Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Delegated Access with OAuth
Search
Sponsored
·
Your Podcast. Everywhere. Effortlessly.
Share. Educate. Inspire. Entertain. You do you. We'll handle the rest.
→
devNetNoord
April 04, 2024
Technology
36
0
Share
Delegated Access with OAuth
Presentatie gegeven tijdens devCampNoord '24 in Kinepolis Groningen.
devNetNoord
April 04, 2024
More Decks by devNetNoord
See All by devNetNoord
Gebruik je broncode als documentatie voor je stakeholders
devnetnoord
0
33
Efficient and Secure Software Delivery with Azure Deployment Environments and Dev Box
devnetnoord
0
33
Toepassing van AI in de zorg; hype, hoop en haalbaarheid
devnetnoord
0
68
What's new with Azure Bicep?
devnetnoord
0
41
Copilot Beyond the Basics
devnetnoord
0
110
The Blazor Multiverse
devnetnoord
0
91
De Architectuur Odyssee
devnetnoord
0
48
Azure Kubernetes Service Quickstart
devnetnoord
0
54
The Office Copilot
devnetnoord
0
34
Other Decks in Technology
See All in Technology
OPENLOGI Company Profile for engineer
hr01
1
62k
Oracle AI Database@AWS:サービス概要のご紹介
oracle4engineer
PRO
3
2.1k
How to install a gem
indirect
0
2k
Bill One 開発エンジニア 紹介資料
sansan33
PRO
5
18k
マルチモーダル非構造データとの闘い
shibuiwilliam
1
120
Podcast配信で広がったアウトプットの輪~70人と音声発信してきた7年間~/outputconf_01
fortegp05
0
180
パワポ作るマンをMCP Apps化してみた
iwamot
PRO
0
270
昔話で振り返るAWSの歩み ~S3誕生から20年、クラウドはどう進化したのか~
nrinetcom
PRO
0
120
OpenClawでPM業務を自動化
knishioka
2
360
The essence of decision-making lies in primary data
kaminashi
0
210
ブラックボックス化したMLシステムのVertex AI移行 / mlops_community_62
visional_engineering_and_design
1
260
Microsoft Fabricで考える非構造データのAI活用
ryomaru0825
0
590
Featured
See All Featured
Tips & Tricks on How to Get Your First Job In Tech
honzajavorek
1
470
Leveraging LLMs for student feedback in introductory data science courses - posit::conf(2025)
minecr
1
210
Build your cross-platform service in a week with App Engine
jlugia
234
18k
brightonSEO & MeasureFest 2025 - Christian Goodrich - Winning strategies for Black Friday CRO & PPC
cargoodrich
3
140
Documentation Writing (for coders)
carmenintech
77
5.3k
The Illustrated Children's Guide to Kubernetes
chrisshort
51
52k
Information Architects: The Missing Link in Design Systems
soysaucechin
0
850
Claude Code どこまでも/ Claude Code Everywhere
nwiizo
64
54k
Mozcon NYC 2025: Stop Losing SEO Traffic
samtorres
0
190
Money Talks: Using Revenue to Get Sh*t Done
nikkihalliwell
0
200
Connecting the Dots Between Site Speed, User Experience & Your Business [WebExpo 2025]
tammyeverts
11
870
StorybookのUI Testing Handbookを読んだ
zakiyama
31
6.6k
Transcript
Delegated Access with OAuth Why Developers Should Care Annejan Barelds
Software Architect DevCampNoord April 4th, 2024
Annejan Barelds Software Architect - 4Dotnet Azure – .NET –
Architecture – Consultancy https://www.linkedin.com/in/barelds/ https://github.com/AnnejanBarelds
Delegated Access OAuth 2.0 On-Behalf-Of
2008 Alice Bob Charlie Alice Bob Charlie App ID
2016
2024
App ID Alice Bob Charlie
App ID Alice Bob Charlie App ID App ID ?
?
None
Office 365 The Need for Zero Trust
User Role Group Device Config Location Last Sign-in Conditional access
risk Health/Integrity Client Config Last seen High Medium Low Firewall Intrusion Detection/Prevention Forward/Reverse Proxy Source: IP Address/Port Destination: IP Address/Port Signatures Analytics Allow List Authentication Intranet Resources Actions: • Allow • Allow Restricted • Require MFA • Block • Force Remediation Actions: • Allow • Block Device
User Role Group Device Config Location Last Sign-in Conditional access
risk High Medium Low Intranet Resources Actions: • Allow • Allow Restricted • Require MFA • Block • Force Remediation Actions: • Allow • Block Health/Integrity Client Config Last seen Device Identity Permissions App Identity Permissions API Firewall Intrusion Detection/Prevention Forward/Reverse Proxy Source: IP Address/Port Destination: IP Address/Port Signatures Analytics Allow List Authentication
OK, so we need delegated access. How does it work?
Resource Server Client IdP Resource Owner Data Scopes: - Read
- Write - … Roles: - Owner - Reader App App Required access: - RS/Read AT IT AT SP SP RS/Read openid Consent?
AT AT ? Resource Server Client IdP Resource Owner Data
Scopes: - Read - Write - … Roles: - Owner - Reader App Required access: - RS/Read IT AT SP SP RS/Read openid IdP App AT API Scopes: - Read Required access: - API/Read Required access: - RS/Read App SP AT AT AT API/Read RS/Read
https://www.youtube.com/watch?v=WVNvoiA_ktw John Savill's Technical Training
Demo time
So it’s all rainbows and unicorns?
OAuth On-Behalf-Of is about user context You need user context
for - Autonomy - Auditing - Access checks Microsoft Entra ID takes some getting-used-to MSAL solves the coding part
Thanks!
devnetnoord
hr01
oracle4engineer
indirect
sansan33
shibuiwilliam
fortegp05
iwamot
nrinetcom
knishioka
kaminashi
visional_engineering_and_design
ryomaru0825
honzajavorek
minecr
jlugia
cargoodrich
carmenintech
chrisshort
soysaucechin
nwiizo
samtorres
nikkihalliwell
tammyeverts
zakiyama
