PassportではじめるOAuth2 #laravel_osaka

1BTTQPSUͰ͸͡ΊΔ  0"VUI !-BSBWFM0TBLB TBU.05&9*OD )JOBMPF

"CPVUNF w ौ୩Ͱಇ͍ͯΔژ౎ͷֶੜ w ීஈ͸8PSE1SFTTͷਓ w -BSBWFMॳ৺ऀ !IOMF !IJOBMPF
!IOBMPF CMPHIJOBMPFOFU )/)JOBMPF

͍͖ͳΓͰ͕͢ʜʜ 20"VUIΛ࢖ͬͨ͜ͱ͕͋Δͬͯํ Ͳͷ͘Β͍ډ·͔͢ʁ  ϓϩόΠμɺΫϥΠΞϯτ໰Θͣ

͍͖ͳΓͰ͕͢ʜʜ 2Ͱ͸ɺͦͷதͰ΋  ʮ0"VUIϓϩόΠμΛ࡞ͬͨ͜ͱ ͕͋Δʂʯͱ͍͏ํ

1BTTQPSU w -BSBWFM͔Βެࣜύοέʔδʹͳͬͨ 0"VUI1SPWJEFS

8IBUT0"VUI

0"VUI w 0"VUI ΦʔΦʔε ͸ɺݖݶͷೝՄ BVUIPSJ[BUJPO Λߦ͏ͨΊͷΦʔϓϯελϯμʔ υͰ͋Δɻ 8JLJQFEJB

0"VUI w ֎෦αʔϏεʹ"1*΁ͷΞΫηεΛೝՄ͢Δ࣌౳ʹ  ͔ͭΘΕΔ w (PPHMF w 'BDFCPPL w (JU)VC
w %SPQCPY w 4MBDL w 5XJUUFS w BOEFUDʜʜ

0"VUI  ͜Ε͸0"VUIB

0"VUI 5XJUUFS͸"QQMJDBUJPOPOMZBVUIFOUJDBUJPOʹ࠾༻ IUUQTEFWUXJUUFSDPNPBVUIBQQMJDBUJPOPOMZ

0"VUI͕Մೳʹ͢Δ͜ͱ w ΞϓϦέʔγϣϯ΁ͷΞΫηεΛೝՄ w ֎෦ΞϓϦέʔγϣϯ౳ͱͷ࿈ܞ w ϞόΠϧΞϓϦ౳͔ΒͷϩάΠϯɾೝূ w ϑϩϯτͱαʔόʔͷ෼཭

0"VUIͷϑϩʔ IUUQTXXXEJHJUBMPDFBODPNDPNNVOJUZUVUPSJBMTBOJOUSPEVDUJPOUPPBVUI

ͪͳΈʹ0"VUI͸ʜʜ https://www-10.lotus.com/ldd/appdevwiki.nsf/xpAPIViewer.xsp?lookupName=API +Reference#action=openDocument&res_title=OAuth_1.0a_APIs_for_web_server_ﬂow_sbt&content=apicontent

0"VUI͸  ΫϥΠΞϯτ࣮૷ָ͕ w )5514Λલఏͱͨ͠ೝূ  ˠϦΫΤετ࣌ʹ)FBEFSΛ౤͛Δ͚ͩ  ˠೝՄϓϩηε͕Θ͔Γ΍͍͢  ˠෳࡶͳγάωνϟΛϦΫΤετຖʹܭࢉ͢Δ  ɹඞཁ͕ͳ͍ɺCPEZ͸ͦͷ··౤͛ΒΕΔ  ˠϑϩϯτ+4ʹ΋૊ΈࠐΈ΍͍͢ ᠘͸͋Δ

-BSBWFMͱ0"VUI ·Ͱ

-BSBWFMͱ0"VUI ͔Β a㊗ެࣜύοέʔδԽʂ

ͪͳΈʹ-BSBWFMΞϓϦʹ  ଞαʔϏεͷ440Λ͚ͭΔʹ͸ʜ ಉ͘͡ެࣜύοέʔδͷTPDJBMJUF͕࢖͑·͢ ͓ͦΒ͘1BTTQPSUͷΫϥΠΞϯτʹ΋࢖༻Մ

