Demystifying OAuth, JWTs and Azure AD - Graeme Foster - NDC Oslo 2023
Vložit
- čas přidán 26. 06. 2023
- OIDC and OAuth2 have been the goto for authentication and authorisation Azure Active Directory for years now. But when things start to go wrong, it can all become a bit of a black-box with no obvious place to look for help.
In this live-code session I will uncover some common errors I see when setting up applications to work with AAD, and dive that next level down to give you an understanding of why they occur, and how to fix them.
By the end of the session you'll understand
- What an AAD Application is,
- What an AAD Service Principal is,
- MSAL vs ADAL
- The difference between AAD V1 and V2 endpoints
- How AAD represents OAuth2 scopes,
- Why scopes aren't permissions, and how roles can help
Check out our new channel:
NDC Clips:
@ndcclips
Check out more of our featured speakers and talks at
ndcconferences.com/
ndcoslo.com/ - Věda a technologie
Great talk, Perth blokes are the best!!
Awesome talk! Really good into how AAD OAuth2 works and funny demo with Sanata. Good advice on using roles instead of groups.
16:51 is when the talk starts after the tech issues were solved
Thanks.
Excellent talk. As for nested groups, do you think in a Zero Trust world, they are a good idea? We see in AD that groups make it easy to over privilege a colleague. Maybe a flat authorization role is not a bad idea? 🤷 Thanks again. I learned a lot!
Hello,
That was awesome talk. If it is possible to share demo source code? Thanks
15min in still not started