iOSアプリのセキュリティ基礎

Transcript

1. iOSΞϓϦͷηΩϡϦςΟجૅ iOSDC Japan 2021 saten @saten_work 58*55&3
   58&&5
   3&58&&5
   BOE
   UIF
   5XJUUFS
   #JSE
   MPHP
   BSF
   
   USBEFNBSLT
   PG
   5XJUUFS
   *OD
   PS
   JUT
   BGGJMJBUFT

2. Copyright © Kakaku.com Inc. All Rights Reserved. ࣗݾ঺հ saten גࣜձࣾΧΧΫίϜ

   ৯΂ϩάॴଐ ɹɹ@saten_work 58*55&3
   58&&5
   3&58&&5
   BOE
   UIF
   5XJUUFS
   #JSE
   MPHP
   BSF
   
   USBEFNBSLT
   PG
   5XJUUFS
   *OD
   PS
   JUT
   BGGJMJBUFT

3. Copyright © Kakaku.com Inc. All Rights Reserved. ࣗݾ঺հ saten גࣜձࣾΧΧΫίϜ

   ৯΂ϩάॴଐ ɹɹ@saten_work ܦྺ 2011ʙ iPhoneΞϓϦ։ൃͷ࢓ࣄ࢝ΊΔ 2015ʙ גࣜձࣾΧΧΫίϜೖࣾ ৯΂ϩάࢀը 58*55&3
   58&&5
   3&58&&5
   BOE
   UIF
   5XJUUFS
   #JSE
   MPHP
   BSF
   
   USBEFNBSLT
   PG
   5XJUUFS
   *OD
   PS
   JUT
   BGGJMJBUFT

4. Copyright © Kakaku.com Inc. All Rights Reserved. ࣗݾ঺հ saten גࣜձࣾΧΧΫίϜ

   ৯΂ϩάॴଐ ɹɹ@saten_work ܦྺ 2011ʙ iPhoneΞϓϦ։ൃͷ࢓ࣄ࢝ΊΔ 2015ʙ גࣜձࣾΧΧΫίϜೖࣾ ৯΂ϩάࢀը झຯ ࢠڙͱ༡Ϳ Ωϟϯϓ(ॳ৺ऀ) 58*55&3
   58&&5
   3&58&&5
   BOE
   UIF
   5XJUUFS
   #JSE
   MPHP
   BSF
   
   USBEFNBSLT
   PG
   5XJUUFS
   *OD
   PS
   JUT
   BGGJMJBUFT
5. None

6. Copyright © Kakaku.com Inc. All Rights Reserved. ໨࣍ • http/https௨৴͢Δ্ͰؾΛ͚ͭͨํ͕ྑ͍͜ͱ

   • URLεΩʔϜͷ੬ऑੑ • ॏཁ৘ใΛϩʔΧϧͷͲ͜ʹอଘ͢Ε͹ྑ͍ͷʁ • ೝূͷ࢓૊Έʹ͍ͭͯ

7. ηΩϡϦςΟɾγεςϜ͸ৗউΛٛ຿͚ͮΒΕɺ ߈ܸऀ͸Ұ౓উ͚ͭͩͰྑ͍ͱ͍͏֨ݴ͸తΛࣹͯΔɻ μϥεϋοΧʔڠձ
   
   ૑ઃऀ
   %VTUJO
   %ZLFT

8. http/https௨৴͢Δ্ͰؾΛ͚ͭͨํ͕ྑ͍͜ͱ

9. Copyright © Kakaku.com Inc. All Rights Reserved. Α͋͘Δ௨৴ http/https

10. Copyright © Kakaku.com Inc. All Rights Reserved. httpʹ͍ͭͯ http ύεϫʔυ

    ݸਓ৘ใ ΫϨδοτΧʔυ etc. ߈ܸऀ

11. Copyright © Kakaku.com Inc. All Rights Reserved. https(SSL)ʹ͍ͭͯ https ipCKnaxeFumWJ6E27

    5LRbd4WmeVzx8jfL7 MigPJkQZz9ts8Y3KD2 eSSRT68Z9dDCUEchP YBLUQsF6emF6BStaR ߈ܸऀ ❌

12. Copyright © Kakaku.com Inc. All Rights Reserved. https(SSL)ʹ͍ͭͯ https

13. Copyright © Kakaku.com Inc. All Rights Reserved. https(SSL)ʹ͍ͭͯ ઀ଓཁٻ https

    ❌

14. Copyright © Kakaku.com Inc. All Rights Reserved. https(SSL)ʹ͍ͭͯ https ެ։伴

    SSLαʔόূ໌ॻ ߈ܸऀ ❌ αʔόʔͰൿີ伴อ࣋

15. Copyright © Kakaku.com Inc. All Rights Reserved. https(SSL)ʹ͍ͭͯ https (҉߸Խ͞Εͨڞ௨

    伴) ߈ܸऀ ❌ ެ։伴Ͱڞ௨伴Λ҉߸Խ ൿີ伴Ͱ෮߸Խ ڞ௨伴࡞੒

16. Copyright © Kakaku.com Inc. All Rights Reserved. https(SSL)ʹ͍ͭͯ https ipCKnaxeFumWJ6E27

    5LRbd4WmeVzx8jfL7 MigPJkQZz9ts8Y3KD2 eSSRT68Z9dDCUEchP YBLUQsF6emF6BStaR ߈ܸऀ ❌ ڞ௨伴Ͱ҉߸Խ ڞ௨伴Ͱ෮߸Խ

17. Copyright © Kakaku.com Inc. All Rights Reserved. SSLαʔόূ໌ॻʹ͍ͭͯ https ެ։伴

    SSLαʔόূ໌ॻ αʔόʔͰൿີ伴อ࣋ ߈ܸऀ

18. Copyright © Kakaku.com Inc. All Rights Reserved. SSLαʔόূ໌ॻʹ͍ͭͯ https ެ։伴

    SSLαʔόূ໌ॻ αʔόʔͰൿີ伴อ࣋ ߈ܸऀ

19. Copyright © Kakaku.com Inc. All Rights Reserved. SSLαʔόূ໌ॻʹ͍ͭͯ https ެ։伴

    SSLαʔόূ໌ॻ ϧʔτূ໌ॻ αʔόʔͰൿີ伴อ࣋ ߈ܸऀ

20. Copyright © Kakaku.com Inc. All Rights Reserved. SSLαʔόূ໌ॻʹ͍ͭͯ ϧʔτূ໌ॻ ೝূہ

21. Copyright © Kakaku.com Inc. All Rights Reserved. SSLαʔόূ໌ॻʹ͍ͭͯ https ެ։伴

    SSLαʔόূ໌ॻ αʔόʔͰൿີ伴 ϧʔτূ໌ॻ ೝূہ ࣮ࡏ֬ೝ

22. Copyright © Kakaku.com Inc. All Rights Reserved. SSLαʔόূ໌ॻʹ͍ͭͯ https ެ։伴

    SSLαʔόূ໌ॻ αʔόʔͰൿີ伴 ϧʔτূ໌ॻ ೝূہ ࣮ࡏ֬ೝ ߈ܸऀ ❌ ❌

23. Copyright © Kakaku.com Inc. All Rights Reserved. ΦϨΦϨূ໌ॻʹ͍ͭͯ https ެ։伴

    SSLαʔόূ໌ॻ αʔόʔͰൿີ伴 ϧʔτূ໌ॻ ೝূہ ࣮ࡏ֬ೝ ❌ ࣗ෼Ͱ΍ͬͯ͠·͏ ʢΦϨΦϨʣ

24. Copyright © Kakaku.com Inc. All Rights Reserved. iOSͷΦϨΦϨূ໌ॻͷΠϯετʔϧɾ৴པखॱ 1. ΦϨΦϨূ໌ॻ(derϑΝΠϧ)ΛiOSσόΠεʹ

    SafariͳͲͰμ΢ϯϩʔυ͠·͢
 2. ઃఆΞϓϦˠҰൠˠϓϩϑΝΠϧˠμ΢ϯϩʔυ
 ࡁΈϓϩϑΝΠϧˠର৅Λબ୒ˠΠϯετʔϧ
 Ͱϧʔτূ໌ॻΛΠϯετʔϧ͠·͢
 3. ઃఆΞϓϦˠҰൠˠ৘ใˠূ໌ॻ৴པઃఆ
 ͰӈଆͷΑ͏ʹΠϯετʔϧͨ͠ϧʔτূ໌ॻͷ ৴པঢ়ଶΛONʹͯ͠৴པঢ়ଶʹ͠·͢

25. Copyright © Kakaku.com Inc. All Rights Reserved. iOSͷΦϨΦϨূ໌ॻͷΠϯετʔϧɾ৴པखॱ 1. ΦϨΦϨূ໌ॻ(derϑΝΠϧ)ΛiOSσόΠεʹ

    SafariͳͲͰμ΢ϯϩʔυ͠·͢
 2. ઃఆΞϓϦˠҰൠˠϓϩϑΝΠϧˠμ΢ϯϩʔυ
 ࡁΈϓϩϑΝΠϧˠର৅Λબ୒ˠΠϯετʔϧ
 Ͱϧʔτূ໌ॻΛΠϯετʔϧ͠·͢
 3. ઃఆΞϓϦˠҰൠˠ৘ใˠূ໌ॻ৴པઃఆ
 ͰӈଆͷΑ͏ʹΠϯετʔϧͨ͠ϧʔτূ໌ॻͷ ৴པঢ়ଶΛONʹͯ͠৴པঢ়ଶʹ͠·͢

26. Copyright © Kakaku.com Inc. All Rights Reserved. SSLͱTLSͷҧ͍

27. Copyright © Kakaku.com Inc. All Rights Reserved. SSLͱTLSͷҧ͍ 1990೥୅தࠒʙ NetscapeࣾͰSSL։ൃ

    1996೥5݄ʙ SSLΛNetscape͔ࣾΒIETF΁Ҡ؅͢ΔͨΊʹɺTLSϫʔΩϯάάϧʔϓ͕݁੒ ηΩϡϦςΟઐ໳ՈΛަ͑ͨୈࡾऀػؔͰ։ൃ͢ΔͨΊͷાஔ 1999೥1݄ʙ TLS ͕ϦϦʔε SSL 3.0ͱͷҧ͍͸Θ͔ͣͰ͕͢ɺ྆όʔδϣϯͷޓ׵ੑແ͠ ݱࡏ ଟ͘࢖ΘΕ͍ͯΔͷ͸SSLͰͳ͘TLS

28. Copyright © Kakaku.com Inc. All Rights Reserved. SSLͱTLSͷҧ͍ 1990೥୅தࠒʙ NetscapeࣾͰSSL։ൃ

    1996೥5݄ʙ SSLΛNetscape͔ࣾΒIETF΁Ҡ؅͢ΔͨΊʹɺTLSϫʔΩϯάάϧʔϓ͕݁੒ ηΩϡϦςΟઐ໳ՈΛަ͑ͨୈࡾऀػؔͰ։ൃ͢ΔͨΊͷાஔ 1999೥1݄ʙ TLS ͕ϦϦʔε SSL 3.0ͱͷҧ͍͸Θ͔ͣͰ͕͢ɺ྆όʔδϣϯͷޓ׵ੑແ͠ ݱࡏ ଟ͘࢖ΘΕ͍ͯΔͷ͸SSLͰͳ͘TLS

