社内でしか使わない勤怠管理システムにOAuth2を導入してみた / Kagomoku #19

by megos

Slide 1

Slide 1 text

ࣾ಺Ͱ͔͠࢖Θͳ͍ ۈଵ؅ཧγεςϜʹ OAuth2Λಋೖͯ͠Έͨ megos @ ͔͝΋͘ #19 γϯάϧαΠϯΦϯ! 2019/04/20

Slide 2

Slide 2 text

megos Full stuck engineer (not stack) • ͔͑͝ΜཱͯͨͻͱʢJoin Us!!ʣ • Twitterɿ@tmegos • ϙʔτϑΥϦΦɿmegos.netlify.com

Slide 3

Slide 3 text

എܠͱ໨త • ExcelͰۈଵ؅ཧ͞Ε͍ͯͨ • ໘౗ʢݸਓʣ • ϓϩδΣΫτͷ࡞ۀ͕࣌ؒΘ͔Γʹ͍͘ʢPMʣ • ࣾһʹͱͬͯศརͳWebۈଵγεςϜΛ࡞Δ • WebԽ → ೝূ → OAuth2 എܠ ໨త

Slide 4

Slide 4 text

ͳͥOAuth2? • ଞαʔϏεͱͷ࿈ܞͱ͍͏ߏ૝ • άϧʔϓ΢ΣΞɺ޻਺؅ཧɺ༗څٳՋ؅ཧ… • ษڧͷͨΊ • OAuth2ΫϥΠΞϯτ͸Α͘࡞Δ͚Ͳ… OAuth2αʔό͸ࣗ෼Ͱ࡞Δ͜ͱͳ͍ΑͶ

Slide 5

Slide 5 text

࢖ͬͨ΋ͷ • όοΫΤϯυ • Spring Boot • Spring Security • Kotlin • DB • PostgreSQL • ϑϩϯτΤϯυ • Vue.js • Vuetify • axios

Slide 6

Slide 6 text

࢖ͬͨ΋ͷ • όοΫΤϯυ • Spring Boot • Spring Security • Kotlin • DB • PostgreSQL • ϑϩϯτΤϯυ • Vue.js • Vuetify • axios ࠓճ͸͜͜ͷ OAuth2ͷ෦෼͚ͩ ঺հ

Slide 7

Slide 7 text

https://github.com/megos/ spring-security-oauth2- kotlin આ໌͸ιʔεͷίϝϯτͰ

Slide 8

Slide 8 text

# ਖ਼͍͠ΞΫηε৘ใ $ curl -X POST \ -d client_id=client_id \ -d client_secret=client_secret \ -d grant_type=password \ -d username=user \ -d password=password \ http://localhost:8080/oauth/token {"access_token":"[your_access_token]","token_type":"bearer","expires _in":43199,"scope":"read"} curlͰOAuthΛୟ͘

Slide 9

Slide 9 text

# ΫϥΠΞϯτ৘ใͷޡΓ $ curl -X POST \ -d client_id=client_id \ -d client_secret=client_secret2 \ -d grant_type=password \ -d username=user \ -d password=password \ http://localhost:8080/oauth/token {"error":"invalid_client","error_description":"Bad client credentials"} curlͰOAuthΛୟ͘

Slide 10

Slide 10 text

# Ϣʔβ৘ใͷޡΓ $ curl -X POST \ -d client_id=client_id \ -d client_secret=client_secret \ -d grant_type=password \ -d username=user \ -d password=password2 \ http://localhost:8080/oauth/token {"error":"invalid_grant","error_description":"Bad credentials"} curlͰOAuthΛୟ͘

Slide 11

Slide 11 text

# ਖ਼͍͠ΞΫηετʔΫϯ $ curl -H "Authorization: Bearer [your_access_token]" localhost: 8080/hello Hello! # ΞΫηετʔΫϯͳ͠ $ curl http://localhost:8080 {"error":"unauthorized","error_description":"Full authentication is required to access this resource"} # ແޮͳΞΫηετʔΫϯ $ curl -H "Authorization: Bearer bad_access_token" localhost:8080/ hello {"error":"invalid_token","error_description":"Invalid access token: bad_access_token"} ϦιʔεΛऔಘͯ͠ΈΔ

Slide 12

Slide 12 text

·ͱΊͱࠓޙͷ՝୊ • Spring SecurityͰOAuth2αʔόΛ࡞ͬͨ • roleͷద੾ͳઃఆ • read/write • user/subreader/reader/admin… • scopeͷద੾ͳઃఆ ·ͱΊ ࠓޙͷ՝୊