Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
アルプの 認証/認可分離戦略と手法
Search
machu
May 19, 2022
Technology
800
3
Share
Embed
Copy iframe code
Copy JS code
Copy link
Start on current slide
アルプの 認証/認可分離戦略と手法
machu
May 19, 2022
More Decks by machu
See All by machu
NBAチームから学ぶ強いチームの作り方
machuz
0
65
Authorization to implement with Extensible Effect
machuz
0
460
AuthzCtx - Alp社内共有会
machuz
0
100
アルプのEff独自エフェクト集 / Alp-original ’Eff’ pearls
machuz
1
2.3k
Scalebaseバックエンド構成について/the backend design of Scalebase
machuz
0
6.6k
SQL Meisterへの道 ~更新編~ / sql-meister-CUD
machuz
0
2.4k
SQL Meisterへの道 ~基礎〜参照編~ / sql-meister-R
machuz
0
2.8k
Authz
machuz
0
320
CQRS+ESをKinesis,Spark,RDB,S3でやってみた
machuz
0
3.5k
Other Decks in Technology
See All in Technology
GitHub Copilot運用のリアル ~AI Credit時代にどう向き合うか~
takafumisu2uk1
0
490
Text-to-SQLをAgentCoreで実現し、生成されるSQLの精度を定量的に評価する
yakumo
2
110
When Platform Engineering Meets GenAI
sucitw
0
200
PostgreSQL 19 新機能概要 OSC Hokkaido 2026
nori_shinoda
0
260
40代で“やっとエンジニアになれた”――閉じた学びを開き、空の青さを知る / 20260628 Naoki Takahashi
shift_evolve
PRO
4
1.1k
CVE-2026-20833_脆弱性対応とAES 化について
jukishiya
0
140
WebGIS AI Agentの紹介
_shimizu
0
590
Comment regagner la souveraineté de vos données tout en étant payé grâce à Nostr !
rlifchitz
0
220
FPGAの開発コンペでZephyrを使ってみた
iotengineer22
