Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
次世代認証プラットフォーム “Auth0” を使ってみた / Next Geneartion...
Search
Takahiro Tsuchiya
September 27, 2018
Technology
18
7.9k
次世代認証プラットフォーム “Auth0” を使ってみた / Next Geneartion Identity "Auth0"
* 外部認証基盤の話
* Auth0 / Amazon Cognito / Firebase Authentication / Netlify Identity の比較
* Auth0 を選んだ理由
Takahiro Tsuchiya
September 27, 2018
Tweet
Share
More Decks by Takahiro Tsuchiya
See All by Takahiro Tsuchiya
PicoRubyでLチカ
corocn
0
120
Kaigi on Rails 2024 - Rails APIモードのためのシンプルで効果的なCSRF対策 / kaigionrails-2024-csrf
corocn
11
7.2k
現場のエンジニアから見た採用担当との協働
corocn
7
3.1k
シリーズAをリファラル採用中心に走り抜ける / leaner-referral-engineer-2024
corocn
4
2.3k
捨てて加速するプロダクト開発 / sutete-speedup-product-development
corocn
3
730
リファラル採用にフルベットしてみた
corocn
3
4k
エンジニアとプロダクトマネージャーを兼任した1年間を振り返る / pdm-furikaeri
corocn
17
8.2k
育休のすゝめ #devsumi 2023
corocn
3
5.2k
GCPでRubyを動かしている話 / ruby on gcp
corocn
0
990
Other Decks in Technology
See All in Technology
Introduction to Sansan, inc / Sansan Global Development Center, Inc.
sansan33
PRO
0
2.9k
なぜ あなたはそんなに re:Invent に行くのか?
miu_crescent
PRO
0
250
1万人を変え日本を変える!!多層構造型ふりかえりの大規模組織変革 / 20260108 Kazuki Mori
shift_evolve
PRO
5
620
田舎で20年スクラム(後編):一個人が企業で長期戦アジャイルに挑む意味
chinmo
1
880
Oracle Database@AWS:サービス概要のご紹介
oracle4engineer
PRO
2
660
BidiAgent と Nova 2 Sonic から考える音声 AI について
yama3133
2
140
ソフトウェアエンジニアとAIエンジニアの役割分担についてのある事例
kworkdev
PRO
1
360
業務の煩悩を祓うAI活用術108選 / AI 108 Usages
smartbank
9
19k
Bedrock AgentCore Evaluationsで学ぶLLM as a judge入門
shichijoyuhi
2
310
RALGO : AIを組織に組み込む方法 -アルゴリズム中心組織設計- #RSGT2026 / RALGO: How to Integrate AI into an Organization – Algorithm-Centric Organizational Design
kyonmm
PRO
3
490
Oracle Database@Azure:サービス概要のご紹介
oracle4engineer
PRO
3
260
ESXi のAIOps だ!2025冬
unnowataru
0
470
Featured
See All Featured
[RailsConf 2023 Opening Keynote] The Magic of Rails
