Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
FIDO2をPHPで実装してみた
Search
koujimatsuda11
April 08, 2020
Programming
0
110
FIDO2をPHPで実装してみた
koujimatsuda11
April 08, 2020
Tweet
Share
More Decks by koujimatsuda11
See All by koujimatsuda11
いかにしてわれわれはセキュア開発に取り組み始めたか
koujimatsuda11
0
55
脆弱性診断を内製化してわかったこと
koujimatsuda11
0
150
Other Decks in Programming
See All in Programming
slog登場に伴うloggerの取り回し手法の見直し / kamakura.go #6
arthur1
0
160
Runtime Objects in Rust
mitsuhiko
0
220
Unlocking Potential of Property Based Testing with Ractor
ohbarye
2
470
TypeScriptのパフォーマンス改善
yajihum
14
5.2k
How to implement a RubyVM with PHP?
memory1994
PRO
2
990
CREってこういうこと? 体験入社 - 提案資料 - / what-is-cre-trial-employment
shinden
1
620
Deep Dive into React Stream/Serialize
mugi_uno
4
880
GitLab CI/CD で C#/WPFアプリケーションのテストとインストーラーのビルド・デプロイを自動化する
hacarus
0
620
TSKaigi 2024 - 新サービス Progate Path の演習で TypeScript を採用して見えた教材観点からの利点と課題
makotoshimazu
1
230
Amazon Aurora Serverless v2が意外と高かった話と、AWS Database Migration Serviceの話
satoshi256kbyte
1
110
教えて!スクラムコーチ品質とスピードのバランスはどうすりゃいいの?
pinboro
0
160
JavaScript Closure
asoluka
0
2k
Featured
See All Featured
What the flash - Photography Introduction
edds
64
11k
Save Time (by Creating Custom Rails Generators)
garrettdimon
PRO
1
130
Designing Dashboards & Data Visualisations in Web Apps
destraynor
226
51k
5 minutes of I Can Smell Your CMS
philhawksworth
199
19k
Making Projects Easy
brettharned
109
5.5k
Visualizing Your Data: Incorporating Mongo into Loggly Infrastructure
mongodb
34
8.9k
Building Flexible Design Systems
yeseniaperezcruz
320
37k
[Rails World 2023 - Day 1 Closing Keynote] - The Magic of Rails
eileencodes
9
1.3k
The Success of Rails: Ensuring Growth for the Next 100 Years
eileencodes
34
6.1k
How GitHub Uses GitHub to Build GitHub
holman
