SlideShare ist ein Scribd-Unternehmen logo

How to authenticate users in your apps using FI-WARE Account - Introduction

J
Javier Cerviño

In this course you will learn to: Use FI-WARE Account to create users, organizations and register your Applications. Authenticate users in your apps with their credentials on FI-WARE using OAuth 2.0. They’ll securely access resources thanks to authorization in FI-WARE Account.

Technologie
1 von 24
Downloaden Sie, um offline zu lesen
How to authenticate users in your apps using FI-WARE Account In this course you will learn to: § Use FI-WARE Account to create users, organizations and register your Applications. § Authenticate users in your apps with their credentials on FI-WARE using OAuth 2.0. They’ll securely access resources thanks to authorization in FI-WARE Account. 1
Content 1. Introduction. Introduction to FI-WARE Account and OAuth 2.0. We’ll see key concepts and topics. 2. First steps in FI-WARE Account. Register on FI-WARE Account, create organizations and manage roles of users in your organizations. 3. Secure your web applications using OAuth 2.0. Secure your own web applications to authenticate your users with their username and password in FI-WARE Account. 4. Authenticate your users from native applications using OAuth 2.0. Adapt your native applications to authenticate your users with their username and password in FI-WARE Account. 5. Developing secured APIs using OAuth 2.0. Deploy a FI-WARE PEP Security Proxy in front of your backend to secure requests to your APIs. 6. Authorizing access to protected resources. Create roles in your applications to allow or deny access of users to protected resources. 2
Identity Management 3
Identity Management in FI-WARE 4
Identity Management in FI-WARE §  Management of users, their authentication and authorization, and privileges within organizations. §  Resources used: •  Users •  Organizations •  Roles •  Applications §  Users register themselves, create organizations, and assign roles into these organizations. §  It enables applications to access user’s protected information. •  Trusted environment •  OAuth 2.0 standard §  http://oauth.net/2/ •  PHP, Cocoa, iOS, Java, Ruby, Javascript, Python. 5
OAuth 2.0 6
OAuth 2.0 7
OAuth 2.0 §  Mechanism to provide applications access to restricted resources without sharing credentials. §  Applications use access tokens, issued by OAuth providers (e.g. FI-WARE), to access resources. §  OAuth 2.0 specification is designed for use with HTTP. §  Roles: •  Resource Owner: Entity capable of granting access to a protected resource (e.g. end-user) •  Resource Server: Server hosting protected resources. •  Client: Application making protected resource requests on behalf of the resource owner. •  Authorization Server: The server issuing access tokens to the client. 8
OAuth 2.0 Architecture 9
OAuth 2.0 Architecture Authorization Code Grant 6. Response code + myservice.com credentials 7. Ok, this is the Access Token 8. Access user’s resources with Access Token OAuth consumer myservice.com OAuth provider account.lab.fi-ware.org 10
OAuth 2.0 Architecture Implicit Grant 6. Access user’s resources with Access Token OAuth consumer myservice.com OAuth provider account.lab.fi-ware.org 11
OAuth 2.0 Arch. Resource Owner Password Credentials Grant 2. Give access with myservice.com credentials and user’s password credentials 3. OK, this is the access token OAuth consumer myservice.com 4. Access user’s resources with Access Token 12 OAuth provider account.lab.fi-ware.org
OAuth 2.0 Architecture Client Credentials Grant 1. Client authentication with myservice.com credentials 2. OK, this is the access token OAuth consumer myservice.com 3. Access myservice.com resources with Access Token 13 OAuth provider account.lab.fi-ware.org
Using the Access Token 14
Using the Access Token FI-WARE Resource Providers GET /user?access_token=access_token Access protected user info with Access Token OAuth consumer myservice.com OAuth provider account.lab.fi-ware.org Acce ss p rotec ted r e sour ces GET https://ge_url HTTP/1.1 Host: GE_hostname Authorization: Bearer access_token with Acce ss T oken Generic Enablers *.fi-ware.org 15
Using the Access Token Third-Party Resource Providers GET https://protected_url HTTP/1.1 Host: GE_hostname Authorization: Bearer access_token Access protected user info with Access Token OAuth consumer myservice.com PEP Proxy Unsecured Resource Provider 16
Using the Access Token Cloud Hosting I GET /user?access_token=access_token Retrieve list of organizations OAuth consumer myservice.com Retr OAuth provider account.lab.fi-ware.org ieve Scop ed T oken in or g aniz ation ORG _ID POST http://cloud.lab.fi-ware.eu:4730/v2.0/tokens { "auth":{ "tenantID":”ORG_ID", "token":{ "id":"access_token" } } } 17 Keystone Proxy cloud.lab.fi-ware.org
Using the Access Token Cloud Hosting II Access using Scoped Token DCRM GE cloud.lab.fi-ware.org Access using Scoped Token PaaS GE pegasus.lab.fi-ware.org Access using Scoped Token SDC GE saggita.lab.fi-ware.org Access using Scoped Token Object Storage GE 130.206.82.9 OAuth consumer myservice.com 18
More Info §  FI-WARE Account’s OAuth 2.0 API: •  Documentation: https://github.com/ging/fi-ware-idm/wiki/ •  OAuth 2.0 API: https://github.com/ging/fi-ware-idm/wiki/Using-the-FI-LAB-instance §  OAuth 2.0 Specification: •  http://tools.ietf.org/html/rfc6749 §  FI-WARE PEP Proxy: •  https://github.com/ging/fi-ware-pep-proxy 19
Demo Geek Blog blog.com 20
Demo OAuth provider account.lab.fi-ware.org Geek Blog blog.com PEP Proxy 21
Demo OAuth provider account.lab.fi-ware.org Geek Blog blog.com PEP Proxy 22
Demo OAuth provider account.lab.fi-ware.org Geek Blog blog.com PEP Proxy 23
Demo OAuth provider account.lab.fi-ware.org Geek Blog blog.com PEP Proxy 24

