cis14: oauth and openid connect in action
DESCRIPTION
Chuck Mortimore, Salesforcce.com Setup and walk-through of live demos, demonstrating interop of various providers and showing real enterprise use-cases.TRANSCRIPT
![Page 1: CIS14: OAuth and OpenID Connect in Action](https://reader033.vdocuments.mx/reader033/viewer/2022050921/5559552bd8b42a93708b482c/html5/thumbnails/1.jpg)
OAuth & OpenID Connect in ActionChuck Mortimore VP, Product Management Salesforce Identity @cmort
![Page 2: CIS14: OAuth and OpenID Connect in Action](https://reader033.vdocuments.mx/reader033/viewer/2022050921/5559552bd8b42a93708b482c/html5/thumbnails/2.jpg)
a quick demo client
![Page 3: CIS14: OAuth and OpenID Connect in Action](https://reader033.vdocuments.mx/reader033/viewer/2022050921/5559552bd8b42a93708b482c/html5/thumbnails/3.jpg)
![Page 4: CIS14: OAuth and OpenID Connect in Action](https://reader033.vdocuments.mx/reader033/viewer/2022050921/5559552bd8b42a93708b482c/html5/thumbnails/4.jpg)
the world’s simplest client
![Page 5: CIS14: OAuth and OpenID Connect in Action](https://reader033.vdocuments.mx/reader033/viewer/2022050921/5559552bd8b42a93708b482c/html5/thumbnails/5.jpg)
1) Register an App 2) Get your Metadata 3) Create (initialize) your Client 4) Use your Tokens
![Page 6: CIS14: OAuth and OpenID Connect in Action](https://reader033.vdocuments.mx/reader033/viewer/2022050921/5559552bd8b42a93708b482c/html5/thumbnails/6.jpg)
1) Register an App
![Page 7: CIS14: OAuth and OpenID Connect in Action](https://reader033.vdocuments.mx/reader033/viewer/2022050921/5559552bd8b42a93708b482c/html5/thumbnails/7.jpg)
2) Get your Metadata
https://login.salesforce.com/.well-known/openid-configuration
![Page 8: CIS14: OAuth and OpenID Connect in Action](https://reader033.vdocuments.mx/reader033/viewer/2022050921/5559552bd8b42a93708b482c/html5/thumbnails/8.jpg)
2) Get your Metadata { "issuer": "https://login.salesforce.com", "authorization_endpoint": "https://login.salesforce.com/services/oauth2/authorize", "token_endpoint": "https://login.salesforce.com/services/oauth2/token", "revocation_endpoint": "https://login.salesforce.com/services/oauth2/revoke", "userinfo_endpoint": "https://login.salesforce.com/services/oauth2/userinfo", "jwks_uri": "https://login.salesforce.com/id/keys", "scopes_supported": ["id", "api", "web", "full", "chatter_api", "visualforce", "refresh_token", "openid"], "response_types_supported": ["code", "token", "token id_token"], "subject_types_supported": ["public"], "id_token_signing_alg_values_supported": ["RS256"], "display_values_supported": ["page", "popup", "touch"], "token_endpoint_auth_methods_supported": ["client_secret_post", "private_key_jwt"] }
![Page 9: CIS14: OAuth and OpenID Connect in Action](https://reader033.vdocuments.mx/reader033/viewer/2022050921/5559552bd8b42a93708b482c/html5/thumbnails/9.jpg)
3) Create your Client
https://login.salesforce.com/services/oauth2/authorize?response_type=code&redirect_uri=https%3A%2F
%2Flocalhost&client_id=…
curl -H 'Content-Type: application/x-www-form-urlencoded' -d "client_id=...&client_secret=...&redirect_uri=https%3A%2F
%2Flocalhost&grant_type=authorization_code&code=..." https://login.salesforce.com/services/oauth2/token
…and validate your id_token
![Page 10: CIS14: OAuth and OpenID Connect in Action](https://reader033.vdocuments.mx/reader033/viewer/2022050921/5559552bd8b42a93708b482c/html5/thumbnails/10.jpg)
4) Use your access_token
curl -H "Authorization: Bearer ..." https://login.salesforce.com/services/oauth2/userprofile
![Page 11: CIS14: OAuth and OpenID Connect in Action](https://reader033.vdocuments.mx/reader033/viewer/2022050921/5559552bd8b42a93708b482c/html5/thumbnails/11.jpg)
![Page 12: CIS14: OAuth and OpenID Connect in Action](https://reader033.vdocuments.mx/reader033/viewer/2022050921/5559552bd8b42a93708b482c/html5/thumbnails/12.jpg)
so what can we do with all this plumbing?
