Upgrade to Pro — share decks privately, control downloads, hide ads and more …

次世代認証プラットフォーム “Auth0” を使ってみた / Next Geneartion Identity "Auth0"

次世代認証プラットフォーム “Auth0” を使ってみた / Next Geneartion Identity "Auth0"

* 外部認証基盤の話
* Auth0 / Amazon Cognito / Firebase Authentication / Netlify Identity の比較
* Auth0 を選んだ理由

Takahiro Tsuchiya

September 27, 2018
Tweet

More Decks by Takahiro Tsuchiya

Other Decks in Technology

Transcript

  1. ࣍ੈ୅ೝূϓϥοτϑΥʔϜ
    “Auth0” Λ࢖ͬͯΈͨ
    ໦ςΫʮ࠷ۙͷWebٕज़ʹ͍ͭͯϫΠϫΠޠΔձʯ
    2018/09/27ʢ໦ʣ
    Takahiro Tsuchiya / @corocn

    View Slide

  2. Agenda
    • ࣗݾ঺հ
    • ֎෦ೝূج൫ͷ࿩
    • αʔϏεͷൺֱ
    • ೝূج൫αʔϏε “Auth0” ͷ঺հ

    View Slide

  3. ࣗݾ঺հ
    • @corocn / Takahiro Tsuchiya / ౔԰و༟
    • Misoca Inc.
    • Auth0 Ambassador

    View Slide

  4. ຊΛॻ͖·ͨ͠
    ٕज़ॻయ4Ͱ൦෍ AmazonͰൢചத
    ·ͨվగ͍ͨ͠ʂ

    View Slide

  5. ࠓ೔ͷ͓࿩

    View Slide

  6. ΢ΣϒΞϓϦέʔγϣϯͱ

    ֎෦ೝূج൫ͷ࿩

    View Slide

  7. WebαʔϏεΛ࡞ΔͳΒೝূ
    ͷ࢓૊Έ͸ඞਢʹͳΔ

    View Slide

  8. Ͱ΋ຊ౰ʹϢʔβʔʹఏڙ͠
    ͍ͨ΋ͷ͸ೝূ͡Όͳ͍

    View Slide

  9. ΋ͬͱαʔϏεͷຊ࣭తͳͱ
    ͜Ζʹ࣌ؒΛ࢖͍͍ͨ

    View Slide

  10. Ͱ΋ೝূͬͯ೉͘͠ͳ͍ʁ
    ๻͸શવΘ͔Γ·ͤΜ
    ਓྨʹೝূ͸೉͍͠

    View Slide

  11. Ͳ͏΍ͬͯػೳ࣮૷͢Δʁ

    View Slide

  12. ࣗ෼ͰҰ͔Β࣮૷͢Δ
    • ΍Βͳ͍΄͏͕͍͍
    • ηΩϡϦςΟϗʔϧΛ࡞Δࣗ৴͕͋Δ
    • ंྠͷ࠶ൃ໌
    • ηΩϡϦςΟͷ࣮૷ϊ΢ϋ΢͸֎ʹग़ͯ͜ͳ
    ͍ͷͰ೉͍͠

    View Slide

  13. Frameworkඪ४ͷϥΠϒϥϦΛ࢖͏
    • ͋Δఔ౓Ϩʔϧʹ৐ΕΔ
    • ࠷௿ݶͷػೳ͔͠ͳ͍
    • ڽͬͨॲཧͰ్୺ʹഁ୼͕ͪ͠
    • RailsͷDevise? Sorcery? ΈΜͳਏ͍ਏ͍ͱ
    ݴͬͯ࢖͍ͬͯΔΑ͏ͳɾɾɾ

    View Slide

  14. https://qiita.com/cigalecigales/items/73d7bd7ec59a001ccd74

    View Slide

  15. ৽͍͠࢓༷ʹ௥ैͰ͖·͔͢ʁ
    • ύεϫʔυೝূ
    • SSO, Social Login, ύεϫʔυϨε
    • MFAʢଟཁૉೝূʣ
    • FIDO 1.0 ʢU2F, UAFʣ
    • FIDO 2.0ʢU2F + UAFʣ, WebAuthn API
    ͙ͦ͢͜·Ͱ
    ഭ͍ͬͯΔ