29. Copyright © Kakaku.com Inc. All Rights Reserved. App Transport Security(ATS)ʹ͍ͭͯ

    • iOSͰ͸ΑΓߴ͍ηΩϡϦςΟڧ౓ͷߴ͍࢓༷ΛͰ͖Δ͚ͩ࢖༻ͯ͠΋ Β͏ͨΊɺApp Transport Securty(ATS)͕͋Δ
 • ATSʹΑΓiOS9 ͔Β͸σϑΥϧτͰTLS1.2Ҏ্Ͱͳ͍ͱ௨৴Ͱ͖ͳ͘ ͳ͍ͬͯΔ
 (CFNetworkͳͲͷ௿ϨϕϧͷωοτϫʔΫΠϯλʔϑΣʔεআ͘)
 • ATS͸Info.plistͷઃఆͰશମ΍ಛఆυϝΠϯΛhttpɾTLS1.2ະຬڐ༰ͳ ͲՄೳ

30. Copyright © Kakaku.com Inc. All Rights Reserved. ATS(Info.plist)ʹ͍ͭͯ ໊લ Ωʔ

    λΠϓ આ໌ App Transport Security Settings NSAppTransportSecurity Dictionary ATSͷઃఆͷϧʔτ ɹAllow Arbitrary Loads NSAllowsArbitraryLoads Boolean ͢΂ͯͷωοτϫʔΫ઀ଓͰ ATSͷ੍ݶΛແޮʹ͢Δ͔Ͳ͏͔ ɹAllows Arbitrary Loads for Media NSAllowsArbitraryLoadsForMedia Boolean AVFoundationϑϨʔϜϫʔΫͷ͢΂ͯͷωοτϫʔΫ઀ଓͰ ATSͷ੍ݶΛແޮʹ͢Δ͔Ͳ͏͔ ɹAllow Arbitrary Loads in Web Content NSAllowsArbitraryLoadsInWebContent Boolean WebViewͷ͢΂ͯͷωοτϫʔΫ઀ଓͰ ATSͷ੍ݶΛແޮʹ͢Δ͔Ͳ͏͔ ɹException Domains NSExceptionDomains Dictionary ྫ֎υϝΠϯ ※ ୅දతͳ΋ͷͷΈهࡌ

31. Copyright © Kakaku.com Inc. All Rights Reserved. ATS(Info.plist)ʹ͍ͭͯ ໊લ Ωʔ

    λΠϓ આ໌ App Transport Security Settings NSAppTransportSecurity Dictionary ATSͷઃఆͷϧʔτ ɹAllow Arbitrary Loads NSAllowsArbitraryLoads Boolean ͢΂ͯͷωοτϫʔΫ઀ଓͰ ATSͷ੍ݶΛແޮʹ͢Δ͔Ͳ͏͔ ɹAllows Arbitrary Loads for Media NSAllowsArbitraryLoadsForMedia Boolean AVFoundationϑϨʔϜϫʔΫͷ͢΂ͯͷωοτϫʔΫ઀ଓͰ ATSͷ੍ݶΛແޮʹ͢Δ͔Ͳ͏͔ ɹAllow Arbitrary Loads in Web Content NSAllowsArbitraryLoadsInWebContent Boolean WebViewͷ͢΂ͯͷωοτϫʔΫ઀ଓͰ ATSͷ੍ݶΛແޮʹ͢Δ͔Ͳ͏͔ ɹException Domains NSExceptionDomains Dictionary ྫ֎υϝΠϯ ɹɹ(υϝΠϯ໊) (υϝΠϯ໊) Dictionary ྫ֎υϝΠϯͷઃఆ ɹɹɹNSIncludesSubdomains NSIncludesSubdomains Boolean αϒυϝΠϯΛؚΊΔ͔ ɹɹɹNSExceptionAllowsInsecureHTTPLoads NSExceptionAllowsInsecureHTTPLoads Boolean http઀ଓΛڐ༰͢Δ͔ ɹɹɹNSExceptionMinimumTLSVersion NSExceptionMinimumTLSVersion String ࠷খTLSόʔδϣϯ ɹɹɹNSExceptionRequiresForwardSecrecy NSExceptionRequiresForwardSecrecy Boolean σϑΥϧτͰڐ༰͍ͯ͠Δ ҉߸εΠʔτ (҉߸ΞϧΰϦζϜͷ૊Έ߹Θͤ)ͷΈʹ 
 ੍ݶ͢Δ͔ ※ ୅දతͳ΋ͷͷΈهࡌ

32. Copyright © Kakaku.com Inc. All Rights Reserved. ʮhttp/https௨৴͢Δ্ͰؾΛ͚ͭͨํ͕ྑ͍͜ͱʯͷ·ͱΊ • ৽͍͠TLS(SSL)௨৴ΛͳΔ΂͘࢖͏

    • ΦϨΦϨূ໌ॻ͸ਖ਼ࣜͳαʔϏεͰ͸࢖༻͠ͳ͍ • ATS͸ؙ͝ͱແޮԽͨ͠ΓͤͣɺͰ͖Δ͚ͩσϑΥϧτͷATSʹ
 ͍ۙঢ়ଶͰಈ࡞͢ΔΑ͏ʹ͢Δ

33. URLεΩʔϜͷ੬ऑੑ

34. Copyright © Kakaku.com Inc. All Rights Reserved. URLεΩʔϜʹ͍ͭͯ ΞϓϦA hoge://ʙ

    hoge://ʙΛड͚औΔ࣮૷ σʔλ

35. Copyright © Kakaku.com Inc. All Rights Reserved. ϒϥ΢β ΍ΞϓϦB URLεΩʔϜʹ͍ͭͯ

    ΞϓϦA hoge://ʙ hoge://ʙΛड͚औΔ࣮૷ ΞϓϦA hoge://ʙ hoge://ʙΛड͚औΔ࣮૷ ΞϓϦAͰૹ৴͢Δσʔλ ϒϥ΢β΍ΞϓϦBͰೝূ

36. Copyright © Kakaku.com Inc. All Rights Reserved. URLεΩʔϜΛୣ͍औΔ ΞϓϦA hoge://ʙ

    hoge://ʙΛड͚औΔ࣮૷ σʔλ ΞϓϦB hoge://ʙΛड͚औΔ࣮૷ ߈ܸऀ ❓

37. Copyright © Kakaku.com Inc. All Rights Reserved. URLεΩʔϜΛୣ͍औΔ ΞϓϦA hoge://ʙ

    hoge://ʙΛड͚औΔ࣮૷ σʔλ ΞϓϦB hoge://ʙΛड͚औΔ࣮૷ ߈ܸऀ ݱঢ়͸ઌʹΠϯετʔϧ͍ͯ͠Δ ΞϓϦ͕ड͚औΔ

38. Copyright © Kakaku.com Inc. All Rights Reserved. URLεΩʔϜΛୣ͍औΔ ΞϓϦA hoge://ʙ

    hoge://ʙΛड͚औΔ࣮૷ σʔλ ΞϓϦB hoge://ʙΛड͚औΔ࣮૷ ߈ܸऀ ݱঢ়͸ઌʹΠϯετʔϧ͍ͯ͠Δ ΞϓϦ͕ड͚औΔ ड͚औΔΑ͏ʹ࣮૷͞Ε͍ͯΔURLεΩʔϜ πʔϧͳͲͰ୭Ͱ΋Θ͔Δ

39. Copyright © Kakaku.com Inc. All Rights Reserved. URLεΩʔϜΛୣ͍औΔ - ରࡦᶃ

    Universal LinksΛ࢖༻ fuga.com αʔόʔ ΞϓϦA Provisioning Profile

40. Copyright © Kakaku.com Inc. All Rights Reserved. URLεΩʔϜΛୣ͍औΔ - ରࡦᶃ

    Universal LinksΛ࢖༻ ΞϓϦA fuga.com αʔόʔ Provisioning Profile Apple fuga.comͱΞϓϦAͷ ։ൃऀͰͳ͍ͱඥ෇͚Εͳ͍

41. Copyright © Kakaku.com Inc. All Rights Reserved. iOSͷγεςϜͷྖҬ URLεΩʔϜΛୣ͍औΔ -

    ରࡦᶃ Universal LinksΛ࢖༻ ΞϓϦA fuga.com ͱΞϓϦA ͕ඥ෇͘ apple-app-site-association fuga.com αʔόʔ ΞϓϦA Πϯετʔϧ࣌ʹ μ΢ϯϩʔυ͞ΕΔ Provisioning Profile Apple fuga.comͱΞϓϦAͷ ։ൃऀͰͳ͍ͱඥ෇͚Εͳ͍

42. Copyright © Kakaku.com Inc. All Rights Reserved. iOSͷγεςϜͷྖҬ URLεΩʔϜΛୣ͍औΔ -

    ରࡦᶃ Universal LinksΛ࢖༻ ΞϓϦA https://fuga.com/ʙ σʔλ fuga.com ͱΞϓϦA ͕ඥ෇͘ apple-app-site-association fuga.com αʔόʔ ΞϓϦA Πϯετʔϧ࣌ʹ μ΢ϯϩʔυ͞ΕΔ Provisioning Profile Apple fuga.comͱΞϓϦAͷ ։ൃऀͰͳ͍ͱඥ෇͚Εͳ͍

43. Copyright © Kakaku.com Inc. All Rights Reserved. URLεΩʔϜΛୣ͍औΔ - ରࡦᶃ

    Universal LinksΛ࢖༻ ΞϓϦA https://fuga.com/ʙ https://fuga.com/ʙʹ౰ͨΔॲཧΛ࣮ߦ σʔλ ϒϥ΢β ΞϓϦ https://fuga.com/ʙʹΞΫηε fuga.com ͱΞϓϦA ͕ඥ෇͘ apple-app-site-association ΞϓϦA΍ ֘౰ͷϦϯΫʹ ϒϥ΢βͰ ΞΫηε͢Δ fuga.com αʔόʔ ΞϓϦA Πϯετʔϧ࣌ʹ μ΢ϯϩʔυ͞ΕΔ Provisioning Profile Apple fuga.comͱΞϓϦAͷ ։ൃऀͰͳ͍ͱඥ෇͚Εͳ͍ iOSͷγεςϜͷྖҬ

44. Copyright © Kakaku.com Inc. All Rights Reserved. URLεΩʔϜΛୣ͍औΔ - ରࡦᶃ

    Universal LinksΛ࢖༻ ΞϓϦA σʔλ https://fuga.com/ʙ https://fuga.com/ʙʹ౰ͨΔॲཧΛ࣮ߦ Provisioning Profile

45. Copyright © Kakaku.com Inc. All Rights Reserved. URLεΩʔϜΛୣ͍औΔ - ରࡦᶃ

    Universal LinksΛ࢖༻ ΞϓϦA σʔλ ΞϓϦB ߈ܸऀ ಉ͡υϝΠϯͷUniversal Linksͷ ΞϓϦΛୈࡾऀ͸࡞Δ͜ͱ͕Ͱ͖ͳ͍ɻ υϝΠϯʹΑͬͯUniversal LinksͷΞΫηεઌ͸ อূ͞Ε͍ͯΔ https://fuga.com/ʙ https://fuga.com/ʙʹ౰ͨΔॲཧΛ࣮ߦ Provisioning Profile https://fuga.com/ʙʹ౰ͨΔॲཧΛ࣮ߦ ❌

46. Copyright © Kakaku.com Inc. All Rights Reserved. URLεΩʔϜΛୣ͍औΔ - ରࡦᶄ

    SFSafariViewController΍ASWebAuthenticationSessionΛ࢖༻ ΞϓϦA hoge://ʙΛड͚औΔ࣮૷ ΞϓϦB hoge://ʙΛड͚औΔ࣮૷ ߈ܸऀ

47. Copyright © Kakaku.com Inc. All Rights Reserved. URLεΩʔϜΛୣ͍औΔ - ରࡦᶄ

    SFSafariViewController΍ASWebAuthenticationSessionΛ࢖༻ ΞϓϦA hoge://ʙΛड͚औΔ࣮૷ ΞϓϦB hoge://ʙΛड͚औΔ࣮૷ ߈ܸऀ SFSafariViewController ຢ͸ ASWebAuthenticationSession Ͱ։͘ ΞϓϦ಺Ͱ֎෦ϒϥ΢β

