Upgrade to Pro — share decks privately, control downloads, hide ads and more …

About_JWT_at_NDS_39_Niigata_pm

658c29959d8a9fd352afa440a5813137?s=47 ritou
December 13, 2014

 About_JWT_at_NDS_39_Niigata_pm

NDS#39 Niigata.pm tech talk http://connpass.com/event/8695/ で発表した資料です。

658c29959d8a9fd352afa440a5813137?s=128

ritou

December 13, 2014
Tweet

Transcript

  1. 1

  2. • • • • 2

  3. 3

  4. 4

  5. • • • • • 5

  6. 6

  7. eyJ .eyJ . 7

  8. [Encoded Header] [Encoded Payload] [Encoded Signature] 8

  9. {"alg":"HS256","typ":"JWT"} 9

  10. {"name":"ritou","title":"About JSON Web Token","date":"2014-12-13"} 10

  11. “Encoded Header + ‘.’ + Encoded Payload” eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJuYW1lIjoicml0b 3UiLCJ0aXRsZSI6IkFib3V0IEpTT04gV2ViIFRva2VuIiwiZGF0ZSI6I jIwMTQtMTItMTMifQ

    11
  12. 12

  13. 13

  14. 14

  15. • JWS(JSON Web Signature) : 署名つき • • JWA(JSON Web

    Algorithm) : 署名生成/暗号化の アルゴリズム • JWK(JSON Web Key) : 鍵まわり 15
  16. 16

  17. • • • • • • 17

  18. 18

  19. 19

  20. 20

  21. • 21

  22. iss [ID Tokenの発行元] sub [ユーザーID] aud [ID Tokenの発行先] 22

  23. • • • 23

  24. 24

  25. 25

  26. 26

  27. • • • • 27

  28. $options->{id} はセッションID(ランダムな文字列) $options->{id} $options->{id} 28

  29. my $cookie = crush_cookie($env->{HTTP_COOKIE} || '')->{$self- >{cookie_name}}; my $session =

    $self->{store}->get($cookie) or return; $session = $self->{serializer}->[1]->($session) if $self->{serializer}; 29
  30. • • Session IDを含むJWS • • JWS検証後 30

  31. ::JWSCookie $options->{id} はセッションID(ランダムな文字列) my $jws = encode_jwt({ id => $options->{id}

    }, $self->secret, $self->alg); $jws $jws 31
  32. ::JWSCookie my $cookie = crush_cookie($env->{HTTP_COOKIE} || '')->{$self->{cookie_name}}; # JWSの検証 $payload

    = decode_jwt($cookie, $self->secret, 0); 32
  33. ::JWSCookie my $id = $payload->{id}; my $session = $self->{store}->get($id) or

    return; 33
  34. • • • • 34

  35. 35

  36. http://d.hatena.ne.jp/ritou/20140927/1411811648 36

  37. • • • 37

  38. 38

  39. • • • • • 39

  40. 40

  41. • • • • • 41

  42. 42

  43. • • • 43

  44. 44

  45. • • • 45

  46. • • • 46

  47. 47