SlideShare a Scribd company logo

CIS 2015 OpenID Connect and Mobile Applications - David Chase

CloudIDSummit
CloudIDSummit

The document discusses OpenID Connect's implicit flow for mobile applications, where access and ID tokens are returned directly to the client without using the token endpoint. It outlines the steps of the implicit flow, including client request preparation, end-user authentication, and obtaining user consent. Additionally, it briefly mentions the hybrid flow, which involves both authorization and token endpoints for native applications.

Technology
1 of 17
Downloaded 20 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
CIS 2015 OpenID Connect and Mobile Applications - David Chase
OpenID Connect and Mobile Applications David Chase
Implicit •  When using the Implicit Flow, all tokens are returned from the Authorization Endpoint; the Token Endpoint is not used. •  The Access Token and ID Token are returned directly to the Client •  The Authorization Server does not perform Client Authentication. Copyright © 2015 Cloud Identity Summit. All rights reserved. 3
Implicit Flow 1.  Client prepares an Authentication Request containing the desired request parameters. 2.  Client sends the request to the Authorization Server. 3.  Authorization Server Authenticates the End-User. Copyright © 2015 Cloud Identity Summit. All rights reserved. 4
Implicit Flow Continued 4.  Authorization Server obtains End-User Consent/ Authorization. 5.  Authorization Server sends the End-User back to the Client with an ID Token and, if requested, an Access Token. 6.  Client validates the ID token and retrieves the End- User's Subject Identifier. Copyright © 2015 Cloud Identity Summit. All rights reserved. 5
Prepare Authentication Request •  http://openid.net/specs/openid-connect- implicit-1_0.html#AuthenticationRequest Copyright © 2015 Cloud Identity Summit. All rights reserved. 6
Preferences •  System Browser •  Pros •  May have session •  HTTPS is visible •  Con •  Poor UX Copyright © 2015 Cloud Identity Summit. All rights reserved. 7
AuthN & AuthZ Copyright © 2015 Cloud Identity Summit. All rights reserved. 8
End User grants authZ •  http://openid.net/specs/openid-connect- implicit-1_0.html#ImplicitOK Copyright © 2015 Cloud Identity Summit. All rights reserved. 9
Fragment handling •  http://openid.net/specs/openid-connect- implicit-1_0.html#ImplicitCallback Copyright © 2015 Cloud Identity Summit. All rights reserved. 10
Validate the ID_token •  http://openid.net/specs/openid-connect- implicit-1_0.html#IDTokenValidation Copyright © 2015 Cloud Identity Summit. All rights reserved. 11
Access Token Validation •  http://openid.net/specs/openid-connect- implicit-1_0.html#AccessTokenValidation Copyright © 2015 Cloud Identity Summit. All rights reserved. 12
UserInfo Request •  http://openid.net/specs/openid-connect- implicit-1_0.html#UserInfoRequest Copyright © 2015 Cloud Identity Summit. All rights reserved. 13
Standard Claims •  http://openid.net/specs/openid-connect- implicit-1_0.html#StandardClaims Copyright © 2015 Cloud Identity Summit. All rights reserved. 14
Authorization Code •  NO NO NO NO! •  Well… sorta Copyright © 2015 Cloud Identity Summit. All rights reserved. 15
Hybrid Flow •  When using the Hybrid Flow, some tokens are returned from the Authorization Endpoint and others are returned from the Token Endpoint. •  An example use case is a native application which passes tokens to backend APIs. Copyright © 2015 Cloud Identity Summit. All rights reserved. 16
Copyright © 2015 Cloud Identity Summit. All rights reserved. 17 Questions?

More Related Content

What's hot (20)

PPTX
OpenID Connect and Single Sign-On for Beginners
Salesforce Developers
 
PDF
OpenID Connect: The new standard for connecting to your Customers, Partners, ...
Salesforce Developers
 
PPTX
Securing your APIs with OAuth, OpenID, and OpenID Connect
Manish Pandit
 
PDF
OAuth & OpenID Connect Deep Dive
Nordic APIs
 
PDF
Spring security oauth2
axykim00
 
PDF
OAuth2 primer
Manish Pandit
 
PPTX
OAuth2 + API Security
Amila Paranawithana
 
PPTX
Why Assertion-based Access Token is preferred to Handle-based one?
Hitachi, Ltd. OSS Solution Center.
 
