Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
アルプの 認証/認可分離戦略と手法
Search
machu
May 19, 2022
Technology
3
740
アルプの 認証/認可分離戦略と手法
machu
May 19, 2022
Tweet
Share
More Decks by machu
See All by machu
NBAチームから学ぶ強いチームの作り方
machuz
0
43
Authorization to implement with Extensible Effect
machuz
0
410
AuthzCtx - Alp社内共有会
machuz
0
72
アルプのEff独自エフェクト集 / Alp-original ’Eff’ pearls
machuz
1
2.1k
Scalebaseバックエンド構成について/the backend design of Scalebase
machuz
0
6.4k
SQL Meisterへの道 ~更新編~ / sql-meister-CUD
machuz
0
2.2k
SQL Meisterへの道 ~基礎〜参照編~ / sql-meister-R
machuz
0
2.6k
Authz
machuz
0
310
CQRS+ESをKinesis,Spark,RDB,S3でやってみた
machuz
0
3.3k
Other Decks in Technology
See All in Technology
AWS Organizations 新機能!マルチパーティ承認の紹介
yhana
1
220
Claude Code Actionを使ったコード品質改善の取り組み
potix2
PRO
6
2.6k
あなたの声を届けよう! 女性エンジニア登壇の意義とアウトプット実践ガイド #wttjp / Call for Your Voice
kondoyuko
4
510
Core Audio tapを使ったリアルタイム音声処理のお話
yuta0306
0
150
Github Copilot エージェントモードで試してみた
ochtum
0
130
低レイヤを知りたいPHPerのためのCコンパイラ作成入門 完全版 / Building a C Compiler for PHPers Who Want to Dive into Low-Level Programming - Expanded
tomzoh
4
3.4k
Lambda Web Adapterについて自分なりに理解してみた
smt7174
5
140
Tokyo_reInforce_2025_recap_iam_access_analyzer
hiashisan
0
140
CI/CD/IaC 久々に0から環境を作ったらこうなりました
kaz29
1
200
