SlideShare a Scribd company logo

The Hitchhiker's Guide to the Land of OAuth

Download as PPTX, PDF
Chris Adriaensen, profile picture
Chris Adriaensen

The document discusses OAuth 2.0 and related identity standards, emphasizing the evolution of web applications and client architecture. It outlines the roles of resource servers, authorization servers, and clients in access management and token security. Additionally, it covers concepts such as identity federation and user-managed access.

Technology
1 of 20
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
© 2016 ForgeRock. All rights reserved. Chris Adriaensen Senior Customer Engineer chris.adriaensen@forgerock.com @chrisadriaensen | @ForgeRock © 2017 ForgeRock. All rights reserved. The Hitchhiker’s Guide to the LAND of OAUTH
© 2016 ForgeRock. All rights reserved. © 2017 ForgeRock. All rights reserved. KJERAGBOLTEN NORWAY 2
© 2016 ForgeRock. All rights reserved. 3 “In the beginning the Internet was created. This has made a lot of people very angry and been widely regarded as a bad move.” © 2017 ForgeRock. All rights reserved.
© 2016 ForgeRock. All rights reserved. Desktop Web 1.0 Web 2.0 Mobile Embedded 4 Application Evolution © 2017 ForgeRock. All rights reserved. “Fat” Client “Thin” Client Internet SO LONG THX
© 2016 ForgeRock. All rights reserved. Requesting PartyClientsResources AccessResource Owner User Interface (GUI / PUI) Application Interface (REST / SOAP) User Interface (GUI / PUI) Application 5 Client Architecture © 2017 ForgeRock. All rights reserved.
© 2016 ForgeRock. All rights reserved. Resource Owner User Interface (GUI / PUI) Requesting PartyClientsResources Access User Interface (GUI / PUI) Application Interface (REST / SOAP) Application 6 Access Challenge © 2017 ForgeRock. All rights reserved. ID ID ID ID ID ID IDIDIDID ID
© 2016 ForgeRock. All rights reserved. 7 © 2017 ForgeRock. All rights reserved.
© 2016 ForgeRock. All rights reserved. Requesting Party User Interface (GUI / PUI) Resource Owner User Interface (GUI / PUI) ClientsResources Access Application Interface (REST / SOAP) Application 8 Identity Solution © 2017 ForgeRock. All rights reserved. ID ID ID ID ID ID ID ID IdentityID
© 2016 ForgeRock. All rights reserved. Requesting Party User Interface (GUI / PUI) Resource Owner User Interface (GUI / PUI) ClientsResources Access Application Interface (REST / SOAP) Application 9 Access Solution © 2017 ForgeRock. All rights reserved. ID ID ID ID ID IDID Access ID ID Identity
© 2016 ForgeRock. All rights reserved. 10 © 2017 ForgeRock. All rights reserved.
© 2016 ForgeRock. All rights reserved. CONSUMERENTERPRISE OASIS 11 Open Standards © 2017 ForgeRock. All rights reserved. IETF, OIDF & KANTARA OIDC Identity Federation UMA Access Federation OAuth Access Control Consent Security Scalability Browser Client Generic Client Statefull Design Stateless Design XML / SOAP JSON / REST JWT Identity 2000+ 2010+ SAML Identity Federation XACML Access Federation WS-* Access SAML Identity
© 2016 ForgeRock. All rights reserved. 12 © 2017 ForgeRock. All rights reserved.
© 2016 ForgeRock. All rights reserved. 13 OAuth 2.0 Standard © 2017 ForgeRock. All rights reserved. Resource Server Authorization Server Resource Owner Client Access Validate Manage Authorize Control Owner-to-App Sharing Synchronous Consent Access Integration Access Tokens
© 2016 ForgeRock. All rights reserved. 14 OAuth 2.0 Options © 2017 ForgeRock. All rights reserved. FLOW USAGE Authorization Grant User-Agent <> Client Implicit Grant Client Credentials Resource Owner Credentials Device Flow User-Agent == Client Client == Resource Owner Exceptional!! Constrained User Interface
© 2016 ForgeRock. All rights reserved. 15 OpenID Connect Standard © 2017 ForgeRock. All rights reserved. Authorization Server Identity Owner Client Access Manage Authenticate Control Identity Owner-to-App Sharing Synchronous Consent Access Integration Access Tokens Identity Tokens
© 2016 ForgeRock. All rights reserved. 16 User Managed Access Standard © 2017 ForgeRock. All rights reserved. Resource Server Authorization Server Requesting Party Client Authorize Access Protect Resource Owner Manage Manage Control Negotiate Owner-to-Party Sharing Asynchronous Consent Access Federation Access Tokens
© 2016 ForgeRock. All rights reserved. Requesting PartyClientsResources AccessResource Owner User Interface (GUI / PUI) Application Interface (REST / SOAP) User Interface (GUI / PUI) Application 17 Client Standards © 2017 ForgeRock. All rights reserved. OAuth 2.0 Device Flow Standard OAuth 2.0 User Managed Access OpenIDConnect
© 2016 ForgeRock. All rights reserved. 18 Token Security © 2017 ForgeRock. All rights reserved. CLIENT TOKEN Authentication & Authorization Signature Authentication & Authorization EncryptionSecure Channel Secure Channel SERVER Proof-of-PossessionSecure Storage Usage Analysis Liability Transit Owner
© 2016 ForgeRock. All rights reserved. 19 © 2017 ForgeRock. All rights reserved. “Protect your cookies... euhm tokens!”
© 2016 ForgeRock. All rights reserved. Chris Adriaensen Senior Customer Engineer chris.adriaensen@forgerock.com @chrisadriaensen | @ForgeRock © 2017 ForgeRock. All rights reserved. End of SHOW

