SlideShare a Scribd company logo

Simplify user application authentication using Microsoft Identity Platform

Download as PPTX, PDF
M
Manoj Mittal

Microsoft identity platform is an evolution of the Azure Active Directory developer platform. It allows developers to build applications that sign in all Microsoft identities. It support to below kind of activity:

Technology
1 of 21
| Webinar: Bengaluru Chapter Simply user application authentication using Microsoft Identity Manoj Mittal | Speakers | Author | Blogger Sr. Technical Architect @ Mindtree Ltd
2 Who Am I C# Corner MVP, MCP, MCTS,MCSA, OCA http://manojmittalblogs.blogspot.in https://www.youtube.com/user/manojmcans/videos /Manojmcans In/manoj-mittal-mcp-mcts-oca-mcsa/ https://www.c-sharpcorner.com/members/manoj-mittal
3 AgendaAgenda • What is Microsoft Identity Platform • Build an application using Microsoft Identity and How Simple it is. • How Microsoft Identity Works • Advance Scenarios i.e. Permission and Consent
4 Microsoft Identity Platform (Formerly Known as Azure Active Directory) What it is & Why
Authentication Before
Authentication Simplified
Who can sign in The Microsoft identity platform endpoint allows Work School accounts from Azure AD Personal Microsoft accounts (MSA), such as hotmail.com, outlook.com, and msn.com, to sign in The v1.0 endpoint allows only work and school accounts to sign in to your application (Azure AD)
MSAL JS or MSAL .NET (Microsoft Authentication Library) V2.0 ADAL JS or ADAL .NET (Azure AD Authentication Library) V1.0 Both used to authentication Azure AD entities and request token from Azure AD MSAL used to authenticate a broader set of Microsoft Identities • Azure AD identities • Microsoft account, social and local account through Azure B2C) Azure AD V1.0 used to authenticate • Azure identities (work and school) Method to renew tokens silently without prompting users is named acquireTokenSilent (more descriptive) Method to renew tokens silently without prompting users is named acquireToken MSAL.js API is designed around user agent client application such as Web Browser ADAL.js uses AuthenticationContext as the representation of an instance of your application's connection Method to acquire token requests can take different authority values than what is set in the UserAgentApplication Methods to acquire tokens are associated with a single authority set in the AuthenticationContext Authority Value: V2.0 use https://login.microsoftonline.com/common authority, will allow users to sign in with any Azure AD organization account or a Microsoft personal account (MSA). To restrict the sign in to only Azure AD accounts use https://login.microsoftonline.com/organizations Authority Value : v1.0, use https://login.microsoftonline.com/common authority will allow users to sign in with any Azure AD account (for any organization)
9 Microsoft Identity Platform (Formerly Known as Azure Active Directory) • Build organizational applications using one Sign In Experience • Securely access data in any API (i.e. Microsoft Graph) • Evolution of Azure Active Directory for Developers
10 Microsoft Identity Platform (Formerly Known as Azure Active Directory) • Build an application using Microsoft Identity and How Simple it is.
11 Building an application using Microsoft Identity
Protocol Diagram : Implicit Flow Primary Benefits: • It allow to get token from Microsoft Identity. • It’s allow app to sign-in the users • Maintain the session. • Get Token to Other WebAPI Diagram shows what the entire implicit sign-in flow looks like and the sections that follow describe each step in more detail
ID Token Access Token The ID Token is a security token that contains Claims(claims are name/value pairs that contain information about a user) about the Authentication of an End-User by an Authorization Server when using a Client, and potentially other requested Claims. The ID Token is represented as a JSON Web Token (JWT) Access tokens are used as bearer tokens. A bearer token means that the bearer (who hold the access token) can access authorized resources without further identification { "iss": "https://server.example.com", "sub": "24400320", "aud": "s6BhdRkqt3", "nonce": "n-0S6_WzA2Mj", "exp": 1311281970, "iat": 1311280970, "auth_time": 1311280969, "acr": "urn:mace:incommon:iap:silver" } These tokens usually have a short lifespan (dictated by its expiration) for improved security. That is, when the access token expires, the user must authenticate again to get a new access token limiting the exposure of the fact that it’s a bearer token.
Re-Cap • It quite easy and share lot of stuff without any extra code. • Single Sign On • Token Management i.e. acquireTokenSilent (It acquire token from signed in user from cache) aquireTokenSilent may not required due :- • Login Required • Multi Factor Authentication • Password Reset
Advance Scenario • Customize your App Registration • Permission and Consent Model
Permission and Consent Model Scope define your app’s range of operation against particular set of Cloud APIs Consent is a data access contract
Permissions Type Delegate Permission • Sign In Required • Scope: User.Read Application Permission • Background Jobs • Scope: People.Read
Best Practice for Permission & Consent • Define at least minimum permission to run your application else it will cause to malicious actions • Use delegate permission for where user need sign in. • Consider incremental consent for scope require the user’s approval
Building an application with Incremental Consent
Best Practice for Single Sign On • Always try the silent token acquisition before attempting interactive token acquisition • This Simple pattern enable SSO.
21 Thank You Q & A

Recommended

Introduction to AWS Organizations
Introduction to AWS OrganizationsIntroduction to AWS Organizations
Introduction to AWS OrganizationsAmazon Web Services
 
