SlideShare a Scribd company logo
OAuth1.0 / OAuth2 / Opened Connect
OAuth 1.0 OAuth 2.0 OpenID Connect
Web
Web 

- URL 

https://webgame.link/auths/

- Github Ruby on Rails 

https://github.com/ngzm/auths-demo
OAuth 1.0 OAuth 2.0 OpenID Connect


RFC 





Naoki Nagazumi

Johnny Depp 





vue.js 

Ruby 

SIer 



Twitter: @nk_ngzm

GitHub: https://github.com/ngzm/

Blog: http://ngzm.hateblo.jp/
Authorization
• 

•
→
Authentication
• 

• ID
OAuth 1.0
OAuth 2.0
OpenID Connect
ok
XX
ID PWD
Resource endpoint
ok
XX
ID PWD
Authorization endpoint
Access
Token
Token endpoint
Resource Owner OAuth Client
OAuth Server
OAuth
OK!
ID PWD
OK!
ID PWD
End-User Relying Party
(RP)
Identity Provider
(IdP)
Authorization endpoint
ID Token
Token endpoint
OpenID Connect
OpenID Provider
(OP)
OAuth 1.0
OAuth 1.0
• RFC5849 - The OAuth 1.0 Protocol

https://openid-foundation-japan.github.io/rfc5849.ja.html

https://tools.ietf.org/html/rfc5849

• 2010 4 RFC 8
OAuth 1.0
•


•
OAuth 1.0
Flow
App
App
Request token
endpoint
Authorization
endpoint
Token
endpoint
Resource
endpoint
Redirect
Redirect
Oauth Token
OAuth
Client
Resource
Owner
OAuth
Server
Access Token
OAuth
START
OK
Client
User Information
login
token
token
request
token
client
access
token
oauth
token
request
token
Access token
client
OAuth 1.0


Web
‣


‣
OAuth OAuth
Twitter 

I. consumer_key consumer_secret

II. request token request token secret

III. access token access token secret

OAuth 1.0
OAuth OAuth
Ⅰ
Signature
OAuth 

• 

• 

• HMAC-SHA1
1.
• access token token 

• timestamp nonce 

• 

2.
• OAuth 

3. HMAC-SHA1
• 2
https://syncer.jp/Web/API/OAuth/
Authorization Header
OAuth 

Authorization 

OAuth
Authorization Header
Authorization: OAuth

oauth_consumer_key="xvz1evFS4wEEPTGEFPHBog",

oauth_nonce="kYjzVBB8Y0ZFabxSWbWovY3uYSQ2pTgmZeNu2VS4cg",

oauth_signature="tnnArxj06cWHq44gCs1OSKk%2FjLY%3D",

oauth_signature_method="HMAC-SHA1",

oauth_timestamp="1318622958",

oauth_token="370773112-GmHxMAgYyLbNEtIKZeRNFsMKPR9EyMZeS9weJAEb",

oauth_version="1.0"


customer_key
nonce
token
(access token )
TSL SSL
TSL SSL 

- 

-


- timestamp nonce
OAuth 1.0
• Twitter OAuth
1. OAuth 1.0 

2. OAuth 2.0 Client Credentials Flow   

( OAuth 2.0 )
OAuth 1.0
App
App
Request token
Endpoint
Authorization
Endpoint
Token
Endpoint
Resource
Endpoint
#2. Request token
#1. Request toke
#3.
Redirect
Redirect
#5. Access token
OAuth
Client
Resource
Owner
OAuth
Server
#4. OK
#6. Access token
#7.
AuthDemo
START
OK
Access token
Client
User Information
login
token
token
token
client
access
token
oauth
token
request
token
Twitter
#0
Twitter Application Management
https://apps.twitter.com/

•
1. Name 

2. Description 

3. Website URL

4. Callback URL OAuth URL

•
1. Consumer Key (API Key) OAuth Client ID

2. Consumer Secret (API Secret) OAuth Client Secret
Redirect URI
Callback URL
ON
Consumer Secret
#1
Request token
POST https://api.twitter.com/oauth/request_token HTTP/1.1
…
…
Content-Type: application/x-www-form-urlencoded
Authorization: OAuth
oauth_consumer_key="xvz1evFS4wEEPTGEFPHBog",
oauth_callback="https://my-callback-host/my-callback/path/",
oauth_nonce="kYjzVBB8Y0ZFabxSWbWovY3uYSQ2pTgmZeNu2VS4cg",
oauth_signature="tnnArxj06cWHq44gCs1OSKk%2FjLY%3D",
oauth_signature_method="HMAC-SHA1",
oauth_timestamp="1318622958",
oauth_version="1.0"
…
1. consumer_key :

#0 "Consumer Key"
2. callback :

"callback uri"
3. nonce :



Replay Attack
4. signature :



#0 "Consumer Secret"
5. signature_method :

twitter HMAC-SHA1
6. timestamp :



Replay Attack
POST URL of Twitter Request Token Endpoint
#2
Request token
oauth_token="5mb9VtYwa27HTVjK5OhoyyI503dWoPndDQ9G4V8yCI"
&oauth_token_secret="4dW4gGLic6oItvd0YySWRU5aLjBQsw1N9xDC3Wkqw"
&oauth_callback_confirmed="true"
1. oauth_token :

Request token 

token
2. oauth_token_secret :

Request token secret 



access token
3. oauth_callback_confirmed :

oauth_callback 

true
Response body from Twitter Request Token Endpoint
#3
https://api.twitter.com/oauth/authorize?oauth_token="5mb9VtYwa27HTVjK5OhoyyI503dWoPndDQ9G4V8yCI"
oauth_token : #2 Request token
Redirect to Twitter Authorization Endpoint
#4
OK
https://my-callback-host/my-callback/path/
?oauth_token="mFyphbOybZCKfoZWurAU7dbcTnFoUeksGfVyFauFWM"
&oauth_verifier="TGUMMyQWCSJGKiXlUlQmgRQEYMv8mkIt5cHPERUgvw"
1. oauth_token :

oauth token 

token
2. oauth_verifier:

oath token 

access token
Redirect from Twitter Authorization Endpoint
#1 callback
#5
Access token
POST https://api.twitter.com/oauth/access_token HTTP/1.1
…
…
Content-Type: application/x-www-form-urlencoded
Authorization: OAuth
oauth_consumer_key="xvz1evFS4wEEPTGEFPHBog",
oauth_nonce="BB8Y0ZFuYSe4vQ2pTgmZbxSWbWovY3",
oauth_signature="Hq4gCs1rx4Kkj06cOStnnAW%2FjLY%3D",
oauth_signature_method="HMAC-SHA1",
oauth_token="mFyphbOybZCKfoZWurAU7dbcTnFoUeksGfVyFauFWM",
oauth_verifier="TGUMMyQWCSJGKiXlUlQmgRQEYMv8mkIt5cHPERUgvw",
oauth_timestamp="1318623847",
oauth_version="1.0"
…
1. consumer_key :

#0 ”Consumer Key”
2. nonce :



Replay Attack
3. signature :



#0 Consumer Secret #2
request_token_secret
4. signature_method :

twitter HMAC-SHA1
5. token :

#4 oauth token
6. verifier :

#4 oath verifier
7. timestamp :