Feature of Passport

1BTTQPSU͸0"VUI1SPWJEFSϥΠϒϥϦͷ  MFBHVFPBVUITFSWFS ͷ-BSBWFM޲͚ϥούʔΈ͍ͨͳ΋ͷ આ໌͕ࡶ

-FBHVFPBVUITFSWFS͕  σϑΥϧτͰαϙʔτͯ͠ΔHSBOU@UZQF BVUIPSJ[BUJPO@DPEFˠೝՄίʔυϑϩʔ DMJFOU@DSFEFOUJBMT  ˠ͍ΘΏΔʮΞϓϦέʔγϣϯೝূʯ FY5XJUUFS JNQMJDJUˠDPEFͱࣅ͍ͯΔ͕ɺτʔΫϯΛίʔϧόοΫʹࡌͤΔ QBTTXPSEˠ*%ύεϫʔυʹΑΔೝՄ SFGSFTI@UPLFOˠτʔΫϯߋ৽

1BTTQPSUͰ࢖͑Δ HSBOU@UZQF BVUIPSJ[BUJPO@DPEFˠೝՄίʔυϑϩʔ DMJFOU@DSFEFOUJBMT  ˠ͍ΘΏΔʮΞϓϦέʔγϣϯೝূʯ FY5XJUUFS QBTTXPSEˠ*%ύεϫʔυʹΑΔೝՄ SFGSFTI@UPLFOˠτʔΫϯߋ৽ QFSTPOBM@BDDFTTˠݸਓ༻τʔΫϯ

BVUIPSJ[BUJPO@DPEF w Α͋͘ΔɺʮϓϩόΠμଆ͕ϩάΠϯը໘ɺೝՄ ը໘Λఏڙ͢ΔʯελΠϧɻ w ηΩϡϦςΟ໘Ͱ΋͜Ε͕ਪ঑ w σϑΥϧτͰ Ϣʔβʔͷ୭Ͱ΋ΫϥΠΞϯτΛ ൃߦՄೳ

BVUIPSJ[BUJPO@DPEF σϑΥϧτͷೝՄը໘ είʔϓແ͠ είʔϓ͋Γ

BVUIPSJ[BUJPO@DPEF Ϣʔβʔ͕ಛఆΛϖʔδ PBVUIBVUIPSJ[F ʹΞΫηεͤ͞Δ ˠΫΤϦͰDMJFOU@JE SFEJSFDU@VSJ SFTQPOTF@UZQFDPEF TDPQF
PQUJPO TUBUF PQUJPO Λ౉͢ ˣ Ϣʔβʔ͕ϩάΠϯɺೝՄΛԡ͢ ˣ ࢦఆͨ͠ϦμΠϨΫτઌ ݩΞϓϦͷ͸ͣ ʹɺΫΤϦʹDPEFΛ ͚ͭͯϦμΠϨΫτ͞ΕΔͷͰɺ PBVUIUPLFOΛୟ͍ͯτʔΫϯΛऔಘ

BVUIPSJ[BUJPO@DPEF τʔΫϯऔಘͷྫ

QBTTXPSE w Ϣʔβʔ໊ͱύεϫʔυΛ௚઀ࢦఆͯ͠τʔΫϯ Λऔಘ͢Δ w ը໘ભҠ͕ෆཁɺϒϥ΢β͕ͳͯ͘΋ೝՄՄೳ w TDPQF< >͕࢖༻Մೳ w
جຊతʹTUQBSUZͷΈ͕࢖༻Մ w ۃྗ࢖༻͢΂͖Ͱ͸ͳ͍

QBTTXPSE 1045ͷྫ Ϩεϙϯε͸ಉ༷ͳͷͰলུ

QBTTXPSEೝূ༻ ΫϥΠΞϯτΛൃߦ͢Δʹ͸ʁ BSUJTBOQBTTQPSUJOTUBMMͷࡍʹൃߦ͞ΕΔ BSUJTBOQBTTQPSUDMJFOUQBTTXPSEͰൃߦ ˞QBTTXPSEઐ༻ΫϥΠΞϯτͱͳΓɺ  DPEFೝূʹ͸ར༻Ͱ͖ͳ͍

