SlideShare a Scribd company logo

OAuth and OpenID Connect for Microservices

Twobo Technologies
Twobo Technologies

Nordic APIs Platform Summit 2014. Presenter: Jacob Ideskog

Technology
1 of 47
Download to read offline
OAuth and OpenID Connect for Microservices A homogenous solution for a heterogeneous problem! Jacob Ideskog – Identity Specialist at Twobo Technologies! Copyright © 2014 Twobo Technologies AB. All rights reserved
Copyright © 2014 Twobo Technologies AB. All rights reserved A Traditional Service
With Traditional Subsystems Copyright © 2014 Twobo Technologies AB. All rights reserved Component C Component D Component A Component B
… and traditional scalability Copyright © 2014 Twobo Technologies AB. All rights reserved
But this is not always how we build systems Copyright © 2014 Twobo Technologies AB. All rights reserved
A microservice Copyright © 2014 Twobo Technologies AB. All rights reserved
Many microservices Copyright © 2014 Twobo Technologies AB. All rights reserved
Scaling microservices Copyright © 2014 Twobo Technologies AB. All rights reserved
So what’s the problem? Copyright © 2014 Twobo Technologies AB. All rights reserved
Securing a traditional service Copyright © 2014 Twobo Technologies AB. All rights reserved
Securing a traditional service Copyright © 2014 Twobo Technologies AB. All rights reserved User repository
So for microservices that would mean Copyright © 2014 Twobo Technologies AB. All rights reserved User repository
Not fantastic! Copyright © 2014 Twobo Technologies AB. All rights reserved
Lets talk about OAuth It’s not for Authentication …and not for Authorization OAuth is a scalable delegation protocol Copyright © 2014 Twobo Technologies AB. All rights reserved
OAuth has 4 actors Resource Owner (RO) Authorization Server (AS) ClientResource Server (RS) Copyright © 2014 Twobo Technologies AB. All rights reserved
The client requests access Resource Owner (RO) Authorization Server (AS) ClientResource Server (RS) Copyright © 2014 Twobo Technologies AB. All rights reserved
The AS requires the RO to authenticate Resource Owner (RO) Authorization Server (AS) ClientResource Server (RS) Copyright © 2014 Twobo Technologies AB. All rights reserved
The AS issues the tokens Resource Owner (RO) Authorization Server (AS) ClientResource Server (RS) Copyright © 2014 Twobo Technologies AB. All rights reserved
The Client presents the token to the RS Resource Owner (RO) Authorization Server (AS) ClientResource Server (RS) Copyright © 2014 Twobo Technologies AB. All rights reserved
The RS validates the Token Resource Owner (RO) Authorization Server (AS) ClientResource Server (RS) Copyright © 2014 Twobo Technologies AB. All rights reserved
Access! Resource Owner (RO) Authorization Server (AS) ClientResource Server (RS) Copyright © 2014 Twobo Technologies AB. All rights reserved
One very important thing" " - The Client knows nothing about the user Copyright © 2014 Twobo Technologies AB. All rights reserved
Open ID Connect" (Simplified) Copyright © 2014 Twobo Technologies AB. All rights reserved
Request Access Resource Owner (RO) Copyright © 2014 Twobo Technologies AB. All rights reserved Authorization Server (AS) ClientResource Server (RS) Sessions MyMail.com
Get Redirected to AS Resource Owner (RO) Copyright © 2014 Twobo Technologies AB. All rights reserved Authorization Server (AS) ClientResource Server (RS) Sessions MyMail.com
Challenged Resource Owner (RO) Copyright © 2014 Twobo Technologies AB. All rights reserved Authorization Server (AS) ClientResource Server (RS) Sessions MyMail.com
Now – an ID Token ( ) is also given Resource Owner (RO) Copyright © 2014 Twobo Technologies AB. All rights reserved Authorization Server (AS) ClientResource Server (RS) Sessions MyMail.com
Sessions can be created (SSO) Resource Owner (RO) Copyright © 2014 Twobo Technologies AB. All rights reserved Authorization Server (AS) ClientResource Server (RS) Sessions MyMail.com
Tada! Resource Owner (RO) Copyright © 2014 Twobo Technologies AB. All rights reserved Authorization Server (AS) ClientResource Server (RS) Sessions MyMail.com
What was interesting there? Copyright © 2014 Twobo Technologies AB. All rights reserved
TRUST Copyright © 2014 Twobo Technologies AB. All rights reserved
The ID Token is a JWT" (JSON Web Token) Copyright © 2014 Twobo Technologies AB. All rights reserved
A signed JSON document { } { "iss": "https://fs.oidc.net", "x5t": "5F0A1359B4BB9FBB104155908DEC1FDCB5AC8865", "typ": "JWT", "alg": "RS256” "sub": "janedoe", "name" : "Jane Doe", "email" : "jane@doe.com", "phone_number" "+46 (0) 12345678", "aud": "https://mymail.com", "iss": "https://fs.oidc.net", "nbf": 1409213888783, "jti": "622a9973-­‐fc4d-­‐4797-­‐be31-­‐7c2116f549df", "exp": 1409213890583, "iat": 1409213888783 } Copyright © 2014 Twobo Technologies AB. All rights reserved Certificate Signature orQOOKvXN3jbEpBSl0RHAyaQNxcx9DFgtMsJJgMxm9Az6QJMKKy6m0 WvP1UzXZA_nsK16g9etg2yEW9IXbQU0RbSQktUtObRB9SxHtW_AcCk6 93XDAz15Y4aP9DeD62nROzd1MS4FZTmY3Cgzo1-3- sqW6_4Rgzs94aLO3aLP_zoVtJycCUKtJQhGhPTyjXXYWMsp0E4uTtL8Ri f7cWu4olme_XNFlAs73pOrfzsQYc1GD2dB70l1M8SDaJZFURr9jAAaavX 7Xqs_FPXY1PZLXLbc3ARXFmRf_- Z4B6uLCGI2shzl12ni54Yun6dflL9rQwaxXYuNZZodUWchID2cA
OAuth Access Tokens can also be JWTs Copyright © 2014 Twobo Technologies AB. All rights reserved
2 types of tokens Copyright © 2014 Twobo Technologies AB. All rights reserved 123XYZ Jane Doe By Value By Reference
By Reference Contains NO information outside the network Copyright © 2014 Twobo Technologies AB. All rights reserved 123XYZ Jane Doe
Contains ALL necessary information Copyright © 2014 Twobo Technologies AB. All rights reserved By Value
External vs. Internal By ReferenceBy Value 123XYZ Outside the network Inside the network Copyright © 2014 Twobo Technologies AB. All rights reserved API Firewall / Reverse Proxy API
Token Translation By ReferenceBy Value 123XYZ Outside the network Inside the network Copyright © 2014 Twobo Technologies AB. All rights reserved API Firewall / Reverse Proxy API
Back to Microservices Copyright © 2014 Twobo Technologies AB. All rights reserved
2 Problems" " - Identifying the user" - Creating sessions" Copyright © 2014 Twobo Technologies AB. All rights reserved
Leave authentication to the OAuth/OIDC server Resource Owner (RO) Copyright © 2014 Twobo Technologies AB. All rights reserved Authorization Server (AS)
Let all Microservices accept JWTs Resource Owner (RO) Copyright © 2014 Twobo Technologies AB. All rights reserved
BUT…" " Translate! Copyright © 2014 Twobo Technologies AB. All rights reserved
Let all Microservices accept JWTs Resource Owner (RO) Copyright © 2014 Twobo Technologies AB. All rights reserved Reverse Proxy 123 XYZ
- everything is self contained" - standards based" - non-reputable" - scalable Copyright © 2014 Twobo Technologies AB. All rights reserved Conclusion
Copyright © 2014 Twobo Technologies AB. All rights reserved Thank you!