Empfohlen

FI-WARE Account and OAuth solution
FI-WARE Account and OAuth solutionFI-WARE Account and OAuth solution
FI-WARE Account and OAuth solutionJavier Cerviño
 
Adding Identity Management and Access Control to your Application
Adding Identity Management and Access Control to your ApplicationAdding Identity Management and Access Control to your Application
Adding Identity Management and Access Control to your ApplicationFernando Lopez Aguilar
 
IdM and AC
IdM and ACIdM and AC
IdM and ACFernando Lopez Aguilar
 
Adding Identity Management and Access Control to your Application, Authorization
Adding Identity Management and Access Control to your Application, AuthorizationAdding Identity Management and Access Control to your Application, Authorization
Adding Identity Management and Access Control to your Application, AuthorizationFernando Lopez Aguilar
 
FIware Identity Manager
FIware Identity ManagerFIware Identity Manager
FIware Identity ManagerJoaquín Salvachúa
 
Integrating Fiware Orion, Keyrock and Wilma
Integrating Fiware Orion, Keyrock and WilmaIntegrating Fiware Orion, Keyrock and Wilma
Integrating Fiware Orion, Keyrock and WilmaDalton Valadares
 
FIWARE Identity Manager Exercises
FIWARE Identity Manager ExercisesFIWARE Identity Manager Exercises
FIWARE Identity Manager ExercisesJoaquín Salvachúa
 
Id fiware upm-dit
Id fiware upm-ditId fiware upm-dit
Id fiware upm-ditJoaquín Salvachúa
 

Empfohlen

FI-WARE Account and OAuth solution
FI-WARE Account and OAuth solutionFI-WARE Account and OAuth solution
FI-WARE Account and OAuth solutionJavier Cerviño
 
Adding Identity Management and Access Control to your Application
Adding Identity Management and Access Control to your ApplicationAdding Identity Management and Access Control to your Application
Adding Identity Management and Access Control to your ApplicationFernando Lopez Aguilar
 
IdM and AC
IdM and ACIdM and AC
IdM and ACFernando Lopez Aguilar
 
Adding Identity Management and Access Control to your Application, Authorization
Adding Identity Management and Access Control to your Application, AuthorizationAdding Identity Management and Access Control to your Application, Authorization
Adding Identity Management and Access Control to your Application, AuthorizationFernando Lopez Aguilar
 
FIware Identity Manager
FIware Identity ManagerFIware Identity Manager
FIware Identity ManagerJoaquín Salvachúa
 