More Related Content

PPTX
Internet of Things Security & Privacy
Chris Adriaensen
 
PPTX
UMA - An Open Standard for Consent-Driven Personal Data Sharing
Chris Adriaensen
 
PDF
The Future is Now: What’s New in ForgeRock Identity Management
ForgeRock
 
PPTX
Modern Authentication with OpenID Connect and IdentityServer 4 (umBristol - J...
Scott Brady
 
PDF
W3C Web Authentication - #idcon vol.24
Nov Matake
 
PPTX
How Secure is Azure?
Lai Yoong Seng
 
PDF
CloudFlare - The Heartbleed Bug - Webinar
Cloudflare
 
PDF
ID連携入門 (実習編) - Security Camp 2016
Nov Matake
 
Internet of Things Security & Privacy
Chris Adriaensen
 
UMA - An Open Standard for Consent-Driven Personal Data Sharing
Chris Adriaensen
 
The Future is Now: What’s New in ForgeRock Identity Management
ForgeRock
 
Modern Authentication with OpenID Connect and IdentityServer 4 (umBristol - J...
Scott Brady
 
W3C Web Authentication - #idcon vol.24
Nov Matake
 
How Secure is Azure?
Lai Yoong Seng
 
CloudFlare - The Heartbleed Bug - Webinar
Cloudflare
 
ID連携入門 (実習編) - Security Camp 2016
Nov Matake
 

What's hot (20)

PPTX
U2F/FIDO2 implementation of YubiKey
Haniyama Wataru
 
PDF
NIST SP 800-63C #idcon vol.22
Nov Matake
 
PDF
Web Authentication API
FIDO Alliance
 
PPTX
Secure Authorization for your Printer: The OAuth Device Flow (DevSum 2018)
Scott Brady
 
PDF
OpenID Tutorials
Nao Haida
 
PDF
CIS14: An Overview of FIDO's Universal Factor (UAF) Specifications
CloudIDSummit
 
PDF
SSL Certificate and Code Signing
Li-Wei Yao
 
PPTX
WSO2 Identity Server 5.3.0 - Product Release Webinar
WSO2
 
PDF
Single sign on using WSO2 identity server
WSO2
 
PPTX
Webinar: "Entitlements: Taking Control of the Big Data Gold Rush"
ForgeRock
 
PDF
OpenID Foundation FAPI WG: June 2017 Update
Nat Sakimura
 
PDF
FIDO alliance #idcon vol.18
Nov Matake
 
PPTX
Webinar: Customer Scale
ForgeRock
 
PDF
2014 voip방화벽 시온
시온시큐리티
 
PPTX
WSO2Con USA 2014 - Identity Server Tutorial
Prabath Siriwardena
 
PDF
Tokyo Seminar: FIDO Alliance Vision and Status
FIDO Alliance
 
PDF
Applying Security Controls on REST APIs
Erick Belluci Tedeschi
 
PPTX
F5 EMEA Webinar Oct'15: http2 how to ease the transition
Dmitry Tikhovich
 
PPTX
WSO2 - Identity Server & API Manager - TeamOpenBravo - IF4050
Mochammad Dikra Prasetya
 
