Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
マネーフォワードの認証基盤のこれまでとこれから
Search
nhosoya
January 19, 2023
Technology
0
2.1k
マネーフォワードの認証基盤のこれまでとこれから
サービスの当たり前を支える認証認可 〜マネーフォワードxマクアケ〜
https://makuake.connpass.com/event/269014/
nhosoya
January 19, 2023
Tweet
Share
More Decks by nhosoya
See All by nhosoya
マネーフォワードの認証基盤の現在地
nhosoya
1
1.2k
Other Decks in Technology
See All in Technology
マーケットプレイス版Oracle WebCenter Content For OCI
oracle4engineer
PRO
3
960
CDKTFについてざっくり理解する!!~CloudFormationからCDKTFへ変換するツールも作ってみた~
masakiokuda
1
150
OPENLOGI Company Profile for engineer
hr01
1
34k
DBのスキルで生き残る技術 - AI時代におけるテーブル設計の勘所
soudai
PRO
50
20k
United Airlines Customer Service– Call 1-833-341-3142 Now!
airhelp
0
170
Yahoo!しごとカタログ 新しい境地を創るエンジニア募集!
lycorptech_jp
PRO
0
110
Delta airlines Customer®️ USA Contact Numbers: Complete 2025 Support Guide
deltahelp
0
710
PO初心者が考えた ”POらしさ”
nb_rady
0
210
KubeCon + CloudNativeCon Japan 2025 Recap by CA
ponkio_o
PRO
0
300
Flutter向けPDFビューア、pdfrxのpdfium WASM対応について
espresso3389
0
130
生成AI開発案件におけるClineの業務活用事例とTips
shinya337
0
260
さくらのIaaS基盤のモニタリングとOpenTelemetry/OSC Hokkaido 2025
fujiwara3
3
450
Featured
See All Featured
What’s in a name? Adding method to the madness
productmarketing
PRO
23
3.5k
Bash Introduction
62gerente
613
210k
Evolution of real-time – Irina Nazarova, EuRuKo, 2024
irinanazarova
8
820
Easily Structure & Communicate Ideas using Wireframe
afnizarnur
194
16k
Build The Right Thing And Hit Your Dates
maggiecrowley
36
2.8k
VelocityConf: Rendering Performance Case Studies
addyosmani
332