0
220
Microsoft のサポートとフィードバック総まとめ
murachiakira
PRO
0
120
そこにあるから地図ができる~位置を示す"モノ"を愉しむ~ - Interface 2026年6月号GPS特集オフ会 / interface_202606_GPS_offline
sakaik
1
120
AIAU_UMEMOGU_ninomiya_slide
ninomiya_ii
0
280
Featured
See All Featured
How to make the Groovebox
asonas
2
2.2k
Skip the Path - Find Your Career Trail
mkilby
1
150
WCS-LA-2024
lcolladotor
0
660
Groundhog Day: Seeking Process in Gaming for Health
codingconduct
0
220
ReactJS: Keep Simple. Everything can be a component!
pedronauck
666
130k
Practical Orchestrator
shlominoach
191
11k
The Impact of AI in SEO - AI Overviews June 2024 Edition
aleyda
5
1.1k
Raft: Consensus for Rubyists
vanstee
141
7.6k
How People are Using Generative and Agentic AI to Supercharge Their Products, Projects, Services and Value Streams Today
helenjbeal
1
220
Balancing Empowerment & Direction
lara
6
1.2k
個人開発の失敗を避けるイケてる考え方 / tips for indie hackers
panda_program
123
22k
The Illustrated Guide to Node.js - THAT Conference 2024
reverentgeek
1
400
Transcript
Ξϧϓͷ ೝূ/ೝՄઓུͱख๏ SaaS.tech #3 @ma2k8
About me > দཌྷ ΞϧϓͰόοΫΤϯυΤϯδχΞΛ͠ ͍ͯ·͢ ࢠڙͷࠒͷ໊͋ͩͰ·ͬͪΎʔͱݺ Ε͍ͯ·͢ @wing_007 @ma2k8
> ɹ AlpͰScalebaseͱ͍͏αϒεΫϦϓγϣϯܾࡁཧɺܦӦੳͷ SaaSϓϩμΫτΛఏڙ͍ͯ͠·͢ɻ Our Products
> ೝূ/ೝՄ͓͞Β͍ > ೝূ/ೝՄͷίϯςΩετʹ͍ͭͯ > ΞϧϓͰͷઓུ > ΞϧϓͰͷख๏ > ͍͞͝ʹ
Agenda
ೝূ/ೝՄͷ͓͞Β͍
ೝূ ~AutheNtication ~ ର͕ʮ୭ʯͰ͋Δ͔Λಛఆ͢Δ
