$30 off During Our Annual Pro Sale. View Details »
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Delegated Access with OAuth
Search
devNetNoord
April 04, 2024
Technology
0
33
Delegated Access with OAuth
Presentatie gegeven tijdens devCampNoord '24 in Kinepolis Groningen.
devNetNoord
April 04, 2024
Tweet
Share
More Decks by devNetNoord
See All by devNetNoord
Gebruik je broncode als documentatie voor je stakeholders
devnetnoord
0
23
Efficient and Secure Software Delivery with Azure Deployment Environments and Dev Box
devnetnoord
0
26
Toepassing van AI in de zorg; hype, hoop en haalbaarheid
devnetnoord
0
55
What's new with Azure Bicep?
devnetnoord
0
32
Copilot Beyond the Basics
devnetnoord
0
87
The Blazor Multiverse
devnetnoord
0
81
De Architectuur Odyssee
devnetnoord
0
42
Azure Kubernetes Service Quickstart
devnetnoord
0
53
The Office Copilot
devnetnoord
0
26
Other Decks in Technology
See All in Technology
プロンプトやエージェントを自動的に作る方法
shibuiwilliam
4
2.7k
AWS re:Invent 2025で見たGrafana最新機能の紹介
hamadakoji
0
360
Challenging Hardware Contests with Zephyr and Lessons Learned
iotengineer22
0
190
Microsoft Agent 365 についてゆっくりじっくり理解する!
skmkzyk
0
300
品質のための共通認識
kakehashi
PRO
3
250
AI駆動開発における設計思想 認知負荷を下げるフロントエンドアーキテクチャ/ 20251211 Teppei Hanai
shift_evolve
PRO
2
370
Power of Kiro : あなたの㌔はパワステ搭載ですか?
r3_yamauchi
PRO
0
120
打 造 A I 驅 動 的 G i t H u b ⾃ 動 化 ⼯ 作 流 程
appleboy
0
320
【AWS re:Invent 2025速報】AIビルダー向けアップデートをまとめて解説!
minorun365
4
520
CARTAのAI CoE が挑む「事業を進化させる AI エンジニアリング」 / carta ai coe evolution business ai engineering
carta_engineering
0
1.1k
多様なデジタルアイデンティティを攻撃からどうやって守るのか / 20251212
ayokura
0
440
Gemini でコードレビュー知見を見える化
zozotech
PRO
1
250
Featured
See All Featured
Writing Fast Ruby
sferik
630
62k
Six Lessons from altMBA
skipperchong
29
4.1k
Agile that works and the tools we love
rasmusluckow
331
21k
Documentation Writing (for coders)
carmenintech
76
5.2k
Save Time (by Creating Custom Rails Generators)
garrettdimon
PRO
32
1.8k
[RailsConf 2023] Rails as a piece of cake
palkan
58
6.2k
Into the Great Unknown - MozCon
thekraken
40
2.2k
Evolution of real-time – Irina Nazarova, EuRuKo, 2024
irinanazarova
9
1.1k
The Invisible Side of Design
smashingmag
302
51k
Visualizing Your Data: Incorporating Mongo into Loggly Infrastructure
mongodb
48
9.8k
Keith and Marios Guide to Fast Websites
keithpitt
413
23k
How to Create Impact in a Changing Tech Landscape [PerfNow 2023]
tammyeverts
55
3.1k
Transcript
Delegated Access with OAuth Why Developers Should Care Annejan Barelds
Software Architect DevCampNoord April 4th, 2024
Annejan Barelds Software Architect - 4Dotnet Azure – .NET –
Architecture – Consultancy https://www.linkedin.com/in/barelds/ https://github.com/AnnejanBarelds
Delegated Access OAuth 2.0 On-Behalf-Of
2008 Alice Bob Charlie Alice Bob Charlie App ID
2016
2024
App ID Alice Bob Charlie
App ID Alice Bob Charlie App ID App ID ?
?
None
Office 365 The Need for Zero Trust
User Role Group Device Config Location Last Sign-in Conditional access
risk Health/Integrity Client Config Last seen High Medium Low Firewall Intrusion Detection/Prevention Forward/Reverse Proxy Source: IP Address/Port Destination: IP Address/Port Signatures Analytics Allow List Authentication Intranet Resources Actions: • Allow • Allow Restricted • Require MFA • Block • Force Remediation Actions: • Allow • Block Device
User Role Group Device Config Location Last Sign-in Conditional access
risk High Medium Low Intranet Resources Actions: • Allow • Allow Restricted • Require MFA • Block • Force Remediation Actions: • Allow • Block Health/Integrity Client Config Last seen Device Identity Permissions App Identity Permissions API Firewall Intrusion Detection/Prevention Forward/Reverse Proxy Source: IP Address/Port Destination: IP Address/Port Signatures Analytics Allow List Authentication
OK, so we need delegated access. How does it work?
Resource Server Client IdP Resource Owner Data Scopes: - Read
- Write - … Roles: - Owner - Reader App App Required access: - RS/Read AT IT AT SP SP RS/Read openid Consent?
AT AT ? Resource Server Client IdP Resource Owner Data
Scopes: - Read - Write - … Roles: - Owner - Reader App Required access: - RS/Read IT AT SP SP RS/Read openid IdP App AT API Scopes: - Read Required access: - API/Read Required access: - RS/Read App SP AT AT AT API/Read RS/Read
https://www.youtube.com/watch?v=WVNvoiA_ktw John Savill's Technical Training
Demo time
So it’s all rainbows and unicorns?
OAuth On-Behalf-Of is about user context You need user context
for - Autonomy - Auditing - Access checks Microsoft Entra ID takes some getting-used-to MSAL solves the coding part
Thanks!
devnetnoord
shibuiwilliam
hamadakoji
iotengineer22
skmkzyk
kakehashi
shift_evolve
r3_yamauchi
appleboy
minorun365
carta_engineering
ayokura
zozotech
sferik
skipperchong
rasmusluckow
carmenintech
garrettdimon
palkan
thekraken
irinanazarova
smashingmag
mongodb
keithpitt
tammyeverts