Integrating Fiware Orion, Keyrock and Wilma
Integrating Fiware Orion, Keyrock and WilmaIntegrating Fiware Orion, Keyrock and Wilma
Integrating Fiware Orion, Keyrock and WilmaDalton Valadares
 
FIWARE Identity Manager Exercises
FIWARE Identity Manager ExercisesFIWARE Identity Manager Exercises
FIWARE Identity Manager ExercisesJoaquín Salvachúa
 
Id fiware upm-dit
Id fiware upm-ditId fiware upm-dit
Id fiware upm-ditJoaquín Salvachúa
 
Security Access with OAuth2.0
Security Access with OAuth2.0Security Access with OAuth2.0
Security Access with OAuth2.0Fernando Lopez Aguilar
 
FIWARE ID Management
FIWARE ID ManagementFIWARE ID Management
FIWARE ID ManagementMiguel García González
 
Secure Code Warrior - Local storage
Secure Code Warrior - Local storageSecure Code Warrior - Local storage
Secure Code Warrior - Local storageSecure Code Warrior
 
Secure Code Warrior - Unrestricted file upload
Secure Code Warrior - Unrestricted file uploadSecure Code Warrior - Unrestricted file upload
Secure Code Warrior - Unrestricted file uploadSecure Code Warrior
 
FIWARE Global Summit - Adding Identity Management, Access Control and API Man...
FIWARE Global Summit - Adding Identity Management, Access Control and API Man...FIWARE Global Summit - Adding Identity Management, Access Control and API Man...
FIWARE Global Summit - Adding Identity Management, Access Control and API Man...FIWARE
 
OAuth2 Protocol with Grails Spring Security
OAuth2 Protocol with Grails Spring SecurityOAuth2 Protocol with Grails Spring Security
OAuth2 Protocol with Grails Spring SecurityNexThoughts Technologies
 
FI-WARE OAUTH-XACML-based API Access Control - Overview (Part 1)
FI-WARE OAUTH-XACML-based API Access Control - Overview (Part 1)FI-WARE OAUTH-XACML-based API Access Control - Overview (Part 1)
FI-WARE OAUTH-XACML-based API Access Control - Overview (Part 1)cdanger
 
Adding Identity Management and Access Control to your Application
Adding Identity Management and Access Control to your ApplicationAdding Identity Management and Access Control to your Application
Adding Identity Management and Access Control to your ApplicationÁlvaro Alonso González
 
A simple PHP LinkedIn OAuth 2.0 example
A simple PHP LinkedIn OAuth 2.0 exampleA simple PHP LinkedIn OAuth 2.0 example
A simple PHP LinkedIn OAuth 2.0 exampleMattia Reggiani
 
Authorization and Authentication using IdentityServer4
Authorization and Authentication using IdentityServer4Authorization and Authentication using IdentityServer4
Authorization and Authentication using IdentityServer4Aaron Ralls
 
Secure Code Warrior - Cookies and sessions
Secure Code Warrior - Cookies and sessionsSecure Code Warrior - Cookies and sessions
Secure Code Warrior - Cookies and sessionsSecure Code Warrior
 
Adding identity management and access control to your app
Adding identity management and access control to your appAdding identity management and access control to your app
Adding identity management and access control to your appÁlvaro Alonso González
 
Secure Code Warrior - Issues with origins
Secure Code Warrior - Issues with originsSecure Code Warrior - Issues with origins
Secure Code Warrior - Issues with originsSecure Code Warrior
 
Secure Code Warrior - Os command injection
Secure Code Warrior - Os command injectionSecure Code Warrior - Os command injection
Secure Code Warrior - Os command injectionSecure Code Warrior
 
Single-Page-Application & REST security
Single-Page-Application & REST securitySingle-Page-Application & REST security
Single-Page-Application & REST securityIgor Bossenko
 
Securing your APIs with OAuth, OpenID, and OpenID Connect
Securing your APIs with OAuth, OpenID, and OpenID ConnectSecuring your APIs with OAuth, OpenID, and OpenID Connect
Securing your APIs with OAuth, OpenID, and OpenID ConnectManish Pandit
 