Recommended

Incorporating OAuth: How to integrate OAuth into your mobile app
Incorporating OAuth: How to integrate OAuth into your mobile appIncorporating OAuth: How to integrate OAuth into your mobile app
Incorporating OAuth: How to integrate OAuth into your mobile appNordic APIs
 
Synergies of Cloud Identity: Putting it All Together
Synergies of Cloud Identity: Putting it All TogetherSynergies of Cloud Identity: Putting it All Together
Synergies of Cloud Identity: Putting it All TogetherTwobo Technologies
 
Nordic APIs - Building a Secure API
Nordic APIs - Building a Secure APINordic APIs - Building a Secure API
Nordic APIs - Building a Secure APITwobo Technologies
 
Neo-security Stack
Neo-security StackNeo-security Stack
Neo-security StackTwobo Technologies
 
Secure your APIs using OAuth 2 and OpenID Connect
Secure your APIs using OAuth 2 and OpenID ConnectSecure your APIs using OAuth 2 and OpenID Connect
Secure your APIs using OAuth 2 and OpenID ConnectNordic APIs
 
OAuth 2.0 and the Internet of Things (IoT) (Jacob Ideskog)
OAuth 2.0 and the Internet of Things (IoT) (Jacob Ideskog)OAuth 2.0 and the Internet of Things (IoT) (Jacob Ideskog)
OAuth 2.0 and the Internet of Things (IoT) (Jacob Ideskog)Nordic APIs
 
Incorporating OAuth
Incorporating OAuthIncorporating OAuth
Incorporating OAuthTwobo Technologies
 
The JSON-based Identity Protocol Suite
The JSON-based Identity Protocol SuiteThe JSON-based Identity Protocol Suite
The JSON-based Identity Protocol SuiteTwobo Technologies
 

Recommended

Incorporating OAuth: How to integrate OAuth into your mobile app
Incorporating OAuth: How to integrate OAuth into your mobile appIncorporating OAuth: How to integrate OAuth into your mobile app
Incorporating OAuth: How to integrate OAuth into your mobile appNordic APIs
 
Synergies of Cloud Identity: Putting it All Together
Synergies of Cloud Identity: Putting it All TogetherSynergies of Cloud Identity: Putting it All Together
Synergies of Cloud Identity: Putting it All TogetherTwobo Technologies
 
Nordic APIs - Building a Secure API
Nordic APIs - Building a Secure APINordic APIs - Building a Secure API
Nordic APIs - Building a Secure APITwobo Technologies
 
Neo-security Stack
Neo-security StackNeo-security Stack
Neo-security StackTwobo Technologies
 
Secure your APIs using OAuth 2 and OpenID Connect
Secure your APIs using OAuth 2 and OpenID ConnectSecure your APIs using OAuth 2 and OpenID Connect
Secure your APIs using OAuth 2 and OpenID ConnectNordic APIs
 
OAuth 2.0 and the Internet of Things (IoT) (Jacob Ideskog)
OAuth 2.0 and the Internet of Things (IoT) (Jacob Ideskog)OAuth 2.0 and the Internet of Things (IoT) (Jacob Ideskog)
OAuth 2.0 and the Internet of Things (IoT) (Jacob Ideskog)Nordic APIs
 
Incorporating OAuth
Incorporating OAuthIncorporating OAuth
Incorporating OAuthTwobo Technologies
 
The JSON-based Identity Protocol Suite
The JSON-based Identity Protocol SuiteThe JSON-based Identity Protocol Suite
The JSON-based Identity Protocol SuiteTwobo Technologies
 
1400 ping madsen-nordicapis-connect-01
1400 ping madsen-nordicapis-connect-011400 ping madsen-nordicapis-connect-01
1400 ping madsen-nordicapis-connect-01Nordic APIs
 
Authorization The Missing Piece of the Puzzle
Authorization The Missing Piece of the PuzzleAuthorization The Missing Piece of the Puzzle
Authorization The Missing Piece of the PuzzleNordic APIs
 
OpenID Connect Explained
OpenID Connect ExplainedOpenID Connect Explained
OpenID Connect ExplainedVladimir Dzhuvinov
 
Nordic APIs - Integrated Social Solutions for a Cloudy, Mobile World
Nordic APIs - Integrated Social Solutions for a Cloudy, Mobile WorldNordic APIs - Integrated Social Solutions for a Cloudy, Mobile World
Nordic APIs - Integrated Social Solutions for a Cloudy, Mobile WorldTwobo Technologies
 
Launching a Successful and Secure API
Launching a Successful and Secure APILaunching a Successful and Secure API
Launching a Successful and Secure APINordic APIs
 
An Authentication and Authorization Architecture for a Microservices World
An Authentication and Authorization Architecture for a Microservices WorldAn Authentication and Authorization Architecture for a Microservices World
An Authentication and Authorization Architecture for a Microservices WorldVMware Tanzu
 
Stateless authentication with OAuth 2 and JWT - JavaZone 2015
Stateless authentication with OAuth 2 and JWT - JavaZone 2015Stateless authentication with OAuth 2 and JWT - JavaZone 2015
Stateless authentication with OAuth 2 and JWT - JavaZone 2015Alvaro Sanchez-Mariscal
 