PDF
OPTiM StoreにおけるSCIM & OIDC活用事例 - ID&IT 2016
Nov Matake
 
U2F/FIDO2 implementation of YubiKey
Haniyama Wataru
 
NIST SP 800-63C #idcon vol.22
Nov Matake
 
Web Authentication API
FIDO Alliance
 
Secure Authorization for your Printer: The OAuth Device Flow (DevSum 2018)
Scott Brady
 
OpenID Tutorials
Nao Haida
 
CIS14: An Overview of FIDO's Universal Factor (UAF) Specifications
CloudIDSummit
 
SSL Certificate and Code Signing
Li-Wei Yao
 
WSO2 Identity Server 5.3.0 - Product Release Webinar
WSO2
 
Single sign on using WSO2 identity server
WSO2
 
Webinar: "Entitlements: Taking Control of the Big Data Gold Rush"
ForgeRock
 
OpenID Foundation FAPI WG: June 2017 Update
Nat Sakimura
 
FIDO alliance #idcon vol.18
Nov Matake
 
Webinar: Customer Scale
ForgeRock
 
2014 voip방화벽 시온
시온시큐리티
 
WSO2Con USA 2014 - Identity Server Tutorial
Prabath Siriwardena
 
Tokyo Seminar: FIDO Alliance Vision and Status
FIDO Alliance
 
Applying Security Controls on REST APIs
Erick Belluci Tedeschi
 
F5 EMEA Webinar Oct'15: http2 how to ease the transition
Dmitry Tikhovich
 
WSO2 - Identity Server & API Manager - TeamOpenBravo - IF4050
Mochammad Dikra Prasetya
 
OPTiM StoreにおけるSCIM & OIDC活用事例 - ID&IT 2016
Nov Matake
 
Ad

Viewers also liked (9)

PPTX
NYC Identity Summit Tech Day: ForgeRock DevOps/Cloud Strategy
ForgeRock
 
PDF
The identity of things & the smart cities of tomorrow webinar may 2015
ForgeRock
 
PPTX
Provisioning IoT...Oh Baby You Know Meeee!
ForgeRock
 
PDF
Using Identity to Empower CIOs (Mike Ellis, CEO ForgeRock, Keynote)
ForgeRock
 
PPTX
Identity Summit 2015: AAMC Case Study: The top 5 challenges to a successful I...
ForgeRock
 
PDF
The Future is Now: The ForgeRock Identity Platform, Early 2017 Release
ForgeRock
 
PPTX
Identity Management with the ForgeRock Identity Platform - So What’s New?
ForgeRock
 
PDF
The Future is Now: What’s New in ForgeRock Directory Services
ForgeRock
 
PPTX
OpenAM - An Introduction
ForgeRock
 
NYC Identity Summit Tech Day: ForgeRock DevOps/Cloud Strategy
ForgeRock
 
The identity of things & the smart cities of tomorrow webinar may 2015
ForgeRock
 
Provisioning IoT...Oh Baby You Know Meeee!
ForgeRock
 
Using Identity to Empower CIOs (Mike Ellis, CEO ForgeRock, Keynote)
ForgeRock
 
Identity Summit 2015: AAMC Case Study: The top 5 challenges to a successful I...
ForgeRock
 
The Future is Now: The ForgeRock Identity Platform, Early 2017 Release
ForgeRock
 
Identity Management with the ForgeRock Identity Platform - So What’s New?
ForgeRock
 
The Future is Now: What’s New in ForgeRock Directory Services
ForgeRock
 
OpenAM - An Introduction
ForgeRock
 
Ad

Similar to The Hitchhiker's Guide to the Land of OAuth (20)

PDF
Internet of Things Security & Privacy
Chris Adriaensen
 
PDF
The Future is Now: What’s New in ForgeRock Access Management
ForgeRock
 
PDF
Sydney Identity Unconference Introduction and Highlights
ForgeRock
 
PPTX
Identity Live Sydney 2017 - Daniel Raskin
ForgeRock
 
PPTX
Identity Objects in Mirror Are Closer Than They Appear - Identity Live 2017 -...
ForgeRock
 
PDF
WebGL and Real-Time Web Communication
Peter Moskovits
 
PPTX
ThinManager® Delivering and Managing The Connected Enterprise: Introduction
Rockwell Automation
 
PPTX
Pre-Con Ed: How to Provide Mobile Users With a Convenient, Yet Secure, Sessio...
CA Technologies
 
PDF
Soirée Flex/RIA au Nantes jug
François Le Droff
 
PPTX
DeveloperWeek 2015 - WebRTC - Where to start and how to scale
Dialogic Inc.
 
