About_JWT_at_NDS_39_Niigata_pm

Transcript

1. 1

2. • • • • 2

3. 3

4. 4

5. • • • • • 5

6. 6

7. eyJ .eyJ . 7

8. [Encoded Header] [Encoded Payload] [Encoded Signature] 8

9. {"alg":"HS256","typ":"JWT"} 9

10. {"name":"ritou","title":"About JSON Web Token","date":"2014-12-13"} 10

11. “Encoded Header + ‘.’ + Encoded Payload” eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJuYW1lIjoicml0b 3UiLCJ0aXRsZSI6IkFib3V0IEpTT04gV2ViIFRva2VuIiwiZGF0ZSI6I jIwMTQtMTItMTMifQ

    11

12. 12

13. 13

14. 14

15. • JWS(JSON Web Signature) : 署名つき • • JWA(JSON Web

    Algorithm) : 署名生成/暗号化の アルゴリズム • JWK(JSON Web Key) : 鍵まわり 15

16. 16

17. • • • • • • 17

18. 18

19. 19

20. 20

21. • 21

22. iss [ID Tokenの発行元] sub [ユーザーID] aud [ID Tokenの発行先] 22

23. • • • 23

24. 24

25. 25

26. 26

27. • • • • 27

28. $options->{id} はセッションID(ランダムな文字列) $options->{id} $options->{id} 28

29. my $cookie = crush_cookie($env->{HTTP_COOKIE} || '')->{$self- >{cookie_name}}; my $session =

    $self->{store}->get($cookie) or return; $session = $self->{serializer}->[1]->($session) if $self->{serializer}; 29

30. • • Session IDを含むJWS • • JWS検証後 30

31. ::JWSCookie $options->{id} はセッションID(ランダムな文字列) my $jws = encode_jwt({ id => $options->{id}

    }, $self->secret, $self->alg); $jws $jws 31

32. ::JWSCookie my $cookie = crush_cookie($env->{HTTP_COOKIE} || '')->{$self->{cookie_name}}; # JWSの検証 $payload

    = decode_jwt($cookie, $self->secret, 0); 32

33. ::JWSCookie my $id = $payload->{id}; my $session = $self->{store}->get($id) or

    return; 33

34. • • • • 34

35. 35

36. http://d.hatena.ne.jp/ritou/20140927/1411811648 36

37. • • • 37

38. 38

39. • • • • • 39

40. 40

41. • • • • • 41

42. 42

43. • • • 43

44. 44

45. • • • 45

46. • • • 46

47. 47