Submit Search
Upload
OAuth and OpenID Connect for Microservices
•
35 likes
•
13,022 views
Twobo Technologies
Follow
Nordic APIs Platform Summit 2014. Presenter: Jacob Ideskog
Read less
Read more
Technology
Report
Share
Report
Share
1 of 47
Download now
Download to read offline
Recommended
Incorporating OAuth: How to integrate OAuth into your mobile app
Incorporating OAuth: How to integrate OAuth into your mobile app
Nordic APIs
Synergies of Cloud Identity: Putting it All Together
Synergies of Cloud Identity: Putting it All Together
Twobo Technologies
Nordic APIs - Building a Secure API
Nordic APIs - Building a Secure API
Twobo Technologies
Neo-security Stack
Neo-security Stack
Twobo Technologies
Secure your APIs using OAuth 2 and OpenID Connect
Secure your APIs using OAuth 2 and OpenID Connect
Nordic APIs
OAuth 2.0 and the Internet of Things (IoT) (Jacob Ideskog)
OAuth 2.0 and the Internet of Things (IoT) (Jacob Ideskog)
Nordic APIs
Incorporating OAuth
Incorporating OAuth
Twobo Technologies
The JSON-based Identity Protocol Suite
The JSON-based Identity Protocol Suite
Twobo Technologies
Recommended
Incorporating OAuth: How to integrate OAuth into your mobile app
Incorporating OAuth: How to integrate OAuth into your mobile app
Nordic APIs
Synergies of Cloud Identity: Putting it All Together
Synergies of Cloud Identity: Putting it All Together
Twobo Technologies
Nordic APIs - Building a Secure API
Nordic APIs - Building a Secure API
Twobo Technologies
Neo-security Stack
Neo-security Stack
Twobo Technologies
Secure your APIs using OAuth 2 and OpenID Connect
Secure your APIs using OAuth 2 and OpenID Connect
Nordic APIs
OAuth 2.0 and the Internet of Things (IoT) (Jacob Ideskog)
OAuth 2.0 and the Internet of Things (IoT) (Jacob Ideskog)
Nordic APIs
Incorporating OAuth
Incorporating OAuth
Twobo Technologies
The JSON-based Identity Protocol Suite
The JSON-based Identity Protocol Suite
Twobo Technologies
1400 ping madsen-nordicapis-connect-01
1400 ping madsen-nordicapis-connect-01
Nordic APIs
Authorization The Missing Piece of the Puzzle
Authorization The Missing Piece of the Puzzle
Nordic APIs
OpenID Connect Explained
OpenID Connect Explained
Vladimir Dzhuvinov
Nordic APIs - Integrated Social Solutions for a Cloudy, Mobile World
Nordic APIs - Integrated Social Solutions for a Cloudy, Mobile World
Twobo Technologies
Launching a Successful and Secure API
Launching a Successful and Secure API
Nordic APIs
An Authentication and Authorization Architecture for a Microservices World
An Authentication and Authorization Architecture for a Microservices World
VMware Tanzu
Stateless authentication with OAuth 2 and JWT - JavaZone 2015
Stateless authentication with OAuth 2 and JWT - JavaZone 2015
Alvaro Sanchez-Mariscal
Open APIs - Risks and Rewards (Øredev 2013)
Open APIs - Risks and Rewards (Øredev 2013)
Nordic APIs
Designing an API
Designing an API
Twobo Technologies
OAuth & OpenID Connect Deep Dive
OAuth & OpenID Connect Deep Dive
Nordic APIs
OpenID Connect 1.0 Explained
OpenID Connect 1.0 Explained
Eugene Siow
OAuth Assisted Token Flow for Single Page Applications
OAuth Assisted Token Flow for Single Page Applications
Nordic APIs
Single Sign On with OAuth and OpenID
Single Sign On with OAuth and OpenID
Gasperi Jerome
Mit 2014 introduction to open id connect and o-auth 2
Mit 2014 introduction to open id connect and o-auth 2
Justin Richer
CIS14: Consolidating Authorization for API and Web SSO using OpenID Connect
CIS14: Consolidating Authorization for API and Web SSO using OpenID Connect
CloudIDSummit