ೝՄ ~AuthoriZation ~ ҙͷϦιʔεʹର͠ɺ ҙͷΞΫγϣϯͷڐՄ/ڋ൱Λ੍ޚ͢Δ
ೝূ/ೝՄͷ ίϯςΩετʹ͍ͭͯ
γϯϓϧͳཁ݅Ͱ ೝূͱೝՄ͕ͪ͝Όࠞͥʹ ͳ͍ͬͯΔ͜ͱ͕͋Γ·͢ (ͦΕͰࠔΒͳ͍)
ೝՄνΣοΫ͕ͳ͘ɺ ೝূ͑͞௨Εɺશૢ࡞OKͷέʔε
γϯϓϧͳೝূ/ೝՄ ᶃೝূཁٻ(ID/Pass) ᶄϢʔβʔAͰ͋Δ͜ͱΛೝূ ᶅϢʔβʔA ੍ݶͳ͘શૢ࡞Մೳ ϢʔβʔA ͘͢͝γϯϓϧͳγεςϜ
ͪΐͬͱͨ͠ݖݶఆ͜ͷԆઢ ͰରԠՄೳ APIΩʔൃߦɺݖݶҕৡͷཁ͕݅ ग़ͯ͘Δͱ͕͘͠ͳΓ·͢
ҕৡ༗Γೝূ/ೝՄ ᶃӾཡݖݶΛҕৡͨ͠ΩʔΛൃߦ ϢʔβʔA botͷҙͷ࣮ߦऀ APIΩʔ ᶄAPIΩʔΛར༻͠ɺҕৡ͞ΕͨΞΫγϣϯΛ࣮ߦ͢Δɻ ɹAPIΩʔͷೝূߦ͏͕ɺϢʔβʔAͰ͋Δ͔൱͔ɺ ɹ࣮ߦऀ͕୭Ͱ͋Δ͔ͷೝূߦΘͳ͍ɻ ෳࡶͳγεςϜ
Ͳ͕͘͜͠ͳΔͷͰ͠ΐ͏͔
ෳࡶԽ͢Δᶃ APIΩʔೝূ Ϣʔβʔೝূ > Ϣʔβʔೝূͱ"1*Ωʔೝূ͕ͦΕͧΕඞཁʹͳΔ
ෳࡶԽ͢Δᶄ > ϢʔβʔͷೝՄใͱ"1*ΩʔͷೝՄใΛͦΕͧ Εཧ͢Δඞཁ͕͋ΔͷͰɺ1SJODJQBM(ೝՄओମ)͕ ૿͑Δ APIΩʔʹ ඥͮ͘ೝՄใ Ϣʔβʔʹ ඥͮ͘ೝՄใ
ෳࡶԽ͢Δᶅ > ϢʔβʔͷݖݶΛຖճશͯҕৡͨ͠Γɺҕৡ͢Δݖݶ͕ Α΄ͲߜΒΕ͍ͯͳ͍ݶΓ"#"$Ͱͷ࣮͕ඞཁʹͳΔ > ABACͷ࣮ෳࡶʹͳΓ͕ͪ Ӿཡݖݶ͚ͩҕৡ
ෳࡶԽ͢Δᶆ > ݖݶΛ༩͢ΔλΠϛϯάʹɺA"1*Ωʔൃߦ࣌A ͕Ճ͞ΕΔ > ༩λΠϛϯάଞʹϢʔβʔͷ՝ۚޭ࣌ɺ։ൃ༻ʹ༩͢Δ έʔεͳͲɺ͞·͟·ͳλΠϛϯάͰݖݶΛ༩͢ΔՄೳੑ͕͋Δ ՝ۚޭ࣌ ։ൃ༻ APIΩʔͷҕৡ
ݖݶ" Ϣʔβʔ࡞࣌
ଞʹଟͨ͘͞Μ͋Δɻɻɻ
͜ΕෳࡶԽ͢Δཁ݅ͷ Ұ෦Ͱ͔͋͠Γ·ͤΜɾɾ
Presenter Controller Adapter (DB, Redis, etc..) UseCase Domain ߲ͷϚεΩϯά ΤϯυϙΠϯτͷ࣮ߦՄ൱
ϦιʔεͷϑΟϧλ ಡऔ/ॻࠐͷ࣮ߦՄ൱ UseCaseͷ࣮ߦՄ൱ υϝΠϯϩδοΫͷذ υϝΠϯϩδοΫͷ࣮ߦՄ൱ ಛʹೝՄີ݁߹͍͢͠ ҎԼฐࣾͷίϯςΩετʹ͓͚ΔΞʔΩςΫνϟͷ֊ਤͰ͕͢ɺ֤Ͱ༷ʑͳೝՄͷཁ݅ ͕ߟ͑ΒΕ·͢ɻ ؔ৺͕֤ॴʹݱΕΔͨΊɺ۪ʹ࣮͢Δͱมߋ͕͍͠ঢ়ଶʹͳΓ͍͢ɻ ͜ΕΒΛผʑͷΈͰ࣮͢Δͱख͕ଟ͘ͳΓ͗͢ɺ߹ੑͷ֬อ͘͠ͳΔͰ͠ΐ͏ɻ
ີ݁߹ͳೝՄఆ ྫ͑ɺʮܾࡁͷσʔλ͕͋Δ͔Βʯͱ͍ͬͨ ؔ৺Λ͠ͳ͍ϩδοΫͰೝՄఆΛ͢Δ ͱɺҎԼͷΑ͏ͳ͕ൃੜ͠·͢ > ։ൃ༻ͷݖݶ༩ʹܾࡁσʔλੜ͠ͳ͍ͱ͍͚ͳ͍ > ՝ۚͷखஈ͕૿͑ͨ߹ɺશͯͷखஈΛཏతʹ֬ೝ͠ͳ͍ͱݖݶఆ͕ߦ͑ͳ͍ > APIΩʔͷೝՄఆ࣌ʹɺൃߦऀͷใΛ֬ೝ͠ͳ͍ͱ͍͚ͳ͍
> BANͳͲɺܾࡁใͱผ࣠ͰೝՄΛ੍ޚ͍ͨ͠έʔεʹରԠ͠ʹ͍͘
