SlideShare a Scribd company logo

CIS14: OAuth and OpenID Connect in Action

CloudIDSummit, profile picture
CloudIDSummit

The document outlines the steps for implementing OAuth and OpenID Connect with Salesforce Identity, highlighting client registration, metadata retrieval, client initialization, and token usage. It also covers the use of social sign-on and just-in-time provisioning for improved federation, along with advanced features like enterprise policies and two-factor authentication. Additionally, it emphasizes the importance of refresh tokens for single sign-on (SSO) capabilities.

Technology
1 of 31
Downloaded 27 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
OAuth & OpenID Connect in Action Chuck Mortimore VP, Product Management Salesforce Identity @cmort
a quick demo client
CIS14: OAuth and OpenID Connect in Action
the world’s simplest client
1) Register an App 2) Get your Metadata 3) Create (initialize) your Client 4) Use your Tokens
1) Register an App
2) Get your Metadata https://login.salesforce.com/.well-known/openid-configuration
2) Get your Metadata { "issuer": "https://login.salesforce.com", "authorization_endpoint": "https://login.salesforce.com/services/oauth2/authorize", "token_endpoint": "https://login.salesforce.com/services/oauth2/token", "revocation_endpoint": "https://login.salesforce.com/services/oauth2/revoke", "userinfo_endpoint": "https://login.salesforce.com/services/oauth2/userinfo", "jwks_uri": "https://login.salesforce.com/id/keys", "scopes_supported": ["id", "api", "web", "full", "chatter_api", "visualforce", "refresh_token", "openid"], "response_types_supported": ["code", "token", "token id_token"], "subject_types_supported": ["public"], "id_token_signing_alg_values_supported": ["RS256"], "display_values_supported": ["page", "popup", "touch"], "token_endpoint_auth_methods_supported": ["client_secret_post", "private_key_jwt"] }
3) Create your Client https://login.salesforce.com/services/oauth2/authorize? response_type=code&redirect_uri=https%3A%2F %2Flocalhost&client_id=… curl -H 'Content-Type: application/x-www-form-urlencoded' -d "client_id=...&client_secret=...&redirect_uri=https%3A%2F %2Flocalhost&grant_type=authorization_code&code=..." https:// login.salesforce.com/services/oauth2/token …and validate your id_token
4) Use your access_token curl -H "Authorization: Bearer ..." https://login.salesforce.com/ services/oauth2/userprofile
CIS14: OAuth and OpenID Connect in Action
so what can we do with all this plumbing?
social sign-on
1) Register an App
2) Get your Metadata https://accounts.google.com/.well-known/openid-configuration
3) Initialize your client software
4) Just-in-Time Provisioning
faster, simpler, better federation
1) Register an App
2) Get your Metadata https://gold.pinglabs.net:9031/.well-known/openid-configuration
3) Initialize your client software
4) Map Users
5) Access APIs!
enterprise mobile apps
Let’s build this App
Refresh Tokens provide “SSO”
Let’s Layer in Federation
Let’s add Enterprise Policies
How about Two Factor Authentication
Bonus: Custom Claims
CIS14: OAuth and OpenID Connect in Action

More Related Content

PDF
OAuth2 and Spring Security
Orest Ivasiv
 
PDF
OAuth2 and LinkedIn
Kamyar Mohager
 
PDF
Pocket Authentication with OAuth on Firefox OS
Chih-Hsuan Kuo
 
PPTX
A simple PHP LinkedIn OAuth 2.0 example
Mattia Reggiani
 
PPTX
Social Gold in-Flash Webinar Jan 2010
Social Gold
 
PPTX
UC2013 Speed Geeking: Intro to OAuth2
Aaron Parecki
 
PPT
Linkedin & OAuth
Umang Goyal
 
PDF
Spring security oauth2
axykim00
 
OAuth2 and Spring Security
Orest Ivasiv
 
OAuth2 and LinkedIn
Kamyar Mohager
 
Pocket Authentication with OAuth on Firefox OS
Chih-Hsuan Kuo
 
A simple PHP LinkedIn OAuth 2.0 example
Mattia Reggiani
 
Social Gold in-Flash Webinar Jan 2010
Social Gold
 
UC2013 Speed Geeking: Intro to OAuth2
Aaron Parecki
 
Linkedin & OAuth
Umang Goyal
 
Spring security oauth2
axykim00
 

Similar to CIS14: OAuth and OpenID Connect in Action (20)

PDF
Digging Deeper into Desktop and Mobile App Security
Salesforce Developers
 
PDF
Créer une App Microsoft Teams : REX - Replay Microsoft Experiences 2018
Guillaume Meyer
 
