sso - single sign on
TRANSCRIPT
SSO (Single Sign-On)
03
HERE COMES THE DEMO
03
www.docplanner.com
SSO FLOW (… OAUTH2 REALLY BUT NVM)
INSERT AUTH CHECK MAGIC HERE
https://www.mutuallyhuman.com/blog/2013/05/09/choosing-an-sso-strategy-saml-vs-oauth2/
www.docplanner.com
SSO FLOW (… OAUTH2 REALLY BUT NVM)
INSERT AUTH CHECK MAGIC HERE
3rd party
https://www.mutuallyhuman.com/blog/2013/05/09/choosing-an-sso-strategy-saml-vs-oauth2/
www.docplanner.com
INTRODUCE EXTRA LOGIN METHODS
DOMAIN APPS
SSO
LOGIN METHODS
www.docplanner.com
HOW TO CHECK AUTH IN BACKEND?
WHOIS?
https://www.mutuallyhuman.com/blog/2013/05/09/choosing-an-sso-strategy-saml-vs-oauth2/
www.docplanner.com
CHALLENGE AGAINST AUTH SERVER
https://www.mutuallyhuman.com/blog/2013/05/09/choosing-an-sso-strategy-saml-vs-oauth2/
www.docplanner.com
CHALLENGE AGAINST AUTH SERVER
facebook.com/me
https://www.mutuallyhuman.com/blog/2013/05/09/choosing-an-sso-strategy-saml-vs-oauth2/
03
… OR MAKE ACCESS TOKEN CARRY METADATA
03
… OR MAKE ACCESS TOKEN CARRY METADATA
BUT HOW DO WE LOGOUT?
03
www.docplanner.com
CHALLENGE AGAINST AUTH SERVER
https://www.mutuallyhuman.com/blog/2013/05/09/choosing-an-sso-strategy-saml-vs-oauth2/
www.docplanner.com
CHALLENGE AGAINST AUTH SERVER
REVOKE ACCESS TOKENS
UNAUTHORIZED SINCE THEN
https://www.mutuallyhuman.com/blog/2013/05/09/choosing-an-sso-strategy-saml-vs-oauth2/
www.docplanner.com
WHEN USING JWT
NO CHALLENGE AGAINST ANY PROVIDER
AUTHORIZED AS LONG AS JWT IS VALID :(
www.docplanner.com
SSO PROS & CONS
CONSPROSSINGLE PLACE OF LOGGING IN
SEPARATED CODEBASE
CLIENT UNAWARE OF USER CREDENTIALS
MULTIPLA LOGIN METHODS
UNIFIED PROTOCOL CLIENT<=>SSO
SINGLE PLACE OF FAILURE
TOP NOTCH SECURITY IS A MUST HAVE
PERFORMANCE OVERHEAD
CAN GLOBALLY DEAUTHORIZE USER/CLIENT
LOGOUT PROBLEMS (JWT)
SECURITY ISSUES WHEN USING JWT
QUESTIONS?
03
github.com/prgTW
linkedin.com/in/prgTW
03
github.com/Ex3v
linkedin.com/in/maciej-szkamruk