ɾɾ ೝূ/ೝՄ ίΞυϝΠϯ > ڥք͚ͮΒΕͨίϯςΩετͱͯ͢͠Δ͜ͱͰɺೝՄೝՄͷσʔλͱͯ͠ཧ͠ ͘͢ͳΓɺఆϩδοΫೝՄίϯςΩετʹΧϓηϧԽ͢Δ͜ͱ͕Ͱ͖Δ > ͜ΕʹΑΓɺෳࡶੑ͔ΒίΞυϝΠϯΛΓ͢͜ͱ͕Ͱ͖ɺอकੑͷߴ͍ঢ়ଶ͕อͪ ͘͢ͳΔ
> ʹάϥσʔγϣϯ͕͋ΔͷͰɺଈίϯςΩετׂʹΒͳͯ͘ྑ͍͕ɺͦ͏ ͢Δ͜ͱ͕Ͱ͖Δঢ়ଶอ͓͍ͬͯͨํ͕ྑ͍ > Ұ൪ॏཁͳͷͲΜͳखஈʹͤΑɺίΞυϝΠϯ͔Βೝূ/ೝՄ͕Γ͞Ε͍ͯΔ͜ͱ ܾࡁ
ΞϧϓͰͷઓུ
มಈੑ ೝূ/ೝՄʹݶΒͣͰ͕͢ɺͲ͏͢Δͷ͔ʹ͍ͭͯ ’มಈੑ’ Λࢦඪʹ͍ͯ͠·͢ɻ
มಈੑʹΑΔ ’มಈੑ’ ʹ͍ͭͯɺॻ੶ Righting Software Ͱ Γ·ͨ͠ɻ(ݩʑ͜ͷݴ༿ΛΒͳ͔ͬͨͷͰ͢ ͕ɺ͜ΕΛ͏ͱઆ໌͔ͬͨ͢͠ͷͰѪ༻ͯ͠ ͍·͢) ʮγεςϜશମʹٴ͢Δ༷ͳมߋ͞ΕΔՄೳੑ
͕͋ΔྖҬΛ໌Β͔ʹ͠ɺͦͷ෦ΛαʔϏε γεςϜͷ෦ͱͯ͠ΧϓηϧԽ͢Δʯ ͜Εʹै͏ͱɺ࠶ར༻ੑ&อकੑ͕ߴ͘ɺෳࡶ Λίϯτϩʔϧ͍͕͢͠Ͱ͖·͢ɻ
ೝূ/ೝՄͷมಈੑ શ͘͠ͳ͍έʔεͰߟ͑ΔͱɺೝূೝՄͷཁ݅ΞʔΩςΫνϟΛ༳Δ͕ ͢ɺେ͖ͳมಈੑΛ๊͍͑ͯΔ͜ͱ͕Θ͔Γ·͢ɻ > ೝূखஈ͕૿͑ͨ ɹ-> ೝূखஈ͝ͱʹಉ͡ػೳΛ࣮͢Δͷ͔ʁ > ಡऔઐ༻ϢʔβʔΛՃ͍ͨ͠ ɹ->
ࠓ·Ͱॻ͍͖ͯͨॲཧશͯʹذΛ͢ͷ͔ʁ
ඇػೳཁ݅ͷมಈੑ ٻΊΒΕΔඇػೳཁ͕݅ണ͢ΔՄೳੑ͕ߴ͍ͷมಈੑ ͕ߴ͍ͱஅ͠ɺ͢Δ༷ʹ͍ͯ͠·͢ɻ ΞϧϓͰ༻ྔΛͱʹٻֹΛܾΊΔػೳ͕͋Γ·͕͢ɺ ༻ྔΠϕϯτ͓٬༷ͷγεςϜʹΑͬͯେྔͷσʔλΛ औΓѻ͏͜ͱʹͳΔͷͰɺมಈੑ͕ߴ͍ͱͯ͠ίϯςΩετ Λ͍ͯ͠·͢ɻ ͜ΕʹΑͬͯޙͷϦιʔε࠷దԽΛεϜʔζʹߦ͏͜ͱ͕Ͱ͖ ·͢ɻ
ΞϧϓͰͷख๏
ΞϧϓͰߦ͍ͬͯΔ ೝՄͷͷख๏Λ͝հ͠·͢
ᶃೝՄΛڥք͚ͮΒΕͨίϯςΩετ ͱͯ͠ ฐࣾϞδϡϥϞϊϦεΛ࠾༻͍ͯͯ͠ɺೝՄͭͷϞδϡʔ ϧͱ͍ͯͯ͠͠·͢ɻ ೝՄఆͦΕͧΕͷίϯςΩετ͔ΒೝՄίϯςΩετʹϦΫ ΤετΛ͛ΔܗͰߦΘΕ·͢ɻ Presenter Controller Adapter UseCase
Domain Lib Subscription-ctx Presenter Controller Adapter UseCase Domain Lib Authz-ctx ೝՄϦΫΤετ
ᶃೝՄΛڥք͚ͮΒΕͨίϯςΩετ ͱͯ͠ υϝΠϯͰߦ͏Α͏ͳίϯςΩετಛ༗ͷೝՄఆͳͲɺ"VUI[-ctx͚ͩͰͷఆ͕͍͠߹͋ Γ·͢ɻ ೝՄϦΫΤετͷ݁ՌCPPMFBOͰฦͤΔΑ͏ʹ͍ͯ͠ΔͷͰɺίϯςΩετಛ༗ͷఆͱ߹ͯ͠ ೝՄͷఆΛߦ͏͜ͱͰ͜ΕΛճආ͍ͯ͠·͢ɻ ※(Subscription-ctxͷೝՄఆ1 && authz-ctxͷೝՄఆ) ||