Twobo LDAP Attribute Store for ADFS
Twobo LDAP Attribute Store for ADFS
Twobo Technologies
Authentication and Authorization Architecture in the MEAN Stack
Authentication and Authorization Architecture in the MEAN Stack
FITC
LASCON 2017: SAML v. OpenID v. Oauth
LASCON 2017: SAML v. OpenID v. Oauth
Mike Schwartz
CIS 2015 OpenID Connect and Mobile Applications - David Chase
CIS 2015 OpenID Connect and Mobile Applications - David Chase
CloudIDSummit
ID連携入門 (実習編) - Security Camp 2016
ID連携入門 (実習編) - Security Camp 2016
Nov Matake
Stateless authentication for microservices
Stateless authentication for microservices
Alvaro Sanchez-Mariscal
Microservices Manchester: Authentication in Microservice Systems by David Borsos
Microservices Manchester: Authentication in Microservice Systems by David Borsos
OpenCredo
More Related Content
What's hot
1400 ping madsen-nordicapis-connect-01
1400 ping madsen-nordicapis-connect-01
Nordic APIs
Authorization The Missing Piece of the Puzzle
Authorization The Missing Piece of the Puzzle
Nordic APIs
OpenID Connect Explained
OpenID Connect Explained
Vladimir Dzhuvinov
Nordic APIs - Integrated Social Solutions for a Cloudy, Mobile World
Nordic APIs - Integrated Social Solutions for a Cloudy, Mobile World
Twobo Technologies
Launching a Successful and Secure API
Launching a Successful and Secure API
Nordic APIs
An Authentication and Authorization Architecture for a Microservices World
An Authentication and Authorization Architecture for a Microservices World
VMware Tanzu
Stateless authentication with OAuth 2 and JWT - JavaZone 2015
Stateless authentication with OAuth 2 and JWT - JavaZone 2015
Alvaro Sanchez-Mariscal
Open APIs - Risks and Rewards (Øredev 2013)
Open APIs - Risks and Rewards (Øredev 2013)
Nordic APIs
Designing an API
Designing an API
Twobo Technologies
OAuth & OpenID Connect Deep Dive
OAuth & OpenID Connect Deep Dive
Nordic APIs
OpenID Connect 1.0 Explained
OpenID Connect 1.0 Explained
Eugene Siow
OAuth Assisted Token Flow for Single Page Applications
OAuth Assisted Token Flow for Single Page Applications
Nordic APIs
Single Sign On with OAuth and OpenID
Single Sign On with OAuth and OpenID
Gasperi Jerome
Mit 2014 introduction to open id connect and o-auth 2
Mit 2014 introduction to open id connect and o-auth 2
Justin Richer
CIS14: Consolidating Authorization for API and Web SSO using OpenID Connect
CIS14: Consolidating Authorization for API and Web SSO using OpenID Connect
CloudIDSummit
Twobo LDAP Attribute Store for ADFS
Twobo LDAP Attribute Store for ADFS
Twobo Technologies
Authentication and Authorization Architecture in the MEAN Stack
Authentication and Authorization Architecture in the MEAN Stack
FITC
LASCON 2017: SAML v. OpenID v. Oauth
LASCON 2017: SAML v. OpenID v. Oauth
Mike Schwartz
CIS 2015 OpenID Connect and Mobile Applications - David Chase
CIS 2015 OpenID Connect and Mobile Applications - David Chase
CloudIDSummit
ID連携入門 (実習編) - Security Camp 2016
ID連携入門 (実習編) - Security Camp 2016
Nov Matake
What's hot
(20)
1400 ping madsen-nordicapis-connect-01
1400 ping madsen-nordicapis-connect-01
Authorization The Missing Piece of the Puzzle
Authorization The Missing Piece of the Puzzle
OpenID Connect Explained
OpenID Connect Explained
Nordic APIs - Integrated Social Solutions for a Cloudy, Mobile World
Nordic APIs - Integrated Social Solutions for a Cloudy, Mobile World
Launching a Successful and Secure API
Launching a Successful and Secure API
An Authentication and Authorization Architecture for a Microservices World
