Upgrade to Pro — share decks privately, control downloads, hide ads and more …

次世代認証プラットフォーム “Auth0” を使ってみた / Next Geneartion Identity "Auth0"

Takahiro Tsuchiya
September 27, 2018
Technology
18
7.3k

次世代認証プラットフォーム “Auth0” を使ってみた / Next Geneartion Identity "Auth0"

* 外部認証基盤の話
* Auth0 / Amazon Cognito / Firebase Authentication / Netlify Identity の比較
* Auth0 を選んだ理由

Takahiro Tsuchiya

September 27, 2018
Tweet

More Decks by Takahiro Tsuchiya

See All by Takahiro Tsuchiya
育休のすゝめ #devsumi 2023
corocn
3
2.3k
GCPでRubyを動かしている話 / ruby on gcp
corocn
0
580
フルリモートワーカーのデスク選定 / how-to-select-remote-work-desk
corocn
1
480
Auth0イントロダクション / corocn_auth0_day_recap_in_osaka
corocn
1
730
Ruby meets passwordlress world
corocn
0
620
Webサービス開発とSPAの認証の話 / spa-and-identity
corocn
9
2.6k
Cognito User Poolsと仲良くなるための話 / cognito-user-pools
corocn
2
380
TypeScript+Expressでサーバーサイド開発やってみた / typescript_express_debugging
corocn
5
2.9k
(採用担当者向け)エンジニア採用をする上での基礎知識 / recruting_engineer_basic
corocn
57
100k

Other Decks in Technology

See All in Technology
問題解決の促進-New Relicの導入から全社活用までの道のり- / Facilitate problem solving
yayoi_dd
0
310
ユーザーストーリーマッピング
kawaguti
PRO
4
780
Keynote: Kishore Gopalakrishna, StarTree - The Rise of Real-Time Analytics | RTA Summit 2023
startree
PRO
0
130
【JAWS-UG朝会】ガバメントクラウド・デジタル庁の基本方針から考えるクラウドサービスの適切な利用
kumamatsu
PRO
3
490
バリエーションで差をつける。myshoesの新たな挑戦 #cicd_test_night
whywaita
PRO
0
310
Vault Secrets Operator と Dynamic Secrets で安全にシークレットを使おう / Vault Secrets Operator and Dynamic Secrets
nnstt1
2
280
Enabling Developers in a Multi-Cloud World :: GOTO Aarhus 2023
salaboy
0
120
AI完全初心者でも最新の生成AIの仕組がわかった気になれるプレゼン
shimap_sampo
5
1.4k
とあるQAエンジニアが、マイクロサービスの開発チームと、出会ったーー / Scrum Fest Niigata 2023
yoyakoba
0
130
データマネジメント研修【MIXI 23新卒技術研修】
mixi_engineers
PRO
0
180
Datadogで実現するセキュリティ オブザーバビリティ
taka2noda
1
140
Save the state
keithyokoma
0
210

Featured

See All Featured
Making the Leap to Tech Lead
cromwellryan
118
7.8k
The Language of Interfaces
destraynor
149
21k
Large-scale JavaScript Application Architecture
addyosmani
500
110k
Raft: Consensus for Rubyists
vanstee
130
5.8k
Fontdeck: Realign not Redesign
paulrobertlloyd
74
4.5k
Fight the Zombie Pattern Library - RWD Summit 2016
marcelosomers
226
16k
ReactJS: Keep Simple. Everything can be a component!
pedronauck
658
120k
Easily Structure & Communicate Ideas using Wireframe
afnizarnur
183
15k
No one is an island. Learnings from fostering a developers community.
thoeni
13
1.7k
Bash Introduction
62gerente
602
210k
Ruby is Unlike a Banana
tanoku
93
9.7k
WebSockets: Embracing the real-time Web
robhawkes
58
6.2k

