OpenID Connect 1.0 with Spring Security #jjug_ccc #jjug_ccc_b / oidc-with-spring-security

Transcript

1. (C) CASAREAL, Inc. All rights reserved. KKVH@DDD 0QFO*%
   $POOFDU
   
   XJUI
   4QSJOH
   4FDVSJUZ ג

   ΧαϨΞϧ
   ଟాਅහ
   ೥݄೔
   ++6(
   $$$
   
   4QSJOH 1

2. (C) CASAREAL, Inc. All rights reserved. KKVH@DDD ͜ͷηογϣϯʹ͍ͭͯ ▸ 0QFO*%
   $POOFDU
   ʢҎԼ0*%$ʣ͓Αͼ

   
 4QSJOH
   4FDVSJUZͷؔ࿈ػೳΛ 
 ෼͔Γ΍͘͢ղઆ͠·͢
   ▸ αϯϓϧίʔυ
   ▸ IUUQTHJUIVCDPN.BTBUPTIJ5BEBPJEDXJUI TQSJOHTFDVSJUZ 2

3. (C) CASAREAL, Inc. All rights reserved. KKVH@DDD ඞཁͳલఏ஌ࣝ ▸ ͜ͷηογϣϯ͸ʲதڃऀ޲͚ʳͰ͢
   

   ▸ ҎԼͷલఏ஌͕ࣝඞཁͰ͢
   ▸ 0"VUI
   ͷ"VUIPSJ[BUJPO
   $PEF
   (SBOU
   'MPXΛ 
 આ໌Ͱ͖Δ
   ▸ 4QSJOH
   4FDVSJUZͷ0"VUI
   ػೳΛ࢖ͬͨ͜ͱ͕͋Δ
   ▸ /PU
   l4QSJOH
   4FDVSJUZ
   0"VUIz 3

4. (C) CASAREAL, Inc. All rights reserved. KKVH@DDD ؀ڥ ▸ +%,
   
   

   ;VMV
   $PNNVOJUZ
   NBD04
   "3.
   ▸ 4QSJOH
   4FDVSJUZ
   
   ▸ 4QSJOH
   #PPU
   
   ▸ ,FZDMPBL
    4

5. (C) CASAREAL, Inc. All rights reserved. KKVH@DDD ͜ͷηογϣϯͷ݁࿦ ▸ "VUI԰͞ΜͷຊΛ

   
 ಡΜͰ͍ͩ͘͞ʂʂʂ
   ▸ ҎԼʮ"VUI԰ຊʯ
   ▸ IUUQT BVUIZBCPPUIQN JUFNT 5

6. (C) CASAREAL, Inc. All rights reserved. KKVH@DDD 0"VUI
   ͷجૅΛ஌Γ͍ͨํ͸ʜ 6 https://www.slideshare.net/masatoshitada7/oauth-20spring-security-51-121418814

7. (C) CASAREAL, Inc. All rights reserved. KKVH@DDD 4QSJOH
   4FDVSJUZͷ0"VUIػೳͷ࢓૊ΈΛ஌Γ͍ͨํ ͸ʜ 7

   https://speakerdeck.com/masatoshitada/oauth2-with-spring-security

8. (C) CASAREAL, Inc. All rights reserved. KKVH@DDD ࣗݾ঺հ ▸ ଟాਅහʢ!TVLF@NBTBʣ
   

   ▸ ݚमτϨʔφʔ!ΧαϨΞϧ
   ▸ +BWB
   
   4QSJOH
   
   1ZUIPO
   
   (P 
 
   .JDSPTFSWJDFT
   
   ,VCFSOFUFT
   ▸ 7.XBSFೝఆߨࢣ
   ▸ ೔ຊ4QSJOHϢʔβձελοϑ 8

9. (C) CASAREAL, Inc. All rights reserved. KKVH@DDD גࣜձࣾΧαϨΞϧ ▸ ଞࣾʹ͸ແ͍৭ʑͳϓϩάϥϛϯάݴޠͷ

   
 ݚमΛఏڙ͍ͯ͠·͢ʂ 9

10. (C) CASAREAL, Inc. All rights reserved. KKVH@DDD 🎉1ZUIPOݚमϦϦʔε🎉 10 1ZUIPOೖ໳

    
 جຊจ๏ɺϥΠϒϥϦͷར༻ɺ8FCεΫϨΠϐϯά 
 ʢ೔ؒʣ 'MBTLʹΑΔ1ZUIPO
    8FCΞϓϦέʔγϣϯ։ൃ 
 %#ΞΫηεɺ3&45ɺ+BWB4DSJQU࿈ܞɺηΩϡϦςΟ 
 ʢ೔ؒʣ

11. (C) CASAREAL, Inc. All rights reserved. KKVH@DDD 4QSJOHݚम͍Ζ͍Ζ 11 7.XBSF
    5BO[Vೝఆ
    4QSJOH
    $PSF
    5SBJOJOH

    
 ϋΠϨϕϧͳ4QSJOHͷجૅ 
 ʢ೔ؒʣ 7.XBSF
    5BO[Vೝఆ
    4QSJOH
    $MPVE
    %FWFMPQFS 
 4QSJOH
    $MPVEʹΑΔϚΠΫϩαʔϏε։ൃ 
 ʢ೔ؒʣ جૅ͔Βͷ4QSJOH
    #PPU 
 8FCɺ%#ΞΫηεɺ3&45ɺηΩϡϦςΟ 
 ʢ೔ؒʣ

12. (C) CASAREAL, Inc. All rights reserved. KKVH@DDD ໨࣍ ▸ 0"VUI
    ͷ෮शͱʮ0"VUIೝূʯͷ໰୊఺
    

    ▸ 0QFO*%
    $POOFDU
    ʹΑΔೝূ
    ▸ 4QSJOH
    4FDVSJUZͰͷར༻
    ▸ ·ͱΊ 12

13. (C) CASAREAL, Inc. All rights reserved. KKVH@DDD ໨࣍ ▸ 0"VUI
    ͷ෮शͱʮ0"VUIೝূʯͷ໰୊఺
    

