Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Speaker Deck
PRO
Sign in
Sign up
for free
Angular+Auth0の話
Hiroshi Oda
October 10, 2017
Technology
0
370
Angular+Auth0の話
ng-japan meetup 2017 AutumnのLT資料
Hiroshi Oda
October 10, 2017
Tweet
Share
More Decks by Hiroshi Oda
See All by Hiroshi Oda
hi1280
6
1.9k
hi1280
0
420
hi1280
1
570
Other Decks in Technology
See All in Technology
noir_neo
0
130
ymas0315
0
150
kanaugust
PRO
0
160
unifa_dev
0
350
y0hgi
1
370
mmarukaw
0
1.4k
kakka
0
3.4k
nkjzm
1
830
yuhta28
1
210
caori_t
0
160
kanaugust
PRO
0
230
layerx
1
790
Featured
See All Featured
jponch
103
4.9k
nonsquared
81
3.3k
paulrobertlloyd
71
3.6k
notwaldorf
13
1.5k
kneath
294
39k
thoeni
4
550
jacobian
255
20k
jensimmons
207
10k
bryan
100
11k
hursman
106
9.2k
mza
80
4.1k
gr2m
83
11k
Transcript
Angular + Auth0ͷ খాത࢘ @hi1280 ng-japan meetup 2017 Autumn /
2017.10.10
খాത࢘(͓ͩͻΖ͠) @hi1280 • SE • Java • Angular
Auth0 • ೝূϓϥοτϑΥʔϜ • ֤छΞϓϦέʔγϣϯͱͷ࿈ܞ͕Մೳ(Angular ରԠ) • Technology RadarͰհ͞Ε͍ͯΔ
https://www.thoughtworks.com/radar/platforms
Angular + Auth0
࣍ • ϩάΠϯ • Ϣʔβใऔಘ • API࣮ߦ • ೝՄ •
Ϣʔβཧ
ϩάΠϯ
// ུ import * as auth0 from 'auth0-js'; @Injectable() export
class AuthService { auth0 = new auth0.WebAuth({ clientID: AUTH_CONFIG.clientID, domain: AUTH_CONFIG.domain, responseType: 'token id_token’, audience: AUTH_CONFIG.apiUrl, redirectUri: AUTH_CONFIG.callbackURL, scope: 'openid' }); public login(): void { this.auth0.authorize(); } } ೝূͷઃఆ ϩάΠϯը໘ىಈ
• Facebook • GitHub • Google • Twitter • MS
Account ͳͲ Ϣʔβ໊+ύεϫʔυೝূ͋Δ IDϓϩόΠμʔ
ϩάΠϯೝূͷϑϩʔ (1)Auth0ͷϩάΠϯը໘͕ݺΕΔ (2)ίʔϧόοΫͷURL͕ݺΕΔ • Auth0ͷཧը໘ͰίʔϧόοΫURLͷڐՄ͕ඞཁ (3)ϧʔτίϯϙʔωϯτͷίϯετϥΫλ͕ݺΕΔ
ϩάΠϯೝূͷϑϩʔ (1)Auth0ͷϩάΠϯը໘͕ݺΕΔ (2)ίʔϧόοΫͷURL͕ݺΕΔ • Auth0ͷཧը໘ͰίʔϧόοΫURLͷڐՄ͕ඞཁ (3)ϧʔτίϯϙʔωϯτͷίϯετϥΫλ͕ݺΕΔ ৄ͘͠Quick Start Λݟ͍ͯͩ͘͞ https://auth0.com/docs/
quickstart/spa/angular2
Ϣʔβใऔಘ
public getProfile(cb): void { const accessToken = localStorage.getItem('access_token'); if (!accessToken)
{ throw new Error('Access token must exist to fetch profile'); } const self = this; this.auth0.client.userInfo(accessToken, (err, profile) => { if (profile) { self.userProfile = profile; } cb(err, profile); }); }
public getProfile(cb): void { const accessToken = localStorage.getItem('access_token'); if (!accessToken)
{ throw new Error('Access token must exist to fetch profile'); } const self = this; this.auth0.client.userInfo(accessToken, (err, profile) => { if (profile) { self.userProfile = profile; } cb(err, profile); }); } ৄ͘͠Quick Start Λݟ͍ͯͩ͘͞ https://auth0.com/docs/ quickstart/spa/angular2
API࣮ߦ
API࣮ߦ • JWTΛHTTPϦΫΤετʹؚΊΔϞδϡʔϧ • HttpClientͷInterceptorͱ࣮ͯ͠͞Ε͍ͯΔ
import { JwtModule } from '@auth0/angular-jwt'; // ུ @NgModule({ //
ུ imports: [ // ུ JwtModule.forRoot({ config: { tokenGetter: getAccessToken, whitelistedDomains: ['localhost:3001'] } }) ], // ུ bootstrap: [AppComponent] }) export class AppModule { } export function getAccessToken() { return localStorage.getItem('access_token'); }
import { JwtModule } from '@auth0/angular-jwt'; // ུ @NgModule({ //
ུ imports: [ // ུ JwtModule.forRoot({ config: { tokenGetter: getAccessToken, whitelistedDomains: ['localhost:3001'] } }) ], // ུ bootstrap: [AppComponent] }) export class AppModule { } export function getAccessToken() { return localStorage.getItem('access_token'); } ৄ͘͠Quick Start Λݟ͍ͯͩ͘͞ https://auth0.com/docs/ quickstart/spa/angular2 ͱ @auth0/angular-jwt https://github.com/auth0/ angular2-jwt/tree/v1.0
ೝՄ
ೝՄ • RouterͷguardͰೝূࡁΈ͔Λఆ • Ϣʔβʹ༩͞ΕͨείʔϓͰΞΫηε੍ޚ • Auth0ͷRuleͰϢʔβͷείʔϓΛઃఆ
import { Injectable } from '@angular/core'; import { Router, CanActivate,
ActivatedRouteSnapshot } from '@angular/router'; import { AuthService } from './auth.service'; @Injectable() export class ScopeGuardService implements CanActivate { constructor(public auth: AuthService, public router: Router) { } canActivate(route: ActivatedRouteSnapshot): boolean { const scopes = (route.data as any).expectedScopes; if (!this.auth.isAuthenticated() || !this.auth.userHasScopes(scopes)) { this.router.navigate(['']); return false; } return true; } }
import { Injectable } from '@angular/core'; import { Router, CanActivate,
ActivatedRouteSnapshot } from '@angular/router'; import { AuthService } from './auth.service'; @Injectable() export class ScopeGuardService implements CanActivate { constructor(public auth: AuthService, public router: Router) { } canActivate(route: ActivatedRouteSnapshot): boolean { const scopes = (route.data as any).expectedScopes; if (!this.auth.isAuthenticated() || !this.auth.userHasScopes(scopes)) { this.router.navigate(['']); return false; } return true; } } ৄ͘͠Quick Start Λݟ͍ͯͩ͘͞ https://auth0.com/docs/ quickstart/spa/angular2
Ϣʔβཧ
Ϣʔβཧ • ϥΠϒϥϦͷαϙʔτ͕ෆे • Auth0ͷManagement APIΛݺͿ
Ϣʔβཧ • ϥΠϒϥϦͷαϙʔτ͕ෆे • Auth0ͷManagement APIΛݺͿ ৄ͘͠Management APIͷ υΩϡϝϯτΛݟ͍ͯͩ͘͞ https://auth0.com/docs/
api/management/v2/ tokens
Ҏ্