SlideShare une entreprise Scribd logo

How to authenticate users in your apps using FI-WARE Account - Introduction

J
Javier Cerviño

In this course you will learn to: Use FI-WARE Account to create users, organizations and register your Applications. Authenticate users in your apps with their credentials on FI-WARE using OAuth 2.0. They’ll securely access resources thanks to authorization in FI-WARE Account.

Technologie
1  sur  24
Télécharger pour lire hors ligne
How to authenticate users in your apps using FI-WARE Account In this course you will learn to: § Use FI-WARE Account to create users, organizations and register your Applications. § Authenticate users in your apps with their credentials on FI-WARE using OAuth 2.0. They’ll securely access resources thanks to authorization in FI-WARE Account. 1
Content 1. Introduction. Introduction to FI-WARE Account and OAuth 2.0. We’ll see key concepts and topics. 2. First steps in FI-WARE Account. Register on FI-WARE Account, create organizations and manage roles of users in your organizations. 3. Secure your web applications using OAuth 2.0. Secure your own web applications to authenticate your users with their username and password in FI-WARE Account. 4. Authenticate your users from native applications using OAuth 2.0. Adapt your native applications to authenticate your users with their username and password in FI-WARE Account. 5. Developing secured APIs using OAuth 2.0. Deploy a FI-WARE PEP Security Proxy in front of your backend to secure requests to your APIs. 6. Authorizing access to protected resources. Create roles in your applications to allow or deny access of users to protected resources. 2
Identity Management 3
Identity Management in FI-WARE 4
Identity Management in FI-WARE §  Management of users, their authentication and authorization, and privileges within organizations. §  Resources used: •  Users •  Organizations •  Roles •  Applications §  Users register themselves, create organizations, and assign roles into these organizations. §  It enables applications to access user’s protected information. •  Trusted environment •  OAuth 2.0 standard §  http://oauth.net/2/ •  PHP, Cocoa, iOS, Java, Ruby, Javascript, Python. 5
OAuth 2.0 6
OAuth 2.0 7
OAuth 2.0 §  Mechanism to provide applications access to restricted resources without sharing credentials. §  Applications use access tokens, issued by OAuth providers (e.g. FI-WARE), to access resources. §  OAuth 2.0 specification is designed for use with HTTP. §  Roles: •  Resource Owner: Entity capable of granting access to a protected resource (e.g. end-user) •  Resource Server: Server hosting protected resources. •  Client: Application making protected resource requests on behalf of the resource owner. •  Authorization Server: The server issuing access tokens to the client. 8
OAuth 2.0 Architecture 9
OAuth 2.0 Architecture Authorization Code Grant 6. Response code + myservice.com credentials 7. Ok, this is the Access Token 8. Access user’s resources with Access Token OAuth consumer myservice.com OAuth provider account.lab.fi-ware.org 10
OAuth 2.0 Architecture Implicit Grant 6. Access user’s resources with Access Token OAuth consumer myservice.com OAuth provider account.lab.fi-ware.org 11
OAuth 2.0 Arch. Resource Owner Password Credentials Grant 2. Give access with myservice.com credentials and user’s password credentials 3. OK, this is the access token OAuth consumer myservice.com 4. Access user’s resources with Access Token 12 OAuth provider account.lab.fi-ware.org
OAuth 2.0 Architecture Client Credentials Grant 1. Client authentication with myservice.com credentials 2. OK, this is the access token OAuth consumer myservice.com 3. Access myservice.com resources with Access Token 13 OAuth provider account.lab.fi-ware.org
Using the Access Token 14
Using the Access Token FI-WARE Resource Providers GET /user?access_token=access_token Access protected user info with Access Token OAuth consumer myservice.com OAuth provider account.lab.fi-ware.org Acce ss p rotec ted r e sour ces GET https://ge_url HTTP/1.1 Host: GE_hostname Authorization: Bearer access_token with Acce ss T oken Generic Enablers *.fi-ware.org 15
Using the Access Token Third-Party Resource Providers GET https://protected_url HTTP/1.1 Host: GE_hostname Authorization: Bearer access_token Access protected user info with Access Token OAuth consumer myservice.com PEP Proxy Unsecured Resource Provider 16
Using the Access Token Cloud Hosting I GET /user?access_token=access_token Retrieve list of organizations OAuth consumer myservice.com Retr OAuth provider account.lab.fi-ware.org ieve Scop ed T oken in or g aniz ation ORG _ID POST http://cloud.lab.fi-ware.eu:4730/v2.0/tokens { "auth":{ "tenantID":”ORG_ID", "token":{ "id":"access_token" } } } 17 Keystone Proxy cloud.lab.fi-ware.org
Using the Access Token Cloud Hosting II Access using Scoped Token DCRM GE cloud.lab.fi-ware.org Access using Scoped Token PaaS GE pegasus.lab.fi-ware.org Access using Scoped Token SDC GE saggita.lab.fi-ware.org Access using Scoped Token Object Storage GE 130.206.82.9 OAuth consumer myservice.com 18
More Info §  FI-WARE Account’s OAuth 2.0 API: •  Documentation: https://github.com/ging/fi-ware-idm/wiki/ •  OAuth 2.0 API: https://github.com/ging/fi-ware-idm/wiki/Using-the-FI-LAB-instance §  OAuth 2.0 Specification: •  http://tools.ietf.org/html/rfc6749 §  FI-WARE PEP Proxy: •  https://github.com/ging/fi-ware-pep-proxy 19
Demo Geek Blog blog.com 20
Demo OAuth provider account.lab.fi-ware.org Geek Blog blog.com PEP Proxy 21
Demo OAuth provider account.lab.fi-ware.org Geek Blog blog.com PEP Proxy 22
Demo OAuth provider account.lab.fi-ware.org Geek Blog blog.com PEP Proxy 23
Demo OAuth provider account.lab.fi-ware.org Geek Blog blog.com PEP Proxy 24

