Ce diaporama a bien été signalé.
Nous utilisons votre profil LinkedIn et vos données d’activité pour vous proposer des publicités personnalisées et pertinentes. Vous pouvez changer vos préférences de publicités à tout moment.

Close Encounters of Modern Architecture 1 - CDN and JWT

532 vues

Publié le

"Close Encounters of Modern Architecture" is a series of lectures on modern technologies in a web application development.

Agenda:
- SPA with Amazon CloudFront
- REST API with Amazon CloudFront
- JWT, Try for more state less

Publié dans : Technologie
  • Soyez le premier à commenter

Close Encounters of Modern Architecture 1 - CDN and JWT

  1. 1. Close Encounters of Modern Architecture #1 - CDN and JWT - 2016-10-07 eurie Inc. Takahiro Ikeuchi © 2016 eurie Inc.
  2. 2. Agenda SPA with Amazon CloudFront REST API with Amazon CloudFront JWT, Try for more state less © 2016 eurie Inc. 2
  3. 3. Author Takahiro Ikeuchi @iktakahiro Company / Community eurie Inc. Founder & CEO SQUEEZE Inc. Tech Adviser PyData.Tokyo Organizer Specialties (or just a dabbler :-D Go lang, Python, React.js, TypeScript Cloud Infrastructure, UI Design etc... © 2016 eurie Inc. 3
  4. 4. Conclusion I recommend that you adopt CDN to deliver your Single Page Application. Amazon CloudFront + S3 is a good solution. You may deploy CDN in front of your Server Side Application to improve the performance. JWT is handiness and secure. You have to use JWT and Local storage instead of Cookie. © 2016 eurie Inc. 4
  5. 5. We Love: RESTful API Go lang (framework: echo) Single Page Application React.js + Typescript Elasticsearch AWS Aurora, Lambda, CloudFront, WAF... Codeship.com © 2016 eurie Inc. 5
  6. 6. SPA with Amazon CloudFront © 2016 eurie Inc. 6
  7. 7. © 2016 eurie Inc. 7
  8. 8. Focus: Applications © 2016 eurie Inc. 8
  9. 9. What is Amazon CloudFront CDN = Contents Delivery Network Competitors: Akamai, Fastly, Google Cloud CDN Edge locations around the world Integration with Amazon S3 https://aws.amazon.com/cloudfront/ © 2016 eurie Inc. 9
  10. 10. Why Amazon CloudFront ? High Availability Fast Network HTTP/2.0 Free SSL Certi cation (only SNI) Cache Control System © 2016 eurie Inc. 10
  11. 11. Fast Network Amazon CloudFront edge locations are located in around the world. (US, Europe, Asia, South Amerca) https://aws.amazon.com/cloudfront/details/ © 2016 eurie Inc. 11
  12. 12. HTTP/2.0 Amazon CloudFront supports HTTP/2.0 © 2016 eurie Inc. 12
  13. 13. REST API with Amazon CloudFront © 2016 eurie Inc. 13
  14. 14. © 2016 eurie Inc. 14
  15. 15. Why to deploy CDN in front of our REST API? Fast Network Free SSL Certi cation (only SNI) WAF = Web Application Firewall A REST API also bene ts from technorogies of Amazon CloudFront. © 2016 eurie Inc. 15
  16. 16. Really Fast? See below: Secured API Acceleration with Engineers from Amazon CloudFront and Slack CloudFrontをかますとキャッシュなしのAPIコー ルでも速くなるようだ - sonots:blog (Japanese) © 2016 eurie Inc. 16
  17. 17. http://www.slideshare.net/AmazonWebServices/s ecured-api-acceleration-with-engineers-from- amazon-cloudfront-and-slack 17
  18. 18. JWT, Try for more state less © 2016 eurie Inc. 18
  19. 19. What is JWT JSON Web Token The pronunciation of JWT is the same as "jot". In japanese, "じょっと". RFC 7519 - JSON Web Token (JWT) https://jwt.io/ JWT is a token based authentication scheme. Probably, better approach than Cookie. © 2016 eurie Inc. 19
  20. 20. JWT Structure Structure HEADER.CLAIMS.SIGNATURE e.g. eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3 ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWV9.TJVA95Or M7E2cBab30RMHrHDcEfxjoYZgeFONFh7HgQ © 2016 eurie Inc. 20
  21. 21. JWT Header Encoded Token eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9 Decoded Token { "alg": "HS256", "typ": "JWT" } JSON -> Base64 URL Encoding -> Token © 2016 eurie Inc. 21
  22. 22. JWT Claims (Payload) Encoded Token eyJzdWIiOiIxMjM0NTY3 ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWV9 Decoded Token { "sub": "1234567890", "name": "John Doe", "admin": true } © 2016 eurie Inc. 22
  23. 23. Signature JWT Header and payload are just a JSON. That is to say, it can be built easily by someone. Solution: JWT contains a signature (JWS) RFC 7515 - JSON Web Signature (JWS) (Most) JWT libraries can detect token manipulations. © 2016 eurie Inc. 23
  24. 24. How to use Set JWT in HTTP Authorization Header. Authorization: Bearer {{ JWT }} RFC 6750 - The OAuth 2.0 Authorization Framework: Bearer Token Usage © 2016 eurie Inc. 24
  25. 25. JWT Libraries Python: jpadilla/pyjwt Node.js: auth0/node-jsonwebtoken Go lang: dgrijalva/jwt-go © 2016 eurie Inc. 25
  26. 26. Bene ts of JWT and Bearer Cookie-less A HTTP Request does not force push data in a Local (Session) Storage. State-less JWT contains all the required information about a user. A Server-Side Application does not have to manage a session. (But if you need a high- security requirement, consider it.) © 2016 eurie Inc. 26
  27. 27. Secure A Protection from token manipulations. Signing Algorithms: RSA, ECDSA Many libraries supports JWT. © 2016 eurie Inc. 27
  28. 28. Conclusion I recommend that you adopt CDN to deliver your Single Page Application. Amazon CloudFront + S3 is a good solution. You may deploy CDN in front of your Server Side Application to improve the performance. JWT is handiness and secure. You have to use JWT and Local storage instead of Cookie. © 2016 eurie Inc. 28

×