Architectuur Odyssee
devnetnoord
0
46
Azure Kubernetes Service Quickstart
devnetnoord
0
54
The Office Copilot
devnetnoord
0
34
Other Decks in Technology
See All in Technology
[JAWSDAYS2026]Who is responsible for IAM
mizukibbb
0
470
When an innocent-looking ListOffsets Call Took Down Our Kafka Cluster
lycorptech_jp
PRO
0
120
ランサムウエア対策してますか?やられた時の対策は本当にできてますか?AWSでのリスク分析と対応フローの泥臭いお話。
hootaki
0
110
越境する組織づくり ─ 多様性を前提にしたチームビルディングとリードの実践知
kido_engineer
2
190
Claude Code のコード品質がばらつくので AI に品質保証させる仕組みを作った話 / A story about building a mechanism to have AI ensure quality, because the code quality from Claude Code was inconsistent
nrslib
13
6.9k
身体を持ったパーソナルAIエージェントの 可能性を探る開発
yokomachi
1
100
製造業ドメインにおける LLMプロダクト構築: 複雑な文脈へのアプローチ
caddi_eng
1
560
Go標準パッケージのI/O処理をながめる
matumoto
0
150
[JAWS DAYS 2026]私の AWS DevOps Agent 推しポイント
furuton
0
150
「Blue Team Labs Online」入門 - みんなで挑むログ解析バトル
v_avenger
0
150
銀行の内製開発にて2つのプロダクトを1つのチームでスクラムしてみてる話
koba1210
1
110
Kubernetesにおける推論基盤
ry
1
320
Featured
See All Featured
Imperfection Machines: The Place of Print at Facebook
scottboms
269
14k
Mobile First: as difficult as doing things right
swwweet
225
10k
HU Berlin: Industrial-Strength Natural Language Processing with spaCy and Prodigy
inesmontani
PRO
0
260
The Anti-SEO Checklist Checklist. Pubcon Cyber Week
ryanjones
0
91
Ecommerce SEO: The Keys for Success Now & Beyond - #SERPConf2024
aleyda
1
1.8k
Sam Torres - BigQuery for SEOs
techseoconnect
PRO
0
210
Technical Leadership for Architectural Decision Making
baasie
3
290
Code Reviewing Like a Champion
maltzj
528
40k
Prompt Engineering for Job Search
mfonobong
0
180
Reality Check: Gamification 10 Years Later
codingconduct
0
2k
AI: The stuff that nobody shows you
jnunemaker
PRO
3
370
Navigating the Design Leadership Dip - Product Design Week Design Leaders+ Conference 2024
apolaine
0
220
Transcript
Delegated Access with OAuth Why Developers Should Care Annejan Barelds
Software Architect DevCampNoord April 4th, 2024
Annejan Barelds Software Architect - 4Dotnet Azure – .NET –
Architecture – Consultancy https://www.linkedin.com/in/barelds/ https://github.com/AnnejanBarelds
Delegated Access OAuth 2.0 On-Behalf-Of
2008 Alice Bob Charlie Alice Bob Charlie App ID
2016
2024
App ID Alice Bob Charlie
App ID Alice Bob Charlie App ID App ID ?
?
None
Office 365 The Need for Zero Trust
User Role Group Device Config Location Last Sign-in Conditional access
risk Health/Integrity Client Config Last seen High Medium Low Firewall Intrusion Detection/Prevention Forward/Reverse Proxy Source: IP Address/Port Destination: IP Address/Port Signatures Analytics Allow List Authentication Intranet Resources Actions: • Allow • Allow Restricted • Require MFA • Block • Force Remediation Actions: • Allow • Block Device
User Role Group Device Config Location Last Sign-in Conditional access
risk High Medium Low Intranet Resources Actions: • Allow • Allow Restricted • Require MFA • Block • Force Remediation Actions: • Allow • Block Health/Integrity Client Config Last seen Device Identity Permissions App Identity Permissions API Firewall Intrusion Detection/Prevention Forward/Reverse Proxy Source: IP Address/Port Destination: IP Address/Port Signatures Analytics Allow List Authentication
OK, so we need delegated access. How does it work?
Resource Server Client IdP Resource Owner Data Scopes: - Read
- Write - … Roles: - Owner - Reader App App Required access: - RS/Read AT IT AT SP SP RS/Read openid Consent?
AT AT ? Resource Server Client IdP Resource Owner Data
Scopes: - Read - Write - … Roles: - Owner - Reader App Required access: - RS/Read IT AT SP SP RS/Read openid IdP App AT API Scopes: - Read Required access: - API/Read Required access: - RS/Read App SP AT AT AT API/Read RS/Read
https://www.youtube.com/watch?v=WVNvoiA_ktw John Savill's Technical Training
Demo time
So it’s all rainbows and unicorns?
OAuth On-Behalf-Of is about user context You need user context
for - Autonomy - Auditing - Access checks Microsoft Entra ID takes some getting-used-to MSAL solves the coding part
Thanks!
devnetnoord
mizukibbb
lycorptech_jp
hootaki
kido_engineer
nrslib
yokomachi
caddi_eng
matumoto
furuton
v_avenger
koba1210
ry
scottboms
swwweet
inesmontani
ryanjones
aleyda
techseoconnect
baasie
maltzj
mfonobong
codingconduct
jnunemaker
apolaine
