CIS14: OAuth and OpenID Connect in Action
Upcoming SlideShare
Loading in...5
×
 

Like this? Share it with your network

Share

CIS14: OAuth and OpenID Connect in Action

on

  • 339 views

Chuck Mortimore, Salesforcece.com

Chuck Mortimore, Salesforcece.com
Setup and walk-through of live demos, demonstrating interop of various providers and showing real enterprise use-cases.

Statistics

Views

Total Views
339
Views on SlideShare
339
Embed Views
0

Actions

Likes
1
Downloads
23
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

CIS14: OAuth and OpenID Connect in Action Presentation Transcript

  • 1. OAuth & OpenID Connect in Action Chuck Mortimore VP, Product Management Salesforce Identity @cmort
  • 2. a quick demo client
  • 3. the world’s simplest client
  • 4. 1) Register an App 2) Get your Metadata 3) Create (initialize) your Client 4) Use your Tokens
  • 5. 1) Register an App
  • 6. 2) Get your Metadata https://login.salesforce.com/.well-known/openid-configuration
  • 7. 2) Get your Metadata { "issuer": "https://login.salesforce.com", "authorization_endpoint": "https://login.salesforce.com/services/oauth2/authorize", "token_endpoint": "https://login.salesforce.com/services/oauth2/token", "revocation_endpoint": "https://login.salesforce.com/services/oauth2/revoke", "userinfo_endpoint": "https://login.salesforce.com/services/oauth2/userinfo", "jwks_uri": "https://login.salesforce.com/id/keys", "scopes_supported": ["id", "api", "web", "full", "chatter_api", "visualforce", "refresh_token", "openid"], "response_types_supported": ["code", "token", "token id_token"], "subject_types_supported": ["public"], "id_token_signing_alg_values_supported": ["RS256"], "display_values_supported": ["page", "popup", "touch"], "token_endpoint_auth_methods_supported": ["client_secret_post", "private_key_jwt"] }
  • 8. 3) Create your Client https://login.salesforce.com/services/oauth2/authorize? response_type=code&redirect_uri=https%3A%2F %2Flocalhost&client_id=… curl -H 'Content-Type: application/x-www-form-urlencoded' -d "client_id=...&client_secret=...&redirect_uri=https%3A%2F %2Flocalhost&grant_type=authorization_code&code=..." https:// login.salesforce.com/services/oauth2/token …and validate your id_token
  • 9. 4) Use your access_token curl -H "Authorization: Bearer ..." https://login.salesforce.com/ services/oauth2/userprofile
  • 10. so what can we do with all this plumbing?
  • 11. social sign-on
  • 12. 1) Register an App
  • 13. 2) Get your Metadata https://accounts.google.com/.well-known/openid-configuration
  • 14. 3) Initialize your client software
  • 15. 4) Just-in-Time Provisioning
  • 16. faster, simpler, better federation
  • 17. 1) Register an App
  • 18. 2) Get your Metadata https://gold.pinglabs.net:9031/.well-known/openid-configuration
  • 19. 3) Initialize your client software
  • 20. 4) Map Users
  • 21. 5) Access APIs!
  • 22. enterprise mobile apps
  • 23. Let’s build this App
  • 24. Refresh Tokens provide “SSO”
  • 25. Let’s Layer in Federation
  • 26. Let’s add Enterprise Policies
  • 27. How about Two Factor Authentication
  • 28. Bonus: Custom Claims