Recommandé

FI-WARE Account and OAuth solution
FI-WARE Account and OAuth solutionFI-WARE Account and OAuth solution
FI-WARE Account and OAuth solutionJavier Cerviño
 
Adding Identity Management and Access Control to your Application
Adding Identity Management and Access Control to your ApplicationAdding Identity Management and Access Control to your Application
Adding Identity Management and Access Control to your ApplicationFernando Lopez Aguilar
 
IdM and AC
IdM and ACIdM and AC
IdM and ACFernando Lopez Aguilar
 
Adding Identity Management and Access Control to your Application, Authorization
Adding Identity Management and Access Control to your Application, AuthorizationAdding Identity Management and Access Control to your Application, Authorization
Adding Identity Management and Access Control to your Application, AuthorizationFernando Lopez Aguilar
 
FIware Identity Manager
FIware Identity ManagerFIware Identity Manager
FIware Identity ManagerJoaquín Salvachúa
 
Integrating Fiware Orion, Keyrock and Wilma
Integrating Fiware Orion, Keyrock and WilmaIntegrating Fiware Orion, Keyrock and Wilma
Integrating Fiware Orion, Keyrock and WilmaDalton Valadares
 
FIWARE Identity Manager Exercises
FIWARE Identity Manager ExercisesFIWARE Identity Manager Exercises
FIWARE Identity Manager ExercisesJoaquín Salvachúa
 
Id fiware upm-dit
Id fiware upm-ditId fiware upm-dit
Id fiware upm-ditJoaquín Salvachúa
 

Recommandé

FI-WARE Account and OAuth solution
FI-WARE Account and OAuth solutionFI-WARE Account and OAuth solution
FI-WARE Account and OAuth solutionJavier Cerviño
 
Adding Identity Management and Access Control to your Application
Adding Identity Management and Access Control to your ApplicationAdding Identity Management and Access Control to your Application
Adding Identity Management and Access Control to your ApplicationFernando Lopez Aguilar
 
IdM and AC
IdM and ACIdM and AC
IdM and ACFernando Lopez Aguilar
 
Adding Identity Management and Access Control to your Application, Authorization
Adding Identity Management and Access Control to your Application, AuthorizationAdding Identity Management and Access Control to your Application, Authorization
Adding Identity Management and Access Control to your Application, AuthorizationFernando Lopez Aguilar
 
FIware Identity Manager
FIware Identity ManagerFIware Identity Manager
FIware Identity ManagerJoaquín Salvachúa
 
