11:40 - 12:40
Talk (60 min)
Demystifying OAuth, JWTs and Azure AD
OIDC and OAuth2 have been the goto for authentication and authorisation Azure Active Directory for years now. But when things start to go wrong, it can all become a bit of a black-box with no obvious place to look for help.
In this live-code session I will uncover some common errors I see when setting up applications to work with AAD, and dive that next level down to give you an understanding of why they occur, and how to fix them.
By the end of the session you'll understand
- What an AAD Application is,
- What an AAD Service Principal is,
- MSAL vs ADAL
- The difference between AAD V1 and V2 endpoints
- How AAD represents OAuth2 scopes,
- Why scopes aren't permissions, and how roles can help