Upgrade to Pro — share decks privately, control downloads, hide ads and more …

OAuth Démystifié

Sébastien Stormacq - AWS Developer Advocate
November 09, 2021
Technology
0
82

OAuth Démystifié

Title : OAuth démystifié!
Abstract : Vous vous sentez perdu entre les Implicit Grant et Code Grant ? Vous ne comprenez jamais la différence entre OAuth et OpenID Connect ? Comment votre Active Directory d'entreprise se positionne dans ce schéma ? Dans ce talk, je démystifie la fédération d'identités et vous expliquerez les flux d'authentification de OAuth. Je vous ferai une démo concrète de la configuration et la programmation d'un serveur d'identité pour distribuer des tokens JWT.

Sébastien Stormacq - AWS Developer Advocate

November 09, 2021
Tweet

More Decks by Sébastien Stormacq - AWS Developer Advocate

See All by Sébastien Stormacq - AWS Developer Advocate
Offline storage & automatic data synchronization for your web and mobile applications
sebsto
0
84
Getting Started on AWS
sebsto
0
150
Deployment pipelines for your iOS / tvOS apps with Amazon EC2 Mac Instances
sebsto
0
1.7k
Server Side Serverless in Swift
sebsto
0
63
Resiliency and Availability Design Patterns for the Cloud
sebsto
1
180
Amazon TimeStream 101
sebsto
0
35
Build conversational interfaces for your customers
sebsto
0
68
Amplify your web and mobile apps development. Full stack, cloud-powered.
sebsto
0
120
Une introduction à AWS pour les développeurs
sebsto
0
200

Other Decks in Technology

See All in Technology
Garoon 開発チーム / Garoon development team
cybozuinsideout
PRO
1
2.8k
Kubernetesでアプリの安定稼働と高頻度のアップデートを両立するためのプラクティス / Best Practices for Applications on Kubernetes to Achieve Both Frequent Updates and Stability
hhiroshell
10
2.9k
疲弊しない!AWSセキュリティ統制の考え方 #devio_osakaday1
masahirokawahara
6
5.6k
PHPカンファレンス小田原2024
ysknsid25
2
620
Head toward Java 22 and Java 23
lycorptech_jp
PRO
1
140
The CloudCompare project by Dr. Daniel Girardeau-Montaut
kentaitakura
0
380
0→1開発における技術選定において一番大切なこと
bicstone
1
300
デザインシステム基盤構築実践
leveragestech
0
330
Discord とビルダー&チャットボットの使い方 / How to use Discord and Builder & Chatbots
ks91
PRO
0
130
Autonomous Database Cloud 技術詳細 / adb-s_technical_detail_jp
oracle4engineer
PRO
13
35k
Exadata Database Service on Dedicated Infrastructure(ExaDB-D) UI スクリーン・キャプチャ集
oracle4engineer
PRO
1
1.4k
OpenTelemetry を使ったトレースエグザンプラーの活用 / otel-trace-exemplar
k6s4i53rx
2
560

Featured

See All Featured
Intergalactic Javascript Robots from Outer Space
tanoku
266
26k
Templates, Plugins, & Blocks: Oh My! Creating the theme that thinks of everything
marktimemedia
18
1.7k
Let's Do A Bunch of Simple Stuff to Make Websites Faster
chriscoyier
501
140k
Scaling GitHub
holman
457
140k
How to Create Impact in a Changing Tech Landscape [PerfNow 2023]
tammyeverts
13
1.5k
Fireside Chat
paigeccino
19
2.6k
The Illustrated Children's Guide to Kubernetes
chrisshort
28
46k
ParisWeb 2013: Learning to Love: Crash Course in Emotional UX Design
dotmariusz
103
6.6k
The Power of CSS Pseudo Elements
geoffreycrofte
58
5k
Java REST API Framework Comparison - PWX 2021
mraible
PRO
18
6.9k
Happy Clients
brianwarren
91
6.4k
Designing with Data
zakiwarfel
95
4.8k

Transcript

  1. OAuth démystifié ! Sébastien Stormacq, AWS Developer Advocate @sebsto

  2. Congrats ! Your app launched !" # $ % &

  3. None

  4. userid firstname lastmail email password sebsto Sébastien Stormacq [email protected] FA34BD7543E…

    natalia Natalia Arbelaez [email protected] AA6FC2984AB…

  5. What possibly can go wrong ? '()

  6. From 50 to 50.000.000 users *+,*+,*+,*+,*+,*+,*+,

  7. http://blog.interactiveschools.com/blog/50-million-users-how-long-does-it-take-tech-to-reach-this-milestone

  8. None
  9. None
  10. None
  11. None

  12. [email protected]

  13. None
  14. None

  15. Developers build features !"#

  16. DO NOT ⛔ Build your own identity system Store user

    credentials

  17. Identification Authentication Authorisation

  18. OAuth OpenID Connect

  19. Managed OAuth Service

  20. Amazon Cognito Managed identities in the ☁ Managed user directory

    Signin with existing identities (federation) Customised hosted UI or SDK AWS credentials and access control OpenID Connect and Oauth 2

  21. Amazon Cognito Managed identities in the ☁

  22. OpenID Connect and OAuth Flows

  23. Implicit Grant

  24. User User Client App (browser, mobile app, app server) Auth

    Service Authorization & Identity Server Resource Server (API) Client App (browser, mobile app, app server) Auth Service Authorization & Identity Server Resource Server (API) authenticate click login with XXX. ? state = 987 & redirect_uri = auth Service & client_id = 123 & scope = email & response = token enter credentials verify credentials redirect to redirect_uri ? state = 987 & token = abc & token_type = bearer access API get access token Invoke API (authorization : access_token) securely store token

  25. Code Grant

  26. User User Client App (browser, mobile app, app server) Auth

    Service Authorization & Identity Server Resource Server (API) Client App (browser, mobile app, app server) Auth Service Authorization & Identity Server Resource Server (API) authenticate click login with XXX. ? state = 987 & redirect_uri = auth Service & client_id = 123 & scope = email & response = code enter credentials verify credentials redirect to redirect_uri ? code = abc & state = 987 get_token ? client_id = 123 & code = abc (authorization = base64(client_id:client-secret ) return id, access & refresh tokens securely store tokens access API get access token Invoke API (authorization : access_token) (optional) refresh tokens

  27. Demo

  28. Thank you ! @sebsto /sebsto /sebsto /sebAWS Sébastien Stormacq