Spring security oauth2
Spring security oauth2Spring security oauth2
Spring security oauth2axykim00
 
Securing RESTful APIs using OAuth 2 and OpenID Connect
Securing RESTful APIs using OAuth 2 and OpenID ConnectSecuring RESTful APIs using OAuth 2 and OpenID Connect
Securing RESTful APIs using OAuth 2 and OpenID ConnectJonathan LeBlanc
 
UMA for ACE
UMA for ACEUMA for ACE
UMA for ACEHannes Tschofenig
 
API Security & Federation Patterns - Francois Lascelles, Chief Architect, Lay...
API Security & Federation Patterns - Francois Lascelles, Chief Architect, Lay...API Security & Federation Patterns - Francois Lascelles, Chief Architect, Lay...
API Security & Federation Patterns - Francois Lascelles, Chief Architect, Lay...CA API Management
 
FIWARE Tech Summit - Complete Framework for Identity, Access Control and API ...
FIWARE Tech Summit - Complete Framework for Identity, Access Control and API ...FIWARE Tech Summit - Complete Framework for Identity, Access Control and API ...
FIWARE Tech Summit - Complete Framework for Identity, Access Control and API ...FIWARE
 
Protecting your APIs with OAuth 2.0
Protecting your APIs with OAuth 2.0Protecting your APIs with OAuth 2.0
Protecting your APIs with OAuth 2.0Ubisecure
 

Weitere ähnliche Inhalte

Was ist angesagt?

Secure Code Warrior - Local storage
Secure Code Warrior - Local storageSecure Code Warrior - Local storage
Secure Code Warrior - Local storageSecure Code Warrior
 
Secure Code Warrior - Unrestricted file upload
Secure Code Warrior - Unrestricted file uploadSecure Code Warrior - Unrestricted file upload
Secure Code Warrior - Unrestricted file uploadSecure Code Warrior
 
FIWARE Global Summit - Adding Identity Management, Access Control and API Man...
FIWARE Global Summit - Adding Identity Management, Access Control and API Man...FIWARE Global Summit - Adding Identity Management, Access Control and API Man...
FIWARE Global Summit - Adding Identity Management, Access Control and API Man...FIWARE
 
OAuth2 Protocol with Grails Spring Security
OAuth2 Protocol with Grails Spring SecurityOAuth2 Protocol with Grails Spring Security
OAuth2 Protocol with Grails Spring SecurityNexThoughts Technologies
 
FI-WARE OAUTH-XACML-based API Access Control - Overview (Part 1)
FI-WARE OAUTH-XACML-based API Access Control - Overview (Part 1)FI-WARE OAUTH-XACML-based API Access Control - Overview (Part 1)
FI-WARE OAUTH-XACML-based API Access Control - Overview (Part 1)cdanger
 
Adding Identity Management and Access Control to your Application
Adding Identity Management and Access Control to your ApplicationAdding Identity Management and Access Control to your Application
Adding Identity Management and Access Control to your ApplicationÁlvaro Alonso González
 
A simple PHP LinkedIn OAuth 2.0 example
A simple PHP LinkedIn OAuth 2.0 exampleA simple PHP LinkedIn OAuth 2.0 example
A simple PHP LinkedIn OAuth 2.0 exampleMattia Reggiani
 
Authorization and Authentication using IdentityServer4
Authorization and Authentication using IdentityServer4Authorization and Authentication using IdentityServer4
Authorization and Authentication using IdentityServer4Aaron Ralls
 
Secure Code Warrior - Cookies and sessions
Secure Code Warrior - Cookies and sessionsSecure Code Warrior - Cookies and sessions
Secure Code Warrior - Cookies and sessionsSecure Code Warrior
 
Adding identity management and access control to your app
Adding identity management and access control to your appAdding identity management and access control to your app
Adding identity management and access control to your appÁlvaro Alonso González
 
Secure Code Warrior - Issues with origins
Secure Code Warrior - Issues with originsSecure Code Warrior - Issues with origins
Secure Code Warrior - Issues with originsSecure Code Warrior
 
Secure Code Warrior - Os command injection
Secure Code Warrior - Os command injectionSecure Code Warrior - Os command injection
Secure Code Warrior - Os command injectionSecure Code Warrior
 