Integrating Fiware Orion, Keyrock and Wilma
Integrating Fiware Orion, Keyrock and WilmaIntegrating Fiware Orion, Keyrock and Wilma
Integrating Fiware Orion, Keyrock and WilmaDalton Valadares
 
FIWARE Identity Manager Exercises
FIWARE Identity Manager ExercisesFIWARE Identity Manager Exercises
FIWARE Identity Manager ExercisesJoaquín Salvachúa
 
Id fiware upm-dit
Id fiware upm-ditId fiware upm-dit
Id fiware upm-ditJoaquín Salvachúa
 
Security Access with OAuth2.0
Security Access with OAuth2.0Security Access with OAuth2.0
Security Access with OAuth2.0Fernando Lopez Aguilar
 
FIWARE ID Management
FIWARE ID ManagementFIWARE ID Management
FIWARE ID ManagementMiguel García González
 
Secure Code Warrior - Local storage
Secure Code Warrior - Local storageSecure Code Warrior - Local storage
Secure Code Warrior - Local storageSecure Code Warrior
 
Secure Code Warrior - Unrestricted file upload
Secure Code Warrior - Unrestricted file uploadSecure Code Warrior - Unrestricted file upload
Secure Code Warrior - Unrestricted file uploadSecure Code Warrior
 
FIWARE Global Summit - Adding Identity Management, Access Control and API Man...
FIWARE Global Summit - Adding Identity Management, Access Control and API Man...FIWARE Global Summit - Adding Identity Management, Access Control and API Man...
FIWARE Global Summit - Adding Identity Management, Access Control and API Man...FIWARE
 
OAuth2 Protocol with Grails Spring Security
OAuth2 Protocol with Grails Spring SecurityOAuth2 Protocol with Grails Spring Security
OAuth2 Protocol with Grails Spring SecurityNexThoughts Technologies
 
FI-WARE OAUTH-XACML-based API Access Control - Overview (Part 1)
FI-WARE OAUTH-XACML-based API Access Control - Overview (Part 1)FI-WARE OAUTH-XACML-based API Access Control - Overview (Part 1)
FI-WARE OAUTH-XACML-based API Access Control - Overview (Part 1)cdanger
 
Adding Identity Management and Access Control to your Application
Adding Identity Management and Access Control to your ApplicationAdding Identity Management and Access Control to your Application
Adding Identity Management and Access Control to your ApplicationÁlvaro Alonso González
 
A simple PHP LinkedIn OAuth 2.0 example
A simple PHP LinkedIn OAuth 2.0 exampleA simple PHP LinkedIn OAuth 2.0 example
A simple PHP LinkedIn OAuth 2.0 exampleMattia Reggiani
 
Authorization and Authentication using IdentityServer4
Authorization and Authentication using IdentityServer4Authorization and Authentication using IdentityServer4
Authorization and Authentication using IdentityServer4Aaron Ralls
 
Secure Code Warrior - Cookies and sessions
Secure Code Warrior - Cookies and sessionsSecure Code Warrior - Cookies and sessions
Secure Code Warrior - Cookies and sessionsSecure Code Warrior
 
Adding identity management and access control to your app
Adding identity management and access control to your appAdding identity management and access control to your app
Adding identity management and access control to your appÁlvaro Alonso González
 
Secure Code Warrior - Issues with origins
Secure Code Warrior - Issues with originsSecure Code Warrior - Issues with origins
Secure Code Warrior - Issues with originsSecure Code Warrior
 
Secure Code Warrior - Os command injection
Secure Code Warrior - Os command injectionSecure Code Warrior - Os command injection
Secure Code Warrior - Os command injectionSecure Code Warrior
 
Single-Page-Application & REST security
Single-Page-Application & REST securitySingle-Page-Application & REST security
Single-Page-Application & REST securityIgor Bossenko
 
Securing your APIs with OAuth, OpenID, and OpenID Connect
Securing your APIs with OAuth, OpenID, and OpenID ConnectSecuring your APIs with OAuth, OpenID, and OpenID Connect
Securing your APIs with OAuth, OpenID, and OpenID ConnectManish Pandit
 
