Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

API: GraphQLとOAuth2.0の実装 #4474

Merged
merged 16 commits into from
Feb 27, 2020

Conversation

okazy
Copy link
Contributor

@okazy okazy commented Feb 19, 2020

APIの仕様がわかりやすいように、まず動くものを作りました。
UIやセキュリティ面で考慮できたいないところが多数あります。
本番環境では絶対に利用しないでください。

概要(Overview・Refs Issue)

仕様については #4447 を参照

実装内容

  • GraphQL (Query)
  • OAuth2.0

以下は未実装

  • GraphQL (Mutation)
  • Webhooks

初期設定手順

  • EC-CUBEをインストール
    • ライブラリの追加があるので composer install が必要です。
  • 公開鍵と秘密鍵の設置
    • 設置場所はこちらのyamlファイルで指定しています。
    • 設定例
mkdir var/oauth
openssl genrsa -out private.key 2048
openssl rsa -in private.key -pubout -out public.key
mv private.key var/oauth
mv public.key var/oauth
  • クライアントの登録
    • GUIは未実装なのでCUIで登録してください。
    • コマンドの詳しい解説はこちら
    • コマンド例
bin/console trikoder:oauth2:create-client --redirect-uri=http://127.0.0.1:8000/ --grant-type=authorization_code --grant-type=client_credentials --grant-type=implicit --grant-type=password --grant-type=refresh_token --scope=read --scope=write
bin/console trikoder:oauth2:list-clients

動作確認手順

動作の確認はPOSTMANのサンプルテンプレートを利用するのがおすすめです。

GraphQLの設定

GraphQLtest

OAuth2の設定をするまではデータの取得ができない。

GraphQLのクエリ例

{
  products(id: "1") {
    id
    name
    ProductClasses {
      id
      code
      price02
      stock
    }
    Status {
      id
      name
    }
    Creator {
      id
    }
    ProductTag {
      id
    }
  }
  orders {
    id
    pre_order_id
    name01
    name02
    message
    Country {
      id
    }
    OrderItems {
      id
      product_name
      price
    }
    Shippings {
      id
    }
  }
}

OAuth2の設定

oauthtest

AuthorizationのTYPEを OAuth2.0 に設定してトークンを取得

スクリーンショット 2020-02-19 13 29 40

  • Grant Type: Authorization code
    • 4種類のGrant Typeに対応している。
  • Auth URL: /admin/authorize
  • Access Token URL: /token
  • Scope: read , write の2個を用意
    • /api へのアクセスには read のscopeが必要
    • 現状で write は設定可能だが未使用。
  • State: csrf対策で任意の文字列を指定
  • トークンの取得には管理画面へのログインが必要

方針(Policy)

方針については #4447 を参照

実装に関する補足(Appendix)

以下の部分は正式リリースまでに検討と対応が必要かと思う部分です。
対応の要否も含めてぜひご意見をください。

  • エンドポイント /authorize のアクセス制限
    • /authorize へOAuthのパラメータ付きで直接アクセスすると /admin/authorize 経由しなくても code/token が取得可能
  • 利用するライブラリの要件でPHP7.2以上にする必要がある
  • table名がEC-CUBEの命名規則に従っていない( oauth2_client -> dtb_oauth2_client
  • GUIでのクライアント登録、確認
  • 認可確認画面のUI調整
  • サポートするGrant Typeの精査
    • セキュリティ上サポートしないほうが良いGrant Typeのデフォルトでの機能無効化
  • OpenID Connectの基準に従った認証機能
  • セキュリティ面での対策の精査
    • 【攻撃手法4】Authorization Code Interception Attack
      • 要確認
    • 【攻撃手法5】IdP Mix-Up Attack
      • 要確認

テスト(Test)

自動テストは作成できていない。
以下の手順で手動でテストをして問題なくAPIが動作していることを確認。

  • EC-CUBEのインストール
  • Authorization code grantでのaccess_tokenの取得
  • Implicit grantでのaccess_tokenの取得
  • access_tokenを利用してGraphQLで商品一覧の情報を取得
  • access_tokenを利用してGraphQLで受注一覧の情報を取得
  • access_tokenを利用してGraphQLで会員一覧の情報を取得
テスト手順詳細

コマンドとブラウザだけでテストができるようにしました。
client_id とclient_secret は手動で変更をお願いします。

# テスト手順

# postgresを立ち上げておく
# EC-CUBEのインストール

git clone https://github.com/EC-CUBE/ec-cube.git
cd ec-cube
hub checkout https://github.com/EC-CUBE/ec-cube/pull/4474
composer install

sed -i -e 's/APP_ENV=dev/APP_ENV=prod/g' ./.env
sed -i -e 's/APP_DEBUG=1/APP_DEBUG=0/g' ./.env
sed -i -e 's/DATABASE_URL=sqlite:\/\/\/var\/eccube.db/DATABASE_URL=postgres:\/\/postgres@127.0.0.1\/eccube/g' ./.env
sed -i -e 's/DATABASE_SERVER_VERSION=3/DATABASE_SERVER_VERSION=9/g' ./.env

mkdir var/oauth
openssl genrsa -out private.key 2048
openssl rsa -in private.key -pubout -out public.key
mv private.key var/oauth
mv public.key var/oauth

bin/console e:i --no-interaction
bin/console trikoder:oauth2:create-client --redirect-uri=http://127.0.0.1:8000/ --grant-type=authorization_code --grant-type=client_credentials --grant-type=implicit --grant-type=password --grant-type=refresh_token --scope=read --scope=write
bin/console eccube:fixtures:generate --products=2 --orders=2 --customers=2 --without-image --env=dev

#  [OK] New oAuth2 client created successfully.
#  ---------------------------------- ----------------------------------------------------------------------------------------------------------------------------------
#   Identifier                         Secret
#  ---------------------------------- ----------------------------------------------------------------------------------------------------------------------------------
#   ebd746e3a42714a63f2b247bf9b42506   df6fd78665d464cc3af34d3aca6ae14d04322308064a17e4dfdb4a14626c683da4cebf5e58fce51bcdb9dad3b78316b42def0a5da9b103d0ab74e9eea02a15c1
#  ---------------------------------- ----------------------------------------------------------------------------------------------------------------------------------

bin/console s:r --env=dev

# Authorization code grant

# ブラウザにてアクセス
# http://127.0.0.1:8000/admin/authorize?response_type=code&client_id=ebd746e3a42714a63f2b247bf9b42506&redirect_uri=http://127.0.0.1:8000/&scope=read&state=hogehoge
# ログイン
# 「許可」を押下
# リダイレクトされるのでcodeをメモ
# http://127.0.0.1:8000/?code=def502001db9c325b8a4c27bdacb937f72062123319cd5432bb617a56d77fa0501fd259325a9872d3763d1896850520aad1fb96117d914d9ab8dff59476123410b6937488bfcd8288559f761817fd74a2eafee3a60d887d3d7acb7be3e709becb47ce41be6e057afb78641b08d2666e62283412b2f262e5bf9d35590c0d8feb88383b9da0564123cd789aa847802685561349e12c36035e5445f4d991a48372d08a99bc4c2f1f5b5d59a0c881fcb7d8e1d129df8be2b0ee462e07be614ce65f7c0a5aa682177cbfb61b233d2f07d7ee78b0447d2b42fb77e20eec4fc941fdd0c172797811c51224d0a03681923ed1fb9ea4c2a924f4e9da570eadbe6cb0de1190d3ffea9265fab5e3645ef62a110b499733958a08e77ec62d1464261fb09eb8502a5b3ce544eb256a1a42460eed1992c92cfd39e440c3411f4812aa7e207b7706c17fa45f216fd335b21397d0212c3f8267f4e49d4ac77ac4cce42b5e9f1e2d00f7ff0abc6785ef967b0efdb5b98f19948acb9aa328349582987b250d61c41f6c6a8c2&state=hogehoge

curl --location --request POST 'http://127.0.0.1:8000/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'grant_type=authorization_code' \
--data-urlencode 'client_id=ebd746e3a42714a63f2b247bf9b42506' \
--data-urlencode 'client_secret=df6fd78665d464cc3af34d3aca6ae14d04322308064a17e4dfdb4a14626c683da4cebf5e58fce51bcdb9dad3b78316b42def0a5da9b103d0ab74e9eea02a15c1' \
--data-urlencode 'redirect_uri=http://127.0.0.1:8000/' \
--data-urlencode 'code=def502001db9c325b8a4c27bdacb937f72062123319cd5432bb617a56d77fa0501fd259325a9872d3763d1896850520aad1fb96117d914d9ab8dff59476123410b6937488bfcd8288559f761817fd74a2eafee3a60d887d3d7acb7be3e709becb47ce41be6e057afb78641b08d2666e62283412b2f262e5bf9d35590c0d8feb88383b9da0564123cd789aa847802685561349e12c36035e5445f4d991a48372d08a99bc4c2f1f5b5d59a0c881fcb7d8e1d129df8be2b0ee462e07be614ce65f7c0a5aa682177cbfb61b233d2f07d7ee78b0447d2b42fb77e20eec4fc941fdd0c172797811c51224d0a03681923ed1fb9ea4c2a924f4e9da570eadbe6cb0de1190d3ffea9265fab5e3645ef62a110b499733958a08e77ec62d1464261fb09eb8502a5b3ce544eb256a1a42460eed1992c92cfd39e440c3411f4812aa7e207b7706c17fa45f216fd335b21397d0212c3f8267f4e49d4ac77ac4cce42b5e9f1e2d00f7ff0abc6785ef967b0efdb5b98f19948acb9aa328349582987b250d61c41f6c6a8c2'

