SlideShare a Scribd company logo

Secure OAuth Device Flow for Printers

Download as PPTX, PDF
S
Scott Brady

Slides from DevSum 2018. Read more at https://www.identityserver.com/articles/an-introduction-to-the-oauth-device-flow/

Technology
1 of 25
Secure Authorization for your Printer – The OAuth Device Flow Scott Brady @scottbrady91 – Rock Solid Knowledge #devsum18
Introductions • Identity & Access Control Lead @ Rock Solid Knowledge • Commercial side of the IdentityServer OSS project • AdminUI • SAML2P & WS-Federation • IdentityServer European Partner • Development, consultancy, support, and training • Helps fund the IdentityServer project @scottbrady91 – Rock Solid Knowledge (identityserver.com)
The Problem • SOLVED: Delegating an application access to protected resources on behalf of user (OAuth 2.0) • SOLVED: Verifying the identity of the resource owner who delegated access (OpenID Connect 1.0) • How to delegate access to: • Browserless devices • Input constrained devices @scottbrady91 – Rock Solid Knowledge (identityserver.com)
Browserless Devices • Smart TVs • Internet of Things • Printers • Fridges • Sensors @scottbrady91 – Rock Solid Knowledge (identityserver.com)
Input Constrained Devices @scottbrady91 – Rock Solid Knowledge (identityserver.com)
User Client Protected Resource Authorization Server Authorization Request Authorization Grant Authorization Grant Access Token Request Protected Resource Trust Authentication @scottbrady91 – Rock Solid Knowledge (identityserver.com)
Resource Owner Password Credentials? @scottbrady91 – Rock Solid Knowledge (identityserver.com) POST /token grant_type=password &client_id=oauth_client &username=scott &password=Password123! { "access_token": "2YotnFZFEjr1zCsicMWpAA", "token_type": "Bearer", "expires_in": 3600 }
Resource Owner Password Credentials? • No browser necessary • Impersonation • No scoped access • Exposes user credentials to device • Breaks when we add phishing resistant credentials • No federation (unless using “benevolent phishing”) @scottbrady91 – Rock Solid Knowledge (identityserver.com)
Solution The OAuth Device Flow • Uses an external browser to bridge the gap • (your smartphone) • User authentication external to the device • Currently in draft 9: • datatracker.ietf.org/doc/draft-ietf-oauth-device-flow • Already in use by Google • Similar implementations available, but now there’s a spec! @scottbrady91 – Rock Solid Knowledge (identityserver.com)
Demo! @scottbrady91 – Rock Solid Knowledge (identityserver.com)
Device User Secondary Device Authorization Server
The Protocol Device Authorization (Request) POST /device_authorization HTTP/1.1 Host: server.example.com Content-Type: application/x-www-form-urlencoded client_id=459691054427 @scottbrady91 – Rock Solid Knowledge (identityserver.com)
The Protocol Device Authorization (Response) { "device_code": "GMMhmHCXhWEzkobqIHGG_EnNYYsAkukHspeYUk9E8", "verification_uri": "https://www.example.com/device", "user_code": "WDJB-MJHT", "verification_uri_complete": "https://www.example.com/device?user_code=WDJB-MJHT", "expires_in": 1800, "interval": 5 } @scottbrady91 – Rock Solid Knowledge (identityserver.com)
The Protocol User Interaction +-----------------------------------------------+ | | | Using a browser on another device, visit: | | https://example.com/device | | | | And enter the code: | | WDJB-MJHT | | | +-----------------------------------------------+ @scottbrady91 – Rock Solid Knowledge (identityserver.com)
The Protocol User Interaction @scottbrady91 – Rock Solid Knowledge (identityserver.com)
The Protocol Token Request POST /token HTTP/1.1 Host: server.example.com Content-Type: application/x-www-form-urlencoded grant_type=urn:ietf:params:oauth:grant-type:device_code &device_code=GMMhmHCXhWEzkobqIHGG_EnNYYsAkukHspeYUk9E8 &client_id=459691054427 @scottbrady91 – Rock Solid Knowledge (identityserver.com)
The Protocol Token Request { "access_token":"2YotnFZFEjr1zCsicMWpAA", "token_type":"example", "expires_in":3600, } @scottbrady91 – Rock Solid Knowledge (identityserver.com)
Extras • OpenID Connect • Refresh tokens @scottbrady91 – Rock Solid Knowledge (identityserver.com)
Proof of Concept Code @scottbrady91 – Rock Solid Knowledge (identityserver.com)
IdentityServer4 & Device Flow • Open Source (part of the core repository) • Hopefully available in v2.next • Consent page may have to come later… • Otherwise v3 @scottbrady91 – Rock Solid Knowledge (identityserver.com)
@scottbrady91 – Rock Solid Knowledge (identityserver.com) IdentityServer4 & Device Flow
Security Considerations User Codes • Shorter codes are better for the user • Longer codes are better for security • Numeric is better for the user • Alphanumeric is better for security • What’s the worst that could happen? • Breach of privacy • Something embarrassing… @scottbrady91 – Rock Solid Knowledge (identityserver.com)
Security Considerations User Interaction • Phishing for credentials • Phishing for tokens @scottbrady91 – Rock Solid Knowledge (identityserver.com)
Further Use Cases • Public printers • Bringing strong authentication to native devices • Screenless devices • Virtual assistants? • Device Pairing @scottbrady91 – Rock Solid Knowledge (identityserver.com)
Don’t forget to evaluate this session in the DevSum app! @scottbrady91 – Rock Solid Knowledge #devsum18 Thanks! @scottbrady91 www.identityserver.com

