OAuth 2.0 / OpenID Connectã«ãŠã‘ã‚‹state, nonce, PKCEã®é™ç•Œã‚’æ„è˜ã™ã‚‹ - r-weblifeãŠã¯ã‚ˆã†ã”ã–ã„ã¾ã™ã€ritouã§ã™ã€‚ã¡ãªã¿ã«äºˆç´„投稿ãªã®ã§ã¾ã å¯ã¦ã¾ã™ã€‚ 本日ã®ãƒ†ãƒ¼ãƒžã¯ã“ã¡ã‚‰ã§ã™ã€‚ OAuth/OIDCã®state,nonce,PKCE使ã£ã¦ã‚‚Client/RPãŒã—ょーもãªã‹ã£ãŸå ´åˆã®Server/OPå´ã®é™ç•Œã«ã¤ã„ã¦ã®ãƒ–ãƒã‚°æ›¸ã„ã¦ã‚‹ã€‚— 👹秋田ã®çŒ«ðŸ± (@ritou) July 6, 2019 OAuth 2.0ã§è¨€ã†ã¨ã“ã‚ã®Clientã®è¦–点ã‹ã‚‰ã€ã“ã“ã«æ°—ã‚’ã¤ã‘ã¦å®Ÿè£…ã—ã¾ã—ょã†ã¨ã„ã†è©±ã§ã¯ã‚ã‚Šã¾ã›ã‚“。 OAuth 2.0ã§è¨€ã†ã¨ã“ã‚ã®Serverã®è¦–点ã‹ã‚‰ã¿ã¦ã€Clientã«ã“ã‚“ãªå®Ÿè£…ã•ã‚ŒãŸã‚‰ãŸã¾ã‚“ãã‡ãªã£ã¦ã„ã†ãŠè©±ã§ã™ã€‚ 最終的ã«ã¯ä¸€ç·’ãªæ°—ã‚‚ã—ã¾ã™ãŒã€ã¨ã‚Šã‚ãˆãšå§‹ã‚ã¾ã™ã€‚ state OAuth Danceã«ãŠã‘ã‚‹CSRF対ç–ã¨ã—ã¦ã® state パラメータã«ã¤ã„ã¦ç°¡å˜ã«æ•´ç†ã—ã¾ã™ã€‚ ClientãŒã‚»ãƒƒã‚·ãƒ§ãƒ³ã«ä¸€æ„ã«ç´ã¥ã値ã¨ã—ã¦ç”Ÿæˆã€ç®¡ç† ClientãŒA
Goã§ãƒ„ールをé‡ç”£ã™ã‚‹åƒ•ã®æ–¹æ³•
Dockerã§ãƒ‡ãƒãƒƒã‚°å¯¾è±¡ã®ã‚³ãƒ³ãƒ†ãƒŠã«ãƒ„ールを入れãšã«tcpdump/straceãªã©ã‚’使ã†ãƒ¯ãƒ³ãƒ©ã‚¤ãƒŠãƒ¼ - Qiita
Linux Performance
{{#tags}}- {{label}}
{{/tags}}