Amazon GuardDuty - Let's Attack My Account! - AWS Online Tech Talks
Amazon GuardDuty - Let's Attack My Account! - AWS Online Tech TalksAmazon GuardDuty - Let's Attack My Account! - AWS Online Tech Talks
Amazon GuardDuty - Let's Attack My Account! - AWS Online Tech TalksAmazon Web Services
 
Monitor Azure HDInsight with Azure Log Analytics
Monitor Azure HDInsight with Azure Log AnalyticsMonitor Azure HDInsight with Azure Log Analytics
Monitor Azure HDInsight with Azure Log AnalyticsAshish Thapliyal
 
Managing enterprise applications, permissions, and consent in Azure Active Di...
Managing enterprise applications, permissions, and consent in Azure Active Di...Managing enterprise applications, permissions, and consent in Azure Active Di...
Managing enterprise applications, permissions, and consent in Azure Active Di...Peter Selch Dahl
 
Introduction to Microsoft Azure
Introduction to Microsoft AzureIntroduction to Microsoft Azure
Introduction to Microsoft AzureKasun Kodagoda
 
AWS VS AZURE VS GCP.pptx
AWS VS AZURE VS GCP.pptxAWS VS AZURE VS GCP.pptx
AWS VS AZURE VS GCP.pptxRaneesh Ramesan
 
KrakenD API Gateway
KrakenD API GatewayKrakenD API Gateway
KrakenD API GatewayAlbert Lombarte
 
Behind the Scenes: Exploring the AWS Global Network (NET305) - AWS re:Invent ...
Behind the Scenes: Exploring the AWS Global Network (NET305) - AWS re:Invent ...Behind the Scenes: Exploring the AWS Global Network (NET305) - AWS re:Invent ...
Behind the Scenes: Exploring the AWS Global Network (NET305) - AWS re:Invent ...Amazon Web Services
 

Recommended

Introduction to AWS Organizations
Introduction to AWS OrganizationsIntroduction to AWS Organizations
Introduction to AWS OrganizationsAmazon Web Services
 
Amazon GuardDuty - Let's Attack My Account! - AWS Online Tech Talks
Amazon GuardDuty - Let's Attack My Account! - AWS Online Tech TalksAmazon GuardDuty - Let's Attack My Account! - AWS Online Tech Talks
Amazon GuardDuty - Let's Attack My Account! - AWS Online Tech TalksAmazon Web Services
 
Monitor Azure HDInsight with Azure Log Analytics
Monitor Azure HDInsight with Azure Log AnalyticsMonitor Azure HDInsight with Azure Log Analytics
Monitor Azure HDInsight with Azure Log AnalyticsAshish Thapliyal
 
Managing enterprise applications, permissions, and consent in Azure Active Di...
Managing enterprise applications, permissions, and consent in Azure Active Di...Managing enterprise applications, permissions, and consent in Azure Active Di...
Managing enterprise applications, permissions, and consent in Azure Active Di...Peter Selch Dahl
 
Introduction to Microsoft Azure
Introduction to Microsoft AzureIntroduction to Microsoft Azure
Introduction to Microsoft AzureKasun Kodagoda
 
AWS VS AZURE VS GCP.pptx
AWS VS AZURE VS GCP.pptxAWS VS AZURE VS GCP.pptx
AWS VS AZURE VS GCP.pptxRaneesh Ramesan
 
KrakenD API Gateway
KrakenD API GatewayKrakenD API Gateway
KrakenD API GatewayAlbert Lombarte
 
Behind the Scenes: Exploring the AWS Global Network (NET305) - AWS re:Invent ...
Behind the Scenes: Exploring the AWS Global Network (NET305) - AWS re:Invent ...Behind the Scenes: Exploring the AWS Global Network (NET305) - AWS re:Invent ...
Behind the Scenes: Exploring the AWS Global Network (NET305) - AWS re:Invent ...Amazon Web Services
 
AWS Black Belt Online Seminar 2016 Amazon EC2 Spot Instances(スポットインスタンス)
AWS Black Belt Online Seminar 2016 Amazon EC2 Spot Instances(スポットインスタンス)AWS Black Belt Online Seminar 2016 Amazon EC2 Spot Instances(スポットインスタンス)
AWS Black Belt Online Seminar 2016 Amazon EC2 Spot Instances(スポットインスタンス)Amazon Web Services Japan
 
AWS Data Analytics on AWS
AWS Data Analytics on AWSAWS Data Analytics on AWS
AWS Data Analytics on AWSsampath439572
 
AWS Core Services Overview, Immersion Day Huntsville 2019
AWS Core Services Overview, Immersion Day Huntsville 2019AWS Core Services Overview, Immersion Day Huntsville 2019
AWS Core Services Overview, Immersion Day Huntsville 2019Amazon Web Services
 
Intro to AWS Lambda
Intro to AWS Lambda Intro to AWS Lambda
Intro to AWS Lambda Amazon Web Services
 
Introduction to Serverless
Introduction to ServerlessIntroduction to Serverless
Introduction to ServerlessAmazon Web Services
 
AWS Secrets Manager: Best Practices for Managing, Retrieving, and Rotating Se...
AWS Secrets Manager: Best Practices for Managing, Retrieving, and Rotating Se...AWS Secrets Manager: Best Practices for Managing, Retrieving, and Rotating Se...
AWS Secrets Manager: Best Practices for Managing, Retrieving, and Rotating Se...Amazon Web Services
 
