次世代認証プラットフォーム “Auth0” を使ってみた / Next Geneartion Identity "Auth0"

Transcript

1. ࣍ੈ୅ೝূϓϥοτϑΥʔϜ “Auth0” Λ࢖ͬͯΈͨ ໦ςΫʮ࠷ۙͷWebٕज़ʹ͍ͭͯϫΠϫΠޠΔձʯ 2018/09/27ʢ໦ʣ Takahiro Tsuchiya / @corocn

2. Agenda • ࣗݾ঺հ • ֎෦ೝূج൫ͷ࿩ • αʔϏεͷൺֱ • ೝূج൫αʔϏε “Auth0”

   ͷ঺հ

3. ࣗݾ঺հ • @corocn / Takahiro Tsuchiya / ౔԰و༟ • Misoca

   Inc. • Auth0 Ambassador

4. ຊΛॻ͖·ͨ͠ ٕज़ॻయ4Ͱ൦෍ AmazonͰൢചத ·ͨվగ͍ͨ͠ʂ

5. ࠓ೔ͷ͓࿩

6. ΢ΣϒΞϓϦέʔγϣϯͱ
 ֎෦ೝূج൫ͷ࿩

7. WebαʔϏεΛ࡞ΔͳΒೝূ ͷ࢓૊Έ͸ඞਢʹͳΔ

8. Ͱ΋ຊ౰ʹϢʔβʔʹఏڙ͠ ͍ͨ΋ͷ͸ೝূ͡Όͳ͍

9. ΋ͬͱαʔϏεͷຊ࣭తͳͱ ͜Ζʹ࣌ؒΛ࢖͍͍ͨ

10. Ͱ΋ೝূͬͯ೉͘͠ͳ͍ʁ ๻͸શવΘ͔Γ·ͤΜ ਓྨʹೝূ͸೉͍͠

11. Ͳ͏΍ͬͯػೳ࣮૷͢Δʁ

12. ࣗ෼ͰҰ͔Β࣮૷͢Δ • ΍Βͳ͍΄͏͕͍͍ • ηΩϡϦςΟϗʔϧΛ࡞Δࣗ৴͕͋Δ • ंྠͷ࠶ൃ໌ • ηΩϡϦςΟͷ࣮૷ϊ΢ϋ΢͸֎ʹग़ͯ͜ͳ ͍ͷͰ೉͍͠

13. Frameworkඪ४ͷϥΠϒϥϦΛ࢖͏ • ͋Δఔ౓Ϩʔϧʹ৐ΕΔ • ࠷௿ݶͷػೳ͔͠ͳ͍ • ڽͬͨॲཧͰ్୺ʹഁ୼͕ͪ͠ • RailsͷDevise? Sorcery?

    ΈΜͳਏ͍ਏ͍ͱ ݴͬͯ࢖͍ͬͯΔΑ͏ͳɾɾɾ

14. https://qiita.com/cigalecigales/items/73d7bd7ec59a001ccd74

15. ৽͍͠࢓༷ʹ௥ैͰ͖·͔͢ʁ • ύεϫʔυೝূ • SSO, Social Login, ύεϫʔυϨε • MFAʢଟཁૉೝূʣ

    • FIDO 1.0 ʢU2F, UAFʣ • FIDO 2.0ʢU2F + UAFʣ, WebAuthn API ͙ͦ͢͜·Ͱ ഭ͍ͬͯΔ

16. ͦ͏ͩ
 ֎෦ͷೝূج൫
 ࢖͓͏

17. ஫ҙ͍ͨ͜͠ͱ

18. • ֎෦αʔϏεΛ࢖͑͹ηΩϡϦςΟϦεΫ͕ ফ͑ΔΘ͚Ͱ͸ͳ͍ • ࿈ܞ෦෼͸։ൃऀͰ࣮૷͢Δ • ͪΌΜͱཧղ͔ͯ͠Β࢖Θͳ͍ͱ౰વࣄނ • Ͱ΋ͪΌΜͱ࢖͑͹େ෯ʹ࣮૷࣌ؒ΍อकί ετΛ௿ݮͰ͖Δ