20250625 Snowflake Summit 2025活用事例 レポート / Nowcast Snowflake Summit 2025 Case Study Report
kkuv
1
370
KubeCon + CloudNativeCon Japan 2025 Recap
ren510dev
1
300
生まれ変わった AWS Security Hub (Preview) を紹介 #reInforce_osaka / reInforce New Security Hub
masahirokawahara
0
370
Featured
See All Featured
Product Roadmaps are Hard
iamctodd
PRO
54
11k
Rebuilding a faster, lazier Slack
samanthasiow
82
9.1k
Docker and Python
trallard
44
3.5k
Building Flexible Design Systems
yeseniaperezcruz
328
39k
VelocityConf: Rendering Performance Case Studies
addyosmani
331
24k
Code Review Best Practice
trishagee
69
18k
Raft: Consensus for Rubyists
vanstee
140
7k
The Web Performance Landscape in 2024 [PerfNow 2024]
tammyeverts
8
680
I Don’t Have Time: Getting Over the Fear to Launch Your Podcast
jcasabona
32
2.4k
Reflections from 52 weeks, 52 projects
jeffersonlam
351
20k
Thoughts on Productivity
jonyablonski
69
4.7k
RailsConf 2023
tenderlove
30
1.1k
Transcript
Ξϧϓͷ ೝূ/ೝՄઓུͱख๏ SaaS.tech #3 @ma2k8
About me > দཌྷ ΞϧϓͰόοΫΤϯυΤϯδχΞΛ͠ ͍ͯ·͢ ࢠڙͷࠒͷ໊͋ͩͰ·ͬͪΎʔͱݺ Ε͍ͯ·͢ @wing_007 @ma2k8
> ɹ AlpͰScalebaseͱ͍͏αϒεΫϦϓγϣϯܾࡁཧɺܦӦੳͷ SaaSϓϩμΫτΛఏڙ͍ͯ͠·͢ɻ Our Products
> ೝূ/ೝՄ͓͞Β͍ > ೝূ/ೝՄͷίϯςΩετʹ͍ͭͯ > ΞϧϓͰͷઓུ > ΞϧϓͰͷख๏ > ͍͞͝ʹ
Agenda
ೝূ/ೝՄͷ͓͞Β͍
ೝূ ~AutheNtication ~ ର͕ʮ୭ʯͰ͋Δ͔Λಛఆ͢Δ
ೝՄ ~AuthoriZation ~ ҙͷϦιʔεʹର͠ɺ ҙͷΞΫγϣϯͷڐՄ/ڋ൱Λ੍ޚ͢Δ
