SlideShare ist ein Scribd-Unternehmen logo

Auth experience - vol 1.0

Haggai Philip Zagury
Haggai Philip Zagury

Authentiaction & Autorization flows

Technologie
1 von 35
Downloaden Sie, um offline zu lesen
AuthExperienc e Modern authentication practices Haggai Philip Zagury | DevOps Group & Tech Lead | 2021
AGENDA Before the Cloud & Web Services The evolution of Authentication systems OAuth2.0 & JWT OAuth2.0 - the server side OIDC - Generic Understanding of Actors OIDC Flows - Behind the Scenes SAML SAML - Behind the Scenes What’s SSO got to do with it ? AuthExpereince
Before the Cloud 1 user per application Onboarding was an issue … Grouping (Scoping)
Before the Cloud 1 user per application Onboarding was an issue … Grouping (Scoping)
Before the Cloud 1 user per application Onboarding was an issue … Grouping (Scoping) 
 Common Solution LDAP -Lightweight Directory Access Protocol Identify the User in the directory, Identi fi cation is Based on the Location in the Directory tree
Before the Cloud 1 user per application Onboarding was an issue … Grouping (Scoping) 
 Common Solution LDAP -Lightweight Directory Access Protocol Identify the User in the directory, Identi fi cation is Based on the Location in the Directory tree Problem Security is internal (we trust our DC,LDAP) Organizations start consuming 3rd party services How do we manage our Customer / Client DB What if I don’t know his ID ? Origin ? 
 (Onboarding Issue all over Again)
Before the Cloud 1 user per application Onboarding was an issue … Grouping (Scoping) 
 Common Solution LDAP -Lightweight Directory Access Protocol Identify the User in the directory, Identi fi cation is Based on the Location in the Directory tree Problem Security is internal (we trust our DC,LDAP) Organizations start consuming 3rd party services How do we manage our Customer / Client DB What if I don’t know his ID ? Origin ? 
 (Onboarding Issue all over Again) SSO - Single Sign On / Use your corporate e-mail
Before the Cloud 1 user per application Onboarding was an issue … Grouping (Scoping) 
 Common Solution LDAP -Lightweight Directory Access Protocol Identify the User in the directory, Identi fi cation is Based on the Location in the Directory tree Problem Security is internal (we trust our DC,LDAP) Organizations start consuming 3rd party services How do we manage our Customer / Client DB What if I don’t know his ID ? Origin ? 
 (Onboarding Issue all over Again) SSO - Single Sign On / Use your corporate e-mail “Social” Login
OAUTH Misconception #1: OAUTH != Auth0 
 Misconception #2: It is used to AUTHORIZE not Identify 
 Purpose: Provide temporary access to your information Method: JWT - Json Web Token AuthExpereince
OAuth2.0 Usage Resource Owner (You!) Standard web login (username / password) Client / Application Authorization Server
OAuth2.0 Usage Resource Owner (You!) Standard web login (username / password) Client / Application Can we please import your contacts Authorization Server
OAuth2.0 Usage Resource Owner (You!) Standard web login (username / password) Client / Application Can we please import your contacts Authorization Server
OAuth2.0 Usage Resource Owner (You!) Client / Application Authorization Server User CONSENT
OAuth2.0 Usage Resource Owner (You!) Client / Application Authorization Server User CONSENT token GRANT
Client / Application ID A way for the identity provider to Identify the Client / Application Client Secret A unique identi fi er of that application ID OAuth2.0 - Behind the scenes zero trust policy
Client / Application ID A way for the identity provider to Identify the Client / Application Client Secret A unique identi fi er of that application ID OAuth2.0 - Behind the scenes zero trust policy Grant A token proving the ID is valid
Client / Application ID A way for the identity provider to Identify the Client / Application Client Secret A unique identi fi er of that application ID OAuth2.0 - Behind the scenes zero trust policy Grant A token proving the ID is valid
Client / Application ID A way for the identity provider to Identify the Client / Application Client Secret A unique identi fi er of that application ID OAuth2.0 - Behind the scenes zero trust policy CONCENT A token proving the ID is valid GRANT Based on the Scope the App/Client ID 
 has permissions to access
OAuth = Authorization (a.k.a access) grants access to a resource ! Identifying the user is the application / client’s job ! grants are provided via token tokens expire ! 
 
 We want to limit the duration / validity of the grant token
The Client Application has no record of the user How he logged in When he logged-in or logged-out 
 
