ignite talk: i am a robot, how do i log in?
TRANSCRIPT
Jayson DelanceyI am a robot, how do I login
But I AM a robot _
UAAUser Account and Authentication Server
SSO
OAuth2
• Headless
• Exposed
• Accessible
• Sensitive data
• Sensitive Hardware
draft-ietf-oauth-jwt-bearer
This specification defines the use of a JSON Web Token (JWT) Bearer Token as a means for requesting an OAuth 2.0 access token as well as for use as a means of client authentication.
eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWUsImV4cCI6MTIzMTIzfQ.cUyTEK1BKsOU5stpPiM5-PGT4nUrKwAHajhmb9Ojim7NbEwgsDAju9vlukBYJOSCFyXbG_N0zlQrO8n7yJ9G2OIOerQNqMTNWcqwtcFha1TJyhv4tb40bLONfcrMIAO1L-oF9f27xwJQODJz4SmyU1nSI1dKeqN5KmyHVUqOLAI
Header{ "alg":"RS256"} Payload{ "iss": <clientID> "sub": <device ID> "aud": <uaa> "exp": <expiration time of this token> "tenant_id": <tenant_id>} SignatureSHA256withRSA( <base64(Header)>.<base64(Payload)>, <private key>)
• Certificate-Signing Request
• Certificate Authority
• Signature
• Device name
• Device serial no.
• Shared secret
1. Add Device
Hardware Security Module (HSM)
2. Enroll Device• MAC address
• Device UUID
• Tenant ID
Streaming Sensor Data
Bearer Token Access Token
401 Unauthorized
UAA
+
JWT
Sense, Plan, Act
Robots are users too.
https://github.com/GESoftware-CF/uaa
jwt_grant_3.4.0 branch