# 以下のレスポンスが返ってくる
# {"token_type":"Bearer","expires_in":3600,"access_token":"eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImp0aSI6ImIwODc0MmY1NzJjZjM3OGFiMjk5NmIwYWVjOTFhODNiMWUwZWVlMTg4OTEyMDUxN2Y0ZWVjMmJhNDVkNTFhMzdkOGU4MDNiNDQ2ZmEyOTU4In0.eyJhdWQiOiJlYmQ3NDZlM2E0MjcxNGE2M2YyYjI0N2JmOWI0MjUwNiIsImp0aSI6ImIwODc0MmY1NzJjZjM3OGFiMjk5NmIwYWVjOTFhODNiMWUwZWVlMTg4OTEyMDUxN2Y0ZWVjMmJhNDVkNTFhMzdkOGU4MDNiNDQ2ZmEyOTU4IiwiaWF0IjoxNTgyNzc5NzM4LCJuYmYiOjE1ODI3Nzk3MzgsImV4cCI6MTU4Mjc4MzMzOCwic3ViIjoiYWRtaW4iLCJzY29wZXMiOlsicmVhZCJdfQ.gTbfzr2nzy-wUmYleXlFq1gs-wN7oH8l5nfEsfq5QAZjkl4K4__uLlh2GpStmjveYqY-rxP7Qy7mUBXgIFH3tl0Tnwg52GH9_ftAhz6ZzPilymUzuXtmJ3aj4GZ4Ctm62GtcM1psbzP444BnY9QYuejpQT3tV0VS1enrV8ZkAPKkWvCcOyGLCabfPZ626rThMxMC0I7Mwc-sHAooZ4ebsDUbAQnXj2mwc5zWUpv7r8AsLXnUaMZoAXSk9NQnZvqn7VXo4EkQJkdArT0_QPoPZvFxHrAI5lMWTojMXCZyQMH6cV4OllKHqluij16NA9dGjG73kETyhzbgsm-8e0Hxww","refresh_token":"def502003895e9eb8526f5160b756233895390044561b7de0d67a7a5ae1cef188ed549d95184fb3c824b50e8c6afbe065336e5c18691a750793d1dc8b3d4176f536b1dad6f5c38585133ef0ae44ceac721c65b33b9a8f78c40662112c548acfb3cd4da8b0733c79ac68c22c560f39ef5b4edb33f2ed52579608a3d80559eec37874637afd60a37f53ed5902bc869cca0ce15e09028fccfc27fd60bae8f28b9a98ce068b53b4094d19de000823f6955f9d80b2925e1340932166bdf5014fc083f9b858d7dd39b7707242eb1465b989e65160748fffef0074bc151bc95c59a6134102b18b0349c86e86035632fb235cecd23528f91ad79a599a7186aaad2c7ddca4884401a679212a757beee84f8bb6f05b03d29542091134fd0a41f2356d84726addf03546f383ac93b861bf01a2a1358a94ea856c9a16242c0c896a6feb76e1aa097b4156883368529eae157c46849c4e62e983976d625916f20280004179af27f609dbd7411d7cf25fec08acc9ee60dfe8efb8d7123f30be9c1c05d5ee362a0c70630de7dc0e0d6dbf9b223"}

curl --location --request POST 'http://127.0.0.1:8000/api' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--header 'Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImp0aSI6ImIwODc0MmY1NzJjZjM3OGFiMjk5NmIwYWVjOTFhODNiMWUwZWVlMTg4OTEyMDUxN2Y0ZWVjMmJhNDVkNTFhMzdkOGU4MDNiNDQ2ZmEyOTU4In0.eyJhdWQiOiJlYmQ3NDZlM2E0MjcxNGE2M2YyYjI0N2JmOWI0MjUwNiIsImp0aSI6ImIwODc0MmY1NzJjZjM3OGFiMjk5NmIwYWVjOTFhODNiMWUwZWVlMTg4OTEyMDUxN2Y0ZWVjMmJhNDVkNTFhMzdkOGU4MDNiNDQ2ZmEyOTU4IiwiaWF0IjoxNTgyNzc5NzM4LCJuYmYiOjE1ODI3Nzk3MzgsImV4cCI6MTU4Mjc4MzMzOCwic3ViIjoiYWRtaW4iLCJzY29wZXMiOlsicmVhZCJdfQ.gTbfzr2nzy-wUmYleXlFq1gs-wN7oH8l5nfEsfq5QAZjkl4K4__uLlh2GpStmjveYqY-rxP7Qy7mUBXgIFH3tl0Tnwg52GH9_ftAhz6ZzPilymUzuXtmJ3aj4GZ4Ctm62GtcM1psbzP444BnY9QYuejpQT3tV0VS1enrV8ZkAPKkWvCcOyGLCabfPZ626rThMxMC0I7Mwc-sHAooZ4ebsDUbAQnXj2mwc5zWUpv7r8AsLXnUaMZoAXSk9NQnZvqn7VXo4EkQJkdArT0_QPoPZvFxHrAI5lMWTojMXCZyQMH6cV4OllKHqluij16NA9dGjG73kETyhzbgsm-8e0Hxww' \
--data-raw '{"query":"{\n  products {\n    id\n    name\n    ProductClasses {\n      id\n      code\n      price02\n      stock\n    }\n    Status {\n      id\n      name\n    }\n    Creator {\n      id\n    }\n    ProductTag {\n      id\n    }\n  }\n  orders {\n    id\n    pre_order_id\n    name01\n    name02\n    message\n    Country {\n      id\n    }\n    OrderItems {\n      id\n      product_name\n      price\n    }\n    Shippings {\n      id\n    }\n  }\n  customers {\n    name01\n    name02\n    email\n    point\n  }\n}\n","variables":{}}'