48. Copyright © Kakaku.com Inc. All Rights Reserved. URLεΩʔϜΛୣ͍औΔ - ରࡦᶄ

    SFSafariViewController΍ASWebAuthenticationSessionΛ࢖༻ ΞϓϦA hoge://ʙΛड͚औΔ࣮૷ ΞϓϦB hoge://ʙΛड͚औΔ࣮૷ ߈ܸऀ hoge://ʙ SFSafariViewController ຢ͸ ASWebAuthenticationSession Ͱ։͘ ΞϓϦ಺Ͱ֎෦ϒϥ΢β

49. Copyright © Kakaku.com Inc. All Rights Reserved. URLεΩʔϜΛୣ͍औΔ - ରࡦᶄ

    SFSafariViewController΍ASWebAuthenticationSessionΛ࢖༻ ΞϓϦA hoge://ʙΛड͚औΔ࣮૷ ΞϓϦB hoge://ʙΛड͚औΔ࣮૷ ߈ܸऀ hoge://ʙ ։͍ͨΞϓϦ͕ ༏ઌͯ͠URLεΩʔϜΛड͚औΔ ❌ SFSafariViewController ຢ͸ ASWebAuthenticationSession Ͱ։͘ ΞϓϦ಺Ͱ֎෦ϒϥ΢β

50. Copyright © Kakaku.com Inc. All Rights Reserved. URLεΩʔϜΛୣ͍औΔ - ରࡦͷ·ͱΊ

    • Universal Links ͰυϝΠϯʹΑͬͯอূ͞Ε͍ͯΔঢ়ଶͰ৘ใΛ
 ΞϓϦʹ౉͢
 • ֎෦ϒϥ΢βೝূͳͲͷ৔߹͸SFSafariViewController΍ ASWebAuthenticationSessionΛ࢖༻͢Δ
 (্هͰ։͍͍ͯΔΞϓϦ͸URLεΩʔϜ͸༏ઌͯ͠ड͚औΔ)
 • URLεΩʔϜͰ͸ηΩϡϦςΟ্࿙ӮʹͳΔΑ͏ͳ৘ใΛ౉͞ͳ͍

51. Copyright © Kakaku.com Inc. All Rights Reserved. URLεΩʔϜʹෆਖ਼ͳσʔλΛૹΔ ϒϥ΢β ϝʔϧ

    ϝοηʔδ ΞϓϦ౳ hoge://ʙ ߈ܸऀ ϝʔϧ΍SMSɺϑΟογϯάαΠτͰ ෆਖ਼ͳURLεΩʔϜͷϦϯΫʹ༠ಋ

52. Copyright © Kakaku.com Inc. All Rights Reserved. URLεΩʔϜʹෆਖ਼ͳσʔλΛૹΔ ΞϓϦA hoge://ʙΛड͚औΔ࣮૷

    ෆਖ਼ͳσʔλ ϒϥ΢β ϝʔϧ ϝοηʔδ ΞϓϦ౳ hoge://ʙ ߈ܸऀ ϝʔϧ΍SMSɺϑΟογϯάαΠτͰ ෆਖ਼ͳURLεΩʔϜͷϦϯΫʹ༠ಋ

53. Copyright © Kakaku.com Inc. All Rights Reserved. URLεΩʔϜʹෆਖ਼ͳσʔλΛૹΔ ΞϓϦA hoge://ʙΛड͚औΔ࣮૷

    ෆਖ਼ͳσʔλ ϒϥ΢β ϝʔϧ ϝοηʔδ ΞϓϦ౳ hoge://ʙ ߈ܸऀ ϝʔϧ΍SMSɺϑΟογϯάαΠτͰ ෆਖ਼ͳURLεΩʔϜͷϦϯΫʹ༠ಋ ΞϓϦΛෆਖ਼ͳૢ࡞

54. Copyright © Kakaku.com Inc. All Rights Reserved. URLεΩʔϜʹෆਖ਼ͳσʔλΛૹΔ - ରࡦᶃ

    Ϣʔβʔʹ֬ೝΛઃ͚Δ ΞϓϦA hoge://ʙΛड͚औΔ࣮૷ ෆਖ਼ͳσʔλ ϒϥ΢β ϝʔϧ ϝοηʔδ ΞϓϦ౳ hoge://ʙ ߈ܸऀ ϝʔϧ΍SMSɺϑΟογϯάαΠτͰ ෆਖ਼ͳURLεΩʔϜͷϦϯΫʹ༠ಋ ߋ৽ॲཧΛ࣮ߦ͢Δલʹ Ϣʔβʔʹ֬ೝΛઃ͚Δ ❌

55. Copyright © Kakaku.com Inc. All Rights Reserved. URLεΩʔϜʹෆਖ਼ͳσʔλΛૹΔ - ରࡦᶄ

    ϥϯμϜͳจࣈྻΛ෇༩ͯ͠νΣοΫ ΞϓϦA hoge://ʙΛड͚औΔ࣮૷ URLεΩʔϜͰ ࣗ෼ͷΞϓϦ→֎෦→ ࣗ෼ͷΞϓϦ ͷྲྀΕͰɺstate΍nonceຢ͸೚ ҙͷύϥϝʔλʔ΋෇༩Մೳͳ৔߹

56. Copyright © Kakaku.com Inc. All Rights Reserved. URLεΩʔϜʹෆਖ਼ͳσʔλΛૹΔ - ରࡦᶄ

    ϥϯμϜͳจࣈྻΛ෇༩ͯ͠νΣοΫ ΞϓϦA hoge://ʙΛड͚औΔ࣮૷ URLεΩʔϜͰ ࣗ෼ͷΞϓϦ→֎෦→ ࣗ෼ͷΞϓϦ ͷྲྀΕͰɺstate΍nonceຢ͸೚ ҙͷύϥϝʔλʔ΋෇༩Մೳͳ৔߹ ֎෦ʹૹΔલʹϥϯμϜͳ จࣈྻੜ੒ɾอ࣋

57. Copyright © Kakaku.com Inc. All Rights Reserved. URLεΩʔϜʹෆਖ਼ͳσʔλΛૹΔ - ରࡦᶄ

    ϥϯμϜͳจࣈྻΛ෇༩ͯ͠νΣοΫ ΞϓϦA hoge://ʙΛड͚औΔ࣮૷ ΞϓϦB URLεΩʔϜͰ ࣗ෼ͷΞϓϦ→֎෦→ ࣗ෼ͷΞϓϦ ͷྲྀΕͰɺstate΍nonceຢ͸೚ ҙͷύϥϝʔλʔ΋෇༩Մೳͳ৔߹ ϥϯμϜͳจࣈྻ ֎෦ʹૹΔલʹϥϯμϜͳ จࣈྻੜ੒ɾอ࣋

58. Copyright © Kakaku.com Inc. All Rights Reserved. URLεΩʔϜʹෆਖ਼ͳσʔλΛૹΔ - ରࡦᶄ

    ϥϯμϜͳจࣈྻΛ෇༩ͯ͠νΣοΫ ΞϓϦA hoge://ʙΛड͚औΔ࣮૷ ΞϓϦB hoge://ʙ URLεΩʔϜͰ ࣗ෼ͷΞϓϦ→֎෦→ ࣗ෼ͷΞϓϦ ͷྲྀΕͰɺstate΍nonceຢ͸೚ ҙͷύϥϝʔλʔ΋෇༩Մೳͳ৔߹ σʔλ+ϥϯμϜͳจࣈྻ ϥϯμϜͳจࣈྻ ֎෦ʹૹΔલʹϥϯμϜͳ จࣈྻੜ੒ɾอ࣋

59. Copyright © Kakaku.com Inc. All Rights Reserved. URLεΩʔϜʹෆਖ਼ͳσʔλΛૹΔ - ରࡦᶄ

    ϥϯμϜͳจࣈྻΛ෇༩ͯ͠νΣοΫ ΞϓϦA hoge://ʙΛड͚औΔ࣮૷ ΞϓϦB hoge://ʙ URLεΩʔϜͰ ࣗ෼ͷΞϓϦ→֎෦→ ࣗ෼ͷΞϓϦ ͷྲྀΕͰɺstate΍nonceຢ͸೚ ҙͷύϥϝʔλʔ΋෇༩Մೳͳ৔߹ σʔλ+ϥϯμϜͳจࣈྻ ϥϯμϜͳจࣈྻ ֎෦ʹૹΔલʹϥϯμϜͳ จࣈྻੜ੒ɾอ࣋ ֎෦͔Βฦ͖ͬͯͨΒ ໭͖ͬͯͨϥϯμϜͳจࣈྻͱ ΞϓϦ಺ʹอ͍࣋ͯͨ͠ ϥϯμϜͳจࣈྻͷҰகνΣοΫ

60. Copyright © Kakaku.com Inc. All Rights Reserved. URLεΩʔϜʹෆਖ਼ͳσʔλΛૹΔ - ରࡦᶄ

    ϥϯμϜͳจࣈྻΛ෇༩ͯ͠νΣοΫ ΞϓϦA hoge://ʙΛड͚औΔ࣮૷ hoge://ʙ URLεΩʔϜͰ ࣗ෼ͷΞϓϦ→֎෦→ ࣗ෼ͷΞϓϦ ͷྲྀΕͰɺstate΍nonceຢ͸೚ ҙͷύϥϝʔλʔ΋෇༩Մೳͳ৔߹ ෆਖ਼ͳσʔλ ֎෦͔Βฦ͖ͬͯͨΒ ໭͖ͬͯͨϥϯμϜͳจࣈྻͱ ΞϓϦ಺ʹอ͍࣋ͯͨ͠ ϥϯμϜͳจࣈྻͷҰகνΣοΫ ߈ܸऀ

61. Copyright © Kakaku.com Inc. All Rights Reserved. URLεΩʔϜʹෆਖ਼ͳσʔλΛૹΔ - ରࡦᶄ

    ϥϯμϜͳจࣈྻΛ෇༩ͯ͠νΣοΫ ΞϓϦA hoge://ʙΛड͚औΔ࣮૷ hoge://ʙ URLεΩʔϜͰ ࣗ෼ͷΞϓϦ→֎෦→ ࣗ෼ͷΞϓϦ ͷྲྀΕͰɺstate΍nonceຢ͸೚ ҙͷύϥϝʔλʔ΋෇༩Մೳͳ৔߹ ෆਖ਼ͳσʔλ ֎෦͔Βฦ͖ͬͯͨΒ ໭͖ͬͯͨϥϯμϜͳจࣈྻͱ ΞϓϦ಺ʹอ͍࣋ͯͨ͠ ϥϯμϜͳจࣈྻͷҰகνΣοΫ ߈ܸऀ ΞϓϦ಺ʹϥϯμϜͳจࣈྻ͕อ࣋ ͞Ε͍ͯͳ͍͔ɺอ͍࣋ͯ͠Δ ϥϯμϜͷจࣈྻͱҰக͠ͳ͍͜ͱͰ ෆਖ਼ͳURLεΩʔϜΛ࣮ߦ͠ͳ͍ ❌