Recommended

Authorization for the IoT: The OAuth Device Flow (European Identity & Cloud C...
Authorization for the IoT: The OAuth Device Flow (European Identity & Cloud C...Authorization for the IoT: The OAuth Device Flow (European Identity & Cloud C...
Authorization for the IoT: The OAuth Device Flow (European Identity & Cloud C...Scott Brady
 
Modern Authentication with OpenID Connect and IdentityServer 4 (umBristol - J...
Modern Authentication with OpenID Connect and IdentityServer 4 (umBristol - J...Modern Authentication with OpenID Connect and IdentityServer 4 (umBristol - J...
Modern Authentication with OpenID Connect and IdentityServer 4 (umBristol - J...Scott Brady
 
Microservices Manchester: Authentication in Microservice Systems by David Borsos
Microservices Manchester: Authentication in Microservice Systems by David BorsosMicroservices Manchester: Authentication in Microservice Systems by David Borsos
Microservices Manchester: Authentication in Microservice Systems by David BorsosOpenCredo
 
muCon 2016: Authentication in Microservice Systems By David Borsos
muCon 2016: Authentication in Microservice Systems By David BorsosmuCon 2016: Authentication in Microservice Systems By David Borsos
muCon 2016: Authentication in Microservice Systems By David BorsosOpenCredo
 
Getting Started in Blockchain Security and Smart Contract Auditing
Getting Started in Blockchain Security and Smart Contract AuditingGetting Started in Blockchain Security and Smart Contract Auditing
Getting Started in Blockchain Security and Smart Contract AuditingBeau Bullock
 
Authorization and Authentication in Microservice Environments
Authorization and Authentication in Microservice EnvironmentsAuthorization and Authentication in Microservice Environments
Authorization and Authentication in Microservice EnvironmentsLeanIX GmbH
 
Microservices Manchester: Security, Microservces and Vault by Nicki Watt
Microservices Manchester: Security, Microservces and Vault by Nicki WattMicroservices Manchester: Security, Microservces and Vault by Nicki Watt
Microservices Manchester: Security, Microservces and Vault by Nicki WattOpenCredo
 
An Authentication and Authorization Architecture for a Microservices World
An Authentication and Authorization Architecture for a Microservices WorldAn Authentication and Authorization Architecture for a Microservices World
An Authentication and Authorization Architecture for a Microservices WorldVMware Tanzu
 

Recommended

Authorization for the IoT: The OAuth Device Flow (European Identity & Cloud C...
Authorization for the IoT: The OAuth Device Flow (European Identity & Cloud C...Authorization for the IoT: The OAuth Device Flow (European Identity & Cloud C...
Authorization for the IoT: The OAuth Device Flow (European Identity & Cloud C...Scott Brady
 
Modern Authentication with OpenID Connect and IdentityServer 4 (umBristol - J...
Modern Authentication with OpenID Connect and IdentityServer 4 (umBristol - J...Modern Authentication with OpenID Connect and IdentityServer 4 (umBristol - J...
Modern Authentication with OpenID Connect and IdentityServer 4 (umBristol - J...Scott Brady
 
Microservices Manchester: Authentication in Microservice Systems by David Borsos
Microservices Manchester: Authentication in Microservice Systems by David BorsosMicroservices Manchester: Authentication in Microservice Systems by David Borsos
Microservices Manchester: Authentication in Microservice Systems by David BorsosOpenCredo
 
muCon 2016: Authentication in Microservice Systems By David Borsos
muCon 2016: Authentication in Microservice Systems By David BorsosmuCon 2016: Authentication in Microservice Systems By David Borsos
muCon 2016: Authentication in Microservice Systems By David BorsosOpenCredo
 
Getting Started in Blockchain Security and Smart Contract Auditing
Getting Started in Blockchain Security and Smart Contract AuditingGetting Started in Blockchain Security and Smart Contract Auditing
Getting Started in Blockchain Security and Smart Contract AuditingBeau Bullock
 
Authorization and Authentication in Microservice Environments
Authorization and Authentication in Microservice EnvironmentsAuthorization and Authentication in Microservice Environments
Authorization and Authentication in Microservice EnvironmentsLeanIX GmbH
 
Microservices Manchester: Security, Microservces and Vault by Nicki Watt
Microservices Manchester: Security, Microservces and Vault by Nicki WattMicroservices Manchester: Security, Microservces and Vault by Nicki Watt
Microservices Manchester: Security, Microservces and Vault by Nicki WattOpenCredo
 