# 以下のレスポンスが返ってくる
# {"data":{"products":[{"id":"3","name":"\u3063\u3068\u7acb\u3063\u3066\u3044\u308b\u305f\u3081\u306b\u7948\u3044\u306e\u898b\u3048\u308b\u3002\u307c\u304f\u3002","ProductClasses":[{"id":"14","code":"et","price02":30779,"stock":709},{"id":"12","code":"aut","price02":27506,"stock":254},{"id":"15","code":"dolores","price02":61164,"stock":45},{"id":"13","code":"minima","price02":12138,"stock":911}],"Status":{"id":"1","name":"\u516c\u958b"},"Creator":null,"ProductTag":[]},{"id":"4","name":"\u539f\u306e\u306f\u3001\u307e\u3082\u306a\u3044\u3002\u5929\u4e0a\u3078\u3055\u3048\u64ad\u307e\u304b\u3002","ProductClasses":[{"id":"16","code":"numquam","price02":18049,"stock":572},{"id":"17","code":"et","price02":96243,"stock":512},{"id":"19","code":"aut","price02":63182,"stock":451},{"id":"18","code":"rem","price02":50237,"stock":490}],"Status":{"id":"1","name":"\u516c\u958b"},"Creator":null,"ProductTag":[]},{"id":"1","name":"\u5f69\u306e\u30b8\u30a7\u30e9\u30fc\u30c8CUBE","ProductClasses":[{"id":"9","code":"cube-08","price02":13000,"stock":null},{"id":"6","code":"cube-05","price02":49000,"stock":null},{"id":"10","code":"cube-09","price02":5000,"stock":null},{"id":"5","code":"cube-04","price02":93000,"stock":null},{"id":"4","code":"cube-03","price02":74000,"stock":null},{"id":"8","code":"cube-07","price02":18000,"stock":null},{"id":"3","code":"cube-02","price02":93000,"stock":null},{"id":"2","code":"cube-01","price02":110000,"stock":null},{"id":"1","code":"cube-01","price02":110000,"stock":null},{"id":"7","code":"cube-06","price02":34500,"stock":null}],"Status":{"id":"1","name":"\u516c\u958b"},"Creator":null,"ProductTag":[]},{"id":"2","name":"\u30c1\u30a7\u30ea\u30fc\u30a2\u30a4\u30b9\u30b5\u30f3\u30c9","ProductClasses":[{"id":"11","code":"sand-01","price02":2800,"stock":100}],"Status":{"id":"1","name":"\u516c\u958b"},"Creator":null,"ProductTag":[]}],"orders":[{"id":"4","pre_order_id":"32c11cd7d9a682ad97320b17aad63b94a67ea2c3","name01":"\u6d5c\u7530","name02":"\u5e79","message":"\u308b\u3048\u3066\u3075\u308a\u8fd4\u304b\u3048\u3063\u3066\u305d\u308c\u3092\u6e21\u308f\u305f\u304f\u3055\u3093\u306e\u65b9\u304b\u3089\u6c7d\u8eca\u306f\u3060\u3093\u3060\u308a\u3001\u767d\u9ce5\u3092\u3064\u304f\u3057\u3069\u3046\u306e\u3067\u3059\u3002\u305d\u308c\u3092\u51fa\u308b\u3068\u304d\u307e\u3057\u305f\u3002\u300c\u3042\u3089\u3086\u308c\u305f\u3082\u3093\u3067\u306a\u3057\u3066\u8ab0\u3060\u308c\u3060\u304b\u308f\u3089\u3044\u307c\u3093\u3084\u308a\u898b\u3048\u305f\u3061\u306b\u3001\u3057\u304d\u308a\u306e\u3088\u3046\u3067\u3059\u300d\u535a\u58eb\u306f\u304b\u305b\u304d\u3067\u3001\u5411\u3080\u3053\u3046\u3075\u3046\u306b\u3057\u3066\u52a9\u305f\u3059\u3051\u308c\u3069\u3082\u3042\u308a\u307e\u3057\u305f\u3002\u305d\u3053\u3082\u305e\u304f\u305e\u304f\u51fa\u3066\u6765\u3088\u3046\u3068\u3046\u306e\u3072\u3068\u3068\u3082\u3088\u3046\u306a\u59ff\u52e2\u3057\u305b\u3044\u306e\u3082\u3044\u307e\u3057\u305f\u3002\u300c\u3042\u3042\u304d\u3067\u3059\u3002\u305d\u308c\u3092\u5fd8\u308f\u3059\u308c\u305f\u308a\u3082\u3001\u71d0\u5149\u308a\u307e\u3057\u305f\u3002\u9ce5\u6355\u3068\u308a\u3068\u305d\u3089\u3058\u3085\u3046\u306e\u5e2d\u305b\u304d\u306b\u623b\u3082\u3002","Country":null,"OrderItems":[{"id":"24","product_name":"\u5024\u5f15\u304d","price":-4836},{"id":"19","product_name":"\u539f\u306e\u306f\u3001\u307e\u3082\u306a\u3044\u3002\u5929\u4e0a\u3078\u3055\u3048\u64ad\u307e\u304b\u3002","price":18049},{"id":"20","product_name":"\u539f\u306e\u306f\u3001\u307e\u3082\u306a\u3044\u3002\u5929\u4e0a\u3078\u3055\u3048\u64ad\u307e\u304b\u3002","price":96243},{"id":"21","product_name":"\u539f\u306e\u306f\u3001\u307e\u3082\u306a\u3044\u3002\u5929\u4e0a\u3078\u3055\u3048\u64ad\u307e\u304b\u3002","price":50237},{"id":"22","product_name":"\u9001\u6599","price":1000},{"id":"23","product_name":"\u624b\u6570\u6599","price":3723}],"Shippings":[{"id":"4"}]},{"id":"3","pre_order_id":"c3cbb20fb2a127d7179202522b4b53566142643a","name01":"\u6d5c\u7530","name02":"\u5e79","message":"\u74dc\u304b\u3089\u82f9\u679c\u308a\u3093\u3069\u3044\u305f\u91d1\u525b\u77f3\u3053\u304f\u3088\u3046\u306b\u3001\u307b\u3093\u3068\u3046\u3054\u3056\u3044\u304f\u307b\u3093\u3068\u3046\u306e\u7a93\u307e\u3069\u306f\u4e00\u751f\u3051\u3093\u547d\u3081\u3044\u3059\u308b\u97f3\u304c\u3044\u3055\u3093\u304c\u306e\u3044\u3063\u3066\u3044\u306a\u304c\u3001\u308f\u3056\u308f\u3056\u3068\u7a6b\u3068\u308c\u306a\u3088\u3046\u306b\u3046\u3064\u304f\u3057\u3066\u3068\u308b\u4eba\u300c\u3053\u306e\u7537\u306f\u7acb\u3063\u3066\u3044\u308b\u306e\u3067\u3057\u305f\u3002\u3059\u308b\u3068\u307e\u308f\u3059\u308c\u3066\u3042\u3052\u307e\u3057\u305f\u3061\u306f\u3044\u307e\u3059\u3051\u305f\u308a\u6697\u304f\u3089\u3044\u307e\u3057\u305f\u3002\u300c\u3082\u3046\u4e00\u3064\u30b8\u30e7\u30d0\u30f3\u30cb\u306f\u306b\u308f\u3068\u3053\u3092\u3082\u3063\u3066\u3044\u307e\u3057\u305f\u3002\u300c\u3088\u308d\u3053\u3073\u306b\u6765\u305f\u3002\u300c\u541b\u305f\u3061\u306f\u3082\u3046\u3064\u3063\u3066\u3044\u308b\u3001\u305d\u306e\u3059\u3050\u3046\u3057\u308d\u304b\u3089\u9ed2\u3044\u3064\u3082\u7a93\u307e\u3069\u306e\u5916\u3092\u306e\u3070\u3057\u3066\u3044\u306d\u3044\u306b\u5439\u3075\u3044\u3002","Country":null,"OrderItems":[{"id":"18","product_name":"\u5024\u5f15\u304d","price":-4836},{"id":"17","product_name":"\u624b\u6570\u6599","price":3723},{"id":"16","product_name":"\u9001\u6599","price":1000},{"id":"15","product_name":"\u539f\u306e\u306f\u3001\u307e\u3082\u306a\u3044\u3002\u5929\u4e0a\u3078\u3055\u3048\u64ad\u307e\u304b\u3002","price":50237},{"id":"14","product_name":"\u539f\u306e\u306f\u3001\u307e\u3082\u306a\u3044\u3002\u5929\u4e0a\u3078\u3055\u3048\u64ad\u307e\u304b\u3002","price":96243},{"id":"13","product_name":"\u539f\u306e\u306f\u3001\u307e\u3082\u306a\u3044\u3002\u5929\u4e0a\u3078\u3055\u3048\u64ad\u307e\u304b\u3002","price":18049}],"Shippings":[{"id":"3"}]},{"id":"2","pre_order_id":"1f1a4f4843335a92f45e9f56bb29b15b6c6e6c5a","name01":"\u4e2d\u6751","name02":"\u8061\u592a\u90ce","message":"\u306e\u74f6\u3073\u3093\u3092\u4e21\u624b\u308a\u3087\u3046\u3044\u305f\u306e\u3067\u3059\u3002\u307b\u3093\u3068\u3046\u306e\u795e\u304b\u307f\u3055\u307e\u3046\u306e\u3088\u3046\u304b\u3001\u305b\u308f\u3057\u304f\u3001\u9752\u3044\u3042\u308b\u306d\u3048\u300d\u300c\u3042\u3042\u305d\u306e\u6b63\u9762\u3057\u3087\u3055\u3044\u308f\u306d\u3048\u300d\u300c\u3046\u3093\u3001\u3044\u3088\u304f\u8a00\u3044\u3063\u3057\u3087\u3046\u3069\u304a\u3093\u3068\u3046\u3053\u3053\u304b\u306b\u308f\u304b\u3063\u305f\u306a\u3042\u3002\u805e\u304b\u306a\u91ce\u539f\u3078\u904a\u3042\u305d\u3089\u3092\u898b\u3066\u3044\u308b\u9593\u305d\u306e\u5c0f\u3055\u306a\u866b\u3082\u3044\u3064\u3064\u3093\u3060\u308d\u3046\u3002\u50d5\u307c\u304f\u3044\u4e18\u304a\u304b\u306e\u706b\u306e\u5411\u3080\u3053\u3046\u3070\u3044\u3051\u306a\u3044\u3002\u3044\u307e\u3069\u306e\u9060\u304f\u3078\u884c\u3063\u3066\u4e00\u3057\u3093\u3057\u3064\u306b\u304a\u3082\u3057\u308d\u306b\u5149\u3063\u3066\u3044\u308b\u3093\u3067\u3057\u305f\u3002\u307e\u305f\u5922\u3086\u3081\u306e\u524d\u306b\u3057\u306a\u304c\u3089\u3001\u3064\u304b\u308c\u305f\u3088\u300d\u30ab\u30e0\u30d1\u30cd\u30eb\u30e9\u304c\u5411\u3080\u3053\u3002","Country":null,"OrderItems":[{"id":"7","product_name":"\u539f\u306e\u306f\u3001\u307e\u3082\u306a\u3044\u3002\u5929\u4e0a\u3078\u3055\u3048\u64ad\u307e\u304b\u3002","price":18049},{"id":"12","product_name":"\u5024\u5f15\u304d","price":-3868},{"id":"11","product_name":"\u624b\u6570\u6599","price":4778},{"id":"10","product_name":"\u9001\u6599","price":0},{"id":"9","product_name":"\u539f\u306e\u306f\u3001\u307e\u3082\u306a\u3044\u3002\u5929\u4e0a\u3078\u3055\u3048\u64ad\u307e\u304b\u3002","price":50237},{"id":"8","product_name":"\u539f\u306e\u306f\u3001\u307e\u3082\u306a\u3044\u3002\u5929\u4e0a\u3078\u3055\u3048\u64ad\u307e\u304b\u3002","price":96243}],"Shippings":[{"id":"2"}]},{"id":"1","pre_order_id":"e290f18f709dfd3b54b36ae79a98b8f583fc353d","name01":"\u4e2d\u6751","name02":"\u8061\u592a\u90ce","message":"\u305f\u3088\u3046\u306b\u3082\u5b50\u4f9b\u3053\u3069\u3082\u305d\u308c\u304b\u304c\u305f\u3044\u3078\u3093\u91cd\u304a\u3082\u3057\u306a\u3059\u3059\u304d\u306e\u3044\u3070\u3089\u304f\u305f\u3063\u3066\u3084\u308a\u3042\u308a\u307e\u3057\u305f\u3002\u300c\u3042\u306e\u9ed2\u3044\u9580\u3082\u3093\u3067\u3057\u305f\u3002\u6c17\u304c\u3057\u3066\u3082\u3044\u306a\u3044\u3088\u3046\u306b\u3072\u3056\u3082\u3042\u308f\u3066\u3066\u3057\u305f\u3002\uff08\u30b6\u30cd\u30ea\u304c\u306d\u306e\u4e0a\u7740\u3046\u308f\u304e\u304c\u3042\u308b\u3068\u6559\u5ba4\u3092\u51fa\u3057\u3066\u53eb\u3055\u3051\u3073\u307e\u3057\u305f\u3089\u3044\u3089\u3063\u3057\u3083\u304c\u3042\u308a\u307e\u3057\u305f\u3002\u300c\u304a\u304b\u306e\u8349\u306e\u9732\u3064\u3086\u3092\u3064\u304b\u308c\u3066\u305a\u3001\u300c\u3053\u3053\u308d\u306b\u306a\u3063\u3066\u3057\u304b\u305f\u307e\u3063\u3066\u3002\u3044\u307e\u3057\u305f\u3093\u3092\u306f\u3044\u307e\u3057\u305f\u3002\u3088\u304f\u308f\u304b\u308a\u3057\u307e\u306f\u3001\u3082\u3046\u30b6\u30cd\u30ea\u306f\u3082\u3046\u5922\u3086\u3081\u3067\u3093\u3057\u3085\u306e\u4e21\u9762\u51f8\u308a\u3087\u3046\u3044\u308d\u306a\u3075\u3046\u3067\u4e8c\u3064\u3002","Country":null,"OrderItems":[{"id":"6","product_name":"\u5024\u5f15\u304d","price":-3868},{"id":"1","product_name":"\u539f\u306e\u306f\u3001\u307e\u3082\u306a\u3044\u3002\u5929\u4e0a\u3078\u3055\u3048\u64ad\u307e\u304b\u3002","price":18049},{"id":"2","product_name":"\u539f\u306e\u306f\u3001\u307e\u3082\u306a\u3044\u3002\u5929\u4e0a\u3078\u3055\u3048\u64ad\u307e\u304b\u3002","price":96243},{"id":"3","product_name":"\u539f\u306e\u306f\u3001\u307e\u3082\u306a\u3044\u3002\u5929\u4e0a\u3078\u3055\u3048\u64ad\u307e\u304b\u3002","price":50237},{"id":"4","product_name":"\u9001\u6599","price":0},{"id":"5","product_name":"\u624b\u6570\u6599","price":4778}],"Shippings":[{"id":"1"}]}],"customers":[{"name01":"\u4e2d\u6751","name02":"\u8061\u592a\u90ce","email":"1582778715.0085.kijima.youichi@example.net","point":77276},{"name01":"\u6d5c\u7530","name02":"\u5e79","email":"1582778715.2447.ryosuke.hamada@example.org","point":32911}]}}

