PassportではじめるOAuth2 #laravel_osaka

Ed8d2de2f25c8004ea4e8758e1d35a7d?s=47 Hinaloe
October 29, 2016

PassportではじめるOAuth2 #laravel_osaka

Laravel 5.3 で公式パッケージとしてリリースされたPassport。その使い方や存在意義、特徴なんかをざっくり解説。
@Laravel.Osaka 2016 (2016.10.29.sat/MOTEX Inc.) http://php-jp.github.io/laravel-osaka-2016/

※リンクはPDFをDLしてからどうぞ

Ed8d2de2f25c8004ea4e8758e1d35a7d?s=128

Hinaloe

October 29, 2016
Tweet

Transcript

  1. 1BTTQPSUͰ͸͡ΊΔ
 0"VUI !-BSBWFM0TBLB TBU.05&9*OD  )JOBMPF

  2. "CPVUNF w ौ୩Ͱಇ͍ͯΔژ౎ͷֶੜ w ීஈ͸8PSE1SFTTͷਓ w -BSBWFMॳ৺ऀ  !IOMF !IJOBMPF

    !IOBMPF CMPHIJOBMPFOFU )/)JOBMPF
  3. ͍͖ͳΓͰ͕͢ʜʜ 20"VUIΛ࢖ͬͨ͜ͱ͕͋Δͬͯํ Ͳͷ͘Β͍ډ·͔͢ʁ
 ϓϩόΠμɺΫϥΠΞϯτ໰Θͣ 

  4. ͍͖ͳΓͰ͕͢ʜʜ 2Ͱ͸ɺͦͷதͰ΋
 ʮ0"VUIϓϩόΠμΛ࡞ͬͨ͜ͱ ͕͋Δʂʯͱ͍͏ํ 

  5. 1BTTQPSU w -BSBWFM͔Βެࣜύοέʔδʹͳͬͨ 0"VUI1SPWJEFS 

  6. 8IBUT0"VUI

  7. 0"VUI w 0"VUI ΦʔΦʔε ͸ɺݖݶͷೝՄ BVUIPSJ[BUJPO Λߦ͏ͨΊͷΦʔϓϯελϯμʔ υͰ͋Δɻ 8JLJQFEJB 

  8. 0"VUI w ֎෦αʔϏεʹ"1*΁ͷΞΫηεΛೝՄ͢Δ࣌౳ʹ
 ͔ͭΘΕΔ w (PPHMF w 'BDFCPPL w (JU)VC

    w %SPQCPY w 4MBDL w 5XJUUFS w BOEFUDʜʜ 
  9. 0"VUI 

  10. 0"VUI 

  11. 0"VUI 

  12. 0"VUI 

  13. 0"VUI 

  14. 0"VUI   ͜Ε͸0"VUIB

  15. 0"VUI  5XJUUFS͸"QQMJDBUJPOPOMZBVUIFOUJDBUJPOʹ࠾༻ IUUQTEFWUXJUUFSDPNPBVUIBQQMJDBUJPOPOMZ

  16. 0"VUI͕Մೳʹ͢Δ͜ͱ w ΞϓϦέʔγϣϯ΁ͷΞΫηεΛೝՄ w ֎෦ΞϓϦέʔγϣϯ౳ͱͷ࿈ܞ w ϞόΠϧΞϓϦ౳͔ΒͷϩάΠϯɾೝূ w ϑϩϯτͱαʔόʔͷ෼཭ 

  17. 0"VUIͷϑϩʔ  IUUQTXXXEJHJUBMPDFBODPNDPNNVOJUZUVUPSJBMTBOJOUSPEVDUJPOUPPBVUI

  18. ͪͳΈʹ0"VUI͸ʜʜ  https://www-10.lotus.com/ldd/appdevwiki.nsf/xpAPIViewer.xsp?lookupName=API +Reference#action=openDocument&res_title=OAuth_1.0a_APIs_for_web_server_flow_sbt&content=apicontent

  19. 0"VUI͸
 ΫϥΠΞϯτ࣮૷ָ͕ w )5514Λલఏͱͨ͠ೝূ
 ˠϦΫΤετ࣌ʹ)FBEFSΛ౤͛Δ͚ͩ
 ˠೝՄϓϩηε͕Θ͔Γ΍͍͢
 ˠෳࡶͳγάωνϟΛϦΫΤετຖʹܭࢉ͢Δ
 ɹඞཁ͕ͳ͍ɺCPEZ͸ͦͷ··౤͛ΒΕΔ
 ˠϑϩϯτ+4ʹ΋૊ΈࠐΈ΍͍͢ ᠘͸͋Δ