An Authentication and Authorization Architecture for a Microservices World
An Authentication and Authorization Architecture for a Microservices WorldAn Authentication and Authorization Architecture for a Microservices World
An Authentication and Authorization Architecture for a Microservices WorldVMware Tanzu
 
Outsmarting Smart Contracts - an essential walkthrough a blockchain security ...
Outsmarting Smart Contracts - an essential walkthrough a blockchain security ...Outsmarting Smart Contracts - an essential walkthrough a blockchain security ...
Outsmarting Smart Contracts - an essential walkthrough a blockchain security ...SecuRing
 
Web Apps vs Blockchain dApps (Smart Contracts): tools, vulns and standards
Web Apps vs Blockchain dApps (Smart Contracts): tools, vulns and standardsWeb Apps vs Blockchain dApps (Smart Contracts): tools, vulns and standards
Web Apps vs Blockchain dApps (Smart Contracts): tools, vulns and standardsSecuRing
 
Internet of Things Security & Privacy
Internet of Things Security & PrivacyInternet of Things Security & Privacy
Internet of Things Security & PrivacyChris Adriaensen
 
A Zero-Knowledge Proof: Improving Privacy on a Blockchain
A Zero-Knowledge Proof: Improving Privacy on a BlockchainA Zero-Knowledge Proof: Improving Privacy on a Blockchain
A Zero-Knowledge Proof: Improving Privacy on a BlockchainAltoros
 
JWTs and JOSE in a flash
JWTs and JOSE in a flashJWTs and JOSE in a flash
JWTs and JOSE in a flashEvan J Johnson (Not a CISSP)
 
Code signing and trust
Code signing and trustCode signing and trust
Code signing and trustJapneet Singh
 
FIWARE Wednesday Webinars - How to Secure FIWARE Architectures
FIWARE Wednesday Webinars - How to Secure FIWARE ArchitecturesFIWARE Wednesday Webinars - How to Secure FIWARE Architectures
FIWARE Wednesday Webinars - How to Secure FIWARE ArchitecturesFIWARE
 
FIWARE Wednesday Webinars - How to Secure IoT Devices
FIWARE Wednesday Webinars - How to Secure IoT DevicesFIWARE Wednesday Webinars - How to Secure IoT Devices
FIWARE Wednesday Webinars - How to Secure IoT DevicesFIWARE
 
FIWARE Training: API Umbrella
FIWARE Training: API UmbrellaFIWARE Training: API Umbrella
FIWARE Training: API UmbrellaFIWARE
 
Security and privacy with blockchain
Security and privacy with blockchainSecurity and privacy with blockchain
Security and privacy with blockchainCeline George
 
Privacy-preserving techniques using zero knowledge proof in public Ethereum
Privacy-preserving techniques using zero knowledge proof in public EthereumPrivacy-preserving techniques using zero knowledge proof in public Ethereum
Privacy-preserving techniques using zero knowledge proof in public EthereumNagib Aouini
 
An Introduction to OpenID
An Introduction to OpenIDAn Introduction to OpenID
An Introduction to OpenIDMax Manders
 
Blockchain a-new-disruption-in-financial-servies - IBM
Blockchain a-new-disruption-in-financial-servies - IBMBlockchain a-new-disruption-in-financial-servies - IBM
Blockchain a-new-disruption-in-financial-servies - IBMDiego Alberto Tamayo
 
OpenID Foundation's Risk Incident and Sharing Communication (RISC) Work Group...
OpenID Foundation's Risk Incident and Sharing Communication (RISC) Work Group...OpenID Foundation's Risk Incident and Sharing Communication (RISC) Work Group...
OpenID Foundation's Risk Incident and Sharing Communication (RISC) Work Group...MikeLeszcz
 
Authentication in microservice systems
Authentication in microservice systemsAuthentication in microservice systems
Authentication in microservice systemsDavid Borsos
 
AllTheTalks.Online 2020: "Basics of OAuth 2.0 and OpenID Connect"
AllTheTalks.Online 2020: "Basics of OAuth 2.0 and OpenID Connect"AllTheTalks.Online 2020: "Basics of OAuth 2.0 and OpenID Connect"
AllTheTalks.Online 2020: "Basics of OAuth 2.0 and OpenID Connect"Andreas Falk
 
Deploy a blockchain web-app with Hyperledger Fabric 1.4 - Concepts & Code
Deploy a blockchain web-app with Hyperledger Fabric 1.4 - Concepts & CodeDeploy a blockchain web-app with Hyperledger Fabric 1.4 - Concepts & Code
Deploy a blockchain web-app with Hyperledger Fabric 1.4 - Concepts & CodeHorea Porutiu
 
ICO and Cyber security - How to protect from hackers during ICOs
ICO and Cyber security - How to protect from hackers during ICOsICO and Cyber security - How to protect from hackers during ICOs
ICO and Cyber security - How to protect from hackers during ICOsNagib Aouini
 