# Implicit grant

# ブラウザにてアクセス
# http://127.0.0.1:8000/admin/authorize?response_type=token&client_id=ebd746e3a42714a63f2b247bf9b42506&client_secret=df6fd78665d464cc3af34d3aca6ae14d04322308064a17e4dfdb4a14626c683da4cebf5e58fce51bcdb9dad3b78316b42def0a5da9b103d0ab74e9eea02a15c1&scope=read&state=hogehoge
# ログイン
# 「許可」を押下
# リダイレクトされるのでaccess_tokenをメモ
# http://127.0.0.1:8000/#access_token=eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImp0aSI6ImM5OWNhMWYxZjQ1MDQ5YjU0OWVlOTU4NzIyZjcxNTg0MDFiMTk5MWE1YzY3ZGQ4Y2U1YTA4YzMxNmIyZmVmMDVjZWIxMmU0YmU1YmFlNTViIn0.eyJhdWQiOiJlYmQ3NDZlM2E0MjcxNGE2M2YyYjI0N2JmOWI0MjUwNiIsImp0aSI6ImM5OWNhMWYxZjQ1MDQ5YjU0OWVlOTU4NzIyZjcxNTg0MDFiMTk5MWE1YzY3ZGQ4Y2U1YTA4YzMxNmIyZmVmMDVjZWIxMmU0YmU1YmFlNTViIiwiaWF0IjoxNTgyNzc5ODM5LCJuYmYiOjE1ODI3Nzk4MzksImV4cCI6MTU4Mjc4MzQzOSwic3ViIjoiYWRtaW4iLCJzY29wZXMiOlsicmVhZCJdfQ.OApSTChdaKJ69wHK-Z9rqch0AyGUA7uSnqIujDMWzTUck0sxqsoTVMakluRXPV2WTbc9WeHhkLVhOvnMIQRXZBKIokCC1V-kMWk8q8MER_D2iZ-1fOVyrNR4bS_toZ5YGe7-_AmgrmN6QRL9tAxBbz8RhBwOt62MSi_-RN08gvvScmkY0x8SrhcqLyaHbSMQMGNlaOjRh6a8x3FULsRr93IPUxb6Z214cmb_Tq3dsP7TMFkOlndf2Gco9ivl72Jkqvot89O78GDsMPHaHkWBwkAUpxffu0EgPLIztL--uRZtt3OhM00N6Q8MtUoyc5xs1_ajcBdiujFfp6jljQeQFw&token_type=Bearer&expires_in=3600&state=hogehoge

curl --location --request POST 'http://127.0.0.1:8000/api' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--header 'Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImp0aSI6ImM5OWNhMWYxZjQ1MDQ5YjU0OWVlOTU4NzIyZjcxNTg0MDFiMTk5MWE1YzY3ZGQ4Y2U1YTA4YzMxNmIyZmVmMDVjZWIxMmU0YmU1YmFlNTViIn0.eyJhdWQiOiJlYmQ3NDZlM2E0MjcxNGE2M2YyYjI0N2JmOWI0MjUwNiIsImp0aSI6ImM5OWNhMWYxZjQ1MDQ5YjU0OWVlOTU4NzIyZjcxNTg0MDFiMTk5MWE1YzY3ZGQ4Y2U1YTA4YzMxNmIyZmVmMDVjZWIxMmU0YmU1YmFlNTViIiwiaWF0IjoxNTgyNzc5ODM5LCJuYmYiOjE1ODI3Nzk4MzksImV4cCI6MTU4Mjc4MzQzOSwic3ViIjoiYWRtaW4iLCJzY29wZXMiOlsicmVhZCJdfQ.OApSTChdaKJ69wHK-Z9rqch0AyGUA7uSnqIujDMWzTUck0sxqsoTVMakluRXPV2WTbc9WeHhkLVhOvnMIQRXZBKIokCC1V-kMWk8q8MER_D2iZ-1fOVyrNR4bS_toZ5YGe7-_AmgrmN6QRL9tAxBbz8RhBwOt62MSi_-RN08gvvScmkY0x8SrhcqLyaHbSMQMGNlaOjRh6a8x3FULsRr93IPUxb6Z214cmb_Tq3dsP7TMFkOlndf2Gco9ivl72Jkqvot89O78GDsMPHaHkWBwkAUpxffu0EgPLIztL--uRZtt3OhM00N6Q8MtUoyc5xs1_ajcBdiujFfp6jljQeQFw' \
--data-raw '{"query":"{\n  products {\n    id\n    name\n    ProductClasses {\n      id\n      code\n      price02\n      stock\n    }\n    Status {\n      id\n      name\n    }\n    Creator {\n      id\n    }\n    ProductTag {\n      id\n    }\n  }\n  orders {\n    id\n    pre_order_id\n    name01\n    name02\n    message\n    Country {\n      id\n    }\n    OrderItems {\n      id\n      product_name\n      price\n    }\n    Shippings {\n      id\n    }\n  }\n  customers {\n    name01\n    name02\n    email\n    point\n  }\n}\n","variables":{}}' | jq .

最後のコマンドの実行結果は以下

  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100  9075    0  8536  100   539  28974   1829 --:--:-- --:--:-- --:--:-- 29034
{
  "data": {
    "products": [
      {
        "id": "4",
        "name": "おとりください」ジョバンニは。",
        "ProductClasses": [
          {
            "id": "18",
            "code": "eum",
            "price02": 38407,
            "stock": 284
          },
          {
            "id": "19",
            "code": "possimus",
            "price02": 47771,
            "stock": 631
          },
          {
            "id": "17",
            "code": "est",
            "price02": 42262,
            "stock": 700
          },
          {
            "id": "16",
            "code": "tempora",
            "price02": 37411,
            "stock": 873
          }
        ],
        "Status": {
          "id": "1",
          "name": "公開"
        },
        "Creator": null,
        "ProductTag": []
      },
      {
        "id": "3",
        "name": "くくみも、誰だれともある。もと、もらった大きな活版所かんごはんぶんは、北の方。",
        "ProductClasses": [
          {
            "id": "15",
            "code": "cum",
            "price02": 1427,
            "stock": 344
          },
          {
            "id": "12",
            "code": "numquam",
            "price02": 72389,
            "stock": 461
          },
          {
            "id": "13",
            "code": "deleniti",
            "price02": 10001,
            "stock": 759
          },
          {
            "id": "14",
            "code": "accusamus",
            "price02": 32279,
            "stock": 861
          }
        ],
        "Status": {
          "id": "1",
          "name": "公開"
        },
        "Creator": null,
        "ProductTag": []
      },
      {
        "id": "1",
        "name": "彩のジェラートCUBE",
        "ProductClasses": [
          {
            "id": "6",
            "code": "cube-05",
            "price02": 49000,
            "stock": null
          },
          {
            "id": "9",
            "code": "cube-08",
            "price02": 13000,
            "stock": null
          },
          {
            "id": "2",
            "code": "cube-01",
            "price02": 110000,
            "stock": null
          },
          {
            "id": "4",
            "code": "cube-03",
            "price02": 74000,
            "stock": null
          },
          {
            "id": "1",
            "code": "cube-01",
            "price02": 110000,
            "stock": null
          },
          {
            "id": "10",
            "code": "cube-09",
            "price02": 5000,
            "stock": null
          },
          {
            "id": "7",
            "code": "cube-06",
            "price02": 34500,
            "stock": null
          },
          {
            "id": "5",
            "code": "cube-04",
            "price02": 93000,
            "stock": null
          },
          {
            "id": "8",
            "code": "cube-07",
            "price02": 18000,
            "stock": null
          },
          {
            "id": "3",
            "code": "cube-02",
            "price02": 93000,
            "stock": null
          }
        ],
        "Status": {
          "id": "1",
          "name": "公開"
        },
        "Creator": null,
        "ProductTag": []
      },
      {
        "id": "2",
        "name": "チェリーアイスサンド",
        "ProductClasses": [
          {
            "id": "11",
            "code": "sand-01",
            "price02": 2800,
            "stock": 100
          }
        ],
        "Status": {
          "id": "1",
          "name": "公開"
        },
        "Creator": null,
        "ProductTag": []
      }
    ],
    "orders": [
      {
        "id": "4",
        "pre_order_id": "3e519f007d819c5bfd47c5bd636f93941e83287e",
        "name01": "浜田",
        "name02": "洋介",
        "message": "製もくカムパネルラが少しおあがりました。全まったい草に投なげつけてしますけすると呼よび子はびっくり塩水しおみずが寄よってしまい、ここで天上へ行くときました三角標さんですければ見ると思って、サファイアモンド会社の前のレンランプではあれをもらはな、白鳥停車場ていたわ」「ああほんと両腕りょうど両手りょうあれ工兵大隊こうのような新しいのためいきを重かさんもどころの外を見ましたかった小さな銀河ぎんが、草を。",
        "Country": null,
        "OrderItems": [
          {
            "id": "19",
            "product_name": "おとりください」ジョバンニは。",
            "price": 37411
          },
          {
            "id": "20",
            "product_name": "おとりください」ジョバンニは。",
            "price": 42262
          },
          {
            "id": "21",
            "product_name": "おとりください」ジョバンニは。",
            "price": 38407
          },
          {
            "id": "24",
            "product_name": "値引き",
            "price": -6688
          },
          {
            "id": "22",
            "product_name": "送料",
            "price": 1000
          },
          {
            "id": "23",
            "product_name": "手数料",
            "price": 5940
          }
        ],
        "Shippings": [
          {
            "id": "4"
          }
        ]
      },
      {
        "id": "3",
        "pre_order_id": "02cb2d46d82df90c5acd8f0c85547592458d640e",
        "name01": "浜田",
        "name02": "洋介",
        "message": "そうに、おってわざわざと穫とれない天の川の水は、夜の軽便鉄道ぎんやり見えないですかしの柵さく折おっしょう」「ああわててしました。「お母さんあるとみえてきます。さぎな声がし、青く茂しげみの御前みませんろが青ざめと光っていました。そして、そこなんです。みんなあかり覚悟かくひょうものが、一枚の紙をジョバンニはもちが漕こいつかのシグナルの足もとうに見え、おこっちかくひっぱりぽくぽくそらを光らせなかいがん。",
        "Country": null,
        "OrderItems": [
          {
            "id": "15",
            "product_name": "おとりください」ジョバンニは。",
            "price": 38407
          },
          {
            "id": "18",
            "product_name": "値引き",
            "price": -6688
          },
          {
            "id": "17",
            "product_name": "手数料",
            "price": 5940
          },
          {
            "id": "16",
            "product_name": "送料",
            "price": 1000
          },
          {
            "id": "14",
            "product_name": "おとりください」ジョバンニは。",
            "price": 42262
          },
          {
            "id": "13",
            "product_name": "おとりください」ジョバンニは。",
            "price": 37411
          }
        ],
        "Shippings": [
          {
            "id": "3"
          }
        ]
      },
      {
        "id": "1",
        "pre_order_id": "1a243befa5ffa9f78adada885c40a667bbacefdf",
        "name01": "廣川",
        "name02": "",
        "message": "だまっていまでもいいました。ジョバンニがやいたから下へ白くなりましたり下った硝子ガラスよりは、次つぎの三角標さんやり言いっしです。つまれた、赤や緑みどりのボートをおろしきもちぎれの考えるように見入り乱みだを半分出しました。(ああ、こっちからあがりましたことなりましたら、どこかその一ところ帰って、おしの上着うわぎしてカムパネルラという証拠しょう掘ほり出され、ジョバンニが言いいましたが、立派りっぱり。",
        "Country": null,
        "OrderItems": [
          {
            "id": "6",
            "product_name": "値引き",
            "price": -4147
          },
          {
            "id": "1",
            "product_name": "くくみも、誰だれともある。もと、もらった大きな活版所かんごはんぶんは、北の方。",
            "price": 72389
          },
          {
            "id": "2",
            "product_name": "くくみも、誰だれともある。もと、もらった大きな活版所かんごはんぶんは、北の方。",
            "price": 10001
          },
          {
            "id": "3",
            "product_name": "くくみも、誰だれともある。もと、もらった大きな活版所かんごはんぶんは、北の方。",
            "price": 32279
          },
          {
            "id": "4",
            "product_name": "送料",
            "price": 0
          },
          {
            "id": "5",
            "product_name": "手数料",
            "price": 6384
          }
        ],
        "Shippings": [
          {
            "id": "1"
          }
        ]
      }
    ],
    "customers": [
      {
        "name01": "廣川",
        "name02": "",
        "email": "1582779611.653.ukiriyama@example.org",
        "point": 47443
      },
      {
        "name01": "浜田",
        "name02": "洋介",
        "email": "1582779611.7028.yuki.tanabe@example.net",
        "point": 89873
      }
    ]
  }
}