    ▸ 0QFO*%
    $POOFDU
    ʹΑΔೝূ
    ▸ 4QSJOH
    4FDVSJUZͰͷར༻
    ▸ ·ͱΊ 13

14. (C) CASAREAL, Inc. All rights reserved. KKVH@DDD ೝূͱೝՄ ▸ ೝূʢ"VUIFOUJDBUJPO
    "VUI/

    
    "VUI$ʣ
    ▸ ௨৴ͷ૬ख͕୭ʢԿʣͰ͋Δ͔Λ֬ೝ͢Δ͜ͱ
    ▸ ೝՄʢ"VUIPSJ[BUJPO
    "VUI;ʣ
    ▸ ͱ͋Δಛఆͷ৚݅ʹରͯ͠ɺϦιʔεΞΫηεͷݖݶ Λ༩͑Δ͜ͱ 14 @daisuke_m͞ΜʮΑ͘Θ͔ΔೝূͱೝՄʯΑΓҾ༻ 
 https://dev.classmethod.jp/articles/authentication-and-authorization/

15. (C) CASAREAL, Inc. All rights reserved. KKVH@DDD 0*%$ͱ͸ l0QFO*%
    $POOFDU
    
    ͸
    

    
 0"VUI
    ϓϩτίϧͷ্ʹ 
 γϯϓϧͳΞΠσϯςΟςΟϨΠϠʔΛ 
 ෇༩ͨ͠΋ͷͰ͋Δz 15 OpenID Connect Core 1.0ͷ೔ຊޠ༁ΑΓҾ༻ 
 http://openid-foundation-japan.github.io/openid-connect-core-1_0.ja.html#Introduction 0"VUI
    ϕʔεͷೝূϓϩτίϧ

16. (C) CASAREAL, Inc. All rights reserved. KKVH@DDD 0"VUI
    ͱ͸ ▸ ೝՄͷྲྀΕΛنఆͨ͠ϓϩτίϧ
    

    ▸ 3'$
    
    ೔ຊޠ൛΋͋Δ
    ▸ 0"VUI
    ͱ͸ผ෺
    ▸ 4USVUT
    ͱ4USVUT
    ͘Β͍ҧ͏
    ▸ ೝূϓϩτίϧ0QFO*%
    $POOFDU 
 ͷϕʔεʹͳ͍ͬͯΔ 16

17. (C) CASAREAL, Inc. All rights reserved. KKVH@DDD ΞΫηετʔΫϯͱ͸ ▸ ΫϥΠΞϯτ͕ϦιʔεαʔόʔʹΞΫηε͢Δࡍʹ

    
 ඞཁͳ੾ූʢ㱠*%ΧʔυʣͷΑ͏ͳ΋ͷ
    ▸ "VUIPSJ[BUJPOϦΫΤετϔομʔʹ෇Ճ͢Δ
    ▸ Authorization: Bearer ΞΫηετʔΫϯ
    ▸ ࢓༷Ͱ͸ϑΥʔϚοτະࢦఆ͕ͩɺ֓Ͷ࣍ͷछྨ
    ᶃ ϥϯμϜͳจࣈྻʢ0QBRVF
    5PLFOʣ
    ᶄ +85ʢ+40/
    8FC
    5PLFOɺޙड़ʣ 17

18. (C) CASAREAL, Inc. All rights reserved. KKVH@DDD 0QBRVF
    5PLFO ▸ ϥϯμϜͳจࣈྻΛΞΫηετʔΫϯʹ͢Δ
    

    ▸ ྫɿkjew834wkmfw89cy98j
    ▸ ΞΫηετʔΫϯࣗମʹϢʔβʔ໊΍ 
 ΫϥΠΞϯτ໊ͳͲͷ৘ใ͸ؚ·Ε͍ͯͳ͍
    ▸ 5PLFO
    *OUSPTQFDUJPOͳͲͰೝՄαʔόʔʹ 
 ໰͍߹ΘͤΕ͹৘ใΛऔಘՄೳ 18

19. (C) CASAREAL, Inc. All rights reserved. KKVH@DDD +85
    +40/
    8FC
    5PLFO
    δϣοτ ▸

    ϔομʔ +40/ ɺϖΠϩʔυ +40/ ɺॺ໊Λ 
 ͦΕͧΕ#BTF63-ͰΤϯίʔυͯ͠ʮʯͰ࿈݁
    ▸ +40/ͳͷͰ༷ʑͳ৘ใΛؚΊΒΕΔ
    ▸ ॺ໊ʹϔομʔʴϖΠϩʔυΛʮʯͰ࿈݁ͯ͠ 
 ɹɹɹೝՄαʔόʔͷൿີ伴Ͱ҉߸Խ
    ▸ ॺ໊ΛೝՄαʔόʔͷެ։伴Ͱ෮߸Խͯ͠ 
 ϔομʔʴϖΠϩʔυͱҰக͍ͯ͠Ε͹ɺ 
 վ᜵͞Ε͍ͯͳ͍ͱ෼͔Δ 19

20. (C) CASAREAL, Inc. All rights reserved. KKVH@DDD +85ͷߏ଄ 20 eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJzbGcyMG9uOVg2c

