Skip to content

Instantly share code, notes, and snippets.

Ryo Ito ritou

Block or report user

Report or block ritou

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
View chrome75_pin.md

ChromeのFIDO CTAP2 PIN support動作確認メモ

Chrome 75 Beta: low latency canvas contexts, sharing files, and numeric separators

Web Authentication API: FIDO CTAP2 PIN support
This feature extends Chrome's implementation of the Web Authentication API to support local user authorization of security key operations via a user-defined PIN for keys that implement the FIDO CTAP2 protocol. Web sites using web authentication can request or require such authorization via the API's user verification mechanisms.

Registration

@ritou
ritou / WebAuthnKit_vs_WebAuthnLite.md
Created Nov 24, 2018
Interop result with WebAuthnKit and WebAuthnLite
View WebAuthnKit_vs_WebAuthnLite.md

Interop result with WebAuthnKit and WebAuthnLite. parameters is from https://github.com/lyokato/WebAuthnKit/blob/develop/utils/interop/go_koesie10_webauthn/main.go

iex(1)> origin = "https://example.org"
"https://example.org"
iex(2)> challenge = "rtnHiVQ7"
"rtnHiVQ7"
iex(3)> encoded_registration_client_data_json = "eyJ0eXBlIjoid2ViYXV0aG4uY3JlYXRlIiwiY2hhbGxlbmdlIjoicnRuSGlWUTciLCJvcmlnaW4iOiJodHRwczpcL1wvZXhhbXBsZS5vcmcifQ"
"eyJ0eXBlIjoid2ViYXV0aG4uY3JlYXRlIiwiY2hhbGxlbmdlIjoicnRuSGlWUTciLCJvcmlnaW4iOiJodHRwczpcL1wvZXhhbXBsZS5vcmcifQ"
View jose_key_handling.md
JOSE.JWK を用いて鍵を作成
iex(1)> jwk = JOSE.JWK.generate_key(:secp256r1)
%JOSE.JWK{
  fields: %{},
  keys: :undefined,
  kty: {:jose_jwk_kty_ec,
   {:ECPrivateKey, 1,
    <<37, 161, 110, 23, 211, 111, 64, 142, 98, 207, 153, 90, 139, 91, 212, 33,
@ritou
ritou / crypt_jwt_sample_jws_exXXX.pl
Created Nov 16, 2015
Crypt::JWTを用いてESXXXなJSON Web Signatureをごにょごにょするサンプル
View crypt_jwt_sample_jws_exXXX.pl
use Crypt::JWT qw(encode_jwt decode_jwt);
use Crypt::PK::ECC;
use MIME::Base64 qw(decode_base64url);
use Data::Dumper;
warn "=== Example JWS Using ECDSA P-256 SHA-256 ===\n";
warn "see https://tools.ietf.org/html/rfc7515#appendix-A.3\n";
warn "=== Private Key ===\n";
my $ec_jwk_data = {
@ritou
ritou / crypt_jwt_sample_jws_rs256.pl
Created Nov 16, 2015
Crypt::JWTを用いてRS256なJSON Web Signatureをごにょごにょするサンプル
View crypt_jwt_sample_jws_rs256.pl
use Crypt::JWT qw(encode_jwt decode_jwt);
use Crypt::PK::RSA;
use MIME::Base64 qw(decode_base64url);
use Data::Dumper;
warn "see https://tools.ietf.org/html/rfc7515#appendix-A.2\n";
my $payload = decode_base64url("eyJpc3MiOiJqb2UiLA0KICJleHAiOjEzMDA4MTkzODAsDQogImh0dHA6Ly9leGFtcGxlLmNvbS9pc19yb290Ijp0cnVlfQ");
my $rsa_priv_data = {
"kty" => "RSA",
"n" => "ofgWCuLjybRlzo0tZWJjNiuSfb4p4fAkd_wWJcyQoTbji9k0l8W26mPddxHmfHQp-Vaw-4qPCJrcS2mJPMEzP1Pt0Bm4d4QlL-yRT-SFd2lZS-pCgNMsD1W_YpRPEwOWvG6b32690r2jZ47soMZo9wGzjb_7OMg0LOL-bSf63kpaSHSXndS5z5rexMdbBYUsLA9e-KXBdQOS-UTo7WTBEMa2R2CapHg665xsmtdVMTBQY4uDZlxvb3qCo5ZwKh9kG4LT6_I5IhlJH7aGhyxXFvUK-DWNmoudF8NAco9_h9iaGNj8q2ethFkMLs91kzk2PAcDTW9gb54h4FRWyuXpoQ",
View crypt_jwt_sample_jws_es512.pl
use Crypt::JWT qw(encode_jwt decode_jwt);
use Data::Dumper;
# encode
my $payload = "Payload";
my $ecc_priv = {
kty => "EC",
crv => "P-521",
x => "AekpBQ8ST8a8VcfVOTNl353vSrDCLLJXmPk06wTjxrrjcBpXp5EOnYG_NjFZ6OvLFV1jSfS9tsz4qUxcWceqwQGk",
View handling_rsa_pubkey.pl
use Crypt::OpenSSL::CA;
use Crypt::OpenSSL::Bignum;
use Crypt::OpenSSL::RSA;
use MIME::Base64 qw/encode_base64url decode_base64url/;
use Data::Dumper;
# Crypt::OpenSSL::CA to n and e
my $rsa_pubkey = "-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5XxKc3Rz/8EakvZG+Ez9
nCpdn2HGVq0CRD1GZ/fEuM7nHfmy1LzC0VyNa8YkU7Qrb4s/BgSxjFrLvbpFHcUo
View social_login_bearer_profile_for_foauth2.md

OAuth 2.0のプロトコルでソーシャルログイン的なことを実現するための独自Profile案

何の話か

  • モバイルアプリのバックエンドサーバーがOAuth 2.0のEndpointを持ってて、Access Tokenを発行してアプリのセッション代わりに使う
  • バックエンドサーバーがOAuth Server、モバイルアプリがOAuth Client
  • モバイルアプリがソーシャルログインやりたい
  • SNSからすると(モバイルアプリ + バックエンドサーバー)全体がOAuth Client
  • SNSから受け取るものは、AuthZ CodeとかAccess TokenとかID Tokenとかけっこうバラバラ
  • バックエンドサーバーとしてはそれらを受けとって、Access Tokenを返す、汎用的なToken Endpointのgrant_typeが欲しい
@ritou
ritou / trans_oidc_core.txt
Last active Aug 29, 2015
Core翻訳の分担
View trans_oidc_core.txt
わりと細かく分けました。
担当する宣言はコメント or メールでください!
URL : http://openid.net/specs/openid-connect-core-1_0.html
(1) 1 - 1.2 : ritou
(2) 1.3 - 2 : kura
(3) 3 - 3.1,1 : konfoo
(4) 3.1.2 - 3.1.2.1 : bangyy
(5) 3.1.2.2 - 3.1.2.4 : sat_toke
You can’t perform that action at this time.