Open APIs - Risks and Rewards (Øredev 2013)
Open APIs - Risks and Rewards (Øredev 2013)Open APIs - Risks and Rewards (Øredev 2013)
Open APIs - Risks and Rewards (Øredev 2013)Nordic APIs
 
Designing an API
Designing an APIDesigning an API
Designing an APITwobo Technologies
 
OAuth & OpenID Connect Deep Dive
OAuth & OpenID Connect Deep DiveOAuth & OpenID Connect Deep Dive
OAuth & OpenID Connect Deep DiveNordic APIs
 
OpenID Connect 1.0 Explained
OpenID Connect 1.0 ExplainedOpenID Connect 1.0 Explained
OpenID Connect 1.0 ExplainedEugene Siow
 
OAuth Assisted Token Flow for Single Page Applications
OAuth Assisted Token Flow for Single Page ApplicationsOAuth Assisted Token Flow for Single Page Applications
OAuth Assisted Token Flow for Single Page ApplicationsNordic APIs
 
Single Sign On with OAuth and OpenID
Single Sign On with OAuth and OpenIDSingle Sign On with OAuth and OpenID
Single Sign On with OAuth and OpenIDGasperi Jerome
 
Mit 2014 introduction to open id connect and o-auth 2
Mit 2014 introduction to open id connect and o-auth 2Mit 2014 introduction to open id connect and o-auth 2
Mit 2014 introduction to open id connect and o-auth 2Justin Richer
 
CIS14: Consolidating Authorization for API and Web SSO using OpenID Connect
CIS14: Consolidating Authorization for API and Web SSO using OpenID ConnectCIS14: Consolidating Authorization for API and Web SSO using OpenID Connect
CIS14: Consolidating Authorization for API and Web SSO using OpenID ConnectCloudIDSummit
 
Twobo LDAP Attribute Store for ADFS
Twobo LDAP Attribute Store for ADFSTwobo LDAP Attribute Store for ADFS
Twobo LDAP Attribute Store for ADFSTwobo Technologies
 
Authentication and Authorization Architecture in the MEAN Stack
Authentication and Authorization Architecture in the MEAN StackAuthentication and Authorization Architecture in the MEAN Stack
Authentication and Authorization Architecture in the MEAN StackFITC
 
LASCON 2017: SAML v. OpenID v. Oauth
LASCON 2017: SAML v. OpenID v. OauthLASCON 2017: SAML v. OpenID v. Oauth
LASCON 2017: SAML v. OpenID v. OauthMike Schwartz
 
CIS 2015 OpenID Connect and Mobile Applications - David Chase
CIS 2015 OpenID Connect and Mobile Applications - David ChaseCIS 2015 OpenID Connect and Mobile Applications - David Chase
CIS 2015 OpenID Connect and Mobile Applications - David ChaseCloudIDSummit
 
ID連携入門 (実習編) - Security Camp 2016
ID連携入門 (実習編) - Security Camp 2016ID連携入門 (実習編) - Security Camp 2016
ID連携入門 (実習編) - Security Camp 2016Nov Matake
 
Stateless authentication for microservices
Stateless authentication for microservicesStateless authentication for microservices
Stateless authentication for microservicesAlvaro Sanchez-Mariscal
 
Microservices Manchester: Authentication in Microservice Systems by David Borsos
Microservices Manchester: Authentication in Microservice Systems by David BorsosMicroservices Manchester: Authentication in Microservice Systems by David Borsos
Microservices Manchester: Authentication in Microservice Systems by David BorsosOpenCredo
 

More Related Content

What's hot

1400 ping madsen-nordicapis-connect-01
1400 ping madsen-nordicapis-connect-011400 ping madsen-nordicapis-connect-01
1400 ping madsen-nordicapis-connect-01Nordic APIs
 
Authorization The Missing Piece of the Puzzle
Authorization The Missing Piece of the PuzzleAuthorization The Missing Piece of the Puzzle
Authorization The Missing Piece of the PuzzleNordic APIs
 
Nordic APIs - Integrated Social Solutions for a Cloudy, Mobile World
Nordic APIs - Integrated Social Solutions for a Cloudy, Mobile WorldNordic APIs - Integrated Social Solutions for a Cloudy, Mobile World
Nordic APIs - Integrated Social Solutions for a Cloudy, Mobile WorldTwobo Technologies
 
Launching a Successful and Secure API
Launching a Successful and Secure APILaunching a Successful and Secure API
Launching a Successful and Secure APINordic APIs
 
An Authentication and Authorization Architecture for a Microservices World
An Authentication and Authorization Architecture for a Microservices WorldAn Authentication and Authorization Architecture for a Microservices World
An Authentication and Authorization Architecture for a Microservices WorldVMware Tanzu
 
Stateless authentication with OAuth 2 and JWT - JavaZone 2015
Stateless authentication with OAuth 2 and JWT - JavaZone 2015Stateless authentication with OAuth 2 and JWT - JavaZone 2015
Stateless authentication with OAuth 2 and JWT - JavaZone 2015Alvaro Sanchez-Mariscal
 
Open APIs - Risks and Rewards (Øredev 2013)
Open APIs - Risks and Rewards (Øredev 2013)Open APIs - Risks and Rewards (Øredev 2013)
Open APIs - Risks and Rewards (Øredev 2013)Nordic APIs
 
OAuth & OpenID Connect Deep Dive
OAuth & OpenID Connect Deep DiveOAuth & OpenID Connect Deep Dive
OAuth & OpenID Connect Deep DiveNordic APIs
 
OpenID Connect 1.0 Explained
OpenID Connect 1.0 ExplainedOpenID Connect 1.0 Explained
OpenID Connect 1.0 ExplainedEugene Siow
 
OAuth Assisted Token Flow for Single Page Applications
OAuth Assisted Token Flow for Single Page ApplicationsOAuth Assisted Token Flow for Single Page Applications
OAuth Assisted Token Flow for Single Page ApplicationsNordic APIs
 
Single Sign On with OAuth and OpenID
Single Sign On with OAuth and OpenIDSingle Sign On with OAuth and OpenID
Single Sign On with OAuth and OpenIDGasperi Jerome
 
Mit 2014 introduction to open id connect and o-auth 2
Mit 2014 introduction to open id connect and o-auth 2Mit 2014 introduction to open id connect and o-auth 2
Mit 2014 introduction to open id connect and o-auth 2Justin Richer
 