    zZFOExmNDZfQmRuaExHQy1xZnIyMVlvWE9nQVFKRlIwIn0 .eyJqdGkiOiI4YzUyN mMzZC03OTA0LTQ2MWItOGU5ZS1jNDE5YTQ1NmFlNDMiLCJleHAiOjE1Mzg4MTM0Mj YsIm5iZiI6MCwiaWF0IjoxNTM4ODEzMTI2LCJpc3MiOiJodHRwOi8vbG9jYWxob3N 0OjkwMDAvYXV0aC9yZWFsbXMvaGVsbG8tYXBpIiwiYXVkIjoidHJhaW5pbmc2LWZy b250LXNlcnZpY2UiLCJzdWIiOiIxYWI5Yjg4Ny0yNDRhLTRjZTktYTBjMy1iZTc2Z GE4NzZiMTQiLCJ0eXAiOiJCZWFyZXIiLCJhenAiOiJ0cmFpbmluZzYtZnJvbnQtc2 VydmljZSIsImF1dGhfdGltZSI6MCwic2Vzc2lvbl9zdGF0ZSI6IjA4MjU3OTFlLTE 3ODQtNGQxMC1hMjYyLTAzM2U4YmE3OWViMCIsImFjciI6IjEiLCJhbGxvd2VkLW9y aWdpbnMiOlsiaHR0cDovL2xvY2FsaG9zdDo4MDgwIl0sInJlYWxtX2FjY2VzcyI6e yJyb2xlcyI6WyJvZmZsaW5lX2FjY2VzcyIsInVtYV9hdXRob3JpemF0aW9uIl19LC JyZXNvdXJjZV9hY2Nlc3MiOnsiYWNjb3VudCI6eyJyb2xlcyI6WyJtYW5hZ2UtYWN jb3VudCIsIm1hbmFnZS1hY2NvdW50LWxpbmtzIiwidmlldy1wcm9maWxlIl19fSwi c2NvcGUiOiJoZWxsbzpyZWFkIHByb2ZpbGUiLCJwcmVmZXJyZWRfdXNlcm5hbWUiO iJ1c2VyIn0 .fH8s3HaOFjC1CiZeWUP2O1AB2ruDPh9VRnFqSkRoM2zCTpqWgrkiQ BKW3r9RQAD_gsZCi3G7s0tQSCmuAMoht7gLgH9rFKzdKhuKiISeDUF7v2baPva8fH VN8zP1YF84XnVxq-zVThXLBdDgTRXWWI0_RG6x- vJVDRv00gvDwPPvA3WxxIGcekuEjl3ChQhFHozDiEglAlN- vlkDV2IvxVtON4GJ1UAwIj9uTpyAoIVY8oOy_0mMuevzxBSXk2HUxWr2Vrvhj3c2a RrchCOHPsDELtX0CmEBj_bU38d1XbHL30Ar7PWGvpPeSkM3mIykR- osPDSXJwq8gUSAda0JeQ ϔομʔ ϖΠϩʔυ ిࢠॺ໊

21. (C) CASAREAL, Inc. All rights reserved. KKVH@DDD ϖΠϩʔυΛσίʔυ͢Δͱ 21 jwt.io

    Λར༻ είʔϓ໊΍
    Ϣʔβʔ໊

22. (C) CASAREAL, Inc. All rights reserved. KKVH@DDD 5XJUUFSͷྫͰొ৔ਓ෺·ͱΊ 22 UXJUUFSDPN

    ͜Μʹͪ͸ 
 ָ͠Έͩͳʔ Ϧιʔε 
 Φʔφʔ ΫϥΠΞϯτ Ϧιʔεαʔόʔ ೝՄαʔόʔ ೝՄ ΞΫηε 
 τʔΫϯ 
 ෇༩ ΞΫηε 
 τʔΫϯ ͭͿ΍͖ ※ຊ౰͸Twitter͸OAuth 1.0Λ࢖͍ͬͯ·͢

23. (C) CASAREAL, Inc. All rights reserved. KKVH@DDD άϥϯτλΠϓʢΞΫηετʔΫϯͷऔಘํ๏ʣ ᶃ ೝՄίʔυ
    

    ▸ ओʹαʔόʔαΠυ8FCΞϓϦέʔγϣϯ
    ᶄ ΠϯϓϦγοτʢඇਪ঑ʣ
    ▸ ओʹΫϥΠΞϯταΠυ8FCΞϓϦέʔγϣϯ
    ᶅ ϦιʔεΦʔφʔύεϫʔυΫϨσϯγϟϧʢඇਪ঑ʣ
    ▸ ओʹެࣜͷεϚϗΞϓϦͳͲ
    ᶆ ΫϥΠΞϯτΫϨσϯγϟϧ
    ▸ ΫϥΠΞϯτࣗ਎ͷ৘ใऔಘ 23

24. (C) CASAREAL, Inc. All rights reserved. KKVH@DDD ೝՄίʔυʹΑΔΞΫηετʔΫϯऔಘ 24 ೝՄαʔόʔ

    ΫϥΠΞϯτ Ϧιʔε 
 Φʔφʔ 8FC 
 ϒϥ΢β˞ ˞8FCϒϥ΢β͸ɺ࢓༷ॻͰ͸ʮϢʔβʔΤʔδΣϯτʯͱهࡌ͞Ε͍ͯ·͢ ᶃॳճΞΫηε

25. (C) CASAREAL, Inc. All rights reserved. KKVH@DDD ೝՄίʔυʹΑΔΞΫηετʔΫϯऔಘ 25 ೝՄαʔόʔ

    ΫϥΠΞϯτ Ϧιʔε 
 Φʔφʔ 8FC 
 ϒϥ΢β˞ ˞8FCϒϥ΢β͸ɺ࢓༷ॻͰ͸ʮϢʔβʔΤʔδΣϯτʯͱهࡌ͞Ε͍ͯ·͢ ᶃॳճΞΫηε ᶄೝՄΤϯυϙΠϯτʹϦμΠϨΫτ

26. (C) CASAREAL, Inc. All rights reserved. KKVH@DDD ೝՄίʔυʹΑΔΞΫηετʔΫϯऔಘ 26 ೝՄαʔόʔ

    ΫϥΠΞϯτ Ϧιʔε 
 Φʔφʔ 8FC 
 ϒϥ΢β˞ ˞8FCϒϥ΢β͸ɺ࢓༷ॻͰ͸ʮϢʔβʔΤʔδΣϯτʯͱهࡌ͞Ε͍ͯ·͢ ᶃॳճΞΫηε ᶄೝՄΤϯυϙΠϯτʹϦμΠϨΫτ ᶅೝՄը໘

27. (C) CASAREAL, Inc. All rights reserved. KKVH@DDD ೝՄίʔυʹΑΔΞΫηετʔΫϯऔಘ 27 ೝՄαʔόʔ