Spring security oauth2
Spring security oauth2Spring security oauth2
Spring security oauth2axykim00
 
Securing RESTful APIs using OAuth 2 and OpenID Connect
Securing RESTful APIs using OAuth 2 and OpenID ConnectSecuring RESTful APIs using OAuth 2 and OpenID Connect
Securing RESTful APIs using OAuth 2 and OpenID ConnectJonathan LeBlanc
 
UMA for ACE
UMA for ACEUMA for ACE
UMA for ACEHannes Tschofenig
 
API Security & Federation Patterns - Francois Lascelles, Chief Architect, Lay...
API Security & Federation Patterns - Francois Lascelles, Chief Architect, Lay...API Security & Federation Patterns - Francois Lascelles, Chief Architect, Lay...
API Security & Federation Patterns - Francois Lascelles, Chief Architect, Lay...CA API Management
 
FIWARE Tech Summit - Complete Framework for Identity, Access Control and API ...
FIWARE Tech Summit - Complete Framework for Identity, Access Control and API ...FIWARE Tech Summit - Complete Framework for Identity, Access Control and API ...
FIWARE Tech Summit - Complete Framework for Identity, Access Control and API ...FIWARE
 
Protecting your APIs with OAuth 2.0
Protecting your APIs with OAuth 2.0Protecting your APIs with OAuth 2.0
Protecting your APIs with OAuth 2.0Ubisecure
 

Contenu connexe

Tendances

Secure Code Warrior - Local storage
Secure Code Warrior - Local storageSecure Code Warrior - Local storage
Secure Code Warrior - Local storageSecure Code Warrior
 
Secure Code Warrior - Unrestricted file upload
Secure Code Warrior - Unrestricted file uploadSecure Code Warrior - Unrestricted file upload
Secure Code Warrior - Unrestricted file uploadSecure Code Warrior
 
FIWARE Global Summit - Adding Identity Management, Access Control and API Man...
FIWARE Global Summit - Adding Identity Management, Access Control and API Man...FIWARE Global Summit - Adding Identity Management, Access Control and API Man...
FIWARE Global Summit - Adding Identity Management, Access Control and API Man...FIWARE
 
OAuth2 Protocol with Grails Spring Security
OAuth2 Protocol with Grails Spring SecurityOAuth2 Protocol with Grails Spring Security
OAuth2 Protocol with Grails Spring SecurityNexThoughts Technologies
 
FI-WARE OAUTH-XACML-based API Access Control - Overview (Part 1)
FI-WARE OAUTH-XACML-based API Access Control - Overview (Part 1)FI-WARE OAUTH-XACML-based API Access Control - Overview (Part 1)
FI-WARE OAUTH-XACML-based API Access Control - Overview (Part 1)cdanger
 
Adding Identity Management and Access Control to your Application
Adding Identity Management and Access Control to your ApplicationAdding Identity Management and Access Control to your Application
Adding Identity Management and Access Control to your ApplicationÁlvaro Alonso González
 
A simple PHP LinkedIn OAuth 2.0 example
A simple PHP LinkedIn OAuth 2.0 exampleA simple PHP LinkedIn OAuth 2.0 example
A simple PHP LinkedIn OAuth 2.0 exampleMattia Reggiani
 
Authorization and Authentication using IdentityServer4
Authorization and Authentication using IdentityServer4Authorization and Authentication using IdentityServer4
Authorization and Authentication using IdentityServer4Aaron Ralls
 
Secure Code Warrior - Cookies and sessions
Secure Code Warrior - Cookies and sessionsSecure Code Warrior - Cookies and sessions
Secure Code Warrior - Cookies and sessionsSecure Code Warrior
 
Adding identity management and access control to your app
Adding identity management and access control to your appAdding identity management and access control to your app
Adding identity management and access control to your appÁlvaro Alonso González
 
Secure Code Warrior - Issues with origins
Secure Code Warrior - Issues with originsSecure Code Warrior - Issues with origins
Secure Code Warrior - Issues with originsSecure Code Warrior
 
Secure Code Warrior - Os command injection
Secure Code Warrior - Os command injectionSecure Code Warrior - Os command injection
Secure Code Warrior - Os command injectionSecure Code Warrior
 
