Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Delegated Access with OAuth
Search
devNetNoord
April 04, 2024
Technology
0
31
Delegated Access with OAuth
Presentatie gegeven tijdens devCampNoord '24 in Kinepolis Groningen.
devNetNoord
April 04, 2024
Tweet
Share
More Decks by devNetNoord
See All by devNetNoord
Gebruik je broncode als documentatie voor je stakeholders
devnetnoord
0
19
Efficient and Secure Software Delivery with Azure Deployment Environments and Dev Box
devnetnoord
0
25
Toepassing van AI in de zorg; hype, hoop en haalbaarheid
devnetnoord
0
50
What's new with Azure Bicep?
devnetnoord
0
31
Copilot Beyond the Basics
devnetnoord
0
82
The Blazor Multiverse
devnetnoord
0
78
De Architectuur Odyssee
devnetnoord
0
39
Azure Kubernetes Service Quickstart
devnetnoord
0
51
The Office Copilot
devnetnoord
0
26
Other Decks in Technology
See All in Technology
決済システムの信頼性を支える技術と運用の実践
ykagano
0
220
今のコンピュータ、AI にも Web にも 向いていないので 作り直そう!!
piacerex
0
690
Zabbix Conference Japan 2025 ダッシュボードコンテストLT
katayamatg
0
120
SREのキャリアから経営に近づく - Enterprise Risk Managementを基に -
shonansurvivors
1
750
次世代のメールプロトコルの斜め読み
hirachan
3
410
短期間でRAGシステムを実現 お客様と歩んだ生成AI内製化への道のり
taka0709
1
210
LINE公式アカウントの技術スタックと開発の裏側
lycorptech_jp
PRO
0
140
隙間ツール開発のすすめ / PHP Conference Fukuoka 2025
meihei3
0
170
ソフトウェアエンジニアとデータエンジニアの違い・キャリアチェンジ
mtpooh
1
610
AWS IAM Identity Centerによる権限設定をグラフ構造で可視化+グラフRAGへの挑戦
ykimi
2
400
ピープルウエア x スタートアップ
operando
3
3.6k
よくわからない人向けの IAM Identity Center とちょっとした落とし穴
kazzpapa3
2
420
Featured
See All Featured
Practical Tips for Bootstrapping Information Extraction Pipelines
honnibal
PRO
23
1.5k
Evolution of real-time – Irina Nazarova, EuRuKo, 2024
irinanazarova
9
1k
Build The Right Thing And Hit Your Dates
maggiecrowley
38
2.9k
Done Done
chrislema
186
16k
A better future with KSS
kneath
239
18k
The Art of Delivering Value - GDevCon NA Keynote
reverentgeek
16
1.7k
The Cult of Friendly URLs
andyhume
79
6.7k
The Power of CSS Pseudo Elements
geoffreycrofte
80
6k
The MySQL Ecosystem @ GitHub 2015
samlambert
251
13k
Practical Orchestrator
shlominoach
190
11k
We Have a Design System, Now What?
morganepeng
54
7.9k
Rails Girls Zürich Keynote
gr2m
95
14k
Transcript
Delegated Access with OAuth Why Developers Should Care Annejan Barelds
Software Architect DevCampNoord April 4th, 2024
Annejan Barelds Software Architect - 4Dotnet Azure – .NET –
Architecture – Consultancy https://www.linkedin.com/in/barelds/ https://github.com/AnnejanBarelds
Delegated Access OAuth 2.0 On-Behalf-Of
2008 Alice Bob Charlie Alice Bob Charlie App ID
2016
2024
App ID Alice Bob Charlie
App ID Alice Bob Charlie App ID App ID ?
?
None
Office 365 The Need for Zero Trust
User Role Group Device Config Location Last Sign-in Conditional access
risk Health/Integrity Client Config Last seen High Medium Low Firewall Intrusion Detection/Prevention Forward/Reverse Proxy Source: IP Address/Port Destination: IP Address/Port Signatures Analytics Allow List Authentication Intranet Resources Actions: • Allow • Allow Restricted • Require MFA • Block • Force Remediation Actions: • Allow • Block Device
User Role Group Device Config Location Last Sign-in Conditional access
risk High Medium Low Intranet Resources Actions: • Allow • Allow Restricted • Require MFA • Block • Force Remediation Actions: • Allow • Block Health/Integrity Client Config Last seen Device Identity Permissions App Identity Permissions API Firewall Intrusion Detection/Prevention Forward/Reverse Proxy Source: IP Address/Port Destination: IP Address/Port Signatures Analytics Allow List Authentication
OK, so we need delegated access. How does it work?
Resource Server Client IdP Resource Owner Data Scopes: - Read
- Write - … Roles: - Owner - Reader App App Required access: - RS/Read AT IT AT SP SP RS/Read openid Consent?
AT AT ? Resource Server Client IdP Resource Owner Data
Scopes: - Read - Write - … Roles: - Owner - Reader App Required access: - RS/Read IT AT SP SP RS/Read openid IdP App AT API Scopes: - Read Required access: - API/Read Required access: - RS/Read App SP AT AT AT API/Read RS/Read
https://www.youtube.com/watch?v=WVNvoiA_ktw John Savill's Technical Training
Demo time
So it’s all rainbows and unicorns?
OAuth On-Behalf-Of is about user context You need user context
for - Autonomy - Auditing - Access checks Microsoft Entra ID takes some getting-used-to MSAL solves the coding part
Thanks!
devnetnoord
ykagano
piacerex
katayamatg
shonansurvivors
hirachan
taka0709
lycorptech_jp
meihei3
mtpooh
ykimi
operando
kazzpapa3
honnibal
irinanazarova
maggiecrowley
chrislema
kneath
reverentgeek
andyhume
geoffreycrofte
samlambert
shlominoach
morganepeng
gr2m