    ΫϥΠΞϯτ Ϧιʔε 
 Φʔφʔ 8FC 
 ϒϥ΢β˞ ˞8FCϒϥ΢β͸ɺ࢓༷ॻͰ͸ʮϢʔβʔΤʔδΣϯτʯͱهࡌ͞Ε͍ͯ·͢ ᶃॳճΞΫηε ᶄೝՄΤϯυϙΠϯτʹϦμΠϨΫτ ᶅೝՄը໘ ᶆೝՄ ϦιʔεΦʔφʔͷ
    Ϣʔβʔ໊ʴύεϫʔυΛ
    ೖྗ͢Δ͜ͱ͕ଟ͍
    ˠ0"VUI͕ೝূͰ͋Δͱ
    צҧ͍͠΍͍͢

28. (C) CASAREAL, Inc. All rights reserved. KKVH@DDD ೝՄίʔυʹΑΔΞΫηετʔΫϯऔಘ 28 ೝՄαʔόʔ

    ΫϥΠΞϯτ Ϧιʔε 
 Φʔφʔ 8FC 
 ϒϥ΢β˞ ˞8FCϒϥ΢β͸ɺ࢓༷ॻͰ͸ʮϢʔβʔΤʔδΣϯτʯͱهࡌ͞Ε͍ͯ·͢ ᶃॳճΞΫηε ᶇೝՄίʔυൃߦʴϦμΠϨΫτ ᶄೝՄΤϯυϙΠϯτʹϦμΠϨΫτ ᶅೝՄը໘ ᶆೝՄ

29. (C) CASAREAL, Inc. All rights reserved. KKVH@DDD ೝՄίʔυʹΑΔΞΫηετʔΫϯऔಘ 29 ೝՄαʔόʔ

    ΫϥΠΞϯτ Ϧιʔε 
 Φʔφʔ 8FC 
 ϒϥ΢β˞ ˞8FCϒϥ΢β͸ɺ࢓༷ॻͰ͸ʮϢʔβʔΤʔδΣϯτʯͱهࡌ͞Ε͍ͯ·͢ ᶃॳճΞΫηε ᶇೝՄίʔυൃߦʴϦμΠϨΫτ ᶈೝՄίʔυ ᶄೝՄΤϯυϙΠϯτʹϦμΠϨΫτ ᶅೝՄը໘ ᶆೝՄ

30. (C) CASAREAL, Inc. All rights reserved. KKVH@DDD ೝՄίʔυʹΑΔΞΫηετʔΫϯऔಘ 30 ೝՄαʔόʔ

    ΫϥΠΞϯτ Ϧιʔε 
 Φʔφʔ 8FC 
 ϒϥ΢β˞ ˞8FCϒϥ΢β͸ɺ࢓༷ॻͰ͸ʮϢʔβʔΤʔδΣϯτʯͱهࡌ͞Ε͍ͯ·͢ ᶃॳճΞΫηε ᶇೝՄίʔυൃߦʴϦμΠϨΫτ ᶈೝՄίʔυ ᶉΞΫηετʔΫϯ ᶄೝՄΤϯυϙΠϯτʹϦμΠϨΫτ ᶅೝՄը໘ ᶆೝՄ

31. (C) CASAREAL, Inc. All rights reserved. KKVH@DDD ΞΫηετʔΫϯΛར༻ͨ͠ϦιʔεΞΫηε 31 ೝՄαʔόʔ

    ΫϥΠΞϯτ Ϧιʔε 
 Φʔφʔ 8FC 
 ϒϥ΢β ੥ٻॻ࡞੒ 
 ࢿྉ༣ૹ Ϧιʔε 
 αʔόʔ ᶃϦΫΤετ

32. (C) CASAREAL, Inc. All rights reserved. KKVH@DDD ΞΫηετʔΫϯΛར༻ͨ͠ϦιʔεΞΫηε 32 ೝՄαʔόʔ

    ΫϥΠΞϯτ Ϧιʔε 
 Φʔφʔ 8FC 
 ϒϥ΢β ੥ٻॻ࡞੒ 
 ࢿྉ༣ૹ Ϧιʔε 
 αʔόʔ ᶃϦΫΤετ ᶄϦιʔεʹΞΫηε 
 XJUI
    ΞΫηετʔΫϯ

33. (C) CASAREAL, Inc. All rights reserved. KKVH@DDD ΞΫηετʔΫϯΛར༻ͨ͠ϦιʔεΞΫηε 33 ೝՄαʔόʔ

    ΫϥΠΞϯτ Ϧιʔε 
 Φʔφʔ 8FC 
 ϒϥ΢β ੥ٻॻ࡞੒ 
 ࢿྉ༣ૹ Ϧιʔε 
 αʔόʔ ᶃϦΫΤετ ᶅΞΫηε 
 ɹτʔΫϯ 
 ɹݕূ ᶄϦιʔεʹΞΫηε 
 XJUI
    ΞΫηετʔΫϯ ΞΫηετʔΫϯ͕
    +85ܗࣜͷ৔߹͸ෆཁ

34. (C) CASAREAL, Inc. All rights reserved. KKVH@DDD ΞΫηετʔΫϯΛར༻ͨ͠ϦιʔεΞΫηε 34 ೝՄαʔόʔ

    ΫϥΠΞϯτ Ϧιʔε 
 Φʔφʔ 8FC 
 ϒϥ΢β ੥ٻॻ࡞੒ 
 ࢿྉ༣ૹ Ϧιʔε 
 αʔόʔ ᶃϦΫΤετ ᶅΞΫηε 
 ɹτʔΫϯ 
 ɹݕূ ᶆݕূ݁ՌΛฦ͢ ᶄϦιʔεʹΞΫηε 
 XJUI
    ΞΫηετʔΫϯ ΞΫηετʔΫϯ͕
    +85ܗࣜͷ৔߹͸ෆཁ

35. (C) CASAREAL, Inc. All rights reserved. KKVH@DDD ΞΫηετʔΫϯΛར༻ͨ͠ϦιʔεΞΫηε 35 ೝՄαʔόʔ