Single-Page-Application & REST security
Single-Page-Application & REST securitySingle-Page-Application & REST security
Single-Page-Application & REST securityIgor Bossenko
 
Securing your APIs with OAuth, OpenID, and OpenID Connect
Securing your APIs with OAuth, OpenID, and OpenID ConnectSecuring your APIs with OAuth, OpenID, and OpenID Connect
Securing your APIs with OAuth, OpenID, and OpenID ConnectManish Pandit
 
Spring security oauth2
Spring security oauth2Spring security oauth2
Spring security oauth2axykim00
 
Securing RESTful APIs using OAuth 2 and OpenID Connect
Securing RESTful APIs using OAuth 2 and OpenID ConnectSecuring RESTful APIs using OAuth 2 and OpenID Connect
Securing RESTful APIs using OAuth 2 and OpenID ConnectJonathan LeBlanc
 
API Security & Federation Patterns - Francois Lascelles, Chief Architect, Lay...
API Security & Federation Patterns - Francois Lascelles, Chief Architect, Lay...API Security & Federation Patterns - Francois Lascelles, Chief Architect, Lay...
API Security & Federation Patterns - Francois Lascelles, Chief Architect, Lay...CA API Management
 

Tendances (20)

Security Access with OAuth2.0
Security Access with OAuth2.0Security Access with OAuth2.0
Security Access with OAuth2.0
 
FIWARE ID Management
FIWARE ID ManagementFIWARE ID Management
FIWARE ID Management
 
Secure Code Warrior - Local storage
Secure Code Warrior - Local storageSecure Code Warrior - Local storage
Secure Code Warrior - Local storage
 
Secure Code Warrior - Unrestricted file upload
Secure Code Warrior - Unrestricted file uploadSecure Code Warrior - Unrestricted file upload
Secure Code Warrior - Unrestricted file upload
 
FIWARE Global Summit - Adding Identity Management, Access Control and API Man...
FIWARE Global Summit - Adding Identity Management, Access Control and API Man...FIWARE Global Summit - Adding Identity Management, Access Control and API Man...
FIWARE Global Summit - Adding Identity Management, Access Control and API Man...
 
OAuth2 Protocol with Grails Spring Security
OAuth2 Protocol with Grails Spring SecurityOAuth2 Protocol with Grails Spring Security
OAuth2 Protocol with Grails Spring Security
 
FI-WARE OAUTH-XACML-based API Access Control - Overview (Part 1)
FI-WARE OAUTH-XACML-based API Access Control - Overview (Part 1)FI-WARE OAUTH-XACML-based API Access Control - Overview (Part 1)
FI-WARE OAUTH-XACML-based API Access Control - Overview (Part 1)
 
Adding Identity Management and Access Control to your Application
Adding Identity Management and Access Control to your ApplicationAdding Identity Management and Access Control to your Application
Adding Identity Management and Access Control to your Application
 
A simple PHP LinkedIn OAuth 2.0 example
A simple PHP LinkedIn OAuth 2.0 exampleA simple PHP LinkedIn OAuth 2.0 example
A simple PHP LinkedIn OAuth 2.0 example
 
Authorization and Authentication using IdentityServer4
Authorization and Authentication using IdentityServer4Authorization and Authentication using IdentityServer4
Authorization and Authentication using IdentityServer4
 
Secure Code Warrior - Cookies and sessions
Secure Code Warrior - Cookies and sessionsSecure Code Warrior - Cookies and sessions
Secure Code Warrior - Cookies and sessions
 
Adding identity management and access control to your app
Adding identity management and access control to your appAdding identity management and access control to your app
Adding identity management and access control to your app
 
Secure Code Warrior - Issues with origins
Secure Code Warrior - Issues with originsSecure Code Warrior - Issues with origins
Secure Code Warrior - Issues with origins
 
Secure Code Warrior - Os command injection
Secure Code Warrior - Os command injectionSecure Code Warrior - Os command injection
Secure Code Warrior - Os command injection
 
Single-Page-Application & REST security
Single-Page-Application & REST securitySingle-Page-Application & REST security
Single-Page-Application & REST security
 
