OpenID Connect 101 @ OpenID TechNight vol.11

•

13 j'aime•10,371 vues

Nov Matake

Technologie

♥
OpenID Connect 101
Copyright 2013 OpenID Foundation Japan - All Rights Reserved.

Nov Matake
OpenID Foundation Japan

Evangelist 初号機

翻訳WG Leader

OAuth.jp

Idcon

Rubyist

fb_graph, rack-oauth2, openid_connect etc.
Copyright 2013 OpenID Foundation Japan - All Rights Reserved.

パスワード漏洩例

Copyright 2013 OpenID Foundation Japan - All Rights Reserved.

パスワードリストアタック被害例

…next ?
Copyright 2013 OpenID Foundation Japan - All Rights Reserved.

2段階認証

有効化する人1%以下 + 75%は2週間でやめる
Copyright 2013 OpenID Foundation Japan - All Rights Reserved.

Copyright 2013 OpenID Foundation Japan - All Rights Reserved.

セキュリティ専任スタッフが
100人未満しかいないサービス
にパスワードを預けるのは、
自殺行為である。
Eric Sachs, Google

Copyright 2013 OpenID Foundation Japan - All Rights Reserved.

パスワード、ちゃんとハッシュ化してる?

まさかパスワード数字だけなんてことは…

定期的にメールアドレス生存確認してる?

あやしいユーザー行動、常に監視してる?

2段階認証提供すれば、後はユーザー責任?

Copyright 2013 OpenID Foundation Japan - All Rights Reserved.

御社はどうですか?

Copyright 2013 OpenID Foundation Japan - All Rights Reserved.

「○○ ID でログイン」
Copyright 2013 OpenID Foundation Japan - All Rights Reserved.

http://klout.com

v.s

Copyright 2013 OpenID Foundation Japan - All Rights Reserved.

Copyright 2013 OpenID Foundation Japan - All Rights Reserved.

https://developers.facebook.com/products/login/

♥
OpenID Connect
OAuth 2.0 + Identity Layer
Copyright 2013 OpenID Foundation Japan - All Rights Reserved.

2011~

Copyright 2013 OpenID Foundation Japan - All Rights Reserved.

Basic Client Implementation Guide

+

Implicit Client Implementation Guide

Copyright 2013 OpenID Foundation Japan - All Rights Reserved.

Basic Client Implementer's Guide 1.0 は,
OAuth 2.0 Code Flow を利用して Web ベース
の Relying Party を実装する為の実装ガイド
Implicit Client Implementer's Guide 1.0 は,
OAuth 2.0 Implicit Flowを利用してWebベー
スの Relying Party を実装する為の実装ガイド
翻訳済 → http://j.mp/openid-trans
Copyright 2013 OpenID Foundation Japan - All Rights Reserved.

Basic Client
Copyright 2013 OpenID Foundation Japan - All Rights Reserved.

Implicit Client
Copyright 2013 OpenID Foundation Japan - All Rights Reserved.

Code Flow - OpenID Connect
End User

Relying Party

OpenID Provider

Initiate
Request Authorization
Authenticate & Authorize
Authorization Code
Authorization Code
Access Token + ID Token
Copyright 2013 OpenID Foundation Japan - All Rights Reserved.

Code Flow - OpenID Connect
End User

Relying Party

OpenID Provider

Initiate
Request Authorization
Authenticate & Authorize
client_id=...&

response_type=code&

Authorization Code
redirect_uri=https://...&

scope=openid+email

Authorization Code

Access Token + ID Token
Copyright 2013 OpenID Foundation Japan - All Rights Reserved.

Code Flow - OpenID Connect
End User

Relying Party

OpenID Provider

Initiate
Request Authorization
code=...&

client_id=...&

Authenticate & Authorize
client_secret=...&

grant_type=authorization_code&

Authorization Code
redirect_uri=https://...
Authorization Code
Access Token + ID Token
Copyright 2013 OpenID Foundation Japan - All Rights Reserved.

