Workshop is slides is published at https://larskaare.github.io/WebAuthAuthorAndOtherCreatures/. Slides are developed using reveal.js
De-mystify, build confidence and prepare for further exploration of Authentication and Authorization.
- Give an introduction to basics modern web A&A
- Explore Spec and Azure Implementation
- Hands-on coding with a few A&A scenarios
- Insight into threats and current best practices (BCP) for security
- What problem are we trying to solve?
- Practicalities
- The basics of A&A
- Exercises (8+1)
- Raw flows, add authentication to web app, using frameworks & libraries, accessing 3rd party api, refresh tokens, single page web app (SPA), protecting web api's
- Deploy application to the Cloud (using Radix)
These are the pre-requisites that will make the workshop a whole lot more usefull.
- Valid Equinor Software Developer On-Boarding
- Valid role "Application Developer (Azure Active Directory)
- Optional for deploy to cloud exercise: Access to Radix Playground - role "Radix Playground Users"
Helpful knowledge and skills:
- HTTP
- JavaScript/Node.js
- Linux command line
- (Docker)
Installed and verified to work software.
- Node.js
- Use Node LTS version v12.16.3
- Using node version manager nvm is recommended on Linux/Mac. For Windows users nvm-windows could be an option.
- Python may be needed for some node modules to install
- Development IDE (like Visual Studio Code)
- Git, account on github.com
- Postman
- Optional for deploy to cloud
- Local Docker installation
Most things should work ok with the cmd or powershell - with a few limitations. I've tested with using git-bash which is part of Git for Windows
- Be aware of how to export environment variables,
set
for Windows,export
for Bash/Linux - Define proxy variables if needed:
HTTP_PROXY=http://url:port
HTTPS_PROXY=http://url:port
npm
is a bit quicky when it comes to running scripts. Doingnpm start
may fail, but copying the command frompackage.json
and running from the terminal works for most scenarios. Configuring NPM to use a different shell could be an optionnpm config set shell-script
could be an option to explore.- Using Docker Desktop for Windows should work fine. Remeber to define proxy settings if your beind one of these. Update the
~/.docker/config.json
with something like this (updateurl
andport
to reflect your context):
{"proxies":
{
"default":
{
"httpProxy": "http://url:port",
"httpsProxy": "http://url:port",
"noProxy": ""
}
}
}
$ git --version
git version 2.24.3
Should produce proof of an up to date version of git Git
$ node --version
v12.16.3
Should produce proof of an up to date LTS version of NodeJS
$ npm --version
6.14.4
Npm is installed with NodeJS
$ python --version
Python 2.7.16
Should produce proof of a relevant 2.7 version of Python2
$ docker --version
Docker version 19.03.8
Should produce evidence of an update to date version of docker Docker
Please verify that the tools work properly within your network environment. Typical problems would be related to PROXY settings.