SFGSFTI@UPLFO w 0"VUIͷτʔΫϯ͸ηΩϡϦςΟͷͨΊɺظݶ ୹Ί͕ਪ঑ w ୅ΘΓʹSFGSFTI@UPLFOͱ͍͏ʮτʔΫϯΛߋ ৽͢ΔͨΊͷτʔΫϯʯ͕ଘࡏ w ͜ΕΛར༻ͯ͠ɺ࣮࣭൒߃ٱԽ͸Մೳ ܧ͗଍͠

SFGSFTI@UPLFO

QFSTPOBM@BDDFTT w ݸਓ༻τʔΫϯ w ظݶ͕࣮࣭Ӭٱ ߋ৽ෆཁ w ։ൃ༻τʔΫϯ΍ϫϯϥΠφʔ౳ʹ΋ศར w
ΫϥΠΞϯτͷ֓೦͕ଘࡏ͠ͳ͍ಛघͳଘࡏ w ྫ͑͹-*/&/PUJGZ΋͜ΕΛ࢖ͬͯ൥Θ͍͠ೝূ ෆཁͷίʔυ͕ॻ͚ΔɺΈ͍ͨͳɻ

QFSTPOBM@UPLFO"1* w ૊ΈࠐΈͷ1"5औಘ"1*ɿ  PBVUIQFSTPOBMBDDFTT UPLFOT w ϦΫΤετྫɿ  \OBNFτʔΫϯ໊ TDPQFT<>
FSSPST<>^ w ཁ8FCϩάΠϯ DTSGϔομʔ

QFSTPOBM@BDDFTT w ΄͔ɺVTFSDSFBUF5PLFO Ͱ΋೚ҙʹτʔΫ ϯ͕ൃߦͰ͖Δɻ

DMJFOU@DSFEFOUJBMT w ଞͱ͸ҧ͍ɺʮϢʔβʔʯͰ͸ͳ͘ʮΫϥΠΞ ϯτʯ ΞϓϦέʔγϣϯ Λೝূ͢Δ w Ұൠެ։ʹ͸͠ͳ͍͕ʮΞϓϦ͔ΒͳΒݟΕ ΔʯɺೝূࡁΈͳΒ3BUF-JNJU௿ݮɺͳΜ͔ʹ࢖ͬ ͨΓ
5XJUUFS w جຊతʹύϒϦοΫͳϦιʔεʹΞΫηε͢Δͨ Ίͷ΋ͷ

DMJFOU@DSFEFOUJBMT

DMJFOU@DSFEFOUJBMT ͳ͓ɺDMJFOU@DSFEFOUJBMTͷΈڐՄ͢Δ  ϦιʔεΛͭ͘Δʹ͸ɺ  $IFDL$MJFOU$SFEFOUJBMTϛυϧ΢ΣΞΛ  ࢖͑͹ྑ͍ɻ

*OTUBMMBUJPO

1BTTQPSUͷΠϯετʔϧ w આ໌͢Δ΄Ͳͷ΋ͷͰ΋ͳ͍ͷͰϚχϡΞϧ͔  ࢲͷϒϩάΛಡΜͰ͍ͩ͘͞ʂʢ w IUUQTCMPHIJOBMPFOFUUSZ QBTTQPSUMBSBWFM

Πϯετʔϧ͢Δͱʜʜ w ઌఔ঺հ֤ͨ͠छೝՄํ๏͕σϑΥϧτͰ༗ޮ ʹ w τʔΫϯ؅ཧपΓͷϢʔβʔ༻"1*͕༗ޮʹ  XFC"VUIɺཁDTSG

ೝূ෇ϦΫΤετʜʜ w ֤ೝՄํ๏Ͱऔಘͨ͠#FBSFSτʔΫϯΛIFBEFS ʹηοτͯ͠ϦΫΤετ͢Δ͚ͩʂ w "VUIPSJ[BUJPO#FBSFSFZ+F9"J0J+,ʜʜ

