Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Delegated Access with OAuth
Search
devNetNoord
April 04, 2024
Technology
0
7
Delegated Access with OAuth
Presentatie gegeven tijdens devCampNoord '24 in Kinepolis Groningen.
devNetNoord
April 04, 2024
Tweet
Share
More Decks by devNetNoord
See All by devNetNoord
Copilot Beyond the Basics
devnetnoord
0
7
The Blazor Multiverse
devnetnoord
0
6
De Architectuur Odyssee
devnetnoord
0
4
Azure Kubernetes Service Quickstart
devnetnoord
0
6
The Office Copilot
devnetnoord
0
5
Navigating Cloud Sustainability: Insights and Strategies
devnetnoord
0
5
Machine Learning 101
devnetnoord
0
5
Vector search and state-of-the-art retrieval for generative AI apps
devnetnoord
0
12
Reviewing NuGet Packages security easily using OpenSSF Scorecard
devnetnoord
0
6
Other Decks in Technology
See All in Technology
Grafana x PagerDuty Better Together
jacopen
1
260
家族アルバム みてねにおけるGrafana活用術 / Grafana Meetup Japan Vol.1 LT
isaoshimizu
1
1k
.NET Profiler in 2024.
kkamegawa
2
1.3k
プロンプトエンジニアリングでがんばらない-Agentic Workflow へ-近藤憲児
kenjikondobai
6
1.2k
【SORACOM UG 東海】あらゆるモノがつながる社会へ、IoT と SORACOM
soracom
PRO
1
140
認知症フレンドリーテックとスタックチャン
naokiuc
0
190
AWSに詳しくない人でも始められるコスト最適化ガイド
yuhta28
2
390
ルーターでプレゼンする
puhitaku
1
3.2k
データベース02: データベースの概念
trycycle
0
180
LangSmith入門―トレース/評価/プロンプト管理などを担うLLMアプリ開発プラットフォーム
os1ma
5
710
Microsoft Intune 勉強会 第 2 回目
tamaiyutaro
2
390
リテール金融(キャッシュレス・ネット銀行・ネット証券)の競争環境と経済圏
8maki
0
1.6k
Featured
See All Featured
GraphQLとの向き合い方2022年版
quramy
33
12k
Intergalactic Javascript Robots from Outer Space
tanoku
266
26k
Testing 201, or: Great Expectations
jmmastey
30
6.4k
Facilitating Awesome Meetings
lara
43
5.6k
5 minutes of I Can Smell Your CMS
philhawksworth
199
19k
Web Components: a chance to create the future
zenorocha
306
41k
Java REST API Framework Comparison - PWX 2021
mraible
PRO
19
6.9k
個人開発の失敗を避けるイケてる考え方 / tips for indie hackers
panda_program
65
14k
Building Effective Engineering Teams - LeadDev
addyosmani
32
1.9k
The World Runs on Bad Software
bkeepers
PRO
61
6.7k
Navigating Team Friction
lara
179
13k
Optimizing for Happiness
mojombo
370
69k
Transcript
Delegated Access with OAuth Why Developers Should Care Annejan Barelds
Software Architect DevCampNoord April 4th, 2024
Annejan Barelds Software Architect - 4Dotnet Azure – .NET –
Architecture – Consultancy https://www.linkedin.com/in/barelds/ https://github.com/AnnejanBarelds
Delegated Access OAuth 2.0 On-Behalf-Of
2008 Alice Bob Charlie Alice Bob Charlie App ID
2016
2024
App ID Alice Bob Charlie
App ID Alice Bob Charlie App ID App ID ?
?
None
Office 365 The Need for Zero Trust
User Role Group Device Config Location Last Sign-in Conditional access
risk Health/Integrity Client Config Last seen High Medium Low Firewall Intrusion Detection/Prevention Forward/Reverse Proxy Source: IP Address/Port Destination: IP Address/Port Signatures Analytics Allow List Authentication Intranet Resources Actions: • Allow • Allow Restricted • Require MFA • Block • Force Remediation Actions: • Allow • Block Device
User Role Group Device Config Location Last Sign-in Conditional access
risk High Medium Low Intranet Resources Actions: • Allow • Allow Restricted • Require MFA • Block • Force Remediation Actions: • Allow • Block Health/Integrity Client Config Last seen Device Identity Permissions App Identity Permissions API Firewall Intrusion Detection/Prevention Forward/Reverse Proxy Source: IP Address/Port Destination: IP Address/Port Signatures Analytics Allow List Authentication
OK, so we need delegated access. How does it work?
Resource Server Client IdP Resource Owner Data Scopes: - Read
- Write - … Roles: - Owner - Reader App App Required access: - RS/Read AT IT AT SP SP RS/Read openid Consent?
AT AT ? Resource Server Client IdP Resource Owner Data
Scopes: - Read - Write - … Roles: - Owner - Reader App Required access: - RS/Read IT AT SP SP RS/Read openid IdP App AT API Scopes: - Read Required access: - API/Read Required access: - RS/Read App SP AT AT AT API/Read RS/Read
https://www.youtube.com/watch?v=WVNvoiA_ktw John Savill's Technical Training
Demo time
So it’s all rainbows and unicorns?
OAuth On-Behalf-Of is about user context You need user context
for - Autonomy - Auditing - Access checks Microsoft Entra ID takes some getting-used-to MSAL solves the coding part
Thanks!
devnetnoord
jacopen
isaoshimizu
kkamegawa
kenjikondobai
soracom
naokiuc
yuhta28
puhitaku
trycycle
os1ma
tamaiyutaro
8maki
quramy
tanoku
jmmastey
lara
philhawksworth
zenorocha
mraible
panda_program
addyosmani
bkeepers
mojombo