Analyzing Data Streams in Real Time with Amazon Kinesis: PNNL's Serverless Da...
Analyzing Data Streams in Real Time with Amazon Kinesis: PNNL's Serverless Da...Analyzing Data Streams in Real Time with Amazon Kinesis: PNNL's Serverless Da...
Analyzing Data Streams in Real Time with Amazon Kinesis: PNNL's Serverless Da...Amazon Web Services
 
RAML
RAMLRAML
RAMLShanky Gupta
 
Deep Dive on AWS Single Sign-On - AWS Online Tech Talks
Deep Dive on AWS Single Sign-On - AWS Online Tech TalksDeep Dive on AWS Single Sign-On - AWS Online Tech Talks
Deep Dive on AWS Single Sign-On - AWS Online Tech TalksAmazon Web Services
 
Compare Cloud Services: AWS vs Azure vs Google vs IBM
Compare Cloud Services: AWS vs Azure vs Google vs IBMCompare Cloud Services: AWS vs Azure vs Google vs IBM
Compare Cloud Services: AWS vs Azure vs Google vs IBMRightScale
 
Amazon API Gateway
Amazon API GatewayAmazon API Gateway
Amazon API GatewayAmazon Web Services
 
Joel Schuweiler_AWS IAM Identity Center (Single Sign On).pptx
Joel Schuweiler_AWS IAM Identity Center (Single Sign On).pptxJoel Schuweiler_AWS IAM Identity Center (Single Sign On).pptx
Joel Schuweiler_AWS IAM Identity Center (Single Sign On).pptxAWS Chicago
 
Microsoft Azure Fundamentals
Microsoft Azure FundamentalsMicrosoft Azure Fundamentals
Microsoft Azure FundamentalsAdwait Ullal
 
Building Serverless ETL Pipelines with AWS Glue
Building Serverless ETL Pipelines with AWS GlueBuilding Serverless ETL Pipelines with AWS Glue
Building Serverless ETL Pipelines with AWS GlueAmazon Web Services
 
Amazon SQS overview
Amazon SQS overviewAmazon SQS overview
Amazon SQS overviewمحمد نجم.الدين
 
Introduction to AWS Glue
Introduction to AWS GlueIntroduction to AWS Glue
Introduction to AWS GlueAmazon Web Services
 
Cloud Security (AWS)
Cloud Security (AWS)Cloud Security (AWS)
Cloud Security (AWS)Scott Arveseth
 
AWS Cloud Adoption Framework
AWS Cloud Adoption Framework AWS Cloud Adoption Framework
AWS Cloud Adoption Framework Amazon Web Services
 
Azure AD Presentation - @ BITPro - Ajay
Azure AD Presentation - @ BITPro - AjayAzure AD Presentation - @ BITPro - Ajay
Azure AD Presentation - @ BITPro - AjayAnoop Nair
 
AWS Black Belt Online Seminar AWS上のJenkins活用方法
AWS Black Belt Online Seminar AWS上のJenkins活用方法AWS Black Belt Online Seminar AWS上のJenkins活用方法
AWS Black Belt Online Seminar AWS上のJenkins活用方法Amazon Web Services Japan
 
Microsoft identity manoj mittal
Microsoft identity manoj mittalMicrosoft identity manoj mittal
Microsoft identity manoj mittalManoj Mittal
 
Microsoft Graph API Webinar Application Permissions
Microsoft Graph API Webinar Application PermissionsMicrosoft Graph API Webinar Application Permissions
Microsoft Graph API Webinar Application PermissionsStefan Weber
 

More Related Content

What's hot

AWS Black Belt Online Seminar 2016 Amazon EC2 Spot Instances(スポットインスタンス)
AWS Black Belt Online Seminar 2016 Amazon EC2 Spot Instances(スポットインスタンス)AWS Black Belt Online Seminar 2016 Amazon EC2 Spot Instances(スポットインスタンス)
AWS Black Belt Online Seminar 2016 Amazon EC2 Spot Instances(スポットインスタンス)Amazon Web Services Japan
 
AWS Data Analytics on AWS
AWS Data Analytics on AWSAWS Data Analytics on AWS
AWS Data Analytics on AWSsampath439572
 
AWS Core Services Overview, Immersion Day Huntsville 2019
AWS Core Services Overview, Immersion Day Huntsville 2019AWS Core Services Overview, Immersion Day Huntsville 2019
AWS Core Services Overview, Immersion Day Huntsville 2019Amazon Web Services
 
AWS Secrets Manager: Best Practices for Managing, Retrieving, and Rotating Se...
AWS Secrets Manager: Best Practices for Managing, Retrieving, and Rotating Se...AWS Secrets Manager: Best Practices for Managing, Retrieving, and Rotating Se...
AWS Secrets Manager: Best Practices for Managing, Retrieving, and Rotating Se...Amazon Web Services
 
Analyzing Data Streams in Real Time with Amazon Kinesis: PNNL's Serverless Da...
Analyzing Data Streams in Real Time with Amazon Kinesis: PNNL's Serverless Da...Analyzing Data Streams in Real Time with Amazon Kinesis: PNNL's Serverless Da...
Analyzing Data Streams in Real Time with Amazon Kinesis: PNNL's Serverless Da...Amazon Web Services
 