CIS14: Consolidating Authorization for API and Web SSO using OpenID Connect
CIS14: Consolidating Authorization for API and Web SSO using OpenID ConnectCIS14: Consolidating Authorization for API and Web SSO using OpenID Connect
CIS14: Consolidating Authorization for API and Web SSO using OpenID ConnectCloudIDSummit
 
Twobo LDAP Attribute Store for ADFS
Twobo LDAP Attribute Store for ADFSTwobo LDAP Attribute Store for ADFS
Twobo LDAP Attribute Store for ADFSTwobo Technologies
 
Authentication and Authorization Architecture in the MEAN Stack
Authentication and Authorization Architecture in the MEAN StackAuthentication and Authorization Architecture in the MEAN Stack
Authentication and Authorization Architecture in the MEAN StackFITC
 
LASCON 2017: SAML v. OpenID v. Oauth
LASCON 2017: SAML v. OpenID v. OauthLASCON 2017: SAML v. OpenID v. Oauth
LASCON 2017: SAML v. OpenID v. OauthMike Schwartz
 
CIS 2015 OpenID Connect and Mobile Applications - David Chase
CIS 2015 OpenID Connect and Mobile Applications - David ChaseCIS 2015 OpenID Connect and Mobile Applications - David Chase
CIS 2015 OpenID Connect and Mobile Applications - David ChaseCloudIDSummit
 
ID連携入門 (実習編) - Security Camp 2016
ID連携入門 (実習編) - Security Camp 2016ID連携入門 (実習編) - Security Camp 2016
ID連携入門 (実習編) - Security Camp 2016Nov Matake
 

What's hot (20)

1400 ping madsen-nordicapis-connect-01
1400 ping madsen-nordicapis-connect-011400 ping madsen-nordicapis-connect-01
1400 ping madsen-nordicapis-connect-01
 
Authorization The Missing Piece of the Puzzle
Authorization The Missing Piece of the PuzzleAuthorization The Missing Piece of the Puzzle
Authorization The Missing Piece of the Puzzle
 
OpenID Connect Explained
OpenID Connect ExplainedOpenID Connect Explained
OpenID Connect Explained
 
Nordic APIs - Integrated Social Solutions for a Cloudy, Mobile World
Nordic APIs - Integrated Social Solutions for a Cloudy, Mobile WorldNordic APIs - Integrated Social Solutions for a Cloudy, Mobile World
Nordic APIs - Integrated Social Solutions for a Cloudy, Mobile World
 
Launching a Successful and Secure API
Launching a Successful and Secure APILaunching a Successful and Secure API
Launching a Successful and Secure API
 
An Authentication and Authorization Architecture for a Microservices World
An Authentication and Authorization Architecture for a Microservices WorldAn Authentication and Authorization Architecture for a Microservices World
An Authentication and Authorization Architecture for a Microservices World
 
Stateless authentication with OAuth 2 and JWT - JavaZone 2015
Stateless authentication with OAuth 2 and JWT - JavaZone 2015Stateless authentication with OAuth 2 and JWT - JavaZone 2015
Stateless authentication with OAuth 2 and JWT - JavaZone 2015
 
Open APIs - Risks and Rewards (Øredev 2013)
Open APIs - Risks and Rewards (Øredev 2013)Open APIs - Risks and Rewards (Øredev 2013)
Open APIs - Risks and Rewards (Øredev 2013)
 
Designing an API
Designing an APIDesigning an API
Designing an API
 
OAuth & OpenID Connect Deep Dive
OAuth & OpenID Connect Deep DiveOAuth & OpenID Connect Deep Dive
OAuth & OpenID Connect Deep Dive
 
OpenID Connect 1.0 Explained
OpenID Connect 1.0 ExplainedOpenID Connect 1.0 Explained
OpenID Connect 1.0 Explained
 
OAuth Assisted Token Flow for Single Page Applications
OAuth Assisted Token Flow for Single Page ApplicationsOAuth Assisted Token Flow for Single Page Applications
OAuth Assisted Token Flow for Single Page Applications
 
Single Sign On with OAuth and OpenID
Single Sign On with OAuth and OpenIDSingle Sign On with OAuth and OpenID
Single Sign On with OAuth and OpenID
 
Mit 2014 introduction to open id connect and o-auth 2
Mit 2014 introduction to open id connect and o-auth 2Mit 2014 introduction to open id connect and o-auth 2
Mit 2014 introduction to open id connect and o-auth 2
 
CIS14: Consolidating Authorization for API and Web SSO using OpenID Connect
CIS14: Consolidating Authorization for API and Web SSO using OpenID ConnectCIS14: Consolidating Authorization for API and Web SSO using OpenID Connect
CIS14: Consolidating Authorization for API and Web SSO using OpenID Connect
 
Twobo LDAP Attribute Store for ADFS
Twobo LDAP Attribute Store for ADFSTwobo LDAP Attribute Store for ADFS
Twobo LDAP Attribute Store for ADFS
 
Authentication and Authorization Architecture in the MEAN Stack
Authentication and Authorization Architecture in the MEAN StackAuthentication and Authorization Architecture in the MEAN Stack
Authentication and Authorization Architecture in the MEAN Stack
 
LASCON 2017: SAML v. OpenID v. Oauth
LASCON 2017: SAML v. OpenID v. OauthLASCON 2017: SAML v. OpenID v. Oauth
LASCON 2017: SAML v. OpenID v. Oauth
 
CIS 2015 OpenID Connect and Mobile Applications - David Chase
CIS 2015 OpenID Connect and Mobile Applications - David ChaseCIS 2015 OpenID Connect and Mobile Applications - David Chase
CIS 2015 OpenID Connect and Mobile Applications - David Chase
 
ID連携入門 (実習編) - Security Camp 2016
ID連携入門 (実習編) - Security Camp 2016ID連携入門 (実習編) - Security Camp 2016
ID連携入門 (実習編) - Security Camp 2016
 

Viewers also liked

Stateless authentication for microservices
Stateless authentication for microservicesStateless authentication for microservices
Stateless authentication for microservicesAlvaro Sanchez-Mariscal
 
Microservices Manchester: Authentication in Microservice Systems by David Borsos
Microservices Manchester: Authentication in Microservice Systems by David BorsosMicroservices Manchester: Authentication in Microservice Systems by David Borsos
Microservices Manchester: Authentication in Microservice Systems by David BorsosOpenCredo
 
