Room 4

11:40 - 12:40 (UTC+10)

Talk (60 min)

Demystifying OAuth, JWTs and Azure AD

OIDC and OAuth2 have been the goto for authentication and authorisation Azure Active Directory for years now. But when things start to go wrong, it can all become a bit of a black-box with no obvious place to look for help.


In this live-code session I will uncover some common errors I see when setting up applications to work with AAD, and dive that next level down to give you an understanding of why they occur, and how to fix them.

By the end of the session you'll understand
- What an AAD Application is,
- What an AAD Service Principal is,
- The difference between AAD V1 and V2 endpoints
- How AAD represents OAuth2 scopes,
- Why scopes aren't permissions, and how roles can help

Graeme Foster

Graeme’s IT passion was first stirred with a 1Kb ZX81 in 1983 at 8 years old. He’s now had over 20 years of commercial experience using .Net, Javascript, Java, and VB, as well as writing Lisp neural networks at Uni and having Swift ios apps in the AppStore.

He is currently working at Microsoft helping teams to architect their solutions on Azure.