PDF
CIS14: Working with OAuth and OpenID Connect
CloudIDSummit
 
PDF
OpenID Connect Explained
Vladimir Dzhuvinov
 
PPTX
API Security & Federation Patterns - Francois Lascelles, Chief Architect, Lay...
CA API Management
 
PPTX
OpenID Connect 1.0 Explained
Eugene Siow
 
PPTX
OAuth2 Presentaion
Bhargav Surimenu
 
PDF
CIS 2015 Extreme OpenID Connect - John Bradley
CloudIDSummit
 
PPTX
JWT SSO Inbound Authenticator
MifrazMurthaja
 
PPTX
Single-Page-Application & REST security
Igor Bossenko
 
PPTX
Creating a Sign On with Open id connect
Derek Binkley
 
PDF
OAuth 2.0 & OpenID Connect @ OpenSource Conference 2011 Tokyo #osc11tk
Nov Matake
 
PDF
Stateless authentication with OAuth 2 and JWT - JavaZone 2015
Alvaro Sanchez-Mariscal
 
PPT
OAuth 2.0 and OpenId Connect
Saran Doraiswamy
 
OpenID Connect and Single Sign-On for Beginners
Salesforce Developers
 
OpenID Connect: The new standard for connecting to your Customers, Partners, ...
Salesforce Developers
 
Securing your APIs with OAuth, OpenID, and OpenID Connect
Manish Pandit
 
OAuth & OpenID Connect Deep Dive
Nordic APIs
 
Spring security oauth2
axykim00
 
OAuth2 primer
Manish Pandit
 
OAuth2 + API Security
Amila Paranawithana
 
Why Assertion-based Access Token is preferred to Handle-based one?
Hitachi, Ltd. OSS Solution Center.
 
CIS14: Working with OAuth and OpenID Connect
CloudIDSummit
 
OpenID Connect Explained
Vladimir Dzhuvinov
 
API Security & Federation Patterns - Francois Lascelles, Chief Architect, Lay...
CA API Management
 
OpenID Connect 1.0 Explained
Eugene Siow
 
OAuth2 Presentaion
Bhargav Surimenu
 
CIS 2015 Extreme OpenID Connect - John Bradley
CloudIDSummit
 
JWT SSO Inbound Authenticator
MifrazMurthaja
 
Single-Page-Application & REST security
Igor Bossenko
 
Creating a Sign On with Open id connect
Derek Binkley
 
OAuth 2.0 & OpenID Connect @ OpenSource Conference 2011 Tokyo #osc11tk
Nov Matake
 
Stateless authentication with OAuth 2 and JWT - JavaZone 2015
Alvaro Sanchez-Mariscal
 
OAuth 2.0 and OpenId Connect
Saran Doraiswamy
 

Similar to CIS 2015 OpenID Connect and Mobile Applications - David Chase (20)

PDF
CIS 2015 OpenID Connect Workshop Part 1: Challenges for mobile - B. Allyn Fay
CloudIDSummit
 
PPTX
Intro to OAuth2 and OpenID Connect
LiamWadman
 
PDF
Introducing OpenID 1.0 Protocol: Security and Performance
Amin Saqi
 
PPTX
The Client is not always right! How to secure OAuth authentication from your...
Mike Schwartz
 
PPTX
OpenID Connect - a simple[sic] single sign-on & identity layer on top of OAut...
Brian Campbell
 
PDF
OpenID Connect - An Emperor or Just New Cloths?
Oliver Pfaff
 
PPTX
Wso2 is integration with .net core
Ismaeel Enjreny
 
PDF
Access Management for Cloud and Mobile
ForgeRock
 
PDF
testupload
admiralderp
 
PDF
Distributed Identities with OpenID
Bastian Hofmann
 
PDF
OpenID Connect "101" Introduction -- October 23, 2018
OpenIDFoundation
 
PDF
Securing .NET Core, ASP.NET Core applications
NETUserGroupBern
 
PDF
Distributed Identities with OpenID
Bastian Hofmann
 
PDF
OAuth 2.0 and OpenID Connect
Jacob Combs
 
PPTX
OpenID Connect
Farasath Ahamed
 
PDF
ID連携入門 (実習編) - Security Camp 2016
Nov Matake
 
PPTX
OpenID Connect Demo at OpenID Tech Night
Daisuke Fuke
 
PPTX
Y U No OAuth?!?
Jason Robert
 
PDF
EduID Mobile App - Use-Cases, Concepts and Implementation
Christian Glahn
 
PDF
2019 - Tech Talk DC - Token-based security for web applications using OAuth2 ...
Vladimir Bychkov
 
CIS 2015 OpenID Connect Workshop Part 1: Challenges for mobile - B. Allyn Fay
CloudIDSummit
 
Intro to OAuth2 and OpenID Connect
LiamWadman
 
Introducing OpenID 1.0 Protocol: Security and Performance
Amin Saqi
 
The Client is not always right! How to secure OAuth authentication from your...
Mike Schwartz
 
OpenID Connect - a simple[sic] single sign-on & identity layer on top of OAut...
Brian Campbell
 
