Hairless in the Cloud - Microsoft 365 - Security und Collaboration artwork

051 - Stephan Wälde und alle meine Token

Hairless in the Cloud - Microsoft 365 - Security und Collaboration

German - May 08, 2020 14:55 - 52 minutes - 41.8 MB - ★★★★ - 1 rating
Technology Homepage Download Apple Podcasts Google Podcasts Overcast Castro Pocket Casts RSS feed
Previous Episode: 050 - Meetings everywhere und Attack Surface Rules
Next Episode: 052 - Build 2020 und Windows 2004

Stephan Wälde (Lead Cloud Architect bei der Glück & Kanja Consulting AG)

Twitter: @stephanwaelde

Blog: https://stephanwaelde.com


Begriffserklärung


Access Token / bearer token


OAUTH


User vs. App


Besser Principal und Ressource Owner


Client != Device


Client eher Anwendung


Delegated vs App Permission


Basic


Ressource MS Graph


Ressource Owner


Client (Anwendung: Client ID)


Auth Server (AAD)




Access Token --> Resource


Refresh Token --> AAD


ID Token --> client


Username, Displayname, Email


Azure AD


PRT --> sso browser holt sich von OS


MSAL aware apps machen SSO


Enterprise Apps



Wie kann man die Tokens "anfassen"?


https://JWT.MS (ID und Access Token)


Fiddler


F12


Oder selber schreiben



Frage an Jan :)


RFC von OAUTH 2.0https://tools.ietf.org/html/rfc6749



Twitter Mentions