PDF
iMasters Intercon 2016 - Identity within Microservices
Erick Belluci Tedeschi
 
PDF
InterCon 2016 - Segurança de identidade digital levando em consideração uma a...
iMasters
 
PPTX
Esquema de pasos de ejecución IdM
Fernando Lopez Aguilar
 
PDF
OAuth 2.0
Uwe Friedrichsen
 
PDF
A Detailed Guide to Securing React applications with Keycloak - WalkingTree ...
Ganesh Kumar
 
PDF
OAuth 2.0 – A standard is coming of age by Uwe Friedrichsen
Codemotion
 
PPTX
Inbound rest web service
David Boukhors
 
PPTX
OAuth with Salesforce - Demystified
Calvin Noronha
 
PPT
UserCentric Identity based Service Invocation
guestd5dde6
 
PDF
How we eased out security journey with OAuth (Goodbye Kerberos!) | Paul Makka...
HostedbyConfluent
 
PDF
Nk API - examples
nasza-klasa
 
PDF
SoftLayer API 12032015
Nacho Daza
 
PDF
BlueHat v17 || Where, how, and why is SSL traffic on mobile getting intercept...
BlueHat Security Conference
 
PDF
Mobile Authentication - Onboarding, best practices & anti-patterns
Pieter Ennes
 
PPTX
Using ArcGIS with OAuth 2.0 - Esri DevSummit Dubai 2013
Aaron Parecki
 
PDF
OAuth In The Real World : 10 actual implementations you can't guess
Mehdi Medjaoui
 
PDF
Integrating WordPress With Web APIs
randyhoyt
 
PPTX
How to Use Stormpath in angular js
Stormpath
 
Digging Deeper into Desktop and Mobile App Security
Salesforce Developers
 
Créer une App Microsoft Teams : REX - Replay Microsoft Experiences 2018
Guillaume Meyer
 
iMasters Intercon 2016 - Identity within Microservices
Erick Belluci Tedeschi
 
InterCon 2016 - Segurança de identidade digital levando em consideração uma a...
iMasters
 
Esquema de pasos de ejecución IdM
Fernando Lopez Aguilar
 
OAuth 2.0
Uwe Friedrichsen
 
A Detailed Guide to Securing React applications with Keycloak - WalkingTree ...
Ganesh Kumar
 
OAuth 2.0 – A standard is coming of age by Uwe Friedrichsen
Codemotion
 
Inbound rest web service
David Boukhors
 
OAuth with Salesforce - Demystified
Calvin Noronha
 
UserCentric Identity based Service Invocation
guestd5dde6
 
How we eased out security journey with OAuth (Goodbye Kerberos!) | Paul Makka...
HostedbyConfluent
 
Nk API - examples
nasza-klasa
 
SoftLayer API 12032015
Nacho Daza
 
BlueHat v17 || Where, how, and why is SSL traffic on mobile getting intercept...
BlueHat Security Conference
 
Mobile Authentication - Onboarding, best practices & anti-patterns
Pieter Ennes
 
Using ArcGIS with OAuth 2.0 - Esri DevSummit Dubai 2013
Aaron Parecki
 
OAuth In The Real World : 10 actual implementations you can't guess
Mehdi Medjaoui
 
Integrating WordPress With Web APIs
randyhoyt
 
How to Use Stormpath in angular js
Stormpath
 
Ad

More from CloudIDSummit (20)

PPTX
CIS 2016 Content Highlights
CloudIDSummit
 
PPTX
Top 6 Reasons You Should Attend Cloud Identity Summit 2016
CloudIDSummit
 
PDF
CIS 2015 Security Without Borders: Taming the Cloud and Mobile Frontier - And...
CloudIDSummit
 
PDF
Mobile security, identity & authentication reasons for optimism 20150607 v2
CloudIDSummit
 
PDF
CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...
CloudIDSummit
 
PDF
CIS 2015 Virtual Identity: The Vision, Challenges and Experiences in Driving ...
CloudIDSummit
 
PDF
CIS 2015 Deploying Strong Authentication to a Global Enterprise: A Comedy in ...
CloudIDSummit
 
PDF
CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons ...
CloudIDSummit
 
PDF
CIS 2015 Mergers & Acquisitions in a Cloud Enabled World - Brian Puhl
CloudIDSummit
 
PDF
CIS 2015 IoT and IDM in your Mobile Enterprise - Brian Katz
CloudIDSummit
 
PDF
CIS 2015 Practical Deployments Enterprise Cloud Access Management Platform - ...
CloudIDSummit
 