OpenID Connect Scopes
openid → OpenID Connect Request を明示

proﬁle → 氏名, ニックネーム, プロフィール画像 etc.

email → メールアドレス, 検証済 Flag

address → 住所

phone → 電話番号, 検証済 Flag

oﬄine_access → Refresh Token 取得用
Copyright 2013 OpenID Foundation Japan - All Rights Reserved.

ID Token - 署名アルゴリズム
公開

暗号 (RSA-SHA256 etc)

OpenID Provider の公開
Native App に秘密
共通
公開

で署名検証

埋め込まなくても OK

暗号 (HMAC-SHA256 etc)

暗号が苦手なエンジニア多い?

でも Native App だと秘密

Copyright 2013 OpenID Foundation Japan - All Rights Reserved.

漏れちゃう…

ID Token - 認証イベントMetadata
誰が (issuer = OpenID Provider)

誰を (subject = End-User)

誰のために (audience = Relying Party)

いつ (Issued At)

認証したのか

Copyright 2013 OpenID Foundation Japan - All Rights Reserved.

UserInfo API

Standardized JSON Format
Copyright 2013 OpenID Foundation Japan - All Rights Reserved.

OpenID Connect Discovery

Copyright 2013 OpenID Foundation Japan - All Rights Reserved.

Developerサイト読まなくても

必要なエンドポイント情報等

すべて分かる

Copyright 2013 OpenID Foundation Japan - All Rights Reserved.

GET /.well-known/webﬁnger

Copyright 2013 OpenID Foundation Japan - All Rights Reserved.

GET /.well-known/openid-conﬁguration

Copyright 2013 OpenID Foundation Japan - All Rights Reserved.

OpenID Connect

Dynamic Client Registration

Copyright 2013 OpenID Foundation Japan - All Rights Reserved.

Developerサイトのフォームから

アプリ (=Client) 登録しなくても

動的にClient登録できる

Copyright 2013 OpenID Foundation Japan - All Rights Reserved.

Static Client Registration

Copyright 2013 OpenID Foundation Japan - All Rights Reserved.

Dynamic Client Registration

Copyright 2013 OpenID Foundation Japan - All Rights Reserved.

twitter.com/nov

slideshare.net/matake

github.com/nov

openid-foundation-japan.github.io
Copyright 2013 OpenID Foundation Japan - All Rights Reserved.

Recommandé

OAuth 2.0 & OpenID Connect @ OpenSource Conference 2011 Tokyo #osc11tkNov Matake

エンタープライズの視点からFIDOとFederationのビジネスを考えるMasaru Kurahayashi

OpenID Connect 1.0 ExplainedEugene Siow

OpenID Connect: An OverviewPat Patterson

Mit 2014 introduction to open id connect and o-auth 2Justin Richer

Introduction to OpenID Connect Nat Sakimura

OpenID Connect ExplainedVladimir Dzhuvinov

Recommandé

OAuth 2.0 & OpenID Connect @ OpenSource Conference 2011 Tokyo #osc11tkNov Matake

エンタープライズの視点からFIDOとFederationのビジネスを考えるMasaru Kurahayashi

OpenID Connect 1.0 ExplainedEugene Siow

OpenID Connect: An OverviewPat Patterson

Mit 2014 introduction to open id connect and o-auth 2Justin Richer

Introduction to OpenID Connect Nat Sakimura

OpenID Connect ExplainedVladimir Dzhuvinov

Full stack securityDPC Consulting Ltd

An Introduction to OpenIDMax Manders

OAuth 2.0 Updates #technightNov Matake

Understanding OpenIDPrabath Siriwardena

Incorporating OAuth: How to integrate OAuth into your mobile appNordic APIs

FIDO2 Specifications OverviewFIDO Alliance

OpenID Connect vs. OpenID 1 & 2Mike Schwartz

OpenID Connect: The new standard for connecting to your Customers, Partners, ...Salesforce Developers

The Client is not always right! How to secure OAuth authentication from your...Mike Schwartz

Stateless authentication with OAuth 2 and JWT - JavaZone 2015Alvaro Sanchez-Mariscal

Getting Started With WebAuthnFIDO Alliance

TrustBearer - Virginia Security Summit - Web Authentication Strategies - Apri...TrustBearer

LASCON 2017: SAML v. OpenID v. OauthMike Schwartz

Authlete: API Authorization Enabler for API EconomyTatsuo Kudo

RSA Conference 2016: Don't Use Two-Factor Authentication... Unless You Need It!Mike Schwartz

今更聞けない電子認証入門 - OAuth 2.0/OIDCからFIDOまで -Naoto Miyachi

Overall pictures of Identity provider mix-up attack patterns and trade-offs b...Hitachi, Ltd. OSS Solution Center.