eileencodes
31
9.8k
CSS Pre-Processors: Stylus, Less & Sass
bermonpainter
359
30k
Refactoring Trust on Your Teams (GOTO; Chicago 2020)
rmw
35
3.3k
Beyond borders and beyond the search box: How to win the global "messy middle" with AI-driven SEO
davidcarrasco
0
29
Code Reviewing Like a Champion
maltzj
527
40k
Design and Strategy: How to Deal with People Who Don’t "Get" Design
morganepeng
132
19k
Building Adaptive Systems
keathley
44
2.9k
Lightning talk: Run Django tests with GitHub Actions
sabderemane
0
97
Ten Tips & Tricks for a 🌱 transition
stuffmc
0
42
Noah Learner - AI + Me: how we built a GSC Bulk Export data pipeline
techseoconnect
PRO
0
77
How to Create Impact in a Changing Tech Landscape [PerfNow 2023]
tammyeverts
55
3.2k
Dealing with People You Can't Stand - Big Design 2015
cassininazir
367
27k
Transcript
࣍ੈೝূϓϥοτϑΥʔϜ “Auth0” ΛͬͯΈͨ ςΫʮ࠷ۙͷWebٕज़ʹ͍ͭͯϫΠϫΠޠΔձʯ 2018/09/27ʢʣ Takahiro Tsuchiya / @corocn
Agenda • ࣗݾհ • ֎෦ೝূج൫ͷ • αʔϏεͷൺֱ • ೝূج൫αʔϏε “Auth0”
ͷհ
ࣗݾհ • @corocn / Takahiro Tsuchiya / و༟ • Misoca
Inc. • Auth0 Ambassador
ຊΛॻ͖·ͨ͠ ٕज़ॻయ4Ͱ൦ AmazonͰൢചத ·ͨվగ͍ͨ͠ʂ
ࠓͷ͓
ΣϒΞϓϦέʔγϣϯͱ ֎෦ೝূج൫ͷ
WebαʔϏεΛ࡞ΔͳΒೝূ ͷΈඞਢʹͳΔ
ͰຊʹϢʔβʔʹఏڙ͠ ͍ͨͷೝূ͡Όͳ͍
ͬͱαʔϏεͷຊ࣭తͳͱ ͜Ζʹ࣌ؒΛ͍͍ͨ
Ͱೝূͬͯ͘͠ͳ͍ʁ શવΘ͔Γ·ͤΜ ਓྨʹೝূ͍͠
Ͳ͏ͬͯػೳ࣮͢Δʁ
ࣗͰҰ͔Β࣮͢Δ • Βͳ͍΄͏͕͍͍ • ηΩϡϦςΟϗʔϧΛ࡞Δࣗ৴͕͋Δ • ंྠͷ࠶ൃ໌ • ηΩϡϦςΟͷ࣮ϊϋ֎ʹग़ͯ͜ͳ ͍ͷͰ͍͠
Frameworkඪ४ͷϥΠϒϥϦΛ͏ • ͋ΔఔϨʔϧʹΕΔ • ࠷ݶͷػೳ͔͠ͳ͍ • ڽͬͨॲཧͰ్ʹഁ͕ͪ͠ • RailsͷDevise? Sorcery?
ΈΜͳਏ͍ਏ͍ͱ ݴ͍ͬͯͬͯΔΑ͏ͳɾɾɾ
https://qiita.com/cigalecigales/items/73d7bd7ec59a001ccd74
৽͍༷͠ʹैͰ͖·͔͢ʁ • ύεϫʔυೝূ • SSO, Social Login, ύεϫʔυϨε • MFAʢଟཁૉೝূʣ
• FIDO 1.0 ʢU2F, UAFʣ • FIDO 2.0ʢU2F + UAFʣ, WebAuthn API ͙ͦ͢͜·Ͱ ഭ͍ͬͯΔ
ͦ͏ͩ ֎෦ͷೝূج൫ ͓͏
ҙ͍ͨ͜͠ͱ
• ֎෦αʔϏεΛ͑ηΩϡϦςΟϦεΫ͕ ফ͑ΔΘ͚Ͱͳ͍ • ࿈ܞ෦։ൃऀͰ࣮͢Δ • ͪΌΜͱཧղ͔ͯ͠ΒΘͳ͍ͱવࣄނ • ͰͪΌΜͱ͑େ෯ʹ࣮࣌ؒอकί ετΛݮͰ͖Δ
͍Ζ͍Ζࢼͨ͠
ࢼͯ͠ΈͨೝূαʔϏε • Amazon Cognito • Firebase Authentication • Netlify Identity