Single-Page-Application & REST security
Single-Page-Application & REST securitySingle-Page-Application & REST security
Single-Page-Application & REST securityIgor Bossenko
 
Securing your APIs with OAuth, OpenID, and OpenID Connect
Securing your APIs with OAuth, OpenID, and OpenID ConnectSecuring your APIs with OAuth, OpenID, and OpenID Connect
Securing your APIs with OAuth, OpenID, and OpenID ConnectManish Pandit
 
Spring security oauth2
Spring security oauth2Spring security oauth2
Spring security oauth2axykim00
 
Securing RESTful APIs using OAuth 2 and OpenID Connect
Securing RESTful APIs using OAuth 2 and OpenID ConnectSecuring RESTful APIs using OAuth 2 and OpenID Connect
Securing RESTful APIs using OAuth 2 and OpenID ConnectJonathan LeBlanc
 
API Security & Federation Patterns - Francois Lascelles, Chief Architect, Lay...
API Security & Federation Patterns - Francois Lascelles, Chief Architect, Lay...API Security & Federation Patterns - Francois Lascelles, Chief Architect, Lay...
API Security & Federation Patterns - Francois Lascelles, Chief Architect, Lay...CA API Management
 

Was ist angesagt? (20)

Security Access with OAuth2.0
Security Access with OAuth2.0Security Access with OAuth2.0
Security Access with OAuth2.0
 
FIWARE ID Management
FIWARE ID ManagementFIWARE ID Management
FIWARE ID Management
 
Secure Code Warrior - Local storage
Secure Code Warrior - Local storageSecure Code Warrior - Local storage
Secure Code Warrior - Local storage
 
Secure Code Warrior - Unrestricted file upload
Secure Code Warrior - Unrestricted file uploadSecure Code Warrior - Unrestricted file upload
Secure Code Warrior - Unrestricted file upload
 
FIWARE Global Summit - Adding Identity Management, Access Control and API Man...
FIWARE Global Summit - Adding Identity Management, Access Control and API Man...FIWARE Global Summit - Adding Identity Management, Access Control and API Man...
FIWARE Global Summit - Adding Identity Management, Access Control and API Man...
 
OAuth2 Protocol with Grails Spring Security
OAuth2 Protocol with Grails Spring SecurityOAuth2 Protocol with Grails Spring Security
OAuth2 Protocol with Grails Spring Security
 
FI-WARE OAUTH-XACML-based API Access Control - Overview (Part 1)
FI-WARE OAUTH-XACML-based API Access Control - Overview (Part 1)FI-WARE OAUTH-XACML-based API Access Control - Overview (Part 1)
FI-WARE OAUTH-XACML-based API Access Control - Overview (Part 1)
 
Adding Identity Management and Access Control to your Application
Adding Identity Management and Access Control to your ApplicationAdding Identity Management and Access Control to your Application
Adding Identity Management and Access Control to your Application
 
A simple PHP LinkedIn OAuth 2.0 example
A simple PHP LinkedIn OAuth 2.0 exampleA simple PHP LinkedIn OAuth 2.0 example
A simple PHP LinkedIn OAuth 2.0 example
 
Authorization and Authentication using IdentityServer4
Authorization and Authentication using IdentityServer4Authorization and Authentication using IdentityServer4
Authorization and Authentication using IdentityServer4
 
Secure Code Warrior - Cookies and sessions
Secure Code Warrior - Cookies and sessionsSecure Code Warrior - Cookies and sessions
Secure Code Warrior - Cookies and sessions
 
Adding identity management and access control to your app
Adding identity management and access control to your appAdding identity management and access control to your app
Adding identity management and access control to your app
 
Secure Code Warrior - Issues with origins
Secure Code Warrior - Issues with originsSecure Code Warrior - Issues with origins
Secure Code Warrior - Issues with origins
 
Secure Code Warrior - Os command injection
Secure Code Warrior - Os command injectionSecure Code Warrior - Os command injection
Secure Code Warrior - Os command injection
 
Single-Page-Application & REST security
Single-Page-Application & REST securitySingle-Page-Application & REST security
Single-Page-Application & REST security
 