Replay Attack
POST URL of Twitter Token Endpoint
#6
Access token
oauth_token="1528352858-UUCjYDVcLC4V34xHob5XTxboEgJWLwp9aIGSrBC"
&oauth_token_secret="VNhCQye7rX4P4u2OIuDHOgdSBATgZV3qWvJ8uSLkXqP25"
&user_id="12345678901"
&screen_name="nk_ngzm"
1. oauth_token :

access token
2. oauth_token_secret :

access token secret



3. user_id :

Twitter user_id
4. screen_name 

Twitter
Response body from Twitter Token Endpoint
#7
GET https://api.twitter.com/1.1/users/show.json?user_id=12345678901
…
…
Authorization: OAuth
oauth_consumer_key="xvz1evFS4wEEPTGEFPHBog",
oauth_nonce="FabxSWbkYjzBB8Y0ZWVovY3uu2pTgmZeN",
oauth_signature="CStnHscOx4Kkj06q4gn1rAW%2FjLY%3D",
oauth_signature_method="HMAC-SHA1",
oauth_token="1528352858-UUCjYDVcLC4V34xHob5XTxboEgJWLwp9aIGSrBC",
oauth_timestamp=“13186248263",
oauth_version="1.0"
…
1. consumer_key :

#0 Consumer Key
2. nonce :



Replay Attack
3. signature :



#0 Consumer Secret 

#6 access_token_secret
4. signature_method :

twitter HMAC-SHA1
5. token :

#6 access token
6. timestamp :



Replay Attack
URL of Twitter Resource Endpoint ( )GET
#6 Twitter user_id
#0 calback #1
- 

token 

#1 #5 #7 timestamp nonce
- access token Replay Attack
OAuth 1.0
i.
ii.
OAuth 2.0
OpenID Connect


OAuth 2.0
OAuth 2.0
OAuth 2.0
• RFC6749 - The OAuth 2.0 Authorization Framework

https://openid-foundation-japan.github.io/rfc6749.ja.html

https://tools.ietf.org/html/rfc6749

• 2012 10 RFC 

• Oauth 1.0
OAuth 2.0
• OAuth 1.0


• OAuth 1.0 OAuth 2.0 



• 

…
OAuth 2.0


‣ SPA JS


‣
OAuth 2.0
1. Authorization Code Flow Client Type Confidential
2. Implicit Flow Client Type Public
3. Client Credentials Flow
4. Resource Owner Password Credentials Flow
5. Refreshing an Access Token token
Client Type
Client Type "Confidential" "Public"
1. Confidential ... Web
‣ OAuth Client 

‣ Authorization code Flow 

2. Public ...
‣
OAuth Client

‣ Implicit Flow
TSL
TSL
OAuth 2.0
TSL 



HTTP message
OAuth 1.0 

… TSL 

‣ Client Type Confidential OAuth Client
‣ Public OAuth Client 

→
OAuth 2.0
OAuth OAuth
Facebook 

• client_id client_secret

OAuth OAuth
Authorization Header
Token Authorization Header 

Bearer 

RFC6750 - The OAuth 2.0 Authorization Framework: Bearer Token Usage

https://tools.ietf.org/html/rfc6750

https://openid-foundation-japan.github.io/rfc6750.ja.html
Authorization: Bearer mF_9.B5f-4.1JqM
Authorization header
access token
Access token
• Implicit Grant Flow access token
- token 

- OAuth 1.0 access token 1
Access token 

‣ OAuth 2.0 RFC6749
OAuth 2.0
Flow
Flow


1. Authorization Code Flow
Client Type Confidential 

2. Implicit Flow
Client Type Public
https://qiita.com/TakahikoKawasaki/items/200951e5b5929f840a1f
Authorization Code Flow
Confidential Client Type
OAuth 2.0
App
App
Authorization
endpoint
Token
endpoint
Resource
endpoint
Redirect
Redirect
OAuth
Client
Resource
Owner
Authorization ServerSTART
User Information
OAuth 2.0
Resource Server
OK
Access token
OAuth
Server
login
token
client
client
code
access
token
Client
code
Client client_id
client_secret
Implicit Flow
Public Client Type
‣
OAuth Client access token 

token
Authorization
endpoint
Resource
endpoint
Redirect
User Information
App
Redirect
Authorization Server
Resource Server
App
login
token
client_secret
OAuth
Client
Resource
Owner
OAuth Server
Token endpoint
START
client access token
Client client_id
OAuth Client
access token
token
OAuth 2.0
• Facebook OAuth 2.0
1. Authorization code Flow

2. Implicit Flow

3. Hybrid Flow

( Hybrid Flow OpenID Connect )
Authorization Code Flow
• Facebook access token
#5 #6 

access token
•
"Graph API Endpoint"
App
App
Authorization Endpoint
Redirect
Redirect
OAuth
Client
Resource
Owner
#1
START
User Information
OK
Access token
OAuth
Server
login
Client
token
access
token
Graph API Endpoint
API
API
#2 OK
#3 Access token
#4 Access token
#5 Access token
#6 Access token
#7
code
client
client
code
access
token
Facebook
Facebook
#0
Facebook for Developers
https://developers.facebook.com/

•
1. 

2. Valid OAuth Redirect URIs OAuth URL

•
1. ID OAuth Client ID

2. Secret OAuth Client Secret
Redirect URI
URI
Redirect URL
ON
Secret
#1
Location:
https://www.facebook.com/v2.12/dialog/oauth
?client_id="245678901234567"
&request_type="code"
&scope="email public_profile"
&redirect_uri="https://my-redirect-uri"
&state="random_text_data_agaist_csrf"
redirect to Facebook Authorization Endpoint
1. client_id :

#0 " ID"

client
2. request_type ”code” 

"code" Authorization Code Flow

"token" Implicit Flow

"code token" Hybrid Flow
3. scope 



"email" 

"public_profile"
4. redirect_uri:

#0 "redirect_uri"
5. state 



CSRF
state CSRF
code
client
#2
OK
https://my-callback-uri
?code="AQBORpgp-sdRaLAo-xR_assef-lpZiG6W"
&state="random_text_data_agaist_csrf"
1. code :

code

3 4 code access token
2. state:

#1 state

CSRF #1
#1 redirect_uri
state #1
#3
Access token
GET https://graph.facebook.com/v2.12/oauth/access_token
?client_id="245678901234567"
&client_secret="60abc01dab6ae4b0f8acf2abaf1"
&redirect_uri="https://my-redirect-uri/"
&code="AQBORpgp-sdRaLAo-xR_assef-lpZiG6W"
1. client_id :

#0 " ID"

client
2. client_secret 

#0 " Secret"

client
3. redirect_uri:

#0 "redirect_uri"
4. code 

#2 code
GET URL of Facebook Token Endpoint
client_secret
#4
Access token
{
"access_token": "CAWx8Qv2EvZB0-{..省略..}-AvvtNhQZDZD",
"token_type": "bearer",
"expires_in": 5180974
}
1. access_token :

Access token
2. token_type :

token 

OK
3. expired_in :