 Only the authorization server u with the resource owner ! OAuth = Authorization (a.k.a access)
OIDC Purpose: Identity & Authentication layer for OAuth Method: 
 1. Dedicated Service Endpoints 2. JWT - Json Web Token AuthExpereince
OIDC FLOWS Purpose: Identity & Authentication layer for OAuth Method: 
 1. Dedicated Service Endpoints 2. JWT - Json Web Token AuthExpereince
Haggai Philip Zagury | DevOps Group & Tech Lead | 2021 OpenID Connect Adding the Identity Layer to OAuth
OpenIDC - OpenID Connect Resource Owner (You!) Endpoints Scopes Claims ID Token
Resource Owner (You!) Client / Application 
 Relaying Party Authorization Server Authorization 
 endpoint 1 2 3 Token 
 endpoint
Subject Issuing Authority Audience Issue Date Expiration Date ID Token
Security Assertion Markup Language
Goal 1 Goal 2 Goal 3 Goal 4
Resource Owner (You!)
Resource Owner (You!) Client / Application Content Server
Authorization Server (IDP) Resource Owner (You!) Client / Application Content Server { Token } { Scopes }
Kiryat Atidim, Building 7 , 3rd Floor POB 5826 9 Tel Aviv 6158102 IsraeL (+972) 3 6488618 info@tikalk.co m
Goal Infographics Marketing is the study and management of exchange relationships. Marketing is the business process of creating relationships with and satisfying customers. To get your company’s name out there, you need to make sure to get your company’s name out there. Goal 1 To get your company’s name out there, you need to make sure to get your company’s name out there. Goal 2 To get your company’s name out there, you need to make sure to get your company’s name. Goal 3 To get your company’s name out there, you need to make sure to get. Goal 4

Empfohlen

Cloud Native Journey in Synchrony Financial
Cloud Native Journey in Synchrony FinancialCloud Native Journey in Synchrony Financial
Cloud Native Journey in Synchrony FinancialVMware Tanzu
 
Stateless Auth using OAUTH2 & JWT
Stateless Auth using OAUTH2 & JWTStateless Auth using OAUTH2 & JWT
Stateless Auth using OAUTH2 & JWTMobiliya
 
OpenID Connect: The new standard for connecting to your Customers, Partners, ...
OpenID Connect: The new standard for connecting to your Customers, Partners, ...OpenID Connect: The new standard for connecting to your Customers, Partners, ...
OpenID Connect: The new standard for connecting to your Customers, Partners, ...Salesforce Developers
 
Mit 2014 introduction to open id connect and o-auth 2
Mit 2014 introduction to open id connect and o-auth 2Mit 2014 introduction to open id connect and o-auth 2
Mit 2014 introduction to open id connect and o-auth 2Justin Richer
 
How Claims is Changing the Way We Authenticate and Authorize in SharePoint
How Claims is Changing the Way We Authenticate and Authorize in SharePointHow Claims is Changing the Way We Authenticate and Authorize in SharePoint
How Claims is Changing the Way We Authenticate and Authorize in SharePointAntonioMaio2
 
CIS14: OAuth and OpenID Connect in Action
CIS14: OAuth and OpenID Connect in ActionCIS14: OAuth and OpenID Connect in Action
CIS14: OAuth and OpenID Connect in ActionCloudIDSummit
 
Understanding Claim based Authentication
Understanding Claim based AuthenticationUnderstanding Claim based Authentication
Understanding Claim based AuthenticationMohammad Yousri
 
End-to-End Identity Management
End-to-End Identity ManagementEnd-to-End Identity Management
End-to-End Identity ManagementWSO2
 

Empfohlen

Cloud Native Journey in Synchrony Financial
Cloud Native Journey in Synchrony FinancialCloud Native Journey in Synchrony Financial
Cloud Native Journey in Synchrony FinancialVMware Tanzu
 
Stateless Auth using OAUTH2 & JWT
Stateless Auth using OAUTH2 & JWTStateless Auth using OAUTH2 & JWT
Stateless Auth using OAUTH2 & JWTMobiliya
 
OpenID Connect: The new standard for connecting to your Customers, Partners, ...
OpenID Connect: The new standard for connecting to your Customers, Partners, ...OpenID Connect: The new standard for connecting to your Customers, Partners, ...
OpenID Connect: The new standard for connecting to your Customers, Partners, ...Salesforce Developers
 
Mit 2014 introduction to open id connect and o-auth 2
Mit 2014 introduction to open id connect and o-auth 2Mit 2014 introduction to open id connect and o-auth 2
Mit 2014 introduction to open id connect and o-auth 2Justin Richer
 
How Claims is Changing the Way We Authenticate and Authorize in SharePoint
How Claims is Changing the Way We Authenticate and Authorize in SharePointHow Claims is Changing the Way We Authenticate and Authorize in SharePoint
How Claims is Changing the Way We Authenticate and Authorize in SharePointAntonioMaio2
 
CIS14: OAuth and OpenID Connect in Action
CIS14: OAuth and OpenID Connect in ActionCIS14: OAuth and OpenID Connect in Action
CIS14: OAuth and OpenID Connect in ActionCloudIDSummit
 
Understanding Claim based Authentication
Understanding Claim based AuthenticationUnderstanding Claim based Authentication
Understanding Claim based AuthenticationMohammad Yousri
 
End-to-End Identity Management
End-to-End Identity ManagementEnd-to-End Identity Management
End-to-End Identity ManagementWSO2
 
Presentation
PresentationPresentation
PresentationLaxman Kumar
 
Developing custom claim providers to enable authorization in share point an...
Developing custom claim providers to enable authorization in share point an...Developing custom claim providers to enable authorization in share point an...
Developing custom claim providers to enable authorization in share point an...AntonioMaio2
 
CIS14: Consolidating Authorization for API and Web SSO using OpenID Connect
CIS14: Consolidating Authorization for API and Web SSO using OpenID ConnectCIS14: Consolidating Authorization for API and Web SSO using OpenID Connect
CIS14: Consolidating Authorization for API and Web SSO using OpenID ConnectCloudIDSummit
 
