Upgrade to PRO for Only $50/Year—Limited-Time Offer! 🔥
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Delegated Access with OAuth
Search
devNetNoord
April 04, 2024
Technology
0
33
Delegated Access with OAuth
Presentatie gegeven tijdens devCampNoord '24 in Kinepolis Groningen.
devNetNoord
April 04, 2024
Tweet
Share
More Decks by devNetNoord
See All by devNetNoord
Gebruik je broncode als documentatie voor je stakeholders
devnetnoord
0
23
Efficient and Secure Software Delivery with Azure Deployment Environments and Dev Box
devnetnoord
0
26
Toepassing van AI in de zorg; hype, hoop en haalbaarheid
devnetnoord
0
55
What's new with Azure Bicep?
devnetnoord
0
32
Copilot Beyond the Basics
devnetnoord
0
87
The Blazor Multiverse
devnetnoord
0
81
De Architectuur Odyssee
devnetnoord
0
42
Azure Kubernetes Service Quickstart
devnetnoord
0
53
The Office Copilot
devnetnoord
0
26
Other Decks in Technology
See All in Technology
LLM-Readyなデータ基盤を高速に構築するためのアジャイルデータモデリングの実例
kashira
0
240
re:Invent 2025 ~何をする者であり、どこへいくのか~
tetutetu214
0
210
30分であなたをOmniのファンにしてみせます~分析画面のクリック操作をそのままコード化できるAI-ReadyなBIツール~
sagara
0
140
Database イノベーショントークを振り返る/reinvent-2025-database-innovation-talk-recap
emiki
0
140
Haskell を武器にして挑む競技プログラミング ─ 操作的思考から意味モデル思考へ
naoya
6
1.5k
手動から自動へ、そしてその先へ
moritamasami
0
300
MLflowで始めるプロンプト管理、評価、最適化
databricksjapan
1
210
Power of Kiro : あなたの㌔はパワステ搭載ですか?
r3_yamauchi
PRO
0
120
GitHub Copilotを使いこなす 実例に学ぶAIコーディング活用術
74th
3
3k
多様なデジタルアイデンティティを攻撃からどうやって守るのか / 20251212
ayokura
0
440
AWSを使う上で最低限知っておきたいセキュリティ研修を社内で実施した話 ~みんなでやるセキュリティ~
maimyyym
2
420
[JAWS-UG 横浜支部 #91]DevOps Agent vs CloudWatch Investigations -比較と実践-
sh_fk2
2
250
Featured
See All Featured
Building Better People: How to give real-time feedback that sticks.
wjessup
370
20k
Speed Design
sergeychernyshev
33
1.4k
Fight the Zombie Pattern Library - RWD Summit 2016
marcelosomers
234
17k
Fashionably flexible responsive web design (full day workshop)
malarkey
407
66k
Exploring the Power of Turbo Streams & Action Cable | RailsConf2023
kevinliebholz
36
6.2k
The Illustrated Children's Guide to Kubernetes
chrisshort
51
51k
What's in a price? How to price your products and services
michaelherold
246
13k
"I'm Feeling Lucky" - Building Great Search Experiences for Today's Users (#IAC19)
danielanewman
231
22k
実際に使うSQLの書き方 徹底解説 / pgcon21j-tutorial
soudai
PRO
196
70k
Creating an realtime collaboration tool: Agile Flush - .NET Oxford
marcduiker
35
2.3k
A Modern Web Designer's Workflow
chriscoyier
698
190k
How To Stay Up To Date on Web Technology
chriscoyier
791
250k
Transcript
Delegated Access with OAuth Why Developers Should Care Annejan Barelds
Software Architect DevCampNoord April 4th, 2024
Annejan Barelds Software Architect - 4Dotnet Azure – .NET –
Architecture – Consultancy https://www.linkedin.com/in/barelds/ https://github.com/AnnejanBarelds
Delegated Access OAuth 2.0 On-Behalf-Of
2008 Alice Bob Charlie Alice Bob Charlie App ID
2016
2024
App ID Alice Bob Charlie
App ID Alice Bob Charlie App ID App ID ?
?
None
Office 365 The Need for Zero Trust
User Role Group Device Config Location Last Sign-in Conditional access
risk Health/Integrity Client Config Last seen High Medium Low Firewall Intrusion Detection/Prevention Forward/Reverse Proxy Source: IP Address/Port Destination: IP Address/Port Signatures Analytics Allow List Authentication Intranet Resources Actions: • Allow • Allow Restricted • Require MFA • Block • Force Remediation Actions: • Allow • Block Device
User Role Group Device Config Location Last Sign-in Conditional access
risk High Medium Low Intranet Resources Actions: • Allow • Allow Restricted • Require MFA • Block • Force Remediation Actions: • Allow • Block Health/Integrity Client Config Last seen Device Identity Permissions App Identity Permissions API Firewall Intrusion Detection/Prevention Forward/Reverse Proxy Source: IP Address/Port Destination: IP Address/Port Signatures Analytics Allow List Authentication
OK, so we need delegated access. How does it work?
Resource Server Client IdP Resource Owner Data Scopes: - Read
- Write - … Roles: - Owner - Reader App App Required access: - RS/Read AT IT AT SP SP RS/Read openid Consent?
AT AT ? Resource Server Client IdP Resource Owner Data
Scopes: - Read - Write - … Roles: - Owner - Reader App Required access: - RS/Read IT AT SP SP RS/Read openid IdP App AT API Scopes: - Read Required access: - API/Read Required access: - RS/Read App SP AT AT AT API/Read RS/Read
https://www.youtube.com/watch?v=WVNvoiA_ktw John Savill's Technical Training
Demo time
So it’s all rainbows and unicorns?
OAuth On-Behalf-Of is about user context You need user context
for - Autonomy - Auditing - Access checks Microsoft Entra ID takes some getting-used-to MSAL solves the coding part
Thanks!
devnetnoord
kashira
tetutetu214
sagara
emiki
naoya
moritamasami
databricksjapan
r3_yamauchi
74th
ayokura
maimyyym
sh_fk2
wjessup
sergeychernyshev
marcelosomers
malarkey
kevinliebholz
chrisshort
michaelherold
danielanewman
soudai
marcduiker
chriscoyier