Transcript

  1. ࣍ੈ୅ೝূϓϥοτϑΥʔϜ
    “Auth0” Λ࢖ͬͯΈͨ
    ໦ςΫʮ࠷ۙͷWebٕज़ʹ͍ͭͯϫΠϫΠޠΔձʯ
    2018/09/27ʢ໦ʣ
    Takahiro Tsuchiya / @corocn

    View Slide

  2. Agenda
    • ࣗݾ঺հ
    • ֎෦ೝূج൫ͷ࿩
    • αʔϏεͷൺֱ
    • ೝূج൫αʔϏε “Auth0” ͷ঺հ

    View Slide

  3. ࣗݾ঺հ
    • @corocn / Takahiro Tsuchiya / ౔԰و༟
    • Misoca Inc.
    • Auth0 Ambassador

    View Slide

  4. ຊΛॻ͖·ͨ͠
    ٕज़ॻయ4Ͱ൦෍ AmazonͰൢചத
    ·ͨվగ͍ͨ͠ʂ

    View Slide

  5. ࠓ೔ͷ͓࿩

    View Slide

  6. ΢ΣϒΞϓϦέʔγϣϯͱ

    ֎෦ೝূج൫ͷ࿩

    View Slide

  7. WebαʔϏεΛ࡞ΔͳΒೝূ
    ͷ࢓૊Έ͸ඞਢʹͳΔ

    View Slide

  8. Ͱ΋ຊ౰ʹϢʔβʔʹఏڙ͠
    ͍ͨ΋ͷ͸ೝূ͡Όͳ͍

    View Slide

  9. ΋ͬͱαʔϏεͷຊ࣭తͳͱ
    ͜Ζʹ࣌ؒΛ࢖͍͍ͨ

    View Slide

  10. Ͱ΋ೝূͬͯ೉͘͠ͳ͍ʁ
    ๻͸શવΘ͔Γ·ͤΜ
    ਓྨʹೝূ͸೉͍͠

    View Slide

  11. Ͳ͏΍ͬͯػೳ࣮૷͢Δʁ

    View Slide

  12. ࣗ෼ͰҰ͔Β࣮૷͢Δ
    • ΍Βͳ͍΄͏͕͍͍
    • ηΩϡϦςΟϗʔϧΛ࡞Δࣗ৴͕͋Δ
    • ंྠͷ࠶ൃ໌
    • ηΩϡϦςΟͷ࣮૷ϊ΢ϋ΢͸֎ʹग़ͯ͜ͳ
    ͍ͷͰ೉͍͠

    View Slide

  13. Frameworkඪ४ͷϥΠϒϥϦΛ࢖͏
    • ͋Δఔ౓Ϩʔϧʹ৐ΕΔ
    • ࠷௿ݶͷػೳ͔͠ͳ͍
    • ڽͬͨॲཧͰ్୺ʹഁ୼͕ͪ͠
    • RailsͷDevise? Sorcery? ΈΜͳਏ͍ਏ͍ͱ
    ݴͬͯ࢖͍ͬͯΔΑ͏ͳɾɾɾ

    View Slide

  14. https://qiita.com/cigalecigales/items/73d7bd7ec59a001ccd74

    View Slide

  15. ৽͍͠࢓༷ʹ௥ैͰ͖·͔͢ʁ
    • ύεϫʔυೝূ
    • SSO, Social Login, ύεϫʔυϨε
    • MFAʢଟཁૉೝূʣ
    • FIDO 1.0 ʢU2F, UAFʣ
    • FIDO 2.0ʢU2F + UAFʣ, WebAuthn API
    ͙ͦ͢͜·Ͱ
    ഭ͍ͬͯΔ