࿈ܞɾΫϥΠΞϯτ؅ཧ  XJUI7VFKT w τʔΫϯ΍ΫϥΠΞϯτ ͷൃߦ΍؅ཧΛߦ͏ͨΊ ͷ7VFίϯϙʔωϯτ͕ ෇ଐ

τʔΫϯͷਖ਼ମ w 1BTTQPSUͷ#FBSFSτʔΫϯͷ࣮ମ͸+85 +40/8FC5PLFO w Ͱ۠੾ΒΕͨCBTFFODPEFE+40/ w ͭ·Γ  UPLFOTQMJU
TMJDF   NBQ BUPC NBQ +40/QBSTF   Ͱʜʜʜʜ ͱ͜ΖͰ͍͖ͳΓ͚ͩͲ

ΧελϚΠζฤ

1BTTQPSUͷઃఆ w -BSBWFMͷύοέʔδͬͯେ఍DPOpHͰઃఆͰ͖ ΔΑ͏ʹͳͬͯΔ͔ΒͦΕฤू͢Ε͹͍͍ΑͶɺ ͱ͍͏ߟ͑͸؁͍ɻ w 1BTTQPSUʹ͸DPOpHϑΝΠϧͳΜͯ΋ͷ͸  ͳ͔ͬͨʜʜ

-FWFM ʮݟͨ໨ʯͷΧελϚΠζ

-FWFMݟͨ໨ͷΧελϚΠζ w ೝՄը໘ͷݟͨ໨΍จݴ͸ɺ͍ͭ΋Ͳ͓Γ  BSUJTBOWFOEPSQVCMJTIͯ͠resources/views/ vendor/passport/authorize.blade.phpΛ͍͍ײ ͡ʹͯ͠΍Ε͹͍͍ɻ w ͓ͦΒ͘ଟݴޠରԠ΋Մ

-FWFM τʔΫϯ؅ཧϖʔδͷ࡞੒

-FWFMτʔΫϯ؅ཧը໘ w طʹ7VFΛ࢖͍ͬͯΔϓϩδΣΫτͳΒਂ͘ߟ͑ ͣʹ w طʹ࢖͍ͬͯͳͯ͘΋σϑΥϧτͷBQQKT͕͋Ε ͹ w ˠOQNSVOQSPEͰ7VFʹରԠͰ͖ΔͷͰʜʜ

-FWFMτʔΫϯ؅ཧը໘ SFTPVSDFTBTTFUTKTBQQKTʹ  Vue.component('authorized-clients', require('./ components/passport/AuthorizedClients.vue')); Vue.component('clients', require('./components/ passport/Clients.vue')); Vue.component('personal-tokens', require('./
components/passport/PersonalAccessTokens.vue')); Λॻ͖଍ͯ͠΍Γɺ೚ҙͷWJFXͰBVUIPSJ[FEDMJFOUTDMJFOUT QFSTPOBMUPLFOTͷΑ͏ʹॻ͍ͯ΍Ε͹͓̺ ඞཁʹԠͯ͡ίϯϙʔωϯτ΋ฤू͠·͠ΐ͏

-FWFM w 1BTTQPSUͷTUBUJDNFUIPEͰઃఆ

-FWFMTUBUJDNFUIPE w 1BTTQPSUSPVUF লུͤͣʹॻ͘ͱʜʜˠ w 1BTTQPSUSPVUF GVODUJPO 3PVUF3FHJTUSBSSPVUFS \  SPVUFSGPS"VUIPSJ[BUJPO
  SPVUFSGPS"DDFTT5PLFOT   SPVUFSGPS5SBOTJFOU5PLFOT   SPVUFSGPS$MJFOUT   SPVUFSGPS1FSTPOBM"DDFTT5PLFOT   ^

-FWFMTUBUJDNFUIPE w 1BTTQPSUQSVOF3FWPLFE5PLFOT SFWPLF࣌ʹ%#͔Βফ͢ w 1BTTQPSUQFSTPOBM"DDFTT$MJFOU DMJFOU*E w 1BTTQPSUUPLFOT$BO
BSSBZTDPQFT w 1BTTQPSUUPLFOT&YQJSF*O %BUF5JNF*OUFSGBDFEBUFOVMM w 1BTTQPSUSFGSFTI5PLFOT&YQJSF*O %BUF5JNF*OUFSGBDFEBUFOVMM w 1BTTQPSUMPBE,FZT'SPN QBUI w 1BTTQPSULFZ1BUI pMF w 1BTTQPSUJHOPSF.JHSBUJPOT