    View Slide

  16. ͦ͏ͩ

    ֎෦ͷೝূج൫

    ࢖͓͏

    View Slide

  17. ஫ҙ͍ͨ͜͠ͱ

    View Slide

  18. • ֎෦αʔϏεΛ࢖͑͹ηΩϡϦςΟϦεΫ͕
    ফ͑ΔΘ͚Ͱ͸ͳ͍
    • ࿈ܞ෦෼͸։ൃऀͰ࣮૷͢Δ
    • ͪΌΜͱཧղ͔ͯ͠Β࢖Θͳ͍ͱ౰વࣄނ
    • Ͱ΋ͪΌΜͱ࢖͑͹େ෯ʹ࣮૷࣌ؒ΍อकί
    ετΛ௿ݮͰ͖Δ

    View Slide

  19. ͍Ζ͍Ζࢼͨ͠

    View Slide

  20. ࢼͯ͠ΈͨೝূαʔϏε
    • Amazon Cognito
    • Firebase Authentication
    • Netlify Identity
    • Auth0 ← ࠷ऴతʹ͜Εʹམͪண͘

    View Slide

  21. Amazon Cognito
    • AWSͷਂ͍஌͕ࣝཁٻ͞ΕΔ
    • UserPool, ID PoolͳͲ֓೦͕೉͍͠
    • ֶशίετ͕ߴ͍
    • αʔϏε͕AWS΂ͬͨΓͳΒݕ౼ͯ͠΋͍͍
    ͚Ͳɺݕ౼͢Δͷʹ͕͔͔࣌ؒΓͦ͏

    View Slide

  22. Firebase Authentication
    • ແྉʢҰ෦ΦϖϨʔγϣϯʹ੍ݶ༗Γʣ
    • γϯϓϧɻμογϡϘʔυ͸͔ͳΓ؆ૉɻ
    • αʔϏεܧଓੑ͸໰୊ͳ͠
    • GCP΍ଞFirebaseαʔϏεΛ࢖͏લఏͳΒ˕
    • ࡉ੍͔͍໿͕ॻ͚ͳ͍ͷ͕ਏ͍
    • υΩϡϝϯτಡΈͮΒ͍

    View Slide

  23. Netlify Identity
    • ࣮૷͸ָͩͬͨ
    • ػೳ͕଍Γͯͳͯ͘ɺϩʔΧϧͰͷσόοά
    ͕ࠔ೉ͩͬͨͷͰΪϒΞοϓ
    • ݱࡏ͸վળ͍ͯ͠Δ͔΋͠Εͳ͍

    View Slide

  24. Auth0
    • ֶशίετͷ௿͞ɺ֦ுੑͷߴ͕͞࠷ߴ
    • ࠷ऴతʹ͜Εʹམͪண͘

    View Slide

  25. View Slide

  26. Auth0ͬͯʁ
    • Ϋϥ΢υೝূϕϯμʔ
    • IDaaSʢIdentity as a Serviceʣ
    • ຊࣾ͸ Bellevue, Washington
    • ϑϧϦϞʔτϫʔΫΛ࠾༻
    • Company OffsiteʢΧϯΫϯͱ͔ύφϚͱ͔ʣ

    View Slide

  27. IDaaS
    • اۀ಺ID͕ࢥ͍ු͔Ϳ͔΋ʢOkta, OneLoginͱ͔ʣ
    • Auth0ͷ৔߹͸C޲͚Ͱ΋࢖͍΍͍͢ҹ৅

    View Slide

  28. ͱΓ͋͑ͣ৮ͬͯࢼͤΔ
    • جຊແྉͰ࢖͑Δʢ22೔ؒ͸Enterprise൛͕ࢼͤΔʣ
    • 7000Ϣʔβʔɺແ੍ݶϩάΠϯ
    • ύεϫʔυϨεରԠ
    • ૊ΈࠐΈϑΥʔϜʢLockʣ← ͋ͱͰ
    • ιʔγϟϧϩάΠϯʢ2ݸ·Ͱʣ
    • ແ੍ݶͷϧʔϧఆٛ ← ͋ͱͰ