Securing your APIs with OAuth, OpenID, and OpenID Connect
Securing your APIs with OAuth, OpenID, and OpenID ConnectSecuring your APIs with OAuth, OpenID, and OpenID Connect
Securing your APIs with OAuth, OpenID, and OpenID Connect
 
Spring security oauth2
Spring security oauth2Spring security oauth2
Spring security oauth2
 
Securing RESTful APIs using OAuth 2 and OpenID Connect
Securing RESTful APIs using OAuth 2 and OpenID ConnectSecuring RESTful APIs using OAuth 2 and OpenID Connect
Securing RESTful APIs using OAuth 2 and OpenID Connect
 
UMA for ACE
UMA for ACEUMA for ACE
UMA for ACE
 
API Security & Federation Patterns - Francois Lascelles, Chief Architect, Lay...
API Security & Federation Patterns - Francois Lascelles, Chief Architect, Lay...API Security & Federation Patterns - Francois Lascelles, Chief Architect, Lay...
API Security & Federation Patterns - Francois Lascelles, Chief Architect, Lay...
 

Ähnlich wie How to authenticate users in your apps using FI-WARE Account - Introduction

FIWARE Tech Summit - Complete Framework for Identity, Access Control and API ...
FIWARE Tech Summit - Complete Framework for Identity, Access Control and API ...FIWARE Tech Summit - Complete Framework for Identity, Access Control and API ...
FIWARE Tech Summit - Complete Framework for Identity, Access Control and API ...FIWARE
 
Protecting your APIs with OAuth 2.0
Protecting your APIs with OAuth 2.0Protecting your APIs with OAuth 2.0
Protecting your APIs with OAuth 2.0Ubisecure
 
Stateless Auth using OAuth2 & JWT
Stateless Auth using OAuth2 & JWTStateless Auth using OAuth2 & JWT
Stateless Auth using OAuth2 & JWTGaurav Roy
 
Adding Identity Management and Access Control to your App
Adding Identity Management and Access Control to your AppAdding Identity Management and Access Control to your App
Adding Identity Management and Access Control to your AppFIWARE
 
Adding Identity Management and Access Control to your Application - Exersices
Adding Identity Management and Access Control to your Application - ExersicesAdding Identity Management and Access Control to your Application - Exersices
Adding Identity Management and Access Control to your Application - ExersicesÁlvaro Alonso González
 
Stateless Auth using OAUTH2 & JWT
Stateless Auth using OAUTH2 & JWTStateless Auth using OAUTH2 & JWT
Stateless Auth using OAUTH2 & JWTMobiliya
 
.NET Core, ASP.NET Core Course, Session 19
.NET Core, ASP.NET Core Course, Session 19 .NET Core, ASP.NET Core Course, Session 19
.NET Core, ASP.NET Core Course, Session 19aminmesbahi
 
Oauth2 and OWSM OAuth2 support
Oauth2 and OWSM OAuth2 supportOauth2 and OWSM OAuth2 support
Oauth2 and OWSM OAuth2 supportGaurav Sharma
 
Microsoft Azure Identity and O365
Microsoft Azure Identity and O365Microsoft Azure Identity and O365
Microsoft Azure Identity and O365Kris Wagner
 
OAuth 2.0 and Mobile Devices: Is that a token in your phone in your pocket or...
OAuth 2.0 and Mobile Devices: Is that a token in your phone in your pocket or...OAuth 2.0 and Mobile Devices: Is that a token in your phone in your pocket or...
OAuth 2.0 and Mobile Devices: Is that a token in your phone in your pocket or...Brian Campbell
 
1000 ways to die in mobile oauth
1000 ways to die in mobile oauth1000 ways to die in mobile oauth
1000 ways to die in mobile oauthPriyanka Aash
 
Beyond API Authorization
Beyond API AuthorizationBeyond API Authorization
Beyond API AuthorizationJared Hanson
 
Securing APIs using OAuth 2.0
Securing APIs using OAuth 2.0Securing APIs using OAuth 2.0
Securing APIs using OAuth 2.0Adam Lewis
 

Ähnlich wie How to authenticate users in your apps using FI-WARE Account - Introduction (20)

FIWARE Tech Summit - Complete Framework for Identity, Access Control and API ...
FIWARE Tech Summit - Complete Framework for Identity, Access Control and API ...FIWARE Tech Summit - Complete Framework for Identity, Access Control and API ...
FIWARE Tech Summit - Complete Framework for Identity, Access Control and API ...
 
