Upgrade to Pro — share decks privately, control downloads, hide ads and more …

マネーフォワードの認証基盤のこれまでとこれから

Sponsored · Ship Features Fearlessly Turn features on and off without deploys. Used by thousands of Ruby developers.
Avatar for nhosoya nhosoya
January 19, 2023
Technology
0
2.3k

 マネーフォワードの認証基盤のこれまでとこれから

サービスの当たり前を支える認証認可 〜マネーフォワードxマクアケ〜
https://makuake.connpass.com/event/269014/

Avatar for nhosoya

nhosoya

January 19, 2023
Tweet

More Decks by nhosoya

See All by nhosoya
マネーフォワードの認証基盤の現在地
Avatar for nhosoya nhosoya
1
1.4k

Other Decks in Technology

See All in Technology
Claude Code のコード品質がばらつくので AI に品質保証させる仕組みを作った話 / A story about building a mechanism to have AI ensure quality, because the code quality from Claude Code was inconsistent
Avatar for nrs nrslib
13
8.1k
It’s “Time” to use Temporal
Avatar for Saji sajikix
1
160
ガバメントクラウドにおけるAWSの長期継続割引について
Avatar for takeda_h takeda_h
2
210
CyberAgentの生成AI戦略 〜変わるものと変わらないもの〜
Avatar for katayan katayan
0
220
AWS DevOps Agent vs SRE俺 / AWS DevOps Agent vs me, the SRE
Avatar for SMS tech sms_tech
3
830
Claude Codeが爆速進化してプラグイン追従がつらいので半自動化した話 ver.2
Avatar for ryu rfdnxbro
0
540
組織全体で実現する標準監視設計
Avatar for Yuto Obayashi yuobayashi
3
490
TypeScript 7.0の現在地と備え方
Avatar for uhyo uhyo
6
610
決済サービスを支えるElastic Cloud - Elastic Cloudの導入と推進、決済サービスのObservability
Avatar for suzukij suzukij
2
640
社内レビューは機能しているのか
Avatar for Jun Matsuba matsuba
0
130
us-east-1 に障害が起きた時に、 ap-northeast-1 にどんな影響があるか 説明できるようになろう!
Avatar for Kazuki Miura miu_crescent
PRO
13
4.4k
Scrumは歪む — 組織設計の原理原則
Avatar for Daisuke Ashihara dashi
0
180

Featured

See All Featured
<Decoding/> the Language of Devs - We Love SEO 2024
Avatar for Nikki Halliwell nikkihalliwell
1
150
Responsive Adventures: Dirty Tricks From The Dark Corners of Front-End
Avatar for Vitaly Friedman smashingmag
254
22k
Git: the NoSQL Database
Avatar for Brandon Keepers bkeepers
PRO
432
66k
How to make the Groovebox
Avatar for あそなす asonas
2
2k
DevOps and Value Stream Thinking: Enabling flow, efficiency and business value
Avatar for Helen Beal helenjbeal
1
150
Agile Actions for Facilitating Distributed Teams - ADO2019
Avatar for Mark Kilby mkilby
0
150
The Myth of the Modular Monolith - Day 2 Keynote - Rails World 2024
Avatar for Eileen M. Uchitelle eileencodes
26
3.4k
Building Adaptive Systems
Avatar for Chris Keathley keathley
44
3k
Keith and Marios Guide to Fast Websites
Avatar for Keith Pitt keithpitt
413
23k
The MySQL Ecosystem @ GitHub 2015
Avatar for Sam Lambert samlambert
251
13k
Measuring Dark Social's Impact On Conversion and Attribution
Avatar for Stephen Akadiri stephenakadiri
1
160
From Legacy to Launchpad: Building Startup-Ready Communities
Avatar for Dug Song dugsong
0
180