    View Slide

  29. ๛෋ͳνϡʔτϦΞϧ

    View Slide

  30. https://auth0.com/docs

    View Slide

  31. Mobile

    View Slide

  32. SPA

    View Slide

  33. Web App 1

    View Slide

  34. Web App 2

    View Slide

  35. Backend API

    View Slide

  36. • νϡʔτϦΞϧ͕Ұ௨Γἧ͍ͬͯΔ
    • JWT Handbook౳ ೝূܥͷϒϩά౳
    • ͸΍͘೔ຊޠ൛Ͱͳ͍͔ͳʙʁʢνϥο
    • jwt.io ͸ powered by Auth0
    • ϒϥ΢βͰ࢖͑ΔJWTͷσόοάπʔϧ

    View Slide

  37. View Slide

  38. Lock

    View Slide

  39. View Slide

  40. Lock
    • Auth0͕ఏڙ͢Δ૊ࠐΈϩάΠϯϑΥʔϜ
    • ֤छϓϥοτϑΥʔϜରԠ
    • ଟݴޠରԠ
    • ಺෦Ͱ Auth0 SDKʢauth0.jsͳͲʣΛ࢖͍ͬͯΔ
    • ࡉ੍͔͍ޚ͕ඞཁͳ৔߹͸ͪ͜ΒΛ
    • νϡʔτϦΞϧ͸ auth0.jsΛ࢖࣮ͬͨ૷

    View Slide

  41. • Social LoginͳͲɺઃఆ͸Lockʹଈ࣌൓ө
    • Auth0͕อ༗͢ΔdevΩʔ͕ॳظͰઃఆ͞Εͯ
    ͍ΔͷͰɺͱΓ͋͑ͣࢼͤΔʢخ͍͠ʣ
    • ਖ਼ࣜʹ࢖͏৔߹͸औಘͯ͠ઃఆ͢Δ͜ͱ

    View Slide

  42. Webtask

    View Slide

  43. Webtask
    • AWS LambdaϥΠΫͳαʔόϨε؀ڥΛࣗલ
    Ͱอ༗͍ͯ͠Δ
    • JavaScriptɺC#Ͱهड़Մ
    • Node v8ͳͷͰasync await΋
    • WebtaskʹΑͬͯߴ͍֦ுੑΛ࣮ݱ͍ͯ͠Δ

    View Slide

  44. Rule

    View Slide

  45. Rule
    • ೝূػೳͷ֦ு͸RuleͰઃఆ
    • ྫ1ʣυϝΠϯΛ੍ݶ͍ͨ͠
    • ྫ2ʣ໊دͤΛ࣮ݱ͍ͨ͠
    • ࣮ߦج൫͸Webtask
    • ϢʔεέʔεผʹେྔͷςϯϓϨʔτ͕ఏڙ͞Ε
    ͍ͯΔͷͰɺগ͠मਖ਼͢Δ͚ͩͰ͍͍ͩͨಈ͘

    View Slide

  46. Rule: Template

    View Slide

  47. Rule: Whitelist

    View Slide

  48. ͦͷଞ
    • ϢʔβʔμογϡϘʔυ͕ඪ४૷උ
    • Auth0 GuardianʢMFAʣ
    • FIDO2ͷରԠ͸ʁ → AddonͰՄೳ

    View Slide

  49. ·ͱΊ
    • αʔϏε։ൃ͸αʔϏεͷຊ࣭ʹ஫ྗ͢΂͖
    • ࣮૷ίετ࡟ݮͷͨΊʹɺ֎෦ͷೝূج൫Λ
    ࢖͏ͷ͸͋Γ
    • Auth0͸ଟػೳͰ֦ுੑ͕ߴ͍ͷͰɺબ୒ࢶͱ
    ͯ͠༗๬
    • ϦεΫΛͪΌΜͱཧղ͔ͯ͠Β࢖͏΂͠

    View Slide

  50. ͋Γ͕ͱ͏͍͟͝·ͨ͠

    View Slide