Response body from Facebook Token Endpoint
Json
Access token
#5
Access token
GET https://graph.facebook.com/debug_token
?input_token="CAWx8Qv2EvZB0-{..省略..}-AvvtNhQZDZD"
&access_token="245678901234567|60abc01dab6ae4b0f8acf2abaf1"
1. input_token :

token

#4 access token
2. access_token 



GET URL of Facebook Debug Token Endpoint
#6
Access token
{
"data": {
"app_id": 245678901234567,
"type": "USER",
"application": "MyApplication",
"expires_at": 1386248263,
"is_valid": true,
"issued_at": 1386251863,
"metadata": {
"sso": "iphone-safari"
},
"scopes": [
"email",
"publish_actions"
],
"user_id": "1234567"
}
}
1. app_id :

#0 client_id 

token
2. user_id :

user_id
Response body from Facebook Token Debug Endpoint
Json
#7
GET https://graph.facebook.com/1234567?fields="id,first_name,name,picture,email"
…
…
…
Authorization: Bearer "CAWx8Qv2EvZB0-{..省略..}-AvvtNhQZDZD"
…
…
GET URL of Facebook Resource Endpoint
Authorization Bearer #4 access token
1. fields :
#6 user_id
#0 redirect_uri #1
- code
token
2018 3 Facebook
1. redirect_uri
2. redirect_uri TSL
#1 state #2
#1
- CSRF code token
OAuth 2.0
”Access Token ” ”OAuth ”
- Access token


- Access token 

- token
OpenID Connect
Implicit Flow
- token (token replace attack)
http://www.thread-safe.com/2012/01/problem-with-oauth-for-authentication.html

https://www.sakimura.org/2012/02/1487/
OpenID Connect
- Authorization Code Flow Web Implicit
Flow 

-
OpenID Connect
OAuth2.0
OpenID Connect
OpenID Connect
• OpenID Connect Core 1.0 incorporating errata set 1

https://openid-foundation-japan.github.io/openid-connect-core-1_0.ja.html

http://openid.net/specs/openid-connect-core-1_0.html

• OpenID Foundation RFC 

•
OpenID Connect
• OAuth 2.0 

- OAuth Access token
ID token 

- token
OpenID Connect
OAuth 2.0
OAuth 2.0 

OAuth 2.0
• TSL
•
• Access token Authorization Bearer
• Access token
Hybrid Flow


Hybrid Flow
‣ token 

‣
Flow
1. Authorization Code Flow
2. Implicit Flow
3. Hybrid Flow
Hybrid Flow OpenID Connect
OAuth 2.0
response_type & Flow
No response_type Flow
1 code
Authorization
Code Flow
OAuth 2.0 Authorization Code Flow 

Authorization Endpoint code 

Token Endpoint code access token ID token
2 token Implicit Flow
OAuth 2.0 Implicit Flow 

Authorization Endpoint access token ID token
3 id_token Implicit Flow Authorization Endpoint ID token access token
4 id_token token Implicit Flow Authorization Endpoint ID token access token
5 code id_token Hybrid Flow
Authorization Code Flow 

Authorization Endpoint code ID token 

Token Endpoint code access token ID token
6 code token Hybrid Flow
Authorization Code Flow 

Authorization Endpoint code access token 

Token Endpoint code access token ID token
7 code token id_token Hybrid Flow
Authorization Code Flow 

Authorization Endpoint code access token ID token 

Token Endpoint code access token ID token
8 none - ID token access token
‣ response_type
ID
”ID ” 

ID token
‣ ID token IdP "ID"
‣ ID token IdP "ID" RP
ID 74387592 ngzm IdP
ID token
• "ID" IdP RP
•
• JWT JSON Web Token 

RFC7519 JSON Web Token (JWT) https://tools.ietf.org/html/rfc7519
Access token
JWT
JSON Header Claim (Payload)
SIgnature URL Safe
1. Header Claim BASE64urlEncode 

2. 1 Header Claim '.' 

3. 2 HMAC SHA256 RS256 ES256 PS256
JWS Signature 

4. 3 BASE64urlEncode 

5. 2 Header Claim '.' 4 

JWT
BASE64urlEncode(Header) + '.' + BASE64urlEncode(Claim) + '.' + BASE64urlEncode(JWS Signature)
JWT
Google ID token JWT
Header
{
"alg":"RS256",
"kid":"7158dc8572 {略} 20a35b073447"
}
Claim
{
"iss":"accounts.google.com",
"at_hash":"HK6E_P6Dh8Y93mRNtsDB1Q",
"email_verified":"true",
"sub":"10769150350006150715113082367",
"azp":"3456789012.apps.google.com",
"email":"jsmith@example.com",
"aud":"3456789012.apps.google.com",
"iat":1353601026,
"exp":1353604926,
"nonce": "0394852-3190485-2490358",
}
1.iss: IdPのID
2.at_hash: 同時生成のaccess tokenハッシュ値
3.email_verified: email検証結果
4.sub: End Userのgoogle内部ID
5.azp: RPのclient_id
6.email: End Userのemail
7.aud: RPのID
8.iat: token発行時刻
9.exp: token有効期限時刻
10.nonce: nonce
1.alg: 署名アルゴリズム RS256形式
2.kid: RS256公開鍵を探すためのID
access token
JWT js
// JWT Header
let header = {};
header.alg = 'HS256'; // 署名アルゴリズム:HMAC SHA256 による署名の場合は'HS256'
header.typ = 'JWT'; // JWT形式を明示
// JWT Payload(Claim Set)
let claim = {};
claim.iss = 'Identity Party ID'; // JWT発行者の識別子 → IdP の ID
claim.sub = 'End User ID'; // エンドユーザ識別子 → end user ID
claim.nbf = 'current time'; // JWTが有効になる日時
claim.iat = 'issue time'; // JWTを発行した日時
claim.exp = 'expire time'; // JWTの有効期限日時
claim.jti = 'unique ID'; // JWT自体を一意に識別する任意の文字列
claim.aud = 'Relying Party ID'; // JWT利用者の識別子 → RP の ID
// Secret Key
const secret_key = 'XXXXXXXXXX' ; // HMAC SHA256 署名の秘密鍵 → client_secret
// Generate JWT(jsrsasign というJSライブラリを使用した例)
const jwt = KJUR.jws.JWS.sign('HS256', JSON.stringify(header), JSON.stringify(claim), secret_key);
Userinfo Endpoint 

‣ OAuth 2.0 Access token 

‣ OpenID Connect Access token Userinfo Endpoint
OpenID Connect
Flow
Flow


1. Authorization Code Flow 

2. Implicit Flow 

3. Hybrid Flow
https://qiita.com/TakahikoKawasaki/items/4ee9b55db9f7ef352b47
Authorization Code Flow
response_type=code
• OAuth 2.0 Authorization Code Flow
•
App
Authorization
endpoint
Token
endpoint
UserInfo endpoint
Redirect
Redirect
Relying PartyEnd-User
START
User Information
OK
OK
ID token
Identiy Provider
login
client
token
response_type = code
ID token
App
client
access
token
ID
token
client
code
code
ID token
Access token
ID token at_hash
claim
access token
ID token IdP RP
Client client_id
client_secret
Implicit Flow
response_type=token
response_type=id_token
response_type=token id_token
SPA JS
response_type = token id_token
Authorization
endpoint
Resource
endpoint
Redirect
User Information
App
Redirect
App
login
token
Token endpoint
START
client access token
access token id_token
Relying
Party
End-User
Identiy Provider
ID token at_hash
claim
access token
client_secret
Client client_id
Hybrid Flow
response_type=code token
response_type=code id_token
response_type=code token id_token
• OAuth 2.0 Implicit Flow Authorization Code Flow
- Implicit Flow Access token ID token


