This article is contributed. See the original author and article here.

Call Summary:


In this session – Microsoft Identity platform for developers, Microsoft Authentication Libraries (JS, .NET, Android, iOS, Python, Java, Angular, Microsoft Identity Web), and top developer mistakes seen on the Microsoft Identity platform.  Microsoft Program Manager presenters – Harish Suresh | @harish_suresh and Sahil Malik | @sahilmalik.  This session was delivered and recorded on March 18, 2021.  Q&A in chat throughout call. 


 


 


In-depth topic:


Microsoft Identity platform – Do’s and Don’t.  Based on extensive hands-on experience with enterprise customers – developers, ISVs, and Partners pushing the limits of the identity platform on application integration, the Microsoft presenters Harish Suresh and Sahil Malik call out the top – common developer mistakes using the Microsoft Identity platform.  Each problem – what is it, why it’s a concern, tips for isolating and the good-better-best recommended solutions for minimizing security issues and maximizing best usability.   Common mistakes include: 



  1. Putting secrets in code

  2. Using prompt=consent

  3. Mismatched reply URLs

  4. Incorrect response handling leading to throttling failures (http 429 response)

  5. Incorrect usage of tokens (by token type)

  6. Acquire token paradigm (token acquisition mechanism)

  7. Usage of implicit, ROPC and client credential flows (application scenarios)

  8. Mobile broker/SSO behavior (approaches to performing SSO on iOS and Android). 


 


Resources:



 


Actions:  



 


Stay connected:



 


 

Brought to you by Dr. Ware, Microsoft Office 365 Silver Partner, Charleston SC.