Upgrade to Pro — share decks privately, control downloads, hide ads and more …

JWTとは

Yuki Shibata
September 15, 2021
Programming
0
18

 JWTとは

社内勉強会資料

Yuki Shibata

September 15, 2021
Tweet

More Decks by Yuki Shibata

See All by Yuki Shibata
Don't be afraid to $git rebase
yukiyohure
0
26
Pronunciation exercise
yukiyohure
0
10
開発に関する英単語
yukiyohure
0
23

Other Decks in Programming

See All in Programming
The Evolution of Enterprise Java with Jakarta EE 11 and Beyond
ivargrimstad
0
600
NestJSのコードからOpenAPIを自動生成する際の最適解を探す
astatsuya
0
160
Windows版PHPのビルド手順とPHP 8.4における変更点
matsuo_atsushi
0
360
ベクトル検索システムの気持ち
monochromegane
28
8.2k
ニックトレイン登壇資料
ryotakurokawa
0
130
RubyKaigiで手に入れた HHKB Studioのための HIDRawドライバ
iberianpig
0
180
AI Agentを利用したAndroid開発について
yuchan2215
0
200
Identifying and Analyzing Fake OSS with Malware - fukuoka.go#21
rhykw
0
520
いまさら聞けない生成AI入門: 「生成AIを高速キャッチアップ」
soh9834
11
3.3k
PHPer's Guide to Daemon Crafting Taming and Summoning
uzulla
2
800
Devinのメモリ活用の学びを自社サービスにどう組み込むか?
itarutomy
0
1.3k
もう一人で悩まない! 個の知見をチームの知見にする3つの習慣と工夫 / Into team knowledge.
honyanya
3
520

Featured

See All Featured
The World Runs on Bad Software
bkeepers
PRO
67
11k
Dealing with People You Can't Stand - Big Design 2015
cassininazir
366
25k
Cheating the UX When There Is Nothing More to Optimize - PixelPioneers
stephaniewalter
280
13k
StorybookのUI Testing Handbookを読んだ
zakiyama
28
5.6k
Practical Orchestrator
shlominoach
186
10k
Intergalactic Javascript Robots from Outer Space
tanoku
270
27k
Improving Core Web Vitals using Speculation Rules API
sergeychernyshev
11
600
The Web Performance Landscape in 2024 [PerfNow 2024]
tammyeverts
4
490
[RailsConf 2023 Opening Keynote] The Magic of Rails
eileencodes
28
9.4k
Building Applications with DynamoDB
mza
94
6.3k
The Cult of Friendly URLs
andyhume
78
6.3k
Imperfection Machines: The Place of Print at Facebook
scottboms
267
13k

Transcript

  1. JWTʹ͍ͭͯ

  2. 1. JWTͱ͸ 2. JWTͷத਎ 3. JWTΛ࢖͏ͱԿ͕خ͍͔͠ 4. JWTͷ஫ҙ఺ ໨࣍

  3. 1. JWTͱ͸ Json Web Token ͷུɻ RFC7519 Ͱఆٛ͞Ε͍ͯΔٕज़Ͱɺ RFC7515 JWS

    (Json Web Signature) ͷ࢓༷ʹԊͬͯɺpayload෦෼ΛJSONܗࣜʹͯ͠ +α ͨ͠΋ͷɻ eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9. eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6Ikpva G4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ. S f lKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQs sw5c ϔομʔ ϖΠϩʔυ ॺ໊ { "alg": "HS256", "typ": "JWT" } { "sub": "1234567890", "name": "John Doe", "iat": 1516239022 } HMACSHA256( base64UrlEncode(header) + "." + base64UrlEncode(payload), your-256-bit-secret ) JSON BASE JWT

  4. 1. JWTͱ͸ POST /user/login {email, password} Ϣʔβʔೝূޙʹ ηογϣϯ৘ใΛอଘ ηογϣϯIDΛCookieͱͯ͠ฦ͢ ϦΫΤετΛηογϣϯIDͱͱ΋ʹૹΔ

    ૹΒΕ͖ͯͨηογϣϯIDͱ อଘͨ͠ηογϣϯIDͰݕূ Ϩεϙϯε Sessionํࣜ

  5. 1. JWTͱ͸ POST /user/login {email, password} ൿີ伴Λ࢖ͬͯ JWTΛੜ੒ JWTΛϨεϙϯεͱͯ͠ฦ͢ ϦΫΤετΛJWTͱͱ΋ʹૹΔ

    JWTͷத਎Λݕূ JWT͔ΒϢʔβʔ৘ใΛऔಘ Ϩεϙϯε JWTํࣜ

  6. 1. JWTͱ͸ POST /user/login {email, password} Secret keyΛ࢖ͬͯ JWTΛੜ੒ JWTΛϨεϙϯεͱͯ͠ฦ͢

    ϦΫΤετΛJWTͱͱ΋ʹૹΔ JWTͷத਎Λݕূ JWT͔ΒϢʔβʔ৘ใΛऔಘ Ϩεϙϯε JWTํࣜ POST /user/login {email, password} Ϣʔβʔೝূޙʹ ηογϣϯ৘ใΛอଘ ηογϣϯIDΛCookieͱͯ͠ฦ͢ ϦΫΤετΛηογϣϯIDͱͱ΋ʹૹΔ ૹΒΕ͖ͯͨ ηογϣϯIDͱอଘͨ͠ ηογϣϯIDͰݕূ Ϩεϙϯε Sessionํࣜ ೋͭͷେ͖ͳҧ͍͸ɺτʔΫϯΛอଘ͢Δ৔ॴɻ ηογϣϯํࣜ͸αʔόʔʹɺ JWTํࣜ͸ϒϥ΢βʹอଘ͢Δɻ

  7. 2. JWTͷத਎

  8. 3. JWTΛ࢖͏ͱԿ͕خ͍͔͠ ServerA ServerC ServerB

  9. 4. JWTͷ஫ҙ఺ ϢʔβʔͷೳಈతͳϩάΞ΢τʹΑΔτʔΫϯͷ؅ཧ A UserAHeader. UserAPayload. UserASignature UserAHeader. UserAPayload. UserASignature

    ࿙Ӯ OK OK ʻϩάΞ΢τϘλϯԡԼʼ B

  10. 4. JWTͷ஫ҙ఺

  11. ऴΘΓ