- Authorization code Flow code Access token ID token
code token
Authorization
endpoint
Redirect
End-User
App
Redirect
START
App
login
Relying Party
App
Identity Provider
response_type = code token
Relying Party
Token
endpoint
UserInfo endpoint
token
User Information
access token
client
access
token
ID
token
client
code
client
code
access token
access
token
access token
code access token, id_token
Authorization
endpoint
Redirect
End-User
App
Redirect
START
App
login
Relying Party
App
Identity Provider
response_type = code token id_token
Relying Party
Token
endpoint
UserInfo endpoint
token
User Information
access token
ID token
client
access
token
ID
token
client
code
client
code
access
token
access token
OpenID Connect
• Google Openid Connect
1. Authorization code Flow

2. Implicit Flow

( Hybrid Flow )
Authorization Code Flow
App
Authorization
endpoint
Token
endpoint
UserInfo endpoint
Redirect
Redirect
Relying PartyEnd-User
START
User Information
OK
OK
ID token
Identity Provider
login
client
token
App
client
access
token
ID
token
client
code
code
Google
Google
#1
#2 OK
#3 Access token + ID token
#4 Access token + ID token
#5 ID token
#6
#0
Google API Console
https://console.developers.google.com/

•
1. 

2. 

3. URL

4. JavaScript 

5. URI OAuth URL

•
1. ID OAuth Client ID

2. Secret OAuth Client Secret
Google URI
Secret
#1
Location:
https://accounts.google.com/o/oauth2/v2/auth
?client_id="3456789012.apps.google.com"
&response_type="code"
&scope="openid email profile"
&redirect_uri="https://my-redirect-uri"
&state="random_text_data_agaist_csrf"
&nonce="0394852-3190485-2490358"
redirect to Google Authorization Endpoint
1. client_id :

#0 " ID"
2. request_type 

"code" Authorization Code Flow

"token id_token" Implicit Flow
3. scope 



"openid" OpenID Connect 

"email" 

"profile"
4. redirect_uri:

#0 redirect_uri
5. state 

CSRF
6. nonce 



Replay Attack
state CSRF
nonce
openid
code
#2
OK
https://my-callback-uri
?state="random_text_data_agaist_csrf"
&code="4/P7q7W91a-oMsCeLvIaQm6bTrgtp7"
1. state:

#1 state

CSRF #1
2. code :

code

3 4 code access token
#1 redirect_uri
state #1
#3
Access token, ID token
POST https://www.googleapis.com/oauth2/v4/token HTTP/1.1
Content-Type: application/x-www-form-urlencoded
...
...
code="4/P7q7W91a-oMsCeLvIaQm6bTrgtp7"
&client_id="3456789012.apps.google.com"
&client_secret="60abc01dab6ae4b0f8acf2abaf1"
&redirect_uri="https://my-redirect-uri"
&grant_type="authorization_code"
1. code 

#2 code
2. client_id :

#0 " ID"
3. client_secret 

#0 ” Secret"
4. redirect_uri:

#0 redirect_uri
5. grant_type 

”autorization_code”
POST URL of Google Token Endpoint
#4
Access token, ID token
{
"access_token": "df7773dbc8b7d-{..省略..}-8a91ae2372e1",
"id_token": "eyJhbGJSLKDFJKLSzI1NiJ9
.eyJ3MiOit-{..省略..}-81ae2372e1
.jMgjfEYmy-{..省略..}-S5Iv5ZP5ZA",
"token_type": "bearer",
"expires_in": 5180974
}
1. access_token :

Access token
2. id_token :

ID token
3. token_type :

token 

OK
4. expired_in :

Response body from Google Token Endpoint Json
Access token
ID token
#5
ID token
{
"iss":"accounts.google.com",
"at_hash":"HK6E_P6Dh8Y93mRNtsDB1Q",
"email_verified":"true",
"sub":"10769150350006150715113082367",
"azp":"3456789012.apps.google.com",
"email":"jsmith@example.com",
"aud":"3456789012.apps.google.com",
"iat":1353601026,
"exp":1353604926,
"nonce": "0394852-3190485-2490358",
}
1. iss :

IdP ID
2. at_hash :

access token
3. email _verified:

End User email
4. sub :

End User google ID
5. azp 

RP client_id
6. email 

End User email
7. aud 

RP ID
8. iat 

token
9. exp 

token
10.nonce 

1 nonce
Google ID token 's Payload
nonce #1
access token
End User ID
Idp
RP
#7
GET https://www.googleapis.com/oauth2/v3/userinfo
…
…
Authorization: Bearer "df7773dbc8b7d-{..省略..}-8a91ae2372e1"
…
…
GET URL of Google Userinfo Endpoint
Authorization Bearer #4 access token
#0 redirect_uri #1
- code
token 

state #1 #2
#1
- CSRF code token
Google
nonce #1 #5
Replay Attack
- Replay Attack


nonce Replay Attack 

Implicit Flow Hybrid Flow nonce
OpenID Connect
•


• OAuth 1.0 OAuth 2.0 OpenID
OpenID Connect 

...
OpenID Connect
• 

• OAuth 1.0 OAuth 2.0 

• OpenID Connect
• OAuth 1.0 → OAuth 2.0 → OpenID Connect 

• OAuth 1.0 OAuth 2.0 

• OpenID Connect OAuth 2.0
ID token
• OAuth 1.0

‣ 

‣ TSL 

‣ 

‣ Replay Attack
• OAuth 2.0

‣ TSL 

‣ 

‣ 

‣ token 

‣ CSRF Redirect URI
• OpenID Connect

‣ TSL OAuth 2.0 

‣ 

‣ ID token IdP ID
ID 

‣ ID token Access token 

‣ CSRF Redirect URI Replay Attack
• RFC and OpenID Foundation

- https://tools.ietf.org/html/rfc5849 (5849: OAuth 1.0)

- https://tools.ietf.org/html/rfc6749 (6749: OAuth 2.0)

- https://tools.ietf.org/html/rfc6750 (6750: Bearer token)

- http://openid.net/specs/openid-connect-core-1_0.html (OpenID Connect)

• RFC and OpenID Foundation 

- https://openid-foundation-japan.github.io/rfc5849.ja.html

- https://openid-foundation-japan.github.io/rfc6749.ja.html

- https://openid-foundation-japan.github.io/rfc6750.ja.html

- https://openid-foundation-japan.github.io/openid-connect-core-1_0.ja.html

• OAuth & OpenID Connect RFC 

- https://qiita.com/TakahikoKawasaki/items/185d34814eb9f7ac7ef3
• OAuth 1.0 on Twitter

- https://developer.twitter.com/en/docs/basics/authentication/overview/oauth

- https://dev.twitter.com/web/sign-in/implementing

- https://syncer.jp/Web/API/Twitter/REST_API/

• OAuth 2.0 

- https://qiita.com/TakahikoKawasaki/items/200951e5b5929f840a1f

- https://www.buildinsider.net/enterprise/openid/oauth20

- http://www.atmarkit.co.jp/fsmart/articles/oauth2/01.html

• OAuth 2.0 on Facebook

- https://developers.facebook.com/

- https://developers.facebook.com/docs/facebook-login/manually-build-a-login-flow

