Upgrade to Pro — share decks privately, control downloads, hide ads and more …

社内でしか使わない勤怠管理システムにOAuth2を導入してみた / Kagomoku #19

0bdfd06a27528d20dd48e84acf8a23b0?s=47 megos
April 20, 2019

社内でしか使わない勤怠管理システムにOAuth2を導入してみた / Kagomoku #19

0bdfd06a27528d20dd48e84acf8a23b0?s=128

megos

April 20, 2019
Tweet

Transcript

  1. ࣾ಺Ͱ͔͠࢖Θͳ͍ ۈଵ؅ཧγεςϜʹ OAuth2Λಋೖͯ͠Έͨ megos @ ͔͝΋͘ #19 γϯάϧαΠϯΦϯ! 2019/04/20

  2. megos Full stuck engineer (not stack) • ͔͑͝ΜཱͯͨͻͱʢJoin Us!!ʣ •

    Twitterɿ@tmegos • ϙʔτϑΥϦΦɿmegos.netlify.com
  3. എܠͱ໨త • ExcelͰۈଵ؅ཧ͞Ε͍ͯͨ • ໘౗ʢݸਓʣ • ϓϩδΣΫτͷ࡞ۀ͕࣌ؒΘ͔Γʹ͍͘ʢPMʣ • ࣾһʹͱͬͯศརͳWebۈଵγεςϜΛ࡞Δ •

    WebԽ → ೝূ → OAuth2 എܠ ໨త
  4. ͳͥOAuth2? • ଞαʔϏεͱͷ࿈ܞͱ͍͏ߏ૝ • άϧʔϓ΢ΣΞɺ޻਺؅ཧɺ༗څٳՋ؅ཧ… • ษڧͷͨΊ • OAuth2ΫϥΠΞϯτ͸Α͘࡞Δ͚Ͳ… OAuth2αʔό͸ࣗ෼Ͱ࡞Δ͜ͱͳ͍ΑͶ

  5. ࢖ͬͨ΋ͷ • όοΫΤϯυ • Spring Boot • Spring Security •

    Kotlin • DB • PostgreSQL • ϑϩϯτΤϯυ • Vue.js • Vuetify • axios
  6. ࢖ͬͨ΋ͷ • όοΫΤϯυ • Spring Boot • Spring Security •

    Kotlin • DB • PostgreSQL • ϑϩϯτΤϯυ • Vue.js • Vuetify • axios ࠓճ͸͜͜ͷ OAuth2ͷ෦෼͚ͩ ঺հ
  7. https://github.com/megos/ spring-security-oauth2- kotlin આ໌͸ιʔεͷίϝϯτͰ

  8. # ਖ਼͍͠ΞΫηε৘ใ $ curl -X POST \ -d client_id=client_id \

    -d client_secret=client_secret \ -d grant_type=password \ -d username=user \ -d password=password \ http://localhost:8080/oauth/token {"access_token":"[your_access_token]","token_type":"bearer","expires _in":43199,"scope":"read"} curlͰOAuthΛୟ͘
  9. # ΫϥΠΞϯτ৘ใͷޡΓ $ curl -X POST \ -d client_id=client_id \

    -d client_secret=client_secret2 \ -d grant_type=password \ -d username=user \ -d password=password \ http://localhost:8080/oauth/token {"error":"invalid_client","error_description":"Bad client credentials"} curlͰOAuthΛୟ͘
  10. # Ϣʔβ৘ใͷޡΓ $ curl -X POST \ -d client_id=client_id \

    -d client_secret=client_secret \ -d grant_type=password \ -d username=user \ -d password=password2 \ http://localhost:8080/oauth/token {"error":"invalid_grant","error_description":"Bad credentials"} curlͰOAuthΛୟ͘
  11. # ਖ਼͍͠ΞΫηετʔΫϯ $ curl -H "Authorization: Bearer [your_access_token]" localhost: 8080/hello

    Hello! # ΞΫηετʔΫϯͳ͠ $ curl http://localhost:8080 {"error":"unauthorized","error_description":"Full authentication is required to access this resource"} # ແޮͳΞΫηετʔΫϯ $ curl -H "Authorization: Bearer bad_access_token" localhost:8080/ hello {"error":"invalid_token","error_description":"Invalid access token: bad_access_token"} ϦιʔεΛऔಘͯ͠ΈΔ
  12. ·ͱΊͱࠓޙͷ՝୊ • Spring SecurityͰOAuth2αʔόΛ࡞ͬͨ • roleͷద੾ͳઃఆ • read/write • user/subreader/reader/admin…

    • scopeͷద੾ͳઃఆ ·ͱΊ ࠓޙͷ՝୊