相談(Discussion)

特にセキュリティ面で抜けている観点があれば教えていただきたいです。

マイナーバージョン互換性保持のための制限事項チェックリスト

  • 既存機能の仕様変更
  • フックポイントの呼び出しタイミングの変更
  • フックポイントのパラメータの削除・データ型の変更
  • twigファイルに渡しているパラメータの削除・データ型の変更
  • Serviceクラスの公開関数の、引数の削除・データ型の変更
  • 入出力ファイル(CSVなど)のフォーマット変更

レビュワー確認項目

  • 動作確認
  • コードレビュー
  • E2E/Unit テスト確認(テストの追加・変更が必要かどうか)
  • 互換性が保持されているか
  • セキュリティ上の問題がないか

@chihiro-adachi
Copy link
Contributor

@okazy

エンドポイント /authorize のアクセス制限
/authorize へOAuthのパラメータ付きで直接アクセスすると /admin/authorize 経由しなくても ?> code/token が取得可能

READMEに設定例書いてありました。

❮ NOTE ❯ It is recommended to control the access to the authorization endpoint so that only logged in users can approve authorization requests. You should review your security.yml file. Here is a sample configuration:
security:
    access_control:
        - { path: ^/authorize, roles: IS_AUTHENTICATED_REMEMBERED }

https://github.com/trikoder/oauth2-bundle

@okazy
Copy link
Contributor Author

okazy commented Feb 19, 2020

@chihiro-adachi ありがとうございます!
一応以下で ROLE_ADMIN の制限はしています。

['path' => '^(/%eccube_admin_route%/|/authorize)', 'roles' => 'ROLE_ADMIN'],

現状で /authorize エンドポイントにアクセスすると権限移譲確認画面を経由せずにcodeが取得できる状態となっています。
この問題を解決するアイデアとしては、権限移譲確認画面で同意したことを示すパラメータを付与しておき、 /authorize にてパラメータをチェックする処理が必要かと思っています。

具体的には以下でコード生成、セッションに保存、リダイレクトのパラメータに付与

return $this->redirectToRoute('oauth2_authorize', $form->getData());

以下のイベントでコードの検証をしてコードに問題があれば認証失敗にするような処理を入れようと思っています。

$event->resolveAuthorization(AuthorizationRequestResolveEvent::AUTHORIZATION_APPROVED);

不安な点としては、自分が考えた方法だというところです。。。

@nanasess
Copy link
Contributor

何故 OpenID Connect ではなく OAuth2.0 なのでしょうか?
ユーザー認証の部分は独自実装するより、標準にのっかっておいた方がいいかと

@nanasess
Copy link
Contributor

セキュリティについては、こちらがわかりやすい
https://www.atmarkit.co.jp/ait/articles/1710/24/news011.html

@okazy
Copy link
Contributor Author

okazy commented Feb 25, 2020

https://www.atmarkit.co.jp/ait/articles/1710/24/news011.html

  • 【攻撃手法1】Cross-Site Request Forgery(CSRF)
    • stateパラメータでCSRF対策を実施
  • 【攻撃手法2】Token Replace Attack
    • クライアント側の問題。クライアントでアクセストークンの管理に気をつける。
  • 【攻撃手法3】Covert Redirect
    • クライアント側の問題。クライアントのオープンリダイレクトが発生しないように実装
  • 【攻撃手法4】Authorization Code Interception Attack
    • ネイティブアプリの課題のため今回はスコープ外
  • 【攻撃手法5】IdP Mix-Up Attack
    • 以下の処理に追加の実装が必要か確認
    • Authorization ResponseにAuthorization Serverなどの情報を含め、Clientはその情報を用いて処理の分岐を行う
    • TLS接続を強制することで対応

@okazy
Copy link
Contributor Author

okazy commented Feb 27, 2020

手動のテストを追加しました。
自動テストは作成できていません。

コマンドとブラウザだけでテストができるようにしました。
ただしclient_id とclient_secret は手動で変更をお願いします。

  • EC-CUBEのインストール
  • Authorization code grantでのaccess_tokenの取得
  • Implicit grantでのaccess_tokenの取得
  • access_tokenを利用してGraphQLで商品一覧の情報を取得
  • access_tokenを利用してGraphQLで受注一覧の情報を取得
  • access_tokenを利用してGraphQLで会員一覧の情報を取得
テスト手順詳細(折りたたみ)

コマンドとブラウザだけでテストができるようにしました。
client_id とclient_secret は手動で変更をお願いします。

# テスト手順

# postgresを立ち上げておく
# EC-CUBEのインストール

git clone https://github.com/EC-CUBE/ec-cube.git
cd ec-cube
hub checkout https://github.com/EC-CUBE/ec-cube/pull/4474
composer install

sed -i -e 's/APP_ENV=dev/APP_ENV=prod/g' ./.env
sed -i -e 's/APP_DEBUG=1/APP_DEBUG=0/g' ./.env
sed -i -e 's/DATABASE_URL=sqlite:\/\/\/var\/eccube.db/DATABASE_URL=postgres:\/\/postgres@127.0.0.1\/eccube/g' ./.env
sed -i -e 's/DATABASE_SERVER_VERSION=3/DATABASE_SERVER_VERSION=9/g' ./.env

mkdir var/oauth
openssl genrsa -out private.key 2048
openssl rsa -in private.key -pubout -out public.key
mv private.key var/oauth
mv public.key var/oauth

bin/console e:i --no-interaction
bin/console trikoder:oauth2:create-client --redirect-uri=http://127.0.0.1:8000/ --grant-type=authorization_code --grant-type=client_credentials --grant-type=implicit --grant-type=password --grant-type=refresh_token --scope=read --scope=write
bin/console eccube:fixtures:generate --products=2 --orders=2 --customers=2 --without-image --env=dev

#  [OK] New oAuth2 client created successfully.
#  ---------------------------------- ----------------------------------------------------------------------------------------------------------------------------------
#   Identifier                         Secret
#  ---------------------------------- ----------------------------------------------------------------------------------------------------------------------------------
#   ebd746e3a42714a63f2b247bf9b42506   df6fd78665d464cc3af34d3aca6ae14d04322308064a17e4dfdb4a14626c683da4cebf5e58fce51bcdb9dad3b78316b42def0a5da9b103d0ab74e9eea02a15c1
#  ---------------------------------- ----------------------------------------------------------------------------------------------------------------------------------

bin/console s:r --env=dev

# Authorization code grant

# ブラウザにてアクセス
# http://127.0.0.1:8000/admin/authorize?response_type=code&client_id=ebd746e3a42714a63f2b247bf9b42506&redirect_uri=http://127.0.0.1:8000/&scope=read&state=hogehoge
# ログイン
# 「許可」を押下
# リダイレクトされるのでcodeをメモ
# http://127.0.0.1:8000/?code=def502001db9c325b8a4c27bdacb937f72062123319cd5432bb617a56d77fa0501fd259325a9872d3763d1896850520aad1fb96117d914d9ab8dff59476123410b6937488bfcd8288559f761817fd74a2eafee3a60d887d3d7acb7be3e709becb47ce41be6e057afb78641b08d2666e62283412b2f262e5bf9d35590c0d8feb88383b9da0564123cd789aa847802685561349e12c36035e5445f4d991a48372d08a99bc4c2f1f5b5d59a0c881fcb7d8e1d129df8be2b0ee462e07be614ce65f7c0a5aa682177cbfb61b233d2f07d7ee78b0447d2b42fb77e20eec4fc941fdd0c172797811c51224d0a03681923ed1fb9ea4c2a924f4e9da570eadbe6cb0de1190d3ffea9265fab5e3645ef62a110b499733958a08e77ec62d1464261fb09eb8502a5b3ce544eb256a1a42460eed1992c92cfd39e440c3411f4812aa7e207b7706c17fa45f216fd335b21397d0212c3f8267f4e49d4ac77ac4cce42b5e9f1e2d00f7ff0abc6785ef967b0efdb5b98f19948acb9aa328349582987b250d61c41f6c6a8c2&state=hogehoge

