CIS14: OAuth and OpenID Connect in Action
Upcoming SlideShare
Loading in...5
×
 

CIS14: OAuth and OpenID Connect in Action

on

  • 242 views

Chuck Mortimore, Salesforcece.com

Chuck Mortimore, Salesforcece.com
Setup and walk-through of live demos, demonstrating interop of various providers and showing real enterprise use-cases.

Statistics

Views

Total Views
242
Views on SlideShare
242
Embed Views
0

Actions

Likes
1
Downloads
18
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

CIS14: OAuth and OpenID Connect in Action CIS14: OAuth and OpenID Connect in Action Presentation Transcript

  • OAuth & OpenID Connect in Action Chuck Mortimore VP, Product Management Salesforce Identity @cmort
  • a quick demo client
  • the world’s simplest client
  • 1) Register an App 2) Get your Metadata 3) Create (initialize) your Client 4) Use your Tokens
  • 1) Register an App
  • 2) Get your Metadata https://login.salesforce.com/.well-known/openid-configuration
  • 2) Get your Metadata { "issuer": "https://login.salesforce.com", "authorization_endpoint": "https://login.salesforce.com/services/oauth2/authorize", "token_endpoint": "https://login.salesforce.com/services/oauth2/token", "revocation_endpoint": "https://login.salesforce.com/services/oauth2/revoke", "userinfo_endpoint": "https://login.salesforce.com/services/oauth2/userinfo", "jwks_uri": "https://login.salesforce.com/id/keys", "scopes_supported": ["id", "api", "web", "full", "chatter_api", "visualforce", "refresh_token", "openid"], "response_types_supported": ["code", "token", "token id_token"], "subject_types_supported": ["public"], "id_token_signing_alg_values_supported": ["RS256"], "display_values_supported": ["page", "popup", "touch"], "token_endpoint_auth_methods_supported": ["client_secret_post", "private_key_jwt"] }
  • 3) Create your Client https://login.salesforce.com/services/oauth2/authorize? response_type=code&redirect_uri=https%3A%2F %2Flocalhost&client_id=… curl -H 'Content-Type: application/x-www-form-urlencoded' -d "client_id=...&client_secret=...&redirect_uri=https%3A%2F %2Flocalhost&grant_type=authorization_code&code=..." https:// login.salesforce.com/services/oauth2/token …and validate your id_token
  • 4) Use your access_token curl -H "Authorization: Bearer ..." https://login.salesforce.com/ services/oauth2/userprofile
  • so what can we do with all this plumbing?
  • social sign-on
  • 1) Register an App
  • 2) Get your Metadata https://accounts.google.com/.well-known/openid-configuration
  • 3) Initialize your client software
  • 4) Just-in-Time Provisioning
  • faster, simpler, better federation
  • 1) Register an App
  • 2) Get your Metadata https://gold.pinglabs.net:9031/.well-known/openid-configuration
  • 3) Initialize your client software
  • 4) Map Users
  • 5) Access APIs!
  • enterprise mobile apps
  • Let’s build this App
  • Refresh Tokens provide “SSO”
  • Let’s Layer in Federation
  • Let’s add Enterprise Policies
  • How about Two Factor Authentication
  • Bonus: Custom Claims