    ΫϥΠΞϯτ Ϧιʔε 
 Φʔφʔ 8FC 
 ϒϥ΢β ੥ٻॻ࡞੒ 
 ࢿྉ༣ૹ Ϧιʔε 
 αʔόʔ ᶃϦΫΤετ ᶅΞΫηε 
 ɹτʔΫϯ 
 ɹݕূ ᶆݕূ݁ՌΛฦ͢ ᶇݕূ݁ՌΛ 
 ɹ֬ೝ ᶄϦιʔεʹΞΫηε 
 XJUI
    ΞΫηετʔΫϯ

36. (C) CASAREAL, Inc. All rights reserved. KKVH@DDD ΞΫηετʔΫϯΛར༻ͨ͠ϦιʔεΞΫηε 36 ೝՄαʔόʔ

    ΫϥΠΞϯτ Ϧιʔε 
 Φʔφʔ 8FC 
 ϒϥ΢β ੥ٻॻ࡞੒ 
 ࢿྉ༣ૹ Ϧιʔε 
 αʔόʔ ᶃϦΫΤετ ᶅΞΫηε 
 ɹτʔΫϯ 
 ɹݕূ ᶆݕূ݁ՌΛฦ͢ ᶈϨεϙϯε ᶇݕূ݁ՌΛ 
 ɹ֬ೝ ᶄϦιʔεʹΞΫηε 
 XJUI
    ΞΫηετʔΫϯ

37. (C) CASAREAL, Inc. All rights reserved. KKVH@DDD ΞΫηετʔΫϯΛར༻ͨ͠ϦιʔεΞΫηε 37 ೝՄαʔόʔ

    ΫϥΠΞϯτ Ϧιʔε 
 Φʔφʔ 8FC 
 ϒϥ΢β ੥ٻॻ࡞੒ 
 ࢿྉ༣ૹ Ϧιʔε 
 αʔόʔ ᶃϦΫΤετ ᶅΞΫηε 
 ɹτʔΫϯ 
 ɹݕূ ᶆݕূ݁ՌΛฦ͢ ᶈϨεϙϯε ᶉϨεϙϯε ᶇݕূ݁ՌΛ 
 ɹ֬ೝ ᶄϦιʔεʹΞΫηε 
 XJUI
    ΞΫηετʔΫϯ

38. (C) CASAREAL, Inc. All rights reserved. KKVH@DDD ʮ0"VUIೝূʯ͸Կ͕໰୊ʁ ▸ ΫϥΠΞϯτʹ͸ɺΞΫηετʔΫϯ͕ࣗ෼Ѽͯʹ

    
 ൃߦ͞Εͨ΋ͷ͔֬ೝ͢Δज़͕ͳ͍
    ▸ ѱҙͷ͋ΔΫϥΠΞϯτຢ͸ϦιʔεΦʔφʔ޲͚ʹ 
 ൃߦ͞ΕͨΞΫηετʔΫϯʹࠩ͠ସ͑ΒΕͯ΋ؾ͚ͮͳ͍
    ▸ ΞΫηετʔΫϯΛ+85ʹͯͦ͠ͷதʹΫϥΠΞϯτ໊Λ 
 ؚΊΕ͹ɺ্هͷ֬ೝ͸Մೳ
    ▸ ͨͩ͠0"VUIͰ͸߲໨໊ͳͲ͕ඪ४Խ͞Ε͍ͯͳ͍
    ▸ ଞʹ΋৭ʑ͋Δɾɾɾ͸ͣ 38

39. (C) CASAREAL, Inc. All rights reserved. KKVH@DDD ͜ͷষͷ·ͱΊ ▸ 0*%$ͷલʹ0"VUI
    Λ͔ͬ͠Γཧղ͠·͠ΐ

    ͏
    ▸ ѱҙͷ͋ΔΫϥΠΞϯτຢ͸ϦιʔεΦʔφʔ ͷΞΫηετʔΫϯʹࠩ͠ସ͑ΒΕͯ΋ɺ 
 ΫϥΠΞϯτ͸ؾ͚ͮͳ͍ͷͰʮ0"VUIೝূʯ ͸ةݥ 39

40. (C) CASAREAL, Inc. All rights reserved. KKVH@DDD ໨࣍ ▸ 0"VUI
    ͷ෮शͱʮ0"VUIೝূʯͷ໰୊఺
    

    ▸ 0QFO*%
    $POOFDU
    ʹΑΔೝূ
    ▸ 4QSJOH
    4FDVSJUZͰͷར༻
    ▸ ·ͱΊ 40

41. (C) CASAREAL, Inc. All rights reserved. KKVH@DDD <࠶ܝ>0*%$ͱ͸ l0QFO*%
    $POOFDU
    
    ͸
    

    
 0"VUI
    ϓϩτίϧͷ্ʹ 
 γϯϓϧͳΞΠσϯςΟςΟϨΠϠʔΛ 
 ෇༩ͨ͠΋ͷͰ͋Δz 41 OpenID Connect Core 1.0ͷ೔ຊޠ༁ΑΓҾ༻ 
 http://openid-foundation-japan.github.io/openid-connect-core-1_0.ja.html#Introduction 0"VUI
    ϕʔεͷೝূϓϩτίϧ

42. (C) CASAREAL, Inc. All rights reserved. KKVH@DDD 0*%$ͱ͸ 0QFO*%
    $POOFDU
     


    ʹ
    0"VUI
    
    
    *%τʔΫϯ 

    6TFS*OGPΤϯυϙΠϯτ 42 Auth԰ຊΑΓҾ༻ 
 https://authya.booth.pm/items/1550861 0"VUI
    ʹɺೝূ༻ͷ*%τʔΫϯͱ 
 ඪ४ͷϢʔβʔ৘ใ"1*ΛՃ͑ͨ΋ͷ

43. (C) CASAREAL, Inc. All rights reserved. KKVH@DDD ొ৔ਓ෺໊ͷରԠ 43 ͜Μʹͪ͸

    
 ָ͠Έͩͳʔ 3FTPVSDF
    0XOFS 
 
    &OE6TFS $MJFOU 
 
    3FMZJOH
    1BSUZ
    31 3FTPVSDF
    4FSWFS 
 
    6TFS*OGP
    &OEQPJOU "VUIPSJ[BUJPO
    4FSWFS 
 
    0QFO*%
    1SPWJEFS
    01 ˞ ※Ұൠʹ͸ʮID Provider (IdP)ʯͱ΋ݺ͹Ε·͕͢ɺ 
 ɹ࢓༷ॻͰ͸ʮOpenID Provider (OP)ʯͱॻ͔Ε͍ͯ·͢