Protecting your APIs with OAuth 2.0
Protecting your APIs with OAuth 2.0Protecting your APIs with OAuth 2.0
Protecting your APIs with OAuth 2.0
 
Stateless Auth using OAuth2 & JWT
Stateless Auth using OAuth2 & JWTStateless Auth using OAuth2 & JWT
Stateless Auth using OAuth2 & JWT
 
Adding Identity Management and Access Control to your App
Adding Identity Management and Access Control to your AppAdding Identity Management and Access Control to your App
Adding Identity Management and Access Control to your App
 
Oauth2.0
Oauth2.0Oauth2.0
Oauth2.0
 
OAuth
OAuthOAuth
OAuth
 
Adding Identity Management and Access Control to your Application - Exersices
Adding Identity Management and Access Control to your Application - ExersicesAdding Identity Management and Access Control to your Application - Exersices
Adding Identity Management and Access Control to your Application - Exersices
 
API Security with OAuth2.0.
API Security with OAuth2.0.API Security with OAuth2.0.
API Security with OAuth2.0.
 
Stateless Auth using OAUTH2 & JWT
Stateless Auth using OAUTH2 & JWTStateless Auth using OAUTH2 & JWT
Stateless Auth using OAUTH2 & JWT
 
.NET Core, ASP.NET Core Course, Session 19
.NET Core, ASP.NET Core Course, Session 19 .NET Core, ASP.NET Core Course, Session 19
.NET Core, ASP.NET Core Course, Session 19
 
Oauth2 and OWSM OAuth2 support
Oauth2 and OWSM OAuth2 supportOauth2 and OWSM OAuth2 support
Oauth2 and OWSM OAuth2 support
 
Microsoft Azure Identity and O365
Microsoft Azure Identity and O365Microsoft Azure Identity and O365
Microsoft Azure Identity and O365
 
O auth 2
O auth 2O auth 2
O auth 2
 
OAuth
OAuthOAuth
OAuth
 
OAuth 2.0 and Mobile Devices: Is that a token in your phone in your pocket or...
OAuth 2.0 and Mobile Devices: Is that a token in your phone in your pocket or...OAuth 2.0 and Mobile Devices: Is that a token in your phone in your pocket or...
OAuth 2.0 and Mobile Devices: Is that a token in your phone in your pocket or...
 
1000 ways to die in mobile oauth
1000 ways to die in mobile oauth1000 ways to die in mobile oauth
1000 ways to die in mobile oauth
 
Beyond API Authorization
Beyond API AuthorizationBeyond API Authorization
Beyond API Authorization
 
Api security
Api security Api security
Api security
 
Oauth2.0 tutorial
Oauth2.0 tutorialOauth2.0 tutorial
Oauth2.0 tutorial
 
Securing APIs using OAuth 2.0
Securing APIs using OAuth 2.0Securing APIs using OAuth 2.0
Securing APIs using OAuth 2.0
 

Kürzlich hochgeladen

SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsMiki Katsuragi
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embeddingZilliz
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piececharlottematthew16
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 

Kürzlich hochgeladen (20)

SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embedding
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piece
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 