- http://tech.vasily.jp/entry/facebook_graph_api
• OpenID Connect 

- https://www.slideshare.net/kura_lab/openid-connect-id

- https://www.slideshare.net/matake/connect-intro-dev-love

- https://qiita.com/TakahikoKawasaki/items/4ee9b55db9f7ef352b47

- https://www.buildinsider.net/enterprise/openid/connect

- https://tools.ietf.org/html/rfc7519 (RFC)

- https://hiyosi.tumblr.com/post/70073770678/
jwt%E3%81%AB%E3%81%A4%E3%81%84%E3%81%A6%E7%B0%A1%E5%8D%98%E3%8
1%AB%E3%81%BE%E3%81%A8%E3%82%81%E3%81%A6%E3%81%BF%E3%81%9F

• OpenID Connect on Google

- https://developers.google.com/identity/protocols/OpenIDConnect
• 

- https://tools.ietf.org/html/rfc6819 (RFC)

- http://www.thread-safe.com/2012/01/problem-with-oauth-for-authentication.html

- http://www.atmarkit.co.jp/ait/articles/1710/24/news011.html
アプリ開発で知っておきたい認証技術 - OAuth 1.0 + OAuth 2.0 + OpenID Connect -

More Related Content

What's hot

KeycloakでAPI認可に入門する
KeycloakでAPI認可に入門するKeycloakでAPI認可に入門する
KeycloakでAPI認可に入門する
Hitachi, Ltd. OSS Solution Center.
 
マイクロにしすぎた結果がこれだよ!
マイクロにしすぎた結果がこれだよ!マイクロにしすぎた結果がこれだよ!
マイクロにしすぎた結果がこれだよ!
mosa siru
 
Keycloak入門
Keycloak入門Keycloak入門
Keycloak入門
Hiroyuki Wada
 
Azure API Management 俺的マニュアル
Azure API Management 俺的マニュアルAzure API Management 俺的マニュアル
Azure API Management 俺的マニュアル
貴志 上坂
 
SQLアンチパターン 幻の第26章「とりあえず削除フラグ」
SQLアンチパターン 幻の第26章「とりあえず削除フラグ」SQLアンチパターン 幻の第26章「とりあえず削除フラグ」
SQLアンチパターン 幻の第26章「とりあえず削除フラグ」
Takuto Wada
 
ネットストーカー御用達OSINTツールBlackBirdを触ってみた.pptx
ネットストーカー御用達OSINTツールBlackBirdを触ってみた.pptxネットストーカー御用達OSINTツールBlackBirdを触ってみた.pptx
ネットストーカー御用達OSINTツールBlackBirdを触ってみた.pptx
Shota Shinogi
 
Spring Boot の Web アプリケーションを Docker に載せて AWS ECS で動かしている話
Spring Boot の Web アプリケーションを Docker に載せて AWS ECS で動かしている話Spring Boot の Web アプリケーションを Docker に載せて AWS ECS で動かしている話
Spring Boot の Web アプリケーションを Docker に載せて AWS ECS で動かしている話
JustSystems Corporation
 
プロトコルから見るID連携
プロトコルから見るID連携プロトコルから見るID連携
プロトコルから見るID連携
Naohiro Fujie
 
AWSのログ管理ベストプラクティス
AWSのログ管理ベストプラクティスAWSのログ管理ベストプラクティス
AWSのログ管理ベストプラクティス
Akihiro Kuwano
 
OpenID Connect 入門 〜コンシューマーにおけるID連携のトレンド〜
OpenID Connect 入門 〜コンシューマーにおけるID連携のトレンド〜OpenID Connect 入門 〜コンシューマーにおけるID連携のトレンド〜
OpenID Connect 入門 〜コンシューマーにおけるID連携のトレンド〜
Masaru Kurahayashi
 
Keycloakのステップアップ認証について
Keycloakのステップアップ認証についてKeycloakのステップアップ認証について
Keycloakのステップアップ認証について
Hitachi, Ltd. OSS Solution Center.
 
Spring Boot × Vue.jsでSPAを作る
Spring Boot × Vue.jsでSPAを作るSpring Boot × Vue.jsでSPAを作る
Spring Boot × Vue.jsでSPAを作る
Go Miyasaka
 
「関心の分離」と「疎結合」 ソフトウェアアーキテクチャのひとかけら
「関心の分離」と「疎結合」   ソフトウェアアーキテクチャのひとかけら「関心の分離」と「疎結合」   ソフトウェアアーキテクチャのひとかけら
「関心の分離」と「疎結合」 ソフトウェアアーキテクチャのひとかけら
Atsushi Nakamura
 
OpenID ConnectとAndroidアプリのログインサイクル
OpenID ConnectとAndroidアプリのログインサイクルOpenID ConnectとAndroidアプリのログインサイクル
OpenID ConnectとAndroidアプリのログインサイクル
Masaru Kurahayashi
 
Dockerからcontainerdへの移行
Dockerからcontainerdへの移行Dockerからcontainerdへの移行
Dockerからcontainerdへの移行
Akihiro Suda
 
最近のKeycloakのご紹介 ~クライアントポリシーとFAPI~
最近のKeycloakのご紹介 ~クライアントポリシーとFAPI~最近のKeycloakのご紹介 ~クライアントポリシーとFAPI~
最近のKeycloakのご紹介 ~クライアントポリシーとFAPI~
Hitachi, Ltd. OSS Solution Center.
 
イミュータブルデータモデルの極意
イミュータブルデータモデルの極意イミュータブルデータモデルの極意
イミュータブルデータモデルの極意
Yoshitaka Kawashima
 
人生がときめくAPIテスト自動化 with Karate
人生がときめくAPIテスト自動化 with Karate人生がときめくAPIテスト自動化 with Karate
人生がときめくAPIテスト自動化 with Karate
Takanori Suzuki
 
FIWARE Orion Context Broker コンテキスト情報管理 (Orion 3.4.0対応)
FIWARE Orion Context Broker コンテキスト情報管理 (Orion 3.4.0対応)FIWARE Orion Context Broker コンテキスト情報管理 (Orion 3.4.0対応)
FIWARE Orion Context Broker コンテキスト情報管理 (Orion 3.4.0対応)
fisuda
 
Azure AD とアプリケーションを SAML 連携する際に陥る事例と対処方法について
Azure AD とアプリケーションを SAML 連携する際に陥る事例と対処方法についてAzure AD とアプリケーションを SAML 連携する際に陥る事例と対処方法について
Azure AD とアプリケーションを SAML 連携する際に陥る事例と対処方法について
Shinya Yamaguchi
 

What's hot (20)

KeycloakでAPI認可に入門する
KeycloakでAPI認可に入門するKeycloakでAPI認可に入門する
KeycloakでAPI認可に入門する
 
マイクロにしすぎた結果がこれだよ!
マイクロにしすぎた結果がこれだよ!マイクロにしすぎた結果がこれだよ!
マイクロにしすぎた結果がこれだよ!
 
