Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
社内でしか使わない勤怠管理システムにOAuth2を導入してみた / Kagomoku #19
Search
megos
April 20, 2019
Technology
0
2.1k
社内でしか使わない勤怠管理システムにOAuth2を導入してみた / Kagomoku #19
megos
April 20, 2019
Tweet
Share
More Decks by megos
See All by megos
個人開発を続けるということ / Continuing Personal Development
megos
0
230
わたしの開発環境の歴史 / My environment history
megos
0
330
CUIが嫌ならGUIからGitを使えばいいじゃない / kagomoku #17
megos
0
390
Join! かごえん / Join Kagoeng
megos
0
80
GitLab Features
megos
1
350
GitLab Hacks
megos
1
370
Gitlab meets minutes
megos
2
290
2018年まとめ / Summary of 2018
megos
0
310
Dockerで作るLaTeX執筆環境 / Writing LaTeX with Docker
megos
0
1.7k
Other Decks in Technology
See All in Technology
Introduction to Sansan, inc / Sansan Global Development Center, Inc.
sansan33
PRO
0
2.7k
Introduction to Sansan for Engineers / エンジニア向け会社紹介
sansan33
PRO
5
39k
IPA&AWSダブル全冠が明かす、人生を変えた勉強法のすべて
iwamot
PRO
2
230
振り返りTransit Gateway ~VPCをいい感じでつなげるために~
masakiokuda
3
210
マルチプロダクト環境におけるSREの役割 / SRE NEXT 2025 lunch session
sugamasao
1
730
SRE with AI:実践から学ぶ、運用課題解決と未来への展望
yoshiiryo1
0
320
AWS CDK 入門ガイド これだけは知っておきたいヒント集
anank
5
750
ロールが細分化された組織でSREは何をするか?
tgidgd
1
420
三視点LLMによる複数観点レビュー
mhlyc
0
230
CDK Toolkit Libraryにおけるテストの考え方
smt7174
1
550
SREのためのeBPF活用ステップアップガイド
egmc
2
1.3k
LLM拡張解体新書/llm-extension-deep-dive
oracle4engineer
PRO
23
6.3k
Featured
See All Featured
Documentation Writing (for coders)
carmenintech
72
4.9k
Art, The Web, and Tiny UX
lynnandtonic
299
21k
The Power of CSS Pseudo Elements
geoffreycrofte
77
5.9k
Statistics for Hackers
jakevdp
799
220k
The World Runs on Bad Software
bkeepers
PRO
70
11k
How GitHub (no longer) Works
holman
314
140k
Docker and Python
trallard
45
3.5k
Understanding Cognitive Biases in Performance Measurement
bluesmoon
29
1.8k
GitHub's CSS Performance
jonrohan
1031
460k
How to Think Like a Performance Engineer
csswizardry
25
1.7k
Thoughts on Productivity
jonyablonski
69
4.7k
Sharpening the Axe: The Primacy of Toolmaking
bcantrill
44
2.4k
Transcript
ࣾͰ͔͠Θͳ͍ ۈଵཧγεςϜʹ OAuth2Λಋೖͯ͠Έͨ megos @ ͔͘͝ #19 γϯάϧαΠϯΦϯ! 2019/04/20
megos Full stuck engineer (not stack) • ͔͑͝ΜཱͯͨͻͱʢJoin Us!!ʣ •
Twitterɿ@tmegos • ϙʔτϑΥϦΦɿmegos.netlify.com
എܠͱత • ExcelͰۈଵཧ͞Ε͍ͯͨ • ໘ʢݸਓʣ • ϓϩδΣΫτͷ࡞ۀ͕࣌ؒΘ͔Γʹ͍͘ʢPMʣ • ࣾһʹͱͬͯศརͳWebۈଵγεςϜΛ࡞Δ •
WebԽ → ೝূ → OAuth2 എܠ త
ͳͥOAuth2? • ଞαʔϏεͱͷ࿈ܞͱ͍͏ߏ • άϧʔϓΣΞɺཧɺ༗څٳՋཧ… • ษڧͷͨΊ • OAuth2ΫϥΠΞϯτΑ͘࡞Δ͚Ͳ… OAuth2αʔόࣗͰ࡞Δ͜ͱͳ͍ΑͶ
ͬͨͷ • όοΫΤϯυ • Spring Boot • Spring Security •
Kotlin • DB • PostgreSQL • ϑϩϯτΤϯυ • Vue.js • Vuetify • axios
ͬͨͷ • όοΫΤϯυ • Spring Boot • Spring Security •
Kotlin • DB • PostgreSQL • ϑϩϯτΤϯυ • Vue.js • Vuetify • axios ࠓճ͜͜ͷ OAuth2ͷ෦͚ͩ հ
https://github.com/megos/ spring-security-oauth2- kotlin આ໌ιʔεͷίϝϯτͰ
# ਖ਼͍͠ΞΫηεใ $ curl -X POST \ -d client_id=client_id \
-d client_secret=client_secret \ -d grant_type=password \ -d username=user \ -d password=password \ http://localhost:8080/oauth/token {"access_token":"[your_access_token]","token_type":"bearer","expires _in":43199,"scope":"read"} curlͰOAuthΛୟ͘
# ΫϥΠΞϯτใͷޡΓ $ curl -X POST \ -d client_id=client_id \
-d client_secret=client_secret2 \ -d grant_type=password \ -d username=user \ -d password=password \ http://localhost:8080/oauth/token {"error":"invalid_client","error_description":"Bad client credentials"} curlͰOAuthΛୟ͘
# ϢʔβใͷޡΓ $ curl -X POST \ -d client_id=client_id \
-d client_secret=client_secret \ -d grant_type=password \ -d username=user \ -d password=password2 \ http://localhost:8080/oauth/token {"error":"invalid_grant","error_description":"Bad credentials"} curlͰOAuthΛୟ͘
# ਖ਼͍͠ΞΫηετʔΫϯ $ curl -H "Authorization: Bearer [your_access_token]" localhost: 8080/hello
Hello! # ΞΫηετʔΫϯͳ͠ $ curl http://localhost:8080 {"error":"unauthorized","error_description":"Full authentication is required to access this resource"} # ແޮͳΞΫηετʔΫϯ $ curl -H "Authorization: Bearer bad_access_token" localhost:8080/ hello {"error":"invalid_token","error_description":"Invalid access token: bad_access_token"} ϦιʔεΛऔಘͯ͠ΈΔ
·ͱΊͱࠓޙͷ՝ • Spring SecurityͰOAuth2αʔόΛ࡞ͬͨ • roleͷదͳઃఆ • read/write • user/subreader/reader/admin…
• scopeͷదͳઃఆ ·ͱΊ ࠓޙͷ՝