Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Delegated Access with OAuth
Search
devNetNoord
April 04, 2024
Technology
0
23
Delegated Access with OAuth
Presentatie gegeven tijdens devCampNoord '24 in Kinepolis Groningen.
devNetNoord
April 04, 2024
Tweet
Share
More Decks by devNetNoord
See All by devNetNoord
Gebruik je broncode als documentatie voor je stakeholders
devnetnoord
0
9
Efficient and Secure Software Delivery with Azure Deployment Environments and Dev Box
devnetnoord
0
12
Toepassing van AI in de zorg; hype, hoop en haalbaarheid
devnetnoord
0
19
What's new with Azure Bicep?
devnetnoord
0
11
Copilot Beyond the Basics
devnetnoord
0
61
The Blazor Multiverse
devnetnoord
0
54
De Architectuur Odyssee
devnetnoord
0
24
Azure Kubernetes Service Quickstart
devnetnoord
0
35
The Office Copilot
devnetnoord
0
16
Other Decks in Technology
See All in Technology
AIとSREで「今」できること
honmarkhunt
3
700
30代からでも遅くない! 内製開発の世界に飛び込み、最前線で戦うLLMアプリ開発エンジニアになろう
minorun365
PRO
16
5.1k
Dataverseの検索列について
miyakemito
1
180
AIと共に乗り越える、 入社後2ヶ月の苦労と学習の軌跡
sai_kaneko
0
190
Azure Maps Visual in PowerBIで分析しよう
nakasho
0
190
フルカイテン株式会社 エンジニア向け採用資料
fullkaiten
0
5.5k
製造業向けIoTソリューション提案資料.pdf
haruki_uiru
0
170
Databricksで完全履修!オールインワンレイクハウスは実在した!
akuwano
0
150
Twelve-Factor-Appから学ぶECS設計プラクティス/ECS practice for Twelve-Factor-App
ozawa
3
160
AIエージェント開発手法と業務導入のプラクティス
ykosaka
9
2.7k
持続可能なドキュメント運用のリアル: 1年間の成果とこれから
akitok_
1
270
2025-04-14 Data & Analytics 井戸端会議 Multi tenant log platform with Iceberg
kamijin_fanta
1
180
Featured
See All Featured
RailsConf & Balkan Ruby 2019: The Past, Present, and Future of Rails at GitHub
eileencodes
137
33k
How to Ace a Technical Interview
jacobian
276
23k
It's Worth the Effort
3n
184
28k
Easily Structure & Communicate Ideas using Wireframe
afnizarnur
194
16k
[RailsConf 2023 Opening Keynote] The Magic of Rails
eileencodes
29
9.4k
Producing Creativity
orderedlist
PRO
344
40k
A designer walks into a library…
pauljervisheath
205
24k
Responsive Adventures: Dirty Tricks From The Dark Corners of Front-End
smashingmag
251
21k
Product Roadmaps are Hard
iamctodd
PRO
53
11k
Code Reviewing Like a Champion
maltzj
523
40k
GraphQLの誤解/rethinking-graphql
sonatard
71
10k
"I'm Feeling Lucky" - Building Great Search Experiences for Today's Users (#IAC19)
danielanewman
227
22k
Transcript
Delegated Access with OAuth Why Developers Should Care Annejan Barelds
Software Architect DevCampNoord April 4th, 2024
Annejan Barelds Software Architect - 4Dotnet Azure – .NET –
Architecture – Consultancy https://www.linkedin.com/in/barelds/ https://github.com/AnnejanBarelds
Delegated Access OAuth 2.0 On-Behalf-Of
2008 Alice Bob Charlie Alice Bob Charlie App ID
2016
2024
App ID Alice Bob Charlie
App ID Alice Bob Charlie App ID App ID ?
?
None
Office 365 The Need for Zero Trust
User Role Group Device Config Location Last Sign-in Conditional access
risk Health/Integrity Client Config Last seen High Medium Low Firewall Intrusion Detection/Prevention Forward/Reverse Proxy Source: IP Address/Port Destination: IP Address/Port Signatures Analytics Allow List Authentication Intranet Resources Actions: • Allow • Allow Restricted • Require MFA • Block • Force Remediation Actions: • Allow • Block Device
User Role Group Device Config Location Last Sign-in Conditional access
risk High Medium Low Intranet Resources Actions: • Allow • Allow Restricted • Require MFA • Block • Force Remediation Actions: • Allow • Block Health/Integrity Client Config Last seen Device Identity Permissions App Identity Permissions API Firewall Intrusion Detection/Prevention Forward/Reverse Proxy Source: IP Address/Port Destination: IP Address/Port Signatures Analytics Allow List Authentication
OK, so we need delegated access. How does it work?
Resource Server Client IdP Resource Owner Data Scopes: - Read
- Write - … Roles: - Owner - Reader App App Required access: - RS/Read AT IT AT SP SP RS/Read openid Consent?
AT AT ? Resource Server Client IdP Resource Owner Data
Scopes: - Read - Write - … Roles: - Owner - Reader App Required access: - RS/Read IT AT SP SP RS/Read openid IdP App AT API Scopes: - Read Required access: - API/Read Required access: - RS/Read App SP AT AT AT API/Read RS/Read
https://www.youtube.com/watch?v=WVNvoiA_ktw John Savill's Technical Training
Demo time
So it’s all rainbows and unicorns?
OAuth On-Behalf-Of is about user context You need user context
for - Autonomy - Auditing - Access checks Microsoft Entra ID takes some getting-used-to MSAL solves the coding part
Thanks!
devnetnoord
.png){kind=avatar}
honmarkhunt
minorun365
miyakemito
sai_kaneko
nakasho
fullkaiten
haruki_uiru
akuwano
ozawa
ykosaka
akitok_
kamijin_fanta
eileencodes
jacobian
3n
afnizarnur
orderedlist
pauljervisheath
smashingmag
iamctodd
maltzj
sonatard
danielanewman