Deep Dive on AWS Single Sign-On - AWS Online Tech Talks
Deep Dive on AWS Single Sign-On - AWS Online Tech TalksDeep Dive on AWS Single Sign-On - AWS Online Tech Talks
Deep Dive on AWS Single Sign-On - AWS Online Tech TalksAmazon Web Services
 
Compare Cloud Services: AWS vs Azure vs Google vs IBM
Compare Cloud Services: AWS vs Azure vs Google vs IBMCompare Cloud Services: AWS vs Azure vs Google vs IBM
Compare Cloud Services: AWS vs Azure vs Google vs IBMRightScale
 
Joel Schuweiler_AWS IAM Identity Center (Single Sign On).pptx
Joel Schuweiler_AWS IAM Identity Center (Single Sign On).pptxJoel Schuweiler_AWS IAM Identity Center (Single Sign On).pptx
Joel Schuweiler_AWS IAM Identity Center (Single Sign On).pptxAWS Chicago
 
Microsoft Azure Fundamentals
Microsoft Azure FundamentalsMicrosoft Azure Fundamentals
Microsoft Azure FundamentalsAdwait Ullal
 
Building Serverless ETL Pipelines with AWS Glue
Building Serverless ETL Pipelines with AWS GlueBuilding Serverless ETL Pipelines with AWS Glue
Building Serverless ETL Pipelines with AWS GlueAmazon Web Services
 
Azure AD Presentation - @ BITPro - Ajay
Azure AD Presentation - @ BITPro - AjayAzure AD Presentation - @ BITPro - Ajay
Azure AD Presentation - @ BITPro - AjayAnoop Nair
 
AWS Black Belt Online Seminar AWS上のJenkins活用方法
AWS Black Belt Online Seminar AWS上のJenkins活用方法AWS Black Belt Online Seminar AWS上のJenkins活用方法
AWS Black Belt Online Seminar AWS上のJenkins活用方法Amazon Web Services Japan
 

What's hot (20)

AWS Black Belt Online Seminar 2016 Amazon EC2 Spot Instances(スポットインスタンス)
AWS Black Belt Online Seminar 2016 Amazon EC2 Spot Instances(スポットインスタンス)AWS Black Belt Online Seminar 2016 Amazon EC2 Spot Instances(スポットインスタンス)
AWS Black Belt Online Seminar 2016 Amazon EC2 Spot Instances(スポットインスタンス)
 
AWS Data Analytics on AWS
AWS Data Analytics on AWSAWS Data Analytics on AWS
AWS Data Analytics on AWS
 
AWS Core Services Overview, Immersion Day Huntsville 2019
AWS Core Services Overview, Immersion Day Huntsville 2019AWS Core Services Overview, Immersion Day Huntsville 2019
AWS Core Services Overview, Immersion Day Huntsville 2019
 
Intro to AWS Lambda
Intro to AWS Lambda Intro to AWS Lambda
Intro to AWS Lambda
 
Introduction to Serverless
Introduction to ServerlessIntroduction to Serverless
Introduction to Serverless
 
AWS Secrets Manager: Best Practices for Managing, Retrieving, and Rotating Se...
AWS Secrets Manager: Best Practices for Managing, Retrieving, and Rotating Se...AWS Secrets Manager: Best Practices for Managing, Retrieving, and Rotating Se...
AWS Secrets Manager: Best Practices for Managing, Retrieving, and Rotating Se...
 
Analyzing Data Streams in Real Time with Amazon Kinesis: PNNL's Serverless Da...
Analyzing Data Streams in Real Time with Amazon Kinesis: PNNL's Serverless Da...Analyzing Data Streams in Real Time with Amazon Kinesis: PNNL's Serverless Da...
Analyzing Data Streams in Real Time with Amazon Kinesis: PNNL's Serverless Da...
 
RAML
RAMLRAML
RAML
 
Deep Dive on AWS Single Sign-On - AWS Online Tech Talks
Deep Dive on AWS Single Sign-On - AWS Online Tech TalksDeep Dive on AWS Single Sign-On - AWS Online Tech Talks
Deep Dive on AWS Single Sign-On - AWS Online Tech Talks
 
Compare Cloud Services: AWS vs Azure vs Google vs IBM
Compare Cloud Services: AWS vs Azure vs Google vs IBMCompare Cloud Services: AWS vs Azure vs Google vs IBM
Compare Cloud Services: AWS vs Azure vs Google vs IBM
 
Amazon API Gateway
Amazon API GatewayAmazon API Gateway
Amazon API Gateway
 
Joel Schuweiler_AWS IAM Identity Center (Single Sign On).pptx
Joel Schuweiler_AWS IAM Identity Center (Single Sign On).pptxJoel Schuweiler_AWS IAM Identity Center (Single Sign On).pptx
Joel Schuweiler_AWS IAM Identity Center (Single Sign On).pptx
 
Microsoft Azure Fundamentals
Microsoft Azure FundamentalsMicrosoft Azure Fundamentals
Microsoft Azure Fundamentals
 
Building Serverless ETL Pipelines with AWS Glue
Building Serverless ETL Pipelines with AWS GlueBuilding Serverless ETL Pipelines with AWS Glue
Building Serverless ETL Pipelines with AWS Glue
 
Amazon SQS overview
Amazon SQS overviewAmazon SQS overview
Amazon SQS overview
 
Introduction to AWS Glue
Introduction to AWS GlueIntroduction to AWS Glue
Introduction to AWS Glue
 