OpenID Connect and Single Sign-On for Beginners
OpenID Connect and Single Sign-On for BeginnersOpenID Connect and Single Sign-On for Beginners
OpenID Connect and Single Sign-On for BeginnersSalesforce Developers
 
Single Sign On with OAuth and OpenID
Single Sign On with OAuth and OpenIDSingle Sign On with OAuth and OpenID
Single Sign On with OAuth and OpenIDGasperi Jerome
 
Claim based authentaication
Claim based authentaicationClaim based authentaication
Claim based authentaicationSean Xiong
 
WSO2Con USA 2017: Identity and Access Management in the Era of Digital Transf...
WSO2Con USA 2017: Identity and Access Management in the Era of Digital Transf...WSO2Con USA 2017: Identity and Access Management in the Era of Digital Transf...
WSO2Con USA 2017: Identity and Access Management in the Era of Digital Transf...WSO2
 
Integrando Azure AD B2C con Xamarin.Forms
Integrando Azure AD B2C con Xamarin.FormsIntegrando Azure AD B2C con Xamarin.Forms
Integrando Azure AD B2C con Xamarin.FormsCésar Jesús Angulo Gasco
 
Creating a Sign On with Open id connect
Creating a Sign On with Open id connectCreating a Sign On with Open id connect
Creating a Sign On with Open id connectDerek Binkley
 
SharePoint Access Control and Claims Based Authentication
SharePoint Access Control and Claims Based AuthenticationSharePoint Access Control and Claims Based Authentication
SharePoint Access Control and Claims Based AuthenticationJonathan Schultz
 
SSO Strategy Implementation Considerations
SSO Strategy Implementation ConsiderationsSSO Strategy Implementation Considerations
SSO Strategy Implementation ConsiderationsJohn Bauer
 
JDD2015: Security in the era of modern applications and services - Bolesław D...
JDD2015: Security in the era of modern applications and services - Bolesław D...JDD2015: Security in the era of modern applications and services - Bolesław D...
JDD2015: Security in the era of modern applications and services - Bolesław D...PROIDEA
 
OpenID Connect: An Overview
OpenID Connect: An OverviewOpenID Connect: An Overview
OpenID Connect: An OverviewPat Patterson
 
Create a Uniform Login Experience with a Centralized Cloud Authentication Sys...
Create a Uniform Login Experience with a Centralized Cloud Authentication Sys...Create a Uniform Login Experience with a Centralized Cloud Authentication Sys...
Create a Uniform Login Experience with a Centralized Cloud Authentication Sys...Xamarin
 
Authentication through Claims-Based Authentication
Authentication through Claims-Based AuthenticationAuthentication through Claims-Based Authentication
Authentication through Claims-Based Authenticationijtsrd
 
Deciphering 'Claims-based Identity'
Deciphering 'Claims-based Identity'Deciphering 'Claims-based Identity'
Deciphering 'Claims-based Identity'Oliver Pfaff
 
OpenID Connect vs. OpenID 1 & 2
OpenID Connect vs. OpenID 1 & 2OpenID Connect vs. OpenID 1 & 2
OpenID Connect vs. OpenID 1 & 2Mike Schwartz
 
O auth2 with angular js
O auth2 with angular jsO auth2 with angular js
O auth2 with angular jsBixlabs
 
Understanding OpenID
Understanding OpenIDUnderstanding OpenID
Understanding OpenIDPrabath Siriwardena
 
Claims Based Authentication A Beginners Guide
Claims Based Authentication A Beginners GuideClaims Based Authentication A Beginners Guide
Claims Based Authentication A Beginners GuidePhuong Nguyen
 
Stateless Auth using OAuth2 & JWT
Stateless Auth using OAuth2 & JWTStateless Auth using OAuth2 & JWT
Stateless Auth using OAuth2 & JWTGaurav Roy
 
OAuth 2.0 and OpenID Connect
OAuth 2.0 and OpenID ConnectOAuth 2.0 and OpenID Connect
OAuth 2.0 and OpenID ConnectJacob Combs
 

Weitere ähnliche Inhalte

Was ist angesagt?

Developing custom claim providers to enable authorization in share point an...
Developing custom claim providers to enable authorization in share point an...Developing custom claim providers to enable authorization in share point an...
Developing custom claim providers to enable authorization in share point an...AntonioMaio2
 
CIS14: Consolidating Authorization for API and Web SSO using OpenID Connect
CIS14: Consolidating Authorization for API and Web SSO using OpenID ConnectCIS14: Consolidating Authorization for API and Web SSO using OpenID Connect
CIS14: Consolidating Authorization for API and Web SSO using OpenID ConnectCloudIDSummit
 
OpenID Connect and Single Sign-On for Beginners
OpenID Connect and Single Sign-On for BeginnersOpenID Connect and Single Sign-On for Beginners
OpenID Connect and Single Sign-On for BeginnersSalesforce Developers
 
Single Sign On with OAuth and OpenID
Single Sign On with OAuth and OpenIDSingle Sign On with OAuth and OpenID
Single Sign On with OAuth and OpenIDGasperi Jerome
 
Claim based authentaication
Claim based authentaicationClaim based authentaication
Claim based authentaicationSean Xiong
 