Transcript

  1. ϚωʔϑΥϫʔυͷ ೝূج൫ͷ͜Ε·Ͱ ͱ͜Ε͔Β גࣜձࣾϚωʔϑΥϫʔυ @nhosoya ࡉ୩௚थ 2023-01-19

  2. @nhosoya ʢࡉ୩௚थʣ גࣜձࣾϚωʔϑΥϫʔυ IDαʔϏε։ൃ෦ 2015 - ϚωʔϑΥϫʔυMEͷ։ൃ ʢAndroid/Rails/EMͬΆ͍ͳʹ͔ʣ 2018 -

    ݱࡏ ೝূج൫ͷ։ൃ <- ࠓ೔͸͜ͷ࿩ 2

  3. ϚωʔϑΥϫʔυͷαʔϏε 3

  4. ͜͜ʹςΩετ͕ೖΓ·͢͜͜ʹςΩετ͕ ͜͜ʹςΩετ͕ೖΓ·͢͜͜ʹςΩετ͕ ͜͜ʹςΩετ͕ೖΓ·͢͜͜ʹςΩετ͕ ͜͜ʹςΩετ͕ೖΓ·͢͜͜ʹςΩετ͕ 4

  5. 1ͭͷIDͰ͢΂ͯͷαʔϏεΛར༻Մೳ  31T *E1 01 5

  6. ౰વɺ࠷ॳ͔Β͜͏ͳ͍ͬͯͨΘ͚Ͱ͸ͳ͍ 6

  7. 2012೥ ϚωʔϑΥϫʔυ ME ϦϦʔε 7

  8. 1App 1DBͷγϯϓϧͳߏ੒ - ΞΧ΢ϯτ(ID/PW) - ۚ༥ػؔͳͲ͔Βऔಘͨ͠৘ใ - ͳͲͳͲ 8

  9. 2013೥ Ϋϥ΢υձܭɾ֬ఆਃࠂ ϦϦʔε 9

  10. Ոܭ฽ͷσʔλΛ֬ఆਃࠂͰ΋׆༻͍ͨ͠ 10

  11. ڞ༗͞ΕΔσʔλϕʔε - ۚ༥ػؔͳͲ͔Βऔಘͨ͠৘ใ - Ոܭ฽αʔϏεͷΈ͕ར༻͢Δ σʔλ - ΞΧ΢ϯτ৘ใ (ID/PW) -

    ձܭɾ֬ఆਃࠂαʔϏεͷΈ͕ ར༻͢Δσʔλ 11

  12. 2014೥ Ϋϥ΢υ੥ٻॻ 2015೥ Ϋϥ΢υڅ༩ Ϋϥ΢υϚΠφϯόʔ 2016೥ Ϋϥ΢υܦඅ 12

  13. ਐΉີ݁߹ - ΞΧ΢ϯτ৘ใ (ID/PW) - ۚ༥ػؔͳͲ͔Βऔಘͨ͠৘ใ - Ոܭ฽αʔϏεͷΈ͕ར༻͢Δ σʔλ -

    ϚωʔϑΥʔϫʔυΫϥ΢υͷ αʔϏε͕ڞ௨Ͱར༻͢Δσʔλ 13

  14. ͜ͷͱ͖ͳʹ͕ى͖͍͔ͯͨ සൃ͢Δো֐ ɾDBͷੑೳ໰୊ ɾεϩʔΫΤϦҰൃͰ શαʔϏε͕ো֐ʹͳΔ ɾڞ༗ϥΠϒϥϦͰޓ׵ੑ Λอͭඞཁ͕͋Δ ɾΫϥ΢υαʔϏεΛ࢖͑ ͳ͍ ɾӨڹ͕શαʔϏεʹٴͿ