Subscription-ctxͷೝՄఆ2 ͷΑ͏ͳܗ Presenter Controller Adapter UseCase Domain Lib Subscription-ctx Presenter Controller Adapter UseCase Domain Lib Authz-ctx ೝՄϦΫΤετ
ᶄೝՄଐੑΛLibͱͯ͠ఏڙ͢Δ ೝՄͷఆʹ͏ଐੑใɺ͍Θͨͩͷλά ͷΑ͏ͳγϯϓϧͳใͱͯ͠औΓѻ͍ɺ֤ίϯ ςΩετͰར༻͢ΔϥΠϒϥϦͱͯ͠ఏڙ͠·͢ɻ
ᶄೝՄଐੑΛLibͱͯ͠ఏڙ͢Δ ͜͏͢Δ͜ͱʹΑͬͯɺͲͷͰଐੑΛѻ͑ Δঢ়ଶΛ࡞Γ·͢ɻ Presenter Controller Adapter UseCase Domain Lib ԼํͷґଘڐՄ͍ͯ͠ΔͷͰLibʹஔ͘ͱɺ
ͲͷͰࢀরͰ͖Δ ֤͝ͱʹઐ༻ͷଐੑΛ༻ҙͯ͠ྑ͍͕ϝϦο τͱίετ͕ݟ߹Θͳ͍ͱஅͨ͠
ᶄೝՄଐੑΛLibͱͯ͠ఏڙ͢Δ ఆ͢Δ࣌ɺ͜ͷଐੑใΛ1SJODJQBMͷใͱڞʹೝՄίϯ ςΩετʹͯ͠ఆͯ͠Β͍ɺͦͷ݁ՌΛͱʹೝՄఆ Λߦ͍·͢ɻ ͜ΕʹΑͬͯଐੑใͱఆϩδοΫ͕Ͱ͖·͢ɻ Presenter Controller Adapter UseCase Domain
Lib HogeίϯςΩετ Presenter Controller Adapter UseCase Domain Lib ೝՄίϯςΩετ ೝՄϦΫΤετ
ᶅPolicyͱScopeΛ۠ผ͢Δ ಉ͡ೝՄଐੑΛར༻͠·͕͢ɺׂΓͯΔରʹΑͬͯ1PMJDZͱ4DPQFͱͯ۠͠ ผ͍ͯ͠·͢ɻ > Policy Principal(User,ApiKey etc..)ʹׂΓͯΒΕΔೝՄଐੑ > Scope γεςϜ্ͷϦιʔεʹׂΓͯΒΕΔೝՄଐੑ
ᶅPolicyͱScopeΛ۠ผ͢Δ Resource(ओʹυϝΠϯϞσϧ)ʹରͯ͠4DPQFΛઃఆ͓ͯ͘͠ͱɺࣗಈͰ1PMJDZͱ ಥ߹ͯ͠ೝՄఆΛߦ͏Α͏ʹ͍ͯ͠·͢ɻ ͜͏͢Δ͜ͱʹΑΓɺ4DPQFͷઃఆ͓͚ͯ͠ɺಡऔઐ༻ݖݶ3FBE͚ͩՄೳ ͷॲཧΛ࣮ऀ͕ҙࣝͤͣͱߦͳͬͯ͘Ε·͢ɻ
ᶆ֤ʹઃఆ͞Ε͍ͯΔScopeΛूΊɺ ఆΛ1ͷܭࢉʹ·ͱΊΔ ೝՄ֤ʹإΛग़͠·͢ɻ ֤ʹ͋Δ4DPQFΛܭࢉ࣌ʹͭʹूΊΔ͜ͱͰɺͷೝ ՄఆͰࡁΉΑ͏ʹ͍ͯ͠·͢ɻ Presenter Controller Adapter(DB etc..) UseCase
Domain Set Scope A Set Scope B Set Scope C,D Set Scope E Set Scope F State[List[A,B,C,D,E,F], X]
ᶆ֤ʹઃఆ͞Ε͍ͯΔScopeΛूΊɺ ఆΛ1ͷܭࢉʹ·ͱΊΔ ೝՄ֤ʹإΛग़͠·͢ɻ ֤ʹ͋Δ4DPQFΛܭࢉ࣌ʹͭʹूΊΔ͜ͱͰɺͷೝՄఆͰࡁΉΑ͏ʹ͍ͯ͠·͢ɻ ೝՄଐੑͷ"OEͱ0SΛදݱͰ͖Δܕ༻ҙ͠ɺͷఆͷදݱྗΛ͋͛ΔࢼΈ͓͜ͳ͍ͬͯ· ͢ɻ(༏ઌະ࣮) Presenter Controller Adapter(DB etc..)