Cloud Security (AWS)
Cloud Security (AWS)Cloud Security (AWS)
Cloud Security (AWS)
 
AWS Cloud Adoption Framework
AWS Cloud Adoption Framework AWS Cloud Adoption Framework
AWS Cloud Adoption Framework
 
Azure AD Presentation - @ BITPro - Ajay
Azure AD Presentation - @ BITPro - AjayAzure AD Presentation - @ BITPro - Ajay
Azure AD Presentation - @ BITPro - Ajay
 
AWS Black Belt Online Seminar AWS上のJenkins活用方法
AWS Black Belt Online Seminar AWS上のJenkins活用方法AWS Black Belt Online Seminar AWS上のJenkins活用方法
AWS Black Belt Online Seminar AWS上のJenkins活用方法
 

Similar to Simplify user application authentication using Microsoft Identity Platform

Microsoft identity manoj mittal
Microsoft identity manoj mittalMicrosoft identity manoj mittal
Microsoft identity manoj mittalManoj Mittal
 
Microsoft Graph API Webinar Application Permissions
Microsoft Graph API Webinar Application PermissionsMicrosoft Graph API Webinar Application Permissions
Microsoft Graph API Webinar Application PermissionsStefan Weber
 
"Secure Mobile Apps with the Microsoft Identity Platform", Christos Matskas, ...
"Secure Mobile Apps with the Microsoft Identity Platform", Christos Matskas, ..."Secure Mobile Apps with the Microsoft Identity Platform", Christos Matskas, ...
"Secure Mobile Apps with the Microsoft Identity Platform", Christos Matskas, ...Fwdays
 
Azure AD B2C Webinar Series: Identity Protocols OIDC and OAuth2 part 2
Azure AD B2C Webinar Series: Identity Protocols OIDC and OAuth2 part 2Azure AD B2C Webinar Series: Identity Protocols OIDC and OAuth2 part 2
Azure AD B2C Webinar Series: Identity Protocols OIDC and OAuth2 part 2Vinu Gunasekaran
 
Complex architectures for authentication and authorization on AWS
Complex architectures for authentication and authorization on AWSComplex architectures for authentication and authorization on AWS
Complex architectures for authentication and authorization on AWSBoyan Dimitrov
 
Deep Dive on Amazon Cognito - DevDay Austin 2017
Deep Dive on Amazon Cognito - DevDay Austin 2017Deep Dive on Amazon Cognito - DevDay Austin 2017
Deep Dive on Amazon Cognito - DevDay Austin 2017Amazon Web Services
 
24032022 Zero Trust for Developers Pub.pdf
24032022 Zero Trust for Developers Pub.pdf24032022 Zero Trust for Developers Pub.pdf
24032022 Zero Trust for Developers Pub.pdfTomasz Kopacz
 
Deep Dive on User Sign-up Sign-in with Amazon Cognito - AWS Online Tech Talks
Deep Dive on User Sign-up Sign-in with Amazon Cognito - AWS Online Tech TalksDeep Dive on User Sign-up Sign-in with Amazon Cognito - AWS Online Tech Talks
Deep Dive on User Sign-up Sign-in with Amazon Cognito - AWS Online Tech TalksAmazon Web Services
 
A Detailed Guide to Securing React applications with Keycloak - WalkingTree ...
A Detailed Guide to Securing React applications with Keycloak - WalkingTree ...A Detailed Guide to Securing React applications with Keycloak - WalkingTree ...
A Detailed Guide to Securing React applications with Keycloak - WalkingTree ...Ganesh Kumar
 
Microsoft Graph API Delegated Permissions
Microsoft Graph API Delegated PermissionsMicrosoft Graph API Delegated Permissions
Microsoft Graph API Delegated PermissionsStefan Weber
 
Антон Бойко (Microsoft Azure MVP, Ukrainian Azure Community Founder) «Azure M...
Антон Бойко (Microsoft Azure MVP, Ukrainian Azure Community Founder) «Azure M...Антон Бойко (Microsoft Azure MVP, Ukrainian Azure Community Founder) «Azure M...
Антон Бойко (Microsoft Azure MVP, Ukrainian Azure Community Founder) «Azure M...DataArt
 
O auth2 with angular js
O auth2 with angular jsO auth2 with angular js
O auth2 with angular jsBixlabs
 
Mobile Authentication - Onboarding, best practices & anti-patterns
Mobile Authentication - Onboarding, best practices & anti-patternsMobile Authentication - Onboarding, best practices & anti-patterns
Mobile Authentication - Onboarding, best practices & anti-patternsPieter Ennes
 
OAuth with Salesforce - Demystified
OAuth with Salesforce - DemystifiedOAuth with Salesforce - Demystified
OAuth with Salesforce - DemystifiedCalvin Noronha
 
The bits and pieces of Azure AD B2C
The bits and pieces of Azure AD B2CThe bits and pieces of Azure AD B2C
The bits and pieces of Azure AD B2CAnton Staykov
 
Community call: Develop multi tenant apps with the Microsoft identity platform
Community call: Develop multi tenant apps with the Microsoft identity platformCommunity call: Develop multi tenant apps with the Microsoft identity platform
Community call: Develop multi tenant apps with the Microsoft identity platformMicrosoft 365 Developer
 