WSO2Con USA 2017: Identity and Access Management in the Era of Digital Transf...
WSO2Con USA 2017: Identity and Access Management in the Era of Digital Transf...WSO2Con USA 2017: Identity and Access Management in the Era of Digital Transf...
WSO2Con USA 2017: Identity and Access Management in the Era of Digital Transf...WSO2
 
Creating a Sign On with Open id connect
Creating a Sign On with Open id connectCreating a Sign On with Open id connect
Creating a Sign On with Open id connectDerek Binkley
 
SharePoint Access Control and Claims Based Authentication
SharePoint Access Control and Claims Based AuthenticationSharePoint Access Control and Claims Based Authentication
SharePoint Access Control and Claims Based AuthenticationJonathan Schultz
 
SSO Strategy Implementation Considerations
SSO Strategy Implementation ConsiderationsSSO Strategy Implementation Considerations
SSO Strategy Implementation ConsiderationsJohn Bauer
 
JDD2015: Security in the era of modern applications and services - Bolesław D...
JDD2015: Security in the era of modern applications and services - Bolesław D...JDD2015: Security in the era of modern applications and services - Bolesław D...
JDD2015: Security in the era of modern applications and services - Bolesław D...PROIDEA
 
OpenID Connect: An Overview
OpenID Connect: An OverviewOpenID Connect: An Overview
OpenID Connect: An OverviewPat Patterson
 
Create a Uniform Login Experience with a Centralized Cloud Authentication Sys...
Create a Uniform Login Experience with a Centralized Cloud Authentication Sys...Create a Uniform Login Experience with a Centralized Cloud Authentication Sys...
Create a Uniform Login Experience with a Centralized Cloud Authentication Sys...Xamarin
 
Authentication through Claims-Based Authentication
Authentication through Claims-Based AuthenticationAuthentication through Claims-Based Authentication
Authentication through Claims-Based Authenticationijtsrd
 
Deciphering 'Claims-based Identity'
Deciphering 'Claims-based Identity'Deciphering 'Claims-based Identity'
Deciphering 'Claims-based Identity'Oliver Pfaff
 
OpenID Connect vs. OpenID 1 & 2
OpenID Connect vs. OpenID 1 & 2OpenID Connect vs. OpenID 1 & 2
OpenID Connect vs. OpenID 1 & 2Mike Schwartz
 
O auth2 with angular js
O auth2 with angular jsO auth2 with angular js
O auth2 with angular jsBixlabs
 
Claims Based Authentication A Beginners Guide
Claims Based Authentication A Beginners GuideClaims Based Authentication A Beginners Guide
Claims Based Authentication A Beginners GuidePhuong Nguyen
 

Was ist angesagt? (20)

Presentation
PresentationPresentation
Presentation
 
Developing custom claim providers to enable authorization in share point an...
Developing custom claim providers to enable authorization in share point an...Developing custom claim providers to enable authorization in share point an...
Developing custom claim providers to enable authorization in share point an...
 
CIS14: Consolidating Authorization for API and Web SSO using OpenID Connect
CIS14: Consolidating Authorization for API and Web SSO using OpenID ConnectCIS14: Consolidating Authorization for API and Web SSO using OpenID Connect
CIS14: Consolidating Authorization for API and Web SSO using OpenID Connect
 
OpenID Connect and Single Sign-On for Beginners
OpenID Connect and Single Sign-On for BeginnersOpenID Connect and Single Sign-On for Beginners
OpenID Connect and Single Sign-On for Beginners
 
Single Sign On with OAuth and OpenID
Single Sign On with OAuth and OpenIDSingle Sign On with OAuth and OpenID
Single Sign On with OAuth and OpenID
 
Claim based authentaication
Claim based authentaicationClaim based authentaication
Claim based authentaication
 
WSO2Con USA 2017: Identity and Access Management in the Era of Digital Transf...
WSO2Con USA 2017: Identity and Access Management in the Era of Digital Transf...WSO2Con USA 2017: Identity and Access Management in the Era of Digital Transf...
WSO2Con USA 2017: Identity and Access Management in the Era of Digital Transf...
 
Integrando Azure AD B2C con Xamarin.Forms
Integrando Azure AD B2C con Xamarin.FormsIntegrando Azure AD B2C con Xamarin.Forms
Integrando Azure AD B2C con Xamarin.Forms
 
Creating a Sign On with Open id connect
Creating a Sign On with Open id connectCreating a Sign On with Open id connect
Creating a Sign On with Open id connect
 
SharePoint Access Control and Claims Based Authentication
SharePoint Access Control and Claims Based AuthenticationSharePoint Access Control and Claims Based Authentication
SharePoint Access Control and Claims Based Authentication
 
SSO Strategy Implementation Considerations
SSO Strategy Implementation ConsiderationsSSO Strategy Implementation Considerations
SSO Strategy Implementation Considerations
 
JDD2015: Security in the era of modern applications and services - Bolesław D...
JDD2015: Security in the era of modern applications and services - Bolesław D...JDD2015: Security in the era of modern applications and services - Bolesław D...
JDD2015: Security in the era of modern applications and services - Bolesław D...
 