NFNPTDPQF Passport::tokensCan([  'read' => '౤ߘɺϓϩϑΟʔϧͷදࣔ',  'write' => '౤ߘͷ࡞੒ɺฤू΍ϓϩϑΟʔϧͷมߋ',  'message' =>
'DirectMessageͷදࣔ',  ]);

NFNPTDPQF // kernel  'scopes' => \Laravel\Passport\Http\Middleware\CheckScopes::class,  'scope' => \Laravel\Passport\Http\Middleware\CheckForAnyScope::class,  //
router Route::get('/orders', function () {  // ΞΫηετʔΫϯ͸"check-status"ͱ"place-orders"ɺ྆είʔϓΛ͍࣋ͬͯΔ  })->middleware('scopes:check-status,place-orders');  Route::get('/orders', function () {  // ΞΫηετʔΫϯ͸ɺ"check-status"͔"place-orders"ɺͲͪΒ͔ͷείʔϓΛ͍࣋ͬͯΔ  })->middleware('scope:check-status,place-orders');  Route::get('/orders', function (Request $request) {  if ($request->user()->tokenCan('place-orders')) {  //  }  }); 

-FWFM w 4FSWJDF1SPWJEFSͷΦʔόʔϥΠυ

-FWFMPWFSSJEF w 1BTTQPSU4FSWJDF1SPWJEFSΛܧঝͨ͠ΫϥεΛ༻ ҙ͠ɺڍಈΛมߋ͍ͨ͠෦෼ΛΦʔόʔϥΠυ w 1BTTQPSUʹݶΒͣ-BSBWFMશൠͰΑ͋͘Δ࡞ۀ w ͱΓ͋͑ͣίʔυΛಡΉ ͋·Γ΍Γͨ͘ͳ͍
w ύοέʔδͷΞοϓσʔτ಺༰ʹ஫ҙ

-FWFMPWFSSJEF ͨͱ͑͹ʜʜ class BearerTokenResponse extends \League\OAuth2\Server \ResponseTypes\BearerTokenResponse  {  protected function
getExtraParams(AccessTokenEntityInterface $accessToken)  {  return ['scope'=>$accessToken->getScopes()];  }  } 

ͳͥ࢖͏ͷ͔ɺฤ

8IZ1BTTQPSU w ͜Μͳঢ়گʹ͏Ε͍͠ w ද͸41" ཪ͸"1* υϝΠϯ෼཭ ˡ࣮ࡍʹӡ༻த w ϞόΠϧΞϓϦͷόοΫΤϯυͱͯ͠
΋ "1*Λ࢖͏ɺ͋ Δ͍͸ͦΕΛݕ౼͍ͯ͠Δ w αʔυύʔςΟ͕ΫϥΠΞϯτΞϓϦΛ࡞ΕΔΑ͏ʹͨ͠ ͍ w 440͕ग़དྷΔΑ͏ʹ͍ͨ͠

8IZ1BTTQPSU w ͜Μͳ࢖͍ํ΋ʜʜ w +85ͷಛੑΛར༻ͯ͠ɺ"1*(BUFXBZʹߏஙͨ͠ "1*ʹτʔΫϯͷ࢖͍ճ͠ w ˠ࠷ѱ%#͕ࢮΜͰ͍ͯ΋ࣦޮݕূҎ֎Մೳ aϚΠΫϩαʔϏε

௕͘ͳ͚ͬͨͲ ͪΐͬͱ͚ͩσϞ

Ҏ্ ͋Γ͕ͱ͏͍͟͝·ͨ͠ʂ

ࢀߟ w -BSBWFMͰ1BTTQPSUΛࢼ͢cͽΜ͍͘Ζʹ͖ͬ w "1*ೝূ 1BTTQPSU -BSBWFM w 0"VUI4FSWFS1)1 w
-BSBWFMͷ1BTTQPSUͰར༻Ͱ͖Δೝূํ๏Λ੍ݶ ͢Δ2JJUB

PassportではじめるOAuth2 #laravel_osaka

PassportではじめるOAuth2 #laravel_osaka

More Decks by Hinaloe

Other Decks in Technology

Featured

Transcript