    ͷͰख͕ग़ͮ͠Β͍ ɾಉҰIDͰ͋Δ͜ͱΛ׆͔ ͤͳ͍ ։ൃ΁ͷ੍໿ ਐԽ͠ͳ͍ೝূ 14

  15. 2018೥ ೝূج൫ͷ։ൃ։࢝ 15

  16. Ͳ͏ղܾ͢Δ DB΁ͷґଘΛ ݮΒ͢ WebAPI ͷΈͰ ΍ΓऔΓ ิॿͰ͸ͳ͘ ҕৡͯ͠΋Β͏ 16

  17. *%τʔΫϯͷऔಘͱݕূ ೝূ 17

  18. OpenID Connect ͷϝϦοτ • ඪ४࢓༷Ͱ͋Δ • ηΩϡϦςΟݒ೦͕গͳ͍ • OSS͕ར༻Ͱ͖ΔʢΫϥΠΞϯτࢹ఺ʣ •

    RESTful ͳ Web API ͷΈͰͷ΍ΓऔΓ • ݴޠɺΠϯϑϥͱ΋ʹαʔϏεଆ΁ͷ੍໿͕ͳ͍ • IdP ଆͷ։ൃͷΈͰೝূڧԽ͕Մೳ • ೝূॲཧࣗମ͸ IdP ଆͷυϝΠϯͷΈͰߦΘΕΔ 18

  19. େมͩͬͨ͜ͱ • ࢓༷ͷཧղɾղऍ͕೉͍͠ • Ͳ͏࡞Δ͔ • طଘαʔϏεͷ IdP ରԠ 19

  20. ࢓༷ͷཧղɾղऍ͕೉͍͠ • ؔ࿈࢓༷͕ଟ͍… • Φϓγϣφϧ͕ଟ͍… • IdP Λ࡞ΔͨΊʹඞཁͳ࢓༷͕͢΂ͯࡌ͍ͬͯΔΘ͚Ͱ͸ͳ͍ → OpenID

    Foundation Japan ΁ͷ૬ஊ → ΤΩεύʔτͰ͋Δ @nov ͞ΜΛٕज़ސ໰ͱܴͯ͑͠Δʢͷͪೖࣾʣ 20

  21. ࣗ࡞ / IDaaS / Managed • طଘσʔλͷҠߦཁ݅ • ϕϯμʔϩοΫΠϯ΁ͷෆ҆ •

    ྉۚʹݟ߹͏ͷ͔ → OSSϥΠϒϥϦΛ࢖ͬͯࣗ࡞ ʢݸਓతʹ͸ΊͪΌͪ͘Όྑ͍ܦݧʹͳͬͨɻ4೥͘Β͍େ͖ͳ໰୊΋ͳ͘ӡ༻Ͱ͖͍ͯΔɻ ͚Ͳ͔ͳΓ੒ޭόΠΞεɻຊ౰ʹθϩ͔Β΍ΔͳΒ IDaaS ࢖ͬͯΈ͍ͨɻʣ 21

  22. طଘαʔϏεͷ IdP ରԠ • ঢ়گ • ։ൃ։࢝࣌఺Ͱ7ͭͷαʔϏε͕ӡ༻த • ৽ن2αʔϏεʢIdP ར༻લఏͰ։ൃʣϦϦʔεؒۙ

    • ϏοάόϯϦϦʔε͸ૣʑʹఘΊΔ • IdP ͕ڞ௨DB Λར༻͢Δ͜ͱͰޓ׵ੑΛอͭ͜ͱʹͨ͠ 22

  23. ཧ૝͸DBͷڞ༗͕ͳ͍ੈք 23

  24. IdP͕ڞ༗DBʹ৘ใΛಉظ͢Δ 24

  25. 2018೥12݄ ೝূج൫ͷϦϦʔε 25

  26. ଓ͘৽نαʔϏε 2020೥ ϚωʔϑΥϫʔυ ͓ۚͷ૬ஊ ϚωʔϑΥϫʔυ Ϋϥ΢υձܭPlus ϚωʔϑΥϫʔυ ࣾձอݥ ϚωʔϑΥϫʔυ ։ۀಧ

    2021೥ ϚωʔϑΥϫʔυ Ϋϥ΢υ࠴຿ࢧ෷ ϚωʔϑΥϫʔυ Ϋϥ΢υܖ໿ ϚωʔϑΥϫʔυ Ϋϥ΢υ੥ٻॻPlus ϚωʔϑΥϫʔυ Ϋϥ΢υݻఆࢿ࢈ ϚωʔϑΥϫʔυ Ϋϥ΢υਓࣄ؅ཧ ϚωʔϑΥϫʔυ Ϋϥ΢υ೥຤ௐ੔ ϚωʔϑΥϫʔυ IT؅ཧΫϥ΢υ ϚωʔϑΥϫʔυ Pay for Business 26

