Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Delegated Access with OAuth
Search
Sponsored
·
Ship Features Fearlessly
Turn features on and off without deploys. Used by thousands of Ruby developers.
→
devNetNoord
April 04, 2024
Technology
0
34
Delegated Access with OAuth
Presentatie gegeven tijdens devCampNoord '24 in Kinepolis Groningen.
devNetNoord
April 04, 2024
Tweet
Share
More Decks by devNetNoord
See All by devNetNoord
Gebruik je broncode als documentatie voor je stakeholders
devnetnoord
0
29
Efficient and Secure Software Delivery with Azure Deployment Environments and Dev Box
devnetnoord
0
33
Toepassing van AI in de zorg; hype, hoop en haalbaarheid
devnetnoord
0
65
What's new with Azure Bicep?
devnetnoord
0
40
Copilot Beyond the Basics
devnetnoord
0
100
The Blazor Multiverse
devnetnoord
0
89
De Architectuur Odyssee
devnetnoord
0
47
Azure Kubernetes Service Quickstart
devnetnoord
0
54
The Office Copilot
devnetnoord
0
34
Other Decks in Technology
See All in Technology
AI実装による「レビューボトルネック」を解消する仕様駆動開発(SDD)/ ai-sdd-review-bottleneck
rakus_dev
0
130
脳内メモリ、思ったより揮発性だった
koutorino
0
350
Agent ServerはWeb Serverではない。ADKで考えるAgentOps
akiratameto
0
100
楽しく学ぼう!ネットワーク入門
shotashiratori
1
320
Claude Code 2026年 最新アップデート
oikon48
12
9.8k
楽しく学ぼう!ネットワーク入門
shotashiratori
4
3.2k
20260311 ビジネスSWG活動報告(デジタルアイデンティティ人材育成推進WG Ph2 活動報告会)
oidfj
0
310
Dr. Werner Vogelsの14年のキーノートから紐解くエンジニアリング組織への処方箋@JAWS DAYS 2026
p0n
1
130
It’s “Time” to use Temporal
sajikix
1
120
マルチアカウント環境でSecurity Hubの運用!導入の苦労とポイント / JAWS DAYS 2026
genda
0
650
OCI Security サービス 概要
oracle4engineer
PRO
2
13k
Abuse report だけじゃない。AWS から緊急連絡が来る状況とは?昨今の攻撃や被害の事例の紹介と備えておきたい考え方について
kazzpapa3
1
670
Featured
See All Featured
Build The Right Thing And Hit Your Dates
maggiecrowley
39
3.1k
A better future with KSS
kneath
240
18k
Refactoring Trust on Your Teams (GOTO; Chicago 2020)
rmw
35
3.4k
Designing for humans not robots
tammielis
254
26k
Test your architecture with Archunit
thirion
1
2.2k
Heart Work Chapter 1 - Part 1
lfama
PRO
5
35k
Practical Orchestrator
shlominoach
191
11k
技術選定の審美眼(2025年版) / Understanding the Spiral of Technologies 2025 edition
twada
PRO
118
110k
"I'm Feeling Lucky" - Building Great Search Experiences for Today's Users (#IAC19)
danielanewman
231
22k
Between Models and Reality
mayunak
2
230
Sam Torres - BigQuery for SEOs
techseoconnect
PRO
0
220
The Anti-SEO Checklist Checklist. Pubcon Cyber Week
ryanjones
0
92
Transcript
Delegated Access with OAuth Why Developers Should Care Annejan Barelds
Software Architect DevCampNoord April 4th, 2024
Annejan Barelds Software Architect - 4Dotnet Azure – .NET –
Architecture – Consultancy https://www.linkedin.com/in/barelds/ https://github.com/AnnejanBarelds
Delegated Access OAuth 2.0 On-Behalf-Of
2008 Alice Bob Charlie Alice Bob Charlie App ID
2016
2024
App ID Alice Bob Charlie
App ID Alice Bob Charlie App ID App ID ?
?
None
Office 365 The Need for Zero Trust
User Role Group Device Config Location Last Sign-in Conditional access
risk Health/Integrity Client Config Last seen High Medium Low Firewall Intrusion Detection/Prevention Forward/Reverse Proxy Source: IP Address/Port Destination: IP Address/Port Signatures Analytics Allow List Authentication Intranet Resources Actions: • Allow • Allow Restricted • Require MFA • Block • Force Remediation Actions: • Allow • Block Device
User Role Group Device Config Location Last Sign-in Conditional access
risk High Medium Low Intranet Resources Actions: • Allow • Allow Restricted • Require MFA • Block • Force Remediation Actions: • Allow • Block Health/Integrity Client Config Last seen Device Identity Permissions App Identity Permissions API Firewall Intrusion Detection/Prevention Forward/Reverse Proxy Source: IP Address/Port Destination: IP Address/Port Signatures Analytics Allow List Authentication
OK, so we need delegated access. How does it work?
Resource Server Client IdP Resource Owner Data Scopes: - Read
- Write - … Roles: - Owner - Reader App App Required access: - RS/Read AT IT AT SP SP RS/Read openid Consent?
AT AT ? Resource Server Client IdP Resource Owner Data
Scopes: - Read - Write - … Roles: - Owner - Reader App Required access: - RS/Read IT AT SP SP RS/Read openid IdP App AT API Scopes: - Read Required access: - API/Read Required access: - RS/Read App SP AT AT AT API/Read RS/Read
https://www.youtube.com/watch?v=WVNvoiA_ktw John Savill's Technical Training
Demo time
So it’s all rainbows and unicorns?
OAuth On-Behalf-Of is about user context You need user context
for - Autonomy - Auditing - Access checks Microsoft Entra ID takes some getting-used-to MSAL solves the coding part
Thanks!
devnetnoord
rakus_dev
koutorino
akiratameto
shotashiratori
oikon48
.png){kind=avatar}
oidfj
p0n
sajikix
genda
oracle4engineer
kazzpapa3
maggiecrowley
kneath
rmw
tammielis
thirion
lfama
shlominoach
twada
danielanewman
mayunak
techseoconnect
ryanjones
