PAUL'S BLOG

Learn. Build. Share. Repeat.

Azure AD B2C logouts and redirection URLs

2022-06-18 6 min read Tutorial

Background

I’ve been helping a client build a customer-facing NodeJS web application which leveraged Azure AD B2C as its identity provider. Things were going well with the development and Azure AD B2C served them really well. It’s cost-effective and gives them all the controls and security features they’ve come to expect with Azure AD (the non-B2C version). As any responsible company, they run penetration tests on the application prior to releasing to production and they identified one item that can pose as a security threat.

Continue reading
Azure-Ad-B2c Javascript

Run Terraform With Azure Pipelines

2022-02-25 14 min read Tutorial

This repo will walk you through an approach to provisioning Azure resources using Terraform code stored in a Git repo and leverage Azure Pipelines (YAML-based) to deploy to dev, test, and prod environments (all in different subscriptions) with approval gates in front of test and prod environments.

Prerequisites

Azure Subscription

If you don’t have Azure, go sign up for a free account and come back.

Azure DevOps

If you do not already have an Azure DevOps organization, follow these instructions to create one.

Continue reading
Azure Devops Pipelines Terraform

Run Your Pipelines in Azure Container Instance

2021-07-16 6 min read Tutorial

Background

  • Microsoft-hosted Azure Pipeline agent run in the public space; therefore, they can only deploy to environments that are publicly accessible.
  • Some organizations may need to deploy to target environments that are only accessible within private space (e.g., inside a Azure Virtual Network).
  • When the target environment is not publicly accessible, deploying self-hosted pipelines agents are a common solution.
  • Organizations can self-host Azure Pipeline agents on Linux, macOS, or Windows (physical or virtual machines) or Azure Virtual Machine Scale Sets; however, this may introduce unwanted overhead in having to patch and maintain these machines.
  • The alternative is to run an agent in a Docker container and host it in Azure Container Instance which can run inside of the organization’s virtual network and we’ll explore this option for the rest of this guide.

Architecture

ACI-Pipelines-Architecture

Continue reading
Azure Devops Pipelines Azure-Container-Instance

Validating Azure AD B2C Tokens

2021-05-31 3 min read Tutorial

I recently ran into an issue where I needed to help a customer validate an Azure AD B2C JWT access token. We tend to take JWT tokens for granted and sometimes forget that they should be validated by the application. I thought this was going to be pretty straight-forward to solve since Azure AD B2C is effectively Azure AD under the hood. I was wrong.

I initially thought browsing to the OIDC metadata endpoint would reveal the info I needed to validate the signature of the JWT but finding the endpoint was my first challenge.

Continue reading
Azure-Ad-B2c

Getting Started With Terraform on Azure

2021-04-24 7 min read Tutorial

Check out the official Get Started - Azure tutorial here

Terraform basics

Download and Install

  • Download terraform from https://www.terraform.io/downloads.html

  • Extract the executable and add the folder to your PATH variable

  • Open a shell and type terraform version

  • The basic commands we’ll use are:

    • terraform init
    • terraform plan
    • terraform apply
    • terraform destroy

  • I advise you to use the terraform fmt command often to ensure your scripts well formatted according to HashiCorp’s style conventions

Folder structure

Terrafrom executes on the files within a folder that are named with the .tf extension. Here is what a typical folder structure looks like:

Continue reading
Azure Terraform
Newer posts
© 2024 by Paul Yu - rss
Bilberry Hugo Theme