Keycloak入門
Keycloak入門Keycloak入門
Keycloak入門
 
Azure API Management 俺的マニュアル
Azure API Management 俺的マニュアルAzure API Management 俺的マニュアル
Azure API Management 俺的マニュアル
 
SQLアンチパターン 幻の第26章「とりあえず削除フラグ」
SQLアンチパターン 幻の第26章「とりあえず削除フラグ」SQLアンチパターン 幻の第26章「とりあえず削除フラグ」
SQLアンチパターン 幻の第26章「とりあえず削除フラグ」
 
ネットストーカー御用達OSINTツールBlackBirdを触ってみた.pptx
ネットストーカー御用達OSINTツールBlackBirdを触ってみた.pptxネットストーカー御用達OSINTツールBlackBirdを触ってみた.pptx
ネットストーカー御用達OSINTツールBlackBirdを触ってみた.pptx
 
Spring Boot の Web アプリケーションを Docker に載せて AWS ECS で動かしている話
Spring Boot の Web アプリケーションを Docker に載せて AWS ECS で動かしている話Spring Boot の Web アプリケーションを Docker に載せて AWS ECS で動かしている話
Spring Boot の Web アプリケーションを Docker に載せて AWS ECS で動かしている話
 
プロトコルから見るID連携
プロトコルから見るID連携プロトコルから見るID連携
プロトコルから見るID連携
 
AWSのログ管理ベストプラクティス
AWSのログ管理ベストプラクティスAWSのログ管理ベストプラクティス
AWSのログ管理ベストプラクティス
 
OpenID Connect 入門 〜コンシューマーにおけるID連携のトレンド〜
OpenID Connect 入門 〜コンシューマーにおけるID連携のトレンド〜OpenID Connect 入門 〜コンシューマーにおけるID連携のトレンド〜
OpenID Connect 入門 〜コンシューマーにおけるID連携のトレンド〜
 
Keycloakのステップアップ認証について
Keycloakのステップアップ認証についてKeycloakのステップアップ認証について
Keycloakのステップアップ認証について
 
Spring Boot × Vue.jsでSPAを作る
Spring Boot × Vue.jsでSPAを作るSpring Boot × Vue.jsでSPAを作る
Spring Boot × Vue.jsでSPAを作る
 
「関心の分離」と「疎結合」 ソフトウェアアーキテクチャのひとかけら
「関心の分離」と「疎結合」   ソフトウェアアーキテクチャのひとかけら「関心の分離」と「疎結合」   ソフトウェアアーキテクチャのひとかけら
「関心の分離」と「疎結合」 ソフトウェアアーキテクチャのひとかけら
 
OpenID ConnectとAndroidアプリのログインサイクル
OpenID ConnectとAndroidアプリのログインサイクルOpenID ConnectとAndroidアプリのログインサイクル
OpenID ConnectとAndroidアプリのログインサイクル
 
Dockerからcontainerdへの移行
Dockerからcontainerdへの移行Dockerからcontainerdへの移行
Dockerからcontainerdへの移行
 
最近のKeycloakのご紹介 ~クライアントポリシーとFAPI~
最近のKeycloakのご紹介 ~クライアントポリシーとFAPI~最近のKeycloakのご紹介 ~クライアントポリシーとFAPI~
最近のKeycloakのご紹介 ~クライアントポリシーとFAPI~
 
イミュータブルデータモデルの極意
イミュータブルデータモデルの極意イミュータブルデータモデルの極意
イミュータブルデータモデルの極意
 
人生がときめくAPIテスト自動化 with Karate
人生がときめくAPIテスト自動化 with Karate人生がときめくAPIテスト自動化 with Karate
人生がときめくAPIテスト自動化 with Karate
 
FIWARE Orion Context Broker コンテキスト情報管理 (Orion 3.4.0対応)
FIWARE Orion Context Broker コンテキスト情報管理 (Orion 3.4.0対応)FIWARE Orion Context Broker コンテキスト情報管理 (Orion 3.4.0対応)
FIWARE Orion Context Broker コンテキスト情報管理 (Orion 3.4.0対応)
 
Azure AD とアプリケーションを SAML 連携する際に陥る事例と対処方法について
Azure AD とアプリケーションを SAML 連携する際に陥る事例と対処方法についてAzure AD とアプリケーションを SAML 連携する際に陥る事例と対処方法について
Azure AD とアプリケーションを SAML 連携する際に陥る事例と対処方法について
 

Similar to アプリ開発で知っておきたい認証技術 - OAuth 1.0 + OAuth 2.0 + OpenID Connect -

What the Heck is OAuth and OIDC - UberConf 2018
What the Heck is OAuth and OIDC - UberConf 2018What the Heck is OAuth and OIDC - UberConf 2018
What the Heck is OAuth and OIDC - UberConf 2018
Matt Raible
 
OAuth 2 at Webvisions
OAuth 2 at WebvisionsOAuth 2 at Webvisions
OAuth 2 at Webvisions
Aaron Parecki
 
Some OAuth love
Some OAuth loveSome OAuth love
Some OAuth love
Nicolas Blanco
 
O auth how_to
O auth how_toO auth how_to
O auth how_to
vivaqa
 
Authorization with oAuth
Authorization with oAuthAuthorization with oAuth
Authorization with oAuth
Vivastream
 
AllTheTalks.Online 2020: "Basics of OAuth 2.0 and OpenID Connect"
AllTheTalks.Online 2020: "Basics of OAuth 2.0 and OpenID Connect"AllTheTalks.Online 2020: "Basics of OAuth 2.0 and OpenID Connect"
AllTheTalks.Online 2020: "Basics of OAuth 2.0 and OpenID Connect"
Andreas Falk
 
The Identity Problem of the Web and how to solve it
The Identity Problem of the Web and how to solve itThe Identity Problem of the Web and how to solve it
The Identity Problem of the Web and how to solve it
Bastian Hofmann
 
The Current State of OAuth 2
The Current State of OAuth 2The Current State of OAuth 2
The Current State of OAuth 2
Aaron Parecki
 
What the Heck is OAuth and OIDC - Denver Developer Identity Workshop 2020
What the Heck is OAuth and OIDC - Denver Developer Identity Workshop 2020What the Heck is OAuth and OIDC - Denver Developer Identity Workshop 2020
What the Heck is OAuth and OIDC - Denver Developer Identity Workshop 2020
Matt Raible
 
OAuth and OEmbed
OAuth and OEmbedOAuth and OEmbed
OAuth and OEmbed
leahculver
 
Identity, authentication and authorization
Identity, authentication and authorizationIdentity, authentication and authorization
Identity, authentication and authorization
Mithun Shanbhag
 
OAuth2 para desarrolladores
OAuth2 para desarrolladoresOAuth2 para desarrolladores
OAuth2 para desarrolladores
Luis Ruiz Pavón
 
2019 - Tech Talk DC - Token-based security for web applications using OAuth2 ...
2019 - Tech Talk DC - Token-based security for web applications using OAuth2 ...2019 - Tech Talk DC - Token-based security for web applications using OAuth2 ...
2019 - Tech Talk DC - Token-based security for web applications using OAuth2 ...
Vladimir Bychkov
 
An Introduction to OAuth2
An Introduction to OAuth2An Introduction to OAuth2
An Introduction to OAuth2
Aaron Parecki
 