Complex architectures for authentication and authorization on AWS
Complex architectures for authentication and authorization on AWSComplex architectures for authentication and authorization on AWS
Complex architectures for authentication and authorization on AWSBoyan Dimitrov
 
ACDKOCHI19 - Enterprise grade security for web and mobile applications on AWS
ACDKOCHI19 - Enterprise grade security for web and mobile applications on AWSACDKOCHI19 - Enterprise grade security for web and mobile applications on AWS
ACDKOCHI19 - Enterprise grade security for web and mobile applications on AWSAWS User Group Kochi
 
Microsoft Azure Identity and O365
Microsoft Azure Identity and O365Microsoft Azure Identity and O365
Microsoft Azure Identity and O365Kris Wagner
 
Authentication Models
Authentication ModelsAuthentication Models
Authentication ModelsRaj Chanchal
 

Similar to Simplify user application authentication using Microsoft Identity Platform (20)

Microsoft identity manoj mittal
Microsoft identity manoj mittalMicrosoft identity manoj mittal
Microsoft identity manoj mittal
 
Microsoft Graph API Webinar Application Permissions
Microsoft Graph API Webinar Application PermissionsMicrosoft Graph API Webinar Application Permissions
Microsoft Graph API Webinar Application Permissions
 
"Secure Mobile Apps with the Microsoft Identity Platform", Christos Matskas, ...
"Secure Mobile Apps with the Microsoft Identity Platform", Christos Matskas, ..."Secure Mobile Apps with the Microsoft Identity Platform", Christos Matskas, ...
"Secure Mobile Apps with the Microsoft Identity Platform", Christos Matskas, ...
 
Azure AD B2C Webinar Series: Identity Protocols OIDC and OAuth2 part 2
Azure AD B2C Webinar Series: Identity Protocols OIDC and OAuth2 part 2Azure AD B2C Webinar Series: Identity Protocols OIDC and OAuth2 part 2
Azure AD B2C Webinar Series: Identity Protocols OIDC and OAuth2 part 2
 
Complex architectures for authentication and authorization on AWS
Complex architectures for authentication and authorization on AWSComplex architectures for authentication and authorization on AWS
Complex architectures for authentication and authorization on AWS
 
Deep Dive on Amazon Cognito - DevDay Austin 2017
Deep Dive on Amazon Cognito - DevDay Austin 2017Deep Dive on Amazon Cognito - DevDay Austin 2017
Deep Dive on Amazon Cognito - DevDay Austin 2017
 
24032022 Zero Trust for Developers Pub.pdf
24032022 Zero Trust for Developers Pub.pdf24032022 Zero Trust for Developers Pub.pdf
24032022 Zero Trust for Developers Pub.pdf
 
Deep Dive on User Sign-up Sign-in with Amazon Cognito - AWS Online Tech Talks
Deep Dive on User Sign-up Sign-in with Amazon Cognito - AWS Online Tech TalksDeep Dive on User Sign-up Sign-in with Amazon Cognito - AWS Online Tech Talks
Deep Dive on User Sign-up Sign-in with Amazon Cognito - AWS Online Tech Talks
 
A Detailed Guide to Securing React applications with Keycloak - WalkingTree ...
A Detailed Guide to Securing React applications with Keycloak - WalkingTree ...A Detailed Guide to Securing React applications with Keycloak - WalkingTree ...
A Detailed Guide to Securing React applications with Keycloak - WalkingTree ...
 
Microsoft Graph API Delegated Permissions
Microsoft Graph API Delegated PermissionsMicrosoft Graph API Delegated Permissions
Microsoft Graph API Delegated Permissions
 
Антон Бойко (Microsoft Azure MVP, Ukrainian Azure Community Founder) «Azure M...
Антон Бойко (Microsoft Azure MVP, Ukrainian Azure Community Founder) «Azure M...Антон Бойко (Microsoft Azure MVP, Ukrainian Azure Community Founder) «Azure M...
Антон Бойко (Microsoft Azure MVP, Ukrainian Azure Community Founder) «Azure M...
 
O auth2 with angular js
O auth2 with angular jsO auth2 with angular js
O auth2 with angular js
 
Mobile Authentication - Onboarding, best practices & anti-patterns
Mobile Authentication - Onboarding, best practices & anti-patternsMobile Authentication - Onboarding, best practices & anti-patterns
Mobile Authentication - Onboarding, best practices & anti-patterns
 
OAuth with Salesforce - Demystified
OAuth with Salesforce - DemystifiedOAuth with Salesforce - Demystified
OAuth with Salesforce - Demystified
 
The bits and pieces of Azure AD B2C
The bits and pieces of Azure AD B2CThe bits and pieces of Azure AD B2C
The bits and pieces of Azure AD B2C
 
Community call: Develop multi tenant apps with the Microsoft identity platform
Community call: Develop multi tenant apps with the Microsoft identity platformCommunity call: Develop multi tenant apps with the Microsoft identity platform
Community call: Develop multi tenant apps with the Microsoft identity platform
 
Complex architectures for authentication and authorization on AWS
Complex architectures for authentication and authorization on AWSComplex architectures for authentication and authorization on AWS
Complex architectures for authentication and authorization on AWS
 
ACDKOCHI19 - Enterprise grade security for web and mobile applications on AWS
ACDKOCHI19 - Enterprise grade security for web and mobile applications on AWSACDKOCHI19 - Enterprise grade security for web and mobile applications on AWS
ACDKOCHI19 - Enterprise grade security for web and mobile applications on AWS
 
