Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Delegated Access with OAuth
Search
Sponsored
·
SiteGround - Reliable hosting with speed, security, and support you can count on.
→
devNetNoord
April 04, 2024
Technology
0
34
Delegated Access with OAuth
Presentatie gegeven tijdens devCampNoord '24 in Kinepolis Groningen.
devNetNoord
April 04, 2024
Tweet
Share
More Decks by devNetNoord
See All by devNetNoord
Gebruik je broncode als documentatie voor je stakeholders
devnetnoord
0
27
Efficient and Secure Software Delivery with Azure Deployment Environments and Dev Box
devnetnoord
0
31
Toepassing van AI in de zorg; hype, hoop en haalbaarheid
devnetnoord
0
57
What's new with Azure Bicep?
devnetnoord
0
36
Copilot Beyond the Basics
devnetnoord
0
98
The Blazor Multiverse
devnetnoord
0
85
De Architectuur Odyssee
devnetnoord
0
43
Azure Kubernetes Service Quickstart
devnetnoord
0
53
The Office Copilot
devnetnoord
0
32
Other Decks in Technology
See All in Technology
Sansan Engineering Unit 紹介資料
sansan33
PRO
1
3.8k
レガシー共有バッチ基盤への挑戦 - SREドリブンなリアーキテクチャリングの取り組み
tatsukoni
0
130
Vitest Highlights in Angular
rainerhahnekamp
0
120
SREのプラクティスを用いた3領域同時 マネジメントへの挑戦 〜SRE・情シス・セキュリティを統合した チーム運営術〜
coconala_engineer
1
380
Digitization部 紹介資料
sansan33
PRO
1
6.7k
しろおびセキュリティへ ようこそ
log0417
0
230
ゼロから始めたFindy初のモバイルアプリ開発
grandbig
2
590
最速で価値を出すための プロダクトエンジニアのツッコミ術
kaacun
1
470
M&A 後の統合をどう進めるか ─ ナレッジワーク × Poetics が実践した組織とシステムの融合
kworkdev
PRO
1
180
re:Inventで出たインフラエンジニアが嬉しかったアップデート
nagisa53
4
230
全員が「作り手」になる。職能の壁を溶かすプロトタイプ開発。
hokuo
1
660
usermode linux without MMU - fosdem2026 kernel devroom
thehajime
0
140
Featured
See All Featured
WENDY [Excerpt]
tessaabrams
9
36k
Darren the Foodie - Storyboard
khoart
PRO
2
2.3k
How Fast Is Fast Enough? [PerfNow 2025]
tammyeverts
3
440
Leveraging LLMs for student feedback in introductory data science courses - posit::conf(2025)
minecr
0
130
YesSQL, Process and Tooling at Scale
rocio
174
15k
VelocityConf: Rendering Performance Case Studies
addyosmani
333
24k
A better future with KSS
kneath
240
18k
Bash Introduction
62gerente
615
210k
Measuring & Analyzing Core Web Vitals
bluesmoon
9
740
DevOps and Value Stream Thinking: Enabling flow, efficiency and business value
helenjbeal
1
88
My Coaching Mixtape
mlcsv
0
44
Let's Do A Bunch of Simple Stuff to Make Websites Faster
chriscoyier
508
140k
Transcript
Delegated Access with OAuth Why Developers Should Care Annejan Barelds
Software Architect DevCampNoord April 4th, 2024
Annejan Barelds Software Architect - 4Dotnet Azure – .NET –
Architecture – Consultancy https://www.linkedin.com/in/barelds/ https://github.com/AnnejanBarelds
Delegated Access OAuth 2.0 On-Behalf-Of
2008 Alice Bob Charlie Alice Bob Charlie App ID
2016
2024
App ID Alice Bob Charlie
App ID Alice Bob Charlie App ID App ID ?
?
None
Office 365 The Need for Zero Trust
User Role Group Device Config Location Last Sign-in Conditional access
risk Health/Integrity Client Config Last seen High Medium Low Firewall Intrusion Detection/Prevention Forward/Reverse Proxy Source: IP Address/Port Destination: IP Address/Port Signatures Analytics Allow List Authentication Intranet Resources Actions: • Allow • Allow Restricted • Require MFA • Block • Force Remediation Actions: • Allow • Block Device
User Role Group Device Config Location Last Sign-in Conditional access
risk High Medium Low Intranet Resources Actions: • Allow • Allow Restricted • Require MFA • Block • Force Remediation Actions: • Allow • Block Health/Integrity Client Config Last seen Device Identity Permissions App Identity Permissions API Firewall Intrusion Detection/Prevention Forward/Reverse Proxy Source: IP Address/Port Destination: IP Address/Port Signatures Analytics Allow List Authentication
OK, so we need delegated access. How does it work?
Resource Server Client IdP Resource Owner Data Scopes: - Read
- Write - … Roles: - Owner - Reader App App Required access: - RS/Read AT IT AT SP SP RS/Read openid Consent?
AT AT ? Resource Server Client IdP Resource Owner Data
Scopes: - Read - Write - … Roles: - Owner - Reader App Required access: - RS/Read IT AT SP SP RS/Read openid IdP App AT API Scopes: - Read Required access: - API/Read Required access: - RS/Read App SP AT AT AT API/Read RS/Read
https://www.youtube.com/watch?v=WVNvoiA_ktw John Savill's Technical Training
Demo time
So it’s all rainbows and unicorns?
OAuth On-Behalf-Of is about user context You need user context
for - Autonomy - Auditing - Access checks Microsoft Entra ID takes some getting-used-to MSAL solves the coding part
Thanks!
SiteGround - Reliable hosting with speed, security, and support you can count on.
devnetnoord
sansan33
tatsukoni
rainerhahnekamp
coconala_engineer
log0417
grandbig
kaacun
kworkdev
nagisa53
hokuo
thehajime
tessaabrams
khoart
tammyeverts
minecr
rocio
addyosmani
kneath
62gerente
bluesmoon
.png){kind=avatar}
helenjbeal
mlcsv
chriscoyier