Infinum Android Talks #01 - Retrofit
Infinum Android Talks #01 - RetrofitInfinum Android Talks #01 - Retrofit
Infinum Android Talks #01 - Retrofit
Infinum
 
INTERFACE by apidays - The State of OAuth by Aaron Parecki,
INTERFACE by apidays - The State of OAuth by Aaron Parecki,INTERFACE by apidays - The State of OAuth by Aaron Parecki,
INTERFACE by apidays - The State of OAuth by Aaron Parecki,
apidays
 
OAuth 2.0 and Library
OAuth 2.0 and LibraryOAuth 2.0 and Library
OAuth 2.0 and Library
Kenji Otsuka
 
Introduction to OAuth
Introduction to OAuthIntroduction to OAuth
Introduction to OAuth
Paul Osman
 
An Introduction to OAuth 2
An Introduction to OAuth 2An Introduction to OAuth 2
An Introduction to OAuth 2
Aaron Parecki
 
Implementing OAuth
Implementing OAuthImplementing OAuth
Implementing OAuth
leahculver
 

Similar to アプリ開発で知っておきたい認証技術 - OAuth 1.0 + OAuth 2.0 + OpenID Connect - (20)

What the Heck is OAuth and OIDC - UberConf 2018
What the Heck is OAuth and OIDC - UberConf 2018What the Heck is OAuth and OIDC - UberConf 2018
What the Heck is OAuth and OIDC - UberConf 2018
 
OAuth 2 at Webvisions
OAuth 2 at WebvisionsOAuth 2 at Webvisions
OAuth 2 at Webvisions
 
Some OAuth love
Some OAuth loveSome OAuth love
Some OAuth love
 
O auth how_to
O auth how_toO auth how_to
O auth how_to
 
Authorization with oAuth
Authorization with oAuthAuthorization with oAuth
Authorization with oAuth
 
AllTheTalks.Online 2020: "Basics of OAuth 2.0 and OpenID Connect"
AllTheTalks.Online 2020: "Basics of OAuth 2.0 and OpenID Connect"AllTheTalks.Online 2020: "Basics of OAuth 2.0 and OpenID Connect"
AllTheTalks.Online 2020: "Basics of OAuth 2.0 and OpenID Connect"
 
The Identity Problem of the Web and how to solve it
The Identity Problem of the Web and how to solve itThe Identity Problem of the Web and how to solve it
The Identity Problem of the Web and how to solve it
 
The Current State of OAuth 2
The Current State of OAuth 2The Current State of OAuth 2
The Current State of OAuth 2
 
What the Heck is OAuth and OIDC - Denver Developer Identity Workshop 2020
What the Heck is OAuth and OIDC - Denver Developer Identity Workshop 2020What the Heck is OAuth and OIDC - Denver Developer Identity Workshop 2020
What the Heck is OAuth and OIDC - Denver Developer Identity Workshop 2020
 
OAuth and OEmbed
OAuth and OEmbedOAuth and OEmbed
OAuth and OEmbed
 
Identity, authentication and authorization
Identity, authentication and authorizationIdentity, authentication and authorization
Identity, authentication and authorization
 
OAuth2 para desarrolladores
OAuth2 para desarrolladoresOAuth2 para desarrolladores
OAuth2 para desarrolladores
 
2019 - Tech Talk DC - Token-based security for web applications using OAuth2 ...
2019 - Tech Talk DC - Token-based security for web applications using OAuth2 ...2019 - Tech Talk DC - Token-based security for web applications using OAuth2 ...
2019 - Tech Talk DC - Token-based security for web applications using OAuth2 ...
 
An Introduction to OAuth2
An Introduction to OAuth2An Introduction to OAuth2
An Introduction to OAuth2
 
Infinum Android Talks #01 - Retrofit
Infinum Android Talks #01 - RetrofitInfinum Android Talks #01 - Retrofit
Infinum Android Talks #01 - Retrofit
 
INTERFACE by apidays - The State of OAuth by Aaron Parecki,
INTERFACE by apidays - The State of OAuth by Aaron Parecki,INTERFACE by apidays - The State of OAuth by Aaron Parecki,
INTERFACE by apidays - The State of OAuth by Aaron Parecki,
 
OAuth 2.0 and Library
OAuth 2.0 and LibraryOAuth 2.0 and Library
OAuth 2.0 and Library
 
Introduction to OAuth
Introduction to OAuthIntroduction to OAuth
Introduction to OAuth
 
An Introduction to OAuth 2
An Introduction to OAuth 2An Introduction to OAuth 2
An Introduction to OAuth 2
 
Implementing OAuth
Implementing OAuthImplementing OAuth
Implementing OAuth
 

Recently uploaded

Must Know Postgres Extension for DBA and Developer during Migration
Must Know Postgres Extension for DBA and Developer during MigrationMust Know Postgres Extension for DBA and Developer during Migration
Must Know Postgres Extension for DBA and Developer during Migration
Mydbops
 
Mutation Testing for Task-Oriented Chatbots
Mutation Testing for Task-Oriented ChatbotsMutation Testing for Task-Oriented Chatbots
Mutation Testing for Task-Oriented Chatbots
Pablo Gómez Abajo
 
MySQL InnoDB Storage Engine: Deep Dive - Mydbops
MySQL InnoDB Storage Engine: Deep Dive - MydbopsMySQL InnoDB Storage Engine: Deep Dive - Mydbops
MySQL InnoDB Storage Engine: Deep Dive - Mydbops
Mydbops
 
"What does it really mean for your system to be available, or how to define w...
"What does it really mean for your system to be available, or how to define w..."What does it really mean for your system to be available, or how to define w...
"What does it really mean for your system to be available, or how to define w...
Fwdays
 
JavaLand 2024: Application Development Green Masterplan
JavaLand 2024: Application Development Green MasterplanJavaLand 2024: Application Development Green Masterplan
JavaLand 2024: Application Development Green Masterplan
Miro Wengner
 
AI in the Workplace Reskilling, Upskilling, and Future Work.pptx
AI in the Workplace Reskilling, Upskilling, and Future Work.pptxAI in the Workplace Reskilling, Upskilling, and Future Work.pptx
AI in the Workplace Reskilling, Upskilling, and Future Work.pptx
Sunil Jagani
 
"NATO Hackathon Winner: AI-Powered Drug Search", Taras Kloba
"NATO Hackathon Winner: AI-Powered Drug Search",  Taras Kloba"NATO Hackathon Winner: AI-Powered Drug Search",  Taras Kloba
"NATO Hackathon Winner: AI-Powered Drug Search", Taras Kloba
Fwdays
 
What is an RPA CoE? Session 2 – CoE Roles
What is an RPA CoE?  Session 2 – CoE RolesWhat is an RPA CoE?  Session 2 – CoE Roles
What is an RPA CoE? Session 2 – CoE Roles
DianaGray10
 
"Choosing proper type of scaling", Olena Syrota
"Choosing proper type of scaling", Olena Syrota"Choosing proper type of scaling", Olena Syrota
"Choosing proper type of scaling", Olena Syrota
Fwdays
 
The Microsoft 365 Migration Tutorial For Beginner.pptx
The Microsoft 365 Migration Tutorial For Beginner.pptxThe Microsoft 365 Migration Tutorial For Beginner.pptx
The Microsoft 365 Migration Tutorial For Beginner.pptx
operationspcvita
 