Securing RESTful APIs using OAuth 2 and OpenID Connect
Securing RESTful APIs using OAuth 2 and OpenID ConnectSecuring RESTful APIs using OAuth 2 and OpenID Connect
Securing RESTful APIs using OAuth 2 and OpenID ConnectJonathan LeBlanc
 
Stateless authentication for microservices - Spring I/O 2015
Stateless authentication for microservices - Spring I/O 2015Stateless authentication for microservices - Spring I/O 2015
Stateless authentication for microservices - Spring I/O 2015Alvaro Sanchez-Mariscal
 
Testing strategies for micro services - Ketan Soni, Jesal Mistry, ThoughtWorks
Testing strategies for micro services - Ketan Soni, Jesal Mistry, ThoughtWorksTesting strategies for micro services - Ketan Soni, Jesal Mistry, ThoughtWorks
Testing strategies for micro services - Ketan Soni, Jesal Mistry, ThoughtWorksThoughtworks
 
Nginx Scripting - Extending Nginx Functionalities with Lua
Nginx Scripting - Extending Nginx Functionalities with LuaNginx Scripting - Extending Nginx Functionalities with Lua
Nginx Scripting - Extending Nginx Functionalities with LuaTony Fabeen
 
The Role of Enterprise Integration in Digital Transformation
The Role of Enterprise Integration in Digital TransformationThe Role of Enterprise Integration in Digital Transformation
The Role of Enterprise Integration in Digital TransformationKasun Indrasiri
 
Stateless token-based authentication for pure front-end applications
Stateless token-based authentication for pure front-end applicationsStateless token-based authentication for pure front-end applications
Stateless token-based authentication for pure front-end applicationsAlvaro Sanchez-Mariscal
 
OAuth2 and Spring Security
OAuth2 and Spring SecurityOAuth2 and Spring Security
OAuth2 and Spring SecurityOrest Ivasiv
 
muCon 2016: Authentication in Microservice Systems By David Borsos
muCon 2016: Authentication in Microservice Systems By David BorsosmuCon 2016: Authentication in Microservice Systems By David Borsos
muCon 2016: Authentication in Microservice Systems By David BorsosOpenCredo
 
DevSecOps in Baby Steps
DevSecOps in Baby StepsDevSecOps in Baby Steps
DevSecOps in Baby StepsPriyanka Aash
 
OpenID Connect 入門 〜コンシューマーにおけるID連携のトレンド〜
OpenID Connect 入門 〜コンシューマーにおけるID連携のトレンド〜OpenID Connect 入門 〜コンシューマーにおけるID連携のトレンド〜
OpenID Connect 入門 〜コンシューマーにおけるID連携のトレンド〜Masaru Kurahayashi
 
Modern authentication solutions in Angular 2 with OAuth 2.0 and OpenId Connect
Modern authentication solutions in Angular 2 with OAuth 2.0 and OpenId ConnectModern authentication solutions in Angular 2 with OAuth 2.0 and OpenId Connect
Modern authentication solutions in Angular 2 with OAuth 2.0 and OpenId ConnectManfred Steyer
 
Tjänsteplattform i mtg - 2014 02-05
Tjänsteplattform i mtg - 2014 02-05Tjänsteplattform i mtg - 2014 02-05
Tjänsteplattform i mtg - 2014 02-05Advania
 
2. Day 2 - Identify and SSO
2. Day 2 - Identify and SSO2. Day 2 - Identify and SSO
2. Day 2 - Identify and SSOHuy Pham
 
Stateless authentication for microservices - Greach 2015
Stateless authentication for microservices - Greach 2015Stateless authentication for microservices - Greach 2015
Stateless authentication for microservices - Greach 2015Alvaro Sanchez-Mariscal
 

Viewers also liked (19)

Stateless authentication for microservices
Stateless authentication for microservicesStateless authentication for microservices
Stateless authentication for microservices
 
Microservices Manchester: Authentication in Microservice Systems by David Borsos
Microservices Manchester: Authentication in Microservice Systems by David BorsosMicroservices Manchester: Authentication in Microservice Systems by David Borsos
Microservices Manchester: Authentication in Microservice Systems by David Borsos
 
Securing RESTful APIs using OAuth 2 and OpenID Connect
Securing RESTful APIs using OAuth 2 and OpenID ConnectSecuring RESTful APIs using OAuth 2 and OpenID Connect
Securing RESTful APIs using OAuth 2 and OpenID Connect
 
Stateless authentication for microservices - Spring I/O 2015
Stateless authentication for microservices - Spring I/O 2015Stateless authentication for microservices - Spring I/O 2015
Stateless authentication for microservices - Spring I/O 2015
 
Testing strategies for micro services - Ketan Soni, Jesal Mistry, ThoughtWorks
Testing strategies for micro services - Ketan Soni, Jesal Mistry, ThoughtWorksTesting strategies for micro services - Ketan Soni, Jesal Mistry, ThoughtWorks
Testing strategies for micro services - Ketan Soni, Jesal Mistry, ThoughtWorks
 
Nginx Scripting - Extending Nginx Functionalities with Lua
Nginx Scripting - Extending Nginx Functionalities with LuaNginx Scripting - Extending Nginx Functionalities with Lua
Nginx Scripting - Extending Nginx Functionalities with Lua
 
The Role of Enterprise Integration in Digital Transformation
The Role of Enterprise Integration in Digital TransformationThe Role of Enterprise Integration in Digital Transformation
The Role of Enterprise Integration in Digital Transformation
 
What is API's
What is API'sWhat is API's
What is API's
 
Stateless token-based authentication for pure front-end applications
Stateless token-based authentication for pure front-end applicationsStateless token-based authentication for pure front-end applications
Stateless token-based authentication for pure front-end applications
 
OAuth2 and Spring Security
OAuth2 and Spring SecurityOAuth2 and Spring Security
OAuth2 and Spring Security
 
muCon 2016: Authentication in Microservice Systems By David Borsos
muCon 2016: Authentication in Microservice Systems By David BorsosmuCon 2016: Authentication in Microservice Systems By David Borsos
muCon 2016: Authentication in Microservice Systems By David Borsos
 
DevSecOps in Baby Steps
DevSecOps in Baby StepsDevSecOps in Baby Steps
DevSecOps in Baby Steps
 
OpenID Connect 入門 〜コンシューマーにおけるID連携のトレンド〜
OpenID Connect 入門 〜コンシューマーにおけるID連携のトレンド〜OpenID Connect 入門 〜コンシューマーにおけるID連携のトレンド〜
OpenID Connect 入門 〜コンシューマーにおけるID連携のトレンド〜
 
