認証認可 - Speaker Deck

Slide 1

Slide 1 text

ೝূɾೝՄ 2021/7/2(ۚ)ɹদా޾య

Slide 2

Slide 2 text

ࠓճ࣮ࡍʹௐ΂ͯΈͯ,,, • ·ͣɺೝূೝՄͷ࿩͸Ԟ͕ਂ͍ʂʂʂ • ௐ΂͍ͯ͘͏ͪʹOAuth΍OpenID ConnectͳͲ৭ʑग़ͯ͘Δ • ೝূೝՄʁϩάΠϯͷ͜ͱ΍Ζʁ,,

Slide 3

Slide 3 text

ೝূͱೝՄʹ͍ͭͯ ೝূɹ(Authentication) • ௨৴ͷ૬ख͕୭(Կ)Ͱ͋Δ͜ͱ͔Λ֬ೝ͢Δ͜ͱ • ੒Γࡁ·͠Ͱͳ͍͜ͱΛ֬ೝ͢Δ͜ͱ ೝՄɹ(Authorization) • ಛఆͷ৚݅ʹରͯ͠ɺϦιʔεΞΫηεݖݶΛ༩͑Δ͜ͱ   → ݖݶΛ༩͑Δ͜ͱ

Slide 4

Slide 4 text

ೝূͱೝՄ HTTP statusͷ࿩ ೝূɹ(Authentication) • 401 Unauthorized —ɹೝূͷࣦഊ • ʮ͓·͑୭ͩΑʯ ݴ༿͸ࣅͯΔ͚Ͳผͷ֓೦! ೝՄɹ(Authorization) • 403 Forbidden — ೝՄͷෆ଍ • ʮཧղͨ͠ɺ͕ͩஅΔʯ

Slide 5

Slide 5 text

ೝূͷ࿩ ೝূɹ(Authentication) • ௨৴૬खͷID(ଐੑ)ΛͳΓ͢·͠Ͱ͸ͳ͍͜ͱΛ֬৴͢Δ͜ͱ ೝূཁૉ ݱ࣮ͷੈք ిࢠͷੈք ͋ͳͨ͸ͩΕʁ إɺ੠ɺॺ໊ච੻ ੜମೝূ(ࢦ໲ɺ੠໲ೝূ) ԿΛ΋ͬͯΔͷʁ ҹؑɺ਎෼ূ໌ॻɺΧʔυ ɹܞଳి࿩,ిࢠূ໌ॻ,   ηΩϡϦςΟʔτʔΫϯ ͋ͳͨ͸ͩΕʁ ߹ݴ༿ ύεϫʔυ

Slide 6

Slide 6 text

伴(key) ৣ(lock)

Slide 7

Slide 7 text

ೝՄ ͷ࿩ ೝՄɹ(Authorization) • ୭͔ʹ 伴Λ౉͢͜ͱɻ • ྫ͑͹৐ं݊ • ੾ූΛ࣋ͬͯೖΕ͹ɺిंʹ৐ΕΔɻͳ͚Ε͹৐Εͳ͍ɻ • ೝՄʹ਎ݩ֬ೝ͸ඞਢͰ͸ͳ͍   伴΍੾ූ͔Βʮ୭͔ʯ͸Θ͔Βͳ͍

Slide 8

Slide 8 text

1.Ϣʔβʔʹʮ伴(key)ʯΛ༩͑Δɻ 2.Ϧιʔεʹʮৣ(lock)ʯΛ͔͚Δɻ 3.ΞΫηε࣌ʹ伴Λ࢖ͬͯղৣ͢Δɻ ϙϦγʔఆٛ ϙϦγʔࢪߦ

Slide 9

Slide 9 text

ΞΫηετʔΫϯ ɾೝূࡁΈϢʔβʔΛࣝผ͢ΔͨΊͷจࣈྻɻ ɾτʔΫϯɾɾɾʮূڌʯʮ͠Δ͠ʯʮ৅௃ʯ

Slide 10

Slide 10 text

ೝূͱೝՄ ͷີ݁߹ͷ࿩ ೝূɹ(Authentication)ɹͱɹೝՄɹ(Authorization) ɾ૬ख͸A͞Μͩʂ ͔ͩΒΞΫηεڐՄ ɾ૬ख͸A͞ΜͰͳ͍! ΞΫηε͸ڐՄ͞Εͳ͍   ɾΞΫηε͕ڐՄ͞Εͨɺͭ·ΓA͞Μ(!?) ɾΞΫηε͕ڐՄ͞Εͳ͔ͬͨɺͭ·ΓA͞ΜͰͳ͍ →͜ͷ༷ʹೝূͱೝՄͷɺٯɾཪɾରۮ͕ग़ͯ͘Δɻ

Slide 11

Slide 11 text

ೝূͱೝՄ ͷ࿩ • ೝূʹجͮ͘ೝՄ   ͜Ε͕ଟ͘ͷਓ͕ߟ͑Δύλʔϯɻ   ྫʣӡస໔ڐॻͳͲ͕͍͍ྫɻ   • ೝՄʹجͮ͘ೝূ(!?)   ྫ) ͜ͷਓ͸A͞ΜͷՈͷ伴Λ࣋ͬͯΔ͔ΒɺA͞ΜͩͶ   →͜Εͷߟ͕͑OAuthೝূͷߟ͑ʹͭͳ͕Δɻ