Skip to content

Demos for my talk on some things you maybe could be doing better with Azure AD

Notifications You must be signed in to change notification settings

johndohoneyjr/7-deadly-sins-in-azure-ad-app-development

 
 

Repository files navigation

7 Deadly Sins in Azure AD App Development

This repository contains the demos for the presentation of the same name.

There are 7 scenarios that are showcased in the presentation:

  1. Using group claims instead of app roles
  2. Wildcard reply URLs
  3. ROPC login
  4. N-tenant app with lacking authorizations
  5. Secrets in version control
  6. Secrets in native app
  7. Not checking token permissions in API

A lot of these utilize the EmployeeApi in the CheckingScopesInApi solution.

You can find READMEs in each solution's folder which explain more about the scenario. Feel free to open an issue if something is not clear. You can also contact me on Twitter.

About

Demos for my talk on some things you maybe could be doing better with Azure AD

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • C# 47.4%
  • HTML 35.5%
  • JavaScript 12.5%
  • CSS 4.4%
  • PowerShell 0.2%