Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
社内でしか使わない勤怠管理システムにOAuth2を導入してみた / Kagomoku #19
Search
megos
April 20, 2019
Technology
0
2.2k
社内でしか使わない勤怠管理システムにOAuth2を導入してみた / Kagomoku #19
megos
April 20, 2019
Tweet
Share
More Decks by megos
See All by megos
個人開発を続けるということ / Continuing Personal Development
megos
0
250
わたしの開発環境の歴史 / My environment history
megos
0
340
CUIが嫌ならGUIからGitを使えばいいじゃない / kagomoku #17
megos
0
410
Join! かごえん / Join Kagoeng
megos
0
87
GitLab Features
megos
1
350
GitLab Hacks
megos
1
380
Gitlab meets minutes
megos
2
300
2018年まとめ / Summary of 2018
megos
0
310
Dockerで作るLaTeX執筆環境 / Writing LaTeX with Docker
megos
0
1.8k
Other Decks in Technology
See All in Technology
プロダクト成長を支える開発基盤とスケールに伴う課題
yuu26
4
1.3k
SREが向き合う大規模リアーキテクチャ 〜信頼性とアジリティの両立〜
zepprix
0
460
GitHub Issue Templates + Coding Agentで簡単みんなでIaC/Easy IaC for Everyone with GitHub Issue Templates + Coding Agent
aeonpeople
1
240
データの整合性を保ちたいだけなんだ
shoheimitani
8
3.1k
Amazon Bedrock Knowledge Basesチャンキング解説!
aoinoguchi
0
150
Digitization部 紹介資料
sansan33
PRO
1
6.8k
SRE Enabling戦記 - 急成長する組織にSREを浸透させる戦いの歴史
markie1009
0
130
Webhook best practices for rock solid and resilient deployments
glaforge
2
300
インフラエンジニア必見!Kubernetesを用いたクラウドネイティブ設計ポイント大全
daitak
1
370
日本の85%が使う公共SaaSは、どう育ったのか
taketakekaho
1
230
フルカイテン株式会社 エンジニア向け採用資料
fullkaiten
0
10k
生成AIを活用した音声文字起こしシステムの2つの構築パターンについて
miu_crescent
PRO
2
210
Featured
See All Featured
Collaborative Software Design: How to facilitate domain modelling decisions
baasie
0
140
Easily Structure & Communicate Ideas using Wireframe
afnizarnur
194
17k
Claude Code どこまでも/ Claude Code Everywhere
nwiizo
61
52k
Practical Orchestrator
shlominoach
191
11k
How To Speak Unicorn (iThemes Webinar)
marktimemedia
1
380
The Myth of the Modular Monolith - Day 2 Keynote - Rails World 2024
eileencodes
26
3.3k
Un-Boring Meetings
codingconduct
0
200
WENDY [Excerpt]
tessaabrams
9
36k
svc-hook: hooking system calls on ARM64 by binary rewriting
retrage
1
100
Faster Mobile Websites
deanohume
310
31k
How People are Using Generative and Agentic AI to Supercharge Their Products, Projects, Services and Value Streams Today
helenjbeal
1
130
Reflections from 52 weeks, 52 projects
jeffersonlam
356
21k
Transcript
ࣾͰ͔͠Θͳ͍ ۈଵཧγεςϜʹ OAuth2Λಋೖͯ͠Έͨ megos @ ͔͘͝ #19 γϯάϧαΠϯΦϯ! 2019/04/20
megos Full stuck engineer (not stack) • ͔͑͝ΜཱͯͨͻͱʢJoin Us!!ʣ •
Twitterɿ@tmegos • ϙʔτϑΥϦΦɿmegos.netlify.com
എܠͱత • ExcelͰۈଵཧ͞Ε͍ͯͨ • ໘ʢݸਓʣ • ϓϩδΣΫτͷ࡞ۀ͕࣌ؒΘ͔Γʹ͍͘ʢPMʣ • ࣾһʹͱͬͯศརͳWebۈଵγεςϜΛ࡞Δ •
WebԽ → ೝূ → OAuth2 എܠ త
ͳͥOAuth2? • ଞαʔϏεͱͷ࿈ܞͱ͍͏ߏ • άϧʔϓΣΞɺཧɺ༗څٳՋཧ… • ษڧͷͨΊ • OAuth2ΫϥΠΞϯτΑ͘࡞Δ͚Ͳ… OAuth2αʔόࣗͰ࡞Δ͜ͱͳ͍ΑͶ
ͬͨͷ • όοΫΤϯυ • Spring Boot • Spring Security •
Kotlin • DB • PostgreSQL • ϑϩϯτΤϯυ • Vue.js • Vuetify • axios
ͬͨͷ • όοΫΤϯυ • Spring Boot • Spring Security •
Kotlin • DB • PostgreSQL • ϑϩϯτΤϯυ • Vue.js • Vuetify • axios ࠓճ͜͜ͷ OAuth2ͷ෦͚ͩ հ
https://github.com/megos/ spring-security-oauth2- kotlin આ໌ιʔεͷίϝϯτͰ
# ਖ਼͍͠ΞΫηεใ $ curl -X POST \ -d client_id=client_id \
-d client_secret=client_secret \ -d grant_type=password \ -d username=user \ -d password=password \ http://localhost:8080/oauth/token {"access_token":"[your_access_token]","token_type":"bearer","expires _in":43199,"scope":"read"} curlͰOAuthΛୟ͘
# ΫϥΠΞϯτใͷޡΓ $ curl -X POST \ -d client_id=client_id \
-d client_secret=client_secret2 \ -d grant_type=password \ -d username=user \ -d password=password \ http://localhost:8080/oauth/token {"error":"invalid_client","error_description":"Bad client credentials"} curlͰOAuthΛୟ͘
# ϢʔβใͷޡΓ $ curl -X POST \ -d client_id=client_id \
-d client_secret=client_secret \ -d grant_type=password \ -d username=user \ -d password=password2 \ http://localhost:8080/oauth/token {"error":"invalid_grant","error_description":"Bad credentials"} curlͰOAuthΛୟ͘
# ਖ਼͍͠ΞΫηετʔΫϯ $ curl -H "Authorization: Bearer [your_access_token]" localhost: 8080/hello
Hello! # ΞΫηετʔΫϯͳ͠ $ curl http://localhost:8080 {"error":"unauthorized","error_description":"Full authentication is required to access this resource"} # ແޮͳΞΫηετʔΫϯ $ curl -H "Authorization: Bearer bad_access_token" localhost:8080/ hello {"error":"invalid_token","error_description":"Invalid access token: bad_access_token"} ϦιʔεΛऔಘͯ͠ΈΔ
·ͱΊͱࠓޙͷ՝ • Spring SecurityͰOAuth2αʔόΛ࡞ͬͨ • roleͷదͳઃఆ • read/write • user/subreader/reader/admin…
• scopeͷదͳઃఆ ·ͱΊ ࠓޙͷ՝
megos
yuu26
zepprix
aeonpeople
shoheimitani
aoinoguchi
sansan33
markie1009
glaforge
daitak
taketakekaho
fullkaiten
miu_crescent
baasie
afnizarnur
nwiizo
shlominoach
marktimemedia
eileencodes
codingconduct
tessaabrams
retrage
deanohume
.png){kind=avatar}
helenjbeal
jeffersonlam
![# ਖ਼͍͠ΞΫηετʔΫϯ $ curl -H "Authorization: Bearer [your_access_token]" localhost: 8080/hello](https://files.speakerdeck.com/presentations/34db4e3b8fb94947b5ca36f7f66aed6b/slide_10.jpg){kind=link}
