Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Delegated Access with OAuth
Search
devNetNoord
April 04, 2024
Technology
43
0
Share
Embed
Copy iframe code
Copy JS code
Copy link
Start on current slide
Delegated Access with OAuth
Presentatie gegeven tijdens devCampNoord '24 in Kinepolis Groningen.
devNetNoord
April 04, 2024
More Decks by devNetNoord
See All by devNetNoord
Gebruik je broncode als documentatie voor je stakeholders
devnetnoord
0
51
Efficient and Secure Software Delivery with Azure Deployment Environments and Dev Box
devnetnoord
0
47
Toepassing van AI in de zorg; hype, hoop en haalbaarheid
devnetnoord
0
83
What's new with Azure Bicep?
devnetnoord
0
53
Copilot Beyond the Basics
devnetnoord
0
130
The Blazor Multiverse
devnetnoord
0
100
De Architectuur Odyssee
devnetnoord
0
60
Azure Kubernetes Service Quickstart
devnetnoord
0
68
The Office Copilot
devnetnoord
0
51
Other Decks in Technology
See All in Technology
Kiro Ambassador を目指す話
k_adachi_01
0
110
Agent Skills設計で柔軟性と硬さのバランスが難しい話
nassy20
0
150
FPGAの開発コンペでZephyrを使ってみた
iotengineer22
0
140
2026 TECHFRESH 畢業分享會 - 開發日常大解密!從領域驅動到企業級上線
line_developers_tw
PRO
0
1.3k
ぼっちではじめた登壇が「51名」「241件」の発信に化けた
subroh0508
1
250
GitHub Copilot app最速の発信の裏側
tomokusaba
1
190
Chainlitで作るお手軽チャットUI
ynt0485
0
280
OTel × Datadog で 「AI活用」を計測し、改善に繋げる
shihochan
2
430
20260619 私の日常業務での生成 AI 活用
masaruogura
1
230
2026 TECHFRESH 畢業分享會 - AI-Native 重塑軟體工程與虛擬講師
line_developers_tw
PRO
0
1.3k
AIAU_UMEMOGU_ninomiya_slide
ninomiya_ii
0
240
ザ・データベース、MySQL ~ OSC 2026 Sendai ~
sakaik
0
140
Featured
See All Featured
Build your cross-platform service in a week with App Engine
jlugia
234
18k
Bash Introduction
62gerente
615
220k
Design in an AI World
tapps
1
250
Testing 201, or: Great Expectations
jmmastey
46
8.2k
Kristin Tynski - Automating Marketing Tasks With AI
techseoconnect
PRO
0
270
Fight the Zombie Pattern Library - RWD Summit 2016
marcelosomers
234
17k
Between Models and Reality
mayunak
4
340
Connecting the Dots Between Site Speed, User Experience & Your Business [WebExpo 2025]
tammyeverts
11
950
Leo the Paperboy
mayatellez
7
1.8k
Neural Spatial Audio Processing for Sound Field Analysis and Control
skoyamalab
0
340
sira's awesome portfolio website redesign presentation
elsirapls
0
280
Utilizing Notion as your number one productivity tool
mfonobong
4
320
Transcript
Delegated Access with OAuth Why Developers Should Care Annejan Barelds
Software Architect DevCampNoord April 4th, 2024
Annejan Barelds Software Architect - 4Dotnet Azure – .NET –
Architecture – Consultancy https://www.linkedin.com/in/barelds/ https://github.com/AnnejanBarelds
Delegated Access OAuth 2.0 On-Behalf-Of
2008 Alice Bob Charlie Alice Bob Charlie App ID
2016
2024
App ID Alice Bob Charlie
App ID Alice Bob Charlie App ID App ID ?
?
None
Office 365 The Need for Zero Trust
User Role Group Device Config Location Last Sign-in Conditional access
risk Health/Integrity Client Config Last seen High Medium Low Firewall Intrusion Detection/Prevention Forward/Reverse Proxy Source: IP Address/Port Destination: IP Address/Port Signatures Analytics Allow List Authentication Intranet Resources Actions: • Allow • Allow Restricted • Require MFA • Block • Force Remediation Actions: • Allow • Block Device
User Role Group Device Config Location Last Sign-in Conditional access
risk High Medium Low Intranet Resources Actions: • Allow • Allow Restricted • Require MFA • Block • Force Remediation Actions: • Allow • Block Health/Integrity Client Config Last seen Device Identity Permissions App Identity Permissions API Firewall Intrusion Detection/Prevention Forward/Reverse Proxy Source: IP Address/Port Destination: IP Address/Port Signatures Analytics Allow List Authentication
OK, so we need delegated access. How does it work?
Resource Server Client IdP Resource Owner Data Scopes: - Read
- Write - … Roles: - Owner - Reader App App Required access: - RS/Read AT IT AT SP SP RS/Read openid Consent?
AT AT ? Resource Server Client IdP Resource Owner Data
Scopes: - Read - Write - … Roles: - Owner - Reader App Required access: - RS/Read IT AT SP SP RS/Read openid IdP App AT API Scopes: - Read Required access: - API/Read Required access: - RS/Read App SP AT AT AT API/Read RS/Read
https://www.youtube.com/watch?v=WVNvoiA_ktw John Savill's Technical Training
Demo time
So it’s all rainbows and unicorns?
OAuth On-Behalf-Of is about user context You need user context
for - Autonomy - Auditing - Access checks Microsoft Entra ID takes some getting-used-to MSAL solves the coding part
Thanks!
devnetnoord
k_adachi_01
nassy20
iotengineer22
line_developers_tw
subroh0508
tomokusaba
ynt0485
shihochan
masaruogura
ninomiya_ii
sakaik
jlugia
62gerente
tapps
jmmastey
techseoconnect
marcelosomers
mayunak
tammyeverts
mayatellez
skoyamalab
elsirapls
mfonobong
