CIS14: OAuth and OpenID Connect in Action

1,104 views
935 views

Published on

Chuck Mortimore, Salesforcece.com
Setup and walk-through of live demos, demonstrating interop of various providers and showing real enterprise use-cases.

Published in: Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
1,104
On SlideShare
0
From Embeds
0
Number of Embeds
4
Actions
Shares
0
Downloads
39
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

CIS14: OAuth and OpenID Connect in Action

  1. 1. OAuth & OpenID Connect in Action Chuck Mortimore VP, Product Management Salesforce Identity @cmort
  2. 2. a quick demo client
  3. 3. the world’s simplest client
  4. 4. 1) Register an App 2) Get your Metadata 3) Create (initialize) your Client 4) Use your Tokens
  5. 5. 1) Register an App
  6. 6. 2) Get your Metadata https://login.salesforce.com/.well-known/openid-configuration
  7. 7. 2) Get your Metadata { "issuer": "https://login.salesforce.com", "authorization_endpoint": "https://login.salesforce.com/services/oauth2/authorize", "token_endpoint": "https://login.salesforce.com/services/oauth2/token", "revocation_endpoint": "https://login.salesforce.com/services/oauth2/revoke", "userinfo_endpoint": "https://login.salesforce.com/services/oauth2/userinfo", "jwks_uri": "https://login.salesforce.com/id/keys", "scopes_supported": ["id", "api", "web", "full", "chatter_api", "visualforce", "refresh_token", "openid"], "response_types_supported": ["code", "token", "token id_token"], "subject_types_supported": ["public"], "id_token_signing_alg_values_supported": ["RS256"], "display_values_supported": ["page", "popup", "touch"], "token_endpoint_auth_methods_supported": ["client_secret_post", "private_key_jwt"] }
  8. 8. 3) Create your Client https://login.salesforce.com/services/oauth2/authorize? response_type=code&redirect_uri=https%3A%2F %2Flocalhost&client_id=… curl -H 'Content-Type: application/x-www-form-urlencoded' -d "client_id=...&client_secret=...&redirect_uri=https%3A%2F %2Flocalhost&grant_type=authorization_code&code=..." https:// login.salesforce.com/services/oauth2/token …and validate your id_token
  9. 9. 4) Use your access_token curl -H "Authorization: Bearer ..." https://login.salesforce.com/ services/oauth2/userprofile
  10. 10. so what can we do with all this plumbing?
  11. 11. social sign-on
  12. 12. 1) Register an App
  13. 13. 2) Get your Metadata https://accounts.google.com/.well-known/openid-configuration
  14. 14. 3) Initialize your client software
  15. 15. 4) Just-in-Time Provisioning
  16. 16. faster, simpler, better federation
  17. 17. 1) Register an App
  18. 18. 2) Get your Metadata https://gold.pinglabs.net:9031/.well-known/openid-configuration
  19. 19. 3) Initialize your client software
  20. 20. 4) Map Users
  21. 21. 5) Access APIs!
  22. 22. enterprise mobile apps
  23. 23. Let’s build this App
  24. 24. Refresh Tokens provide “SSO”
  25. 25. Let’s Layer in Federation
  26. 26. Let’s add Enterprise Policies
  27. 27. How about Two Factor Authentication
  28. 28. Bonus: Custom Claims

×