62. Copyright © Kakaku.com Inc. All Rights Reserved. URLεΩʔϜʹෆਖ਼ͳσʔλΛૹΔ - ରࡦ

    • URLεΩʔϜΛड͚औͬͯ΋௚઀σʔλΛߋ৽͠ͳ͍ɺϢʔβʔʹ֬ೝΛ ઃ͚Δ
 • URLεΩʔϜͰ ࣗ෼ͷΞϓϦˠ֎෦ˠࣗ෼ͷΞϓϦ ͷྲྀΕͰɺstate΍ nonceຢ͸೚ҙͷύϥϝʔλʔ΋෇༩ՄೳͰ͋Ε͹ɺ
 ϥϯμϜͳจࣈྻΛੜ੒ɾอ࣋ɾ෇༩͠ɺҰகͨ͠৔߹ͷΈ
 URLεΩʔϜΛ࣮ߦ͢Δ
 • ෆਖ਼ͳૢ࡞Λड͚ͯ΋໰୊ແ͍URLεΩʔϜ͔ΒͷΞΫγϣϯ಺༰ʹ͢Δ

63. ॏཁ৘ใΛϩʔΧϧͷ
 Ͳ͜ʹอଘ͢Ε͹ྑ͍ͷʁ

64. Copyright © Kakaku.com Inc. All Rights Reserved. ୅දతͳอଘํ๏ อଘํ๏ આ໌

    ҉߸Խ όοΫΞοϓ ෮ݩʹ ύεϫʔυ ΞϓϦ ࡟আͰ ফڈ อଘ࢓ํ Keychain σόΠεͷΩʔνΣʔϯʹอଘ Ϣʔβʔͷ ηΩϡϦςΟ ίʔυͰ ҉߸Խ ̋ ❌ key-value UserDefaults ϢʔβʔͷσϑΥϧτσʔλϕʔε ʹอଘ ❌ ❌ ̋ key-value ϑΝΠϧอଘ ΞϓϦຖͷαϯυϘοΫεͷσΟϨΫτϦ ʹอଘ ❌ ❌ ̋ ϑΝΠϧ

65. Copyright © Kakaku.com Inc. All Rights Reserved. Keychainͷ࢓૊Έ • ϢʔβʔͷηΩϡϦςΟίʔυͰ΋҉߸Խ͞Ε͍ͯΔͷͰɺϢʔβʔ

    Ҏ֎ΞΫηεͰ͖ͳ҆͘શ • iCloudΩʔνΣʔϯ΍macOSʹόοΫΞοϓͰ͖Δɻୠ͠෮ݩ͢Δࡍ͸ ύεϫʔυ͕ඞཁ • ΞϓϦͰ͸ͳ͘σόΠεʹอଘ͞ΕΔͷͰɺΞϓϦΛ࡟আͯ͠΋อଘ ͨ͠σʔλ͸ফ͑ͳ͍ • ಉ͡Team IDͷଞͷΞϓϦ͔ΒAccess GroupͰΞΫηε͢Δ͜ͱ΋Ͱ͖ Δ

66. Copyright © Kakaku.com Inc. All Rights Reserved. όοΫΞοϓͷ࢓૊Έ ΞϓϦ

67. Copyright © Kakaku.com Inc. All Rights Reserved. όοΫΞοϓͷ࢓૊Έ όοΫΞοϓ ର৅ͷ

    ϩʔΧϧσʔλ ΞϓϦ iCloud΍ macOS ୺຤ͷόοΫΞοϓ

68. Copyright © Kakaku.com Inc. All Rights Reserved. όοΫΞοϓͷ࢓૊Έ όοΫΞοϓ ର৅ͷ

    ϩʔΧϧσʔλ ΞϓϦ macOS ୺຤ͷόοΫΞοϓ (҉߸Խແ͠) KeychainҎ֎ͷσʔλ

69. Copyright © Kakaku.com Inc. All Rights Reserved. όοΫΞοϓͷ࢓૊Έ όοΫΞοϓ ର৅ͷ

    ϩʔΧϧσʔλ ΞϓϦ macOS ୺຤ͷόοΫΞοϓ (҉߸Խແ͠) KeychainҎ֎ͷσʔλ macOSͷ৔߹ɺ Ϣʔβʔ͕҉߸Խແ͠ͰόοΫΞοϓΛ࡞੒Ͱ͖Δɻ ͦͷ৔߹ɺKeychainͷσʔλ͸ όοΫΞοϓର৅ʹͳΒͳ͍

70. Copyright © Kakaku.com Inc. All Rights Reserved. όοΫΞοϓͷ࢓૊Έ όοΫΞοϓ ର৅ͷ

    ϩʔΧϧσʔλ ΞϓϦ iCloud΍ macOS Keychainͷσʔλ KeychainҎ֎ͷσʔλ ୺຤ͷόοΫΞοϓ (҉߸Խ༗Γ)

71. Copyright © Kakaku.com Inc. All Rights Reserved. όοΫΞοϓͷ࢓૊Έ όοΫΞοϓ ର৅ͷ

    ϩʔΧϧσʔλ ΞϓϦ iCloud΍ macOS Keychainͷσʔλ KeychainҎ֎ͷσʔλ ୺຤ͷόοΫΞοϓ (҉߸Խ༗Γ) ҉߸Խ༗ΓͩͱKeychainͷσʔλ΋ όοΫΞοϓର৅ʹͰ͖Δ (iCloudͷ৔߹͸҉߸Խ༗ΓͰ͔͠όοΫΞοϓͰ͖ͳ͍)

72. Copyright © Kakaku.com Inc. All Rights Reserved. όοΫΞοϓ΋ૂΘΕ͍ͯΔ όοΫΞοϓ ର৅ͷ

    ϩʔΧϧσʔλ ΞϓϦ ߈ܸऀ iCloud΍ macOS ୺຤ͷόοΫΞοϓ Keychainͷσʔλ KeychainҎ֎ͷσʔλ

73. Copyright © Kakaku.com Inc. All Rights Reserved. όοΫΞοϓ΋ૂΘΕ͍ͯΔ όοΫΞοϓ ର৅ͷ

    ϩʔΧϧσʔλ ΞϓϦ ߈ܸऀ iCloud΍ macOS ୺຤ͷόοΫΞοϓ Keychainͷσʔλ KeychainҎ֎ͷσʔλ ෆਖ਼ͳόοΫΞοϓ πʔϧ͔Βऔಘͨ͠Γɺ ෆਖ਼ʹऔಘͨ͠όοΫΞοϓ͕ μʔΫ΢Σϒͱ͔ͰചΒΕ͍ͯΔ͔΋

74. Copyright © Kakaku.com Inc. All Rights Reserved. όοΫΞοϓ΋ૂΘΕ͍ͯΔ ΞϓϦ ߈ܸऀ

    macOS KeychainҎ֎ͷσʔλ όοΫΞοϓ ର৅ͷ ϩʔΧϧσʔλ Ϣʔβʔ͕҉߸Խઃఆ͍ͯ͠ͳ͍ όοΫΞοϓ͸ 
 ύεϫʔυແ͠Ͱ෮ݩͰ͖Δ ෆਖ਼ͳόοΫΞοϓ πʔϧ͔Βऔಘͨ͠Γɺ ෆਖ਼ʹऔಘͨ͠όοΫΞοϓ͕ μʔΫ΢Σϒͱ͔ͰചΒΕ͍ͯΔ͔΋

75. Copyright © Kakaku.com Inc. All Rights Reserved. όοΫΞοϓ΋ૂΘΕ͍ͯΔ όοΫΞοϓ ର৅ͷ

    ϩʔΧϧσʔλ ΞϓϦ ߈ܸऀ macOS KeychainҎ֎ͷσʔλ ΞϓϦ͕ϩάΠϯঢ়ଶͰ෮ݩ͞Εͯ͠·͏ ൿີͷ৘ใ͕෮ݩ͞Εͯ͠·͏ ͳͲ ෆਖ਼ͳόοΫΞοϓ πʔϧ͔Βऔಘͨ͠Γɺ ෆਖ਼ʹऔಘͨ͠όοΫΞοϓ͕ μʔΫ΢Σϒͱ͔ͰചΒΕ͍ͯΔ͔΋ Ϣʔβʔ͕҉߸Խઃఆ͍ͯ͠ͳ͍ όοΫΞοϓ͸ 
 ύεϫʔυແ͠Ͱ෮ݩͰ͖Δ

76. Copyright © Kakaku.com Inc. All Rights Reserved. όοΫΞοϓ΋ૂΘΕ͍ͯΔ όοΫΞοϓ ର৅ͷ

    ϩʔΧϧσʔλ ΞϓϦ ߈ܸऀ iCloud΍ macOS ୺຤ͷόοΫΞοϓ Keychainͷσʔλ ෆਖ਼ͳόοΫΞοϓ πʔϧ͔Βऔಘͨ͠Γɺ ෆਖ਼ʹऔಘͨ͠όοΫΞοϓ͕ μʔΫ΢Σϒͱ͔ͰചΒΕ͍ͯΔ͔΋

77. Copyright © Kakaku.com Inc. All Rights Reserved. όοΫΞοϓ΋ૂΘΕ͍ͯΔ όοΫΞοϓ ର৅ͷ

    ϩʔΧϧσʔλ ΞϓϦ ߈ܸऀ iCloud΍ macOS ୺຤ͷόοΫΞοϓ Keychainͷσʔλ ❌ ϢʔβʔͷύεϫʔυͰ҉߸Խ͞Ε͍ͯΔ ͨΊ߈ܸऀʹ͸෮߸ԽͰ͖ͳ͍

78. Copyright © Kakaku.com Inc. All Rights Reserved. όοΫΞοϓ΋ૂΘΕ͍ͯΔ ΞϓϦ ߈ܸऀ

    iCloud΍ macOS Keychainͷσʔλ ❌ ϢʔβʔͷύεϫʔυͰ҉߸Խ͞Ε͍ͯΔ ͨΊ߈ܸऀʹ͸෮߸ԽͰ͖ͳ͍ 
 
 όοΫΞοϓ ର৅ͷ 
 Keychainͷ ϩʔΧϧσʔλ Ϣʔβʔͷύεϫʔυ͕ແ͍ͱ ҉߸Խ͍ͯ͠Δ όοΫΞοϓ͔Β෮ݩͰ͖ͳ͍ ୺຤ͷόοΫΞοϓ͔Βͷ෮ݩ΋ Ϣʔβʔͷύεϫʔυ͕ແ͍ͱͰ͖ͳ͍ ❌

79. Copyright © Kakaku.com Inc. All Rights Reserved. ϥΠϒϥϦͰࣗಈอଘ͞ΕΔσʔλͷ҉߸Խ ΞϓϦ RealmͷDBϑΝΠϧ

80. Copyright © Kakaku.com Inc. All Rights Reserved. όοΫΞοϓ΋ૂΘΕ͍ͯΔ ΞϓϦ ߈ܸऀ

    RealmͷDBϑΝΠϧ

81. Copyright © Kakaku.com Inc. All Rights Reserved. όοΫΞοϓ΋ૂΘΕ͍ͯΔ ΞϓϦ ߈ܸऀ

    RealmͷDBϑΝΠϧ Keychainͷσʔλ

82. Copyright © Kakaku.com Inc. All Rights Reserved. όοΫΞοϓ΋ૂΘΕ͍ͯΔ ΞϓϦ Keychainͷσʔλ

    RealmͷDBϑΝΠϧ “yaEeQk64FaQRfjeIEjAMjeiEajER” Realmͷ҉߸Խػೳʹ౉͢伴ʹ͢Δ ϢʔβʔຖʹҟͳΔ伴

83. Copyright © Kakaku.com Inc. All Rights Reserved. όοΫΞοϓ΋ૂΘΕ͍ͯΔ ΞϓϦ ߈ܸऀ

    Keychainͷσʔλ RealmͷDBϑΝΠϧ “yaEeQk64FaQRfjeIEjAMjeiEajER” ❌ ҉߸Խɾ෮߸Խ

84. Copyright © Kakaku.com Inc. All Rights Reserved. ϋʔυίʔσΟϯάͷةݥੑ ΞϓϦ let

    key = “yaEeQk64FaQRfjeIEjAMjeiEajER” ιʔείʔυͰ ҉߸Խͷ伴Λ࣮૷

85. Copyright © Kakaku.com Inc. All Rights Reserved. ϋʔυίʔσΟϯάͷةݥੑ ΞϓϦͷ ࣮૷಺༰

    ΞϓϦ ߈ܸऀ ϦόʔεΤϯδχΞϦϯά ιʔείʔυͰ ҉߸Խͷ伴Λ࣮૷ let key = “yaEeQk64FaQRfjeIEjAMjeiEajER”

