OAuth on NASANhttps://nasan.ch/categories/oauth/Recent content in OAuth on NASANHugoenTue, 30 Sep 2025 05:10:21 +0100OAuth 2.0 - Tutorial 3 - Expose and Access a Web API - Resource Serverhttps://nasan.ch/posts/2025-09-30-oauth20-3/Tue, 30 Sep 2025 05:10:21 +0100https://nasan.ch/posts/2025-09-30-oauth20-3/<h2 id="previous-tutorials">Previous tutorials</h2> <p>In the previous tutorials:</p> <ul> <li><a href="https://nasan.ch/posts/2025-09-27-OAuth20-1-LocalhostPythonWebApp-AuthCodeFlow" rel="">OAuth 2.0 - Tutorial 1 - Localhost Python WebApp Auth Code Flow with Entra ID</a></li> <li><a href="https://nasan.ch/posts/2025-09-27-OAuth20-2-AzureServerSidePythonWebApp-AuthCodeFlow" rel="">OAuth 2.0 - Tutorial 2 - Azure Server Side Python WebApp Auth Code Flow - Entra ID</a></li> </ul> <p>We learned:</p> <ul> <li>How to create a &ldquo;server-side&rdquo; Python Web App <ul> <li>How to deploy this app to Azure</li> </ul> </li> <li>How to register the app with Entra ID</li> <li>How to use the Authorization Code Flow to access the Microsoft Graph API.</li> </ul> <h2 id="overview">Overview</h2> <p>In this tutorial:</p>OAuth 2.0 - Tutorial 2 - Azure Server Side Python WebApp Auth Code Flow - Entra IDhttps://nasan.ch/posts/2025-09-27-oauth20-2-azureserversidepythonwebapp-authcodeflow/Mon, 29 Sep 2025 05:10:21 +0100https://nasan.ch/posts/2025-09-27-oauth20-2-azureserversidepythonwebapp-authcodeflow/<h2 id="introduction">Introduction</h2> <p>In the previous tutorial <a href="https://nasan.ch/posts/2025-09-27-OAuth20-1-LocalhostPythonWebApp-AuthCodeFlow" rel="">Localhost Python WebApp Auth Code Flow with Entra ID</a> , we demonstrated using a localhost web app as a &ldquo;server-side app&rdquo; (confidential client) with the Authorization Code Flow. In this tutorial, we will deploy the app to Azure, making it a true &ldquo;server-side app&rdquo; where users cannot access secrets.</p> <p>The following steps are required to deploy the app to Azure:</p> <ul> <li>Create an Azure Container Registry</li> <li>Create a Dockerfile and publish the image to the registry</li> <li>Create an Azure Web App using this container</li> <li>Add environment variables (tenant, client ID, client secret)</li> <li>Add a new redirect URI to the app registration</li> <li>Update the redirect URI in the app code</li> </ul> <h2 id="prerequisites">Prerequisites</h2> <ul> <li>Microsoft Azure Tenant with active Subscription</li> <li>Docker installed</li> <li>Azure CLI installed</li> <li>UV installed: <a href="https://docs.astral.sh/uv/getting-started/installation/" target="_blank" rel="noopener noreffer">UV Installation</a></li> </ul> <h2 id="create-azure-container-registry">Create Azure Container Registry</h2> <p><a href="https://learn.microsoft.com/en-us/azure/container-registry/container-registry-get-started-portal?tabs=azure-cli" target="_blank" rel="noopener noreffer">Create an Azure container registry</a> where you can store your docker images:</p>OAuth 2.0 - Tutorial 1 - Localhost Python WebApp Auth Code Flow with Entra IDhttps://nasan.ch/posts/2025-09-27-oauth20-1-localhostpythonwebapp-authcodeflow/Sun, 28 Sep 2025 05:10:21 +0100https://nasan.ch/posts/2025-09-27-oauth20-1-localhostpythonwebapp-authcodeflow/<h2 id="introduction---server-side-app---auth-code-flow">Introduction - &ldquo;Server Side App&rdquo; - Auth Code Flow</h2> <p>This guide demonstrates how to create a &ldquo;server-side&rdquo; <strong>Python web application</strong> running locally (for development) that authenticates users with <strong>Microsoft Entra ID</strong> and authorizes access to the <strong>Microsoft Graph API</strong> using the <strong>Authorization Code Flow</strong> as a <strong>&ldquo;confidential client&rdquo;</strong> with a client secret.</p> <blockquote> <p><strong>Info:</strong> In the second tutorial, we will deploy this app to Azure</p></blockquote> <p>The client is considered confidential because the app runs solely on the server, and users do not have access to the client secret.</p>OAuth 2.0 - mind maphttps://nasan.ch/posts/2025-09-27-oauth20-0-overview/Sat, 27 Sep 2025 05:10:21 +0100https://nasan.ch/posts/2025-09-27-oauth20-0-overview/<p>To better understand OAuth 2.0, I have created the following mind map and a series of follow-up tutorials that provide a basic overview of how OAuth works.</p> <h2 id="mindmap-oauth">MindMap OAuth</h2> <p><figure><a class="lightgallery" href="https://nasan.ch/images/OAuth2-0.svg" title="AUTH 2.0 Mind Map" data-thumbnail="/images/OAuth2-0.svg" data-sub-html="<h2>OAUTH 2.0 Mind Map illustrates basic concepts</h2><p>AUTH 2.0 Mind Map</p>"> <img class="lazyload" src="https://nasan.ch/svg/loading.min.svg" data-src="https://nasan.ch/images/OAuth2-0.svg" data-srcset="https://nasan.ch/images/OAuth2-0.svg, https://nasan.ch/images/OAuth2-0.svg 1.5x, https://nasan.ch/images/OAuth2-0.svg 2x" data-sizes="auto" alt="/images/OAuth2-0.svg" /> </a><figcaption class="image-caption">OAUTH 2.0 Mind Map illustrates basic concepts</figcaption> </figure><br> <em>Figure 1: OAUTH 2.0 Mind Map visualizing basic concepts</em></p>