curl --location --request POST 'http://127.0.0.1:8000/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'grant_type=authorization_code' \
--data-urlencode 'client_id=ebd746e3a42714a63f2b247bf9b42506' \
--data-urlencode 'client_secret=df6fd78665d464cc3af34d3aca6ae14d04322308064a17e4dfdb4a14626c683da4cebf5e58fce51bcdb9dad3b78316b42def0a5da9b103d0ab74e9eea02a15c1' \
--data-urlencode 'redirect_uri=http://127.0.0.1:8000/' \
--data-urlencode 'code=def502001db9c325b8a4c27bdacb937f72062123319cd5432bb617a56d77fa0501fd259325a9872d3763d1896850520aad1fb96117d914d9ab8dff59476123410b6937488bfcd8288559f761817fd74a2eafee3a60d887d3d7acb7be3e709becb47ce41be6e057afb78641b08d2666e62283412b2f262e5bf9d35590c0d8feb88383b9da0564123cd789aa847802685561349e12c36035e5445f4d991a48372d08a99bc4c2f1f5b5d59a0c881fcb7d8e1d129df8be2b0ee462e07be614ce65f7c0a5aa682177cbfb61b233d2f07d7ee78b0447d2b42fb77e20eec4fc941fdd0c172797811c51224d0a03681923ed1fb9ea4c2a924f4e9da570eadbe6cb0de1190d3ffea9265fab5e3645ef62a110b499733958a08e77ec62d1464261fb09eb8502a5b3ce544eb256a1a42460eed1992c92cfd39e440c3411f4812aa7e207b7706c17fa45f216fd335b21397d0212c3f8267f4e49d4ac77ac4cce42b5e9f1e2d00f7ff0abc6785ef967b0efdb5b98f19948acb9aa328349582987b250d61c41f6c6a8c2'

# 以下のレスポンスが返ってくる
# {"token_type":"Bearer","expires_in":3600,"access_token":"eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImp0aSI6ImIwODc0MmY1NzJjZjM3OGFiMjk5NmIwYWVjOTFhODNiMWUwZWVlMTg4OTEyMDUxN2Y0ZWVjMmJhNDVkNTFhMzdkOGU4MDNiNDQ2ZmEyOTU4In0.eyJhdWQiOiJlYmQ3NDZlM2E0MjcxNGE2M2YyYjI0N2JmOWI0MjUwNiIsImp0aSI6ImIwODc0MmY1NzJjZjM3OGFiMjk5NmIwYWVjOTFhODNiMWUwZWVlMTg4OTEyMDUxN2Y0ZWVjMmJhNDVkNTFhMzdkOGU4MDNiNDQ2ZmEyOTU4IiwiaWF0IjoxNTgyNzc5NzM4LCJuYmYiOjE1ODI3Nzk3MzgsImV4cCI6MTU4Mjc4MzMzOCwic3ViIjoiYWRtaW4iLCJzY29wZXMiOlsicmVhZCJdfQ.gTbfzr2nzy-wUmYleXlFq1gs-wN7oH8l5nfEsfq5QAZjkl4K4__uLlh2GpStmjveYqY-rxP7Qy7mUBXgIFH3tl0Tnwg52GH9_ftAhz6ZzPilymUzuXtmJ3aj4GZ4Ctm62GtcM1psbzP444BnY9QYuejpQT3tV0VS1enrV8ZkAPKkWvCcOyGLCabfPZ626rThMxMC0I7Mwc-sHAooZ4ebsDUbAQnXj2mwc5zWUpv7r8AsLXnUaMZoAXSk9NQnZvqn7VXo4EkQJkdArT0_QPoPZvFxHrAI5lMWTojMXCZyQMH6cV4OllKHqluij16NA9dGjG73kETyhzbgsm-8e0Hxww","refresh_token":"def502003895e9eb8526f5160b756233895390044561b7de0d67a7a5ae1cef188ed549d95184fb3c824b50e8c6afbe065336e5c18691a750793d1dc8b3d4176f536b1dad6f5c38585133ef0ae44ceac721c65b33b9a8f78c40662112c548acfb3cd4da8b0733c79ac68c22c560f39ef5b4edb33f2ed52579608a3d80559eec37874637afd60a37f53ed5902bc869cca0ce15e09028fccfc27fd60bae8f28b9a98ce068b53b4094d19de000823f6955f9d80b2925e1340932166bdf5014fc083f9b858d7dd39b7707242eb1465b989e65160748fffef0074bc151bc95c59a6134102b18b0349c86e86035632fb235cecd23528f91ad79a599a7186aaad2c7ddca4884401a679212a757beee84f8bb6f05b03d29542091134fd0a41f2356d84726addf03546f383ac93b861bf01a2a1358a94ea856c9a16242c0c896a6feb76e1aa097b4156883368529eae157c46849c4e62e983976d625916f20280004179af27f609dbd7411d7cf25fec08acc9ee60dfe8efb8d7123f30be9c1c05d5ee362a0c70630de7dc0e0d6dbf9b223"}

curl --location --request POST 'http://127.0.0.1:8000/api' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--header 'Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImp0aSI6ImIwODc0MmY1NzJjZjM3OGFiMjk5NmIwYWVjOTFhODNiMWUwZWVlMTg4OTEyMDUxN2Y0ZWVjMmJhNDVkNTFhMzdkOGU4MDNiNDQ2ZmEyOTU4In0.eyJhdWQiOiJlYmQ3NDZlM2E0MjcxNGE2M2YyYjI0N2JmOWI0MjUwNiIsImp0aSI6ImIwODc0MmY1NzJjZjM3OGFiMjk5NmIwYWVjOTFhODNiMWUwZWVlMTg4OTEyMDUxN2Y0ZWVjMmJhNDVkNTFhMzdkOGU4MDNiNDQ2ZmEyOTU4IiwiaWF0IjoxNTgyNzc5NzM4LCJuYmYiOjE1ODI3Nzk3MzgsImV4cCI6MTU4Mjc4MzMzOCwic3ViIjoiYWRtaW4iLCJzY29wZXMiOlsicmVhZCJdfQ.gTbfzr2nzy-wUmYleXlFq1gs-wN7oH8l5nfEsfq5QAZjkl4K4__uLlh2GpStmjveYqY-rxP7Qy7mUBXgIFH3tl0Tnwg52GH9_ftAhz6ZzPilymUzuXtmJ3aj4GZ4Ctm62GtcM1psbzP444BnY9QYuejpQT3tV0VS1enrV8ZkAPKkWvCcOyGLCabfPZ626rThMxMC0I7Mwc-sHAooZ4ebsDUbAQnXj2mwc5zWUpv7r8AsLXnUaMZoAXSk9NQnZvqn7VXo4EkQJkdArT0_QPoPZvFxHrAI5lMWTojMXCZyQMH6cV4OllKHqluij16NA9dGjG73kETyhzbgsm-8e0Hxww' \
--data-raw '{"query":"{\n  products {\n    id\n    name\n    ProductClasses {\n      id\n      code\n      price02\n      stock\n    }\n    Status {\n      id\n      name\n    }\n    Creator {\n      id\n    }\n    ProductTag {\n      id\n    }\n  }\n  orders {\n    id\n    pre_order_id\n    name01\n    name02\n    message\n    Country {\n      id\n    }\n    OrderItems {\n      id\n      product_name\n      price\n    }\n    Shippings {\n      id\n    }\n  }\n  customers {\n    name01\n    name02\n    email\n    point\n  }\n}\n","variables":{}}'