    
  20. -BSBWFMͱ0"VUI ·Ͱ 

  21. -BSBWFMͱ0"VUI ͔Β  a㊗ެࣜύοέʔδԽʂ

  22. ͪͳΈʹ-BSBWFMΞϓϦʹ
 ଞαʔϏεͷ440Λ͚ͭΔʹ͸ʜ ಉ͘͡ެࣜύοέʔδͷTPDJBMJUF͕࢖͑·͢ ͓ͦΒ͘1BTTQPSUͷΫϥΠΞϯτʹ΋࢖༻Մ 

  23. Feature of Passport

  24. 1BTTQPSU͸0"VUI1SPWJEFSϥΠϒϥϦͷ
 MFBHVFPBVUITFSWFS ͷ-BSBWFM޲͚ϥούʔΈ͍ͨͳ΋ͷ આ໌͕ࡶ

  25. -FBHVFPBVUITFSWFS͕
 σϑΥϧτͰαϙʔτͯ͠ΔHSBOU@UZQF BVUIPSJ[BUJPO@DPEFˠೝՄίʔυϑϩʔ DMJFOU@DSFEFOUJBMT
 ˠ͍ΘΏΔʮΞϓϦέʔγϣϯೝূʯ FY5XJUUFS  JNQMJDJUˠDPEFͱࣅ͍ͯΔ͕ɺτʔΫϯΛίʔϧόοΫʹࡌͤΔ QBTTXPSEˠ*%ύεϫʔυʹΑΔೝՄ SFGSFTI@UPLFOˠτʔΫϯߋ৽

    
  26. 1BTTQPSUͰ࢖͑Δ HSBOU@UZQF BVUIPSJ[BUJPO@DPEFˠೝՄίʔυϑϩʔ DMJFOU@DSFEFOUJBMT
 ˠ͍ΘΏΔʮΞϓϦέʔγϣϯೝূʯ FY5XJUUFS  QBTTXPSEˠ*%ύεϫʔυʹΑΔೝՄ SFGSFTI@UPLFOˠτʔΫϯߋ৽ QFSTPOBM@BDDFTTˠݸਓ༻τʔΫϯ

    
  27. BVUIPSJ[BUJPO@DPEF w Α͋͘ΔɺʮϓϩόΠμଆ͕ϩάΠϯը໘ɺೝՄ ը໘Λఏڙ͢ΔʯελΠϧɻ w ηΩϡϦςΟ໘Ͱ΋͜Ε͕ਪ঑ w σϑΥϧτͰ Ϣʔβʔͷ୭Ͱ΋ΫϥΠΞϯτΛ ൃߦՄೳ

    
  28. BVUIPSJ[BUJPO@DPEF  σϑΥϧτͷೝՄը໘ είʔϓແ͠ είʔϓ͋Γ

  29. BVUIPSJ[BUJPO@DPEF  Ϣʔβʔ͕ಛఆΛϖʔδ PBVUIBVUIPSJ[F ʹΞΫηεͤ͞Δ ˠΫΤϦͰDMJFOU@JE SFEJSFDU@VSJ SFTQPOTF@UZQFDPEF  TDPQF

    PQUJPO TUBUF PQUJPO Λ౉͢ ˣ Ϣʔβʔ͕ϩάΠϯɺೝՄΛԡ͢ ˣ ࢦఆͨ͠ϦμΠϨΫτઌ ݩΞϓϦͷ͸ͣ ʹɺΫΤϦʹDPEFΛ ͚ͭͯϦμΠϨΫτ͞ΕΔͷͰɺ PBVUIUPLFOΛୟ͍ͯτʔΫϯΛऔಘ
  30. BVUIPSJ[BUJPO@DPEF  τʔΫϯऔಘͷྫ

  31. QBTTXPSE w Ϣʔβʔ໊ͱύεϫʔυΛ௚઀ࢦఆͯ͠τʔΫϯ Λऔಘ͢Δ w ը໘ભҠ͕ෆཁɺϒϥ΢β͕ͳͯ͘΋ೝՄՄೳ w TDPQF< >͕࢖༻Մೳ w

    جຊతʹTUQBSUZͷΈ͕࢖༻Մ w ۃྗ࢖༻͢΂͖Ͱ͸ͳ͍ 
  32. QBTTXPSE  1045ͷྫ Ϩεϙϯε͸ಉ༷ͳͷͰলུ

  33. QBTTXPSEೝূ༻ ΫϥΠΞϯτΛൃߦ͢Δʹ͸ʁ BSUJTBOQBTTQPSUJOTUBMMͷࡍʹൃߦ͞ΕΔ BSUJTBOQBTTQPSUDMJFOUŠQBTTXPSEͰൃߦ ˞QBTTXPSEઐ༻ΫϥΠΞϯτͱͳΓɺ
 DPEFೝূʹ͸ར༻Ͱ͖ͳ͍ 

