Secure OpenShift Applications W IBM Cloud App ID

OpenShift World Tour:
Secure OpenShift
Applications w IBM
Cloud App ID
App Security Made Simple
Name + Pronouns
Title/Company/Program
Where You’re From/Joining From
Something You Love
Quirk: Something that’s uniquely weird or
different about you
@jritten
Jenna Ritten
Developer Advocate @ IBM @jritten
Do Cloud API Stuff,
Collect Swag,
Write React Code,
Run Dope Workshops
ibm.biz/os_appid_slides
link to this slide 󰜢
@jritten
crowdcast.io/e/secure-openshift
livestream recording 󰜢
@jritten
ibm.biz/os_appid_cloud
@jritten
Create an IBM Cloud
Free Lite Tier
Account
@huangjoyce3
@huangjoyce3
@jritten
ibm.biz/cloud_essentials
@jritten
ibm.biz/cloud_dev_essentials
@jritten
ibm.biz/cloud_native_dev
Let’s Get Started
@jritten
What is a Container?
@jritten
What is a Container?
@jritten
What is a Container Image?
@jritten
@jritten
What is a Container Registry?
@jritten
@jritten
What is Kubernetes?
@jritten
@jritten
What is OpenShift?
@jritten
@jritten
Authentication
& ● Security step for protecting
Authorization ●
resources
Are the users who they claim to
be?
● What can the user access?
@jritten
Basic ● OAuth 2.0
concepts
● Open ID Connect (OIDC)
● JSON Web Tokens (JWT)
○ Access token
○ Identity token
@jritten
● Authorization grant code
○ For apps running on a web
server, browser-based, and
mobile
OAuth2.0 ● Client credentials

○ For application access
grant types without a user present
(machine to machine)
● Resource owner password

○ For logging in with a
username and password
● Legacy: Implicit flow

○ For JS-centric apps for the
browser
@jritten
Securing ● Typically uses the Implicit flow
● Cannot securely store a Client
single-page Secret because their entire source

is available to the browser
apps
● Implicit flow is dangerous!
○ Tokens can be intercepted
○ Susceptible to a redirect
URI attack
@kimmytaft
@jritten
PKCE is the ● Authorization code flow with
fixy Proof Key for Code Exchange

(PKCE)
● Client secret is replaced with

Code challenge and verifier
@kimmytaft
@jritten
@kimmytaft
@huangjoyce3
What is
IBM Cloud ●
●
Authentication and authorization
Profiles
App ID? ●
●
User management
Identity as a managed service
@kimmytaft
@jritten
@kimmytaft
@huangjoyce3
Use cases ●
●
Web Apps
Mobile Apps
● Single-Page Apps
● Multi-Cloud Apps with Istio
○ Secure your apps without
changing code or
redeploying
@kimmytaft
@jritten
@kimmytaft
@huangjoyce3
github.com/ibm-cloud-security/appid-clientsdk-js
link to App ID SDK 󰜢
@jritten
cloud.ibm.com/docs/services/appid
link to App ID Docs 󰜢
@jritten
ibm.biz/os_appid_cloud
@jritten
Let’s Build Something!
@jritten
developer.ibm.com/openlabs/openshift
link to OpenShift Labs 󰜢
@jritten
@jritten
@jritten
@jritten
Introduction
@jritten
@jritten
Prerequisites
@jritten
@jritten
@jritten
@jritten
Set Up Dev Environment
@jritten
@jritten
Install & Set Up App ID
@jritten
@jritten
@jritten
@jritten
Create New App ID Instance
@jritten
@jritten
@jritten
@jritten
@jritten
Manage Identity Providers
@jritten
@jritten
@jritten
@jritten
Update Cloud Directory Settings
@jritten
@jritten
Create New Cloud Directory User
@jritten
@jritten
@jritten
@jritten
@jritten
Add New Web Application
@jritten
@jritten
@jritten
@jritten
@jritten
Set Up Project Namespace
@jritten
@jritten
@jritten
@jritten
@jritten
@jritten
@jritten
Deploy Resource Microservice
@jritten
@jritten
@jritten
@jritten
@jritten
@jritten
@jritten
Deploy BFF Microservice
@jritten
@jritten
@jritten
@jritten
@jritten
@jritten
@jritten
Deploy UI Application
@jritten
@jritten
@jritten
@jritten
@jritten
@jritten
@jritten
Configure UI, Microservices,
OIDC, & Validate App Security
@jritten
@jritten
@jritten
@jritten
@jritten
@jritten
@jritten
Next Steps
@jritten
@jritten
Your App Is Live!
@jritten
CONGRATULATIONS!
@jritten
EVENT RESOURCES:
http://ibm.biz/dev_tools_appid_cloud
(ibm cloud sign-up)
http://ibm.biz/dev_tools_appid_slides
(slides)
https://www.crowdcast.io/e/dev-tools-appid
(livestream recording)
@jritten
AUTHENTICATION RESOURCES:
The OAuth 2.0 Authorization Framework (OAuth2)
(https://tools.ietf.org/html/rfc6749)
OpenID Connect Specifications (OIDC)
(https://openid.net/developers/specs/)
JSON Web Token (JWT)
(https://tools.ietf.org/html/rfc7519)
Proof Key for Code Exchange (PKCE)
(https://auth0.com/docs/flows/concepts/auth-code-pkce)
@huangjoyce3
APP ID RESOURCES:
https://github.com/ibm-cloud-security/appid
-clientsdk-js
(App ID SDK)
https://cloud.ibm.com/docs/services/appid
(App ID Docs)
@huangjoyce3
IBM CLOUD CERTIFICATIONS:
http://ibm.biz/cloud_essentials
(IBM Cloud Essentials V2)
http://ibm.biz/cloud_dev_essentials
(IBM Cloud Application Development Essentials)
http://ibm.biz/cloud_native_dev
(IBM Cloud Application Development Essentials)
@huangjoyce3
IBM Developer Social Media
IBM Developer Meetup :
meetup.com/IBM-Developer-Austin
IBM Developer Twitter :
twitter.com/IBMDeveloper
IBM Developer Twitch :
twitch.tv/ibmdeveloper
IBM Developer YouTube :
ibm.biz/youtube

Secure OpenShift Applications W IBM Cloud App ID

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Secure OpenShift Applications W IBM Cloud App ID

Uploaded by

Copyright:

Available Formats

OpenShift World Tour:

● JSON Web Tokens (JWT)

OAuth2.0 ● Client credentials

● Resource owner password

● Legacy: Implicit flow

● Cannot securely store a Client

single-page Secret because their entire source

○ Tokens can be intercepted

fixy Proof Key for Code Exchange

● Client secret is replaced with

link to App ID SDK 󰜢

You might also like