Stephan Wälde (Lead Cloud Architect bei der Glück & Kanja Consulting AG)
Twitter: @stephanwaelde
Blog: https://stephanwaelde.com
Begriffserklärung
Access Token / bearer token
OAUTH
User vs. App
Besser Principal und Ressource Owner
Client != Device
Client eher Anwendung
Delegated vs App Permission
Basic
Ressource MS Graph
Ressource Owner
Client (Anwendung: Client ID)
Auth Server (AAD)
Access Token --> Resource
Refresh Token --> AAD
ID Token --> client
Username, Displayname, Email
Azure AD
PRT --> sso browser holt sich von OS
MSAL aware apps machen SSO
Enterprise Apps
Wie kann man die Tokens "anfassen"?
https://JWT.MS (ID und Access Token)
Fiddler
F12
Oder selber schreiben
Frage an Jan :)
RFC von OAUTH 2.0https://tools.ietf.org/html/rfc6749
099 - Ignite 2023 - Kim Kischel about Microsoft Defender XDR
098 - Ignite 2023 - Copilot for Intune and Security with Lavanya Lakshman
097 - Ignite 2023 - Defender for Endpoint with Paul Huijbregts
096 - Ignite 2023 - ID Security with Alex Weinert and Etan Bassari
095 - Ignite 2023 - Security Copilot with James Key
094 - Ignite 2023 - OneDrive with Miceile Barrett
093 - Ignite 2023 - Copilot Studio and Power Automate with Joe Fernandez
092 - Ignite 2023 - XDR and SIEM together Tiander Turpijn
091 - Ignite 2023 - Keynote Summary
090 - Ignite 2023 - Airport Kickoff
089 - Chris about Identiverse
088 - Security Copilot und Avatar im Meeting
087 - The Worst Case mit Florian
086 - ASRmagedon und Wie mit Teams
085 - Mac, Teams und 2022
084 - Das Wichtigste zur Microsoft Ignite 2022
083 - Hacking Teams
082 - Cross Tenant und Defender Updates
081 - Windows mit Hybrid Work und Oliver
080 - Telefonieren mit Thorsten Pickhan
Create your
podcast in
minutes
It is Free
Insight Story: Tech Trends Unpacked
Zero-Shot
Fast Forward by Tomorrow Unlocked: Tech past, tech future
The Unbelivable Truth - Series 1 - 26 including specials and pilot
A Prairie Home Companion: News from Lake Wobegon