Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Delegated Access with OAuth

devNetNoord
April 04, 2024
Technology
0
22

Delegated Access with OAuth

Presentatie gegeven tijdens devCampNoord '24 in Kinepolis Groningen.

devNetNoord

April 04, 2024
Tweet

More Decks by devNetNoord

See All by devNetNoord
Gebruik je broncode als documentatie voor je stakeholders
devnetnoord
0
4
Efficient and Secure Software Delivery with Azure Deployment Environments and Dev Box
devnetnoord
0
6
Toepassing van AI in de zorg; hype, hoop en haalbaarheid
devnetnoord
0
13
What's new with Azure Bicep?
devnetnoord
0
4
Copilot Beyond the Basics
devnetnoord
0
56
The Blazor Multiverse
devnetnoord
0
46
De Architectuur Odyssee
devnetnoord
0
18
Azure Kubernetes Service Quickstart
devnetnoord
0
28
The Office Copilot
devnetnoord
0
14

Other Decks in Technology

See All in Technology
なぜ私は自分が使わないサービスを作るのか? / Why would I create a service that I would not use?
aiandrox
0
730
関東Kaggler会LT: 人狼コンペとLLM量子化について
nejumi
3
580
レビューを増やしつつ 高評価維持するテクニック
tsuzuki817
1
700
リーダブルテストコード 〜メンテナンスしやすい テストコードを作成する方法を考える〜 #DevSumi #DevSumiB / Readable test code
nihonbuson
11
7.2k
Classmethod AI Talks(CATs) #16 司会進行スライド(2025.02.12) / classmethod-ai-talks-aka-cats_moderator-slides_vol16_2025-02-12
shinyaa31
0
110
室長と気ままに学ぶマイクロソフトのビジネスアプリケーションとビジネスプロセス
ryoheig0405
0
360
モノレポ開発のエラー、誰が見る?Datadog で実現する適切なトリアージとエスカレーション
biwashi
6
800
現場で役立つAPIデザイン
nagix
33
12k
Classmethod AI Talks(CATs) #17 司会進行スライド(2025.02.19) / classmethod-ai-talks-aka-cats_moderator-slides_vol17_2025-02-19
shinyaa31
0
120
Platform Engineeringは自由のめまい
nwiizo
4
2.1k
Oracle Cloud Infrastructure:2025年2月度サービス・アップデート
oracle4engineer
PRO
1
210
Tech Blogを書きやすい環境づくり
lycorptech_jp
PRO
1
240

Featured

See All Featured
Creating an realtime collaboration tool: Agile Flush - .NET Oxford
marcduiker
27
1.9k
Six Lessons from altMBA
skipperchong
27
3.6k
Making the Leap to Tech Lead
cromwellryan
133
9.1k
Automating Front-end Workflow
addyosmani
1368
200k
Imperfection Machines: The Place of Print at Facebook
scottboms
267
13k
We Have a Design System, Now What?
morganepeng
51
7.4k
VelocityConf: Rendering Performance Case Studies
addyosmani
328
24k
Visualizing Your Data: Incorporating Mongo into Loggly Infrastructure
mongodb
45
9.4k
The Invisible Side of Design
smashingmag
299
50k
Building Flexible Design Systems
yeseniaperezcruz
328
38k
GraphQLの誤解/rethinking-graphql
sonatard
68
10k
Unsuck your backbone
ammeep
669
57k

Transcript

  1. Delegated Access with OAuth Why Developers Should Care Annejan Barelds

    Software Architect DevCampNoord April 4th, 2024

  2. Annejan Barelds Software Architect - 4Dotnet Azure – .NET –

    Architecture – Consultancy https://www.linkedin.com/in/barelds/ https://github.com/AnnejanBarelds

  3. Delegated Access OAuth 2.0 On-Behalf-Of

  4. 2008 Alice Bob Charlie Alice Bob Charlie App ID

  5. 2016

  6. 2024

  7. App ID Alice Bob Charlie

  8. App ID Alice Bob Charlie App ID App ID ?

    ?
  9. None

  10. Office 365 The Need for Zero Trust

  11. User Role Group Device Config Location Last Sign-in Conditional access

    risk Health/Integrity Client Config Last seen High Medium Low Firewall Intrusion Detection/Prevention Forward/Reverse Proxy Source: IP Address/Port Destination: IP Address/Port Signatures Analytics Allow List Authentication Intranet Resources Actions: • Allow • Allow Restricted • Require MFA • Block • Force Remediation Actions: • Allow • Block Device

  12. User Role Group Device Config Location Last Sign-in Conditional access

    risk High Medium Low Intranet Resources Actions: • Allow • Allow Restricted • Require MFA • Block • Force Remediation Actions: • Allow • Block Health/Integrity Client Config Last seen Device Identity Permissions App Identity Permissions API Firewall Intrusion Detection/Prevention Forward/Reverse Proxy Source: IP Address/Port Destination: IP Address/Port Signatures Analytics Allow List Authentication

  13. OK, so we need delegated access. How does it work?

  14. Resource Server Client IdP Resource Owner Data Scopes: - Read

    - Write - … Roles: - Owner - Reader App App Required access: - RS/Read AT IT AT SP SP RS/Read openid Consent?

  15. AT AT ? Resource Server Client IdP Resource Owner Data

    Scopes: - Read - Write - … Roles: - Owner - Reader App Required access: - RS/Read IT AT SP SP RS/Read openid IdP App AT API Scopes: - Read Required access: - API/Read Required access: - RS/Read App SP AT AT AT API/Read RS/Read

  16. https://www.youtube.com/watch?v=WVNvoiA_ktw John Savill's Technical Training

  17. Demo time

  18. So it’s all rainbows and unicorns?

  19. OAuth On-Behalf-Of is about user context You need user context

    for - Autonomy - Auditing - Access checks Microsoft Entra ID takes some getting-used-to MSAL solves the coding part

  20. Thanks!