ೝূ/ೝՄͷ ίϯςΩετʹ͍ͭͯ
γϯϓϧͳཁ݅Ͱ ೝূͱೝՄ͕ͪ͝Όࠞͥʹ ͳ͍ͬͯΔ͜ͱ͕͋Γ·͢ (ͦΕͰࠔΒͳ͍)
ೝՄνΣοΫ͕ͳ͘ɺ ೝূ͑͞௨Εɺશૢ࡞OKͷέʔε
γϯϓϧͳೝূ/ೝՄ ᶃೝূཁٻ(ID/Pass) ᶄϢʔβʔAͰ͋Δ͜ͱΛೝূ ᶅϢʔβʔA ੍ݶͳ͘શૢ࡞Մೳ ϢʔβʔA ͘͢͝γϯϓϧͳγεςϜ
ͪΐͬͱͨ͠ݖݶఆ͜ͷԆઢ ͰରԠՄೳ APIΩʔൃߦɺݖݶҕৡͷཁ͕݅ ग़ͯ͘Δͱ͕͘͠ͳΓ·͢
ҕৡ༗Γೝূ/ೝՄ ᶃӾཡݖݶΛҕৡͨ͠ΩʔΛൃߦ ϢʔβʔA botͷҙͷ࣮ߦऀ APIΩʔ ᶄAPIΩʔΛར༻͠ɺҕৡ͞ΕͨΞΫγϣϯΛ࣮ߦ͢Δɻ ɹAPIΩʔͷೝূߦ͏͕ɺϢʔβʔAͰ͋Δ͔൱͔ɺ ɹ࣮ߦऀ͕୭Ͱ͋Δ͔ͷೝূߦΘͳ͍ɻ ෳࡶͳγεςϜ
Ͳ͕͘͜͠ͳΔͷͰ͠ΐ͏͔
ෳࡶԽ͢Δᶃ APIΩʔೝূ Ϣʔβʔೝূ > Ϣʔβʔೝূͱ"1*Ωʔೝূ͕ͦΕͧΕඞཁʹͳΔ
ෳࡶԽ͢Δᶄ > ϢʔβʔͷೝՄใͱ"1*ΩʔͷೝՄใΛͦΕͧ Εཧ͢Δඞཁ͕͋ΔͷͰɺ1SJODJQBM(ೝՄओମ)͕ ૿͑Δ APIΩʔʹ ඥͮ͘ೝՄใ Ϣʔβʔʹ ඥͮ͘ೝՄใ
ෳࡶԽ͢Δᶅ > ϢʔβʔͷݖݶΛຖճશͯҕৡͨ͠Γɺҕৡ͢Δݖݶ͕ Α΄ͲߜΒΕ͍ͯͳ͍ݶΓ"#"$Ͱͷ࣮͕ඞཁʹͳΔ > ABACͷ࣮ෳࡶʹͳΓ͕ͪ Ӿཡݖݶ͚ͩҕৡ
ෳࡶԽ͢Δᶆ > ݖݶΛ༩͢ΔλΠϛϯάʹɺA"1*Ωʔൃߦ࣌A ͕Ճ͞ΕΔ > ༩λΠϛϯάଞʹϢʔβʔͷ՝ۚޭ࣌ɺ։ൃ༻ʹ༩͢Δ έʔεͳͲɺ͞·͟·ͳλΠϛϯάͰݖݶΛ༩͢ΔՄೳੑ͕͋Δ ՝ۚޭ࣌ ։ൃ༻ APIΩʔͷҕৡ
ݖݶ" Ϣʔβʔ࡞࣌
ଞʹଟͨ͘͞Μ͋Δɻɻɻ
͜ΕෳࡶԽ͢Δཁ݅ͷ Ұ෦Ͱ͔͋͠Γ·ͤΜɾɾ
Presenter Controller Adapter (DB, Redis, etc..) UseCase Domain ߲ͷϚεΩϯά ΤϯυϙΠϯτͷ࣮ߦՄ൱
ϦιʔεͷϑΟϧλ ಡऔ/ॻࠐͷ࣮ߦՄ൱ UseCaseͷ࣮ߦՄ൱ υϝΠϯϩδοΫͷذ υϝΠϯϩδοΫͷ࣮ߦՄ൱ ಛʹೝՄີ݁߹͍͢͠ ҎԼฐࣾͷίϯςΩετʹ͓͚ΔΞʔΩςΫνϟͷ֊ਤͰ͕͢ɺ֤Ͱ༷ʑͳೝՄͷཁ݅ ͕ߟ͑ΒΕ·͢ɻ ؔ৺͕֤ॴʹݱΕΔͨΊɺ۪ʹ࣮͢Δͱมߋ͕͍͠ঢ়ଶʹͳΓ͍͢ɻ ͜ΕΒΛผʑͷΈͰ࣮͢Δͱख͕ଟ͘ͳΓ͗͢ɺ߹ੑͷ֬อ͘͠ͳΔͰ͠ΐ͏ɻ
ີ݁߹ͳೝՄఆ ྫ͑ɺʮܾࡁͷσʔλ͕͋Δ͔Βʯͱ͍ͬͨ ؔ৺Λ͠ͳ͍ϩδοΫͰೝՄఆΛ͢Δ ͱɺҎԼͷΑ͏ͳ͕ൃੜ͠·͢ > ։ൃ༻ͷݖݶ༩ʹܾࡁσʔλੜ͠ͳ͍ͱ͍͚ͳ͍ > ՝ۚͷखஈ͕૿͑ͨ߹ɺશͯͷखஈΛཏతʹ֬ೝ͠ͳ͍ͱݖݶఆ͕ߦ͑ͳ͍ > APIΩʔͷೝՄఆ࣌ʹɺൃߦऀͷใΛ֬ೝ͠ͳ͍ͱ͍͚ͳ͍
> BANͳͲɺܾࡁใͱผ࣠ͰೝՄΛ੍ޚ͍ͨ͠έʔεʹରԠ͠ʹ͍͘