An Authentication and Authorization Architecture for a Microservices World
Stateless authentication with OAuth 2 and JWT - JavaZone 2015
Stateless authentication with OAuth 2 and JWT - JavaZone 2015
Open APIs - Risks and Rewards (Øredev 2013)
Open APIs - Risks and Rewards (Øredev 2013)
Designing an API
Designing an API
OAuth & OpenID Connect Deep Dive
OAuth & OpenID Connect Deep Dive
OpenID Connect 1.0 Explained
OpenID Connect 1.0 Explained
OAuth Assisted Token Flow for Single Page Applications
OAuth Assisted Token Flow for Single Page Applications
Single Sign On with OAuth and OpenID
Single Sign On with OAuth and OpenID
Mit 2014 introduction to open id connect and o-auth 2
Mit 2014 introduction to open id connect and o-auth 2
CIS14: Consolidating Authorization for API and Web SSO using OpenID Connect
CIS14: Consolidating Authorization for API and Web SSO using OpenID Connect
Twobo LDAP Attribute Store for ADFS
Twobo LDAP Attribute Store for ADFS
Authentication and Authorization Architecture in the MEAN Stack
Authentication and Authorization Architecture in the MEAN Stack
LASCON 2017: SAML v. OpenID v. Oauth
LASCON 2017: SAML v. OpenID v. Oauth
CIS 2015 OpenID Connect and Mobile Applications - David Chase
CIS 2015 OpenID Connect and Mobile Applications - David Chase
ID連携入門 (実習編) - Security Camp 2016
ID連携入門 (実習編) - Security Camp 2016
Viewers also liked
Stateless authentication for microservices
Stateless authentication for microservices
Alvaro Sanchez-Mariscal
Microservices Manchester: Authentication in Microservice Systems by David Borsos
Microservices Manchester: Authentication in Microservice Systems by David Borsos
OpenCredo
Securing RESTful APIs using OAuth 2 and OpenID Connect
Securing RESTful APIs using OAuth 2 and OpenID Connect
Jonathan LeBlanc
Stateless authentication for microservices - Spring I/O 2015
Stateless authentication for microservices - Spring I/O 2015
Alvaro Sanchez-Mariscal
Testing strategies for micro services - Ketan Soni, Jesal Mistry, ThoughtWorks
Testing strategies for micro services - Ketan Soni, Jesal Mistry, ThoughtWorks
Thoughtworks
Nginx Scripting - Extending Nginx Functionalities with Lua
Nginx Scripting - Extending Nginx Functionalities with Lua
Tony Fabeen
The Role of Enterprise Integration in Digital Transformation
The Role of Enterprise Integration in Digital Transformation
Kasun Indrasiri
What is API's
What is API's
John Pereless
Stateless token-based authentication for pure front-end applications
Stateless token-based authentication for pure front-end applications
Alvaro Sanchez-Mariscal
OAuth2 and Spring Security
OAuth2 and Spring Security
Orest Ivasiv
muCon 2016: Authentication in Microservice Systems By David Borsos
muCon 2016: Authentication in Microservice Systems By David Borsos
OpenCredo
DevSecOps in Baby Steps
DevSecOps in Baby Steps
Priyanka Aash
OpenID Connect 入門 〜コンシューマーにおけるID連携のトレンド〜
OpenID Connect 入門 〜コンシューマーにおけるID連携のトレンド〜
Masaru Kurahayashi
Analyzing OAuth
Analyzing OAuth
Oliver Pfaff
Modern authentication solutions in Angular 2 with OAuth 2.0 and OpenId Connect
Modern authentication solutions in Angular 2 with OAuth 2.0 and OpenId Connect
Manfred Steyer
SäKerhet I Molnen
SäKerhet I Molnen
Predrag Mitrovic
Tjänsteplattform i mtg - 2014 02-05
Tjänsteplattform i mtg - 2014 02-05
Advania
2. Day 2 - Identify and SSO
2. Day 2 - Identify and SSO
Huy Pham
Stateless authentication for microservices - Greach 2015
Stateless authentication for microservices - Greach 2015
Alvaro Sanchez-Mariscal
Viewers also liked
(19)
Stateless authentication for microservices