Analyzing OAuth
Analyzing OAuthAnalyzing OAuth
Analyzing OAuth
 
Modern authentication solutions in Angular 2 with OAuth 2.0 and OpenId Connect
Modern authentication solutions in Angular 2 with OAuth 2.0 and OpenId ConnectModern authentication solutions in Angular 2 with OAuth 2.0 and OpenId Connect
Modern authentication solutions in Angular 2 with OAuth 2.0 and OpenId Connect
 
SäKerhet I Molnen
SäKerhet I MolnenSäKerhet I Molnen
SäKerhet I Molnen
 
Tjänsteplattform i mtg - 2014 02-05
Tjänsteplattform i mtg - 2014 02-05Tjänsteplattform i mtg - 2014 02-05
Tjänsteplattform i mtg - 2014 02-05
 
2. Day 2 - Identify and SSO
2. Day 2 - Identify and SSO2. Day 2 - Identify and SSO
2. Day 2 - Identify and SSO
 
Stateless authentication for microservices - Greach 2015
Stateless authentication for microservices - Greach 2015Stateless authentication for microservices - Greach 2015
Stateless authentication for microservices - Greach 2015
 

Similar to OAuth and OpenID Connect for Microservices

Securing your Rails application
Securing your Rails applicationSecuring your Rails application
Securing your Rails applicationclucasKrof
 
Razorfish 2014 Tech Summit - Senior Principal Scientist at Adobe Roy Fielding
Razorfish 2014 Tech Summit - Senior Principal Scientist at Adobe Roy Fielding Razorfish 2014 Tech Summit - Senior Principal Scientist at Adobe Roy Fielding
Razorfish 2014 Tech Summit - Senior Principal Scientist at Adobe Roy Fielding Razorfish
 
OAuth in the Real World featuring Webshell
OAuth in the Real World featuring WebshellOAuth in the Real World featuring Webshell
OAuth in the Real World featuring WebshellCA API Management
 
DevOps, CD and [Data] Microservices
DevOps, CD and [Data] MicroservicesDevOps, CD and [Data] Microservices
DevOps, CD and [Data] MicroservicesFred Melo
 
OAuth2 - The Swiss Army Framework
OAuth2 - The Swiss Army FrameworkOAuth2 - The Swiss Army Framework
OAuth2 - The Swiss Army FrameworkBrent Shaffer
 
Microservices architecture
Microservices architectureMicroservices architecture
Microservices architectureDaniel Foo
 
Mule4 EAIESB Meetup
Mule4 EAIESB MeetupMule4 EAIESB Meetup
Mule4 EAIESB MeetupVijay Reddy
 
OGDC 2014: Cross Platform Mobile Game Application Development
OGDC 2014: Cross Platform Mobile Game Application DevelopmentOGDC 2014: Cross Platform Mobile Game Application Development
OGDC 2014: Cross Platform Mobile Game Application DevelopmentGameLandVN
 
OGDC 2014_Cross platform mobile game application development_Mr. Makku J.Kero
OGDC 2014_Cross platform mobile game application development_Mr. Makku J.KeroOGDC 2014_Cross platform mobile game application development_Mr. Makku J.Kero
OGDC 2014_Cross platform mobile game application development_Mr. Makku J.Keroogdc
 
CTD303_Korea’s Largest OTT provider
CTD303_Korea’s Largest OTT providerCTD303_Korea’s Largest OTT provider
CTD303_Korea’s Largest OTT providerAmazon Web Services
 
Part 2: Architecture and the Operator Experience (Pivotal Cloud Platform Road...
Part 2: Architecture and the Operator Experience (Pivotal Cloud Platform Road...Part 2: Architecture and the Operator Experience (Pivotal Cloud Platform Road...
Part 2: Architecture and the Operator Experience (Pivotal Cloud Platform Road...VMware Tanzu
 
API Security: Securing Digital Channels and Mobile Apps Against Hacks
API Security: Securing Digital Channels and Mobile Apps Against HacksAPI Security: Securing Digital Channels and Mobile Apps Against Hacks
API Security: Securing Digital Channels and Mobile Apps Against HacksAkana
 
Cloud native Microservices using Spring Boot
Cloud native Microservices using Spring BootCloud native Microservices using Spring Boot
Cloud native Microservices using Spring BootSufyaan Kazi
 
Platform Security that will Last for Decades (Travis Spencer)
Platform Security that will Last for Decades (Travis Spencer)Platform Security that will Last for Decades (Travis Spencer)
Platform Security that will Last for Decades (Travis Spencer)Nordic APIs
 
To Microservices and Beyond
To Microservices and BeyondTo Microservices and Beyond
To Microservices and BeyondSimon Elisha
 
Pivotal CenturyLink Cloud Platform Seminar Presentations: Architecture & Oper...
Pivotal CenturyLink Cloud Platform Seminar Presentations: Architecture & Oper...Pivotal CenturyLink Cloud Platform Seminar Presentations: Architecture & Oper...
Pivotal CenturyLink Cloud Platform Seminar Presentations: Architecture & Oper...VMware Tanzu
 
Architecture & Operations
Architecture & OperationsArchitecture & Operations
Architecture & OperationsVMware Tanzu
 
Best Practices You Must Apply to Secure Your APIs - Scott Morrison, SVP & Dis...
Best Practices You Must Apply to Secure Your APIs - Scott Morrison, SVP & Dis...Best Practices You Must Apply to Secure Your APIs - Scott Morrison, SVP & Dis...
Best Practices You Must Apply to Secure Your APIs - Scott Morrison, SVP & Dis...CA API Management
 
Enabling Voice Applications with WebRTC and ORTC in Microsoft Edge
Enabling Voice Applications with WebRTC and ORTC in Microsoft EdgeEnabling Voice Applications with WebRTC and ORTC in Microsoft Edge
Enabling Voice Applications with WebRTC and ORTC in Microsoft EdgeMark Roberts
 
The Fantastic Voyage to PaaS - Are we there yet? (Cloud Foundry Summit 2014)
The Fantastic Voyage to PaaS - Are we there yet? (Cloud Foundry Summit 2014)The Fantastic Voyage to PaaS - Are we there yet? (Cloud Foundry Summit 2014)
The Fantastic Voyage to PaaS - Are we there yet? (Cloud Foundry Summit 2014)VMware Tanzu
 

Similar to OAuth and OpenID Connect for Microservices (20)

Securing your Rails application
Securing your Rails applicationSecuring your Rails application
Securing your Rails application
 