ɾɾ ೝূ/ೝՄ ίΞυϝΠϯ > ڥք͚ͮΒΕͨίϯςΩετͱͯ͢͠Δ͜ͱͰɺೝՄೝՄͷσʔλͱͯ͠ཧ͠ ͘͢ͳΓɺఆϩδοΫೝՄίϯςΩετʹΧϓηϧԽ͢Δ͜ͱ͕Ͱ͖Δ > ͜ΕʹΑΓɺෳࡶੑ͔ΒίΞυϝΠϯΛΓ͢͜ͱ͕Ͱ͖ɺอकੑͷߴ͍ঢ়ଶ͕อͪ ͘͢ͳΔ
> ʹάϥσʔγϣϯ͕͋ΔͷͰɺଈίϯςΩετׂʹΒͳͯ͘ྑ͍͕ɺͦ͏ ͢Δ͜ͱ͕Ͱ͖Δঢ়ଶอ͓͍ͬͯͨํ͕ྑ͍ > Ұ൪ॏཁͳͷͲΜͳखஈʹͤΑɺίΞυϝΠϯ͔Βೝূ/ೝՄ͕Γ͞Ε͍ͯΔ͜ͱ ܾࡁ
ΞϧϓͰͷઓུ
มಈੑ ೝূ/ೝՄʹݶΒͣͰ͕͢ɺͲ͏͢Δͷ͔ʹ͍ͭͯ ’มಈੑ’ Λࢦඪʹ͍ͯ͠·͢ɻ
มಈੑʹΑΔ ’มಈੑ’ ʹ͍ͭͯɺॻ੶ Righting Software Ͱ Γ·ͨ͠ɻ(ݩʑ͜ͷݴ༿ΛΒͳ͔ͬͨͷͰ͢ ͕ɺ͜ΕΛ͏ͱઆ໌͔ͬͨ͢͠ͷͰѪ༻ͯ͠ ͍·͢) ʮγεςϜશମʹٴ͢Δ༷ͳมߋ͞ΕΔՄೳੑ
͕͋ΔྖҬΛ໌Β͔ʹ͠ɺͦͷ෦ΛαʔϏε γεςϜͷ෦ͱͯ͠ΧϓηϧԽ͢Δʯ ͜Εʹै͏ͱɺ࠶ར༻ੑ&อकੑ͕ߴ͘ɺෳࡶ Λίϯτϩʔϧ͍͕͢͠Ͱ͖·͢ɻ
ೝূ/ೝՄͷมಈੑ શ͘͠ͳ͍έʔεͰߟ͑ΔͱɺೝূೝՄͷཁ݅ΞʔΩςΫνϟΛ༳Δ͕ ͢ɺେ͖ͳมಈੑΛ๊͍͑ͯΔ͜ͱ͕Θ͔Γ·͢ɻ > ೝূखஈ͕૿͑ͨ ɹ-> ೝূखஈ͝ͱʹಉ͡ػೳΛ࣮͢Δͷ͔ʁ > ಡऔઐ༻ϢʔβʔΛՃ͍ͨ͠ ɹ->
ࠓ·Ͱॻ͍͖ͯͨॲཧશͯʹذΛ͢ͷ͔ʁ
ඇػೳཁ݅ͷมಈੑ ٻΊΒΕΔඇػೳཁ͕݅ണ͢ΔՄೳੑ͕ߴ͍ͷมಈੑ ͕ߴ͍ͱஅ͠ɺ͢Δ༷ʹ͍ͯ͠·͢ɻ ΞϧϓͰ༻ྔΛͱʹٻֹΛܾΊΔػೳ͕͋Γ·͕͢ɺ ༻ྔΠϕϯτ͓٬༷ͷγεςϜʹΑͬͯେྔͷσʔλΛ औΓѻ͏͜ͱʹͳΔͷͰɺมಈੑ͕ߴ͍ͱͯ͠ίϯςΩετ Λ͍ͯ͠·͢ɻ ͜ΕʹΑͬͯޙͷϦιʔε࠷దԽΛεϜʔζʹߦ͏͜ͱ͕Ͱ͖ ·͢ɻ
ΞϧϓͰͷख๏
ΞϧϓͰߦ͍ͬͯΔ ೝՄͷͷख๏Λ͝հ͠·͢
ᶃೝՄΛڥք͚ͮΒΕͨίϯςΩετ ͱͯ͠ ฐࣾϞδϡϥϞϊϦεΛ࠾༻͍ͯͯ͠ɺೝՄͭͷϞδϡʔ ϧͱ͍ͯͯ͠͠·͢ɻ ೝՄఆͦΕͧΕͷίϯςΩετ͔ΒೝՄίϯςΩετʹϦΫ ΤετΛ͛ΔܗͰߦΘΕ·͢ɻ Presenter Controller Adapter UseCase
Domain Lib Subscription-ctx Presenter Controller Adapter UseCase Domain Lib Authz-ctx ೝՄϦΫΤετ
ᶃೝՄΛڥք͚ͮΒΕͨίϯςΩετ ͱͯ͠ υϝΠϯͰߦ͏Α͏ͳίϯςΩετಛ༗ͷೝՄఆͳͲɺ"VUI[-ctx͚ͩͰͷఆ͕͍͠߹͋ Γ·͢ɻ ೝՄϦΫΤετͷ݁ՌCPPMFBOͰฦͤΔΑ͏ʹ͍ͯ͠ΔͷͰɺίϯςΩετಛ༗ͷఆͱ߹ͯ͠ ೝՄͷఆΛߦ͏͜ͱͰ͜ΕΛճආ͍ͯ͠·͢ɻ ※(Subscription-ctxͷೝՄఆ1 && authz-ctxͷೝՄఆ) ||
