Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Delegated Access with OAuth
Search
devNetNoord
April 04, 2024
Technology
0
19
Delegated Access with OAuth
Presentatie gegeven tijdens devCampNoord '24 in Kinepolis Groningen.
devNetNoord
April 04, 2024
Tweet
Share
More Decks by devNetNoord
See All by devNetNoord
Copilot Beyond the Basics
devnetnoord
0
46
The Blazor Multiverse
devnetnoord
0
30
De Architectuur Odyssee
devnetnoord
0
17
Azure Kubernetes Service Quickstart
devnetnoord
0
19
The Office Copilot
devnetnoord
0
13
Navigating Cloud Sustainability: Insights and Strategies
devnetnoord
0
20
Machine Learning 101
devnetnoord
0
14
Vector search and state-of-the-art retrieval for generative AI apps
devnetnoord
0
45
Reviewing NuGet Packages security easily using OpenSSF Scorecard
devnetnoord
0
31
Other Decks in Technology
See All in Technology
OCI Security サービス 概要
oracle4engineer
PRO
0
6.5k
なぜ今 AI Agent なのか _近藤憲児
kenjikondobai
4
1.3k
個人でもIAM Identity Centerを使おう!(アクセス管理編)
ryder472
3
180
Lexical Analysis
shigashiyama
1
150
Amazon CloudWatch Network Monitor のススメ
yuki_ink
1
200
Amazon Personalizeの レコメンドシステム構築、実際何するの? 〜大体10分で具体的なイメージをつかむ〜
kniino
1
100
マルチモーダル / AI Agent / LLMOps 3つの技術トレンドで理解するLLMの今後の展望
hirosatogamo
37
12k
ノーコードデータ分析ツールで体験する時系列データ分析超入門
negi111111
0
410
ISUCONに強くなるかもしれない日々の過ごしかた/Findy ISUCON 2024-11-14
fujiwara3
8
860
Making your applications cross-environment - OSCG 2024 NA
salaboy
0
180
TypeScriptの次なる大進化なるか!? 条件型を返り値とする関数の型推論
uhyo
2
1.6k
Exadata Database Service on Dedicated Infrastructure(ExaDB-D) UI スクリーン・キャプチャ集
oracle4engineer
PRO
2
3.2k
Featured
See All Featured
Bash Introduction
62gerente
608
210k
What's new in Ruby 2.0
geeforr
343
31k
Statistics for Hackers
jakevdp
796
220k
CoffeeScript is Beautiful & I Never Want to Write Plain JavaScript Again
sstephenson
159
15k
RailsConf 2023
tenderlove
29
900
Docker and Python
trallard
40
3.1k
Bootstrapping a Software Product
garrettdimon
PRO
305
110k
The Straight Up "How To Draw Better" Workshop
denniskardys
232
140k
The Art of Programming - Codeland 2020
erikaheidi
52
13k
[RailsConf 2023 Opening Keynote] The Magic of Rails
eileencodes
28
9.1k
Building a Scalable Design System with Sketch
lauravandoore
459
33k
Fantastic passwords and where to find them - at NoRuKo
philnash
50
2.9k
Transcript
Delegated Access with OAuth Why Developers Should Care Annejan Barelds
Software Architect DevCampNoord April 4th, 2024
Annejan Barelds Software Architect - 4Dotnet Azure – .NET –
Architecture – Consultancy https://www.linkedin.com/in/barelds/ https://github.com/AnnejanBarelds
Delegated Access OAuth 2.0 On-Behalf-Of
2008 Alice Bob Charlie Alice Bob Charlie App ID
2016
2024
App ID Alice Bob Charlie
App ID Alice Bob Charlie App ID App ID ?
?
None
Office 365 The Need for Zero Trust
User Role Group Device Config Location Last Sign-in Conditional access
risk Health/Integrity Client Config Last seen High Medium Low Firewall Intrusion Detection/Prevention Forward/Reverse Proxy Source: IP Address/Port Destination: IP Address/Port Signatures Analytics Allow List Authentication Intranet Resources Actions: • Allow • Allow Restricted • Require MFA • Block • Force Remediation Actions: • Allow • Block Device
User Role Group Device Config Location Last Sign-in Conditional access
risk High Medium Low Intranet Resources Actions: • Allow • Allow Restricted • Require MFA • Block • Force Remediation Actions: • Allow • Block Health/Integrity Client Config Last seen Device Identity Permissions App Identity Permissions API Firewall Intrusion Detection/Prevention Forward/Reverse Proxy Source: IP Address/Port Destination: IP Address/Port Signatures Analytics Allow List Authentication
OK, so we need delegated access. How does it work?
Resource Server Client IdP Resource Owner Data Scopes: - Read
- Write - … Roles: - Owner - Reader App App Required access: - RS/Read AT IT AT SP SP RS/Read openid Consent?
AT AT ? Resource Server Client IdP Resource Owner Data
Scopes: - Read - Write - … Roles: - Owner - Reader App Required access: - RS/Read IT AT SP SP RS/Read openid IdP App AT API Scopes: - Read Required access: - API/Read Required access: - RS/Read App SP AT AT AT API/Read RS/Read
https://www.youtube.com/watch?v=WVNvoiA_ktw John Savill's Technical Training
Demo time
So it’s all rainbows and unicorns?
OAuth On-Behalf-Of is about user context You need user context
for - Autonomy - Auditing - Access checks Microsoft Entra ID takes some getting-used-to MSAL solves the coding part
Thanks!
devnetnoord
oracle4engineer
kenjikondobai
ryder472
shigashiyama
yuki_ink
kniino
hirosatogamo
negi111111
fujiwara3
salaboy
uhyo
62gerente
geeforr
jakevdp
sstephenson
tenderlove
trallard
garrettdimon
denniskardys
erikaheidi
eileencodes
lauravandoore
philnash