86. Copyright © Kakaku.com Inc. All Rights Reserved. ϋʔυίʔσΟϯάͷةݥੑ ΞϓϦͷ ࣮૷಺༰

    ΞϓϦ ߈ܸऀ ϦόʔεΤϯδχΞϦϯά ࣮૷͞Ε͍ͯΔ಺༰ΛಡΈऔΔ ʮ“yaEeQk64FaQRfjeIEjAMjeiEajER”ͱ͍͏ΩʔͰ ҉߸Խɾ෮߸Խ͍ͯ͠Δͷ͔ʯ౳ ιʔείʔυͰ ҉߸Խͷ伴Λ࣮૷ let key = “yaEeQk64FaQRfjeIEjAMjeiEajER”

87. Copyright © Kakaku.com Inc. All Rights Reserved. ʮॏཁ৘ใΛϩʔΧϧͷͲ͜ʹอଘ͢Ε͹ྑ͍ͷʁʯͷ·ͱΊ • ηΩϡϦςΟ্कΔ΂͖ϩʔΧϧσʔλͷ৘ใ͸Keychainʹอଘ

    • UserDefaultsɺฏจͷϑΝΠϧอଘɺϋʔυίʔσΟϯά͸҆શͰ͸ͳ ͍ͷͰηΩϡϦςΟ্ݒ೦ͷ͋Δ৘ใ͸อଘ͠ͳ͍
 • RealmͷDBϑΝΠϧͷΑ͏ͳϥΠϒϥϦʹΑͬͯࣗಈతʹอଘ͞ΕΔ
 ৘ใΛηΩϡϦςΟ্कΔʹ͸ɺϥΠϒϥϦࣗ਎ͷ҉߸ԽػೳΛ࢖༻ɻ
 ҉߸Խػೳʹ࢖༻͢Δ伴͸ɺσόΠεຖʹҟͳΔ伴Λੜ੒͠ɺ
 Keychainʹอଘͯ͠伴ΛकΔ͜ͱͰɺϥΠϒϥϦͰ҉߸Խ͞ΕΔσʔλ ΋कΕΔ

88. ೝূͷ࢓૊Έʹ͍ͭͯ

89. Copyright © Kakaku.com Inc. All Rights Reserved. ୅දతͳೝূͷ࢓૊Έʹ͍ͭͯ ೝূํ๏ આ໌

    ଞͷ αʔϏεͷ ೝূΛར༻ ౎౓ೝՄαʔόʔΛ հͤͣͱ΋ଞͷ αʔϏεͷΞΧ΢ϯτ ৘ใऔಘ ID tokenͷݕূͰ ηΩϡϦςΟڧ౓Λ ΑΓߴΊΕΔ ID/ύεϫʔυ ID/ύεϫʔυΛࣗ෼ͷαʔϏεͷαʔόʔ ʹૹͬͯೝূ ❌ - - OAuth ଞͷαʔϏεΛར༻ͨ͠ೝূͷ࢓૊Έɻ ଞͷαʔϏεͷೝূΛ࢖༻͠ɺ ࣗ෼ͷαʔϏεͷೝূͨ͠Γɺ ೝূͨ͠ଞͷαʔϏεʹ΋ೝূঢ়ଶͰ ΞΫηεͰ͖Δ ̋ ❌ ❌ OpenID Connect OAuth2.0ͷ֦ுɻID tokenΛݕূ͢Δ͜ͱͰɺ ೝՄαʔόʔհͣ͞ͱ΋ΞΧ΢ϯτ৘ใΛ औಘͨ͠ΓɺηΩϡϦςΟͷڧ౓Λ ΑΓߴΊͨΓͰ͖Δ ̋ ̋ ̋

90. Copyright © Kakaku.com Inc. All Rights Reserved. ID/ύεϫʔυͷྫ ࣗ෼ͷαʔϏεͷ ΞϓϦ

    ࣗ෼ͷαʔϏεͷ αʔόʔ ࣗ෼ͷαʔϏεͷ access token (ࣗ෼ͷαʔϏεͷ access tokenͱڞʹ) APIݺͼग़͠ ID/ύεϫʔυ

91. Copyright © Kakaku.com Inc. All Rights Reserved. ID/ύεϫʔυͷྫ ࣗ෼ͷαʔϏεͷ ΞϓϦ

    ࣗ෼ͷαʔϏεͷ αʔόʔ ࣗ෼ͷαʔϏεͷ access token (ࣗ෼ͷαʔϏεͷ access tokenͱڞʹ) APIݺͼग़͠ ID/ύεϫʔυ ࣗ෼ͷαʔϏεͷaccess tokenͰ ࣗ෼ͷαʔϏεͷΞΧ΢ϯτʹؔ͢Δ৘ใͷ औಘ΍ߋ৽Λߦ͍·͢

92. Copyright © Kakaku.com Inc. All Rights Reserved. OAuthͱ͸ • ΞΫηεΛҕ೚͢ΔΦʔϓϯελϯμʔυ

    
 • Ұൠతʹ͸ɺࣗ෼ͷαʔϏεͰͳ͍ଞͷαʔϏεΛར༻ͨ͠ೝূͷ࢓૊ ΈͳͲʹར༻͞Ε͍ͯΔ 
 ྫ:FacebookͳͲͷϓϩόΠμʔ͕ΞΫηεΛҕ೚͍ͯ͠Δ͜ͱͰɺαʔυύʔςΟͷΞϓϦ͕FacebookೝূͰ͖Δ 
 • OAuth 2.0͸1.0ͱ͸ޓ׵ੑ͸ແ͍ɻ2.0Ͱ͸ΑΓγϯϓϧͳํ๏Λఏڙ

93. Copyright © Kakaku.com Inc. All Rights Reserved. OAuth 2.0ͷγʔέϯεྫ -

    ೝՄίʔυϑϩʔͷ৔߹ ࣗ෼ͷαʔϏεͷ ΞϓϦ ࣗ෼ͷαʔϏεͷ αʔόʔ ଞͷαʔϏεͷ ೝՄαʔόʔ ଞͷαʔϏεͷ Ϧιʔεαʔόʔ code code ଞͷαʔϏεͷ access token ଞͷαʔϏεͷ access token ଞͷαʔϏεͷ ΞΧ΢ϯτ৘ใ ࣗ෼ͷαʔϏεͷ access token (ࣗ෼ͷαʔϏεͷ access tokenͱڞʹ) APIݺͼग़͠ ϩάΠϯ ϩάΠϯ੒ޭ࣌ʹ codeΛ ϦμΠϨΫτͰ ౉͢

94. Copyright © Kakaku.com Inc. All Rights Reserved. OAuth 2.0ͷγʔέϯεྫ -

    ೝՄίʔυϑϩʔͷ৔߹ ࣗ෼ͷαʔϏεͷ ΞϓϦ ࣗ෼ͷαʔϏεͷ αʔόʔ ଞͷαʔϏεͷ ೝՄαʔόʔ ଞͷαʔϏεͷ Ϧιʔεαʔόʔ code code ଞͷαʔϏεͷ access token ଞͷαʔϏεͷ access token ଞͷαʔϏεͷ ΞΧ΢ϯτ৘ใ ࣗ෼ͷαʔϏεͷ access token (ࣗ෼ͷαʔϏεͷ access tokenͱڞʹ) APIݺͼग़͠ ϩάΠϯ ϩάΠϯ੒ޭ࣌ʹ codeΛ ϦμΠϨΫτͰ ౉͢ ࣗ෼ͷαʔϏεͰͳ͘ɺ ଞͷαʔϏεͱೝূ

95. Copyright © Kakaku.com Inc. All Rights Reserved. OAuth 2.0ͷγʔέϯεྫ -

    ೝՄίʔυϑϩʔͷ৔߹ ࣗ෼ͷαʔϏεͷ ΞϓϦ ࣗ෼ͷαʔϏεͷ αʔόʔ ଞͷαʔϏεͷ ೝՄαʔόʔ ଞͷαʔϏεͷ Ϧιʔεαʔόʔ code code ଞͷαʔϏεͷ access token ଞͷαʔϏεͷ access token ଞͷαʔϏεͷ ΞΧ΢ϯτ৘ใ ࣗ෼ͷαʔϏεͷ access token (ࣗ෼ͷαʔϏεͷ access tokenͱڞʹ) APIݺͼग़͠ ϩάΠϯ ϩάΠϯ੒ޭ࣌ʹ codeΛ ϦμΠϨΫτͰ ౉͢ ࣗ෼ͷαʔϏε͔Β ଞͷαʔϏεʹೝূঢ়ଶͰΞΫηε͢Δࡍ͸ ύεϫʔυͰ͸ͳ͘access tokenΛ࢖༻ ࣗ෼ͷαʔϏεͰͳ͘ɺ ଞͷαʔϏεͱೝূ

96. Copyright © Kakaku.com Inc. All Rights Reserved. CSRF(ΫϩεαΠτϦΫΤετϑΥʔδΣϦ)ͱ͍͏߈ܸ ࣗ෼ͷαʔϏεͷ ΞϓϦ

    ࣗ෼ͷαʔϏεͷ αʔόʔ ଞͷαʔϏεͷ ೝՄαʔόʔ ଞͷαʔϏεͷ Ϧιʔεαʔόʔ ߈ܸऀͷ code code code ଞͷαʔϏεͷ access token ଞͷαʔϏεͷ access token ଞͷαʔϏεͷ ΞΧ΢ϯτ৘ใ ࣗ෼ͷαʔϏεͷ access token (ࣗ෼ͷαʔϏεͷ access tokenͱڞʹ) APIݺͼग़͠ ߈ܸऀ

97. Copyright © Kakaku.com Inc. All Rights Reserved. CSRF(ΫϩεαΠτϦΫΤετϑΥʔδΣϦ)ͱ͍͏߈ܸ ࣗ෼ͷαʔϏεͷ ΞϓϦ

    ࣗ෼ͷαʔϏεͷ αʔόʔ ଞͷαʔϏεͷ ೝՄαʔόʔ ଞͷαʔϏεͷ Ϧιʔεαʔόʔ ߈ܸऀͷ code code code ଞͷαʔϏεͷ access token ଞͷαʔϏεͷ access token ଞͷαʔϏεͷ ΞΧ΢ϯτ৘ใ ࣗ෼ͷαʔϏεͷ access token (ࣗ෼ͷαʔϏεͷ access tokenͱڞʹ) APIݺͼग़͠ ߈ܸऀͷΞΧ΢ϯτͰ ڧ੍తʹϩάΠϯͤ͞ΒΕͯ͠·͏ (Ϣʔβʔ͕ؾ෇͔ͣݸਓ৘ใͳͲΛ Ξοϓϩʔυ͢Δͱ৘ใ͕ࡡऔ͞ΕΔ) ߈ܸऀ