  34. SFGSFTI@UPLFO w 0"VUIͷτʔΫϯ͸ηΩϡϦςΟͷͨΊɺظݶ ୹Ί͕ਪ঑ w ୅ΘΓʹSFGSFTI@UPLFOͱ͍͏ʮτʔΫϯΛߋ ৽͢ΔͨΊͷτʔΫϯʯ͕ଘࡏ w ͜ΕΛར༻ͯ͠ɺ࣮࣭൒߃ٱԽ͸Մೳ ܧ͗଍͠

    
  35. SFGSFTI@UPLFO 

  36. QFSTPOBM@BDDFTT w ݸਓ༻τʔΫϯ w ظݶ͕࣮࣭Ӭٱ ߋ৽ෆཁ  w ։ൃ༻τʔΫϯ΍ϫϯϥΠφʔ౳ʹ΋ศར w

    ΫϥΠΞϯτͷ֓೦͕ଘࡏ͠ͳ͍ಛघͳଘࡏ w ྫ͑͹-*/&/PUJGZ΋͜ΕΛ࢖ͬͯ൥Θ͍͠ೝূ ෆཁͷίʔυ͕ॻ͚ΔɺΈ͍ͨͳɻ 
  37. QFSTPOBM@UPLFO"1* w ૊ΈࠐΈͷ1"5औಘ"1*ɿ
 PBVUIQFSTPOBMBDDFTT UPLFOT w ϦΫΤετྫɿ
 \OBNFτʔΫϯ໊  TDPQFT<>

    FSSPST<>^ w ཁ8FCϩάΠϯ DTSGϔομʔ 
  38. QFSTPOBM@BDDFTT w ΄͔ɺVTFSDSFBUF5PLFO Ͱ΋೚ҙʹτʔΫ ϯ͕ൃߦͰ͖Δɻ 

  39. DMJFOU@DSFEFOUJBMT w ଞͱ͸ҧ͍ɺʮϢʔβʔʯͰ͸ͳ͘ʮΫϥΠΞ ϯτʯ ΞϓϦέʔγϣϯ Λೝূ͢Δ w Ұൠެ։ʹ͸͠ͳ͍͕ʮΞϓϦ͔ΒͳΒݟΕ ΔʯɺೝূࡁΈͳΒ3BUF-JNJU௿ݮɺͳΜ͔ʹ࢖ͬ ͨΓ

    5XJUUFS  w جຊతʹύϒϦοΫͳϦιʔεʹΞΫηε͢Δͨ Ίͷ΋ͷ 
  40. DMJFOU@DSFEFOUJBMT 

  41. DMJFOU@DSFEFOUJBMT ͳ͓ɺDMJFOU@DSFEFOUJBMTͷΈڐՄ͢Δ
 ϦιʔεΛͭ͘Δʹ͸ɺ
 $IFDL$MJFOU$SFEFOUJBMTϛυϧ΢ΣΞΛ
 ࢖͑͹ྑ͍ɻ 

  42. *OTUBMMBUJPO

  43. 1BTTQPSUͷΠϯετʔϧ w આ໌͢Δ΄Ͳͷ΋ͷͰ΋ͳ͍ͷͰϚχϡΞϧ͔
 ࢲͷϒϩάΛಡΜͰ͍ͩ͘͞ʂʢ w IUUQTCMPHIJOBMPFOFUUSZ QBTTQPSUMBSBWFM 

  44. Πϯετʔϧ͢Δͱʜʜ w ઌఔ঺հ֤ͨ͠छೝՄํ๏͕σϑΥϧτͰ༗ޮ ʹ w τʔΫϯ؅ཧपΓͷϢʔβʔ༻"1*͕༗ޮʹ
 XFC"VUIɺཁDTSG 

  45. ೝূ෇ϦΫΤετʜʜ w ֤ೝՄํ๏Ͱऔಘͨ͠#FBSFSτʔΫϯΛIFBEFS ʹηοτͯ͠ϦΫΤετ͢Δ͚ͩʂ w "VUIPSJ[BUJPO#FBSFSFZ+F9"J0J+,ʜʜ 