  27. 1ͭͷIDͰ͢΂ͯͷαʔϏεΛར༻Մೳ 27

  28. ϦϦʔε͔ͯ͠ΒԿ΍ͬͯͨͷʁ 28

  29. 1. طଘαʔϏεͷҠߦαϙʔτ ɹɾશαʔϏε͕৐ͬͨͷ͸2020೥͘Β͍ 29

  30. 2. ೝূڧԽ ɹɾ2FA (TOTP/SMS) ɹɾSign in with Apple ɹɾϩάΠϯ௨஌ ɹɾύεϫʔυϙϦγʔมߋ

    ɹɾύεϫʔυڧ౓ϝʔλʔ ɹɾWebAuthn/Passkey 30

  31. 3. UX޲্ɺCVR޲্ ɹɾલճͷϩάΠϯํ๏ͷهԱ ɹɾαʔϏεؒͷSSO ɹɾB2C/B2B ʹ߹ΘͤͨΧελϚΠζ ɹɾݸผͷ RP ʹ߹ΘͤͨΧελϚΠζ 31

  32. 4. ΤϯλʔϓϥΠζରԠ ɹɾ૊৫؅ཧΞΧ΢ϯτ ɹɾSAML 32

  33. 5. ͦͷଞݸผχʔζ΁ͷରԠ ɹɾi18nʢӳޠʣ 33

  34. 6. IDج൫ࣗମͷΞʔΩςΫνϟվળ ɹɾSakura -> AWS ɹɾk8s 34

  35. ࠓޙͳʹ΍͍͔ͬͯ͘ 35

  36. WebAuthn/Passkey ΁ͷνϟϨϯδ ɹɾ࣮૷ࡁΈ͕ͩར༻ଅਐ͸͍ͯ͠ͳ͍ ɹɾAutofill ͷಋೖ ɹɾద੾ͳλΠϛϯάͰͷొ࿥΁ͷ༠ಋ ɹɾ”ύεϫʔυϨε” ͷఏڙ 36

  37. ΞΧ΢ϯτϦΧόϦͷվળ 37

  38. αʔϏεͷಛੑ΍ίϯςΩετʹ߹Θͤͨ ॊೈͳೝূͷఏڙ 38

  39. ୀձ·ΘΓͷ Bad UX վળ ɹɾαʔϏεͷୀձͱIdPͷୀձͷѻ͍ ɹɾҰՕॴͰશ෦ୀձ͍͕ͤͨ͞… 39

  40. άϧʔϓձࣾͷαʔϏεͱͷID౷߹ 40

  41. 3rd Party ΁ͷ։์ 41

  42. Pull ͔Β Publish (Push) ΁ RISCͷΑ͏ͳ΍ΓํͰ https://openid.net/specs/openid-risc-profile-specification-1_0.html https://developers.google.com/identity/protocols/risc 42

  43. ϚϧνΞΧ΢ϯτɺϚϧνηογϣϯ ͜Μͳݴ༿͕͋Δ͔Θ͔ΒΜ͚ͲɺGoogle Έ͍ͨʹ੾Γସ͑ ݸਓͱձࣾͰΞΧ΢ϯτΛ࢖͍෼͚Δਓ޲͚ 43

  44. ڞ༗ΞΧ΢ϯτʁ 44

  45. ΞΫηείϯτϩʔϧ 45

  46. Thank you! 46