Stateless authentication for microservices
Microservices Manchester: Authentication in Microservice Systems by David Borsos
Microservices Manchester: Authentication in Microservice Systems by David Borsos
Securing RESTful APIs using OAuth 2 and OpenID Connect
Securing RESTful APIs using OAuth 2 and OpenID Connect
Stateless authentication for microservices - Spring I/O 2015
Stateless authentication for microservices - Spring I/O 2015
Testing strategies for micro services - Ketan Soni, Jesal Mistry, ThoughtWorks
Testing strategies for micro services - Ketan Soni, Jesal Mistry, ThoughtWorks
Nginx Scripting - Extending Nginx Functionalities with Lua
Nginx Scripting - Extending Nginx Functionalities with Lua
The Role of Enterprise Integration in Digital Transformation
The Role of Enterprise Integration in Digital Transformation
What is API's
What is API's
Stateless token-based authentication for pure front-end applications
Stateless token-based authentication for pure front-end applications
OAuth2 and Spring Security
OAuth2 and Spring Security
muCon 2016: Authentication in Microservice Systems By David Borsos
muCon 2016: Authentication in Microservice Systems By David Borsos
DevSecOps in Baby Steps
DevSecOps in Baby Steps
OpenID Connect 入門 〜コンシューマーにおけるID連携のトレンド〜
OpenID Connect 入門 〜コンシューマーにおけるID連携のトレンド〜
Analyzing OAuth
Analyzing OAuth
Modern authentication solutions in Angular 2 with OAuth 2.0 and OpenId Connect
Modern authentication solutions in Angular 2 with OAuth 2.0 and OpenId Connect
SäKerhet I Molnen
SäKerhet I Molnen
Tjänsteplattform i mtg - 2014 02-05
Tjänsteplattform i mtg - 2014 02-05
2. Day 2 - Identify and SSO
2. Day 2 - Identify and SSO
Stateless authentication for microservices - Greach 2015
Stateless authentication for microservices - Greach 2015
Similar to OAuth and OpenID Connect for Microservices
Securing your Rails application
Securing your Rails application
clucasKrof
Razorfish 2014 Tech Summit - Senior Principal Scientist at Adobe Roy Fielding
Razorfish 2014 Tech Summit - Senior Principal Scientist at Adobe Roy Fielding
Razorfish
OAuth in the Real World featuring Webshell
OAuth in the Real World featuring Webshell
CA API Management
DevOps, CD and [Data] Microservices
DevOps, CD and [Data] Microservices
Fred Melo
OAuth2 - The Swiss Army Framework
OAuth2 - The Swiss Army Framework
Brent Shaffer
Microservices architecture
Microservices architecture
Daniel Foo
Mule4 EAIESB Meetup
Mule4 EAIESB Meetup
Vijay Reddy
OGDC 2014: Cross Platform Mobile Game Application Development
OGDC 2014: Cross Platform Mobile Game Application Development
GameLandVN
OGDC 2014_Cross platform mobile game application development_Mr. Makku J.Kero
OGDC 2014_Cross platform mobile game application development_Mr. Makku J.Kero
ogdc
CTD303_Korea’s Largest OTT provider
CTD303_Korea’s Largest OTT provider
Amazon Web Services
Part 2: Architecture and the Operator Experience (Pivotal Cloud Platform Road...
Part 2: Architecture and the Operator Experience (Pivotal Cloud Platform Road...
VMware Tanzu
API Security: Securing Digital Channels and Mobile Apps Against Hacks
API Security: Securing Digital Channels and Mobile Apps Against Hacks
Akana
Cloud native Microservices using Spring Boot
Cloud native Microservices using Spring Boot
Sufyaan Kazi
Platform Security that will Last for Decades (Travis Spencer)
Platform Security that will Last for Decades (Travis Spencer)
Nordic APIs
To Microservices and Beyond
To Microservices and Beyond
Simon Elisha
Pivotal CenturyLink Cloud Platform Seminar Presentations: Architecture & Oper...
