Security

In this section, you will learn the various techniques used to implement security in Azure App Services. It offers services that implement the industry-renowned OAuth 2.0 and OpenID Connect protocols and work with multiple identity providers. A quick definition of some of the terms used across this chapter are provided later for easier understanding.

• Identity provider: Services responsible for providing authentication tokens for users looking to interact with a system, for example, Facebook, Google, and Microsoft.
• OAuth: This is an open source protocol that allows users to share their private resources such as photos, videos, or contacts lists stored on a site to another site without having to hand out their password. For example, you sign up for a music streaming service, and it offers you an option to share your playlist with your friends. It redirects you to Facebook to log in and then you are asked if you want to share your friend list with the streaming service. You click on yes and then you are sent back to the music streaming service where you can now share your playlist with your friends.
• OpenID Connect: This is an identity layer on top of the OAuth 2.0 protocol. It allows clients to verify the identity of the user based on the authentication performed by an authorization server. Also, it can provide basic profile information about the end user using REST services. On the same lines as the earlier example, let's say you want to log in to your music streaming service where you are offered options to log in with an identity provider (for example, Facebook or Google). Once you click on it, you are redirected to the identity provider's site where you enter your credentials. After validating your credentials, you will be sent back to the music streaming service with the identity provider verifying your identity, and you will be able to log in to the site. OpenID is about authentication, whereas OAuth is about authorization. The difference is that OAuth is best suited for API authorization, whereas OpenID Connect is best for a single sign-on experience across multiple web Apps.