PDF
Past, Present and Future of WebSocket - HTML5DevConf May 2014
Frank Greco
 
PPTX
Peer-to-Server Media in WebRTC (Enterprise Connect 2014)
Dialogic Inc.
 
PPTX
Microservices architecture
Daniel Foo
 
PPTX
Deploying WebRTC successfully – A web developer perspective
Dialogic Inc.
 
PDF
Oracle Code Capgemini: API management & microservices a match made in heaven
luisw19
 
PPTX
Identity Live London 2017 | Daniel Raskin
ForgeRock
 
PPTX
Identity Live London 2017 | Ashley Stevenson
ForgeRock
 
PPTX
Directory Services with the ForgeRock Identity Platform - So What’s New?
ForgeRock
 
PPTX
NYC Identity Summit Tech Day: ForgeRock Identity Platform Overview
ForgeRock
 
PDF
The Web of Things - IoTExpo SF - May 2014
Frank Greco
 
Internet of Things Security & Privacy
Chris Adriaensen
 
The Future is Now: What’s New in ForgeRock Access Management
ForgeRock
 
Sydney Identity Unconference Introduction and Highlights
ForgeRock
 
Identity Live Sydney 2017 - Daniel Raskin
ForgeRock
 
Identity Objects in Mirror Are Closer Than They Appear - Identity Live 2017 -...
ForgeRock
 
WebGL and Real-Time Web Communication
Peter Moskovits
 
ThinManager® Delivering and Managing The Connected Enterprise: Introduction
Rockwell Automation
 
Pre-Con Ed: How to Provide Mobile Users With a Convenient, Yet Secure, Sessio...
CA Technologies
 
Soirée Flex/RIA au Nantes jug
François Le Droff
 
DeveloperWeek 2015 - WebRTC - Where to start and how to scale
Dialogic Inc.
 
Past, Present and Future of WebSocket - HTML5DevConf May 2014
Frank Greco
 
Peer-to-Server Media in WebRTC (Enterprise Connect 2014)
Dialogic Inc.
 
Microservices architecture
Daniel Foo
 
Deploying WebRTC successfully – A web developer perspective
Dialogic Inc.
 
Oracle Code Capgemini: API management & microservices a match made in heaven
luisw19
 
Identity Live London 2017 | Daniel Raskin
ForgeRock
 
Identity Live London 2017 | Ashley Stevenson
ForgeRock
 
Directory Services with the ForgeRock Identity Platform - So What’s New?
ForgeRock
 
NYC Identity Summit Tech Day: ForgeRock Identity Platform Overview
ForgeRock
 
The Web of Things - IoTExpo SF - May 2014
Frank Greco
 

More from Chris Adriaensen (8)

PPTX
AWS Scalable Architectures - Serverless
Chris Adriaensen
 
PDF
Beyond Consumers - Devices As 1st Class Identities
Chris Adriaensen
 
PDF
A Marvelous Guide To Internet Security
Chris Adriaensen
 
PDF
The Relationship Model
Chris Adriaensen
 
PPTX
EU Single Digital Market - eIDAS To The Rescue
Chris Adriaensen
 
PPTX
Trust - A Rare Commodity (Extended)
Chris Adriaensen
 
PPTX
The Relationship Battle
Chris Adriaensen
 
PPTX
De Burger in Controle? Standaarden en Technologie voor Persoonlijke Gegevenst...
Chris Adriaensen
 
AWS Scalable Architectures - Serverless
Chris Adriaensen
 
Beyond Consumers - Devices As 1st Class Identities
Chris Adriaensen
 
A Marvelous Guide To Internet Security
Chris Adriaensen
 
The Relationship Model
Chris Adriaensen
 
EU Single Digital Market - eIDAS To The Rescue
Chris Adriaensen
 
Trust - A Rare Commodity (Extended)
Chris Adriaensen
 
The Relationship Battle
Chris Adriaensen
 
De Burger in Controle? Standaarden en Technologie voor Persoonlijke Gegevenst...
Chris Adriaensen
 

Recently uploaded (20)

PDF
Enhancing emotion recognition model for a student engagement use case through...
IAESIJAI
 
PDF
Web App vs Mobile App What Should You Build First.pdf
KodekX
 
PDF
Getting started with AI Agents and Multi-Agent Systems
Maxim Salnikov
 
PDF
Video forgery: An extensive analysis of inter-and intra-frame manipulation al...
IAESIJAI
 