Razorfish 2014 Tech Summit - Senior Principal Scientist at Adobe Roy Fielding
Razorfish 2014 Tech Summit - Senior Principal Scientist at Adobe Roy Fielding Razorfish 2014 Tech Summit - Senior Principal Scientist at Adobe Roy Fielding
Razorfish 2014 Tech Summit - Senior Principal Scientist at Adobe Roy Fielding
 
OAuth in the Real World featuring Webshell
OAuth in the Real World featuring WebshellOAuth in the Real World featuring Webshell
OAuth in the Real World featuring Webshell
 
DevOps, CD and [Data] Microservices
DevOps, CD and [Data] MicroservicesDevOps, CD and [Data] Microservices
DevOps, CD and [Data] Microservices
 
OAuth2 - The Swiss Army Framework
OAuth2 - The Swiss Army FrameworkOAuth2 - The Swiss Army Framework
OAuth2 - The Swiss Army Framework
 
Microservices architecture
Microservices architectureMicroservices architecture
Microservices architecture
 
Mule4 EAIESB Meetup
Mule4 EAIESB MeetupMule4 EAIESB Meetup
Mule4 EAIESB Meetup
 
OGDC 2014: Cross Platform Mobile Game Application Development
OGDC 2014: Cross Platform Mobile Game Application DevelopmentOGDC 2014: Cross Platform Mobile Game Application Development
OGDC 2014: Cross Platform Mobile Game Application Development
 
OGDC 2014_Cross platform mobile game application development_Mr. Makku J.Kero
OGDC 2014_Cross platform mobile game application development_Mr. Makku J.KeroOGDC 2014_Cross platform mobile game application development_Mr. Makku J.Kero
OGDC 2014_Cross platform mobile game application development_Mr. Makku J.Kero
 
CTD303_Korea’s Largest OTT provider
CTD303_Korea’s Largest OTT providerCTD303_Korea’s Largest OTT provider
CTD303_Korea’s Largest OTT provider
 
Part 2: Architecture and the Operator Experience (Pivotal Cloud Platform Road...
Part 2: Architecture and the Operator Experience (Pivotal Cloud Platform Road...Part 2: Architecture and the Operator Experience (Pivotal Cloud Platform Road...
Part 2: Architecture and the Operator Experience (Pivotal Cloud Platform Road...
 
API Security: Securing Digital Channels and Mobile Apps Against Hacks
API Security: Securing Digital Channels and Mobile Apps Against HacksAPI Security: Securing Digital Channels and Mobile Apps Against Hacks
API Security: Securing Digital Channels and Mobile Apps Against Hacks
 
Cloud native Microservices using Spring Boot
Cloud native Microservices using Spring BootCloud native Microservices using Spring Boot
Cloud native Microservices using Spring Boot
 
Platform Security that will Last for Decades (Travis Spencer)
Platform Security that will Last for Decades (Travis Spencer)Platform Security that will Last for Decades (Travis Spencer)
Platform Security that will Last for Decades (Travis Spencer)
 
To Microservices and Beyond
To Microservices and BeyondTo Microservices and Beyond
To Microservices and Beyond
 
Pivotal CenturyLink Cloud Platform Seminar Presentations: Architecture & Oper...
Pivotal CenturyLink Cloud Platform Seminar Presentations: Architecture & Oper...Pivotal CenturyLink Cloud Platform Seminar Presentations: Architecture & Oper...
Pivotal CenturyLink Cloud Platform Seminar Presentations: Architecture & Oper...
 
Architecture & Operations
Architecture & OperationsArchitecture & Operations
Architecture & Operations
 
Best Practices You Must Apply to Secure Your APIs - Scott Morrison, SVP & Dis...
Best Practices You Must Apply to Secure Your APIs - Scott Morrison, SVP & Dis...Best Practices You Must Apply to Secure Your APIs - Scott Morrison, SVP & Dis...
Best Practices You Must Apply to Secure Your APIs - Scott Morrison, SVP & Dis...
 
Enabling Voice Applications with WebRTC and ORTC in Microsoft Edge
Enabling Voice Applications with WebRTC and ORTC in Microsoft EdgeEnabling Voice Applications with WebRTC and ORTC in Microsoft Edge
Enabling Voice Applications with WebRTC and ORTC in Microsoft Edge
 
The Fantastic Voyage to PaaS - Are we there yet? (Cloud Foundry Summit 2014)
The Fantastic Voyage to PaaS - Are we there yet? (Cloud Foundry Summit 2014)The Fantastic Voyage to PaaS - Are we there yet? (Cloud Foundry Summit 2014)
The Fantastic Voyage to PaaS - Are we there yet? (Cloud Foundry Summit 2014)
 

Recently uploaded

Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clashcharlottematthew16
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfRankYa
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfPrecisely
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 

Recently uploaded (20)

Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdf
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 