Bitcoin, the Blockchain, and Open Source
Bitcoin, the Blockchain, and Open SourceBitcoin, the Blockchain, and Open Source
Bitcoin, the Blockchain, and Open SourceAll Things Open
 
MTLS - Securing Microservice Architecture with Mutual TLS Authentication
MTLS - Securing Microservice Architecture with Mutual TLS AuthenticationMTLS - Securing Microservice Architecture with Mutual TLS Authentication
MTLS - Securing Microservice Architecture with Mutual TLS AuthenticationLaurentiu Meirosu
 
2019 - Tech Talk DC - Token-based security for web applications using OAuth2 ...
2019 - Tech Talk DC - Token-based security for web applications using OAuth2 ...2019 - Tech Talk DC - Token-based security for web applications using OAuth2 ...
2019 - Tech Talk DC - Token-based security for web applications using OAuth2 ...Vladimir Bychkov
 
iMasters Intercon 2016 - Identity within Microservices
iMasters Intercon 2016 - Identity within MicroservicesiMasters Intercon 2016 - Identity within Microservices
iMasters Intercon 2016 - Identity within MicroservicesErick Belluci Tedeschi
 

More Related Content

What's hot

Outsmarting Smart Contracts - an essential walkthrough a blockchain security ...
Outsmarting Smart Contracts - an essential walkthrough a blockchain security ...Outsmarting Smart Contracts - an essential walkthrough a blockchain security ...
Outsmarting Smart Contracts - an essential walkthrough a blockchain security ...SecuRing
 
Web Apps vs Blockchain dApps (Smart Contracts): tools, vulns and standards
Web Apps vs Blockchain dApps (Smart Contracts): tools, vulns and standardsWeb Apps vs Blockchain dApps (Smart Contracts): tools, vulns and standards
Web Apps vs Blockchain dApps (Smart Contracts): tools, vulns and standardsSecuRing
 
Internet of Things Security & Privacy
Internet of Things Security & PrivacyInternet of Things Security & Privacy
Internet of Things Security & PrivacyChris Adriaensen
 
A Zero-Knowledge Proof: Improving Privacy on a Blockchain
A Zero-Knowledge Proof: Improving Privacy on a BlockchainA Zero-Knowledge Proof: Improving Privacy on a Blockchain
A Zero-Knowledge Proof: Improving Privacy on a BlockchainAltoros
 
Code signing and trust
Code signing and trustCode signing and trust
Code signing and trustJapneet Singh
 
FIWARE Wednesday Webinars - How to Secure FIWARE Architectures
FIWARE Wednesday Webinars - How to Secure FIWARE ArchitecturesFIWARE Wednesday Webinars - How to Secure FIWARE Architectures
FIWARE Wednesday Webinars - How to Secure FIWARE ArchitecturesFIWARE
 
FIWARE Wednesday Webinars - How to Secure IoT Devices
FIWARE Wednesday Webinars - How to Secure IoT DevicesFIWARE Wednesday Webinars - How to Secure IoT Devices
FIWARE Wednesday Webinars - How to Secure IoT DevicesFIWARE
 
FIWARE Training: API Umbrella
FIWARE Training: API UmbrellaFIWARE Training: API Umbrella
FIWARE Training: API UmbrellaFIWARE
 
Security and privacy with blockchain
Security and privacy with blockchainSecurity and privacy with blockchain
Security and privacy with blockchainCeline George
 
Privacy-preserving techniques using zero knowledge proof in public Ethereum
Privacy-preserving techniques using zero knowledge proof in public EthereumPrivacy-preserving techniques using zero knowledge proof in public Ethereum
Privacy-preserving techniques using zero knowledge proof in public EthereumNagib Aouini
 
An Introduction to OpenID
An Introduction to OpenIDAn Introduction to OpenID
An Introduction to OpenIDMax Manders
 
Blockchain a-new-disruption-in-financial-servies - IBM
Blockchain a-new-disruption-in-financial-servies - IBMBlockchain a-new-disruption-in-financial-servies - IBM
Blockchain a-new-disruption-in-financial-servies - IBMDiego Alberto Tamayo
 
OpenID Foundation's Risk Incident and Sharing Communication (RISC) Work Group...
OpenID Foundation's Risk Incident and Sharing Communication (RISC) Work Group...OpenID Foundation's Risk Incident and Sharing Communication (RISC) Work Group...
OpenID Foundation's Risk Incident and Sharing Communication (RISC) Work Group...MikeLeszcz
 
Authentication in microservice systems
Authentication in microservice systemsAuthentication in microservice systems
Authentication in microservice systemsDavid Borsos
 
AllTheTalks.Online 2020: "Basics of OAuth 2.0 and OpenID Connect"
AllTheTalks.Online 2020: "Basics of OAuth 2.0 and OpenID Connect"AllTheTalks.Online 2020: "Basics of OAuth 2.0 and OpenID Connect"
AllTheTalks.Online 2020: "Basics of OAuth 2.0 and OpenID Connect"Andreas Falk
 