PDF
CIS 2015 What I Learned From Pitching IAM To My CIO - Steve Tout
CloudIDSummit
 
PDF
CIS 2015 How to secure the Internet of Things? Hannes Tschofenig
CloudIDSummit
 
PDF
CIS 2015 The IDaaS Dating Game - Sean Deuby
CloudIDSummit
 
PDF
CIS 2015 SSO for Mobile and Web Apps Ashish Jain
CloudIDSummit
 
PDF
The Industrial Internet, the Identity of Everything and the Industrial Enterp...
CloudIDSummit
 
PDF
CIS 2015 SAML-IN / SAML-OUT - Scott Tomilson & John Dasilva
CloudIDSummit
 
PDF
CIS 2015 Session Management at Scale - Scott Tomilson & Jamshid Khosravian
CloudIDSummit
 
PDF
CIS 2015 So you want to SSO … Scott Tomilson & John Dasilva
CloudIDSummit
 
PDF
CIS 2015 Identity Relationship Management in the Internet of Things
CloudIDSummit
 
CIS 2016 Content Highlights
CloudIDSummit
 
Top 6 Reasons You Should Attend Cloud Identity Summit 2016
CloudIDSummit
 
CIS 2015 Security Without Borders: Taming the Cloud and Mobile Frontier - And...
CloudIDSummit
 
Mobile security, identity & authentication reasons for optimism 20150607 v2
CloudIDSummit
 
CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...
CloudIDSummit
 
CIS 2015 Virtual Identity: The Vision, Challenges and Experiences in Driving ...
CloudIDSummit
 
CIS 2015 Deploying Strong Authentication to a Global Enterprise: A Comedy in ...
CloudIDSummit
 
CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons ...
CloudIDSummit
 
CIS 2015 Mergers & Acquisitions in a Cloud Enabled World - Brian Puhl
CloudIDSummit
 
CIS 2015 IoT and IDM in your Mobile Enterprise - Brian Katz
CloudIDSummit
 
CIS 2015 Practical Deployments Enterprise Cloud Access Management Platform - ...
CloudIDSummit
 
CIS 2015 What I Learned From Pitching IAM To My CIO - Steve Tout
CloudIDSummit
 
CIS 2015 How to secure the Internet of Things? Hannes Tschofenig
CloudIDSummit
 
CIS 2015 The IDaaS Dating Game - Sean Deuby
CloudIDSummit
 
CIS 2015 SSO for Mobile and Web Apps Ashish Jain
CloudIDSummit
 
The Industrial Internet, the Identity of Everything and the Industrial Enterp...
CloudIDSummit
 
CIS 2015 SAML-IN / SAML-OUT - Scott Tomilson & John Dasilva
CloudIDSummit
 
CIS 2015 Session Management at Scale - Scott Tomilson & Jamshid Khosravian
CloudIDSummit
 
CIS 2015 So you want to SSO … Scott Tomilson & John Dasilva
CloudIDSummit
 
CIS 2015 Identity Relationship Management in the Internet of Things
CloudIDSummit
 
Ad

Recently uploaded (20)

PDF
A comparative analysis of optical character recognition models for extracting...
IAESIJAI
 
PDF
Agricultural_Statistics_at_a_Glance_2022_0.pdf
SandeepSingh286037
 
PDF
Unlocking AI with Model Context Protocol (MCP)
Brian McKeiver
 
PDF
MIND Revenue Release Quarter 2 2025 Press Release
MIND CTI
 
PDF
cuic standard and advanced reporting.pdf
SimoneTitaniumTomase
 
PDF
TokAI - TikTok AI Agent : The First AI Application That Analyzes 10,000+ Vira...
SOFTTECHHUB
 
PPTX
VMware vSphere Foundation How to Sell Presentation-Ver1.4-2-14-2024.pptx
blackmambaettijean
 
PDF
Per capita expenditure prediction using model stacking based on satellite ima...
IAESIJAI
 
PPTX
20250228 LYD VKU AI Blended-Learning.pptx
DatVoNgoc
 
PDF
Chapter 3 Spatial Domain Image Processing.pdf
Getnet Tigabie Askale -(GM)
 
PPTX
A Presentation on Artificial Intelligence
memembruh336
 
DOCX
The AUB Centre for AI in Media Proposal.docx
GAONE9
 
PDF
Machine learning based COVID-19 study performance prediction
IAESIJAI
 
PDF
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
PDF
Empathic Computing: Creating Shared Understanding
Mark Billinghurst
 