Pivotal CenturyLink Cloud Platform Seminar Presentations: Architecture & Oper...
VMware Tanzu
Architecture & Operations
Architecture & Operations
VMware Tanzu
Best Practices You Must Apply to Secure Your APIs - Scott Morrison, SVP & Dis...
Best Practices You Must Apply to Secure Your APIs - Scott Morrison, SVP & Dis...
CA API Management
Enabling Voice Applications with WebRTC and ORTC in Microsoft Edge
Enabling Voice Applications with WebRTC and ORTC in Microsoft Edge
Mark Roberts
The Fantastic Voyage to PaaS - Are we there yet? (Cloud Foundry Summit 2014)
The Fantastic Voyage to PaaS - Are we there yet? (Cloud Foundry Summit 2014)
VMware Tanzu
Similar to OAuth and OpenID Connect for Microservices
(20)
Securing your Rails application
Securing your Rails application
Razorfish 2014 Tech Summit - Senior Principal Scientist at Adobe Roy Fielding
Razorfish 2014 Tech Summit - Senior Principal Scientist at Adobe Roy Fielding
OAuth in the Real World featuring Webshell
OAuth in the Real World featuring Webshell
DevOps, CD and [Data] Microservices
DevOps, CD and [Data] Microservices
OAuth2 - The Swiss Army Framework
OAuth2 - The Swiss Army Framework
Microservices architecture
Microservices architecture
Mule4 EAIESB Meetup
Mule4 EAIESB Meetup
OGDC 2014: Cross Platform Mobile Game Application Development
OGDC 2014: Cross Platform Mobile Game Application Development
OGDC 2014_Cross platform mobile game application development_Mr. Makku J.Kero
OGDC 2014_Cross platform mobile game application development_Mr. Makku J.Kero
CTD303_Korea’s Largest OTT provider
CTD303_Korea’s Largest OTT provider
Part 2: Architecture and the Operator Experience (Pivotal Cloud Platform Road...
Part 2: Architecture and the Operator Experience (Pivotal Cloud Platform Road...
API Security: Securing Digital Channels and Mobile Apps Against Hacks
API Security: Securing Digital Channels and Mobile Apps Against Hacks
Cloud native Microservices using Spring Boot
Cloud native Microservices using Spring Boot
Platform Security that will Last for Decades (Travis Spencer)
Platform Security that will Last for Decades (Travis Spencer)
To Microservices and Beyond
To Microservices and Beyond
Pivotal CenturyLink Cloud Platform Seminar Presentations: Architecture & Oper...
Pivotal CenturyLink Cloud Platform Seminar Presentations: Architecture & Oper...
Architecture & Operations
Architecture & Operations
Best Practices You Must Apply to Secure Your APIs - Scott Morrison, SVP & Dis...
Best Practices You Must Apply to Secure Your APIs - Scott Morrison, SVP & Dis...
Enabling Voice Applications with WebRTC and ORTC in Microsoft Edge
Enabling Voice Applications with WebRTC and ORTC in Microsoft Edge
The Fantastic Voyage to PaaS - Are we there yet? (Cloud Foundry Summit 2014)
The Fantastic Voyage to PaaS - Are we there yet? (Cloud Foundry Summit 2014)
Recently uploaded
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Mark Simos
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
LoriGlavin3
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
Fwdays
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
Scott Keck-Warren
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
charlottematthew16
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
Curtis Poe
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
Dilum Bandara
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
Alex Barbosa Coqueiro
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
Addepto
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
DianaGray10
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
Rizwan Syed
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
Alfredo García Lavilla
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
UiPathCommunity
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdf
RankYa
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
NavinnSomaal
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Precisely
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
Stephanie Beckett
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
Mark Billinghurst
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
Dubai Multi Commodity Centre
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
Alan Dix
Recently uploaded
(20)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdf
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
OAuth and OpenID Connect for Microservices
1.