468
290k
Building Better People: How to give real-time feedback that sticks.
wjessup
356
18k
BBQ
matthewcrist
80
8.8k
Transcript
FIDO2ΛPHPͰ࣮ͯ͠Έͨ 2020/04/08 koujimatsuda
ࣗݾհ ➢দా߁࢘ʢ·ͭͩ͜͏͡ʣ ➢ؔͰΤϯδχΞͬͯ·͢ ➢Twitter:@koujimatsuda11 ➢facebook:kouji.matsuda.58
FIDO2ೝূͬͯԿʁ WEBαΠτͰ؆୯ʹࢦೝূإೝূ͕Ͱ͖Δೝূ༷ ύεϫʔυͷ͍Βͳ͍ੈք͕͖ͬͯ·͢ Android7.0ͷ࠷৽ͷChromeͰ͓ ࢼ͍ͩ͘͠͞ʢ20202݄࣌ʣ
ύεϫʔυೝূɾɾɾ 50ԯͷϢʔβ໊ͱύεϫʔυͷηοτ͕࿙Ӯ͍ͯ͠Δ (owasp asvs 4.0 v2ΑΓ) αΠτA αΠτB ID :
[email protected]
ύεϫʔυ : password IDͱύεϫʔυ͕౪·ΕΔ Ϣʔβ ߈ܸऀ ϩάΠϯޭ ύεϫʔυΛ͍·Θ͍ͯ͠Δͱɾɾɾ
FIDO2ͷΈʢొʣ Relyng Party ΫϥΠΞϯτ Authenticator ϩάΠϯID νϟϨϯδͳͲ νϟϨϯδɺRPใͳͲ ࢦೝূ إೝূ
ͳͲ 伴ϖΞ࡞ ެ։伴ͳͲ ެ։伴ͳͲ ݕূ ެ։伴ͷอଘ ެ։伴 ൿີ伴 νϟϨϯδͳͲ ੜ
FIDO2ͷΈʢొʣ Relyng Party ΫϥΠΞϯτ Authenticator ϩάΠϯID νϟϨϯδͳͲ νϟϨϯδɺRPใͳͲ ࢦೝূ إೝূ
ͳͲ 伴ϖΞ࡞ ެ։伴ͳͲ ެ։伴ͳͲ ݕূ ެ։伴ͷอଘ ެ։伴 ൿີ伴 ࢦใෆཁ νϟϨϯδͳͲ ੜ
FIDO2ͷΈʢೝূʣ Relyng Party ΫϥΠΞϯτ Authenticator ϩάΠϯID νϟϨϯδͳͲ νϟϨϯδɺRPใͳͲ ొ࣌ͷೝূ ॺ໊
ॺ໊ͳͲ ॺ໊ͳͲ ެ։伴Ͱݕূ ൿີ伴 νϟϨϯδͳͲ ੜ
σϞ
PHPͰ࣮͢ΔʢϥΠϒϥϦ͏͚Ͳʣ
༻͢ΔϥΠϒϥϦ web-auth/webauthn-lib ▪Πϯετʔϧ ɹcomposer require web-auth/webauthn-lib ▪υΩϡϝϯτ https://webauthn-doc.spomky-labs.com/
FIDO2ͷΈʢొʣ Relyng Party ΫϥΠΞϯτ Authenticator ϩάΠϯID νϟϨϯδͳͲ νϟϨϯδɺRPใͳͲ ࢦೝূ إೝূ
ͳͲ 伴ϖΞ࡞ ެ։伴ͳͲ ެ։伴ͳͲ ݕূ ެ։伴ͷอଘ ެ։伴 ൿີ伴 νϟϨϯδͳͲ ੜ ࣮ൣғ API ϥΠϒϥϦ
FIDO2ͷΈʢೝূʣ Relyng Party ΫϥΠΞϯτ Authenticator ϩάΠϯID νϟϨϯδͳͲ νϟϨϯδɺRPใͳͲ ొ࣌ͷೝূ ॺ໊
ॺ໊ͳͲ ॺ໊ͳͲ ެ։伴Ͱݕূ ൿີ伴 νϟϨϯδͳͲ ੜ API ࣮ൣғ ϥΠϒϥϦ
४උ͢Δͷ • طଘͷೝূػೳʢϩάΠϯIDͳͲʣɹ • PHPɹυΩϡϝϯτ7.2Ҏ্͕ͩɺ7.3.14Λͬͨ • ެ։伴Λอଘ͢ΔͷɹDBʹอଘͨ͠ • ηογϣϯػೳɹൃߦͨ͠νϟϨϯδΛอ͓ͯͨ͘͠Ί
࣮ͷྲྀΕ 1. ެ։伴Repositoryͷ࡞ 2. ϢʔβEntityͷ࡞ 3. RpServerͷ࡞ 4. ެ։伴Λొ͢ΔͨΊʹAuthenticatorʹ͢optionΛ࡞ 5.
Authenticator͔ΒϨεϙϯε͞ΕΔެ։伴Λอ͢Δ 6. ೝূΛ͢ΔͨΊʹAuthenticatorʹ͢optionΛ࡞ 7. Authenticator͔ΒϨεϙϯε͞ΕΔΛॺ໊Λݕূ͢Δ 8. طଘͷೝূʹΈࠐΉ ͜͜·ͰͰɺ4ʙ5ਓ͙Β͍͋ΕͰ͖Δ
ৄࡉ https://qiita.com/koujimatsuda11/items/47f00c9c4d6953377668
·ͱΊ • ϥΠϒϥϦΛ͏·͑͘ɺ؆୯ • ࢦೝূΛ͑ΔσόΠεݶఆతʢAndroidɺMacͳͲʣ • ѹతϢʔβϏϦςΟʂʂʂ ਓྨ͕ύεϫʔυ͔Βղ์͞ΕΔະདྷΛͬͯ·͢ɻ