Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Delegated Access with OAuth
Search
devNetNoord
April 04, 2024
Technology
0
34
Delegated Access with OAuth
Presentatie gegeven tijdens devCampNoord '24 in Kinepolis Groningen.
devNetNoord
April 04, 2024
Tweet
Share
More Decks by devNetNoord
See All by devNetNoord
Gebruik je broncode als documentatie voor je stakeholders
devnetnoord
0
27
Efficient and Secure Software Delivery with Azure Deployment Environments and Dev Box
devnetnoord
0
31
Toepassing van AI in de zorg; hype, hoop en haalbaarheid
devnetnoord
0
62
What's new with Azure Bicep?
devnetnoord
0
36
Copilot Beyond the Basics
devnetnoord
0
99
The Blazor Multiverse
devnetnoord
0
85
De Architectuur Odyssee
devnetnoord
0
43
Azure Kubernetes Service Quickstart
devnetnoord
0
53
The Office Copilot
devnetnoord
0
32
Other Decks in Technology
See All in Technology
超初心者からでも大丈夫!オープンソース半導体の楽しみ方〜今こそ!オレオレチップをつくろう〜
keropiyo
0
110
小さく始めるBCP ― 多プロダクト環境で始める最初の一歩
kekke_n
1
410
30万人の同時アクセスに耐えたい!新サービスの盤石なリリースを支える負荷試験 / SRE Kaigi 2026
genda
4
1.3k
外部キー制約の知っておいて欲しいこと - RDBMSを正しく使うために必要なこと / FOREIGN KEY Night
soudai
PRO
12
5.4k
OWASP Top 10:2025 リリースと 少しの日本語化にまつわる裏話
okdt
PRO
3
720
20260204_Midosuji_Tech
takuyay0ne
1
150
AzureでのIaC - Bicep? Terraform? それ早く言ってよ会議
torumakabe
1
530
顧客との商談議事録をみんなで読んで顧客解像度を上げよう
shibayu36
0
220
Codex 5.3 と Opus 4.6 にコーポレートサイトを作らせてみた / Codex 5.3 vs Opus 4.6
ama_ch
0
150
15 years with Rails and DDD (AI Edition)
andrzejkrzywda
0
190
Oracle Cloud Observability and Management Platform - OCI 運用監視サービス概要 -
oracle4engineer
PRO
2
14k
学生・新卒・ジュニアから目指すSRE
hiroyaonoe
2
600
Featured
See All Featured
My Coaching Mixtape
mlcsv
0
48
Marketing to machines
jonoalderson
1
4.6k
The MySQL Ecosystem @ GitHub 2015
samlambert
251
13k
16th Malabo Montpellier Forum Presentation
akademiya2063
PRO
0
49
Believing is Seeing
oripsolob
1
54
RailsConf 2023
tenderlove
30
1.3k
Navigating Team Friction
lara
192
16k
How Fast Is Fast Enough? [PerfNow 2025]
tammyeverts
3
450
How to Build an AI Search Optimization Roadmap - Criteria and Steps to Take #SEOIRL
aleyda
1
1.9k
Building a Modern Day E-commerce SEO Strategy
aleyda
45
8.6k
Building Applications with DynamoDB
mza
96
6.9k
Ten Tips & Tricks for a 🌱 transition
stuffmc
0
66
Transcript
Delegated Access with OAuth Why Developers Should Care Annejan Barelds
Software Architect DevCampNoord April 4th, 2024
Annejan Barelds Software Architect - 4Dotnet Azure – .NET –
Architecture – Consultancy https://www.linkedin.com/in/barelds/ https://github.com/AnnejanBarelds
Delegated Access OAuth 2.0 On-Behalf-Of
2008 Alice Bob Charlie Alice Bob Charlie App ID
2016
2024
App ID Alice Bob Charlie
App ID Alice Bob Charlie App ID App ID ?
?
None
Office 365 The Need for Zero Trust
User Role Group Device Config Location Last Sign-in Conditional access
risk Health/Integrity Client Config Last seen High Medium Low Firewall Intrusion Detection/Prevention Forward/Reverse Proxy Source: IP Address/Port Destination: IP Address/Port Signatures Analytics Allow List Authentication Intranet Resources Actions: • Allow • Allow Restricted • Require MFA • Block • Force Remediation Actions: • Allow • Block Device
User Role Group Device Config Location Last Sign-in Conditional access
risk High Medium Low Intranet Resources Actions: • Allow • Allow Restricted • Require MFA • Block • Force Remediation Actions: • Allow • Block Health/Integrity Client Config Last seen Device Identity Permissions App Identity Permissions API Firewall Intrusion Detection/Prevention Forward/Reverse Proxy Source: IP Address/Port Destination: IP Address/Port Signatures Analytics Allow List Authentication
OK, so we need delegated access. How does it work?
Resource Server Client IdP Resource Owner Data Scopes: - Read
- Write - … Roles: - Owner - Reader App App Required access: - RS/Read AT IT AT SP SP RS/Read openid Consent?
AT AT ? Resource Server Client IdP Resource Owner Data
Scopes: - Read - Write - … Roles: - Owner - Reader App Required access: - RS/Read IT AT SP SP RS/Read openid IdP App AT API Scopes: - Read Required access: - API/Read Required access: - RS/Read App SP AT AT AT API/Read RS/Read
https://www.youtube.com/watch?v=WVNvoiA_ktw John Savill's Technical Training
Demo time
So it’s all rainbows and unicorns?
OAuth On-Behalf-Of is about user context You need user context
for - Autonomy - Auditing - Access checks Microsoft Entra ID takes some getting-used-to MSAL solves the coding part
Thanks!
devnetnoord
keropiyo
kekke_n
genda
soudai
okdt
takuyay0ne
torumakabe
shibayu36
ama_ch
andrzejkrzywda
oracle4engineer
hiroyaonoe
mlcsv
jonoalderson
samlambert
akademiya2063
oripsolob
tenderlove
lara
tammyeverts
aleyda
mza
stuffmc