44. (C) CASAREAL, Inc. All rights reserved. KKVH@DDD ࠓճͷαϯϓϧΞϓϦͷߏ੒ ▸ 3FMZJOH
    1BSUZʹ4QSJOH
    4FDVSJUZͰ࡞੒ͨ͠

    
 ɹɹɹɹɹɹɹ
    ΞϓϦ
    ▸ 0QFO*%
    1SPWJEFSʹ,FZDMPBL
    ▸ 6TFS*OGP
    &OEQPJOUʹ,FZDMPBL 44

45. (C) CASAREAL, Inc. All rights reserved. KKVH@DDD %&.0 45

46. (C) CASAREAL, Inc. All rights reserved. KKVH@DDD *%τʔΫϯͱ͸ ▸ Ϣʔβʔ໊ͳͲͷ৘ใؚ͕·Εͨ+85
    

    ▸ 01͔ΒΞΫηετʔΫϯͱҰॹʹ෇༩͞ΕΔ 46

47. (C) CASAREAL, Inc. All rights reserved. KKVH@DDD *%τʔΫϯͷऔಘ 47 0QFO*%
    1SPWJEFS

    3FMZJOH
    1BSUZ &OE6TFS 8FC 
 ϒϥ΢β˞ ˞8FCϒϥ΢β͸ɺ࢓༷ॻͰ͸ʮϢʔβʔΤʔδΣϯτʯͱهࡌ͞Ε͍ͯ·͢ ᶃॳճΞΫηε ᶇೝՄίʔυൃߦʴϦμΠϨΫτ ᶈೝՄίʔυ ᶉΞΫηετʔΫϯʴ*%τʔΫϯ ᶄೝՄΤϯυϙΠϯτʹϦμΠϨΫτ ᶅೝՄը໘ ᶆೝՄ ΞΫηετʔΫϯͱҰॹʹ
    *%τʔΫϯ͕౉͞ΕΔ

48. (C) CASAREAL, Inc. All rights reserved. KKVH@DDD *%τʔΫϯͷத਎ 48 https://jwt.io/

    Λར༻ σίʔυ݁Ռ +85

49. (C) CASAREAL, Inc. All rights reserved. KKVH@DDD *%τʔΫϯͷத਎ 49 https://jwt.io/

    Λར༻ Ϣʔβʔ৘ใ
    ͦͷଞ΋Ζ΋Ζ

50. (C) CASAREAL, Inc. All rights reserved. KKVH@DDD *%τʔΫϯϖΠϩʔυ಺ͷॏཁDMBJN 50 claim

    આ໌ iss Issuer Identi fi erʢOPΛද͢URLɺޙड़ʣ sub End-UserͷࣝผࢠʢOP಺ͰͷηογϣϯIDʣ aud OAuth 2.0ͰͷΫϥΠΞϯτID iat OP͕JWTΛൃߦͨ࣌͠ࠁʢ1970-01-01͔Βͷඵ਺ʣ exp IDτʔΫϯͷ༗ޮظݶʢiat͔Βͷඵ਺ʣ

51. (C) CASAREAL, Inc. All rights reserved. KKVH@DDD ͦͷଞͷओͳඪ४DMBJN 51 ▸

    OBNF
    ▸ HJWFO@OBNF
    ▸ GBNJMZ@OBNF
    ▸ NJEEMF@OBNF
    ▸ OJDLOBNF
    ▸ QSFGFSSFE@VTFSOBNF ▸ FNBJM
    ▸ FNBJ@WFSJ fi FE
    ▸ CJSUIEBUF
    ▸ QIPOF@OVNCFS
    ▸ QIPOF@OVNCFS@WFSJ fi FE
    ▸ BEESFTT

52. (C) CASAREAL, Inc. All rights reserved. KKVH@DDD ඪ४ͷείʔϓ 52 scope

    આ໌ openid OIDCར༻࣌ʹඞਢ pro fi le (Optional) nameɺfamily_nameͳͲΛऔಘՄೳ email (Optional) emailɾemail_veri fi edΛऔಘՄೳ address (Optional) addressΛऔಘՄೳ phone (Optional) phone_numberɾphone_number_veri fi edΛऔಘՄೳ

53. (C) CASAREAL, Inc. All rights reserved. KKVH@DDD *%τʔΫϯऔಘޙɺ31͕֬ೝ͢΂͖ओͳ͜ͱ ▸ BVEʹ31ࣗ਎ͷΫϥΠΞϯτ*%ؚ͕·ΕΔ
    

    ▸ *%τʔΫϯ͕ɺѱҙͷ͋ΔଞͷΫϥΠΞϯτ͔Β 
 ྲྀ༻͞Εͨ΋ͷͰͳ͍
    ▸ ݱࡏ࣌ࠁ
    
    JBU
    
    FYQ
    ▸ *%τʔΫϯ͕ظݶ੾ΕͰͳ͍ 53

54. (C) CASAREAL, Inc. All rights reserved. KKVH@DDD <ٙ໰>ඞཁ߲໨ΛؚΜͩ+85ΛΞΫηετʔΫϯʹ͢Ε͹ 
 ɹɹɹ0"VUIೝূ͸0,ͳͷͰ͸ʁ🤔

    ▸ ͨͿΜ0,ͩͱࢥ͍·͢ʢࣗ৴ແ͠ʣ
    ▸ ҎԼ͕0*%$ͷҙٛͩͱߟ͍͑ͯ·͢
    ▸ 0"VUI
    ͷ࢓༷Λվมͤͣͦͷ··׆͔ͨ͜͠ͱ
    ▸ +85ʹؚ·ΕΔ΂͖߲໨Λඪ४Խͨ͜͠ͱ 54