• Auth0 ← ࠷ऴతʹ͜Εʹམͪண͘
Amazon Cognito • AWSͷਂ͍͕ࣝཁٻ͞ΕΔ • UserPool, ID PoolͳͲ֓೦͕͍͠ • ֶशίετ͕ߴ͍
• αʔϏε͕AWSͬͨΓͳΒݕ౼͍͍ͯ͠ ͚Ͳɺݕ౼͢Δͷʹ͕͔͔࣌ؒΓͦ͏
Firebase Authentication • ແྉʢҰ෦ΦϖϨʔγϣϯʹ੍ݶ༗Γʣ • γϯϓϧɻμογϡϘʔυ͔ͳΓ؆ૉɻ • αʔϏεܧଓੑͳ͠ • GCPଞFirebaseαʔϏεΛ͏લఏͳΒ˕
• ࡉ੍͔͍͕ॻ͚ͳ͍ͷ͕ਏ͍ • υΩϡϝϯτಡΈͮΒ͍
Netlify Identity • ָ࣮ͩͬͨ • ػೳ͕Γͯͳͯ͘ɺϩʔΧϧͰͷσόοά ͕ࠔͩͬͨͷͰΪϒΞοϓ • ݱࡏվળ͍ͯ͠Δ͔͠Εͳ͍
Auth0 • ֶशίετͷ͞ɺ֦ுੑͷߴ͕͞࠷ߴ • ࠷ऴతʹ͜Εʹམͪண͘
None
Auth0ͬͯʁ • Ϋϥυೝূϕϯμʔ • IDaaSʢIdentity as a Serviceʣ • ຊࣾ
Bellevue, Washington • ϑϧϦϞʔτϫʔΫΛ࠾༻ • Company OffsiteʢΧϯΫϯͱ͔ύφϚͱ͔ʣ
IDaaS • اۀID͕ࢥ͍ු͔Ϳ͔ʢOkta, OneLoginͱ͔ʣ • Auth0ͷ߹C͚Ͱ͍͍͢ҹ •
ͱΓ͋͑ͣ৮ͬͯࢼͤΔ • جຊແྉͰ͑Δʢ22ؒEnterprise൛͕ࢼͤΔʣ • 7000Ϣʔβʔɺແ੍ݶϩάΠϯ • ύεϫʔυϨεରԠ • ΈࠐΈϑΥʔϜʢLockʣ← ͋ͱͰ
• ιʔγϟϧϩάΠϯʢ2ݸ·Ͱʣ • ແ੍ݶͷϧʔϧఆٛ ← ͋ͱͰ
๛ͳνϡʔτϦΞϧ
https://auth0.com/docs
Mobile
SPA
Web App 1
Web App 2
Backend API
• νϡʔτϦΞϧ͕Ұ௨Γἧ͍ͬͯΔ • JWT Handbook ೝূܥͷϒϩά • ͘ຊޠ൛Ͱͳ͍͔ͳʙʁʢνϥο • jwt.io
powered by Auth0 • ϒϥβͰ͑ΔJWTͷσόοάπʔϧ
None
Lock
None
Lock • Auth0͕ఏڙ͢ΔࠐΈϩάΠϯϑΥʔϜ • ֤छϓϥοτϑΥʔϜରԠ • ଟݴޠରԠ • ෦Ͱ Auth0
SDKʢauth0.jsͳͲʣΛ͍ͬͯΔ • ࡉ੍͔͍ޚ͕ඞཁͳ߹ͪ͜ΒΛ • νϡʔτϦΞϧ auth0.jsΛ࣮ͬͨ
• Social LoginͳͲɺઃఆLockʹଈ࣌ө • Auth0͕อ༗͢ΔdevΩʔ͕ॳظͰઃఆ͞Εͯ ͍ΔͷͰɺͱΓ͋͑ͣࢼͤΔʢخ͍͠ʣ • ਖ਼ࣜʹ͏߹औಘͯ͠ઃఆ͢Δ͜ͱ
Webtask
Webtask • AWS LambdaϥΠΫͳαʔόϨεڥΛࣗલ Ͱอ༗͍ͯ͠Δ • JavaScriptɺC#Ͱهड़Մ • Node v8ͳͷͰasync
await • WebtaskʹΑͬͯߴ͍֦ுੑΛ࣮ݱ͍ͯ͠Δ
Rule
Rule • ೝূػೳͷ֦ுRuleͰઃఆ • ྫ1ʣυϝΠϯΛ੍ݶ͍ͨ͠ • ྫ2ʣ໊دͤΛ࣮ݱ͍ͨ͠ • ࣮ߦج൫Webtask •
ϢʔεέʔεผʹେྔͷςϯϓϨʔτ͕ఏڙ͞Ε ͍ͯΔͷͰɺগ͠मਖ਼͢Δ͚ͩͰ͍͍ͩͨಈ͘
Rule: Template
Rule: Whitelist
ͦͷଞ • ϢʔβʔμογϡϘʔυ͕ඪ४උ • Auth0 GuardianʢMFAʣ • FIDO2ͷରԠʁ → AddonͰՄೳ
·ͱΊ • αʔϏε։ൃαʔϏεͷຊ࣭ʹྗ͖͢ • ࣮ίετݮͷͨΊʹɺ֎෦ͷೝূج൫Λ ͏ͷ͋Γ • Auth0ଟػೳͰ֦ுੑ͕ߴ͍ͷͰɺબࢶͱ ͯ͠༗ •
ϦεΫΛͪΌΜͱཧղ͔ͯ͠Β͏͠
͋Γ͕ͱ͏͍͟͝·ͨ͠
corocn
sansan33
miu_crescent
shift_evolve
chinmo
oracle4engineer
yama3133
kworkdev
smartbank
shichijoyuhi
kyonmm
unnowataru
eileencodes
bermonpainter
rmw
davidcarrasco
maltzj
morganepeng
keathley
sabderemane
stuffmc
techseoconnect
tammyeverts
cassininazir