Subscription-ctxͷೝՄఆ2 ͷΑ͏ͳܗ Presenter Controller Adapter UseCase Domain Lib Subscription-ctx Presenter Controller Adapter UseCase Domain Lib Authz-ctx ೝՄϦΫΤετ
ᶄೝՄଐੑΛLibͱͯ͠ఏڙ͢Δ ೝՄͷఆʹ͏ଐੑใɺ͍Θͨͩͷλά ͷΑ͏ͳγϯϓϧͳใͱͯ͠औΓѻ͍ɺ֤ίϯ ςΩετͰར༻͢ΔϥΠϒϥϦͱͯ͠ఏڙ͠·͢ɻ
ᶄೝՄଐੑΛLibͱͯ͠ఏڙ͢Δ ͜͏͢Δ͜ͱʹΑͬͯɺͲͷͰଐੑΛѻ͑ Δঢ়ଶΛ࡞Γ·͢ɻ Presenter Controller Adapter UseCase Domain Lib ԼํͷґଘڐՄ͍ͯ͠ΔͷͰLibʹஔ͘ͱɺ
ͲͷͰࢀরͰ͖Δ ֤͝ͱʹઐ༻ͷଐੑΛ༻ҙͯ͠ྑ͍͕ϝϦο τͱίετ͕ݟ߹Θͳ͍ͱஅͨ͠
ᶄೝՄଐੑΛLibͱͯ͠ఏڙ͢Δ ఆ͢Δ࣌ɺ͜ͷଐੑใΛ1SJODJQBMͷใͱڞʹೝՄίϯ ςΩετʹͯ͠ఆͯ͠Β͍ɺͦͷ݁ՌΛͱʹೝՄఆ Λߦ͍·͢ɻ ͜ΕʹΑͬͯଐੑใͱఆϩδοΫ͕Ͱ͖·͢ɻ Presenter Controller Adapter UseCase Domain
Lib HogeίϯςΩετ Presenter Controller Adapter UseCase Domain Lib ೝՄίϯςΩετ ೝՄϦΫΤετ
ᶅPolicyͱScopeΛ۠ผ͢Δ ಉ͡ೝՄଐੑΛར༻͠·͕͢ɺׂΓͯΔରʹΑͬͯ1PMJDZͱ4DPQFͱͯ۠͠ ผ͍ͯ͠·͢ɻ > Policy Principal(User,ApiKey etc..)ʹׂΓͯΒΕΔೝՄଐੑ > Scope γεςϜ্ͷϦιʔεʹׂΓͯΒΕΔೝՄଐੑ
ᶅPolicyͱScopeΛ۠ผ͢Δ Resource(ओʹυϝΠϯϞσϧ)ʹରͯ͠4DPQFΛઃఆ͓ͯ͘͠ͱɺࣗಈͰ1PMJDZͱ ಥ߹ͯ͠ೝՄఆΛߦ͏Α͏ʹ͍ͯ͠·͢ɻ ͜͏͢Δ͜ͱʹΑΓɺ4DPQFͷઃఆ͓͚ͯ͠ɺಡऔઐ༻ݖݶ3FBE͚ͩՄೳ ͷॲཧΛ࣮ऀ͕ҙࣝͤͣͱߦͳͬͯ͘Ε·͢ɻ
ᶆ֤ʹઃఆ͞Ε͍ͯΔScopeΛूΊɺ ఆΛ1ͷܭࢉʹ·ͱΊΔ ೝՄ֤ʹإΛग़͠·͢ɻ ֤ʹ͋Δ4DPQFΛܭࢉ࣌ʹͭʹूΊΔ͜ͱͰɺͷೝ ՄఆͰࡁΉΑ͏ʹ͍ͯ͠·͢ɻ Presenter Controller Adapter(DB etc..) UseCase
Domain Set Scope A Set Scope B Set Scope C,D Set Scope E Set Scope F State[List[A,B,C,D,E,F], X]
ᶆ֤ʹઃఆ͞Ε͍ͯΔScopeΛूΊɺ ఆΛ1ͷܭࢉʹ·ͱΊΔ ೝՄ֤ʹإΛग़͠·͢ɻ ֤ʹ͋Δ4DPQFΛܭࢉ࣌ʹͭʹूΊΔ͜ͱͰɺͷೝՄఆͰࡁΉΑ͏ʹ͍ͯ͠·͢ɻ ೝՄଐੑͷ"OEͱ0SΛදݱͰ͖Δܕ༻ҙ͠ɺͷఆͷදݱྗΛ͋͛ΔࢼΈ͓͜ͳ͍ͬͯ· ͢ɻ(༏ઌະ࣮) Presenter Controller Adapter(DB etc..)