OpenID Connect - An Emperor or Just New Cloths?
Oliver Pfaff
 
Wso2 is integration with .net core
Ismaeel Enjreny
 
Access Management for Cloud and Mobile
ForgeRock
 
testupload
admiralderp
 
Distributed Identities with OpenID
Bastian Hofmann
 
OpenID Connect "101" Introduction -- October 23, 2018
OpenIDFoundation
 
Securing .NET Core, ASP.NET Core applications
NETUserGroupBern
 
Distributed Identities with OpenID
Bastian Hofmann
 
OAuth 2.0 and OpenID Connect
Jacob Combs
 
OpenID Connect
Farasath Ahamed
 
ID連携入門 (実習編) - Security Camp 2016
Nov Matake
 
OpenID Connect Demo at OpenID Tech Night
Daisuke Fuke
 
Y U No OAuth?!?
Jason Robert
 
EduID Mobile App - Use-Cases, Concepts and Implementation
Christian Glahn
 
2019 - Tech Talk DC - Token-based security for web applications using OAuth2 ...
Vladimir Bychkov
 
Ad

More from CloudIDSummit (20)

PPTX
CIS 2016 Content Highlights
CloudIDSummit
 
PPTX
Top 6 Reasons You Should Attend Cloud Identity Summit 2016
CloudIDSummit
 
PDF
CIS 2015 Security Without Borders: Taming the Cloud and Mobile Frontier - And...
CloudIDSummit
 
PDF
Mobile security, identity & authentication reasons for optimism 20150607 v2
CloudIDSummit
 
PDF
CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...
CloudIDSummit
 
PDF
CIS 2015 Virtual Identity: The Vision, Challenges and Experiences in Driving ...
CloudIDSummit
 
PDF
CIS 2015 Deploying Strong Authentication to a Global Enterprise: A Comedy in ...
CloudIDSummit
 
PDF
CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons ...
CloudIDSummit
 
PDF
CIS 2015 Mergers & Acquisitions in a Cloud Enabled World - Brian Puhl
CloudIDSummit
 
PDF
CIS 2015 IoT and IDM in your Mobile Enterprise - Brian Katz
CloudIDSummit
 
PDF
CIS 2015 Practical Deployments Enterprise Cloud Access Management Platform - ...
CloudIDSummit
 
PDF
CIS 2015 What I Learned From Pitching IAM To My CIO - Steve Tout
CloudIDSummit
 
PDF
CIS 2015 How to secure the Internet of Things? Hannes Tschofenig
CloudIDSummit
 
PDF
CIS 2015 The IDaaS Dating Game - Sean Deuby
CloudIDSummit
 
PDF
CIS 2015 SSO for Mobile and Web Apps Ashish Jain
CloudIDSummit
 
PDF
The Industrial Internet, the Identity of Everything and the Industrial Enterp...
CloudIDSummit
 
PDF
CIS 2015 SAML-IN / SAML-OUT - Scott Tomilson & John Dasilva
CloudIDSummit
 
PDF
CIS 2015 Session Management at Scale - Scott Tomilson & Jamshid Khosravian
CloudIDSummit
 
PDF
CIS 2015 So you want to SSO … Scott Tomilson & John Dasilva
CloudIDSummit
 
PDF
CIS 2015 Identity Relationship Management in the Internet of Things
CloudIDSummit
 
CIS 2016 Content Highlights
CloudIDSummit
 
Top 6 Reasons You Should Attend Cloud Identity Summit 2016
CloudIDSummit
 
CIS 2015 Security Without Borders: Taming the Cloud and Mobile Frontier - And...
CloudIDSummit
 
Mobile security, identity & authentication reasons for optimism 20150607 v2
CloudIDSummit
 
CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...
CloudIDSummit
 
CIS 2015 Virtual Identity: The Vision, Challenges and Experiences in Driving ...
CloudIDSummit
 
CIS 2015 Deploying Strong Authentication to a Global Enterprise: A Comedy in ...
CloudIDSummit
 
CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons ...
CloudIDSummit
 
CIS 2015 Mergers & Acquisitions in a Cloud Enabled World - Brian Puhl
CloudIDSummit
 
CIS 2015 IoT and IDM in your Mobile Enterprise - Brian Katz
CloudIDSummit
 
CIS 2015 Practical Deployments Enterprise Cloud Access Management Platform - ...
CloudIDSummit
 
CIS 2015 What I Learned From Pitching IAM To My CIO - Steve Tout
CloudIDSummit
 
CIS 2015 How to secure the Internet of Things? Hannes Tschofenig
CloudIDSummit
 
CIS 2015 The IDaaS Dating Game - Sean Deuby
CloudIDSummit
 
CIS 2015 SSO for Mobile and Web Apps Ashish Jain
CloudIDSummit
 
The Industrial Internet, the Identity of Everything and the Industrial Enterp...
CloudIDSummit
 