Securing your APIs with OAuth, OpenID, and OpenID Connect
Securing your APIs with OAuth, OpenID, and OpenID ConnectSecuring your APIs with OAuth, OpenID, and OpenID Connect
Securing your APIs with OAuth, OpenID, and OpenID Connect
 
Spring security oauth2
Spring security oauth2Spring security oauth2
Spring security oauth2
 
Securing RESTful APIs using OAuth 2 and OpenID Connect
Securing RESTful APIs using OAuth 2 and OpenID ConnectSecuring RESTful APIs using OAuth 2 and OpenID Connect
Securing RESTful APIs using OAuth 2 and OpenID Connect
 
UMA for ACE
UMA for ACEUMA for ACE
UMA for ACE
 
API Security & Federation Patterns - Francois Lascelles, Chief Architect, Lay...
API Security & Federation Patterns - Francois Lascelles, Chief Architect, Lay...API Security & Federation Patterns - Francois Lascelles, Chief Architect, Lay...
API Security & Federation Patterns - Francois Lascelles, Chief Architect, Lay...
 

Similaire à How to authenticate users in your apps using FI-WARE Account - Introduction

FIWARE Tech Summit - Complete Framework for Identity, Access Control and API ...
FIWARE Tech Summit - Complete Framework for Identity, Access Control and API ...FIWARE Tech Summit - Complete Framework for Identity, Access Control and API ...
FIWARE Tech Summit - Complete Framework for Identity, Access Control and API ...FIWARE
 
Protecting your APIs with OAuth 2.0
Protecting your APIs with OAuth 2.0Protecting your APIs with OAuth 2.0
Protecting your APIs with OAuth 2.0Ubisecure
 
Stateless Auth using OAuth2 & JWT
Stateless Auth using OAuth2 & JWTStateless Auth using OAuth2 & JWT
Stateless Auth using OAuth2 & JWTGaurav Roy
 
Adding Identity Management and Access Control to your App
Adding Identity Management and Access Control to your AppAdding Identity Management and Access Control to your App
Adding Identity Management and Access Control to your AppFIWARE
 
Adding Identity Management and Access Control to your Application - Exersices
Adding Identity Management and Access Control to your Application - ExersicesAdding Identity Management and Access Control to your Application - Exersices
Adding Identity Management and Access Control to your Application - ExersicesÁlvaro Alonso González
 
Stateless Auth using OAUTH2 & JWT
Stateless Auth using OAUTH2 & JWTStateless Auth using OAUTH2 & JWT
Stateless Auth using OAUTH2 & JWTMobiliya
 
.NET Core, ASP.NET Core Course, Session 19
.NET Core, ASP.NET Core Course, Session 19 .NET Core, ASP.NET Core Course, Session 19
.NET Core, ASP.NET Core Course, Session 19aminmesbahi
 
Oauth2 and OWSM OAuth2 support
Oauth2 and OWSM OAuth2 supportOauth2 and OWSM OAuth2 support
Oauth2 and OWSM OAuth2 supportGaurav Sharma
 
Microsoft Azure Identity and O365
Microsoft Azure Identity and O365Microsoft Azure Identity and O365
Microsoft Azure Identity and O365Kris Wagner
 
OAuth 2.0 and Mobile Devices: Is that a token in your phone in your pocket or...
OAuth 2.0 and Mobile Devices: Is that a token in your phone in your pocket or...OAuth 2.0 and Mobile Devices: Is that a token in your phone in your pocket or...
OAuth 2.0 and Mobile Devices: Is that a token in your phone in your pocket or...Brian Campbell
 
1000 ways to die in mobile oauth
1000 ways to die in mobile oauth1000 ways to die in mobile oauth
1000 ways to die in mobile oauthPriyanka Aash
 
Beyond API Authorization
Beyond API AuthorizationBeyond API Authorization
Beyond API AuthorizationJared Hanson
 
Securing APIs using OAuth 2.0
Securing APIs using OAuth 2.0Securing APIs using OAuth 2.0
Securing APIs using OAuth 2.0Adam Lewis
 

Similaire à How to authenticate users in your apps using FI-WARE Account - Introduction (20)

FIWARE Tech Summit - Complete Framework for Identity, Access Control and API ...
FIWARE Tech Summit - Complete Framework for Identity, Access Control and API ...FIWARE Tech Summit - Complete Framework for Identity, Access Control and API ...
FIWARE Tech Summit - Complete Framework for Identity, Access Control and API ...
 