19. ͍Ζ͍Ζࢼͨ͠

20. ࢼͯ͠ΈͨೝূαʔϏε • Amazon Cognito • Firebase Authentication • Netlify Identity

    • Auth0 ← ࠷ऴతʹ͜Εʹམͪண͘

21. Amazon Cognito • AWSͷਂ͍஌͕ࣝཁٻ͞ΕΔ • UserPool, ID PoolͳͲ֓೦͕೉͍͠ • ֶशίετ͕ߴ͍

    • αʔϏε͕AWS΂ͬͨΓͳΒݕ౼ͯ͠΋͍͍ ͚Ͳɺݕ౼͢Δͷʹ͕͔͔࣌ؒΓͦ͏

22. Firebase Authentication • ແྉʢҰ෦ΦϖϨʔγϣϯʹ੍ݶ༗Γʣ • γϯϓϧɻμογϡϘʔυ͸͔ͳΓ؆ૉɻ • αʔϏεܧଓੑ͸໰୊ͳ͠ • GCP΍ଞFirebaseαʔϏεΛ࢖͏લఏͳΒ˕

    • ࡉ੍͔͍໿͕ॻ͚ͳ͍ͷ͕ਏ͍ • υΩϡϝϯτಡΈͮΒ͍

23. Netlify Identity • ࣮૷͸ָͩͬͨ • ػೳ͕଍Γͯͳͯ͘ɺϩʔΧϧͰͷσόοά ͕ࠔ೉ͩͬͨͷͰΪϒΞοϓ • ݱࡏ͸վળ͍ͯ͠Δ͔΋͠Εͳ͍

24. Auth0 • ֶशίετͷ௿͞ɺ֦ுੑͷߴ͕͞࠷ߴ • ࠷ऴతʹ͜Εʹམͪண͘

25. None

26. Auth0ͬͯʁ • Ϋϥ΢υೝূϕϯμʔ • IDaaSʢIdentity as a Serviceʣ • ຊࣾ͸

    Bellevue, Washington • ϑϧϦϞʔτϫʔΫΛ࠾༻ • Company OffsiteʢΧϯΫϯͱ͔ύφϚͱ͔ʣ

27. IDaaS • اۀ಺ID͕ࢥ͍ු͔Ϳ͔΋ʢOkta, OneLoginͱ͔ʣ • Auth0ͷ৔߹͸C޲͚Ͱ΋࢖͍΍͍͢ҹ৅ •

28. ͱΓ͋͑ͣ৮ͬͯࢼͤΔ • جຊແྉͰ࢖͑Δʢ22೔ؒ͸Enterprise൛͕ࢼͤΔʣ • 7000Ϣʔβʔɺແ੍ݶϩάΠϯ • ύεϫʔυϨεରԠ • ૊ΈࠐΈϑΥʔϜʢLockʣ← ͋ͱͰ

    • ιʔγϟϧϩάΠϯʢ2ݸ·Ͱʣ • ແ੍ݶͷϧʔϧఆٛ ← ͋ͱͰ

29. ๛෋ͳνϡʔτϦΞϧ

30. https://auth0.com/docs

31. Mobile

32. SPA

33. Web App 1

34. Web App 2

35. Backend API

36. • νϡʔτϦΞϧ͕Ұ௨Γἧ͍ͬͯΔ • JWT Handbook౳ ೝূܥͷϒϩά౳ • ͸΍͘೔ຊޠ൛Ͱͳ͍͔ͳʙʁʢνϥο • jwt.io

    ͸ powered by Auth0 • ϒϥ΢βͰ࢖͑ΔJWTͷσόοάπʔϧ
37. None

38. Lock

39. None

40. Lock • Auth0͕ఏڙ͢Δ૊ࠐΈϩάΠϯϑΥʔϜ • ֤छϓϥοτϑΥʔϜରԠ • ଟݴޠରԠ • ಺෦Ͱ Auth0

    SDKʢauth0.jsͳͲʣΛ࢖͍ͬͯΔ • ࡉ੍͔͍ޚ͕ඞཁͳ৔߹͸ͪ͜ΒΛ • νϡʔτϦΞϧ͸ auth0.jsΛ࢖࣮ͬͨ૷

41. • Social LoginͳͲɺઃఆ͸Lockʹଈ࣌൓ө • Auth0͕อ༗͢ΔdevΩʔ͕ॳظͰઃఆ͞Εͯ ͍ΔͷͰɺͱΓ͋͑ͣࢼͤΔʢخ͍͠ʣ • ਖ਼ࣜʹ࢖͏৔߹͸औಘͯ͠ઃఆ͢Δ͜ͱ

42. Webtask

43. Webtask • AWS LambdaϥΠΫͳαʔόϨε؀ڥΛࣗલ Ͱอ༗͍ͯ͠Δ • JavaScriptɺC#Ͱهड़Մ • Node v8ͳͷͰasync

    await΋ • WebtaskʹΑͬͯߴ͍֦ுੑΛ࣮ݱ͍ͯ͠Δ

44. Rule

45. Rule • ೝূػೳͷ֦ு͸RuleͰઃఆ • ྫ1ʣυϝΠϯΛ੍ݶ͍ͨ͠ • ྫ2ʣ໊دͤΛ࣮ݱ͍ͨ͠ • ࣮ߦج൫͸Webtask •

    ϢʔεέʔεผʹେྔͷςϯϓϨʔτ͕ఏڙ͞Ε ͍ͯΔͷͰɺগ͠मਖ਼͢Δ͚ͩͰ͍͍ͩͨಈ͘

46. Rule: Template

47. Rule: Whitelist

48. ͦͷଞ • ϢʔβʔμογϡϘʔυ͕ඪ४૷උ • Auth0 GuardianʢMFAʣ • FIDO2ͷରԠ͸ʁ → AddonͰՄೳ

49. ·ͱΊ • αʔϏε։ൃ͸αʔϏεͷຊ࣭ʹ஫ྗ͢΂͖ • ࣮૷ίετ࡟ݮͷͨΊʹɺ֎෦ͷೝূج൫Λ ࢖͏ͷ͸͋Γ • Auth0͸ଟػೳͰ֦ுੑ͕ߴ͍ͷͰɺબ୒ࢶͱ ͯ͠༗๬ •

    ϦεΫΛͪΌΜͱཧղ͔ͯ͠Β࢖͏΂͠

50. ͋Γ͕ͱ͏͍͟͝·ͨ͠