Deploy a blockchain web-app with Hyperledger Fabric 1.4 - Concepts & Code
Deploy a blockchain web-app with Hyperledger Fabric 1.4 - Concepts & CodeDeploy a blockchain web-app with Hyperledger Fabric 1.4 - Concepts & Code
Deploy a blockchain web-app with Hyperledger Fabric 1.4 - Concepts & CodeHorea Porutiu
 
ICO and Cyber security - How to protect from hackers during ICOs
ICO and Cyber security - How to protect from hackers during ICOsICO and Cyber security - How to protect from hackers during ICOs
ICO and Cyber security - How to protect from hackers during ICOsNagib Aouini
 
Bitcoin, the Blockchain, and Open Source
Bitcoin, the Blockchain, and Open SourceBitcoin, the Blockchain, and Open Source
Bitcoin, the Blockchain, and Open SourceAll Things Open
 
MTLS - Securing Microservice Architecture with Mutual TLS Authentication
MTLS - Securing Microservice Architecture with Mutual TLS AuthenticationMTLS - Securing Microservice Architecture with Mutual TLS Authentication
MTLS - Securing Microservice Architecture with Mutual TLS AuthenticationLaurentiu Meirosu
 

What's hot (20)

Outsmarting Smart Contracts - an essential walkthrough a blockchain security ...
Outsmarting Smart Contracts - an essential walkthrough a blockchain security ...Outsmarting Smart Contracts - an essential walkthrough a blockchain security ...
Outsmarting Smart Contracts - an essential walkthrough a blockchain security ...
 
Web Apps vs Blockchain dApps (Smart Contracts): tools, vulns and standards
Web Apps vs Blockchain dApps (Smart Contracts): tools, vulns and standardsWeb Apps vs Blockchain dApps (Smart Contracts): tools, vulns and standards
Web Apps vs Blockchain dApps (Smart Contracts): tools, vulns and standards
 
Internet of Things Security & Privacy
Internet of Things Security & PrivacyInternet of Things Security & Privacy
Internet of Things Security & Privacy
 
A Zero-Knowledge Proof: Improving Privacy on a Blockchain
A Zero-Knowledge Proof: Improving Privacy on a BlockchainA Zero-Knowledge Proof: Improving Privacy on a Blockchain
A Zero-Knowledge Proof: Improving Privacy on a Blockchain
 
JWTs and JOSE in a flash
JWTs and JOSE in a flashJWTs and JOSE in a flash
JWTs and JOSE in a flash
 
Code signing and trust
Code signing and trustCode signing and trust
Code signing and trust
 
FIWARE Wednesday Webinars - How to Secure FIWARE Architectures
FIWARE Wednesday Webinars - How to Secure FIWARE ArchitecturesFIWARE Wednesday Webinars - How to Secure FIWARE Architectures
FIWARE Wednesday Webinars - How to Secure FIWARE Architectures
 
FIWARE Wednesday Webinars - How to Secure IoT Devices
FIWARE Wednesday Webinars - How to Secure IoT DevicesFIWARE Wednesday Webinars - How to Secure IoT Devices
FIWARE Wednesday Webinars - How to Secure IoT Devices
 
FIWARE Training: API Umbrella
FIWARE Training: API UmbrellaFIWARE Training: API Umbrella
FIWARE Training: API Umbrella
 
Security and privacy with blockchain
Security and privacy with blockchainSecurity and privacy with blockchain
Security and privacy with blockchain
 
Privacy-preserving techniques using zero knowledge proof in public Ethereum
Privacy-preserving techniques using zero knowledge proof in public EthereumPrivacy-preserving techniques using zero knowledge proof in public Ethereum
Privacy-preserving techniques using zero knowledge proof in public Ethereum
 
An Introduction to OpenID
An Introduction to OpenIDAn Introduction to OpenID
An Introduction to OpenID
 
Blockchain a-new-disruption-in-financial-servies - IBM
Blockchain a-new-disruption-in-financial-servies - IBMBlockchain a-new-disruption-in-financial-servies - IBM
Blockchain a-new-disruption-in-financial-servies - IBM
 
OpenID Foundation's Risk Incident and Sharing Communication (RISC) Work Group...
OpenID Foundation's Risk Incident and Sharing Communication (RISC) Work Group...OpenID Foundation's Risk Incident and Sharing Communication (RISC) Work Group...
OpenID Foundation's Risk Incident and Sharing Communication (RISC) Work Group...
 