Implementing MITREid - CIS 2014 PresentationJustin Richer

FIDO2 Specifications OverviewFIDO Alliance

FIDO Technical Specifications OverviewFIDO Alliance

OpenID Connect - a simple[sic] single sign-on & identity layer on top of OAut...Brian Campbell

OpenID Connect and Single Sign-On for BeginnersSalesforce Developers

Contenu connexe

Tendances

Full stack securityDPC Consulting Ltd

An Introduction to OpenIDMax Manders

OAuth 2.0 Updates #technightNov Matake

Understanding OpenIDPrabath Siriwardena

Incorporating OAuth: How to integrate OAuth into your mobile appNordic APIs

FIDO2 Specifications OverviewFIDO Alliance

OpenID Connect vs. OpenID 1 & 2Mike Schwartz

OpenID Connect: The new standard for connecting to your Customers, Partners, ...Salesforce Developers

The Client is not always right! How to secure OAuth authentication from your...Mike Schwartz

Stateless authentication with OAuth 2 and JWT - JavaZone 2015Alvaro Sanchez-Mariscal

Getting Started With WebAuthnFIDO Alliance

TrustBearer - Virginia Security Summit - Web Authentication Strategies - Apri...TrustBearer

LASCON 2017: SAML v. OpenID v. OauthMike Schwartz

Authlete: API Authorization Enabler for API EconomyTatsuo Kudo

RSA Conference 2016: Don't Use Two-Factor Authentication... Unless You Need It!Mike Schwartz

今更聞けない電子認証入門 - OAuth 2.0/OIDCからFIDOまで -Naoto Miyachi

Overall pictures of Identity provider mix-up attack patterns and trade-offs b...Hitachi, Ltd. OSS Solution Center.

Implementing MITREid - CIS 2014 PresentationJustin Richer

FIDO2 Specifications OverviewFIDO Alliance

FIDO Technical Specifications OverviewFIDO Alliance

Tendances (20)

Full stack security

An Introduction to OpenID

OAuth 2.0 Updates #technight

Understanding OpenID

Incorporating OAuth: How to integrate OAuth into your mobile app

FIDO2 Specifications Overview

OpenID Connect vs. OpenID 1 & 2

OpenID Connect: The new standard for connecting to your Customers, Partners, ...

The Client is not always right! How to secure OAuth authentication from your...

Stateless authentication with OAuth 2 and JWT - JavaZone 2015

Getting Started With WebAuthn

TrustBearer - Virginia Security Summit - Web Authentication Strategies - Apri...

LASCON 2017: SAML v. OpenID v. Oauth

Authlete: API Authorization Enabler for API Economy

RSA Conference 2016: Don't Use Two-Factor Authentication... Unless You Need It!

今更聞けない電子認証入門 - OAuth 2.0/OIDCからFIDOまで -

Overall pictures of Identity provider mix-up attack patterns and trade-offs b...

Implementing MITREid - CIS 2014 Presentation

FIDO2 Specifications Overview

FIDO Technical Specifications Overview

En vedette

OpenID Connect - a simple[sic] single sign-on & identity layer on top of OAut...Brian Campbell