OAuth and OpenID Connect for Microservices

  • 1. OAuth and OpenID Connect for Microservices A homogenous solution for a heterogeneous problem! Jacob Ideskog – Identity Specialist at Twobo Technologies! Copyright © 2014 Twobo Technologies AB. All rights reserved
  • 2. Copyright © 2014 Twobo Technologies AB. All rights reserved A Traditional Service
  • 3. With Traditional Subsystems Copyright © 2014 Twobo Technologies AB. All rights reserved Component C Component D Component A Component B
  • 4. … and traditional scalability Copyright © 2014 Twobo Technologies AB. All rights reserved
  • 5. But this is not always how we build systems Copyright © 2014 Twobo Technologies AB. All rights reserved
  • 6. A microservice Copyright © 2014 Twobo Technologies AB. All rights reserved
  • 7. Many microservices Copyright © 2014 Twobo Technologies AB. All rights reserved
  • 8. Scaling microservices Copyright © 2014 Twobo Technologies AB. All rights reserved
  • 9. So what’s the problem? Copyright © 2014 Twobo Technologies AB. All rights reserved
  • 10. Securing a traditional service Copyright © 2014 Twobo Technologies AB. All rights reserved
  • 11. Securing a traditional service Copyright © 2014 Twobo Technologies AB. All rights reserved User repository
  • 12. So for microservices that would mean Copyright © 2014 Twobo Technologies AB. All rights reserved User repository
  • 13. Not fantastic! Copyright © 2014 Twobo Technologies AB. All rights reserved
  • 14. Lets talk about OAuth It’s not for Authentication …and not for Authorization OAuth is a scalable delegation protocol Copyright © 2014 Twobo Technologies AB. All rights reserved
  • 15. OAuth has 4 actors Resource Owner (RO) Authorization Server (AS) ClientResource Server (RS) Copyright © 2014 Twobo Technologies AB. All rights reserved
  • 16. The client requests access Resource Owner (RO) Authorization Server (AS) ClientResource Server (RS) Copyright © 2014 Twobo Technologies AB. All rights reserved
  • 17. The AS requires the RO to authenticate Resource Owner (RO) Authorization Server (AS) ClientResource Server (RS) Copyright © 2014 Twobo Technologies AB. All rights reserved
  • 18. The AS issues the tokens Resource Owner (RO) Authorization Server (AS) ClientResource Server (RS) Copyright © 2014 Twobo Technologies AB. All rights reserved
  • 19. The Client presents the token to the RS Resource Owner (RO) Authorization Server (AS) ClientResource Server (RS) Copyright © 2014 Twobo Technologies AB. All rights reserved
  • 20. The RS validates the Token Resource Owner (RO) Authorization Server (AS) ClientResource Server (RS) Copyright © 2014 Twobo Technologies AB. All rights reserved
  • 21. Access! Resource Owner (RO) Authorization Server (AS) ClientResource Server (RS) Copyright © 2014 Twobo Technologies AB. All rights reserved
  • 22. One very important thing" " - The Client knows nothing about the user Copyright © 2014 Twobo Technologies AB. All rights reserved
  • 23. Open ID Connect" (Simplified) Copyright © 2014 Twobo Technologies AB. All rights reserved
  • 24. Request Access Resource Owner (RO) Copyright © 2014 Twobo Technologies AB. All rights reserved Authorization Server (AS) ClientResource Server (RS) Sessions MyMail.com
  • 25. Get Redirected to AS Resource Owner (RO) Copyright © 2014 Twobo Technologies AB. All rights reserved Authorization Server (AS) ClientResource Server (RS) Sessions MyMail.com
  • 26. Challenged Resource Owner (RO) Copyright © 2014 Twobo Technologies AB. All rights reserved Authorization Server (AS) ClientResource Server (RS) Sessions MyMail.com
  • 27. Now – an ID Token ( ) is also given Resource Owner (RO) Copyright © 2014 Twobo Technologies AB. All rights reserved Authorization Server (AS) ClientResource Server (RS) Sessions MyMail.com
  • 28. Sessions can be created (SSO) Resource Owner (RO) Copyright © 2014 Twobo Technologies AB. All rights reserved Authorization Server (AS) ClientResource Server (RS) Sessions MyMail.com
  • 29. Tada! Resource Owner (RO) Copyright © 2014 Twobo Technologies AB. All rights reserved Authorization Server (AS) ClientResource Server (RS) Sessions MyMail.com
  • 30. What was interesting there? Copyright © 2014 Twobo Technologies AB. All rights reserved
  • 31. TRUST Copyright © 2014 Twobo Technologies AB. All rights reserved
  • 32. The ID Token is a JWT" (JSON Web Token) Copyright © 2014 Twobo Technologies AB. All rights reserved
  • 33. A signed JSON document { } { "iss": "https://fs.oidc.net", "x5t": "5F0A1359B4BB9FBB104155908DEC1FDCB5AC8865", "typ": "JWT", "alg": "RS256” "sub": "janedoe", "name" : "Jane Doe", "email" : "jane@doe.com", "phone_number" "+46 (0) 12345678", "aud": "https://mymail.com", "iss": "https://fs.oidc.net", "nbf": 1409213888783, "jti": "622a9973-­‐fc4d-­‐4797-­‐be31-­‐7c2116f549df", "exp": 1409213890583, "iat": 1409213888783 } Copyright © 2014 Twobo Technologies AB. All rights reserved Certificate Signature orQOOKvXN3jbEpBSl0RHAyaQNxcx9DFgtMsJJgMxm9Az6QJMKKy6m0 WvP1UzXZA_nsK16g9etg2yEW9IXbQU0RbSQktUtObRB9SxHtW_AcCk6 93XDAz15Y4aP9DeD62nROzd1MS4FZTmY3Cgzo1-3- sqW6_4Rgzs94aLO3aLP_zoVtJycCUKtJQhGhPTyjXXYWMsp0E4uTtL8Ri f7cWu4olme_XNFlAs73pOrfzsQYc1GD2dB70l1M8SDaJZFURr9jAAaavX 7Xqs_FPXY1PZLXLbc3ARXFmRf_- Z4B6uLCGI2shzl12ni54Yun6dflL9rQwaxXYuNZZodUWchID2cA
  • 34. OAuth Access Tokens can also be JWTs Copyright © 2014 Twobo Technologies AB. All rights reserved
  • 35. 2 types of tokens Copyright © 2014 Twobo Technologies AB. All rights reserved 123XYZ Jane Doe By Value By Reference
  • 36. By Reference Contains NO information outside the network Copyright © 2014 Twobo Technologies AB. All rights reserved 123XYZ Jane Doe
  • 37. Contains ALL necessary information Copyright © 2014 Twobo Technologies AB. All rights reserved By Value
  • 38. External vs. Internal By ReferenceBy Value 123XYZ Outside the network Inside the network Copyright © 2014 Twobo Technologies AB. All rights reserved API Firewall / Reverse Proxy API
  • 39. Token Translation By ReferenceBy Value 123XYZ Outside the network Inside the network Copyright © 2014 Twobo Technologies AB. All rights reserved API Firewall / Reverse Proxy API
  • 40. Back to Microservices Copyright © 2014 Twobo Technologies AB. All rights reserved
  • 41. 2 Problems" " - Identifying the user" - Creating sessions" Copyright © 2014 Twobo Technologies AB. All rights reserved
  • 42. Leave authentication to the OAuth/OIDC server Resource Owner (RO) Copyright © 2014 Twobo Technologies AB. All rights reserved Authorization Server (AS)
  • 43. Let all Microservices accept JWTs Resource Owner (RO) Copyright © 2014 Twobo Technologies AB. All rights reserved
  • 44. BUT…" " Translate! Copyright © 2014 Twobo Technologies AB. All rights reserved
  • 45. Let all Microservices accept JWTs Resource Owner (RO) Copyright © 2014 Twobo Technologies AB. All rights reserved Reverse Proxy 123 XYZ
  • 46. - everything is self contained" - standards based" - non-reputable" - scalable Copyright © 2014 Twobo Technologies AB. All rights reserved Conclusion
  • 47. Copyright © 2014 Twobo Technologies AB. All rights reserved Thank you!