Upgrade to Pro — share decks privately, control downloads, hide ads and more …

OPTiM サービスでの OAuth 2.0/OpenID Connect と 周辺技術の活用事例

OPTiM
February 25, 2019
Technology
0
9.3k

OPTiM サービスでの OAuth 2.0/OpenID Connect と 周辺技術の活用事例

OPTiM

February 25, 2019
Tweet

More Decks by OPTiM

See All by OPTiM
Nuxt3マイグレーションについて / nuxt_migration
optim
0
100
挑戦を楽しむ!保守運用の管理課題への取り組み
optim
0
68
開発生産性を始める前に開発チームができること / optim-improve-development-productivity.pdf
optim
1
490
Go×LLMで新たなコード生成の可能性を探る / GolangDeveloperNight_Go×LLM
optim
0
380
スプリントレビュー(バザー形式)とそれを支えるCI CD / sprint-review-bazaar-and-supporting-cicd
optim
0
540
Vue.jsを用いて数万の農地データ情報を数秒で表示させるまでのカイゼンの軌跡
optim
1
320
Metabaseを使ったコスト可視化とコスト最適化への道 / sre-cost-visualization
optim
0
670
新卒がアプリをEKSにデプロイした話 / sre-newcomer-deploy-app-to-eks
optim
1
330
Rustのイテレーター完全制覇 / domination-of-the-rust-iterators
optim
3
3.1k

Other Decks in Technology

See All in Technology
【若手エンジニア応援LT会】ソフトウェアを学んできた私がインフラエンジニアを目指した理由
kazushi_ohata
0
150
10XにおけるData Contractの導入について: Data Contract事例共有会
10xinc
6
620
【令和最新版】AWS Direct Connectと愉快なGWたちのおさらい
minorun365
PRO
5
750
【Pycon mini 東海 2024】Google Colaboratoryで試すVLM
kazuhitotakahashi
2
500
IBC 2024 動画技術関連レポート / IBC 2024 Report
cyberagentdevelopers
PRO
0
110
Application Development WG Intro at AppDeveloperCon
salaboy
0
190
Terraform CI/CD パイプラインにおける AWS CodeCommit の代替手段
hiyanger
1
240
OCI Security サービス 概要
oracle4engineer
PRO
0
6.5k
Incident Response Practices: Waroom's Features and Future Challenges
rrreeeyyy
0
160
rootlessコンテナのすゝめ - 研究室サーバーでもできる安全なコンテナ管理
kitsuya0828
3
380
ドメインの本質を掴む / Get the essence of the domain
sinsoku
2
150
Engineer Career Talk
lycorp_recruit_jp
0
160

Featured

See All Featured
The Straight Up "How To Draw Better" Workshop
denniskardys
232
140k
VelocityConf: Rendering Performance Case Studies
addyosmani
325
24k
Typedesign – Prime Four
hannesfritz
40
2.4k
The Psychology of Web Performance [Beyond Tellerrand 2023]
tammyeverts
44
2.2k
How to train your dragon (web standard)
notwaldorf
88
5.7k
The Art of Programming - Codeland 2020
erikaheidi
52
13k
What’s in a name? Adding method to the madness
productmarketing
PRO
22
3.1k
The Power of CSS Pseudo Elements
geoffreycrofte
73
5.3k
Let's Do A Bunch of Simple Stuff to Make Websites Faster
chriscoyier
506
140k
How GitHub (no longer) Works
holman
310
140k
Building Flexible Design Systems
yeseniaperezcruz
327
38k
Mobile First: as difficult as doing things right
swwweet
222
8.9k

Transcript

  1. Copyright © 2019 OPTiM Corp. All Rights Reserved. 1 .

    2 / 0// 2 CAI D

  2. Copyright © 2019 OPTiM Corp. All Rights Reserved. 2 

    p Yuu Kikuchi p Works at OPTiM Inc. (2014 ~) p Engineer at Platform business division p in OPTiM... • OPTiM Store (2016 ~) • OPTiM Cloud IoT OS/LANDLOG (2017 ~) p in OIDF-J… • Enterprise Identity WG Phase 3 (2016 ~) • KYC WG (2019 ~)

  3. Copyright © 2019 OPTiM Corp. All Rights Reserved. 3 p

    SaaS Marketplace p O S p T M P

  4. Copyright © 2019 OPTiM Corp. All Rights Reserved. 4 p

    AI/IoT M (PaaS) p P S O p (LANDLOG) T (AGRI EARTH) I C M

  5. Copyright © 2019 OPTiM Corp. All Rights Reserved. 5 (

    ) / (

  6. Copyright © 2019 OPTiM Corp. All Rights Reserved. 6 I

    T p IoT Platform o S u p O I C C p Microservice Architecture C p OAuth Resource Server l • Access Token C d

  7. Copyright © 2019 OPTiM Corp. All Rights Reserved. 7 p

    Shared Database • Authorization Server Resource Server Access Token e • eDB k S p Token Introspection • Access Token T R T Authorization Server • Authorization Server k p Formatted Access Token • Access Token A • Resource Server Access Token Resource Server k c S

