Managed Identities are cloud based Identities which are offered in SaaS model where you delegate all the Identity Management including credentials storage, security and a lot of other related aspects to cloud Provider. Cognito from AWS and Active Directory (AAD and AAD B2C) from Azure are prominent cloud provider followed by Auth0.
Once the site get compromised, hackers try to target to capture user data to get personal private data of users including passwords and attempt privileged access to site. Offloading this part (Identity) from the application, itself removes a lot of surface area that is open for attacks. Also, with this your application moves to more connected and standardized approach since this opens a whole world of Single Sign On and connected world.
In this group of articles we shall be working and discussing on cloud identities in general along with hands on labs and bootstrap code to start with. However, sometimes the standardization is also not easy and at times needs bits and pieces that needs to be plugged in for a more seamless end to end experience. For instance, the implementation for OpenIdConnect provided by AWS Cognito does not have a default logout url that needs to be "sort of" patched. And believe me, it bites up a considerable time.
The purpose of these demos is to figure out all such things and get a niche working set of code for you.
Identity samples includes the following platforms:
- AWS Cognito - Basic Bearer Authentication with no AWS dependencies (completed)
- AWS Cognito MFA Setup and use (completed).
- AWS Cognito Facebook Integration - No code change needed. Only configuration.
- AWS Cognito User Operations (planned).
- AWS Cognito User invitation (planned).
- Auth0
I did tried to cover these aspects in youtube series, although the voice is not that good (apologies), but will do its purpose. Click here to checkout the youtube series
- Why you should NOT store identities yourself | Introduction to Cloud Identities
- How to Integrate AWS Cognito with Client - END TO END Demo
- How to Integrate Azure Active Directory with Client - End to End Demo
- Advanced Security Options in Azure Active Directory
- How to integrate Federated Login with any social provider in your app.
- GIST Video - Integrate Azure Ad in your app for working Security in under 15 min.
- How to Integrate Auth0 with Clients - End to end Demo
You may Star or Watch the repo to get updates.
Again, this is not a ready to use code, although it works super (just change client id , secret, urls) , but it is intended to get your flow working end to end. Customizations are always as per your code base.
And as always, PRs are welcome. You may raise out any issues or queries using the issues