Managed Identities are cloud based Identities which are offered in SaaS model where you delegate all the Identity Management including credentials storage, security and a lot of other related aspects to cloud Provider. Cognito from AWS and Active Directory (AAD and AAD B2C) from Azure are prominent cloud provider followed by Auth0.
Once the site get compromised, hackers try to target to capture user data to get personal private data of users including passwords and attempt privileged access to site. Offloading this part (Identity) from the application, itself removes a lot of surface area that is open for attacks. Also, with this your application moves to more connected and standardized approach since this opens a whole world of Single Sign On and connected world.
In this group of articles we shall be working and discussing on cloud identities in general along with hands on labs and bootstrap code to start with. However, sometimes the standardization is also not easy and at times needs bits and pieces that needs to be plugged in for a more seamless end to end experience. For instance, the implementation for OpenIdConnect provided by AWS Cognito does not have a default logout url that needs to be “sort of” patched. And believe me, it bites up a considerable time.
The purpose of these demos is to figure out all such things and get a niche working set of code for you.
Identity samples includes the following platforms:
- AWS Cognito (completed)
- Azure AD (Azure Active Directory & Azure Active Directory B2C)
Watch the detailed topic in the following video. Audio is a bit bad, but should do its purpose.
Source code and samples available at: https://github.com/letsdocoding/cloud-identity-samples