98. Copyright © Kakaku.com Inc. All Rights Reserved. CSRF(ΫϩεαΠτϦΫΤετϑΥʔδΣϦ)ʹର͢ΔstateύϥϝʔλʔͰͷରԠ ࣗ෼ͷαʔϏεͷ ΞϓϦ

    ࣗ෼ͷαʔϏεͷ αʔόʔ ଞͷαʔϏεͷ ೝՄαʔόʔ ଞͷαʔϏεͷ Ϧιʔεαʔόʔ code code ଞͷαʔϏεͷ access token ଞͷαʔϏεͷ access token ଞͷαʔϏεͷ ΞΧ΢ϯτ৘ใ ࣗ෼ͷαʔϏεͷ access token (ࣗ෼ͷαʔϏεͷ access tokenͱڞʹ) APIݺͼग़͠ ϩάΠϯ+ state ϩάΠϯ੒ޭ࣌ʹ code+stateΛ ϦμΠϨΫτͰ ౉͢ stateνΣοΫ ϥϯμϜͳ จࣈྻͰstate ੜ੒ɾอ࣋

99. Copyright © Kakaku.com Inc. All Rights Reserved. CSRF(ΫϩεαΠτϦΫΤετϑΥʔδΣϦ)ʹର͢ΔstateύϥϝʔλʔͰͷରԠ ࣗ෼ͷαʔϏεͷ ΞϓϦ

    ࣗ෼ͷαʔϏεͷ αʔόʔ ଞͷαʔϏεͷ ೝՄαʔόʔ ଞͷαʔϏεͷ Ϧιʔεαʔόʔ code code ଞͷαʔϏεͷ access token ଞͷαʔϏεͷ access token ଞͷαʔϏεͷ ΞΧ΢ϯτ৘ใ ࣗ෼ͷαʔϏεͷ access token (ࣗ෼ͷαʔϏεͷ access tokenͱڞʹ) APIݺͼग़͠ ϩάΠϯ+ state ϩάΠϯ੒ޭ࣌ʹ code+stateΛ ϦμΠϨΫτͰ ౉͢ stateνΣοΫ ϥϯμϜͳ จࣈྻͰstate ੜ੒ɾอ࣋ ΞϓϦͰอ͍࣋ͯ͠Δstateͱ ϩάΠϯ࣌ʹύϥϝʔλʔͱͯ͠ ౉ͬͯ͘Δstate͕Ұக͢Δ͔νΣοΫ

100. Copyright © Kakaku.com Inc. All Rights Reserved. CSRF(ΫϩεαΠτϦΫΤετϑΥʔδΣϦ)ʹର͢ΔstateύϥϝʔλʔͰͷରԠ ࣗ෼ͷαʔϏεͷ ΞϓϦ

     ࣗ෼ͷαʔϏεͷ αʔόʔ ଞͷαʔϏεͷ ೝՄαʔόʔ ଞͷαʔϏεͷ Ϧιʔεαʔόʔ code code ଞͷαʔϏεͷ access token ଞͷαʔϏεͷ access token ଞͷαʔϏεͷ ΞΧ΢ϯτ৘ใ ࣗ෼ͷαʔϏεͷ access token (ࣗ෼ͷαʔϏεͷ access tokenͱڞʹ) APIݺͼग़͠ stateνΣοΫ ߈ܸऀ ߈ܸऀͷ code ❌ ΞϓϦͰอ͍࣋ͯ͠Δstateͱ ϩάΠϯ࣌ʹύϥϝʔλʔͱͯ͠ ౉ͬͯ͘Δstate͕Ұக͢Δ͔νΣοΫ

101. Copyright © Kakaku.com Inc. All Rights Reserved. CSRF(ΫϩεαΠτϦΫΤετϑΥʔδΣϦ)ʹର͢ΔstateύϥϝʔλʔͰͷରԠ ࣗ෼ͷαʔϏεͷ ΞϓϦ

     ࣗ෼ͷαʔϏεͷ αʔόʔ ଞͷαʔϏεͷ ೝՄαʔόʔ ଞͷαʔϏεͷ Ϧιʔεαʔόʔ code code ଞͷαʔϏεͷ access token ଞͷαʔϏεͷ access token ଞͷαʔϏεͷ ΞΧ΢ϯτ৘ใ ࣗ෼ͷαʔϏεͷ access token (ࣗ෼ͷαʔϏεͷ access tokenͱڞʹ) APIݺͼग़͠ stateνΣοΫ ߈ܸऀ ߈ܸऀͷ code state͕ແ͍ຢ͸state͕ෆҰகͷ ৔߹͸ଓ͖ͷॲཧΛ࣮ߦ͠ͳ͍ ❌

102. Copyright © Kakaku.com Inc. All Rights Reserved. CSRF(ΫϩεαΠτϦΫΤετϑΥʔδΣϦ)ʹର͢ΔstateύϥϝʔλʔͰͷରԠ ࣗ෼ͷαʔϏεͷ ΞϓϦ

     ࣗ෼ͷαʔϏεͷ αʔόʔ ଞͷαʔϏεͷ ೝՄαʔόʔ ଞͷαʔϏεͷ Ϧιʔεαʔόʔ stateνΣοΫ ߈ܸऀ ߈ܸऀͷ code state͕ແ͍ຢ͸state͕ෆҰகͷ ৔߹͸ଓ͖ͷॲཧΛ࣮ߦ͠ͳ͍ ❌

103. Copyright © Kakaku.com Inc. All Rights Reserved. OpenID Connectͱ͸ •

     OAuth 2.0 ͷ֦ு࢓༷
 • ΞΧ΢ϯτ৘ใΛؚΉσδλϧॺ໊෇͖ͷτʔΫϯͰ͋ΔID tokenΛ
 ࢖༻Ͱ͖Δ
 • ID tokenΛݕূ͢Δ͜ͱͰɺଞͷαʔϏε͔Βaccess tokenͰ৘ใऔಘ ͠ͳͯ͘΋ID token಺͔ΒΞΧ΢ϯτ৘ใ͕औಘͰ͖Δ

104. Copyright © Kakaku.com Inc. All Rights Reserved. ID tokenͱ͸ •

     OpenID ConnectͰ͍͏ΞΧ΢ϯτʹؔ͢Δ৘ใΛؚΉJWT(δϣοτ)
 • JWT͸JSONܗࣜͰදݱ͞Εͨଐੑ৘ใ(claim)Λσδλϧॺ໊ͯ͠
 վ͟Μ๷ࢭɺ҉߸ԽͰ͖ΔτʔΫϯͷ࢓༷
 • ID token͔ΒΞΧ΢ϯτ৘ใΛऔಘͰ͖Δ͕ɺσδλϧॺ໊Ͱվ͟ΜΛ ๷ࢭ͍ͯ͠Δ

105. Copyright © Kakaku.com Inc. All Rights Reserved. σδλϧॺ໊ͱ͸ ࢲ͸ଠ࿠

106. Copyright © Kakaku.com Inc. All Rights Reserved. σδλϧॺ໊ͱ͸ ߈ܸऀ ࢲ͸ଠ࿠

107. Copyright © Kakaku.com Inc. All Rights Reserved. σδλϧॺ໊ͱ͸ ߈ܸऀ σʔλվ͟Μ

     ࢲ͸࣍࿠

108. Copyright © Kakaku.com Inc. All Rights Reserved. σδλϧॺ໊ͱ͸ ߈ܸऀ σʔλվ͟Μ

     ࢲ͸࣍࿠ Yptd6dH2jB398bG3fwf2EpkDePs σδλϧॺ໊ ❌

109. Copyright © Kakaku.com Inc. All Rights Reserved. σδλϧॺ໊ͱ͸ ࢲ͸ଠ࿠

110. Copyright © Kakaku.com Inc. All Rights Reserved. σδλϧॺ໊ͱ͸ ࢲ͸ଠ࿠ ϋογϡԽ

     C3Er4geAGKQ5bKgrirUZRgQhZg

111. Copyright © Kakaku.com Inc. All Rights Reserved. σδλϧॺ໊ͱ͸ ࢲ͸ଠ࿠ ϋογϡԽ

     C3Er4geAGKQ5bKgrirUZRgQhZg ࢲ͸࣍࿠ ahk7EXjKkRrEiupuGNzpkL993FU ࢲ͸ଠ࿠ C3Er4geAGKQ5bKgrirUZRgQhZg খ͞ͳσʔλͰ େ͖ͳσʔλͷҰக͕֬ೝͰ͖Δ

112. Copyright © Kakaku.com Inc. All Rights Reserved. σδλϧॺ໊ͱ͸ ࢲ͸ଠ࿠ ϋογϡԽ

     C3Er4geAGKQ5bKgrirUZRgQhZg

113. Copyright © Kakaku.com Inc. All Rights Reserved. σδλϧॺ໊ͱ͸ ࢲ͸ଠ࿠ ϋογϡԽ

     C3Er4geAGKQ5bKgrirUZRgQhZg Yptd6dH2jB398bG3fwf2EpkDePs ൿີ伴Ͱ҉߸Խ (ಛఆͷਓ͔͠҉߸ԽͰ͖ͳ͍) ެ։伴Ͱ෮߸Խ (୭Ͱ΋෮߸ԽͰ͖Δ)

114. Copyright © Kakaku.com Inc. All Rights Reserved. σδλϧॺ໊ͱ͸ ࢲ͸ଠ࿠ ϋογϡԽ

     C3Er4geAGKQ5bKgrirUZRgQhZg Yptd6dH2jB398bG3fwf2EpkDePs ൿີ伴Ͱ҉߸Խ (ಛఆͷਓ͔͠҉߸ԽͰ͖ͳ͍) ެ։伴Ͱ෮߸Խ (୭Ͱ΋෮߸ԽͰ͖Δ) ͜Ε͕σδλϧॺ໊

115. Copyright © Kakaku.com Inc. All Rights Reserved. σδλϧॺ໊ͱ͸ ࢲ͸ଠ࿠ ϋογϡԽ

     C3Er4geAGKQ5bKgrirUZRgQhZg Yptd6dH2jB398bG3fwf2EpkDePs ൿີ伴Ͱ҉߸Խ (ಛఆͷਓ͔͠҉߸ԽͰ͖ͳ͍) ެ։伴Ͱ෮߸Խ (୭Ͱ΋෮߸ԽͰ͖Δ) ͜Ε͕σδλϧॺ໊ σδλϧॺ໊ͷ৔߹͸ ҉߸Խ͢Δ伴ͱ ෮߸Խ͢Δ伴͕ٯ

116. Copyright © Kakaku.com Inc. All Rights Reserved. σδλϧॺ໊ͷݕূํ๏ ࢲ͸ଠ࿠ Yptd6dH2jB398bG3fwf2EpkDePs

     σδλϧॺ໊

117. Copyright © Kakaku.com Inc. All Rights Reserved. σδλϧॺ໊ͷݕূํ๏ ࢲ͸ଠ࿠ ϋογϡԽ

     C3Er4geAGKQ5bKgrirUZRgQhZg Yptd6dH2jB398bG3fwf2EpkDePs σδλϧॺ໊

118. Copyright © Kakaku.com Inc. All Rights Reserved. σδλϧॺ໊ͷݕূํ๏ ࢲ͸ଠ࿠ ϋογϡԽ

     C3Er4geAGKQ5bKgrirUZRgQhZg ެ։伴Ͱ෮߸Խ (୭Ͱ΋෮߸ԽͰ͖Δ) Yptd6dH2jB398bG3fwf2EpkDePs C3Er4geAGKQ5bKgrirUZRgQhZg σδλϧॺ໊

119. Copyright © Kakaku.com Inc. All Rights Reserved. σδλϧॺ໊ͷݕূํ๏ ࢲ͸ଠ࿠ ϋογϡԽ

     C3Er4geAGKQ5bKgrirUZRgQhZg ެ։伴Ͱ෮߸Խ (୭Ͱ΋෮߸ԽͰ͖Δ) Yptd6dH2jB398bG3fwf2EpkDePs ʹ C3Er4geAGKQ5bKgrirUZRgQhZg ର৅ͷσʔλͷϋογϡ஋ͱ ɹσδλϧॺ໊Λެ։伴Ͱ෮߸Խͨ͠ ϋογϡ஋͕Ұக͢Ε͹վ͟Μ͞Ε͍ͯͳ͍ σδλϧॺ໊