OpenID Connect: An Overview
OpenID Connect: An OverviewOpenID Connect: An Overview
OpenID Connect: An Overview
 
Create a Uniform Login Experience with a Centralized Cloud Authentication Sys...
Create a Uniform Login Experience with a Centralized Cloud Authentication Sys...Create a Uniform Login Experience with a Centralized Cloud Authentication Sys...
Create a Uniform Login Experience with a Centralized Cloud Authentication Sys...
 
Authentication through Claims-Based Authentication
Authentication through Claims-Based AuthenticationAuthentication through Claims-Based Authentication
Authentication through Claims-Based Authentication
 
Deciphering 'Claims-based Identity'
Deciphering 'Claims-based Identity'Deciphering 'Claims-based Identity'
Deciphering 'Claims-based Identity'
 
OpenID Connect vs. OpenID 1 & 2
OpenID Connect vs. OpenID 1 & 2OpenID Connect vs. OpenID 1 & 2
OpenID Connect vs. OpenID 1 & 2
 
O auth2 with angular js
O auth2 with angular jsO auth2 with angular js
O auth2 with angular js
 
Understanding OpenID
Understanding OpenIDUnderstanding OpenID
Understanding OpenID
 
Claims Based Authentication A Beginners Guide
Claims Based Authentication A Beginners GuideClaims Based Authentication A Beginners Guide
Claims Based Authentication A Beginners Guide
 

Ähnlich wie Auth experience - vol 1.0

Stateless Auth using OAuth2 & JWT
Stateless Auth using OAuth2 & JWTStateless Auth using OAuth2 & JWT
Stateless Auth using OAuth2 & JWTGaurav Roy
 
OAuth 2.0 and OpenID Connect
OAuth 2.0 and OpenID ConnectOAuth 2.0 and OpenID Connect
OAuth 2.0 and OpenID ConnectJacob Combs
 
CIS13: Taking the Hyperspace Bypass: Controlling User Access to Other Worlds
CIS13: Taking the Hyperspace Bypass: Controlling User Access to Other WorldsCIS13: Taking the Hyperspace Bypass: Controlling User Access to Other Worlds
CIS13: Taking the Hyperspace Bypass: Controlling User Access to Other WorldsCloudIDSummit
 
OAuth with Salesforce - Demystified
OAuth with Salesforce - DemystifiedOAuth with Salesforce - Demystified
OAuth with Salesforce - DemystifiedCalvin Noronha
 
Identity Federation on JBossAS
Identity Federation on JBossASIdentity Federation on JBossAS
Identity Federation on JBossASRoger CARHUATOCTO
 
Single-Page-Application & REST security
Single-Page-Application & REST securitySingle-Page-Application & REST security
Single-Page-Application & REST securityIgor Bossenko
 
OAuth in the Real World featuring Webshell
OAuth in the Real World featuring WebshellOAuth in the Real World featuring Webshell
OAuth in the Real World featuring WebshellCA API Management
 
[WSO2Con EU 2018] Identity APIs is the New Black
[WSO2Con EU 2018] Identity APIs is the New Black[WSO2Con EU 2018] Identity APIs is the New Black
[WSO2Con EU 2018] Identity APIs is the New BlackWSO2
 
Demystifying OAuth 2.0
Demystifying OAuth 2.0Demystifying OAuth 2.0
Demystifying OAuth 2.0Yury Roa
 
Demystifying SAML 2.0,Oauth 2.0, OpenID Connect
Demystifying SAML 2.0,Oauth 2.0, OpenID ConnectDemystifying SAML 2.0,Oauth 2.0, OpenID Connect
Demystifying SAML 2.0,Oauth 2.0, OpenID ConnectVinay Manglani
 
SPCA2013 - It’s Me, and Here’s My ProofIdentity & Authentication in SharePoin...
SPCA2013 - It’s Me, and Here’s My ProofIdentity & Authentication in SharePoin...SPCA2013 - It’s Me, and Here’s My ProofIdentity & Authentication in SharePoin...
SPCA2013 - It’s Me, and Here’s My ProofIdentity & Authentication in SharePoin...NCCOMMS
 
Oauth2 and OWSM OAuth2 support
Oauth2 and OWSM OAuth2 supportOauth2 and OWSM OAuth2 support
Oauth2 and OWSM OAuth2 supportGaurav Sharma
 
OAuth 2.0 - The fundamentals, the good , the bad, technical primer and commo...
OAuth 2.0 - The fundamentals, the good , the bad, technical primer and commo...OAuth 2.0 - The fundamentals, the good , the bad, technical primer and commo...
OAuth 2.0 - The fundamentals, the good , the bad, technical primer and commo...Good Dog Labs, Inc.
 