    View Slide

  16. ͦ͏ͩ

    ֎෦ͷೝূج൫

    ࢖͓͏

    View Slide

  17. ஫ҙ͍ͨ͜͠ͱ

    View Slide

  18. • ֎෦αʔϏεΛ࢖͑͹ηΩϡϦςΟϦεΫ͕
    ফ͑ΔΘ͚Ͱ͸ͳ͍
    • ࿈ܞ෦෼͸։ൃऀͰ࣮૷͢Δ
    • ͪΌΜͱཧղ͔ͯ͠Β࢖Θͳ͍ͱ౰વࣄނ
    • Ͱ΋ͪΌΜͱ࢖͑͹େ෯ʹ࣮૷࣌ؒ΍อकί
    ετΛ௿ݮͰ͖Δ

    View Slide

  19. ͍Ζ͍Ζࢼͨ͠

    View Slide

  20. ࢼͯ͠ΈͨೝূαʔϏε
    • Amazon Cognito
    • Firebase Authentication
    • Netlify Identity
    • Auth0 ← ࠷ऴతʹ͜Εʹམͪண͘

    View Slide

  21. Amazon Cognito
    • AWSͷਂ͍஌͕ࣝཁٻ͞ΕΔ
    • UserPool, ID PoolͳͲ֓೦͕೉͍͠
    • ֶशίετ͕ߴ͍
    • αʔϏε͕AWS΂ͬͨΓͳΒݕ౼ͯ͠΋͍͍
    ͚Ͳɺݕ౼͢Δͷʹ͕͔͔࣌ؒΓͦ͏

    View Slide

  22. Firebase Authentication
    • ແྉʢҰ෦ΦϖϨʔγϣϯʹ੍ݶ༗Γʣ
    • γϯϓϧɻμογϡϘʔυ͸͔ͳΓ؆ૉɻ
    • αʔϏεܧଓੑ͸໰୊ͳ͠
    • GCP΍ଞFirebaseαʔϏεΛ࢖͏લఏͳΒ˕
    • ࡉ੍͔͍໿͕ॻ͚ͳ͍ͷ͕ਏ͍
    • υΩϡϝϯτಡΈͮΒ͍

    View Slide

  23. Netlify Identity
    • ࣮૷͸ָͩͬͨ
    • ػೳ͕଍Γͯͳͯ͘ɺϩʔΧϧͰͷσόοά
    ͕ࠔ೉ͩͬͨͷͰΪϒΞοϓ
    • ݱࡏ͸վળ͍ͯ͠Δ͔΋͠Εͳ͍

    View Slide

  24. Auth0
    • ֶशίετͷ௿͞ɺ֦ுੑͷߴ͕͞࠷ߴ
    • ࠷ऴతʹ͜Εʹམͪண͘

    View Slide

  25. View Slide

  26. Auth0ͬͯʁ
    • Ϋϥ΢υೝূϕϯμʔ
    • IDaaSʢIdentity as a Serviceʣ
    • ຊࣾ͸ Bellevue, Washington
    • ϑϧϦϞʔτϫʔΫΛ࠾༻
    • Company OffsiteʢΧϯΫϯͱ͔ύφϚͱ͔ʣ

    View Slide

  27. IDaaS
    • اۀ಺ID͕ࢥ͍ු͔Ϳ͔΋ʢOkta, OneLoginͱ͔ʣ
    • Auth0ͷ৔߹͸C޲͚Ͱ΋࢖͍΍͍͢ҹ৅

    View Slide

  28. ͱΓ͋͑ͣ৮ͬͯࢼͤΔ
    • جຊແྉͰ࢖͑Δʢ22೔ؒ͸Enterprise൛͕ࢼͤΔʣ
    • 7000Ϣʔβʔɺແ੍ݶϩάΠϯ
    • ύεϫʔυϨεରԠ
    • ૊ΈࠐΈϑΥʔϜʢLockʣ← ͋ͱͰ
    • ιʔγϟϧϩάΠϯʢ2ݸ·Ͱʣ
    • ແ੍ݶͷϧʔϧఆٛ ← ͋ͱͰ