Protecting your APIs with OAuth 2.0
Protecting your APIs with OAuth 2.0Protecting your APIs with OAuth 2.0
Protecting your APIs with OAuth 2.0
 
Stateless Auth using OAuth2 & JWT
Stateless Auth using OAuth2 & JWTStateless Auth using OAuth2 & JWT
Stateless Auth using OAuth2 & JWT
 
Adding Identity Management and Access Control to your App
Adding Identity Management and Access Control to your AppAdding Identity Management and Access Control to your App
Adding Identity Management and Access Control to your App
 
Oauth2.0
Oauth2.0Oauth2.0
Oauth2.0
 
OAuth
OAuthOAuth
OAuth
 
Adding Identity Management and Access Control to your Application - Exersices
Adding Identity Management and Access Control to your Application - ExersicesAdding Identity Management and Access Control to your Application - Exersices
Adding Identity Management and Access Control to your Application - Exersices
 
API Security with OAuth2.0.
API Security with OAuth2.0.API Security with OAuth2.0.
API Security with OAuth2.0.
 
Stateless Auth using OAUTH2 & JWT
Stateless Auth using OAUTH2 & JWTStateless Auth using OAUTH2 & JWT
Stateless Auth using OAUTH2 & JWT
 
.NET Core, ASP.NET Core Course, Session 19
.NET Core, ASP.NET Core Course, Session 19 .NET Core, ASP.NET Core Course, Session 19
.NET Core, ASP.NET Core Course, Session 19
 
Oauth2 and OWSM OAuth2 support
Oauth2 and OWSM OAuth2 supportOauth2 and OWSM OAuth2 support
Oauth2 and OWSM OAuth2 support
 
Microsoft Azure Identity and O365
Microsoft Azure Identity and O365Microsoft Azure Identity and O365
Microsoft Azure Identity and O365
 
O auth 2
O auth 2O auth 2
O auth 2
 
OAuth
OAuthOAuth
OAuth
 
OAuth 2.0 and Mobile Devices: Is that a token in your phone in your pocket or...
OAuth 2.0 and Mobile Devices: Is that a token in your phone in your pocket or...OAuth 2.0 and Mobile Devices: Is that a token in your phone in your pocket or...
OAuth 2.0 and Mobile Devices: Is that a token in your phone in your pocket or...
 
1000 ways to die in mobile oauth
1000 ways to die in mobile oauth1000 ways to die in mobile oauth
1000 ways to die in mobile oauth
 
Beyond API Authorization
Beyond API AuthorizationBeyond API Authorization
Beyond API Authorization
 
Api security
Api security Api security
Api security
 
Oauth2.0 tutorial
Oauth2.0 tutorialOauth2.0 tutorial
Oauth2.0 tutorial
 
Securing APIs using OAuth 2.0
Securing APIs using OAuth 2.0Securing APIs using OAuth 2.0
Securing APIs using OAuth 2.0
 

Dernier

"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningLars Bell
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostZilliz
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfRankYa
 

Dernier (20)

"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine Tuning
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdf
 