  46. ࿈ܞɾΫϥΠΞϯτ؅ཧ
 XJUI7VFKT w τʔΫϯ΍ΫϥΠΞϯτ ͷൃߦ΍؅ཧΛߦ͏ͨΊ ͷ7VFίϯϙʔωϯτ͕ ෇ଐ 

  47. τʔΫϯͷਖ਼ମ w 1BTTQPSUͷ#FBSFSτʔΫϯͷ࣮ମ͸+85 +40/8FC5PLFO  w Ͱ۠੾ΒΕͨCBTFFODPEFE+40/ w ͭ·Γ
 UPLFOTQMJU

     TMJDF   
 NBQ BUPC NBQ +40/QBSTF 
 Ͱʜʜʜʜ  ͱ͜ΖͰ͍͖ͳΓ͚ͩͲ
  48. ΧελϚΠζฤ

  49. 1BTTQPSUͷઃఆ w -BSBWFMͷύοέʔδͬͯେ఍DPOpHͰઃఆͰ͖ ΔΑ͏ʹͳͬͯΔ͔ΒͦΕฤू͢Ε͹͍͍ΑͶɺ ͱ͍͏ߟ͑͸؁͍ɻ w 1BTTQPSUʹ͸DPOpHϑΝΠϧͳΜͯ΋ͷ͸
 ͳ͔ͬͨʜʜ 

  50. -FWFM ʮݟͨ໨ʯͷΧελϚΠζ 

  51. -FWFMݟͨ໨ͷΧελϚΠζ w ೝՄը໘ͷݟͨ໨΍จݴ͸ɺ͍ͭ΋Ͳ͓Γ
 BSUJTBOWFOEPSQVCMJTIͯ͠resources/views/ vendor/passport/authorize.blade.phpΛ͍͍ײ ͡ʹͯ͠΍Ε͹͍͍ɻ w ͓ͦΒ͘ଟݴޠରԠ΋Մ 

  52. -FWFM τʔΫϯ؅ཧϖʔδͷ࡞੒ 

  53. -FWFMτʔΫϯ؅ཧը໘ w طʹ7VFΛ࢖͍ͬͯΔϓϩδΣΫτͳΒਂ͘ߟ͑ ͣʹ w طʹ࢖͍ͬͯͳͯ͘΋σϑΥϧτͷBQQKT͕͋Ε ͹ w ˠOQNSVOQSPEͰ7VFʹରԠͰ͖ΔͷͰʜʜ 

  54. -FWFMτʔΫϯ؅ཧը໘ SFTPVSDFTBTTFUTKTBQQKTʹ
 Vue.component('authorized-clients', require('./ components/passport/AuthorizedClients.vue')); Vue.component('clients', require('./components/ passport/Clients.vue')); Vue.component('personal-tokens', require('./

    components/passport/PersonalAccessTokens.vue')); Λॻ͖଍ͯ͠΍Γɺ೚ҙͷWJFXͰBVUIPSJ[FEDMJFOUTDMJFOUT QFSTPOBMUPLFOTͷΑ͏ʹॻ͍ͯ΍Ε͹͓̺ ඞཁʹԠͯ͡ίϯϙʔωϯτ΋ฤू͠·͠ΐ͏ 
  55. -FWFM w 1BTTQPSUͷTUBUJDNFUIPEͰઃఆ 

  56. -FWFMTUBUJDNFUIPE w 1BTTQPSUSPVUF লུͤͣʹॻ͘ͱʜʜˠ w 1BTTQPSUSPVUF GVODUJPO 3PVUF3FHJTUSBSSPVUFS \
 SPVUFSGPS"VUIPSJ[BUJPO

    
 SPVUFSGPS"DDFTT5PLFOT 
 SPVUFSGPS5SBOTJFOU5PLFOT 
 SPVUFSGPS$MJFOUT 
 SPVUFSGPS1FSTPOBM"DDFTT5PLFOT 
 ^  
  57. -FWFMTUBUJDNFUIPE w 1BTTQPSUQSVOF3FWPLFE5PLFOT SFWPLF࣌ʹ%#͔Βফ͢ w 1BTTQPSUQFSTPOBM"DDFTT$MJFOU DMJFOU*E  w 1BTTQPSUUPLFOT$BO