Microsoft Azure Identity and O365
Microsoft Azure Identity and O365Microsoft Azure Identity and O365
Microsoft Azure Identity and O365
 
Authentication Models
Authentication ModelsAuthentication Models
Authentication Models
 

More from Manoj Mittal

Microsoft Search with Graph Connector
Microsoft Search with Graph ConnectorMicrosoft Search with Graph Connector
Microsoft Search with Graph ConnectorManoj Mittal
 
MS Inspire Update | Data Flex and Return to Workspace Solution
MS Inspire Update | Data Flex and Return to Workspace SolutionMS Inspire Update | Data Flex and Return to Workspace Solution
MS Inspire Update | Data Flex and Return to Workspace SolutionManoj Mittal
 
Microsoft Team Messaging Extension Deep Dive
Microsoft Team Messaging Extension Deep DiveMicrosoft Team Messaging Extension Deep Dive
Microsoft Team Messaging Extension Deep DiveManoj Mittal
 
Build ETL Process using Azure Data Factory
Build ETL Process using Azure Data FactoryBuild ETL Process using Azure Data Factory
Build ETL Process using Azure Data FactoryManoj Mittal
 
Build and integrate conversational series with Microsoft Teams Bot
Build and integrate conversational series with Microsoft Teams BotBuild and integrate conversational series with Microsoft Teams Bot
Build and integrate conversational series with Microsoft Teams BotManoj Mittal
 
Manoj mittal power platform evolution with ai builder
Manoj mittal power platform evolution with ai builderManoj mittal power platform evolution with ai builder
Manoj mittal power platform evolution with ai builderManoj Mittal
 
Customize and Automate MS Team based solution
Customize and Automate MS Team based solutionCustomize and Automate MS Team based solution
Customize and Automate MS Team based solutionManoj Mittal
 
Leverage Power Platform with Common Data Service & Common Data Model
Leverage Power Platform with Common Data Service & Common Data ModelLeverage Power Platform with Common Data Service & Common Data Model
Leverage Power Platform with Common Data Service & Common Data ModelManoj Mittal
 
Free Online SharePoint Framework Webinar
Free Online SharePoint Framework WebinarFree Online SharePoint Framework Webinar
Free Online SharePoint Framework WebinarManoj Mittal
 
Build intelligent microsoft azure bot using luis and qn a maker
Build intelligent microsoft azure bot using luis and qn a makerBuild intelligent microsoft azure bot using luis and qn a maker
Build intelligent microsoft azure bot using luis and qn a makerManoj Mittal
 
Cognitive services part1
Cognitive services part1Cognitive services part1
Cognitive services part1Manoj Mittal
 
SharePoint Search Enrichment
SharePoint Search EnrichmentSharePoint Search Enrichment
SharePoint Search EnrichmentManoj Mittal
 
How SharePoint Online Migration API Works
How SharePoint Online Migration API WorksHow SharePoint Online Migration API Works
How SharePoint Online Migration API WorksManoj Mittal
 

More from Manoj Mittal (13)

Microsoft Search with Graph Connector
Microsoft Search with Graph ConnectorMicrosoft Search with Graph Connector
Microsoft Search with Graph Connector
 
MS Inspire Update | Data Flex and Return to Workspace Solution
MS Inspire Update | Data Flex and Return to Workspace SolutionMS Inspire Update | Data Flex and Return to Workspace Solution
MS Inspire Update | Data Flex and Return to Workspace Solution
 
Microsoft Team Messaging Extension Deep Dive
Microsoft Team Messaging Extension Deep DiveMicrosoft Team Messaging Extension Deep Dive
Microsoft Team Messaging Extension Deep Dive
 
Build ETL Process using Azure Data Factory
Build ETL Process using Azure Data FactoryBuild ETL Process using Azure Data Factory
Build ETL Process using Azure Data Factory
 
Build and integrate conversational series with Microsoft Teams Bot
Build and integrate conversational series with Microsoft Teams BotBuild and integrate conversational series with Microsoft Teams Bot
Build and integrate conversational series with Microsoft Teams Bot
 
Manoj mittal power platform evolution with ai builder
Manoj mittal power platform evolution with ai builderManoj mittal power platform evolution with ai builder
Manoj mittal power platform evolution with ai builder
 
Customize and Automate MS Team based solution
Customize and Automate MS Team based solutionCustomize and Automate MS Team based solution
Customize and Automate MS Team based solution
 
Leverage Power Platform with Common Data Service & Common Data Model
Leverage Power Platform with Common Data Service & Common Data ModelLeverage Power Platform with Common Data Service & Common Data Model
Leverage Power Platform with Common Data Service & Common Data Model
 
Free Online SharePoint Framework Webinar
Free Online SharePoint Framework WebinarFree Online SharePoint Framework Webinar
Free Online SharePoint Framework Webinar
 
Build intelligent microsoft azure bot using luis and qn a maker
Build intelligent microsoft azure bot using luis and qn a makerBuild intelligent microsoft azure bot using luis and qn a maker
Build intelligent microsoft azure bot using luis and qn a maker
 
Cognitive services part1
Cognitive services part1Cognitive services part1
Cognitive services part1
 
SharePoint Search Enrichment
SharePoint Search EnrichmentSharePoint Search Enrichment
SharePoint Search Enrichment
 