[WSO2Con USA 2018] Identity APIs is the New Black
[WSO2Con USA 2018] Identity APIs is the New Black[WSO2Con USA 2018] Identity APIs is the New Black
[WSO2Con USA 2018] Identity APIs is the New BlackWSO2
 
When and Why Would I use Oauth2?
When and Why Would I use Oauth2?When and Why Would I use Oauth2?
When and Why Would I use Oauth2?Dave Syer
 
Intro to OAuth2 and OpenID Connect
Intro to OAuth2 and OpenID ConnectIntro to OAuth2 and OpenID Connect
Intro to OAuth2 and OpenID ConnectLiamWadman
 

Ähnlich wie Auth experience - vol 1.0 (20)

Stateless Auth using OAuth2 & JWT
Stateless Auth using OAuth2 & JWTStateless Auth using OAuth2 & JWT
Stateless Auth using OAuth2 & JWT
 
OAuth 2.0 and OpenID Connect
OAuth 2.0 and OpenID ConnectOAuth 2.0 and OpenID Connect
OAuth 2.0 and OpenID Connect
 
CIS13: Taking the Hyperspace Bypass: Controlling User Access to Other Worlds
CIS13: Taking the Hyperspace Bypass: Controlling User Access to Other WorldsCIS13: Taking the Hyperspace Bypass: Controlling User Access to Other Worlds
CIS13: Taking the Hyperspace Bypass: Controlling User Access to Other Worlds
 
OAuth with Salesforce - Demystified
OAuth with Salesforce - DemystifiedOAuth with Salesforce - Demystified
OAuth with Salesforce - Demystified
 
Identity Federation on JBossAS
Identity Federation on JBossASIdentity Federation on JBossAS
Identity Federation on JBossAS
 
Single-Page-Application & REST security
Single-Page-Application & REST securitySingle-Page-Application & REST security
Single-Page-Application & REST security
 
OAuth in the Real World featuring Webshell
OAuth in the Real World featuring WebshellOAuth in the Real World featuring Webshell
OAuth in the Real World featuring Webshell
 
OAuth
OAuthOAuth
OAuth
 
[WSO2Con EU 2018] Identity APIs is the New Black
[WSO2Con EU 2018] Identity APIs is the New Black[WSO2Con EU 2018] Identity APIs is the New Black
[WSO2Con EU 2018] Identity APIs is the New Black
 
Demystifying OAuth 2.0
Demystifying OAuth 2.0Demystifying OAuth 2.0
Demystifying OAuth 2.0
 
Demystifying SAML 2.0,Oauth 2.0, OpenID Connect
Demystifying SAML 2.0,Oauth 2.0, OpenID ConnectDemystifying SAML 2.0,Oauth 2.0, OpenID Connect
Demystifying SAML 2.0,Oauth 2.0, OpenID Connect
 
API Security with OAuth2.0.
API Security with OAuth2.0.API Security with OAuth2.0.
API Security with OAuth2.0.
 
SPCA2013 - It’s Me, and Here’s My ProofIdentity & Authentication in SharePoin...
SPCA2013 - It’s Me, and Here’s My ProofIdentity & Authentication in SharePoin...SPCA2013 - It’s Me, and Here’s My ProofIdentity & Authentication in SharePoin...
SPCA2013 - It’s Me, and Here’s My ProofIdentity & Authentication in SharePoin...
 
OAuth 2
OAuth 2OAuth 2
OAuth 2
 
Oauth2 and OWSM OAuth2 support
Oauth2 and OWSM OAuth2 supportOauth2 and OWSM OAuth2 support
Oauth2 and OWSM OAuth2 support
 
OAuth 2.0 - The fundamentals, the good , the bad, technical primer and commo...
OAuth 2.0 - The fundamentals, the good , the bad, technical primer and commo...OAuth 2.0 - The fundamentals, the good , the bad, technical primer and commo...
OAuth 2.0 - The fundamentals, the good , the bad, technical primer and commo...
 
Introduction to OAuth2.0
Introduction to OAuth2.0Introduction to OAuth2.0
Introduction to OAuth2.0
 
[WSO2Con USA 2018] Identity APIs is the New Black
[WSO2Con USA 2018] Identity APIs is the New Black[WSO2Con USA 2018] Identity APIs is the New Black
[WSO2Con USA 2018] Identity APIs is the New Black
 
When and Why Would I use Oauth2?
When and Why Would I use Oauth2?When and Why Would I use Oauth2?
When and Why Would I use Oauth2?
 
Intro to OAuth2 and OpenID Connect
Intro to OAuth2 and OpenID ConnectIntro to OAuth2 and OpenID Connect
Intro to OAuth2 and OpenID Connect
 

Mehr von Haggai Philip Zagury

DevOpsDays Tel Aviv DEC 2022 | Building A Cloud-Native Platform Brick by Bric...
DevOpsDays Tel Aviv DEC 2022 | Building A Cloud-Native Platform Brick by Bric...DevOpsDays Tel Aviv DEC 2022 | Building A Cloud-Native Platform Brick by Bric...
DevOpsDays Tel Aviv DEC 2022 | Building A Cloud-Native Platform Brick by Bric...Haggai Philip Zagury
 
Kube Security Shifting left | Scanners & OPA
Kube Security Shifting left | Scanners & OPAKube Security Shifting left | Scanners & OPA
Kube Security Shifting left | Scanners & OPAHaggai Philip Zagury
 
TechRadarCon 2022 | Have you built your platform yet ?
TechRadarCon 2022 | Have you built your platform yet ?TechRadarCon 2022 | Have you built your platform yet ?
TechRadarCon 2022 | Have you built your platform yet ?Haggai Philip Zagury
 
DevEx | there’s no place like k3s
DevEx | there’s no place like k3sDevEx | there’s no place like k3s
DevEx | there’s no place like k3sHaggai Philip Zagury
 