    View Slide

  29. ๛෋ͳνϡʔτϦΞϧ

    View Slide

  30. https://auth0.com/docs

    View Slide

  31. Mobile

    View Slide

  32. SPA

    View Slide

  33. Web App 1

    View Slide

  34. Web App 2

    View Slide

  35. Backend API

    View Slide

  36. • νϡʔτϦΞϧ͕Ұ௨Γἧ͍ͬͯΔ
    • JWT Handbook౳ ೝূܥͷϒϩά౳
    • ͸΍͘೔ຊޠ൛Ͱͳ͍͔ͳʙʁʢνϥο
    • jwt.io ͸ powered by Auth0
    • ϒϥ΢βͰ࢖͑ΔJWTͷσόοάπʔϧ

    View Slide

  37. View Slide

  38. Lock

    View Slide

  39. View Slide

  40. Lock
    • Auth0͕ఏڙ͢Δ૊ࠐΈϩάΠϯϑΥʔϜ
    • ֤छϓϥοτϑΥʔϜରԠ
    • ଟݴޠରԠ
    • ಺෦Ͱ Auth0 SDKʢauth0.jsͳͲʣΛ࢖͍ͬͯΔ
    • ࡉ੍͔͍ޚ͕ඞཁͳ৔߹͸ͪ͜ΒΛ
    • νϡʔτϦΞϧ͸ auth0.jsΛ࢖࣮ͬͨ૷

    View Slide

  41. • Social LoginͳͲɺઃఆ͸Lockʹଈ࣌൓ө
    • Auth0͕อ༗͢ΔdevΩʔ͕ॳظͰઃఆ͞Εͯ
    ͍ΔͷͰɺͱΓ͋͑ͣࢼͤΔʢخ͍͠ʣ
    • ਖ਼ࣜʹ࢖͏৔߹͸औಘͯ͠ઃఆ͢Δ͜ͱ

    View Slide

  42. Webtask

    View Slide

  43. Webtask
    • AWS LambdaϥΠΫͳαʔόϨε؀ڥΛࣗલ
    Ͱอ༗͍ͯ͠Δ
    • JavaScriptɺC#Ͱهड़Մ
    • Node v8ͳͷͰasync await΋
    • WebtaskʹΑͬͯߴ͍֦ுੑΛ࣮ݱ͍ͯ͠Δ

    View Slide

  44. Rule

    View Slide

  45. Rule
    • ೝূػೳͷ֦ு͸RuleͰઃఆ
    • ྫ1ʣυϝΠϯΛ੍ݶ͍ͨ͠
    • ྫ2ʣ໊دͤΛ࣮ݱ͍ͨ͠
    • ࣮ߦج൫͸Webtask
    • ϢʔεέʔεผʹେྔͷςϯϓϨʔτ͕ఏڙ͞Ε
    ͍ͯΔͷͰɺগ͠मਖ਼͢Δ͚ͩͰ͍͍ͩͨಈ͘

    View Slide

  46. Rule: Template

    View Slide

  47. Rule: Whitelist

    View Slide

  48. ͦͷଞ
    • ϢʔβʔμογϡϘʔυ͕ඪ४૷උ
    • Auth0 GuardianʢMFAʣ
    • FIDO2ͷରԠ͸ʁ → AddonͰՄೳ

    View Slide

  49. ·ͱΊ
    • αʔϏε։ൃ͸αʔϏεͷຊ࣭ʹ஫ྗ͢΂͖
    • ࣮૷ίετ࡟ݮͷͨΊʹɺ֎෦ͷೝূج൫Λ
    ࢖͏ͷ͸͋Γ
    • Auth0͸ଟػೳͰ֦ுੑ͕ߴ͍ͷͰɺબ୒ࢶͱ
    ͯ͠༗๬
    • ϦεΫΛͪΌΜͱཧղ͔ͯ͠Β࢖͏΂͠

    View Slide

  50. ͋Γ͕ͱ͏͍͟͝·ͨ͠

    View Slide