    BSSBZTDPQFT  w 1BTTQPSUUPLFOT&YQJSF*O %BUF5JNF*OUFSGBDFEBUFOVMM  w 1BTTQPSUSFGSFTI5PLFOT&YQJSF*O %BUF5JNF*OUFSGBDFEBUFOVMM  w 1BTTQPSUMPBE,FZT'SPN QBUI  w 1BTTQPSULFZ1BUI pMF  w 1BTTQPSUJHOPSF.JHSBUJPOT  
  58. NFNPTDPQF Passport::tokensCan([
 'read' => '౤ߘɺϓϩϑΟʔϧͷදࣔ',
 'write' => '౤ߘͷ࡞੒ɺฤू΍ϓϩϑΟʔϧͷมߋ',
 'message' =>

    'DirectMessageͷදࣔ',
 ]); 
  59. NFNPTDPQF // kernel
 'scopes' => \Laravel\Passport\Http\Middleware\CheckScopes::class,
 'scope' => \Laravel\Passport\Http\Middleware\CheckForAnyScope::class,
 //

    router Route::get('/orders', function () {
 // ΞΫηετʔΫϯ͸"check-status"ͱ"place-orders"ɺ྆είʔϓΛ͍࣋ͬͯΔ
 })->middleware('scopes:check-status,place-orders');
 Route::get('/orders', function () {
 // ΞΫηετʔΫϯ͸ɺ"check-status"͔"place-orders"ɺͲͪΒ͔ͷείʔϓΛ͍࣋ͬͯΔ
 })->middleware('scope:check-status,place-orders');
 Route::get('/orders', function (Request $request) {
 if ($request->user()->tokenCan('place-orders')) {
 //
 }
 });
 
  60. -FWFM w 4FSWJDF1SPWJEFSͷΦʔόʔϥΠυ 

  61. -FWFMPWFSSJEF w 1BTTQPSU4FSWJDF1SPWJEFSΛܧঝͨ͠ΫϥεΛ༻ ҙ͠ɺڍಈΛมߋ͍ͨ͠෦෼ΛΦʔόʔϥΠυ w 1BTTQPSUʹݶΒͣ-BSBWFMશൠͰΑ͋͘Δ࡞ۀ w ͱΓ͋͑ͣίʔυΛಡΉ ͋·Γ΍Γͨ͘ͳ͍ 

    w ύοέʔδͷΞοϓσʔτ಺༰ʹ஫ҙ 
  62. -FWFMPWFSSJEF ͨͱ͑͹ʜʜ class BearerTokenResponse extends \League\OAuth2\Server \ResponseTypes\BearerTokenResponse
 {
 protected function

    getExtraParams(AccessTokenEntityInterface $accessToken)
 {
 return ['scope'=>$accessToken->getScopes()];
 }
 }
 
  63. ͳͥ࢖͏ͷ͔ɺฤ

  64. 8IZ1BTTQPSU w ͜Μͳঢ়گʹ͏Ε͍͠ w ද͸41" ཪ͸"1* υϝΠϯ෼཭ ˡ࣮ࡍʹӡ༻த w ϞόΠϧΞϓϦͷόοΫΤϯυͱͯ͠

    ΋ "1*Λ࢖͏ɺ͋ Δ͍͸ͦΕΛݕ౼͍ͯ͠Δ w αʔυύʔςΟ͕ΫϥΠΞϯτΞϓϦΛ࡞ΕΔΑ͏ʹͨ͠ ͍ w 440͕ग़དྷΔΑ͏ʹ͍ͨ͠ 
  65. 8IZ1BTTQPSU w ͜Μͳ࢖͍ํ΋ʜʜ w +85ͷಛੑΛར༻ͯ͠ɺ"1*(BUFXBZʹߏஙͨ͠ "1*ʹτʔΫϯͷ࢖͍ճ͠ w ˠ࠷ѱ%#͕ࢮΜͰ͍ͯ΋ࣦޮݕূҎ֎Մೳ aϚΠΫϩαʔϏε 

  66. ௕͘ͳ͚ͬͨͲ ͪΐͬͱ͚ͩσϞ

  67. Ҏ্ ͋Γ͕ͱ͏͍͟͝·ͨ͠ʂ

  68. ࢀߟ w -BSBWFMͰ1BTTQPSUΛࢼ͢cͽΜ͍͘Ζʹ͖ͬ w "1*ೝূ 1BTTQPSU -BSBWFM w 0"VUI4FSWFS1)1 w

    -BSBWFMͷ1BTTQPSUͰར༻Ͱ͖Δೝূํ๏Λ੍ݶ ͢Δ2JJUB