OAUTH, OPENID CONNECT & .NET - THE GOOD PARTS - Anders Abel - NDC London 2024

Поделиться
HTML-код
  • Опубликовано: 29 окт 2024

Комментарии • 15

  • @Ry4nWTF
    @Ry4nWTF 5 месяцев назад +8

    These talks never describe the flow 99% of people use, SPA and a .NET backend. No downstream services called. What am I supposed to with access token if I only need to call my API? OpenIdConnect library only builds the claims principal based on the ID token. And the specs say "never look into the access token", so just throw it away?

    • @dusanrostar
      @dusanrostar 5 месяцев назад

      well there is "the good parts" suffix, just like JS vs JS the good parts book.....

    • @MrDragnil
      @MrDragnil 5 месяцев назад

      The SPA requests an access token from the IDP and sends it to the backend, via a Bearer token as proof the user is who they say they are.

    • @VenkateshKadiri66
      @VenkateshKadiri66 5 месяцев назад

      Why would we need to look into access token when it’s really meant for the API/Resource server that the client calls?

    • @MrDragnil
      @MrDragnil 5 месяцев назад

      You can use the claims/scopes to restrict actions a user can execute on the backend.
      21:03 the SPA doesn't look at the token but the backend MUST or it's not authenticating anything.

    • @Am6-9
      @Am6-9 5 месяцев назад +6

      I sympathize… I have scoured the web for some simple tutorials or examples on how to authenticate a simple Angular SPA with a Flask backend against an Oauth2 provider (AzureAD or whatever it is now called in my case). Nothing…

  • @BesarKutleshi
    @BesarKutleshi 2 месяца назад

    Worst explanation ever!