  8. Copyright © 2019 OPTiM Corp. All Rights Reserved. 8

  9. Copyright © 2019 OPTiM Corp. All Rights Reserved. 9

  10. Copyright © 2019 OPTiM Corp. All Rights Reserved. 10 JSON

    Web Token

  11. Copyright © 2019 OPTiM Corp. All Rights Reserved. 11

  12. Copyright © 2019 OPTiM Corp. All Rights Reserved. 12 OAuth

    2.0Access TokenJSON Web Token(JSON Web Signature) - r-weblife (http://d.hatena.ne.jp/ritou/20140927/1411811648)

  13. Copyright © 2019 OPTiM Corp. All Rights Reserved. 20 B

    p $!&'+57;#<4@=/6 OAuth PKCE (RFC7636) A3 p Device 57;08JWT Profile for OAuth 2.0 Client Authentication (RFC7523) A3 p '* "%(?9'+1 ,-.)D  OpenID Connect Session Management A3 • :'+2C  iOS 12 (ITP2.0) > 

  14. Copyright © 2019 OPTiM Corp. All Rights Reserved. 21 (

    ( ) (

  15. Copyright © 2019 OPTiM Corp. All Rights Reserved. 22 P

    S p SaaS Marketplace o • SaaS Marketplace T e • ID i p OPTiM Store • API t ”Contract API” • r M P SO ”SCIM API” • IDaaS Single-Sign On “OpenID Connect"

  16. Copyright © 2019 OPTiM Corp. All Rights Reserved. 23 OPTiM

    Store API Docs (https://optim-corp.github.io/optim_store_api_docs/)

  17. Copyright © 2019 OPTiM Corp. All Rights Reserved. 24 3ϥΠηϯεߪೖ

    3ϥΠηϯεߪೖ ςφϯτ४උ׬ྃ ςφϯτ࡞੒ SCIM ॳظઃఆ OIDC ॳظઃఆ ϥΠηϯεߪೖ׬ྃ ϥΠηϯε෇༩ (3ਓ෼) ΞΧ΢ϯτ࡞੒ End User ʹ Push ௨஌

  18. Copyright © 2019 OPTiM Corp. All Rights Reserved. 25 p

    CP JWT RP • RSA JWK p RP JWT I • RSA A • JWK

  19. Copyright © 2019 OPTiM Corp. All Rights Reserved. 26 )

    ( (

  20. Copyright © 2019 OPTiM Corp. All Rights Reserved. 27 ()

    ( (

  21. Copyright © 2019 OPTiM Corp. All Rights Reserved. 28 )

    ( ) (

  22. Copyright © 2019 OPTiM Corp. All Rights Reserved. 29 3ϥΠηϯεߪೖ

    3ϥΠηϯεߪೖ ςφϯτ४උ׬ྃ ςφϯτ࡞੒ SCIM ॳظઃఆ OIDC ॳظઃఆ ϥΠηϯεߪೖ׬ྃ ϥΠηϯε෇༩ (3ਓ෼) ΞΧ΢ϯτ࡞੒ End User ʹ Push ௨஌

  23. Copyright © 2019 OPTiM Corp. All Rights Reserved. 30 p

    Contract API M JWT RP C • Payload SCIM Client A p RP I P OAuth Client

  24. Copyright © 2019 OPTiM Corp. All Rights Reserved. 31 Request

    Response JWT Payload

  25. Copyright © 2019 OPTiM Corp. All Rights Reserved. 32 3ϥΠηϯεߪೖ

    3ϥΠηϯεߪೖ ςφϯτ४උ׬ྃ ςφϯτ࡞੒ SCIM ॳظઃఆ OIDC ॳظઃఆ ϥΠηϯεߪೖ׬ྃ ϥΠηϯε෇༩ (3ਓ෼) ΞΧ΢ϯτ࡞੒ End User ʹ Push ௨஌

  26. Copyright © 2019 OPTiM Corp. All Rights Reserved. 33 p

    Contract API IA IAD JWT IdP p IdP IA OpenID Connect Client • OpenID Connect / OAuth 2.0 Dynamic Client Registration C

  27. Copyright © 2019 OPTiM Corp. All Rights Reserved. 34 Request

    Response JWT Payload

  28. Copyright © 2019 OPTiM Corp. All Rights Reserved. 35 3ϥΠηϯεߪೖ

    3ϥΠηϯεߪೖ ςφϯτ४උ׬ྃ ςφϯτ࡞੒ SCIM ॳظઃఆ OIDC ॳظઃఆ ϥΠηϯεߪೖ׬ྃ ϥΠηϯε෇༩ (3ਓ෼) ΞΧ΢ϯτ࡞੒ End User ʹ Push ௨஌ SCIM 

  29. Copyright © 2019 OPTiM Corp. All Rights Reserved. 36 

        

  30. Copyright © 2019 OPTiM Corp. All Rights Reserved. 40 GR_

    p OAuth Client / OIDC RP UX[ab W< • 3(16,58./,58ZEEQ `C>: • (BackendM ) &).-2)8%Cookie^! • 7*&'2%DF" H!AS #! •  ">NIdP ./,58%=9LB] • PKCE  code_challenge %J ?I C>: p @\ ;$JWT  iat/exp J PT +- >? • " IaaS ,-04@O KWYVF  

  31. Copyright © 2019 OPTiM Corp. All Rights Reserved. 41 dear

    Connect

  32. Copyright © 2019 OPTiM Corp. All Rights Reserved. 42