# 以下のレスポンスが返ってくる
# {"data":{"products":[{"id":"3","name":"\u3063\u3068\u7acb\u3063\u3066\u3044\u308b\u305f\u3081\u306b\u7948\u3044\u306e\u898b\u3048\u308b\u3002\u307c\u304f\u3002","ProductClasses":[{"id":"14","code":"et","price02":30779,"stock":709},{"id":"12","code":"aut","price02":27506,"stock":254},{"id":"15","code":"dolores","price02":61164,"stock":45},{"id":"13","code":"minima","price02":12138,"stock":911}],"Status":{"id":"1","name":"\u516c\u958b"},"Creator":null,"ProductTag":[]},{"id":"4","name":"\u539f\u306e\u306f\u3001\u307e\u3082\u306a\u3044\u3002\u5929\u4e0a\u3078\u3055\u3048\u64ad\u307e\u304b\u3002","ProductClasses":[{"id":"16","code":"numquam","price02":18049,"stock":572},{"id":"17","code":"et","price02":96243,"stock":512},{"id":"19","code":"aut","price02":63182,"stock":451},{"id":"18","code":"rem","price02":50237,"stock":490}],"Status":{"id":"1","name":"\u516c\u958b"},"Creator":null,"ProductTag":[]},{"id":"1","name":"\u5f69\u306e\u30b8\u30a7\u30e9\u30fc\u30c8CUBE","ProductClasses":[{"id":"9","code":"cube-08","price02":13000,"stock":null},{"id":"6","code":"cube-05","price02":49000,"stock":null},{"id":"10","code":"cube-09","price02":5000,"stock":null},{"id":"5","code":"cube-04","price02":93000,"stock":null},{"id":"4","code":"cube-03","price02":74000,"stock":null},{"id":"8","code":"cube-07","price02":18000,"stock":null},{"id":"3","code":"cube-02","price02":93000,"stock":null},{"id":"2","code":"cube-01","price02":110000,"stock":null},{"id":"1","code":"cube-01","price02":110000,"stock":null},{"id":"7","code":"cube-06","price02":34500,"stock":null}],"Status":{"id":"1","name":"\u516c\u958b"},"Creator":null,"ProductTag":[]},{"id":"2","name":"\u30c1\u30a7\u30ea\u30fc\u30a2\u30a4\u30b9\u30b5\u30f3\u30c9","ProductClasses":[{"id":"11","code":"sand-01","price02":2800,"stock":100}],"Status":{"id":"1","name":"\u516c\u958b"},"Creator":null,"ProductTag":[]}],"orders":[{"id":"4","pre_order_id":"32c11cd7d9a682ad97320b17aad63b94a67ea2c3","name01":"\u6d5c\u7530","name02":"\u5e79","message":"\u308b\u3048\u3066\u3075\u308a\u8fd4\u304b\u3048\u3063\u3066\u305d\u308c\u3092\u6e21\u308f\u305f\u304f\u3055\u3093\u306e\u65b9\u304b\u3089\u6c7d\u8eca\u306f\u3060\u3093\u3060\u308a\u3001\u767d\u9ce5\u3092\u3064\u304f\u3057\u3069\u3046\u306e\u3067\u3059\u3002\u305d\u308c\u3092\u51fa\u308b\u3068\u304d\u307e\u3057\u305f\u3002\u300c\u3042\u3089\u3086\u308c\u305f\u3082\u3093\u3067\u306a\u3057\u3066\u8ab0\u3060\u308c\u3060\u304b\u308f\u3089\u3044\u307c\u3093\u3084\u308a\u898b\u3048\u305f\u3061\u306b\u3001\u3057\u304d\u308a\u306e\u3088\u3046\u3067\u3059\u300d\u535a\u58eb\u306f\u304b\u305b\u304d\u3067\u3001\u5411\u3080\u3053\u3046\u3075\u3046\u306b\u3057\u3066\u52a9\u305f\u3059\u3051\u308c\u3069\u3082\u3042\u308a\u307e\u3057\u305f\u3002\u305d\u3053\u3082\u305e\u304f\u305e\u304f\u51fa\u3066\u6765\u3088\u3046\u3068\u3046\u306e\u3072\u3068\u3068\u3082\u3088\u3046\u306a\u59ff\u52e2\u3057\u305b\u3044\u306e\u3082\u3044\u307e\u3057\u305f\u3002\u300c\u3042\u3042\u304d\u3067\u3059\u3002\u305d\u308c\u3092\u5fd8\u308f\u3059\u308c\u305f\u308a\u3082\u3001\u71d0\u5149\u308a\u307e\u3057\u305f\u3002\u9ce5\u6355\u3068\u308a\u3068\u305d\u3089\u3058\u3085\u3046\u306e\u5e2d\u305b\u304d\u306b\u623b\u3082\u3002","Country":null,"OrderItems":[{"id":"24","product_name":"\u5024\u5f15\u304d","price":-4836},{"id":"19","product_name":"\u539f\u306e\u306f\u3001\u307e\u3082\u306a\u3044\u3002\u5929\u4e0a\u3078\u3055\u3048\u64ad\u307e\u304b\u3002","price":18049},{"id":"20","product_name":"\u539f\u306e\u306f\u3001\u307e\u3082\u306a\u3044\u3002\u5929\u4e0a\u3078\u3055\u3048\u64ad\u307e\u304b\u3002","price":96243},{"id":"21","product_name":"\u539f\u306e\u306f\u3001\u307e\u3082\u306a\u3044\u3002\u5929\u4e0a\u3078\u3055\u3048\u64ad\u307e\u304b\u3002","price":50237},{"id":"22","product_name":"\u9001\u6599","price":1000},{"id":"23","product_name":"\u624b\u6570\u6599","price":3723}],"Shippings":[{"id":"4"}]},{"id":"3","pre_order_id":"c3cbb20fb2a127d7179202522b4b53566142643a","name01":"\u6d5c\u7530","name02":"\u5e79","message":"\u74dc\u304b\u3089\u82f9\u679c\u308a\u3093\u3069\u3044\u305f\u91d1\u525b\u77f3\u3053\u304f\u3088\u3046\u306b\u3001\u307b\u3093\u3068\u3046\u3054\u3056\u3044\u304f\u307b\u3093\u3068\u3046\u306e\u7a93\u307e\u3069\u306f\u4e00\u751f\u3051\u3093\u547d\u3081\u3044\u3059\u308b\u97f3\u304c\u3044\u3055\u3093\u304c\u306e\u3044\u3063\u3066\u3044\u306a\u304c\u3001\u308f\u3056\u308f\u3056\u3068\u7a6b\u3068\u308c\u306a\u3088\u3046\u306b\u3046\u3064\u304f\u3057\u3066\u3068\u308b\u4eba\u300c\u3053\u306e\u7537\u306f\u7acb\u3063\u3066\u3044\u308b\u306e\u3067\u3057\u305f\u3002\u3059\u308b\u3068\u307e\u308f\u3059\u308c\u3066\u3042\u3052\u307e\u3057\u305f\u3061\u306f\u3044\u307e\u3059\u3051\u305f\u308a\u6697\u304f\u3089\u3044\u307e\u3057\u305f\u3002\u300c\u3082\u3046\u4e00\u3064\u30b8\u30e7\u30d0\u30f3\u30cb\u306f\u306b\u308f\u3068\u3053\u3092\u3082\u3063\u3066\u3044\u307e\u3057\u305f\u3002\u300c\u3088\u308d\u3053\u3073\u306b\u6765\u305f\u3002\u300c\u541b\u305f\u3061\u306f\u3082\u3046\u3064\u3063\u3066\u3044\u308b\u3001\u305d\u306e\u3059\u3050\u3046\u3057\u308d\u304b\u3089\u9ed2\u3044\u3064\u3082\u7a93\u307e\u3069\u306e\u5916\u3092\u306e\u3070\u3057\u3066\u3044\u306d\u3044\u306b\u5439\u3075\u3044\u3002","Country":null,"OrderItems":[{"id":"18","product_name":"\u5024\u5f15\u304d","price":-4836},{"id":"17","product_name":"\u624b\u6570\u6599","price":3723},{"id":"16","product_name":"\u9001\u6599","price":1000},{"id":"15","product_name":"\u539f\u306e\u306f\u3001\u307e\u3082\u306a\u3044\u3002\u5929\u4e0a\u3078\u3055\u3048\u64ad\u307e\u304b\u3002","price":50237},{"id":"14","product_name":"\u539f\u306e\u306f\u3001\u307e\u3082\u306a\u3044\u3002\u5929\u4e0a\u3078\u3055\u3048\u64ad\u307e\u304b\u3002","price":96243},{"id":"13","product_name":"\u539f\u306e\u306f\u3001\u307e\u3082\u306a\u3044\u3002\u5929\u4e0a\u3078\u3055\u3048\u64ad\u307e\u304b\u3002","price":18049}],"Shippings":[{"id":"3"}]},{"id":"2","pre_order_id":"1f1a4f4843335a92f45e9f56bb29b15b6c6e6c5a","name01":"\u4e2d\u6751","name02":"\u8061\u592a\u90ce","message":"\u306e\u74f6\u3073\u3093\u3092\u4e21\u624b\u308a\u3087\u3046\u3044\u305f\u306e\u3067\u3059\u3002\u307b\u3093\u3068\u3046\u306e\u795e\u304b\u307f\u3055\u307e\u3046\u306e\u3088\u3046\u304b\u3001\u305b\u308f\u3057\u304f\u3001\u9752\u3044\u3042\u308b\u306d\u3048\u300d\u300c\u3042\u3042\u305d\u306e\u6b63\u9762\u3057\u3087\u3055\u3044\u308f\u306d\u3048\u300d\u300c\u3046\u3093\u3001\u3044\u3088\u304f\u8a00\u3044\u3063\u3057\u3087\u3046\u3069\u304a\u3093\u3068\u3046\u3053\u3053\u304b\u306b\u308f\u304b\u3063\u305f\u306a\u3042\u3002\u805e\u304b\u306a\u91ce\u539f\u3078\u904a\u3042\u305d\u3089\u3092\u898b\u3066\u3044\u308b\u9593\u305d\u306e\u5c0f\u3055\u306a\u866b\u3082\u3044\u3064\u3064\u3093\u3060\u308d\u3046\u3002\u50d5\u307c\u304f\u3044\u4e18\u304a\u304b\u306e\u706b\u306e\u5411\u3080\u3053\u3046\u3070\u3044\u3051\u306a\u3044\u3002\u3044\u307e\u3069\u306e\u9060\u304f\u3078\u884c\u3063\u3066\u4e00\u3057\u3093\u3057\u3064\u306b\u304a\u3082\u3057\u308d\u306b\u5149\u3063\u3066\u3044\u308b\u3093\u3067\u3057\u305f\u3002\u307e\u305f\u5922\u3086\u3081\u306e\u524d\u306b\u3057\u306a\u304c\u3089\u3001\u3064\u304b\u308c\u305f\u3088\u300d\u30ab\u30e0\u30d1\u30cd\u30eb\u30e9\u304c\u5411\u3080\u3053\u3002","Country":null,"OrderItems":[{"id":"7","product_name":"\u539f\u306e\u306f\u3001\u307e\u3082\u306a\u3044\u3002\u5929\u4e0a\u3078\u3055\u3048\u64ad\u307e\u304b\u3002","price":18049},{"id":"12","product_name":"\u5024\u5f15\u304d","price":-3868},{"id":"11","product_name":"\u624b\u6570\u6599","price":4778},{"id":"10","product_name":"\u9001\u6599","price":0},{"id":"9","product_name":"\u539f\u306e\u306f\u3001\u307e\u3082\u306a\u3044\u3002\u5929\u4e0a\u3078\u3055\u3048\u64ad\u307e\u304b\u3002","price":50237},{"id":"8","product_name":"\u539f\u306e\u306f\u3001\u307e\u3082\u306a\u3044\u3002\u5929\u4e0a\u3078\u3055\u3048\u64ad\u307e\u304b\u3002","price":96243}],"Shippings":[{"id":"2"}]},{"id":"1","pre_order_id":"e290f18f709dfd3b54b36ae79a98b8f583fc353d","name01":"\u4e2d\u6751","name02":"\u8061\u592a\u90ce","message":"\u305f\u3088\u3046\u306b\u3082\u5b50\u4f9b\u3053\u3069\u3082\u305d\u308c\u304b\u304c\u305f\u3044\u3078\u3093\u91cd\u304a\u3082\u3057\u306a\u3059\u3059\u304d\u306e\u3044\u3070\u3089\u304f\u305f\u3063\u3066\u3084\u308a\u3042\u308a\u307e\u3057\u305f\u3002\u300c\u3042\u306e\u9ed2\u3044\u9580\u3082\u3093\u3067\u3057\u305f\u3002\u6c17\u304c\u3057\u3066\u3082\u3044\u306a\u3044\u3088\u3046\u306b\u3072\u3056\u3082\u3042\u308f\u3066\u3066\u3057\u305f\u3002\uff08\u30b6\u30cd\u30ea\u304c\u306d\u306e\u4e0a\u7740\u3046\u308f\u304e\u304c\u3042\u308b\u3068\u6559\u5ba4\u3092\u51fa\u3057\u3066\u53eb\u3055\u3051\u3073\u307e\u3057\u305f\u3089\u3044\u3089\u3063\u3057\u3083\u304c\u3042\u308a\u307e\u3057\u305f\u3002\u300c\u304a\u304b\u306e\u8349\u306e\u9732\u3064\u3086\u3092\u3064\u304b\u308c\u3066\u305a\u3001\u300c\u3053\u3053\u308d\u306b\u306a\u3063\u3066\u3057\u304b\u305f\u307e\u3063\u3066\u3002\u3044\u307e\u3057\u305f\u3093\u3092\u306f\u3044\u307e\u3057\u305f\u3002\u3088\u304f\u308f\u304b\u308a\u3057\u307e\u306f\u3001\u3082\u3046\u30b6\u30cd\u30ea\u306f\u3082\u3046\u5922\u3086\u3081\u3067\u3093\u3057\u3085\u306e\u4e21\u9762\u51f8\u308a\u3087\u3046\u3044\u308d\u306a\u3075\u3046\u3067\u4e8c\u3064\u3002","Country":null,"OrderItems":[{"id":"6","product_name":"\u5024\u5f15\u304d","price":-3868},{"id":"1","product_name":"\u539f\u306e\u306f\u3001\u307e\u3082\u306a\u3044\u3002\u5929\u4e0a\u3078\u3055\u3048\u64ad\u307e\u304b\u3002","price":18049},{"id":"2","product_name":"\u539f\u306e\u306f\u3001\u307e\u3082\u306a\u3044\u3002\u5929\u4e0a\u3078\u3055\u3048\u64ad\u307e\u304b\u3002","price":96243},{"id":"3","product_name":"\u539f\u306e\u306f\u3001\u307e\u3082\u306a\u3044\u3002\u5929\u4e0a\u3078\u3055\u3048\u64ad\u307e\u304b\u3002","price":50237},{"id":"4","product_name":"\u9001\u6599","price":0},{"id":"5","product_name":"\u624b\u6570\u6599","price":4778}],"Shippings":[{"id":"1"}]}],"customers":[{"name01":"\u4e2d\u6751","name02":"\u8061\u592a\u90ce","email":"1582778715.0085.kijima.youichi@example.net","point":77276},{"name01":"\u6d5c\u7530","name02":"\u5e79","email":"1582778715.2447.ryosuke.hamada@example.org","point":32911}]}}