UseCase Domain Set Scope A Set Scope B Set Scope C,D Set Scope E Set Scope F State[List[A,B,C,D,E,F], X]
ᶇೝՄ༻ͷܕʹแΉͱ ೝՄఆͷରͱ͢Δ ᶆͰհͨ͠4DPQFΛूΊΔରΛࢦఆ͢Δͷʹઐ༻ͷܕΛ༻ҙ͍ͯ͠·͢ɻ ܭࢉࣜͷதʹ͋Δɺ͜ͷܕʹแ·Εͨ3FTPVSDFͷ4DPQFΛूΊΔಈ͖Λ͠·͢ɻ ͜ΕʹΑͬͯܭࢉʹ͏3FTPVSDFʹରͯࣗ͠ಈͰೝՄఆΛߦͳͬͯ͘ΕΔͷͰ࿙Ε͕͋Γ·ͤΜɻ RepositoryͷΠϯλʔϑΣʔεͳͲɺ͜ͷܕΛฦΓʹͱ͍ͬͯͳ͍ͱLinterͰΤϥʔʹ͢ΔΈ ಋೖ͍ͯ͠·͢ɻ
ҎԼͷΛͯ͠·͕͢ɺ͔ͳΓ4DBMBͷؔܕϓϩάϥϛϯάدΓͷදݱྗ (Extensible Effect)Λར༻͓ͯ͠Γɺษڧձͷओࢫ͔ΒζϨͦ͏ͳͷͰ͜͜ͰׂѪ͞ ͍͖ͤͯͨͩ·͢ɻ ᶈఆॲཧͷΤϑΣΫτநԽ(͜ΕʹΑͬͯͲͷͰೝՄΛѻ͍͘͢ͳΔ) ᶉ࣮Λ͚ͣʹɺόονॲཧͳͲೝՄఆΛߦ͍ͨ͘ͳ͍έʔεʹରԠ͢Δ (ScalaMatsuriͰൃදͨ͠ࢿྉͱɺࣾษڧձͷࢿྉ͕͋ΔͷͰڵຯͷ͋Δํ͝ࢀর ͍ͩ͘͞ɾɾɾʂ) https://speakerdeck.com/ma2k8/explain-authzctx-in-alp (ࣾ༻ͳͷͰগ͠ࡶͰ͢
🙏) https://speakerdeck.com/ma2k8/alp-original-eff-pearls ଞʹɾɾɾ
͍͞͝ʹ
ೝূ*%BB4ͳͲͰ͔ͳΓָʹͳ͖ͬͯͨҹ͕͋Δ͕ɺ ೝՄ֓೦͕ᐆດͰݕ౼͢Δ͜ͱ͕ଟ͘ͱ͍ͯ͠ɻɻ ·ͩ·ͩೝՄ࣮ͷҰൠతͳղ͕গͳ͘ɺࢀߟʹͳΔใ ͕ݶΒΕ͍ͯΔͷͰੵۃతʹφϨοδΛڞ༗͠ɺΑΓྑ͍ ղΛࡧ͍ͯ͘͠ྲྀΕ͕Ͱ͖Δͱྑ͍ͳͱࢥ͓ͬͯΓ· ͢ʂ
Thanks!