24k
Performance Is Good for Brains [We Love Speed 2024]
tammyeverts
10
950
Practical Orchestrator
shlominoach
189
11k
Producing Creativity
orderedlist
PRO
346
40k
What's in a price? How to price your products and services
michaelherold
246
12k
10 Git Anti Patterns You Should be Aware of
lemiorhan
PRO
656
60k
How STYLIGHT went responsive
nonsquared
100
5.6k
Transcript
ϚωʔϑΥϫʔυͷ ೝূج൫ͷ͜Ε·Ͱ ͱ͜Ε͔Β גࣜձࣾϚωʔϑΥϫʔυ @nhosoya ࡉ୩थ 2023-01-19
@nhosoya ʢࡉ୩थʣ גࣜձࣾϚωʔϑΥϫʔυ IDαʔϏε։ൃ෦ 2015 - ϚωʔϑΥϫʔυMEͷ։ൃ ʢAndroid/Rails/EMͬΆ͍ͳʹ͔ʣ 2018 -
ݱࡏ ೝূج൫ͷ։ൃ <- ࠓ͜ͷ 2
ϚωʔϑΥϫʔυͷαʔϏε 3
͜͜ʹςΩετ͕ೖΓ·͢͜͜ʹςΩετ͕ ͜͜ʹςΩετ͕ೖΓ·͢͜͜ʹςΩετ͕ ͜͜ʹςΩετ͕ೖΓ·͢͜͜ʹςΩετ͕ ͜͜ʹςΩετ͕ೖΓ·͢͜͜ʹςΩετ͕ 4
1ͭͷIDͰͯ͢ͷαʔϏεΛར༻Մೳ 31T *E1 01 5
વɺ࠷ॳ͔Β͜͏ͳ͍ͬͯͨΘ͚Ͱͳ͍ 6
2012 ϚωʔϑΥϫʔυ ME ϦϦʔε 7
1App 1DBͷγϯϓϧͳߏ - ΞΧϯτ(ID/PW) - ۚ༥ػؔͳͲ͔Βऔಘͨ͠ใ - ͳͲͳͲ 8
2013 Ϋϥυձܭɾ֬ఆਃࠂ ϦϦʔε 9
ՈܭͷσʔλΛ֬ఆਃࠂͰ׆༻͍ͨ͠ 10
ڞ༗͞ΕΔσʔλϕʔε - ۚ༥ػؔͳͲ͔Βऔಘͨ͠ใ - ՈܭαʔϏεͷΈ͕ར༻͢Δ σʔλ - ΞΧϯτใ (ID/PW) -
ձܭɾ֬ఆਃࠂαʔϏεͷΈ͕ ར༻͢Δσʔλ 11
2014 Ϋϥυٻॻ 2015 Ϋϥυڅ༩ ΫϥυϚΠφϯόʔ 2016 Ϋϥυܦඅ 12
ਐΉີ݁߹ - ΞΧϯτใ (ID/PW) - ۚ༥ػؔͳͲ͔Βऔಘͨ͠ใ - ՈܭαʔϏεͷΈ͕ར༻͢Δ σʔλ -
ϚωʔϑΥʔϫʔυΫϥυͷ αʔϏε͕ڞ௨Ͱར༻͢Δσʔλ 13
͜ͷͱ͖ͳʹ͕ى͖͍͔ͯͨ සൃ͢Δো ɾDBͷੑೳ ɾεϩʔΫΤϦҰൃͰ શαʔϏε͕োʹͳΔ ɾڞ༗ϥΠϒϥϦͰޓੑ Λอͭඞཁ͕͋Δ ɾΫϥυαʔϏεΛ͑ ͳ͍ ɾӨڹ͕શαʔϏεʹٴͿ
ͷͰख͕ग़ͮ͠Β͍ ɾಉҰIDͰ͋Δ͜ͱΛ׆͔ ͤͳ͍ ։ൃͷ੍ ਐԽ͠ͳ͍ೝূ 14
2018 ೝূج൫ͷ։ൃ։࢝ 15
Ͳ͏ղܾ͢Δ DBͷґଘΛ ݮΒ͢ WebAPI ͷΈͰ ΓऔΓ ิॿͰͳ͘ ҕৡͯ͠Β͏ 16
*%τʔΫϯͷऔಘͱݕূ ೝূ 17
OpenID Connect ͷϝϦοτ • ඪ४༷Ͱ͋Δ • ηΩϡϦςΟݒ೦͕গͳ͍ • OSS͕ར༻Ͱ͖ΔʢΫϥΠΞϯτࢹʣ •
RESTful ͳ Web API ͷΈͰͷΓऔΓ • ݴޠɺΠϯϑϥͱʹαʔϏεଆͷ੍͕ͳ͍ • IdP ଆͷ։ൃͷΈͰೝূڧԽ͕Մೳ • ೝূॲཧࣗମ IdP ଆͷυϝΠϯͷΈͰߦΘΕΔ 18
େมͩͬͨ͜ͱ • ༷ͷཧղɾղऍ͕͍͠ • Ͳ͏࡞Δ͔ • طଘαʔϏεͷ IdP ରԠ 19