55. (C) CASAREAL, Inc. All rights reserved. KKVH@DDD 6TFS*OGPΤϯυϙΠϯτ΁ͷΞΫηε 55 $

    curl -X GET -H "Authorization: Bearer ΞΫηετʔΫϯ" \ http://UserInfoΤϯυϙΠϯτ | jq { "sub": "19736c99-d864-4876-8234-388ccfc0cdc8", "email_verified": false, "name": "John Doe", "preferred_username": "user", "given_name": "John", "family_name": "Doe", "email": "[email protected]" } ▸ ΞΫηετʔΫϯ͕ඞཁ

56. (C) CASAREAL, Inc. All rights reserved. KKVH@DDD 0*%$
    %JTDPWFSZ ▸ 31͕01ͱͷ΍ΓͱΓʹඞཁͳ৘ใΛ

    
 औಘ͢ΔͨΊͷ࢓༷
    ▸ 0QUJPOBMͳͷͰ01΍31͕ରԠͯ͠ͳ͍Մೳੑ ΋͋Γ
    ▸ ,FZDMPBL΍4QSJOH
    4FDVSJUZ͸ରԠ͍ͯ͠Δ 56

57. (C) CASAREAL, Inc. All rights reserved. KKVH@DDD *TTVFS ▸ 01Λද͢63-
    

    ▸ ,FZDMPBLͷ৔߹͸ 
 IUUQ*1ΞυϨεBVUISFBMNTϨϧϜ໊
    ▸ ΞΫηε͢Δͱ͜Μͳ৘ใ͕औಘͰ͖Δ 57

58. (C) CASAREAL, Inc. All rights reserved. KKVH@DDD τʔΫϯΤϯυϙΠϯτͳͲͷऔಘ ▸ *TTVFS
    63-ͷޙʹ

    
 XFMMLOPXOPQFOJEDPO fi HVSBUJPO 
 Λଓ͚Δ 58

59. (C) CASAREAL, Inc. All rights reserved. KKVH@DDD ͜ͷষͷ·ͱΊ ▸ 0*%$
    
    0"VUI
    
    

    
    *%τʔΫϯ 
 ɹɹɹɹ
    6TFS*OGPΤϯυϙΠϯτ
    ▸ *%τʔΫϯ͸
    ▸ +85ܗࣜ
    ▸ ΞΫηετʔΫϯͱҰॹʹฦ͞ΕΔ
    ▸ ΫϥΠΞϯτ*%ͳͲͷ߲໨໊͕ඪ४Ͱఆٛ͞Ε͍ͯΔ
    ▸ 0*$%
    %JTDPWFSZͰ৭Μͳ63-ΛऔಘՄೳ 59

60. (C) CASAREAL, Inc. All rights reserved. KKVH@DDD ໨࣍ ▸ 0"VUI
    ͷ෮शͱʮ0"VUIೝূʯͷ໰୊఺
    

    ▸ 0QFO*%
    $POOFDU
    ʹΑΔೝূ
    ▸ 4QSJOH
    4FDVSJUZͰͷར༻
    ▸ ·ͱΊ 60

61. (C) CASAREAL, Inc. All rights reserved. KKVH@DDD 4QSJOH
    4FDVSJUZͰͷ0*%$ར༻ ▸ 31ͷػೳʢԼهʣ͕ఏڙ͞Ε͍ͯΔ
    

    ▸ *%τʔΫϯʢʴΞΫηετʔΫϯʣΛऔಘ
    ▸ औಘޙʹ*%τʔΫϯΛݕূʢࣗಈʣ
    ▸ 6TFS*OGPΤϯυϙΠϯτʹΞΫηεʢࣗಈʣ
    ▸ 31*OJUJBUFE
    -PHPVU 61

62. (C) CASAREAL, Inc. All rights reserved. KKVH@DDD ඞཁͳϥΠϒϥϦ 62 <dependency>

    <groupId>org.springframework.boot</groupId> <artifactId> spring-boot-starter-oauth2-client </artifactId> </dependency> 0*%$ػೳ΋ؚ·Ε͍ͯΔ

63. (C) CASAREAL, Inc. All rights reserved. KKVH@DDD BQQMJDBUJPOZNM 63 spring.security.oauth2.client.registration.hello:

    provider: ೚ҙͷ໊લ .registrationͷޙʹ΋ࢦఆ͢Δ client-id: ΫϥΠΞϯτ*%
    client-secret: ΫϥΠΞϯτγʔΫϨοτ client-name: ೚ҙͷ໊લ ը໘දࣔͰ࢖ΘΕΔ client-authentication-method: ΫϥΠΞϯτೝূํ๏
    authorization-grant-type: άϥϯτλΠϓ redirect-uri: ϦμΠϨΫτΤϯυϙΠϯτͷ63- scope: ͜ͷΞϓϦͷείʔϓΛΧϯϚ۠੾ΓͰࢦఆ ˞εϖʔεͷ౎߹্Ͱ:".-ܗࣜͰॻ͍͍ͯ·͕͢ɺݸਓతʹ͸QSPQFSUJFT೿Ͱ͢ 0"VUIͷ৔߹ͱ
    ॻ͖ํ͸શ͘ಉ͡

64. (C) CASAREAL, Inc. All rights reserved. KKVH@DDD BQQMJDBUJPOZNMʢଓ͖ʣ 64 spring.security.oauth2.client.provider.hello:

    user-name-attribute: 6TFS*OGP
    +40/ͷϢʔβʔ໊Λද͢ଐੑ໊
    issuer-uri: ೝՄαʔόʔͷ*TTVFS
    *EFOUJ fi FS 01͕0*%$
    %JTDPWFSZରԠͷ৔߹ɺ
    ଞͷ߲໨͸ෆཁ

65. (C) CASAREAL, Inc. All rights reserved. KKVH@DDD +BWB
    $PO fi H

    65 @EnableWebSecurity public class SecurityConfig extends WebSecurityConfigurerAdapter { @Override protected void configure(HttpSecurity http) throws Exception { http.oauth2Login() ... } } 0"VUIͷ৔߹ͱಉ͡

66. (C) CASAREAL, Inc. All rights reserved. KKVH@DDD 3FTU5FNQMBUFͷλΠϜΞ΢τઃఆ ▸ ৄࡉ͸(JU)VC্ͷιʔείʔυɺ