120. Copyright © Kakaku.com Inc. All Rights Reserved. σδλϧॺ໊ͷݕূͰͲͷΑ͏ʹվ͟ΜΛݕ஌͢Δͷ͔ ެ։伴Ͱ෮߸Խ (୭Ͱ΋෮߸ԽͰ͖Δ)

     Yptd6dH2jB398bG3fwf2EpkDePs ʹ C3Er4geAGKQ5bKgrirUZRgQhZg σδλϧॺ໊ ࢲ͸࣍࿠ ϋογϡԽ ahk7EXjKkRrEiupuGNzpkL993FU ߈ܸऀ

121. Copyright © Kakaku.com Inc. All Rights Reserved. σδλϧॺ໊ͷݕূͰͲͷΑ͏ʹվ͟ΜΛݕ஌͢Δͷ͔ ެ։伴Ͱ෮߸Խ (୭Ͱ΋෮߸ԽͰ͖Δ)

     Yptd6dH2jB398bG3fwf2EpkDePs ʹ C3Er4geAGKQ5bKgrirUZRgQhZg ର৅ͷσʔλͷϋογϡ஋ͱ ɹσδλϧॺ໊Λެ։伴Ͱ෮߸Խͨ͠ ϋογϡ஋͕Ұக͠ͳ͚Ε͹վ͟Μ͞Ε͍ͯΔ σδλϧॺ໊ ࢲ͸࣍࿠ ϋογϡԽ ahk7EXjKkRrEiupuGNzpkL993FU ߈ܸऀ ❌

122. Copyright © Kakaku.com Inc. All Rights Reserved. σδλϧॺ໊ͷِ଄͸ͲͷΑ͏ʹ๷͍Ͱ͍Δͷ͔ ࢲ͸࣍࿠ ϋογϡԽ

     ahk7EXjKkRrEiupuGNzpkL993FU ❌ ߈ܸऀ ൿີ伴͕ͳ͍ͷͰɺ σδλϧॺ໊Λ࡞੒Ͱ͖ͳ͍

123. Copyright © Kakaku.com Inc. All Rights Reserved. ID tokenͷclaims(ؚ·ΕΔ৘ใ)ʹ͍ͭͯ Ωʔ(claim໊)

     આ໌ iss ൃߦऀ (issuer) Λࣝผ͢ΔͨΊͷࣝผࢠ sub ϢʔβʔͷҰҙࣝผࢠ aud ID tokenͷൃߦΛґཔͨ͠ΫϥΠΞϯτΞϓϦέʔγϣϯͷΫϥΠΞϯτ ID exp ༗ޮظݶ iat ൃߦ͞Εͨ೔࣌ nonce ϦϓϨΠΞλοΫΛ๷͙໨తͷύϥϝʔλʔ name ϢʔβʔͷϑϧωʔϜ email ϢʔβʔͷϝʔϧΞυϨε phone_number Ϣʔβʔͷి࿩൪߸ at_hash access tokenͱڞʹฦ٫͞ΕΔ৔߹෇༩͞ΕΔɻaccess tokenͷݕূʹ࢖༻ access tokenͷϋογϡΛऔΓɺ݁Ռͱͯ͠ಘΒΕͨࠨ൒෼ͷϏοτ܈Λbase64urlͰΤϯίʔυͨ͠΋ͷ c_hash codeͱڞʹฦ٫͞ΕΔ৔߹෇༩͞ΕΔɻcodeͷݕূʹ࢖༻ codeͷϋογϡΛऔΓɺ݁Ռͱͯ͠ಘΒΕͨࠨ൒෼ͷϏοτ܈Λbase64urlͰΤϯίʔυͨ͠΋ͷ ※ ୅දతͳ΋ͷͷΈهࡌ

124. Copyright © Kakaku.com Inc. All Rights Reserved. OpenID Connectͷγʔέϯεྫ -

     response_type = id_tokenͷΈ৔߹ ࣗ෼ͷαʔϏεͷ ΞϓϦ ࣗ෼ͷαʔϏεͷ αʔόʔ (Relying Party) OpenID Provider ࣗ෼ͷαʔϏεͷ access token (ࣗ෼ͷαʔϏεͷ access tokenͱڞʹ) APIݺͼग़͠ ϩάΠϯ +state ϩάΠϯ੒ޭ࣌ʹ ID token+stateΛ ϦμΠϨΫτͰ ౉͢ stateνΣοΫ ϥϯμϜͳ จࣈྻͰstate ੜ੒ɾอ࣋ ID token ɹɹɹൿີ伴Ͱ ɹɹID tokenʹॺ໊ ID tokenͷclaimsΛݕূ (༗ޮظݶͳͲΛ ݕূ)

125. Copyright © Kakaku.com Inc. All Rights Reserved. ID tokenվ͟ΜʹΑΔ߈ܸ ࣗ෼ͷαʔϏεͷ

     ΞϓϦ ࣗ෼ͷαʔϏεͷ αʔόʔ (Relying Party) OpenID Provider ࣗ෼ͷαʔϏεͷ access token (ࣗ෼ͷαʔϏεͷ access tokenͱڞʹ) APIݺͼग़͠ ID tokenͷclaimsΛݕূ (༗ޮظݶͳͲΛ ݕূ) ߈ܸऀ վ͟Μͨ͠ ID token

126. Copyright © Kakaku.com Inc. All Rights Reserved. ID tokenվ͟ΜʹΑΔ߈ܸ ࣗ෼ͷαʔϏεͷ

     ΞϓϦ ࣗ෼ͷαʔϏεͷ αʔόʔ (Relying Party) OpenID Provider ࣗ෼ͷαʔϏεͷ access token (ࣗ෼ͷαʔϏεͷ access tokenͱڞʹ) APIݺͼग़͠ ID tokenͷclaimsΛݕূ (༗ޮظݶͳͲΛ ݕূ) ߈ܸऀ վ͟Μͨ͠ ID token ॺ໊Λݕূͤͣɺ claimsͷΈݕূ͍ͯͨ͠৔߹ վ͟Μͨ͠ID tokenͰ ͳΓ͢·͠ೝূͳͲ͕ Ͱ͖ͯ͠·͏

127. Copyright © Kakaku.com Inc. All Rights Reserved. ID tokenͷॺ໊ݕূʹΑΔվ͟Μ๷ࢭ ࣗ෼ͷαʔϏεͷ

     ΞϓϦ ࣗ෼ͷαʔϏεͷ αʔόʔ (Relying Party) OpenID Provider ࣗ෼ͷαʔϏεͷ access token (ࣗ෼ͷαʔϏεͷ access tokenͱڞʹ) APIݺͼग़͠ ϩάΠϯ +state ϩάΠϯ੒ޭ࣌ʹ ID token+stateΛ ϦμΠϨΫτͰ ౉͢ stateνΣοΫ ϥϯμϜͳ จࣈྻͰstate ੜ੒ɾอ࣋ ID token ɹɹɹൿີ伴Ͱ ɹɹID tokenʹॺ໊ ID tokenͷclaimsΛݕূ (༗ޮظݶͳͲΛ ݕূ) ɹɹɹެ։伴Ͱ ɹɹID tokenͷ ɹɹॺ໊Λݕূ

128. Copyright © Kakaku.com Inc. All Rights Reserved. ID tokenͷॺ໊ݕূʹΑΔվ͟Μ๷ࢭ ࣗ෼ͷαʔϏεͷ

     ΞϓϦ ࣗ෼ͷαʔϏεͷ αʔόʔ (Relying Party) OpenID Provider ࣗ෼ͷαʔϏεͷ access token (ࣗ෼ͷαʔϏεͷ access tokenͱڞʹ) APIݺͼग़͠ ϩάΠϯ +state ϩάΠϯ੒ޭ࣌ʹ ID token+stateΛ ϦμΠϨΫτͰ ౉͢ stateνΣοΫ ϥϯμϜͳ จࣈྻͰstate ੜ੒ɾอ࣋ ID token ɹɹɹൿີ伴Ͱ ɹɹID tokenʹॺ໊ ID tokenͷclaimsΛݕূ (༗ޮظݶͳͲΛ ݕূ) ɹɹɹެ։伴Ͱ ɹɹID tokenͷ ɹɹॺ໊Λݕূ ެ։伴Ͱॺ໊Λݕূͯ͠ վ͟Μ͍ͯ͠ͳ͍͜ͱΛνΣοΫ

129. Copyright © Kakaku.com Inc. All Rights Reserved. ID tokenͷॺ໊ݕূʹΑΔվ͟Μ๷ࢭ ࣗ෼ͷαʔϏεͷ

     ΞϓϦ ࣗ෼ͷαʔϏεͷ αʔόʔ (Relying Party) OpenID Provider ࣗ෼ͷαʔϏεͷ access token (ࣗ෼ͷαʔϏεͷ access tokenͱڞʹ) APIݺͼग़͠ ɹɹɹެ։伴Ͱ ɹɹID tokenͷ ɹɹॺ໊Λݕূ ID tokenͷclaimsΛݕূ (༗ޮظݶͳͲΛ ݕূ) ߈ܸऀ վ͟Μͨ͠ ID token ެ։伴Ͱॺ໊Λݕূͯ͠ վ͟Μ͍ͯ͠ͳ͍͜ͱΛνΣοΫ ❌

130. Copyright © Kakaku.com Inc. All Rights Reserved. ID tokenͷॺ໊ݕূʹΑΔվ͟Μ๷ࢭ ࣗ෼ͷαʔϏεͷ

     ΞϓϦ ࣗ෼ͷαʔϏεͷ αʔόʔ (Relying Party) OpenID Provider ࣗ෼ͷαʔϏεͷ access token (ࣗ෼ͷαʔϏεͷ access tokenͱڞʹ) APIݺͼग़͠ ɹɹɹެ։伴Ͱ ɹɹID tokenͷ ɹɹॺ໊Λݕূ ID tokenͷclaimsΛݕূ (༗ޮظݶͳͲΛ ݕূ) ߈ܸऀ վ͟Μͨ͠ ID token ❌ վ͟Μ͞ΕͨID tokenͷ৔߹͸ ଓ͖ͷॲཧΛ͠ͳ͍

131. Copyright © Kakaku.com Inc. All Rights Reserved. ID tokenͷॺ໊ݕূʹΑΔվ͟Μ๷ࢭ ࣗ෼ͷαʔϏεͷ

     ΞϓϦ ࣗ෼ͷαʔϏεͷ αʔόʔ (Relying Party) OpenID Provider ɹɹɹެ։伴Ͱ ɹɹID tokenͷ ɹɹॺ໊Λݕূ ߈ܸऀ վ͟Μͨ͠ ID token ❌ վ͟Μ͞ΕͨID tokenͷ৔߹͸ ଓ͖ͷॲཧΛ͠ͳ͍

132. Copyright © Kakaku.com Inc. All Rights Reserved. OpenID Connectͷγʔέϯεྫ -

     response_type = id_tokenͷ৔߹ ࣗ෼ͷαʔϏεͷ ΞϓϦ ࣗ෼ͷαʔϏεͷ αʔόʔ (Relying Party) OpenID Provider ࣗ෼ͷαʔϏεͷ access token (ࣗ෼ͷαʔϏεͷ access tokenͱڞʹ) APIݺͼग़͠ ϩάΠϯ +state ϩάΠϯ੒ޭ࣌ʹ ID token+stateΛ ϦμΠϨΫτͰ ౉͢ stateνΣοΫ ϥϯμϜͳ จࣈྻͰstate ੜ੒ɾอ࣋ ID token ɹɹɹެ։伴Ͱ ɹɹID tokenͷ ɹɹॺ໊Λݕূ ɹɹɹൿີ伴Ͱ ɹɹID tokenʹॺ໊ ID tokenͷclaimsΛݕূ (༗ޮظݶͳͲΛ ݕূ)

