Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Delegated Access with OAuth
Search
Sponsored
·
Your Podcast. Everywhere. Effortlessly.
Share. Educate. Inspire. Entertain. You do you. We'll handle the rest.
→
devNetNoord
April 04, 2024
Technology
39
0
Share
Delegated Access with OAuth
Presentatie gegeven tijdens devCampNoord '24 in Kinepolis Groningen.
devNetNoord
April 04, 2024
More Decks by devNetNoord
See All by devNetNoord
Gebruik je broncode als documentatie voor je stakeholders
devnetnoord
0
44
Efficient and Secure Software Delivery with Azure Deployment Environments and Dev Box
devnetnoord
0
38
Toepassing van AI in de zorg; hype, hoop en haalbaarheid
devnetnoord
0
77
What's new with Azure Bicep?
devnetnoord
0
48
Copilot Beyond the Basics
devnetnoord
0
120
The Blazor Multiverse
devnetnoord
0
100
De Architectuur Odyssee
devnetnoord
0
54
Azure Kubernetes Service Quickstart
devnetnoord
0
58
The Office Copilot
devnetnoord
0
41
Other Decks in Technology
See All in Technology
AI駆動開発でなんでもハンズオン環境をつくってみた
yoshimi0227
0
180
Oracle AI Database@Azure:サービス概要のご紹介
oracle4engineer
PRO
6
1.8k
A Harness for Behaviour: how to get AI to generate code that does what we intend, or "TDD in the age of AI"
xpmatteo
1
520
JJUG CCC 2026 Spring AI時代の開発こそ標準化を武器に! ― 方式・プロセス・プラットフォームの標準化
s27watanabe
2
640
Platform engineering for developers, architects & the rest of us (AI agents)
danielbryantuk
0
160
OpenClawとHermesAgentでAI新入社員を作った話
takanoriyanada
0
150
Oracle AI Database@Google Cloud:サービス概要のご紹介
oracle4engineer
PRO
6
1.5k
管理アカウント単一運用からAWS Organizationsに移行するの大変で滅
hiramax
0
350
さきさん文庫の書籍ができるまで
sakiengineer
0
320
Databricks 月刊サービスアップデート 2026年05月号
tyosi1212
0
120
コードレビューを制するチームがソフトウェアデリバリーのフローを制す / Beyond Code Review: Distributing Its Responsibilities Across the SDLC
mtx2s
3
500
もりもり新機能を一挙紹介! AgentCoreに入門して、AWS上にAIエージェントを構築しよう
minorun365
PRO
6
350
Featured
See All Featured
ピンチをチャンスに:未来をつくるプロダクトロードマップ #pmconf2020
aki_iinuma
128
55k
Music & Morning Musume
bryan
47
7.2k
Public Speaking Without Barfing On Your Shoes - THAT 2023
reverentgeek
1
410
[SF Ruby Conf 2025] Rails X
palkan
2
1.1k
DevOps and Value Stream Thinking: Enabling flow, efficiency and business value
helenjbeal
1
210
Mozcon NYC 2025: Stop Losing SEO Traffic
samtorres
1
240
Deep Space Network (abreviated)
tonyrice
0
160
Building Adaptive Systems
keathley
44
3k
Build The Right Thing And Hit Your Dates
maggiecrowley
39
3.2k
How to build a perfect <img>
jonoalderson
1
5.5k
Navigating the Design Leadership Dip - Product Design Week Design Leaders+ Conference 2024
apolaine
1
330
Building Better People: How to give real-time feedback that sticks.
wjessup
370
20k
Transcript
Delegated Access with OAuth Why Developers Should Care Annejan Barelds
Software Architect DevCampNoord April 4th, 2024
Annejan Barelds Software Architect - 4Dotnet Azure – .NET –
Architecture – Consultancy https://www.linkedin.com/in/barelds/ https://github.com/AnnejanBarelds
Delegated Access OAuth 2.0 On-Behalf-Of
2008 Alice Bob Charlie Alice Bob Charlie App ID
2016
2024
App ID Alice Bob Charlie
App ID Alice Bob Charlie App ID App ID ?
?
None
Office 365 The Need for Zero Trust
User Role Group Device Config Location Last Sign-in Conditional access
risk Health/Integrity Client Config Last seen High Medium Low Firewall Intrusion Detection/Prevention Forward/Reverse Proxy Source: IP Address/Port Destination: IP Address/Port Signatures Analytics Allow List Authentication Intranet Resources Actions: • Allow • Allow Restricted • Require MFA • Block • Force Remediation Actions: • Allow • Block Device
User Role Group Device Config Location Last Sign-in Conditional access
risk High Medium Low Intranet Resources Actions: • Allow • Allow Restricted • Require MFA • Block • Force Remediation Actions: • Allow • Block Health/Integrity Client Config Last seen Device Identity Permissions App Identity Permissions API Firewall Intrusion Detection/Prevention Forward/Reverse Proxy Source: IP Address/Port Destination: IP Address/Port Signatures Analytics Allow List Authentication
OK, so we need delegated access. How does it work?
Resource Server Client IdP Resource Owner Data Scopes: - Read
- Write - … Roles: - Owner - Reader App App Required access: - RS/Read AT IT AT SP SP RS/Read openid Consent?
AT AT ? Resource Server Client IdP Resource Owner Data
Scopes: - Read - Write - … Roles: - Owner - Reader App Required access: - RS/Read IT AT SP SP RS/Read openid IdP App AT API Scopes: - Read Required access: - API/Read Required access: - RS/Read App SP AT AT AT API/Read RS/Read
https://www.youtube.com/watch?v=WVNvoiA_ktw John Savill's Technical Training
Demo time
So it’s all rainbows and unicorns?
OAuth On-Behalf-Of is about user context You need user context
for - Autonomy - Auditing - Access checks Microsoft Entra ID takes some getting-used-to MSAL solves the coding part
Thanks!
devnetnoord
yoshimi0227
oracle4engineer
xpmatteo
s27watanabe
danielbryantuk
takanoriyanada
hiramax
sakiengineer
tyosi1212
mtx2s
minorun365
aki_iinuma
bryan
reverentgeek
palkan
.png){kind=avatar}
helenjbeal
samtorres
tonyrice
keathley
maggiecrowley
jonoalderson
apolaine
wjessup