CIS 2015 SAML-IN / SAML-OUT - Scott Tomilson & John Dasilva
CloudIDSummit
 
CIS 2015 Session Management at Scale - Scott Tomilson & Jamshid Khosravian
CloudIDSummit
 
CIS 2015 So you want to SSO … Scott Tomilson & John Dasilva
CloudIDSummit
 
CIS 2015 Identity Relationship Management in the Internet of Things
CloudIDSummit
 
Ad

Recently uploaded (20)

PPTX
"Autonomy of LLM Agents: Current State and Future Prospects", Oles` Petriv
Fwdays
 
PDF
Timothy Rottach - Ramp up on AI Use Cases, from Vector Search to AI Agents wi...
AWS Chicago
 
PDF
Bitcoin for Millennials podcast with Bram, Power Laws of Bitcoin
Stephen Perrenod
 
PDF
Presentation - Vibe Coding The Future of Tech
yanuarsinggih1
 
PDF
Smart Trailers 2025 Update with History and Overview
Paul Menig
 
PDF
Transcript: New from BookNet Canada for 2025: BNC BiblioShare - Tech Forum 2025
BookNet Canada
 
PDF
HubSpot Main Hub: A Unified Growth Platform
Jaswinder Singh
 
PDF
Blockchain Transactions Explained For Everyone
CIFDAQ
 
PDF
July Patch Tuesday
Ivanti
 
PDF
NewMind AI - Journal 100 Insights After The 100th Issue
NewMind AI
 
PDF
CIFDAQ Token Spotlight for 9th July 2025
CIFDAQ
 
PPTX
AI Penetration Testing Essentials: A Cybersecurity Guide for 2025
defencerabbit Team
 
PDF
Fl Studio 24.2.2 Build 4597 Crack for Windows Free Download 2025
faizk77g
 
PDF
Exolore The Essential AI Tools in 2025.pdf
Srinivasan M
 
PPTX
Q2 FY26 Tableau User Group Leader Quarterly Call
lward7
 
PDF
Complete JavaScript Notes: From Basics to Advanced Concepts.pdf
haydendavispro
 
PDF
Agentic AI lifecycle for Enterprise Hyper-Automation
Debmalya Biswas
 
PDF
Empower Inclusion Through Accessible Java Applications
Ana-Maria Mihalceanu
 
PDF
Building Real-Time Digital Twins with IBM Maximo & ArcGIS Indoors
Safe Software
 
PDF
Jak MŚP w Europie Środkowo-Wschodniej odnajdują się w świecie AI
dominikamizerska1
 
"Autonomy of LLM Agents: Current State and Future Prospects", Oles` Petriv
Fwdays
 
Timothy Rottach - Ramp up on AI Use Cases, from Vector Search to AI Agents wi...
AWS Chicago
 
Bitcoin for Millennials podcast with Bram, Power Laws of Bitcoin
Stephen Perrenod
 
Presentation - Vibe Coding The Future of Tech
yanuarsinggih1
 
Smart Trailers 2025 Update with History and Overview
Paul Menig
 
Transcript: New from BookNet Canada for 2025: BNC BiblioShare - Tech Forum 2025
BookNet Canada
 
HubSpot Main Hub: A Unified Growth Platform
Jaswinder Singh
 
Blockchain Transactions Explained For Everyone
CIFDAQ
 
July Patch Tuesday
Ivanti
 
NewMind AI - Journal 100 Insights After The 100th Issue
NewMind AI
 
CIFDAQ Token Spotlight for 9th July 2025
CIFDAQ
 
AI Penetration Testing Essentials: A Cybersecurity Guide for 2025
defencerabbit Team
 
Fl Studio 24.2.2 Build 4597 Crack for Windows Free Download 2025
faizk77g
 
Exolore The Essential AI Tools in 2025.pdf
Srinivasan M
 
Q2 FY26 Tableau User Group Leader Quarterly Call
lward7
 
Complete JavaScript Notes: From Basics to Advanced Concepts.pdf
haydendavispro
 
Agentic AI lifecycle for Enterprise Hyper-Automation
Debmalya Biswas
 
Empower Inclusion Through Accessible Java Applications
Ana-Maria Mihalceanu
 
Building Real-Time Digital Twins with IBM Maximo & ArcGIS Indoors
Safe Software
 
Jak MŚP w Europie Środkowo-Wschodniej odnajdują się w świecie AI
dominikamizerska1
 

CIS 2015 OpenID Connect and Mobile Applications - David Chase