How to authenticate users in your apps using FI-WARE Account - Introduction

  • 1. How to authenticate users in your apps using FI-WARE Account In this course you will learn to: § Use FI-WARE Account to create users, organizations and register your Applications. § Authenticate users in your apps with their credentials on FI-WARE using OAuth 2.0. They’ll securely access resources thanks to authorization in FI-WARE Account. 1
  • 2. Content 1. Introduction. Introduction to FI-WARE Account and OAuth 2.0. We’ll see key concepts and topics. 2. First steps in FI-WARE Account. Register on FI-WARE Account, create organizations and manage roles of users in your organizations. 3. Secure your web applications using OAuth 2.0. Secure your own web applications to authenticate your users with their username and password in FI-WARE Account. 4. Authenticate your users from native applications using OAuth 2.0. Adapt your native applications to authenticate your users with their username and password in FI-WARE Account. 5. Developing secured APIs using OAuth 2.0. Deploy a FI-WARE PEP Security Proxy in front of your backend to secure requests to your APIs. 6. Authorizing access to protected resources. Create roles in your applications to allow or deny access of users to protected resources. 2
  • 5. Identity Management in FI-WARE §  Management of users, their authentication and authorization, and privileges within organizations. §  Resources used: •  Users •  Organizations •  Roles •  Applications §  Users register themselves, create organizations, and assign roles into these organizations. §  It enables applications to access user’s protected information. •  Trusted environment •  OAuth 2.0 standard §  http://oauth.net/2/ •  PHP, Cocoa, iOS, Java, Ruby, Javascript, Python. 5
  • 8. OAuth 2.0 §  Mechanism to provide applications access to restricted resources without sharing credentials. §  Applications use access tokens, issued by OAuth providers (e.g. FI-WARE), to access resources. §  OAuth 2.0 specification is designed for use with HTTP. §  Roles: •  Resource Owner: Entity capable of granting access to a protected resource (e.g. end-user) •  Resource Server: Server hosting protected resources. •  Client: Application making protected resource requests on behalf of the resource owner. •  Authorization Server: The server issuing access tokens to the client. 8
  • 10. OAuth 2.0 Architecture Authorization Code Grant 6. Response code + myservice.com credentials 7. Ok, this is the Access Token 8. Access user’s resources with Access Token OAuth consumer myservice.com OAuth provider account.lab.fi-ware.org 10
  • 11. OAuth 2.0 Architecture Implicit Grant 6. Access user’s resources with Access Token OAuth consumer myservice.com OAuth provider account.lab.fi-ware.org 11
  • 12. OAuth 2.0 Arch. Resource Owner Password Credentials Grant 2. Give access with myservice.com credentials and user’s password credentials 3. OK, this is the access token OAuth consumer myservice.com 4. Access user’s resources with Access Token 12 OAuth provider account.lab.fi-ware.org
  • 13. OAuth 2.0 Architecture Client Credentials Grant 1. Client authentication with myservice.com credentials 2. OK, this is the access token OAuth consumer myservice.com 3. Access myservice.com resources with Access Token 13 OAuth provider account.lab.fi-ware.org
  • 14. Using the Access Token 14
  • 15. Using the Access Token FI-WARE Resource Providers GET /user?access_token=access_token Access protected user info with Access Token OAuth consumer myservice.com OAuth provider account.lab.fi-ware.org Acce ss p rotec ted r e sour ces GET https://ge_url HTTP/1.1 Host: GE_hostname Authorization: Bearer access_token with Acce ss T oken Generic Enablers *.fi-ware.org 15
  • 16. Using the Access Token Third-Party Resource Providers GET https://protected_url HTTP/1.1 Host: GE_hostname Authorization: Bearer access_token Access protected user info with Access Token OAuth consumer myservice.com PEP Proxy Unsecured Resource Provider 16
  • 17. Using the Access Token Cloud Hosting I GET /user?access_token=access_token Retrieve list of organizations OAuth consumer myservice.com Retr OAuth provider account.lab.fi-ware.org ieve Scop ed T oken in or g aniz ation ORG _ID POST http://cloud.lab.fi-ware.eu:4730/v2.0/tokens { "auth":{ "tenantID":”ORG_ID", "token":{ "id":"access_token" } } } 17 Keystone Proxy cloud.lab.fi-ware.org
  • 18. Using the Access Token Cloud Hosting II Access using Scoped Token DCRM GE cloud.lab.fi-ware.org Access using Scoped Token PaaS GE pegasus.lab.fi-ware.org Access using Scoped Token SDC GE saggita.lab.fi-ware.org Access using Scoped Token Object Storage GE 130.206.82.9 OAuth consumer myservice.com 18
  • 19. More Info §  FI-WARE Account’s OAuth 2.0 API: •  Documentation: https://github.com/ging/fi-ware-idm/wiki/ •  OAuth 2.0 API: https://github.com/ging/fi-ware-idm/wiki/Using-the-FI-LAB-instance §  OAuth 2.0 Specification: •  http://tools.ietf.org/html/rfc6749 §  FI-WARE PEP Proxy: •  https://github.com/ging/fi-ware-pep-proxy 19