OpenID Connect and Single Sign-On for BeginnersSalesforce Developers

OpenID Authentication by exampleChris Vertonghen

OpenID Connect 入門〜コンシューマーにおけるID連携のトレンド〜Masaru Kurahayashi

アイデンティティ2.0とOAuth/OpenID ConnectShinichi Tomita

OPTiM StoreにおけるSCIM & OIDC活用事例 - ID&IT 2016Nov Matake

JavaOne 2014 - Securing RESTful Resources with OAuth2Rodrigo Cândido da Silva

Creating a Sign On with Open id connectDerek Binkley

PDSを実現するにあたっての技術動向の紹介 (OAuth, OpenID Connect, UMAなど)Tatsuo Kudo

Federation Lab and OpenID ConnectAndreas Åkre Solberg

Idcon11 implicit demoRyo Ito

Mobile Cloud IdentityMark Diodati

Open Id, O Auth And WebservicesMyles Eftos

YAPC::Tokyo 2013 ritou OpenID ConnectRyo Ito

OpenID ConnectとAndroidアプリのログインサイクルMasaru Kurahayashi

Yahoo! JAPANのOpenID Certified Mark取得についてMasaru Kurahayashi

[OSSParis 2015] The OpenID Connect ProtocolClément OUDOT

OAuth 2.0の概要とセキュリティHiroshi Hayakawa

Mobile Single Sign-On (Gluecon '15)Brian Campbell

HTTP/2 入門Yahoo!デベロッパーネットワーク

En vedette (20)

OpenID Connect - a simple[sic] single sign-on & identity layer on top of OAut...

OpenID Connect and Single Sign-On for Beginners

OpenID Authentication by example

OpenID Connect 入門〜コンシューマーにおけるID連携のトレンド〜

アイデンティティ2.0とOAuth/OpenID Connect

OPTiM StoreにおけるSCIM & OIDC活用事例 - ID&IT 2016

JavaOne 2014 - Securing RESTful Resources with OAuth2

Creating a Sign On with Open id connect

PDSを実現するにあたっての技術動向の紹介 (OAuth, OpenID Connect, UMAなど)

Federation Lab and OpenID Connect

Idcon11 implicit demo

Mobile Cloud Identity

Open Id, O Auth And Webservices

YAPC::Tokyo 2013 ritou OpenID Connect

OpenID ConnectとAndroidアプリのログインサイクル

Yahoo! JAPANのOpenID Certified Mark取得について

[OSSParis 2015] The OpenID Connect Protocol

OAuth 2.0の概要とセキュリティ

Mobile Single Sign-On (Gluecon '15)

HTTP/2 入門

Similaire à OpenID Connect 101 @ OpenID TechNight vol.11

OpenID TutorialsNao Haida

1400 ping madsen-nordicapis-connect-01Nordic APIs

A-Passwordless-Future--WebAuthn-for-Java-Developers.pdfMohankumarRamachandr1

CIS14: An Overview of FIDO's Universal Factor (UAF) SpecificationsCloudIDSummit

FIDO UAF 1.0 Specs: Overview and InsightsFIDO Alliance

Authentication Without AuthenticationSoluto

Enterprise Single Sign On WSO2

Patterns to Bring Enterprise and Social Identity to the Cloud CA API Management

Openid+OpensocialSebastiano Merlino (eTr)

Building the Social Web with OpenIDSimon Willison

Leveraging open banking specifications for rigorous API security – What’s in...Rogue Wave Software

Consideration on Holder-of-Key Bound Token < from Financial-grade API (FAPI) ...Hitachi, Ltd. OSS Solution Center.

Secure Your Edge-to-Cloud IoT Solution with Intel and AWS - IOT337 - re:Inven...Amazon Web Services

OAuth2 & OpenID Connect with Spring SecurityShuto Uwai

CIS14: FIDO 101 (What, Why and Wherefore of FIDO)CloudIDSummit

Strong Authentication in Web Application #SCS IIISylvain Maret

Review on OpenID Authentication Frameworkijsrd.com

FIDO Specifications OverviewFIDO Alliance

Open ID ExplainedKarthik Ethirajan

OSCON 2018 Getting Started with Hyperledger IndyTracy Kuhrt

Similaire à OpenID Connect 101 @ OpenID TechNight vol.11 (20)

OpenID Tutorials

1400 ping madsen-nordicapis-connect-01

A-Passwordless-Future--WebAuthn-for-Java-Developers.pdf

CIS14: An Overview of FIDO's Universal Factor (UAF) Specifications

FIDO UAF 1.0 Specs: Overview and Insights

Authentication Without Authentication

Enterprise Single Sign On

Patterns to Bring Enterprise and Social Identity to the Cloud

Openid+Opensocial

Building the Social Web with OpenID

Leveraging open banking specifications for rigorous API security – What’s in...