Git ops & Continuous Infrastructure with terra*
Git ops & Continuous Infrastructure with terra*Git ops & Continuous Infrastructure with terra*
Git ops & Continuous Infrastructure with terra*Haggai Philip Zagury
 
The 2nd half. Scaling to the next^2
The 2nd half. Scaling to the next^2The 2nd half. Scaling to the next^2
The 2nd half. Scaling to the next^2Haggai Philip Zagury
 
Deep Learning - Continuous Operations
Deep Learning - Continuous Operations Deep Learning - Continuous Operations
Deep Learning - Continuous Operations Haggai Philip Zagury
 
Machine Learning - Continuous operations
Machine Learning - Continuous operationsMachine Learning - Continuous operations
Machine Learning - Continuous operationsHaggai Philip Zagury
 
Modern Monitoring [ with Prometheus ]
Modern Monitoring [ with Prometheus ]Modern Monitoring [ with Prometheus ]
Modern Monitoring [ with Prometheus ]Haggai Philip Zagury
 

Mehr von Haggai Philip Zagury (20)

DevOpsDays Tel Aviv DEC 2022 | Building A Cloud-Native Platform Brick by Bric...
DevOpsDays Tel Aviv DEC 2022 | Building A Cloud-Native Platform Brick by Bric...DevOpsDays Tel Aviv DEC 2022 | Building A Cloud-Native Platform Brick by Bric...
DevOpsDays Tel Aviv DEC 2022 | Building A Cloud-Native Platform Brick by Bric...
 
Kube Security Shifting left | Scanners & OPA
Kube Security Shifting left | Scanners & OPAKube Security Shifting left | Scanners & OPA
Kube Security Shifting left | Scanners & OPA
 
TechRadarCon 2022 | Have you built your platform yet ?
TechRadarCon 2022 | Have you built your platform yet ?TechRadarCon 2022 | Have you built your platform yet ?
TechRadarCon 2022 | Have you built your platform yet ?
 
Gitlab, GitOps & ArgoCD
Gitlab, GitOps & ArgoCDGitlab, GitOps & ArgoCD
Gitlab, GitOps & ArgoCD
 
DevEx | there’s no place like k3s
DevEx | there’s no place like k3sDevEx | there’s no place like k3s
DevEx | there’s no place like k3s
 
Git ops & Continuous Infrastructure with terra*
Git ops & Continuous Infrastructure with terra*Git ops & Continuous Infrastructure with terra*
Git ops & Continuous Infrastructure with terra*
 
Linux intro
Linux introLinux intro
Linux intro
 
Auth experience
Auth experienceAuth experience
Auth experience
 
Kubexperience intro session
Kubexperience intro sessionKubexperience intro session
Kubexperience intro session
 
Scaling i/o bound Microservices
Scaling i/o bound MicroservicesScaling i/o bound Microservices
Scaling i/o bound Microservices
 
The 2nd half. Scaling to the next^2
The 2nd half. Scaling to the next^2The 2nd half. Scaling to the next^2
The 2nd half. Scaling to the next^2
 
Terraform 101
Terraform 101Terraform 101
Terraform 101
 
Chaos is a ladder !
Chaos is a ladder !Chaos is a ladder !
Chaos is a ladder !
 
Natively clouded Journey
Natively clouded JourneyNatively clouded Journey
Natively clouded Journey
 
Deep Learning - Continuous Operations
Deep Learning - Continuous Operations Deep Learning - Continuous Operations
Deep Learning - Continuous Operations
 
Terraform 101
Terraform 101Terraform 101
Terraform 101
 
Helm intro
Helm introHelm intro
Helm intro
 
Machine Learning - Continuous operations
Machine Learning - Continuous operationsMachine Learning - Continuous operations
Machine Learning - Continuous operations
 
Whats all the FaaS About
Whats all the FaaS AboutWhats all the FaaS About
Whats all the FaaS About
 
Modern Monitoring [ with Prometheus ]
Modern Monitoring [ with Prometheus ]Modern Monitoring [ with Prometheus ]
Modern Monitoring [ with Prometheus ]
 

Kürzlich hochgeladen

[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsRoshan Dwivedi
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 

Kürzlich hochgeladen (20)