PPTX
Programs and apps: productivity, graphics, security and other tools
4mqw9zch22
 
PPT
Module 1.ppt Iot fundamentals and Architecture
nanditha7766
 
PDF
A comparative study of natural language inference in Swahili using monolingua...
IAESIJAI
 
PDF
Developing a website for English-speaking practice to English as a foreign la...
IAESIJAI
 
PPTX
The various Industrial Revolutions .pptx
bandileshozi3
 
PPTX
1. Introduction to Computer Programming.pptx
bonakiduza1024
 
PDF
A contest of sentiment analysis: k-nearest neighbor versus neural network
IAESIJAI
 
PPTX
Group 1 Presentation -Planning and Decision Making .pptx
MatthewLewis227954
 
PDF
Architecture types and enterprise applications.pdf
ChristopherTHyatt
 
PDF
2021 HotChips TSMC Packaging Technologies for Chiplets and 3D_0819 publish_pu...
KeXue5
 
PPTX
cloud_computing_Infrastucture_as_cloud_p
mainakbhattacharya20
 
PPTX
observCloud-Native Containerability and monitoring.pptx
anupsingh76937
 
PDF
From MVP to Full-Scale Product A Startup’s Software Journey.pdf
KodekX
 
PDF
Zenith AI: Advanced Artificial Intelligence
Biz Preneurs
 
PDF
ENT215_Completing-a-large-scale-migration-and-modernization-with-AWS.pdf
ssuser28425f
 
PPTX
Final SEM Unit 1 for mit wpu at pune .pptx
anishtilekar08
 
Enhancing emotion recognition model for a student engagement use case through...
IAESIJAI
 
Web App vs Mobile App What Should You Build First.pdf
KodekX
 
Getting started with AI Agents and Multi-Agent Systems
Maxim Salnikov
 
Video forgery: An extensive analysis of inter-and intra-frame manipulation al...
IAESIJAI
 
Programs and apps: productivity, graphics, security and other tools
4mqw9zch22
 
Module 1.ppt Iot fundamentals and Architecture
nanditha7766
 
A comparative study of natural language inference in Swahili using monolingua...
IAESIJAI
 
Developing a website for English-speaking practice to English as a foreign la...
IAESIJAI
 
The various Industrial Revolutions .pptx
bandileshozi3
 
1. Introduction to Computer Programming.pptx
bonakiduza1024
 
A contest of sentiment analysis: k-nearest neighbor versus neural network
IAESIJAI
 
Group 1 Presentation -Planning and Decision Making .pptx
MatthewLewis227954
 
Architecture types and enterprise applications.pdf
ChristopherTHyatt
 
2021 HotChips TSMC Packaging Technologies for Chiplets and 3D_0819 publish_pu...
KeXue5
 
cloud_computing_Infrastucture_as_cloud_p
mainakbhattacharya20
 
observCloud-Native Containerability and monitoring.pptx
anupsingh76937
 
From MVP to Full-Scale Product A Startup’s Software Journey.pdf
KodekX
 
Zenith AI: Advanced Artificial Intelligence
Biz Preneurs
 
ENT215_Completing-a-large-scale-migration-and-modernization-with-AWS.pdf
ssuser28425f
 