How SharePoint Online Migration API Works
How SharePoint Online Migration API WorksHow SharePoint Online Migration API Works
How SharePoint Online Migration API Works
 

Recently uploaded

How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?XfilesPro
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...HostedbyConfluent
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphNeo4j
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 

Recently uploaded (20)

How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 

Simplify user application authentication using Microsoft Identity Platform

  • 1. | Webinar: Bengaluru Chapter Simply user application authentication using Microsoft Identity Manoj Mittal | Speakers | Author | Blogger Sr. Technical Architect @ Mindtree Ltd
  • 2. 2 Who Am I C# Corner MVP, MCP, MCTS,MCSA, OCA http://manojmittalblogs.blogspot.in https://www.youtube.com/user/manojmcans/videos /Manojmcans In/manoj-mittal-mcp-mcts-oca-mcsa/ https://www.c-sharpcorner.com/members/manoj-mittal
  • 3. 3 AgendaAgenda • What is Microsoft Identity Platform • Build an application using Microsoft Identity and How Simple it is. • How Microsoft Identity Works • Advance Scenarios i.e. Permission and Consent
  • 4. 4 Microsoft Identity Platform (Formerly Known as Azure Active Directory) What it is & Why
  • 7. Who can sign in The Microsoft identity platform endpoint allows Work School accounts from Azure AD Personal Microsoft accounts (MSA), such as hotmail.com, outlook.com, and msn.com, to sign in The v1.0 endpoint allows only work and school accounts to sign in to your application (Azure AD)
  • 8. MSAL JS or MSAL .NET (Microsoft Authentication Library) V2.0 ADAL JS or ADAL .NET (Azure AD Authentication Library) V1.0 Both used to authentication Azure AD entities and request token from Azure AD MSAL used to authenticate a broader set of Microsoft Identities • Azure AD identities • Microsoft account, social and local account through Azure B2C) Azure AD V1.0 used to authenticate • Azure identities (work and school) Method to renew tokens silently without prompting users is named acquireTokenSilent (more descriptive) Method to renew tokens silently without prompting users is named acquireToken MSAL.js API is designed around user agent client application such as Web Browser ADAL.js uses AuthenticationContext as the representation of an instance of your application's connection Method to acquire token requests can take different authority values than what is set in the UserAgentApplication Methods to acquire tokens are associated with a single authority set in the AuthenticationContext Authority Value: V2.0 use https://login.microsoftonline.com/common authority, will allow users to sign in with any Azure AD organization account or a Microsoft personal account (MSA). To restrict the sign in to only Azure AD accounts use https://login.microsoftonline.com/organizations Authority Value : v1.0, use https://login.microsoftonline.com/common authority will allow users to sign in with any Azure AD account (for any organization)
  • 9. 9 Microsoft Identity Platform (Formerly Known as Azure Active Directory) • Build organizational applications using one Sign In Experience • Securely access data in any API (i.e. Microsoft Graph) • Evolution of Azure Active Directory for Developers
  • 10. 10 Microsoft Identity Platform (Formerly Known as Azure Active Directory) • Build an application using Microsoft Identity and How Simple it is.
  • 11. 11 Building an application using Microsoft Identity
  • 12. Protocol Diagram : Implicit Flow Primary Benefits: • It allow to get token from Microsoft Identity. • It’s allow app to sign-in the users • Maintain the session. • Get Token to Other WebAPI Diagram shows what the entire implicit sign-in flow looks like and the sections that follow describe each step in more detail
  • 13. ID Token Access Token The ID Token is a security token that contains Claims(claims are name/value pairs that contain information about a user) about the Authentication of an End-User by an Authorization Server when using a Client, and potentially other requested Claims. The ID Token is represented as a JSON Web Token (JWT) Access tokens are used as bearer tokens. A bearer token means that the bearer (who hold the access token) can access authorized resources without further identification { "iss": "https://server.example.com", "sub": "24400320", "aud": "s6BhdRkqt3", "nonce": "n-0S6_WzA2Mj", "exp": 1311281970, "iat": 1311280970, "auth_time": 1311280969, "acr": "urn:mace:incommon:iap:silver" } These tokens usually have a short lifespan (dictated by its expiration) for improved security. That is, when the access token expires, the user must authenticate again to get a new access token limiting the exposure of the fact that it’s a bearer token.
  • 14. Re-Cap • It quite easy and share lot of stuff without any extra code. • Single Sign On • Token Management i.e. acquireTokenSilent (It acquire token from signed in user from cache) aquireTokenSilent may not required due :- • Login Required • Multi Factor Authentication • Password Reset
  • 15. Advance Scenario • Customize your App Registration • Permission and Consent Model
  • 16. Permission and Consent Model Scope define your app’s range of operation against particular set of Cloud APIs Consent is a data access contract
  • 17. Permissions Type Delegate Permission • Sign In Required • Scope: User.Read Application Permission • Background Jobs • Scope: People.Read
  • 18. Best Practice for Permission & Consent • Define at least minimum permission to run your application else it will cause to malicious actions • Use delegate permission for where user need sign in. • Consider incremental consent for scope require the user’s approval
  • 19. Building an application with Incremental Consent
  • 20. Best Practice for Single Sign On • Always try the silent token acquisition before attempting interactive token acquisition • This Simple pattern enable SSO.