Christine's Product Research Presentation.pptx
Christine's Product Research Presentation.pptxChristine's Product Research Presentation.pptx
Christine's Product Research Presentation.pptx
christinelarrosa
 
Lee Barnes - Path to Becoming an Effective Test Automation Engineer.pdf
Lee Barnes - Path to Becoming an Effective Test Automation Engineer.pdfLee Barnes - Path to Becoming an Effective Test Automation Engineer.pdf
Lee Barnes - Path to Becoming an Effective Test Automation Engineer.pdf
leebarnesutopia
 
Harnessing the Power of NLP and Knowledge Graphs for Opioid Research
Harnessing the Power of NLP and Knowledge Graphs for Opioid ResearchHarnessing the Power of NLP and Knowledge Graphs for Opioid Research
Harnessing the Power of NLP and Knowledge Graphs for Opioid Research
Neo4j
 
Astute Business Solutions | Oracle Cloud Partner |
Astute Business Solutions | Oracle Cloud Partner |Astute Business Solutions | Oracle Cloud Partner |
Astute Business Solutions | Oracle Cloud Partner |
AstuteBusiness
 
Apps Break Data
Apps Break DataApps Break Data
Apps Break Data
Ivo Velitchkov
 
Northern Engraving | Modern Metal Trim, Nameplates and Appliance Panels
Northern Engraving | Modern Metal Trim, Nameplates and Appliance PanelsNorthern Engraving | Modern Metal Trim, Nameplates and Appliance Panels
Northern Engraving | Modern Metal Trim, Nameplates and Appliance Panels
Northern Engraving
 
"Scaling RAG Applications to serve millions of users", Kevin Goedecke
"Scaling RAG Applications to serve millions of users",  Kevin Goedecke"Scaling RAG Applications to serve millions of users",  Kevin Goedecke
"Scaling RAG Applications to serve millions of users", Kevin Goedecke
Fwdays
 
Y-Combinator seed pitch deck template PP
Y-Combinator seed pitch deck template PPY-Combinator seed pitch deck template PP
Y-Combinator seed pitch deck template PP
c5vrf27qcz
 
AWS Certified Solutions Architect Associate (SAA-C03)
AWS Certified Solutions Architect Associate (SAA-C03)AWS Certified Solutions Architect Associate (SAA-C03)
AWS Certified Solutions Architect Associate (SAA-C03)
HarpalGohil4
 
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...
Jason Yip
 

Recently uploaded (20)

Must Know Postgres Extension for DBA and Developer during Migration
Must Know Postgres Extension for DBA and Developer during MigrationMust Know Postgres Extension for DBA and Developer during Migration
Must Know Postgres Extension for DBA and Developer during Migration
 
Mutation Testing for Task-Oriented Chatbots
Mutation Testing for Task-Oriented ChatbotsMutation Testing for Task-Oriented Chatbots
Mutation Testing for Task-Oriented Chatbots
 
MySQL InnoDB Storage Engine: Deep Dive - Mydbops
MySQL InnoDB Storage Engine: Deep Dive - MydbopsMySQL InnoDB Storage Engine: Deep Dive - Mydbops
MySQL InnoDB Storage Engine: Deep Dive - Mydbops
 
"What does it really mean for your system to be available, or how to define w...
"What does it really mean for your system to be available, or how to define w..."What does it really mean for your system to be available, or how to define w...
"What does it really mean for your system to be available, or how to define w...
 
JavaLand 2024: Application Development Green Masterplan
JavaLand 2024: Application Development Green MasterplanJavaLand 2024: Application Development Green Masterplan
JavaLand 2024: Application Development Green Masterplan
 
AI in the Workplace Reskilling, Upskilling, and Future Work.pptx
AI in the Workplace Reskilling, Upskilling, and Future Work.pptxAI in the Workplace Reskilling, Upskilling, and Future Work.pptx
AI in the Workplace Reskilling, Upskilling, and Future Work.pptx
 
"NATO Hackathon Winner: AI-Powered Drug Search", Taras Kloba
"NATO Hackathon Winner: AI-Powered Drug Search",  Taras Kloba"NATO Hackathon Winner: AI-Powered Drug Search",  Taras Kloba
"NATO Hackathon Winner: AI-Powered Drug Search", Taras Kloba
 
What is an RPA CoE? Session 2 – CoE Roles
What is an RPA CoE?  Session 2 – CoE RolesWhat is an RPA CoE?  Session 2 – CoE Roles
What is an RPA CoE? Session 2 – CoE Roles
 
"Choosing proper type of scaling", Olena Syrota
"Choosing proper type of scaling", Olena Syrota"Choosing proper type of scaling", Olena Syrota
"Choosing proper type of scaling", Olena Syrota
 
The Microsoft 365 Migration Tutorial For Beginner.pptx
The Microsoft 365 Migration Tutorial For Beginner.pptxThe Microsoft 365 Migration Tutorial For Beginner.pptx
The Microsoft 365 Migration Tutorial For Beginner.pptx
 
Christine's Product Research Presentation.pptx
Christine's Product Research Presentation.pptxChristine's Product Research Presentation.pptx
Christine's Product Research Presentation.pptx
 
Lee Barnes - Path to Becoming an Effective Test Automation Engineer.pdf
Lee Barnes - Path to Becoming an Effective Test Automation Engineer.pdfLee Barnes - Path to Becoming an Effective Test Automation Engineer.pdf
Lee Barnes - Path to Becoming an Effective Test Automation Engineer.pdf
 
Harnessing the Power of NLP and Knowledge Graphs for Opioid Research
Harnessing the Power of NLP and Knowledge Graphs for Opioid ResearchHarnessing the Power of NLP and Knowledge Graphs for Opioid Research
Harnessing the Power of NLP and Knowledge Graphs for Opioid Research
 
Astute Business Solutions | Oracle Cloud Partner |
Astute Business Solutions | Oracle Cloud Partner |Astute Business Solutions | Oracle Cloud Partner |
Astute Business Solutions | Oracle Cloud Partner |
 
Apps Break Data
Apps Break DataApps Break Data
Apps Break Data
 
Northern Engraving | Modern Metal Trim, Nameplates and Appliance Panels
Northern Engraving | Modern Metal Trim, Nameplates and Appliance PanelsNorthern Engraving | Modern Metal Trim, Nameplates and Appliance Panels
Northern Engraving | Modern Metal Trim, Nameplates and Appliance Panels
 
"Scaling RAG Applications to serve millions of users", Kevin Goedecke
"Scaling RAG Applications to serve millions of users",  Kevin Goedecke"Scaling RAG Applications to serve millions of users",  Kevin Goedecke
"Scaling RAG Applications to serve millions of users", Kevin Goedecke
 
Y-Combinator seed pitch deck template PP
Y-Combinator seed pitch deck template PPY-Combinator seed pitch deck template PP
Y-Combinator seed pitch deck template PP
 
AWS Certified Solutions Architect Associate (SAA-C03)
AWS Certified Solutions Architect Associate (SAA-C03)AWS Certified Solutions Architect Associate (SAA-C03)
AWS Certified Solutions Architect Associate (SAA-C03)
 
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...
 

アプリ開発で知っておきたい認証技術 - OAuth 1.0 + OAuth 2.0 + OpenID Connect -