Consideration on Holder-of-Key Bound Token < from Financial-grade API (FAPI) ...

Secure Your Edge-to-Cloud IoT Solution with Intel and AWS - IOT337 - re:Inven...

OAuth2 & OpenID Connect with Spring Security

CIS14: FIDO 101 (What, Why and Wherefore of FIDO)

Strong Authentication in Web Application #SCS III

Review on OpenID Authentication Framework

FIDO Specifications Overview

Open ID Explained

OSCON 2018 Getting Started with Hyperledger Indy

Plus de Nov Matake

#idcon vol.29 - #fidcon WebAuthn, Next StageNov Matake

FedCM - OpenID TechNight vol.19Nov Matake

Safari (ITP) & Chrome (SameSite=Lax as default) が Federation に与える影響 - OpenID ...Nov Matake

FIDO @ LINE - #idcon vol.24Nov Matake

W3C Web Authentication - #idcon vol.24Nov Matake

NIST SP 800-63C - Federation and Assertions (FINAL)Nov Matake

NIST SP 800-63C #idcon vol.22Nov Matake

NIST SP 800-63-3 #idcon vol.22Nov Matake

ID連携入門 (実習編) - Security Camp 2016Nov Matake

ID連携概要 - OpenID TechNight vol.13Nov Matake

ミスコンとプライバシー ~ IdentityDuck誕生秘話 ~ #idconNov Matake

SAML / OpenID Connect / OAuth / SCIM 技術解説 - ID&IT 2014 #idit2014Nov Matake

FIDO alliance #idcon vol.18Nov Matake

池澤あやかと学ぼう！: はじめてのOAuthとOpenID Connect - JICS 2014Nov Matake

OAuth認証再考からのOpenID Connect #devloveNov Matake

ID & IT 2013 - OpenID Connect Hands-onNov Matake

JWT Translation #technightNov Matake

MIT-KIT Intro at #idcon satteliteNov Matake

Self isssued-idpNov Matake

IIW 16th Report at #idconNov Matake

Plus de Nov Matake (20)

#idcon vol.29 - #fidcon WebAuthn, Next Stage

FedCM - OpenID TechNight vol.19

Safari (ITP) & Chrome (SameSite=Lax as default) が Federation に与える影響 - OpenID ...

FIDO @ LINE - #idcon vol.24

W3C Web Authentication - #idcon vol.24

NIST SP 800-63C - Federation and Assertions (FINAL)

NIST SP 800-63C #idcon vol.22

NIST SP 800-63-3 #idcon vol.22

ID連携入門 (実習編) - Security Camp 2016

ID連携概要 - OpenID TechNight vol.13

ミスコンとプライバシー ~ IdentityDuck誕生秘話 ~ #idcon

SAML / OpenID Connect / OAuth / SCIM 技術解説 - ID&IT 2014 #idit2014

FIDO alliance #idcon vol.18

池澤あやかと学ぼう！: はじめてのOAuthとOpenID Connect - JICS 2014

OAuth認証再考からのOpenID Connect #devlove

ID & IT 2013 - OpenID Connect Hands-on

JWT Translation #technight

MIT-KIT Intro at #idcon sattelite

Self isssued-idp

IIW 16th Report at #idcon

Dernier

Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation

unit 4 immunoblotting technique complete.pptxBkGupta21

Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos

Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxLoriGlavin3

Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3

Gen AI in Business - Global Trends Report 2024.pdfAddepto

The State of Passkeys with FIDO Alliance.pptxLoriGlavin3

Advanced Computer Architecture – An IntroductionDilum Bandara

Take control of your SAP testing with UiPath Test SuiteDianaGray10

The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxLoriGlavin3

Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson

"ML in Production",Oleksandr BaganFwdays

Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxLoriGlavin3

New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada

How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe

WordPress Websites for Engineers: Elevate Your Brandgvaughan

Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited

What is DBT - The Ultimate Data Build Tool.pdfMounikaPolabathina

Digital Identity is Under Attack: FIDO Paris Seminar.pptxLoriGlavin3

SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero

Dernier (20)

Connect Wave/ connectwave Pitch Deck Presentation

unit 4 immunoblotting technique complete.pptx

Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)

Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx

Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx

Gen AI in Business - Global Trends Report 2024.pdf

The State of Passkeys with FIDO Alliance.pptx

Advanced Computer Architecture – An Introduction

Take control of your SAP testing with UiPath Test Suite

The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx

Are Multi-Cloud and Serverless Good or Bad?