[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 

Auth experience - vol 1.0

  • 1. AuthExperienc e Modern authentication practices Haggai Philip Zagury | DevOps Group & Tech Lead | 2021
  • 2. AGENDA Before the Cloud & Web Services The evolution of Authentication systems OAuth2.0 & JWT OAuth2.0 - the server side OIDC - Generic Understanding of Actors OIDC Flows - Behind the Scenes SAML SAML - Behind the Scenes What’s SSO got to do with it ? AuthExpereince
  • 3. Before the Cloud 1 user per application Onboarding was an issue … Grouping (Scoping)
  • 4. Before the Cloud 1 user per application Onboarding was an issue … Grouping (Scoping)
  • 5. Before the Cloud 1 user per application Onboarding was an issue … Grouping (Scoping) 
 Common Solution LDAP -Lightweight Directory Access Protocol Identify the User in the directory, Identi fi cation is Based on the Location in the Directory tree
  • 6. Before the Cloud 1 user per application Onboarding was an issue … Grouping (Scoping) 
 Common Solution LDAP -Lightweight Directory Access Protocol Identify the User in the directory, Identi fi cation is Based on the Location in the Directory tree Problem Security is internal (we trust our DC,LDAP) Organizations start consuming 3rd party services How do we manage our Customer / Client DB What if I don’t know his ID ? Origin ? 
 (Onboarding Issue all over Again)
  • 7. Before the Cloud 1 user per application Onboarding was an issue … Grouping (Scoping) 
 Common Solution LDAP -Lightweight Directory Access Protocol Identify the User in the directory, Identi fi cation is Based on the Location in the Directory tree Problem Security is internal (we trust our DC,LDAP) Organizations start consuming 3rd party services How do we manage our Customer / Client DB What if I don’t know his ID ? Origin ? 
 (Onboarding Issue all over Again) SSO - Single Sign On / Use your corporate e-mail
  • 8. Before the Cloud 1 user per application Onboarding was an issue … Grouping (Scoping) 
 Common Solution LDAP -Lightweight Directory Access Protocol Identify the User in the directory, Identi fi cation is Based on the Location in the Directory tree Problem Security is internal (we trust our DC,LDAP) Organizations start consuming 3rd party services How do we manage our Customer / Client DB What if I don’t know his ID ? Origin ? 
 (Onboarding Issue all over Again) SSO - Single Sign On / Use your corporate e-mail “Social” Login
  • 9. OAUTH Misconception #1: OAUTH != Auth0 
 Misconception #2: It is used to AUTHORIZE not Identify 
 Purpose: Provide temporary access to your information Method: JWT - Json Web Token AuthExpereince
  • 10. OAuth2.0 Usage Resource Owner (You!) Standard web login (username / password) Client / Application Authorization Server
  • 11. OAuth2.0 Usage Resource Owner (You!) Standard web login (username / password) Client / Application Can we please import your contacts Authorization Server
  • 12. OAuth2.0 Usage Resource Owner (You!) Standard web login (username / password) Client / Application Can we please import your contacts Authorization Server
  • 13. OAuth2.0 Usage Resource Owner (You!) Client / Application Authorization Server User CONSENT
  • 14. OAuth2.0 Usage Resource Owner (You!) Client / Application Authorization Server User CONSENT token GRANT
  • 15. Client / Application ID A way for the identity provider to Identify the Client / Application Client Secret A unique identi fi er of that application ID OAuth2.0 - Behind the scenes zero trust policy
  • 16. Client / Application ID A way for the identity provider to Identify the Client / Application Client Secret A unique identi fi er of that application ID OAuth2.0 - Behind the scenes zero trust policy Grant A token proving the ID is valid
  • 17. Client / Application ID A way for the identity provider to Identify the Client / Application Client Secret A unique identi fi er of that application ID OAuth2.0 - Behind the scenes zero trust policy Grant A token proving the ID is valid
  • 18. Client / Application ID A way for the identity provider to Identify the Client / Application Client Secret A unique identi fi er of that application ID OAuth2.0 - Behind the scenes zero trust policy CONCENT A token proving the ID is valid GRANT Based on the Scope the App/Client ID 
 has permissions to access
  • 19. OAuth = Authorization (a.k.a access) grants access to a resource ! Identifying the user is the application / client’s job ! grants are provided via token tokens expire ! 
 
 We want to limit the duration / validity of the grant token
  • 20. The Client Application has no record of the user How he logged in When he logged-in or logged-out 
 
 Only the authorization server u with the resource owner ! OAuth = Authorization (a.k.a access)
  • 21. OIDC Purpose: Identity & Authentication layer for OAuth Method: 
 1. Dedicated Service Endpoints 2. JWT - Json Web Token AuthExpereince
  • 22. OIDC FLOWS Purpose: Identity & Authentication layer for OAuth Method: 
 1. Dedicated Service Endpoints 2. JWT - Json Web Token AuthExpereince
  • 23. Haggai Philip Zagury | DevOps Group & Tech Lead | 2021 OpenID Connect Adding the Identity Layer to OAuth
  • 24. OpenIDC - OpenID Connect Resource Owner (You!) Endpoints Scopes Claims ID Token
  • 25. Resource Owner (You!) Client / Application 
 Relaying Party Authorization Server Authorization 
 endpoint 1 2 3 Token 
 endpoint
  • 28.
  • 29. Goal 1 Goal 2 Goal 3 Goal 4
  • 30.
  • 32. Resource Owner (You!) Client / Application Content Server
  • 33. Authorization Server (IDP) Resource Owner (You!) Client / Application Content Server { Token } { Scopes }
  • 34. Kiryat Atidim, Building 7 , 3rd Floor POB 5826 9 Tel Aviv 6158102 IsraeL (+972) 3 6488618 info@tikalk.co m
  • 35. Goal Infographics Marketing is the study and management of exchange relationships. Marketing is the business process of creating relationships with and satisfying customers. To get your company’s name out there, you need to make sure to get your company’s name out there. Goal 1 To get your company’s name out there, you need to make sure to get your company’s name out there. Goal 2 To get your company’s name out there, you need to make sure to get your company’s name. Goal 3 To get your company’s name out there, you need to make sure to get. Goal 4