༷ͷཧղɾղऍ͕͍͠ • ؔ࿈༷͕ଟ͍… • Φϓγϣφϧ͕ଟ͍… • IdP Λ࡞ΔͨΊʹඞཁͳ༷͕ͯ͢ࡌ͍ͬͯΔΘ͚Ͱͳ͍ → OpenID
Foundation Japan ͷ૬ஊ → ΤΩεύʔτͰ͋Δ @nov ͞ΜΛٕज़ސͱܴͯ͑͠Δʢͷͪೖࣾʣ 20
ࣗ࡞ / IDaaS / Managed • طଘσʔλͷҠߦཁ݅ • ϕϯμʔϩοΫΠϯͷෆ҆ •
ྉۚʹݟ߹͏ͷ͔ → OSSϥΠϒϥϦΛͬͯࣗ࡞ ʢݸਓతʹΊͪΌͪ͘Όྑ͍ܦݧʹͳͬͨɻ4͘Β͍େ͖ͳͳ͘ӡ༻Ͱ͖͍ͯΔɻ ͚Ͳ͔ͳΓޭόΠΞεɻຊʹθϩ͔ΒΔͳΒ IDaaS ͬͯΈ͍ͨɻʣ 21
طଘαʔϏεͷ IdP ରԠ • ঢ়گ • ։ൃ։࢝࣌Ͱ7ͭͷαʔϏε͕ӡ༻த • ৽ن2αʔϏεʢIdP ར༻લఏͰ։ൃʣϦϦʔεؒۙ
• ϏοάόϯϦϦʔεૣʑʹఘΊΔ • IdP ͕ڞ௨DB Λར༻͢Δ͜ͱͰޓੑΛอͭ͜ͱʹͨ͠ 22
ཧDBͷڞ༗͕ͳ͍ੈք 23
IdP͕ڞ༗DBʹใΛಉظ͢Δ 24
201812݄ ೝূج൫ͷϦϦʔε 25
ଓ͘৽نαʔϏε 2020 ϚωʔϑΥϫʔυ ͓ۚͷ૬ஊ ϚωʔϑΥϫʔυ ΫϥυձܭPlus ϚωʔϑΥϫʔυ ࣾձอݥ ϚωʔϑΥϫʔυ ։ۀಧ
2021 ϚωʔϑΥϫʔυ Ϋϥυ࠴ࢧ ϚωʔϑΥϫʔυ Ϋϥυܖ ϚωʔϑΥϫʔυ ΫϥυٻॻPlus ϚωʔϑΥϫʔυ Ϋϥυݻఆࢿ࢈ ϚωʔϑΥϫʔυ Ϋϥυਓࣄཧ ϚωʔϑΥϫʔυ Ϋϥυௐ ϚωʔϑΥϫʔυ ITཧΫϥυ ϚωʔϑΥϫʔυ Pay for Business 26
1ͭͷIDͰͯ͢ͷαʔϏεΛར༻Մೳ 27
ϦϦʔε͔ͯ͠ΒԿͬͯͨͷʁ 28
1. طଘαʔϏεͷҠߦαϙʔτ ɹɾશαʔϏε͕ͬͨͷ2020͘Β͍ 29
2. ೝূڧԽ ɹɾ2FA (TOTP/SMS) ɹɾSign in with Apple ɹɾϩάΠϯ௨ ɹɾύεϫʔυϙϦγʔมߋ
ɹɾύεϫʔυڧϝʔλʔ ɹɾWebAuthn/Passkey 30
3. UX্ɺCVR্ ɹɾલճͷϩάΠϯํ๏ͷهԱ ɹɾαʔϏεؒͷSSO ɹɾB2C/B2B ʹ߹ΘͤͨΧελϚΠζ ɹɾݸผͷ RP ʹ߹ΘͤͨΧελϚΠζ 31
4. ΤϯλʔϓϥΠζରԠ ɹɾ৫ཧΞΧϯτ ɹɾSAML 32
5. ͦͷଞݸผχʔζͷରԠ ɹɾi18nʢӳޠʣ 33
6. IDج൫ࣗମͷΞʔΩςΫνϟվળ ɹɾSakura -> AWS ɹɾk8s 34
ࠓޙͳʹ͍͔ͬͯ͘ 35
WebAuthn/Passkey ͷνϟϨϯδ ɹɾ࣮ࡁΈ͕ͩར༻ଅਐ͍ͯ͠ͳ͍ ɹɾAutofill ͷಋೖ ɹɾదͳλΠϛϯάͰͷొͷ༠ಋ ɹɾ”ύεϫʔυϨε” ͷఏڙ 36
ΞΧϯτϦΧόϦͷվળ 37
αʔϏεͷಛੑίϯςΩετʹ߹Θͤͨ ॊೈͳೝূͷఏڙ 38
ୀձ·ΘΓͷ Bad UX վળ ɹɾαʔϏεͷୀձͱIdPͷୀձͷѻ͍ ɹɾҰՕॴͰશ෦ୀձ͍͕ͤͨ͞… 39
άϧʔϓձࣾͷαʔϏεͱͷID౷߹ 40
3rd Party ͷ։์ 41
Pull ͔Β Publish (Push) RISCͷΑ͏ͳΓํͰ https://openid.net/specs/openid-risc-profile-specification-1_0.html https://developers.google.com/identity/protocols/risc 42
ϚϧνΞΧϯτɺϚϧνηογϣϯ ͜Μͳݴ༿͕͋Δ͔Θ͔ΒΜ͚ͲɺGoogle Έ͍ͨʹΓସ͑ ݸਓͱձࣾͰΞΧϯτΛ͍͚Δਓ͚ 43
ڞ༗ΞΧϯτʁ 44
ΞΫηείϯτϩʔϧ 45
Thank you! 46