![Page 13: CIS14: OAuth and OpenID Connect in Action](https://reader033.vdocuments.mx/reader033/viewer/2022050921/5559552bd8b42a93708b482c/html5/thumbnails/13.jpg)
social sign-on
![Page 14: CIS14: OAuth and OpenID Connect in Action](https://reader033.vdocuments.mx/reader033/viewer/2022050921/5559552bd8b42a93708b482c/html5/thumbnails/14.jpg)
1) Register an App
![Page 15: CIS14: OAuth and OpenID Connect in Action](https://reader033.vdocuments.mx/reader033/viewer/2022050921/5559552bd8b42a93708b482c/html5/thumbnails/15.jpg)
2) Get your Metadata
https://accounts.google.com/.well-known/openid-configuration
![Page 16: CIS14: OAuth and OpenID Connect in Action](https://reader033.vdocuments.mx/reader033/viewer/2022050921/5559552bd8b42a93708b482c/html5/thumbnails/16.jpg)
3) Initialize your client software
![Page 17: CIS14: OAuth and OpenID Connect in Action](https://reader033.vdocuments.mx/reader033/viewer/2022050921/5559552bd8b42a93708b482c/html5/thumbnails/17.jpg)
4) Just-in-Time Provisioning
![Page 18: CIS14: OAuth and OpenID Connect in Action](https://reader033.vdocuments.mx/reader033/viewer/2022050921/5559552bd8b42a93708b482c/html5/thumbnails/18.jpg)
faster, simpler, better federation
![Page 19: CIS14: OAuth and OpenID Connect in Action](https://reader033.vdocuments.mx/reader033/viewer/2022050921/5559552bd8b42a93708b482c/html5/thumbnails/19.jpg)
1) Register an App
![Page 20: CIS14: OAuth and OpenID Connect in Action](https://reader033.vdocuments.mx/reader033/viewer/2022050921/5559552bd8b42a93708b482c/html5/thumbnails/20.jpg)
2) Get your Metadata
https://gold.pinglabs.net:9031/.well-known/openid-configuration
![Page 21: CIS14: OAuth and OpenID Connect in Action](https://reader033.vdocuments.mx/reader033/viewer/2022050921/5559552bd8b42a93708b482c/html5/thumbnails/21.jpg)
3) Initialize your client software
![Page 22: CIS14: OAuth and OpenID Connect in Action](https://reader033.vdocuments.mx/reader033/viewer/2022050921/5559552bd8b42a93708b482c/html5/thumbnails/22.jpg)
4) Map Users
![Page 23: CIS14: OAuth and OpenID Connect in Action](https://reader033.vdocuments.mx/reader033/viewer/2022050921/5559552bd8b42a93708b482c/html5/thumbnails/23.jpg)
5) Access APIs!
![Page 24: CIS14: OAuth and OpenID Connect in Action](https://reader033.vdocuments.mx/reader033/viewer/2022050921/5559552bd8b42a93708b482c/html5/thumbnails/24.jpg)
enterprise mobile apps
![Page 25: CIS14: OAuth and OpenID Connect in Action](https://reader033.vdocuments.mx/reader033/viewer/2022050921/5559552bd8b42a93708b482c/html5/thumbnails/25.jpg)
Let’s build this App
![Page 26: CIS14: OAuth and OpenID Connect in Action](https://reader033.vdocuments.mx/reader033/viewer/2022050921/5559552bd8b42a93708b482c/html5/thumbnails/26.jpg)
Refresh Tokens provide “SSO”
![Page 27: CIS14: OAuth and OpenID Connect in Action](https://reader033.vdocuments.mx/reader033/viewer/2022050921/5559552bd8b42a93708b482c/html5/thumbnails/27.jpg)
Let’s Layer in Federation
![Page 28: CIS14: OAuth and OpenID Connect in Action](https://reader033.vdocuments.mx/reader033/viewer/2022050921/5559552bd8b42a93708b482c/html5/thumbnails/28.jpg)
Let’s add Enterprise Policies
![Page 29: CIS14: OAuth and OpenID Connect in Action](https://reader033.vdocuments.mx/reader033/viewer/2022050921/5559552bd8b42a93708b482c/html5/thumbnails/29.jpg)
How about Two Factor Authentication
![Page 30: CIS14: OAuth and OpenID Connect in Action](https://reader033.vdocuments.mx/reader033/viewer/2022050921/5559552bd8b42a93708b482c/html5/thumbnails/30.jpg)
Bonus: Custom Claims
![Page 31: CIS14: OAuth and OpenID Connect in Action](https://reader033.vdocuments.mx/reader033/viewer/2022050921/5559552bd8b42a93708b482c/html5/thumbnails/31.jpg)