"ML in Production",Oleksandr Bagan

Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx

New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024

How AI, OpenAI, and ChatGPT impact business and software.

WordPress Websites for Engineers: Elevate Your Brand

Ensuring Technical Readiness For Copilot in Microsoft 365

What is DBT - The Ultimate Data Build Tool.pdf

Digital Identity is Under Attack: FIDO Paris Seminar.pptx

SIP trunking in Janus @ Kamailio World 2024

OpenID Connect 101 @ OpenID TechNight vol.11

3. 池澤あやかと学ぼう！はじめてのOAuthとOpenID Connect

9. リスクベース認証

10.

23.

25.

26. ID Provider 向け

28. Basic Client Implementer's Guide 1.0 は, OAuth 2.0 Code Flow を利用して Web ベースの Relying Party を実装する為の実装ガイド Implicit Client Implementer's Guide 1.0 は, OAuth 2.0 Implicit Flowを利用してWebベースの Relying Party を実装する為の実装ガイド翻訳済 → http://j.mp/openid-trans Copyright 2013 OpenID Foundation Japan - All Rights Reserved.

31. Code Flow - OpenID Connect End User Relying Party OpenID Provider Initiate Request Authorization Authenticate & Authorize Authorization Code Authorization Code Access Token + ID Token Copyright 2013 OpenID Foundation Japan - All Rights Reserved.

32. Code Flow - OpenID Connect End User Relying Party OpenID Provider Initiate Request Authorization Authenticate & Authorize Authorization Code Authorization Code Access Token + ID Token Copyright 2013 OpenID Foundation Japan - All Rights Reserved.

33. Code Flow - OpenID Connect End User Relying Party OpenID Provider Initiate Request Authorization Authenticate & Authorize client_id=...& response_type=code& Authorization Code redirect_uri=https://...& scope=openid+email Authorization Code Access Token + ID Token Copyright 2013 OpenID Foundation Japan - All Rights Reserved.

34. Code Flow - OpenID Connect End User Relying Party OpenID Provider Initiate Request Authorization Authenticate & Authorize Authorization Code Authorization Code Access Token + ID Token Copyright 2013 OpenID Foundation Japan - All Rights Reserved.

35. Code Flow - OpenID Connect End User Relying Party OpenID Provider Initiate Request Authorization Authenticate & Authorize Authorization Code Authorization Code Access Token + ID Token Copyright 2013 OpenID Foundation Japan - All Rights Reserved.

36. Code Flow - OpenID Connect End User Relying Party OpenID Provider Initiate Request Authorization code=...& client_id=...& Authenticate & Authorize client_secret=...& grant_type=authorization_code& Authorization Code redirect_uri=https://... Authorization Code Access Token + ID Token Copyright 2013 OpenID Foundation Japan - All Rights Reserved.

38. OpenID Connect Scopes openid → OpenID Connect Request を明示 proﬁle → 氏名, ニックネーム, プロフィール画像 etc. email → メールアドレス, 検証済 Flag address → 住所 phone → 電話番号, 検証済 Flag oﬄine_access → Refresh Token 取得用 Copyright 2013 OpenID Foundation Japan - All Rights Reserved.

39. ID Token

40. ID Token - 署名アルゴリズム公開暗号 (RSA-SHA256 etc) OpenID Provider の公開 Native App に秘密共通公開で署名検証埋め込まなくても OK 暗号 (HMAC-SHA256 etc) 暗号が苦手なエンジニア多い? でも Native App だと秘密 Copyright 2013 OpenID Foundation Japan - All Rights Reserved. 漏れちゃう…

42.

43. 検証方法は翻訳ドキュメントを

45.