PPTX
MYSQL Presentation for SQL database connectivity
Swati270511
 
PDF
Optimiser vos workloads AI/ML sur Amazon EC2 et AWS Graviton
Julien SIMON
 
PPTX
Big Data Technologies - Introduction.pptx
kuthubussaman1
 
PDF
The Rise and Fall of 3GPP – Time for a Sabbatical?
3G4G
 
PDF
gpt5_lecture_notes_comprehensive_20250812015547.pdf
Chinchu40
 
A comparative analysis of optical character recognition models for extracting...
IAESIJAI
 
Agricultural_Statistics_at_a_Glance_2022_0.pdf
SandeepSingh286037
 
Unlocking AI with Model Context Protocol (MCP)
Brian McKeiver
 
MIND Revenue Release Quarter 2 2025 Press Release
MIND CTI
 
cuic standard and advanced reporting.pdf
SimoneTitaniumTomase
 
TokAI - TikTok AI Agent : The First AI Application That Analyzes 10,000+ Vira...
SOFTTECHHUB
 
VMware vSphere Foundation How to Sell Presentation-Ver1.4-2-14-2024.pptx
blackmambaettijean
 
Per capita expenditure prediction using model stacking based on satellite ima...
IAESIJAI
 
20250228 LYD VKU AI Blended-Learning.pptx
DatVoNgoc
 
Chapter 3 Spatial Domain Image Processing.pdf
Getnet Tigabie Askale -(GM)
 
A Presentation on Artificial Intelligence
memembruh336
 
The AUB Centre for AI in Media Proposal.docx
GAONE9
 
Machine learning based COVID-19 study performance prediction
IAESIJAI
 
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
Empathic Computing: Creating Shared Understanding
Mark Billinghurst
 
MYSQL Presentation for SQL database connectivity
Swati270511
 
Optimiser vos workloads AI/ML sur Amazon EC2 et AWS Graviton
Julien SIMON
 
Big Data Technologies - Introduction.pptx
kuthubussaman1
 
The Rise and Fall of 3GPP – Time for a Sabbatical?
3G4G
 
gpt5_lecture_notes_comprehensive_20250812015547.pdf
Chinchu40
 

CIS14: OAuth and OpenID Connect in Action

  • 1. OAuth & OpenID Connect in Action Chuck Mortimore VP, Product Management Salesforce Identity @cmort
  • 2. a quick demo client
  • 5. 1) Register an App 2) Get your Metadata 3) Create (initialize) your Client 4) Use your Tokens
  • 7. 2) Get your Metadata https://login.salesforce.com/.well-known/openid-configuration
  • 8. 2) Get your Metadata { "issuer": "https://login.salesforce.com", "authorization_endpoint": "https://login.salesforce.com/services/oauth2/authorize", "token_endpoint": "https://login.salesforce.com/services/oauth2/token", "revocation_endpoint": "https://login.salesforce.com/services/oauth2/revoke", "userinfo_endpoint": "https://login.salesforce.com/services/oauth2/userinfo", "jwks_uri": "https://login.salesforce.com/id/keys", "scopes_supported": ["id", "api", "web", "full", "chatter_api", "visualforce", "refresh_token", "openid"], "response_types_supported": ["code", "token", "token id_token"], "subject_types_supported": ["public"], "id_token_signing_alg_values_supported": ["RS256"], "display_values_supported": ["page", "popup", "touch"], "token_endpoint_auth_methods_supported": ["client_secret_post", "private_key_jwt"] }
  • 9. 3) Create your Client https://login.salesforce.com/services/oauth2/authorize? response_type=code&redirect_uri=https%3A%2F %2Flocalhost&client_id=… curl -H 'Content-Type: application/x-www-form-urlencoded' -d "client_id=...&client_secret=...&redirect_uri=https%3A%2F %2Flocalhost&grant_type=authorization_code&code=..." https:// login.salesforce.com/services/oauth2/token …and validate your id_token
  • 10. 4) Use your access_token curl -H "Authorization: Bearer ..." https://login.salesforce.com/ services/oauth2/userprofile
  • 12. so what can we do with all this plumbing?
  • 15. 2) Get your Metadata https://accounts.google.com/.well-known/openid-configuration
  • 16. 3) Initialize your client software
  • 20. 2) Get your Metadata https://gold.pinglabs.net:9031/.well-known/openid-configuration
  • 21. 3) Initialize your client software
  • 27. Let’s Layer in Federation
  • 29. How about Two Factor Authentication