Demystifying OAuth, JWTs and Azure AD - Graeme Foster - NDC Oslo 2023

Ғылым және технология

OIDC and OAuth2 have been the goto for authentication and authorisation Azure Active Directory for years now. But when things start to go wrong, it can all become a bit of a black-box with no obvious place to look for help.
In this live-code session I will uncover some common errors I see when setting up applications to work with AAD, and dive that next level down to give you an understanding of why they occur, and how to fix them.
By the end of the session you'll understand
- What an AAD Application is,
- What an AAD Service Principal is,
- MSAL vs ADAL
- The difference between AAD V1 and V2 endpoints
- How AAD represents OAuth2 scopes,
- Why scopes aren't permissions, and how roles can help
Check out our new channel:
NDC Clips:
‪@ndcclips‬
Check out more of our featured speakers and talks at
ndcconferences.com/
ndcoslo.com/

Пікірлер: 7

  • @pbible
    @pbible11 ай бұрын

    Great talk, Perth blokes are the best!!

  • @DmytroZharii
    @DmytroZharii Жыл бұрын

    Awesome talk! Really good into how AAD OAuth2 works and funny demo with Sanata. Good advice on using roles instead of groups. 16:51 is when the talk starts after the tech issues were solved

  • Жыл бұрын

    Thanks.

  • @mwonsil
    @mwonsil Жыл бұрын

    Excellent talk. As for nested groups, do you think in a Zero Trust world, they are a good idea? We see in AD that groups make it easy to over privilege a colleague. Maybe a flat authorization role is not a bad idea? 🤷 Thanks again. I learned a lot!

  • @hayriozler
    @hayriozler Жыл бұрын

    Hello, That was awesome talk. If it is possible to share demo source code? Thanks

  • @softwareengineer8711
    @softwareengineer8711 Жыл бұрын

    15min in still not started

Келесі