133. Copyright © Kakaku.com Inc. All Rights Reserved. ϦϓϨΠΞλοΫͱ͍͏߈ܸ ࣗ෼ͷαʔϏεͷ ΞϓϦ

     ࣗ෼ͷαʔϏεͷ αʔόʔ (Relying Party) OpenID Provider ࣗ෼ͷαʔϏεͷ access token (ࣗ෼ͷαʔϏεͷ access tokenͱڞʹ) APIݺͼग़͠ ϩάΠϯ +state ϩάΠϯ੒ޭ࣌ʹ ID token+stateΛ ϦμΠϨΫτͰ ౉͢ stateνΣοΫ ϥϯμϜͳ จࣈྻͰstate ੜ੒ɾอ࣋ ID token ɹɹɹެ։伴Ͱ ɹɹID tokenͷ ɹɹॺ໊Λݕূ ɹɹɹൿີ伴Ͱ ɹɹID tokenʹॺ໊ ID tokenͷclaimsΛݕূ (༗ޮظݶͳͲΛ ݕূ) ߈ܸऀ ߈ܸऀ͕ID tokenΛ ؚΜͩϦΫΤετ๣ड (҉߸Խ͞Ε͍ͯΔͷͰ ID token͸౪Ίͳ͍)

134. Copyright © Kakaku.com Inc. All Rights Reserved. ϦϓϨΠΞλοΫͱ͍͏߈ܸ ࣗ෼ͷαʔϏεͷ ΞϓϦ

     ࣗ෼ͷαʔϏεͷ αʔόʔ (Relying Party) OpenID Provider ࣗ෼ͷαʔϏεͷ access token (ࣗ෼ͷαʔϏεͷ access tokenͱڞʹ) APIݺͼग़͠ ɹɹɹެ։伴Ͱ ɹɹID tokenͷ ɹɹॺ໊Λݕূ ID tokenͷclaimsΛݕূ (༗ޮظݶͳͲΛ ݕূ) ߈ܸऀ ID tokenΛؚΜͩ ಉ͡ϦΫΤετΛ࠶ૹ৴͢Δ

135. Copyright © Kakaku.com Inc. All Rights Reserved. ϦϓϨΠΞλοΫͱ͍͏߈ܸ ࣗ෼ͷαʔϏεͷ ΞϓϦ

     ࣗ෼ͷαʔϏεͷ αʔόʔ (Relying Party) OpenID Provider ࣗ෼ͷαʔϏεͷ access token (ࣗ෼ͷαʔϏεͷ access tokenͱڞʹ) APIݺͼग़͠ ɹɹɹެ։伴Ͱ ɹɹID tokenͷ ɹɹॺ໊Λݕূ ID tokenͷclaimsΛݕূ (༗ޮظݶͳͲΛ ݕূ) ߈ܸऀ ϦΫΤετΛ ܁Γฦ͚ͨͩ͠ͰϢʔβʔͷ ΞΧ΢ϯτͰϩάΠϯͰ͖ͯ͠·͏ ID tokenΛؚΜͩ ಉ͡ϦΫΤετΛ࠶ૹ৴͢Δ

136. Copyright © Kakaku.com Inc. All Rights Reserved. ϦϓϨΠΞλοΫͷʹର͢ΔnonceύϥϝʔλʔͰͷରԠ ࣗ෼ͷαʔϏεͷ ΞϓϦ

     ࣗ෼ͷαʔϏεͷ αʔόʔ (Relying Party) OpenID Provider ࣗ෼ͷαʔϏεͷ access token (ࣗ෼ͷαʔϏεͷ access tokenͱڞʹ) APIݺͼग़͠ nonce ੜ੒ґཔ nonce+ session token ϥϯμϜͳ จࣈྻͰnonce ੜ੒ɾอ࣋ ϩάΠϯ +state +nonce ϩάΠϯ੒ޭ࣌ʹ ID token+stateΛ ϦμΠϨΫτͰ ౉͢ stateνΣοΫ ϥϯμϜͳ จࣈྻͰstate ੜ੒ɾอ࣋ ID token+ session token ɹɹɹެ։伴Ͱ ɹɹID tokenͷ ɹɹॺ໊Λݕূ ɹɹɹൿີ伴Ͱ ɹɹID tokenʹॺ໊ ID tokenͷclaimsΛݕূ (༗ޮظݶ΍ nonceνΣοΫ΋ߦ͏)

137. Copyright © Kakaku.com Inc. All Rights Reserved. ϦϓϨΠΞλοΫͷʹର͢ΔnonceύϥϝʔλʔͰͷରԠ ࣗ෼ͷαʔϏεͷ ΞϓϦ

     ࣗ෼ͷαʔϏεͷ αʔόʔ (Relying Party) OpenID Provider ࣗ෼ͷαʔϏεͷ access token (ࣗ෼ͷαʔϏεͷ access tokenͱڞʹ) APIݺͼग़͠ nonce ੜ੒ґཔ nonce+ session token ϥϯμϜͳ จࣈྻͰnonce ੜ੒ɾอ࣋ ϩάΠϯ +state +nonce ϩάΠϯ੒ޭ࣌ʹ ID token+stateΛ ϦμΠϨΫτͰ ౉͢ stateνΣοΫ ϥϯμϜͳ จࣈྻͰstate ੜ੒ɾอ࣋ ID token+ session token ɹɹɹެ։伴Ͱ ɹɹID tokenͷ ɹɹॺ໊Λݕূ ɹɹɹൿີ伴Ͱ ɹɹID tokenʹॺ໊ ID tokenͷclaimsΛݕূ (༗ޮظݶ΍ nonceνΣοΫ΋ߦ͏) sessionͰอ͍࣋ͯ͠Δnonceͱ ID token಺ͷnonce͕Ұக͢Δ͔νΣοΫ νΣοΫޙ͸session಺ͷnonceഁغ

138. Copyright © Kakaku.com Inc. All Rights Reserved. ϦϓϨΠΞλοΫͷʹର͢ΔnonceύϥϝʔλʔͰͷରԠ ࣗ෼ͷαʔϏεͷ ΞϓϦ

     ࣗ෼ͷαʔϏεͷ αʔόʔ (Relying Party) OpenID Provider ࣗ෼ͷαʔϏεͷ access token (ࣗ෼ͷαʔϏεͷ access tokenͱڞʹ) APIݺͼग़͠ ɹɹɹެ։伴Ͱ ɹɹID tokenͷ ɹɹॺ໊Λݕূ ID tokenͷclaimsΛݕূ (༗ޮظݶ΍ nonceνΣοΫ΋ߦ͏) ߈ܸऀ ID tokenΛؚΜͩ ಉ͡ϦΫΤετΛ࠶ૹ৴͢Δ sessionͰอ͍࣋ͯ͠Δnonceͱ ID token಺ͷnonce͕Ұக͢Δ͔νΣοΫ νΣοΫޙ͸session಺ͷnonceഁغ ❌

139. Copyright © Kakaku.com Inc. All Rights Reserved. ϦϓϨΠΞλοΫͷʹର͢ΔnonceύϥϝʔλʔͰͷରԠ ࣗ෼ͷαʔϏεͷ ΞϓϦ

     ࣗ෼ͷαʔϏεͷ αʔόʔ (Relying Party) OpenID Provider ࣗ෼ͷαʔϏεͷ access token (ࣗ෼ͷαʔϏεͷ access tokenͱڞʹ) APIݺͼग़͠ ɹɹɹެ։伴Ͱ ɹɹID tokenͷ ɹɹॺ໊Λݕূ ID tokenͷclaimsΛݕূ (༗ޮظݶ΍ nonceνΣοΫ΋ߦ͏) ߈ܸऀ ❌ sessionʹnonce͕ແ͍ຢ͸ session಺ͷnonceͱID token಺ͷnonce͕ෆҰகͷ ৔߹͸ଓ͖ͷॲཧΛ࣮ߦ͠ͳ͍ ID tokenΛؚΜͩ ಉ͡ϦΫΤετΛ࠶ૹ৴͢Δ

140. Copyright © Kakaku.com Inc. All Rights Reserved. ϦϓϨΠΞλοΫͷʹର͢ΔnonceύϥϝʔλʔͰͷରԠ ࣗ෼ͷαʔϏεͷ ΞϓϦ

     ࣗ෼ͷαʔϏεͷ αʔόʔ (Relying Party) OpenID Provider ɹɹɹެ։伴Ͱ ɹɹID tokenͷ ɹɹॺ໊Λݕূ ID tokenͷclaimsΛݕূ (༗ޮظݶ΍ nonceνΣοΫ΋ߦ͏) ߈ܸऀ ❌ ID tokenΛؚΜͩ ಉ͡ϦΫΤετΛ࠶ૹ৴͢Δ sessionʹnonce͕ແ͍ຢ͸ session಺ͷnonceͱID token಺ͷnonce͕ෆҰகͷ ৔߹͸ଓ͖ͷॲཧΛ࣮ߦ͠ͳ͍

141. Copyright © Kakaku.com Inc. All Rights Reserved. ʮೝূͷ࢓૊Έʹ͍ͭͯʯͷ·ͱΊ • OAuth΍OpenID

     ConnectΛར༻͢Δ৔߹͸ಠࣗͷ࣮૷Ͱ͸ͳ͘
 Ͱ͖Δ͚ͩඪ४ͷ࢓༷ʹଇ࣮ͬͨ૷ʹ͢Δ
 • ݕূ͠ͳͯ͘΋ΞΧ΢ϯτ৘ใ͸औಘͰ͖Δ͕ɺstate΍nonceɺ
 σδλϧॺ໊ݕূͳͲͷOAuth΍OpenID ConnectʹଇͬͨݕূΛ
 ͪΌΜͱ΍Βͳ͍ͱ੬ऑੑʹͳΔ


142. ·ͱΊ

143. ηΩϡϦςΟɾγεςϜ͸ৗউΛٛ຿͚ͮΒΕɺ ߈ܸऀ͸Ұ౓উ͚ͭͩͰྑ͍ͱ͍͏֨ݴ͸తΛࣹͯΔɻ μϥεϋοΧʔڠձ
     
     ૑ઃऀ
     %VTUJO
     %ZLFT

144. Copyright © Kakaku.com Inc. All Rights Reserved. ࠷ޙʹ We are

     hiring! WebɺΞϓϦɺϑϩϯτΤϯυΤϯ δχΞͳͲ༷ʑͳ৬छͰΤϯδχΞ ืूதͰ͢ʂ ΧδϡΞϧ໘ஊ׻ܴͰ͢ʂ J1IPOFɺ"QQMFɺJ$MPVEɺNBD04ɺ,FZDIBJO͸ɺ"QQMF
     *ODͷ঎ඪͰ͢ɻ /FUTDBQF͸ɼΤʔΦʔΤϧɹΠϯίʔϙϨʔςουͷొ࿥঎ඪͰ͢ɻ 0QFO*%͸ɺ
     0QFO*%
     'PVOEBUJPOͷొ࿥঎ඪͰ͢ɻ 'BDFCPPL͸ɺ'BDFCPPL *ODͷొ࿥঎ඪͰ͢ɻ *04͸ɺ$JTDPͷొ࿥঎ඪͰ͢ɻ 3FBMN͸ɺ
     5JHIUEC
     *ODͷొ࿥঎ඪͰ͢ɻ