OAuth and OpenID
Connect for Microservices A homogenous solution for a heterogeneous problem! Jacob Ideskog – Identity Specialist at Twobo Technologies! Copyright © 2014 Twobo Technologies AB. All rights reserved
2.
Copyright © 2014
Twobo Technologies AB. All rights reserved A Traditional Service
3.
With Traditional Subsystems
Copyright © 2014 Twobo Technologies AB. All rights reserved Component C Component D Component A Component B
4.
… and traditional
scalability Copyright © 2014 Twobo Technologies AB. All rights reserved
5.
But this is
not always how we build systems Copyright © 2014 Twobo Technologies AB. All rights reserved
6.
A microservice Copyright
© 2014 Twobo Technologies AB. All rights reserved
7.
Many microservices Copyright
© 2014 Twobo Technologies AB. All rights reserved
8.
Scaling microservices Copyright
© 2014 Twobo Technologies AB. All rights reserved
9.
So what’s the
problem? Copyright © 2014 Twobo Technologies AB. All rights reserved
10.
Securing a traditional
service Copyright © 2014 Twobo Technologies AB. All rights reserved
11.
Securing a traditional
service Copyright © 2014 Twobo Technologies AB. All rights reserved User repository
12.
So for microservices
that would mean Copyright © 2014 Twobo Technologies AB. All rights reserved User repository
13.
Not fantastic! Copyright
© 2014 Twobo Technologies AB. All rights reserved
14.
Lets talk about
OAuth It’s not for Authentication …and not for Authorization OAuth is a scalable delegation protocol Copyright © 2014 Twobo Technologies AB. All rights reserved
15.
OAuth has 4
actors Resource Owner (RO) Authorization Server (AS) ClientResource Server (RS) Copyright © 2014 Twobo Technologies AB. All rights reserved
16.
The client requests
access Resource Owner (RO) Authorization Server (AS) ClientResource Server (RS) Copyright © 2014 Twobo Technologies AB. All rights reserved
17.
The AS requires
the RO to authenticate Resource Owner (RO) Authorization Server (AS) ClientResource Server (RS) Copyright © 2014 Twobo Technologies AB. All rights reserved
18.
The AS issues
the tokens Resource Owner (RO) Authorization Server (AS) ClientResource Server (RS) Copyright © 2014 Twobo Technologies AB. All rights reserved
19.
The Client presents
the token to the RS Resource Owner (RO) Authorization Server (AS) ClientResource Server (RS) Copyright © 2014 Twobo Technologies AB. All rights reserved
20.
The RS validates
the Token Resource Owner (RO) Authorization Server (AS) ClientResource Server (RS) Copyright © 2014 Twobo Technologies AB. All rights reserved
21.
Access! Resource Owner
(RO) Authorization Server (AS) ClientResource Server (RS) Copyright © 2014 Twobo Technologies AB. All rights reserved
22.
One very important
thing" " - The Client knows nothing about the user Copyright © 2014 Twobo Technologies AB. All rights reserved
23.
Open ID Connect"
(Simplified) Copyright © 2014 Twobo Technologies AB. All rights reserved
24.
Request Access Resource
Owner (RO) Copyright © 2014 Twobo Technologies AB. All rights reserved Authorization Server (AS) ClientResource Server (RS) Sessions MyMail.com
25.
Get Redirected to
AS Resource Owner (RO) Copyright © 2014 Twobo Technologies AB. All rights reserved Authorization Server (AS) ClientResource Server (RS) Sessions MyMail.com
26.
Challenged Resource Owner
(RO) Copyright © 2014 Twobo Technologies AB. All rights reserved Authorization Server (AS) ClientResource Server (RS) Sessions MyMail.com
27.
Now – an
ID Token ( ) is also given Resource Owner (RO) Copyright © 2014 Twobo Technologies AB. All rights reserved Authorization Server (AS) ClientResource Server (RS) Sessions MyMail.com
28.
Sessions can be
created (SSO) Resource Owner (RO) Copyright © 2014 Twobo Technologies AB. All rights reserved Authorization Server (AS) ClientResource Server (RS) Sessions MyMail.com
29.
