Your SlideShare is downloading. ×
0
CIS14: OAuth and OpenID Connect in Action
CIS14: OAuth and OpenID Connect in Action
CIS14: OAuth and OpenID Connect in Action
CIS14: OAuth and OpenID Connect in Action
CIS14: OAuth and OpenID Connect in Action
CIS14: OAuth and OpenID Connect in Action
CIS14: OAuth and OpenID Connect in Action
CIS14: OAuth and OpenID Connect in Action
CIS14: OAuth and OpenID Connect in Action
CIS14: OAuth and OpenID Connect in Action
CIS14: OAuth and OpenID Connect in Action
CIS14: OAuth and OpenID Connect in Action
CIS14: OAuth and OpenID Connect in Action
CIS14: OAuth and OpenID Connect in Action
CIS14: OAuth and OpenID Connect in Action
CIS14: OAuth and OpenID Connect in Action
CIS14: OAuth and OpenID Connect in Action
CIS14: OAuth and OpenID Connect in Action
CIS14: OAuth and OpenID Connect in Action
CIS14: OAuth and OpenID Connect in Action
CIS14: OAuth and OpenID Connect in Action
CIS14: OAuth and OpenID Connect in Action
CIS14: OAuth and OpenID Connect in Action
CIS14: OAuth and OpenID Connect in Action
CIS14: OAuth and OpenID Connect in Action
CIS14: OAuth and OpenID Connect in Action
CIS14: OAuth and OpenID Connect in Action
CIS14: OAuth and OpenID Connect in Action
CIS14: OAuth and OpenID Connect in Action
CIS14: OAuth and OpenID Connect in Action
CIS14: OAuth and OpenID Connect in Action
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

CIS14: OAuth and OpenID Connect in Action

695

Published on

Chuck Mortimore, Salesforcece.com …

Chuck Mortimore, Salesforcece.com
Setup and walk-through of live demos, demonstrating interop of various providers and showing real enterprise use-cases.

Published in: Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
695
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
36
Comments
0
Likes
1
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. OAuth & OpenID Connect in Action Chuck Mortimore VP, Product Management Salesforce Identity @cmort
  • 2. a quick demo client
  • 3. the world’s simplest client
  • 4. 1) Register an App 2) Get your Metadata 3) Create (initialize) your Client 4) Use your Tokens
  • 5. 1) Register an App
  • 6. 2) Get your Metadata https://login.salesforce.com/.well-known/openid-configuration
  • 7. 2) Get your Metadata { "issuer": "https://login.salesforce.com", "authorization_endpoint": "https://login.salesforce.com/services/oauth2/authorize", "token_endpoint": "https://login.salesforce.com/services/oauth2/token", "revocation_endpoint": "https://login.salesforce.com/services/oauth2/revoke", "userinfo_endpoint": "https://login.salesforce.com/services/oauth2/userinfo", "jwks_uri": "https://login.salesforce.com/id/keys", "scopes_supported": ["id", "api", "web", "full", "chatter_api", "visualforce", "refresh_token", "openid"], "response_types_supported": ["code", "token", "token id_token"], "subject_types_supported": ["public"], "id_token_signing_alg_values_supported": ["RS256"], "display_values_supported": ["page", "popup", "touch"], "token_endpoint_auth_methods_supported": ["client_secret_post", "private_key_jwt"] }
  • 8. 3) Create your Client https://login.salesforce.com/services/oauth2/authorize? response_type=code&redirect_uri=https%3A%2F %2Flocalhost&client_id=… curl -H 'Content-Type: application/x-www-form-urlencoded' -d "client_id=...&client_secret=...&redirect_uri=https%3A%2F %2Flocalhost&grant_type=authorization_code&code=..." https:// login.salesforce.com/services/oauth2/token …and validate your id_token
  • 9. 4) Use your access_token curl -H "Authorization: Bearer ..." https://login.salesforce.com/ services/oauth2/userprofile
  • 10. so what can we do with all this plumbing?
  • 11. social sign-on
  • 12. 1) Register an App
  • 13. 2) Get your Metadata https://accounts.google.com/.well-known/openid-configuration
  • 14. 3) Initialize your client software
  • 15. 4) Just-in-Time Provisioning
  • 16. faster, simpler, better federation
  • 17. 1) Register an App
  • 18. 2) Get your Metadata https://gold.pinglabs.net:9031/.well-known/openid-configuration
  • 19. 3) Initialize your client software
  • 20. 4) Map Users
  • 21. 5) Access APIs!
  • 22. enterprise mobile apps
  • 23. Let’s build this App
  • 24. Refresh Tokens provide “SSO”
  • 25. Let’s Layer in Federation
  • 26. Let’s add Enterprise Policies
  • 27. How about Two Factor Authentication
  • 28. Bonus: Custom Claims

×