UseCase Domain Set Scope A Set Scope B Set Scope C,D Set Scope E Set Scope F State[List[A,B,C,D,E,F], X]
ᶇೝՄ༻ͷܕʹแΉͱ ೝՄఆͷରͱ͢Δ ᶆͰհͨ͠4DPQFΛूΊΔରΛࢦఆ͢Δͷʹઐ༻ͷܕΛ༻ҙ͍ͯ͠·͢ɻ ܭࢉࣜͷதʹ͋Δɺ͜ͷܕʹแ·Εͨ3FTPVSDFͷ4DPQFΛूΊΔಈ͖Λ͠·͢ɻ ͜ΕʹΑͬͯܭࢉʹ͏3FTPVSDFʹରͯࣗ͠ಈͰೝՄఆΛߦͳͬͯ͘ΕΔͷͰ࿙Ε͕͋Γ·ͤΜɻ RepositoryͷΠϯλʔϑΣʔεͳͲɺ͜ͷܕΛฦΓʹͱ͍ͬͯͳ͍ͱLinterͰΤϥʔʹ͢ΔΈ ಋೖ͍ͯ͠·͢ɻ
ҎԼͷΛͯ͠·͕͢ɺ͔ͳΓ4DBMBͷؔܕϓϩάϥϛϯάدΓͷදݱྗ (Extensible Effect)Λར༻͓ͯ͠Γɺษڧձͷओࢫ͔ΒζϨͦ͏ͳͷͰ͜͜ͰׂѪ͞ ͍͖ͤͯͨͩ·͢ɻ ᶈఆॲཧͷΤϑΣΫτநԽ(͜ΕʹΑͬͯͲͷͰೝՄΛѻ͍͘͢ͳΔ) ᶉ࣮Λ͚ͣʹɺόονॲཧͳͲೝՄఆΛߦ͍ͨ͘ͳ͍έʔεʹରԠ͢Δ (ScalaMatsuriͰൃදͨ͠ࢿྉͱɺࣾษڧձͷࢿྉ͕͋ΔͷͰڵຯͷ͋Δํ͝ࢀর ͍ͩ͘͞ɾɾɾʂ) https://speakerdeck.com/ma2k8/explain-authzctx-in-alp (ࣾ༻ͳͷͰগ͠ࡶͰ͢
🙏) https://speakerdeck.com/ma2k8/alp-original-eff-pearls ଞʹɾɾɾ
͍͞͝ʹ
ೝূ*%BB4ͳͲͰ͔ͳΓָʹͳ͖ͬͯͨҹ͕͋Δ͕ɺ ೝՄ֓೦͕ᐆດͰݕ౼͢Δ͜ͱ͕ଟ͘ͱ͍ͯ͠ɻɻ ·ͩ·ͩೝՄ࣮ͷҰൠతͳղ͕গͳ͘ɺࢀߟʹͳΔใ ͕ݶΒΕ͍ͯΔͷͰੵۃతʹφϨοδΛڞ༗͠ɺΑΓྑ͍ ղΛࡧ͍ͯ͘͠ྲྀΕ͕Ͱ͖Δͱྑ͍ͳͱࢥ͓ͬͯΓ· ͢ʂ
Thanks!