    
 ͓ΑͼԼهͷࢿྉΛࢀর 66 https://speakerdeck.com/masatoshitada/oauth2-with-spring-security

67. (C) CASAREAL, Inc. All rights reserved. KKVH@DDD 31*OJUJBUFE
    -PHPVUͷར༻ ▸ 31ͰͷϩάΞ΢τޙʹɺ

    
 ϒϥ΢βΛ01ͷFOE@TFTTJPO@FOEQPJOUʹ 
 ϦμΠϨΫτͤͯ͞ɺ01͔Β΋ϩάΞ΢τ͢Δ
    ▸ 63-͸01
    $PO fi HVSBUJPO
    *OGPSNBUJPOͰऔಘՄೳ
    ▸ OidcClientInitiatedLogoutSuccessHand lerΛઃఆ 67

68. (C) CASAREAL, Inc. All rights reserved. KKVH@DDD 31*OJUJBUFE
    -PHPVUͷར༻ @EnableWebSecurity public

    class SecurityConfig extends WebSecurityConfigurerAdapter { @Autowired private ClientRegistrationRepository clientRegistrationRepository; private LogoutSuccessHandler oidcLogoutSuccessHandler() { // RP-Initiated LogoutΛߦ͏LogoutSuccessHandler OidcClientInitiatedLogoutSuccessHandler handler = new OidcClientInitiatedLogoutSuccessHandler( this.clientRegistrationRepository); // OP͔ΒͷϩάΞ΢τޙʹϦμΠϨΫτ͞ΕΔURLΛࢦఆ // {baseUrl}ͰRPͷϕʔεURLʢྫ: http://localhost:8080ʣΛઃఆՄೳ handler.setPostLogoutRedirectUri("{baseUrl}"); return handler; }

69. (C) CASAREAL, Inc. All rights reserved. KKVH@DDD 31*OJUJBUFE
    -PHPVUͷར༻ 69 @Override

    protected void configure(HttpSecurity http) throws Exception { ... http.logout(logout -> logout .logoutSuccessHandler(oidcLogoutSuccessHandler()) ); } }

70. (C) CASAREAL, Inc. All rights reserved. KKVH@DDD *%τʔΫϯͷऔಘ 70 @Controller

    public class HogeController { @GetMapping("/hoge") public String hoge(OAuth2AuthenticationToken authentication) { OidcUser oidcUser = (OidcUser) authentication.getPrincipal(); String idToken = oidcUser.getIdToken().getTokenValue(); ... } } ίϯτϩʔϥʔϝιουͷҾ਺ʹ
    OAuth2AuthenticationTokenΛ 
 ࢦఆ͢Δ͚ͩ

71. (C) CASAREAL, Inc. All rights reserved. KKVH@DDD Ϋϥεߏ଄ 71

72. (C) CASAREAL, Inc. All rights reserved. KKVH@DDD ͜ͷষͷ·ͱΊ ▸ ࢖͍ํ͸΄΅0"VUI
    ͷ৔߹ͱಉ͡
    

    ▸ 31*OJUJBUFEϩάΞ΢τͰ01͔Β΋ϩάΞ΢τ Մೳ 72

73. (C) CASAREAL, Inc. All rights reserved. KKVH@DDD ໨࣍ ▸ 0"VUI
    ͷ෮शͱʮ0"VUIೝূʯͷ໰୊఺
    

    ▸ 0QFO*%
    $POOFDU
    ʹΑΔೝূ
    ▸ 4QSJOH
    4FDVSJUZͰͷར༻
    ▸ ·ͱΊ 73

74. (C) CASAREAL, Inc. All rights reserved. KKVH@DDD ຊηογϣϯͷ·ͱΊ ▸ ʮ0"VUIೝূʯ͸ةݥ
    

    ▸ 0*%$
    
    0"VUI
    
    
    *%τʔΫϯ 
 ɹɹɹɹ
    6TFS*OGPΤϯυϙΠϯτ
    ▸ 4QSJOH
    4FDVSJUZͰ31Λ؆୯ʹ࣮૷Ͱ͖Δ 74

75. (C) CASAREAL, Inc. All rights reserved. KKVH@DDD ࢀߟॻ੶ 75

76. (C) CASAREAL, Inc. All rights reserved. KKVH@DDD 0*%$ؔ࿈࢓༷ॻ ▸ 0QFO*%
    $POOFDU
    $PSF
    
    

    ▸ IUUQTPQFOJEOFUTQFDTPQFOJEDPOOFDUDPSF@IUNM
    ▸ 0QFO*%
    $POOFDU
    %JTDPWFSZ
    
    ▸ IUUQTPQFOJEOFUTQFDTPQFOJEDPOOFDUEJTDPWFSZ@IUNM
    ▸ 0QFO*%
    $POOFDU
    31*OJUJBUFE
    -PHPVU
    
    ▸ IUUQTPQFOJEOFUTQFDTPQFOJEDPOOFDU SQJOJUJBUFE@IUNM 76

77. (C) CASAREAL, Inc. All rights reserved. KKVH@DDD ଞʹ΋͍ΖΜͳ࢓༷͕͋ΔͬΆ͍ 77 https://openid.net/connect/

    ϩάΞ΢τͷ࢓༷ͱ͔
    ؾʹͳͬͯ·͢👀

78. (C) CASAREAL, Inc. All rights reserved. KKVH@DDD 4QSJOH
    4FDVSJUZ
    3FGFSFODF ▸ IUUQTEPDTTQSJOHJPTQSJOHTFDVSJUZTJUF

    EPDTDVSSFOUSFGFSFODFIUNMPBVUI
    ▸ 0*%$ػೳͷ͜ͱ͸0"VUI
    ػೳͷઆ໌ʹೖΓ ࠞͬͯ͡ΔͷͰɺͪΐͬͱ୳ͮ͠Β͍ 78

79. (C) CASAREAL, Inc. All rights reserved. KKVH@DDD ͝ਗ਼ௌ͋Γ͕ͱ͏͍͟͝·ͨ͠ʂ 79