Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Delegated Access with OAuth

devNetNoord
April 04, 2024
Technology
0
21

Delegated Access with OAuth

Presentatie gegeven tijdens devCampNoord '24 in Kinepolis Groningen.

devNetNoord

April 04, 2024
Tweet

More Decks by devNetNoord

See All by devNetNoord
Gebruik je broncode als documentatie voor je stakeholders
devnetnoord
0
4
Efficient and Secure Software Delivery with Azure Deployment Environments and Dev Box
devnetnoord
0
5
Toepassing van AI in de zorg; hype, hoop en haalbaarheid
devnetnoord
0
11
What's new with Azure Bicep?
devnetnoord
0
3
Copilot Beyond the Basics
devnetnoord
0
53
The Blazor Multiverse
devnetnoord
0
39
De Architectuur Odyssee
devnetnoord
0
17
Azure Kubernetes Service Quickstart
devnetnoord
0
23
The Office Copilot
devnetnoord
0
14

Other Decks in Technology

See All in Technology
デジタルアイデンティティ人材育成推進ワーキンググループ 翻訳サブワーキンググループ 活動報告 / 20250114-OIDF-J-EduWG-TranslationSWG
oidfj
0
530
Oracle Base Database Service 技術詳細
oracle4engineer
PRO
6
54k
[IBM TechXchange Dojo]Watson Discoveryとwatsonx.aiでRAGを実現!事例のご紹介+座学②
siyuanzh09
0
110
信頼されるためにやったこと、 やらなかったこと。/What we did to be trusted, What we did not do.
bitkey
PRO
0
2.2k
新しいスケーリング則と学習理論
taiji_suzuki
10
3.8k
0→1事業こそPMは営業すべし / pmconf #落選お披露目 / PM should do sales in zero to one
roki_n_
PRO
1
1.3k
Visual StudioとかIDE関連小ネタ話
kosmosebi
1
370
商品レコメンドでのexplicit negative feedbackの活用
alpicola
1
350
コロプラのオンボーディングを採用から語りたい
colopl
5
1.2k
Amazon Q Developerで.NET Frameworkプロジェクトをモダナイズしてみた
kenichirokimura
1
200
My small contributions - Fujiwara Tech Conference 2025
ijin
0
1.4k
embedパッケージを深掘りする / Deep Dive into embed Package in Go
task4233
1
210

Featured

See All Featured
How to Think Like a Performance Engineer
csswizardry
22
1.3k
The Cult of Friendly URLs
andyhume
78
6.1k
The Psychology of Web Performance [Beyond Tellerrand 2023]
tammyeverts
45
2.3k
Making the Leap to Tech Lead
cromwellryan
133
9k
For a Future-Friendly Web
brad_frost
176
9.5k
Scaling GitHub
holman
459
140k
Adopting Sorbet at Scale
ufuk
74
9.2k
Exploring the Power of Turbo Streams & Action Cable | RailsConf2023
kevinliebholz
28
4.5k
Navigating Team Friction
lara
183
15k
Become a Pro
speakerdeck
PRO
26
5.1k
[RailsConf 2023 Opening Keynote] The Magic of Rails
eileencodes
28
9.2k
4 Signs Your Business is Dying
shpigford
182
22k

Transcript

  1. Delegated Access with OAuth Why Developers Should Care Annejan Barelds

    Software Architect DevCampNoord April 4th, 2024

  2. Annejan Barelds Software Architect - 4Dotnet Azure – .NET –

    Architecture – Consultancy https://www.linkedin.com/in/barelds/ https://github.com/AnnejanBarelds

  3. Delegated Access OAuth 2.0 On-Behalf-Of

  4. 2008 Alice Bob Charlie Alice Bob Charlie App ID

  5. 2016

  6. 2024

  7. App ID Alice Bob Charlie

  8. App ID Alice Bob Charlie App ID App ID ?

    ?
  9. None

  10. Office 365 The Need for Zero Trust

  11. User Role Group Device Config Location Last Sign-in Conditional access

    risk Health/Integrity Client Config Last seen High Medium Low Firewall Intrusion Detection/Prevention Forward/Reverse Proxy Source: IP Address/Port Destination: IP Address/Port Signatures Analytics Allow List Authentication Intranet Resources Actions: • Allow • Allow Restricted • Require MFA • Block • Force Remediation Actions: • Allow • Block Device

  12. User Role Group Device Config Location Last Sign-in Conditional access

    risk High Medium Low Intranet Resources Actions: • Allow • Allow Restricted • Require MFA • Block • Force Remediation Actions: • Allow • Block Health/Integrity Client Config Last seen Device Identity Permissions App Identity Permissions API Firewall Intrusion Detection/Prevention Forward/Reverse Proxy Source: IP Address/Port Destination: IP Address/Port Signatures Analytics Allow List Authentication

  13. OK, so we need delegated access. How does it work?

  14. Resource Server Client IdP Resource Owner Data Scopes: - Read

    - Write - … Roles: - Owner - Reader App App Required access: - RS/Read AT IT AT SP SP RS/Read openid Consent?

  15. AT AT ? Resource Server Client IdP Resource Owner Data

    Scopes: - Read - Write - … Roles: - Owner - Reader App Required access: - RS/Read IT AT SP SP RS/Read openid IdP App AT API Scopes: - Read Required access: - API/Read Required access: - RS/Read App SP AT AT AT API/Read RS/Read

  16. https://www.youtube.com/watch?v=WVNvoiA_ktw John Savill's Technical Training

  17. Demo time

  18. So it’s all rainbows and unicorns?

  19. OAuth On-Behalf-Of is about user context You need user context

    for - Autonomy - Auditing - Access checks Microsoft Entra ID takes some getting-used-to MSAL solves the coding part

  20. Thanks!