Authentication in microservice systems
Authentication in microservice systemsAuthentication in microservice systems
Authentication in microservice systems
 
AllTheTalks.Online 2020: "Basics of OAuth 2.0 and OpenID Connect"
AllTheTalks.Online 2020: "Basics of OAuth 2.0 and OpenID Connect"AllTheTalks.Online 2020: "Basics of OAuth 2.0 and OpenID Connect"
AllTheTalks.Online 2020: "Basics of OAuth 2.0 and OpenID Connect"
 
Deploy a blockchain web-app with Hyperledger Fabric 1.4 - Concepts & Code
Deploy a blockchain web-app with Hyperledger Fabric 1.4 - Concepts & CodeDeploy a blockchain web-app with Hyperledger Fabric 1.4 - Concepts & Code
Deploy a blockchain web-app with Hyperledger Fabric 1.4 - Concepts & Code
 
ICO and Cyber security - How to protect from hackers during ICOs
ICO and Cyber security - How to protect from hackers during ICOsICO and Cyber security - How to protect from hackers during ICOs
ICO and Cyber security - How to protect from hackers during ICOs
 
Bitcoin, the Blockchain, and Open Source
Bitcoin, the Blockchain, and Open SourceBitcoin, the Blockchain, and Open Source
Bitcoin, the Blockchain, and Open Source
 
MTLS - Securing Microservice Architecture with Mutual TLS Authentication
MTLS - Securing Microservice Architecture with Mutual TLS AuthenticationMTLS - Securing Microservice Architecture with Mutual TLS Authentication
MTLS - Securing Microservice Architecture with Mutual TLS Authentication
 

Similar to Secure OAuth Device Flow for Printers

2019 - Tech Talk DC - Token-based security for web applications using OAuth2 ...
2019 - Tech Talk DC - Token-based security for web applications using OAuth2 ...2019 - Tech Talk DC - Token-based security for web applications using OAuth2 ...
2019 - Tech Talk DC - Token-based security for web applications using OAuth2 ...Vladimir Bychkov
 
iMasters Intercon 2016 - Identity within Microservices
iMasters Intercon 2016 - Identity within MicroservicesiMasters Intercon 2016 - Identity within Microservices
iMasters Intercon 2016 - Identity within MicroservicesErick Belluci Tedeschi
 
InterCon 2016 - Segurança de identidade digital levando em consideração uma a...
InterCon 2016 - Segurança de identidade digital levando em consideração uma a...InterCon 2016 - Segurança de identidade digital levando em consideração uma a...
InterCon 2016 - Segurança de identidade digital levando em consideração uma a...iMasters
 
Webinar: Extend The Power of The ForgeRock Identity Platform Through Scripting
Webinar: Extend The Power of The ForgeRock Identity Platform Through ScriptingWebinar: Extend The Power of The ForgeRock Identity Platform Through Scripting
Webinar: Extend The Power of The ForgeRock Identity Platform Through ScriptingForgeRock
 
INTERFACE by apidays - TxAuth: the future of OAuth? by Dick Hardt
INTERFACE by apidays - TxAuth: the future of OAuth? by Dick HardtINTERFACE by apidays - TxAuth: the future of OAuth? by Dick Hardt
INTERFACE by apidays - TxAuth: the future of OAuth? by Dick Hardtapidays
 
The OpenID Connect Protocol
The OpenID Connect ProtocolThe OpenID Connect Protocol
The OpenID Connect ProtocolClément OUDOT
 
2019 - Nova Code Camp - AuthZ fundamentals with ASP.NET Core
2019 - Nova Code Camp - AuthZ fundamentals with ASP.NET Core2019 - Nova Code Camp - AuthZ fundamentals with ASP.NET Core
2019 - Nova Code Camp - AuthZ fundamentals with ASP.NET CoreVladimir Bychkov
 
[LDAPCon 2015] The OpenID Connect Protocol
[LDAPCon 2015] The OpenID Connect Protocol[LDAPCon 2015] The OpenID Connect Protocol
[LDAPCon 2015] The OpenID Connect ProtocolClément OUDOT
 
How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...
How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...
How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...Torsten Lodderstedt
 
OpenID 4 Verifiable Credentials + HAIP (Update)
OpenID 4 Verifiable Credentials + HAIP (Update)OpenID 4 Verifiable Credentials + HAIP (Update)
OpenID 4 Verifiable Credentials + HAIP (Update)Torsten Lodderstedt
 
Introduction to the Globus Platform for Developers
Introduction to the Globus Platform for DevelopersIntroduction to the Globus Platform for Developers
Introduction to the Globus Platform for DevelopersGlobus
 
2016 pycontw web api authentication
2016 pycontw web api authentication 2016 pycontw web api authentication
2016 pycontw web api authentication Micron Technology
 
How we eased out security journey with OAuth (Goodbye Kerberos!) | Paul Makka...
How we eased out security journey with OAuth (Goodbye Kerberos!) | Paul Makka...How we eased out security journey with OAuth (Goodbye Kerberos!) | Paul Makka...
How we eased out security journey with OAuth (Goodbye Kerberos!) | Paul Makka...HostedbyConfluent
 
OAuth2 para desarrolladores
OAuth2 para desarrolladoresOAuth2 para desarrolladores
OAuth2 para desarrolladoresLuis Ruiz Pavón
 
[WSO2Con EU 2017] Building Smart, Connected Products with WSO2 IoT Platform
[WSO2Con EU 2017] Building Smart, Connected Products with WSO2 IoT Platform[WSO2Con EU 2017] Building Smart, Connected Products with WSO2 IoT Platform
[WSO2Con EU 2017] Building Smart, Connected Products with WSO2 IoT PlatformWSO2
 