Tada! Resource Owner
(RO) Copyright © 2014 Twobo Technologies AB. All rights reserved Authorization Server (AS) ClientResource Server (RS) Sessions MyMail.com
30.
What was interesting
there? Copyright © 2014 Twobo Technologies AB. All rights reserved
31.
TRUST Copyright ©
2014 Twobo Technologies AB. All rights reserved
32.
The ID Token
is a JWT" (JSON Web Token) Copyright © 2014 Twobo Technologies AB. All rights reserved
33.
A signed JSON
document { } { "iss": "https://fs.oidc.net", "x5t": "5F0A1359B4BB9FBB104155908DEC1FDCB5AC8865", "typ": "JWT", "alg": "RS256” "sub": "janedoe", "name" : "Jane Doe", "email" : "jane@doe.com", "phone_number" "+46 (0) 12345678", "aud": "https://mymail.com", "iss": "https://fs.oidc.net", "nbf": 1409213888783, "jti": "622a9973-‐fc4d-‐4797-‐be31-‐7c2116f549df", "exp": 1409213890583, "iat": 1409213888783 } Copyright © 2014 Twobo Technologies AB. All rights reserved Certificate Signature orQOOKvXN3jbEpBSl0RHAyaQNxcx9DFgtMsJJgMxm9Az6QJMKKy6m0 WvP1UzXZA_nsK16g9etg2yEW9IXbQU0RbSQktUtObRB9SxHtW_AcCk6 93XDAz15Y4aP9DeD62nROzd1MS4FZTmY3Cgzo1-3- sqW6_4Rgzs94aLO3aLP_zoVtJycCUKtJQhGhPTyjXXYWMsp0E4uTtL8Ri f7cWu4olme_XNFlAs73pOrfzsQYc1GD2dB70l1M8SDaJZFURr9jAAaavX 7Xqs_FPXY1PZLXLbc3ARXFmRf_- Z4B6uLCGI2shzl12ni54Yun6dflL9rQwaxXYuNZZodUWchID2cA
34.
OAuth Access Tokens
can also be JWTs Copyright © 2014 Twobo Technologies AB. All rights reserved
35.
2 types of
tokens Copyright © 2014 Twobo Technologies AB. All rights reserved 123XYZ Jane Doe By Value By Reference
36.
By Reference Contains
NO information outside the network Copyright © 2014 Twobo Technologies AB. All rights reserved 123XYZ Jane Doe
37.
Contains ALL necessary
information Copyright © 2014 Twobo Technologies AB. All rights reserved By Value
38.
External vs. Internal
By ReferenceBy Value 123XYZ Outside the network Inside the network Copyright © 2014 Twobo Technologies AB. All rights reserved API Firewall / Reverse Proxy API
39.
Token Translation By
ReferenceBy Value 123XYZ Outside the network Inside the network Copyright © 2014 Twobo Technologies AB. All rights reserved API Firewall / Reverse Proxy API
40.
Back to Microservices
Copyright © 2014 Twobo Technologies AB. All rights reserved
41.
2 Problems" "
- Identifying the user" - Creating sessions" Copyright © 2014 Twobo Technologies AB. All rights reserved
42.
Leave authentication to
the OAuth/OIDC server Resource Owner (RO) Copyright © 2014 Twobo Technologies AB. All rights reserved Authorization Server (AS)
43.
Let all Microservices
accept JWTs Resource Owner (RO) Copyright © 2014 Twobo Technologies AB. All rights reserved
44.
BUT…" " Translate!
Copyright © 2014 Twobo Technologies AB. All rights reserved
45.
Let all Microservices
accept JWTs Resource Owner (RO) Copyright © 2014 Twobo Technologies AB. All rights reserved Reverse Proxy 123 XYZ
46.
- everything is
self contained" - standards based" - non-reputable" - scalable Copyright © 2014 Twobo Technologies AB. All rights reserved Conclusion
47.
Copyright © 2014
Twobo Technologies AB. All rights reserved Thank you!
Download now