Final SEM Unit 1 for mit wpu at pune .pptx
anishtilekar08
 

The Hitchhiker's Guide to the Land of OAuth

  • 1. © 2016 ForgeRock. All rights reserved. Chris Adriaensen Senior Customer Engineer chris.adriaensen@forgerock.com @chrisadriaensen | @ForgeRock © 2017 ForgeRock. All rights reserved. The Hitchhiker’s Guide to the LAND of OAUTH
  • 2. © 2016 ForgeRock. All rights reserved. © 2017 ForgeRock. All rights reserved. KJERAGBOLTEN NORWAY 2
  • 3. © 2016 ForgeRock. All rights reserved. 3 “In the beginning the Internet was created. This has made a lot of people very angry and been widely regarded as a bad move.” © 2017 ForgeRock. All rights reserved.
  • 4. © 2016 ForgeRock. All rights reserved. Desktop Web 1.0 Web 2.0 Mobile Embedded 4 Application Evolution © 2017 ForgeRock. All rights reserved. “Fat” Client “Thin” Client Internet SO LONG THX
  • 5. © 2016 ForgeRock. All rights reserved. Requesting PartyClientsResources AccessResource Owner User Interface (GUI / PUI) Application Interface (REST / SOAP) User Interface (GUI / PUI) Application 5 Client Architecture © 2017 ForgeRock. All rights reserved.
  • 6. © 2016 ForgeRock. All rights reserved. Resource Owner User Interface (GUI / PUI) Requesting PartyClientsResources Access User Interface (GUI / PUI) Application Interface (REST / SOAP) Application 6 Access Challenge © 2017 ForgeRock. All rights reserved. ID ID ID ID ID ID IDIDIDID ID
  • 7. © 2016 ForgeRock. All rights reserved. 7 © 2017 ForgeRock. All rights reserved.
  • 8. © 2016 ForgeRock. All rights reserved. Requesting Party User Interface (GUI / PUI) Resource Owner User Interface (GUI / PUI) ClientsResources Access Application Interface (REST / SOAP) Application 8 Identity Solution © 2017 ForgeRock. All rights reserved. ID ID ID ID ID ID ID ID IdentityID
  • 9. © 2016 ForgeRock. All rights reserved. Requesting Party User Interface (GUI / PUI) Resource Owner User Interface (GUI / PUI) ClientsResources Access Application Interface (REST / SOAP) Application 9 Access Solution © 2017 ForgeRock. All rights reserved. ID ID ID ID ID IDID Access ID ID Identity
  • 10. © 2016 ForgeRock. All rights reserved. 10 © 2017 ForgeRock. All rights reserved.
  • 11. © 2016 ForgeRock. All rights reserved. CONSUMERENTERPRISE OASIS 11 Open Standards © 2017 ForgeRock. All rights reserved. IETF, OIDF & KANTARA OIDC Identity Federation UMA Access Federation OAuth Access Control Consent Security Scalability Browser Client Generic Client Statefull Design Stateless Design XML / SOAP JSON / REST JWT Identity 2000+ 2010+ SAML Identity Federation XACML Access Federation WS-* Access SAML Identity
  • 12. © 2016 ForgeRock. All rights reserved. 12 © 2017 ForgeRock. All rights reserved.
  • 13. © 2016 ForgeRock. All rights reserved. 13 OAuth 2.0 Standard © 2017 ForgeRock. All rights reserved. Resource Server Authorization Server Resource Owner Client Access Validate Manage Authorize Control Owner-to-App Sharing Synchronous Consent Access Integration Access Tokens
  • 14. © 2016 ForgeRock. All rights reserved. 14 OAuth 2.0 Options © 2017 ForgeRock. All rights reserved. FLOW USAGE Authorization Grant User-Agent <> Client Implicit Grant Client Credentials Resource Owner Credentials Device Flow User-Agent == Client Client == Resource Owner Exceptional!! Constrained User Interface
  • 15. © 2016 ForgeRock. All rights reserved. 15 OpenID Connect Standard © 2017 ForgeRock. All rights reserved. Authorization Server Identity Owner Client Access Manage Authenticate Control Identity Owner-to-App Sharing Synchronous Consent Access Integration Access Tokens Identity Tokens
  • 16. © 2016 ForgeRock. All rights reserved. 16 User Managed Access Standard © 2017 ForgeRock. All rights reserved. Resource Server Authorization Server Requesting Party Client Authorize Access Protect Resource Owner Manage Manage Control Negotiate Owner-to-Party Sharing Asynchronous Consent Access Federation Access Tokens
  • 17. © 2016 ForgeRock. All rights reserved. Requesting PartyClientsResources AccessResource Owner User Interface (GUI / PUI) Application Interface (REST / SOAP) User Interface (GUI / PUI) Application 17 Client Standards © 2017 ForgeRock. All rights reserved. OAuth 2.0 Device Flow Standard OAuth 2.0 User Managed Access OpenIDConnect
  • 18. © 2016 ForgeRock. All rights reserved. 18 Token Security © 2017 ForgeRock. All rights reserved. CLIENT TOKEN Authentication & Authorization Signature Authentication & Authorization EncryptionSecure Channel Secure Channel SERVER Proof-of-PossessionSecure Storage Usage Analysis Liability Transit Owner
  • 19. © 2016 ForgeRock. All rights reserved. 19 © 2017 ForgeRock. All rights reserved. “Protect your cookies... euhm tokens!”
  • 20. © 2016 ForgeRock. All rights reserved. Chris Adriaensen Senior Customer Engineer chris.adriaensen@forgerock.com @chrisadriaensen | @ForgeRock © 2017 ForgeRock. All rights reserved. End of SHOW