Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
社内でしか使わない勤怠管理システムにOAuth2を導入してみた / Kagomoku #19
Search
megos
April 20, 2019
Technology
0
2.1k
社内でしか使わない勤怠管理システムにOAuth2を導入してみた / Kagomoku #19
megos
April 20, 2019
Tweet
Share
More Decks by megos
See All by megos
個人開発を続けるということ / Continuing Personal Development
megos
0
230
わたしの開発環境の歴史 / My environment history
megos
0
330
CUIが嫌ならGUIからGitを使えばいいじゃない / kagomoku #17
megos
0
390
Join! かごえん / Join Kagoeng
megos
0
80
GitLab Features
megos
1
350
GitLab Hacks
megos
1
370
Gitlab meets minutes
megos
2
290
2018年まとめ / Summary of 2018
megos
0
300
Dockerで作るLaTeX執筆環境 / Writing LaTeX with Docker
megos
0
1.7k
Other Decks in Technology
See All in Technology
生成AI活用の組織格差を解消する 〜ビジネス職のCursor導入が開発効率に与えた好循環〜 / Closing the Organizational Gap in AI Adoption
upamune
7
5.3k
【5分でわかる】セーフィー エンジニア向け会社紹介
safie_recruit
0
27k
FOSS4G 2025 KANSAI QGISで点群データをいろいろしてみた
kou_kita
0
400
Geminiとv0による高速プロトタイピング
shinya337
1
270
NewSQLや分散データベースを支えるRaftの仕組み - 仕組みを理解して知る得意不得意
hacomono
PRO
2
170
タイミーのデータモデリング事例と今後のチャレンジ
ttccddtoki
6
2.4k
無意味な開発生産性の議論から抜け出すための予兆検知とお金とAI
i35_267
4
13k
OPENLOGI Company Profile
hr01
0
67k
マーケットプレイス版Oracle WebCenter Content For OCI
oracle4engineer
PRO
3
960
AWS認定を取る中で感じたこと
siromi
1
190
2025-07-06 QGIS初級ハンズオン「はじめてのQGIS」
kou_kita
0
170
Sansanのデータプロダクトマネジメントのアプローチ
sansantech
PRO
0
160
Featured
See All Featured
The Illustrated Children's Guide to Kubernetes
chrisshort
48
50k
Making the Leap to Tech Lead
cromwellryan
134
9.4k
[RailsConf 2023 Opening Keynote] The Magic of Rails
eileencodes
29
9.6k
Side Projects
sachag
455
42k
Music & Morning Musume
bryan
46
6.6k
How to Think Like a Performance Engineer
csswizardry
25
1.7k
How STYLIGHT went responsive
nonsquared
100
5.6k
Understanding Cognitive Biases in Performance Measurement
bluesmoon
29
1.8k
YesSQL, Process and Tooling at Scale
rocio
173
14k
Fantastic passwords and where to find them - at NoRuKo
philnash
51
3.3k
Building an army of robots
kneath
306
45k
Optimizing for Happiness
mojombo
379
70k
Transcript
ࣾͰ͔͠Θͳ͍ ۈଵཧγεςϜʹ OAuth2Λಋೖͯ͠Έͨ megos @ ͔͘͝ #19 γϯάϧαΠϯΦϯ! 2019/04/20
megos Full stuck engineer (not stack) • ͔͑͝ΜཱͯͨͻͱʢJoin Us!!ʣ •
Twitterɿ@tmegos • ϙʔτϑΥϦΦɿmegos.netlify.com
എܠͱత • ExcelͰۈଵཧ͞Ε͍ͯͨ • ໘ʢݸਓʣ • ϓϩδΣΫτͷ࡞ۀ͕࣌ؒΘ͔Γʹ͍͘ʢPMʣ • ࣾһʹͱͬͯศརͳWebۈଵγεςϜΛ࡞Δ •
WebԽ → ೝূ → OAuth2 എܠ త
ͳͥOAuth2? • ଞαʔϏεͱͷ࿈ܞͱ͍͏ߏ • άϧʔϓΣΞɺཧɺ༗څٳՋཧ… • ษڧͷͨΊ • OAuth2ΫϥΠΞϯτΑ͘࡞Δ͚Ͳ… OAuth2αʔόࣗͰ࡞Δ͜ͱͳ͍ΑͶ
ͬͨͷ • όοΫΤϯυ • Spring Boot • Spring Security •
Kotlin • DB • PostgreSQL • ϑϩϯτΤϯυ • Vue.js • Vuetify • axios
ͬͨͷ • όοΫΤϯυ • Spring Boot • Spring Security •
Kotlin • DB • PostgreSQL • ϑϩϯτΤϯυ • Vue.js • Vuetify • axios ࠓճ͜͜ͷ OAuth2ͷ෦͚ͩ հ
https://github.com/megos/ spring-security-oauth2- kotlin આ໌ιʔεͷίϝϯτͰ
# ਖ਼͍͠ΞΫηεใ $ curl -X POST \ -d client_id=client_id \
-d client_secret=client_secret \ -d grant_type=password \ -d username=user \ -d password=password \ http://localhost:8080/oauth/token {"access_token":"[your_access_token]","token_type":"bearer","expires _in":43199,"scope":"read"} curlͰOAuthΛୟ͘
# ΫϥΠΞϯτใͷޡΓ $ curl -X POST \ -d client_id=client_id \
-d client_secret=client_secret2 \ -d grant_type=password \ -d username=user \ -d password=password \ http://localhost:8080/oauth/token {"error":"invalid_client","error_description":"Bad client credentials"} curlͰOAuthΛୟ͘
# ϢʔβใͷޡΓ $ curl -X POST \ -d client_id=client_id \
-d client_secret=client_secret \ -d grant_type=password \ -d username=user \ -d password=password2 \ http://localhost:8080/oauth/token {"error":"invalid_grant","error_description":"Bad credentials"} curlͰOAuthΛୟ͘
# ਖ਼͍͠ΞΫηετʔΫϯ $ curl -H "Authorization: Bearer [your_access_token]" localhost: 8080/hello
Hello! # ΞΫηετʔΫϯͳ͠ $ curl http://localhost:8080 {"error":"unauthorized","error_description":"Full authentication is required to access this resource"} # ແޮͳΞΫηετʔΫϯ $ curl -H "Authorization: Bearer bad_access_token" localhost:8080/ hello {"error":"invalid_token","error_description":"Invalid access token: bad_access_token"} ϦιʔεΛऔಘͯ͠ΈΔ
·ͱΊͱࠓޙͷ՝ • Spring SecurityͰOAuth2αʔόΛ࡞ͬͨ • roleͷదͳઃఆ • read/write • user/subreader/reader/admin…
• scopeͷదͳઃఆ ·ͱΊ ࠓޙͷ՝