How to authenticate users in your apps using FI-WARE Account - Introduction

  • 1. How to authenticate users in your apps using FI-WARE Account In this course you will learn to: § Use FI-WARE Account to create users, organizations and register your Applications. § Authenticate users in your apps with their credentials on FI-WARE using OAuth 2.0. They’ll securely access resources thanks to authorization in FI-WARE Account. 1
  • 2. Content 1. Introduction. Introduction to FI-WARE Account and OAuth 2.0. We’ll see key concepts and topics. 2. First steps in FI-WARE Account. Register on FI-WARE Account, create organizations and manage roles of users in your organizations. 3. Secure your web applications using OAuth 2.0. Secure your own web applications to authenticate your users with their username and password in FI-WARE Account. 4. Authenticate your users from native applications using OAuth 2.0. Adapt your native applications to authenticate your users with their username and password in FI-WARE Account. 5. Developing secured APIs using OAuth 2.0. Deploy a FI-WARE PEP Security Proxy in front of your backend to secure requests to your APIs. 6. Authorizing access to protected resources. Create roles in your applications to allow or deny access of users to protected resources. 2
  • 5. Identity Management in FI-WARE §  Management of users, their authentication and authorization, and privileges within organizations. §  Resources used: •  Users •  Organizations •  Roles •  Applications §  Users register themselves, create organizations, and assign roles into these organizations. §  It enables applications to access user’s protected information. •  Trusted environment •  OAuth 2.0 standard §  http://oauth.net/2/ •  PHP, Cocoa, iOS, Java, Ruby, Javascript, Python. 5
  • 8. OAuth 2.0 §  Mechanism to provide applications access to restricted resources without sharing credentials. §  Applications use access tokens, issued by OAuth providers (e.g. FI-WARE), to access resources. §  OAuth 2.0 specification is designed for use with HTTP. §  Roles: •  Resource Owner: Entity capable of granting access to a protected resource (e.g. end-user) •  Resource Server: Server hosting protected resources. •  Client: Application making protected resource requests on behalf of the resource owner. •  Authorization Server: The server issuing access tokens to the client. 8
  • 10. OAuth 2.0 Architecture Authorization Code Grant 6. Response code + myservice.com credentials 7. Ok, this is the Access Token 8. Access user’s resources with Access Token OAuth consumer myservice.com OAuth provider account.lab.fi-ware.org 10
  • 11. OAuth 2.0 Architecture Implicit Grant 6. Access user’s resources with Access Token OAuth consumer myservice.com OAuth provider account.lab.fi-ware.org 11
  • 12. OAuth 2.0 Arch. Resource Owner Password Credentials Grant 2. Give access with myservice.com credentials and user’s password credentials 3. OK, this is the access token OAuth consumer myservice.com 4. Access user’s resources with Access Token 12 OAuth provider account.lab.fi-ware.org
  • 13. OAuth 2.0 Architecture Client Credentials Grant 1. Client authentication with myservice.com credentials 2. OK, this is the access token OAuth consumer myservice.com 3. Access myservice.com resources with Access Token 13 OAuth provider account.lab.fi-ware.org
  • 14. Using the Access Token 14
  • 15. Using the Access Token FI-WARE Resource Providers GET /user?access_token=access_token Access protected user info with Access Token OAuth consumer myservice.com OAuth provider account.lab.fi-ware.org Acce ss p rotec ted r e sour ces GET https://ge_url HTTP/1.1 Host: GE_hostname Authorization: Bearer access_token with Acce ss T oken Generic Enablers *.fi-ware.org 15
  • 16. Using the Access Token Third-Party Resource Providers GET https://protected_url HTTP/1.1 Host: GE_hostname Authorization: Bearer access_token Access protected user info with Access Token OAuth consumer myservice.com PEP Proxy Unsecured Resource Provider 16
  • 17. Using the Access Token Cloud Hosting I GET /user?access_token=access_token Retrieve list of organizations OAuth consumer myservice.com Retr OAuth provider account.lab.fi-ware.org ieve Scop ed T oken in or g aniz ation ORG _ID POST http://cloud.lab.fi-ware.eu:4730/v2.0/tokens { "auth":{ "tenantID":”ORG_ID", "token":{ "id":"access_token" } } } 17 Keystone Proxy cloud.lab.fi-ware.org
  • 18. Using the Access Token Cloud Hosting II Access using Scoped Token DCRM GE cloud.lab.fi-ware.org Access using Scoped Token PaaS GE pegasus.lab.fi-ware.org Access using Scoped Token SDC GE saggita.lab.fi-ware.org Access using Scoped Token Object Storage GE 130.206.82.9 OAuth consumer myservice.com 18
  • 19. More Info §  FI-WARE Account’s OAuth 2.0 API: •  Documentation: https://github.com/ging/fi-ware-idm/wiki/ •  OAuth 2.0 API: https://github.com/ging/fi-ware-idm/wiki/Using-the-FI-LAB-instance §  OAuth 2.0 Specification: •  http://tools.ietf.org/html/rfc6749 §  FI-WARE PEP Proxy: •  https://github.com/ging/fi-ware-pep-proxy 19