Accessing APIs using OAuth on the federated (WordPress) web
Accessing APIs using OAuth on the federated (WordPress) webAccessing APIs using OAuth on the federated (WordPress) web
Accessing APIs using OAuth on the federated (WordPress) webFelix Arntz
 

Similar to Secure OAuth Device Flow for Printers (20)

2019 - Tech Talk DC - Token-based security for web applications using OAuth2 ...
2019 - Tech Talk DC - Token-based security for web applications using OAuth2 ...2019 - Tech Talk DC - Token-based security for web applications using OAuth2 ...
2019 - Tech Talk DC - Token-based security for web applications using OAuth2 ...
 
iMasters Intercon 2016 - Identity within Microservices
iMasters Intercon 2016 - Identity within MicroservicesiMasters Intercon 2016 - Identity within Microservices
iMasters Intercon 2016 - Identity within Microservices
 
InterCon 2016 - Segurança de identidade digital levando em consideração uma a...
InterCon 2016 - Segurança de identidade digital levando em consideração uma a...InterCon 2016 - Segurança de identidade digital levando em consideração uma a...
InterCon 2016 - Segurança de identidade digital levando em consideração uma a...
 
Webinar: Extend The Power of The ForgeRock Identity Platform Through Scripting
Webinar: Extend The Power of The ForgeRock Identity Platform Through ScriptingWebinar: Extend The Power of The ForgeRock Identity Platform Through Scripting
Webinar: Extend The Power of The ForgeRock Identity Platform Through Scripting
 
INTERFACE by apidays - TxAuth: the future of OAuth? by Dick Hardt
INTERFACE by apidays - TxAuth: the future of OAuth? by Dick HardtINTERFACE by apidays - TxAuth: the future of OAuth? by Dick Hardt
INTERFACE by apidays - TxAuth: the future of OAuth? by Dick Hardt
 
The OpenID Connect Protocol
The OpenID Connect ProtocolThe OpenID Connect Protocol
The OpenID Connect Protocol
 
2019 - Nova Code Camp - AuthZ fundamentals with ASP.NET Core
2019 - Nova Code Camp - AuthZ fundamentals with ASP.NET Core2019 - Nova Code Camp - AuthZ fundamentals with ASP.NET Core
2019 - Nova Code Camp - AuthZ fundamentals with ASP.NET Core
 
OpenID Connect Explained
OpenID Connect ExplainedOpenID Connect Explained
OpenID Connect Explained
 
OpenID for SSI
OpenID for SSIOpenID for SSI
OpenID for SSI
 
[LDAPCon 2015] The OpenID Connect Protocol
[LDAPCon 2015] The OpenID Connect Protocol[LDAPCon 2015] The OpenID Connect Protocol
[LDAPCon 2015] The OpenID Connect Protocol
 
How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...
How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...
How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...
 
OpenID 4 Verifiable Credentials + HAIP (Update)
OpenID 4 Verifiable Credentials + HAIP (Update)OpenID 4 Verifiable Credentials + HAIP (Update)
OpenID 4 Verifiable Credentials + HAIP (Update)
 
Introduction to the Globus Platform for Developers
Introduction to the Globus Platform for DevelopersIntroduction to the Globus Platform for Developers
Introduction to the Globus Platform for Developers
 
2016 pycontw web api authentication
2016 pycontw web api authentication 2016 pycontw web api authentication
2016 pycontw web api authentication
 
Esquema de pasos de ejecución IdM
Esquema de pasos de ejecución IdMEsquema de pasos de ejecución IdM
Esquema de pasos de ejecución IdM
 
How we eased out security journey with OAuth (Goodbye Kerberos!) | Paul Makka...
How we eased out security journey with OAuth (Goodbye Kerberos!) | Paul Makka...How we eased out security journey with OAuth (Goodbye Kerberos!) | Paul Makka...
How we eased out security journey with OAuth (Goodbye Kerberos!) | Paul Makka...
 
Some OAuth love
Some OAuth loveSome OAuth love
Some OAuth love
 
OAuth2 para desarrolladores
OAuth2 para desarrolladoresOAuth2 para desarrolladores
OAuth2 para desarrolladores
 
[WSO2Con EU 2017] Building Smart, Connected Products with WSO2 IoT Platform
[WSO2Con EU 2017] Building Smart, Connected Products with WSO2 IoT Platform[WSO2Con EU 2017] Building Smart, Connected Products with WSO2 IoT Platform
[WSO2Con EU 2017] Building Smart, Connected Products with WSO2 IoT Platform
 
Accessing APIs using OAuth on the federated (WordPress) web
Accessing APIs using OAuth on the federated (WordPress) webAccessing APIs using OAuth on the federated (WordPress) web
Accessing APIs using OAuth on the federated (WordPress) web
 

Recently uploaded

Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...gurkirankumar98700
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...HostedbyConfluent
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 

Recently uploaded (20)

Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 

Secure OAuth Device Flow for Printers

  • 1. Secure Authorization for your Printer – The OAuth Device Flow Scott Brady @scottbrady91 – Rock Solid Knowledge #devsum18
  • 2. Introductions • Identity & Access Control Lead @ Rock Solid Knowledge • Commercial side of the IdentityServer OSS project • AdminUI • SAML2P & WS-Federation • IdentityServer European Partner • Development, consultancy, support, and training • Helps fund the IdentityServer project @scottbrady91 – Rock Solid Knowledge (identityserver.com)
  • 3. The Problem • SOLVED: Delegating an application access to protected resources on behalf of user (OAuth 2.0) • SOLVED: Verifying the identity of the resource owner who delegated access (OpenID Connect 1.0) • How to delegate access to: • Browserless devices • Input constrained devices @scottbrady91 – Rock Solid Knowledge (identityserver.com)
  • 4. Browserless Devices • Smart TVs • Internet of Things • Printers • Fridges • Sensors @scottbrady91 – Rock Solid Knowledge (identityserver.com)
  • 5. Input Constrained Devices @scottbrady91 – Rock Solid Knowledge (identityserver.com)
  • 7. Resource Owner Password Credentials? @scottbrady91 – Rock Solid Knowledge (identityserver.com) POST /token grant_type=password &client_id=oauth_client &username=scott &password=Password123! { "access_token": "2YotnFZFEjr1zCsicMWpAA", "token_type": "Bearer", "expires_in": 3600 }
  • 8. Resource Owner Password Credentials? • No browser necessary • Impersonation • No scoped access • Exposes user credentials to device • Breaks when we add phishing resistant credentials • No federation (unless using “benevolent phishing”) @scottbrady91 – Rock Solid Knowledge (identityserver.com)
  • 9. Solution The OAuth Device Flow • Uses an external browser to bridge the gap • (your smartphone) • User authentication external to the device • Currently in draft 9: • datatracker.ietf.org/doc/draft-ietf-oauth-device-flow • Already in use by Google • Similar implementations available, but now there’s a spec! @scottbrady91 – Rock Solid Knowledge (identityserver.com)
  • 10. Demo! @scottbrady91 – Rock Solid Knowledge (identityserver.com)
  • 12. The Protocol Device Authorization (Request) POST /device_authorization HTTP/1.1 Host: server.example.com Content-Type: application/x-www-form-urlencoded client_id=459691054427 @scottbrady91 – Rock Solid Knowledge (identityserver.com)
  • 13. The Protocol Device Authorization (Response) { "device_code": "GMMhmHCXhWEzkobqIHGG_EnNYYsAkukHspeYUk9E8", "verification_uri": "https://www.example.com/device", "user_code": "WDJB-MJHT", "verification_uri_complete": "https://www.example.com/device?user_code=WDJB-MJHT", "expires_in": 1800, "interval": 5 } @scottbrady91 – Rock Solid Knowledge (identityserver.com)
  • 14. The Protocol User Interaction +-----------------------------------------------+ | | | Using a browser on another device, visit: | | https://example.com/device | | | | And enter the code: | | WDJB-MJHT | | | +-----------------------------------------------+ @scottbrady91 – Rock Solid Knowledge (identityserver.com)
  • 15. The Protocol User Interaction @scottbrady91 – Rock Solid Knowledge (identityserver.com)
  • 16. The Protocol Token Request POST /token HTTP/1.1 Host: server.example.com Content-Type: application/x-www-form-urlencoded grant_type=urn:ietf:params:oauth:grant-type:device_code &device_code=GMMhmHCXhWEzkobqIHGG_EnNYYsAkukHspeYUk9E8 &client_id=459691054427 @scottbrady91 – Rock Solid Knowledge (identityserver.com)
  • 18. Extras • OpenID Connect • Refresh tokens @scottbrady91 – Rock Solid Knowledge (identityserver.com)
  • 19. Proof of Concept Code @scottbrady91 – Rock Solid Knowledge (identityserver.com)
  • 20. IdentityServer4 & Device Flow • Open Source (part of the core repository) • Hopefully available in v2.next • Consent page may have to come later… • Otherwise v3 @scottbrady91 – Rock Solid Knowledge (identityserver.com)
  • 21. @scottbrady91 – Rock Solid Knowledge (identityserver.com) IdentityServer4 & Device Flow
  • 22. Security Considerations User Codes • Shorter codes are better for the user • Longer codes are better for security • Numeric is better for the user • Alphanumeric is better for security • What’s the worst that could happen? • Breach of privacy • Something embarrassing… @scottbrady91 – Rock Solid Knowledge (identityserver.com)
  • 23. Security Considerations User Interaction • Phishing for credentials • Phishing for tokens @scottbrady91 – Rock Solid Knowledge (identityserver.com)
  • 24. Further Use Cases • Public printers • Bringing strong authentication to native devices • Screenless devices • Virtual assistants? • Device Pairing @scottbrady91 – Rock Solid Knowledge (identityserver.com)
  • 25. Don’t forget to evaluate this session in the DevSum app! @scottbrady91 – Rock Solid Knowledge #devsum18 Thanks! @scottbrady91 www.identityserver.com