社内でしか使わない勤怠管理システムにOAuth2を導入してみた / Kagomoku #19

ࣾ಺Ͱ͔͠࢖Θͳ͍ ۈଵ؅ཧγεςϜʹ OAuth2Λಋೖͯ͠Έͨ megos @ ͔͝΋͘ #19 γϯάϧαΠϯΦϯ! 2019/04/20

megos Full stuck engineer (not stack) • ͔͑͝ΜཱͯͨͻͱʢJoin Us!!ʣ •
Twitterɿ@tmegos • ϙʔτϑΥϦΦɿmegos.netlify.com

എܠͱ໨త • ExcelͰۈଵ؅ཧ͞Ε͍ͯͨ • ໘౗ʢݸਓʣ • ϓϩδΣΫτͷ࡞ۀ͕࣌ؒΘ͔Γʹ͍͘ʢPMʣ • ࣾһʹͱͬͯศརͳWebۈଵγεςϜΛ࡞Δ •
WebԽ → ೝূ → OAuth2 എܠ ໨త

ͳͥOAuth2? • ଞαʔϏεͱͷ࿈ܞͱ͍͏ߏ૝ • άϧʔϓ΢ΣΞɺ޻਺؅ཧɺ༗څٳՋ؅ཧ… • ษڧͷͨΊ • OAuth2ΫϥΠΞϯτ͸Α͘࡞Δ͚Ͳ… OAuth2αʔό͸ࣗ෼Ͱ࡞Δ͜ͱͳ͍ΑͶ

࢖ͬͨ΋ͷ • όοΫΤϯυ • Spring Boot • Spring Security •
Kotlin • DB • PostgreSQL • ϑϩϯτΤϯυ • Vue.js • Vuetify • axios

࢖ͬͨ΋ͷ • όοΫΤϯυ • Spring Boot • Spring Security •
Kotlin • DB • PostgreSQL • ϑϩϯτΤϯυ • Vue.js • Vuetify • axios ࠓճ͸͜͜ͷ OAuth2ͷ෦෼͚ͩ ঺հ

https://github.com/megos/ spring-security-oauth2- kotlin આ໌͸ιʔεͷίϝϯτͰ

# ਖ਼͍͠ΞΫηε৘ใ $ curl -X POST \ -d client_id=client_id \
-d client_secret=client_secret \ -d grant_type=password \ -d username=user \ -d password=password \ http://localhost:8080/oauth/token {"access_token":"[your_access_token]","token_type":"bearer","expires _in":43199,"scope":"read"} curlͰOAuthΛୟ͘

# ΫϥΠΞϯτ৘ใͷޡΓ $ curl -X POST \ -d client_id=client_id \
-d client_secret=client_secret2 \ -d grant_type=password \ -d username=user \ -d password=password \ http://localhost:8080/oauth/token {"error":"invalid_client","error_description":"Bad client credentials"} curlͰOAuthΛୟ͘

# Ϣʔβ৘ใͷޡΓ $ curl -X POST \ -d client_id=client_id \
-d client_secret=client_secret \ -d grant_type=password \ -d username=user \ -d password=password2 \ http://localhost:8080/oauth/token {"error":"invalid_grant","error_description":"Bad credentials"} curlͰOAuthΛୟ͘

# ਖ਼͍͠ΞΫηετʔΫϯ $ curl -H "Authorization: Bearer [your_access_token]" localhost: 8080/hello
Hello! # ΞΫηετʔΫϯͳ͠ $ curl http://localhost:8080 {"error":"unauthorized","error_description":"Full authentication is required to access this resource"} # ແޮͳΞΫηετʔΫϯ $ curl -H "Authorization: Bearer bad_access_token" localhost:8080/ hello {"error":"invalid_token","error_description":"Invalid access token: bad_access_token"} ϦιʔεΛऔಘͯ͠ΈΔ

·ͱΊͱࠓޙͷ՝୊ • Spring SecurityͰOAuth2αʔόΛ࡞ͬͨ • roleͷద੾ͳઃఆ • read/write • user/subreader/reader/admin…
• scopeͷద੾ͳઃఆ ·ͱΊ ࠓޙͷ՝୊

社内でしか使わない勤怠管理システムにOAuth2を導入してみた / Kagomoku #19

社内でしか使わない勤怠管理システムにOAuth2を導入してみた / Kagomoku #19

megos

More Decks by megos

Other Decks in Technology

Featured

Transcript

ࣾ಺Ͱ͔͠࢖Θͳ͍ ۈଵ؅ཧγεςϜʹ OAuth2Λಋೖͯ͠Έͨ megos @ ͔͝΋͘ #19 γϯάϧαΠϯΦϯ! 2019/04/20

megos Full stuck engineer (not stack) • ͔͑͝ΜཱͯͨͻͱʢJoin Us!!ʣ •

എܠͱ໨త • ExcelͰۈଵ؅ཧ͞Ε͍ͯͨ • ໘౗ʢݸਓʣ • ϓϩδΣΫτͷ࡞ۀ͕࣌ؒΘ͔Γʹ͍͘ʢPMʣ • ࣾһʹͱͬͯศརͳWebۈଵγεςϜΛ࡞Δ •

ͳͥOAuth2? • ଞαʔϏεͱͷ࿈ܞͱ͍͏ߏ૝ • άϧʔϓ΢ΣΞɺ޻਺؅ཧɺ༗څٳՋ؅ཧ… • ษڧͷͨΊ • OAuth2ΫϥΠΞϯτ͸Α͘࡞Δ͚Ͳ… OAuth2αʔό͸ࣗ෼Ͱ࡞Δ͜ͱͳ͍ΑͶ

࢖ͬͨ΋ͷ • όοΫΤϯυ • Spring Boot • Spring Security •

࢖ͬͨ΋ͷ • όοΫΤϯυ • Spring Boot • Spring Security •

https://github.com/megos/ spring-security-oauth2- kotlin આ໌͸ιʔεͷίϝϯτͰ

# ਖ਼͍͠ΞΫηε৘ใ $ curl -X POST \ -d client_id=client_id \

# ΫϥΠΞϯτ৘ใͷޡΓ $ curl -X POST \ -d client_id=client_id \

# Ϣʔβ৘ใͷޡΓ $ curl -X POST \ -d client_id=client_id \

# ਖ਼͍͠ΞΫηετʔΫϯ $ curl -H "Authorization: Bearer [your_access_token]" localhost: 8080/hello

·ͱΊͱࠓޙͷ՝୊ • Spring SecurityͰOAuth2αʔόΛ࡞ͬͨ • roleͷద੾ͳઃఆ • read/write • user/subreader/reader/admin…