This repository contains the demos for the presentation of the same name.
There are 7 scenarios that are showcased in the presentation:
- Using group claims instead of app roles
- Wildcard reply URLs
- ROPC login
- N-tenant app with lacking authorizations
- Secrets in version control
- Secrets in native app
- Not checking token permissions in API
A lot of these utilize the EmployeeApi in the CheckingScopesInApi solution.
You can find READMEs in each solution's folder which explain more about the scenario. Feel free to open an issue if something is not clear. You can also contact me on Twitter.