# Implicit grant

# ブラウザにてアクセス
# http://127.0.0.1:8000/admin/authorize?response_type=token&client_id=ebd746e3a42714a63f2b247bf9b42506&client_secret=df6fd78665d464cc3af34d3aca6ae14d04322308064a17e4dfdb4a14626c683da4cebf5e58fce51bcdb9dad3b78316b42def0a5da9b103d0ab74e9eea02a15c1&scope=read&state=hogehoge
# ログイン
# 「許可」を押下
# リダイレクトされるのでaccess_tokenをメモ
# http://127.0.0.1:8000/#access_token=eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImp0aSI6ImM5OWNhMWYxZjQ1MDQ5YjU0OWVlOTU4NzIyZjcxNTg0MDFiMTk5MWE1YzY3ZGQ4Y2U1YTA4YzMxNmIyZmVmMDVjZWIxMmU0YmU1YmFlNTViIn0.eyJhdWQiOiJlYmQ3NDZlM2E0MjcxNGE2M2YyYjI0N2JmOWI0MjUwNiIsImp0aSI6ImM5OWNhMWYxZjQ1MDQ5YjU0OWVlOTU4NzIyZjcxNTg0MDFiMTk5MWE1YzY3ZGQ4Y2U1YTA4YzMxNmIyZmVmMDVjZWIxMmU0YmU1YmFlNTViIiwiaWF0IjoxNTgyNzc5ODM5LCJuYmYiOjE1ODI3Nzk4MzksImV4cCI6MTU4Mjc4MzQzOSwic3ViIjoiYWRtaW4iLCJzY29wZXMiOlsicmVhZCJdfQ.OApSTChdaKJ69wHK-Z9rqch0AyGUA7uSnqIujDMWzTUck0sxqsoTVMakluRXPV2WTbc9WeHhkLVhOvnMIQRXZBKIokCC1V-kMWk8q8MER_D2iZ-1fOVyrNR4bS_toZ5YGe7-_AmgrmN6QRL9tAxBbz8RhBwOt62MSi_-RN08gvvScmkY0x8SrhcqLyaHbSMQMGNlaOjRh6a8x3FULsRr93IPUxb6Z214cmb_Tq3dsP7TMFkOlndf2Gco9ivl72Jkqvot89O78GDsMPHaHkWBwkAUpxffu0EgPLIztL--uRZtt3OhM00N6Q8MtUoyc5xs1_ajcBdiujFfp6jljQeQFw&token_type=Bearer&expires_in=3600&state=hogehoge

curl --location --request POST 'http://127.0.0.1:8000/api' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--header 'Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImp0aSI6ImM5OWNhMWYxZjQ1MDQ5YjU0OWVlOTU4NzIyZjcxNTg0MDFiMTk5MWE1YzY3ZGQ4Y2U1YTA4YzMxNmIyZmVmMDVjZWIxMmU0YmU1YmFlNTViIn0.eyJhdWQiOiJlYmQ3NDZlM2E0MjcxNGE2M2YyYjI0N2JmOWI0MjUwNiIsImp0aSI6ImM5OWNhMWYxZjQ1MDQ5YjU0OWVlOTU4NzIyZjcxNTg0MDFiMTk5MWE1YzY3ZGQ4Y2U1YTA4YzMxNmIyZmVmMDVjZWIxMmU0YmU1YmFlNTViIiwiaWF0IjoxNTgyNzc5ODM5LCJuYmYiOjE1ODI3Nzk4MzksImV4cCI6MTU4Mjc4MzQzOSwic3ViIjoiYWRtaW4iLCJzY29wZXMiOlsicmVhZCJdfQ.OApSTChdaKJ69wHK-Z9rqch0AyGUA7uSnqIujDMWzTUck0sxqsoTVMakluRXPV2WTbc9WeHhkLVhOvnMIQRXZBKIokCC1V-kMWk8q8MER_D2iZ-1fOVyrNR4bS_toZ5YGe7-_AmgrmN6QRL9tAxBbz8RhBwOt62MSi_-RN08gvvScmkY0x8SrhcqLyaHbSMQMGNlaOjRh6a8x3FULsRr93IPUxb6Z214cmb_Tq3dsP7TMFkOlndf2Gco9ivl72Jkqvot89O78GDsMPHaHkWBwkAUpxffu0EgPLIztL--uRZtt3OhM00N6Q8MtUoyc5xs1_ajcBdiujFfp6jljQeQFw' \
--data-raw '{"query":"{\n  products {\n    id\n    name\n    ProductClasses {\n      id\n      code\n      price02\n      stock\n    }\n    Status {\n      id\n      name\n    }\n    Creator {\n      id\n    }\n    ProductTag {\n      id\n    }\n  }\n  orders {\n    id\n    pre_order_id\n    name01\n    name02\n    message\n    Country {\n      id\n    }\n    OrderItems {\n      id\n      product_name\n      price\n    }\n    Shippings {\n      id\n    }\n  }\n  customers {\n    name01\n    name02\n    email\n    point\n  }\n}\n","variables":{}}' | jq .

最後のコマンドの実行結果は以下

  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100  9075    0  8536  100   539  28974   1829 --:--:-- --:--:-- --:--:-- 29034
{
  "data": {
    "products": [
      {
        "id": "4",
        "name": "おとりください」ジョバンニは。",
        "ProductClasses": [
          {
            "id": "18",
            "code": "eum",
            "price02": 38407,
            "stock": 284
          },
          {
            "id": "19",
            "code": "possimus",
            "price02": 47771,
            "stock": 631
          },
          {
            "id": "17",
            "code": "est",
            "price02": 42262,
            "stock": 700
          },
          {
            "id": "16",
            "code": "tempora",
            "price02": 37411,
            "stock": 873
          }
        ],
        "Status": {
          "id": "1",
          "name": "公開"
        },
        "Creator": null,
        "ProductTag": []
      },
      {
        "id": "3",
        "name": "くくみも、誰だれともある。もと、もらった大きな活版所かんごはんぶんは、北の方。",
        "ProductClasses": [
          {
            "id": "15",
            "code": "cum",
            "price02": 1427,
            "stock": 344
          },
          {
            "id": "12",
            "code": "numquam",
            "price02": 72389,
            "stock": 461
          },
          {
            "id": "13",
            "code": "deleniti",
            "price02": 10001,
            "stock": 759
          },
          {
            "id": "14",
            "code": "accusamus",
            "price02": 32279,
            "stock": 861
          }
        ],
        "Status": {
          "id": "1",
          "name": "公開"
        },
        "Creator": null,
        "ProductTag": []
      },
      {
        "id": "1",
        "name": "彩のジェラートCUBE",
        "ProductClasses": [
          {
            "id": "6",
            "code": "cube-05",
            "price02": 49000,
            "stock": null
          },
          {
            "id": "9",
            "code": "cube-08",
            "price02": 13000,
            "stock": null
          },
          {
            "id": "2",
            "code": "cube-01",
            "price02": 110000,
            "stock": null
          },
          {
            "id": "4",
            "code": "cube-03",
            "price02": 74000,
            "stock": null
          },
          {
            "id": "1",
            "code": "cube-01",
            "price02": 110000,
            "stock": null
          },
          {
            "id": "10",
            "code": "cube-09",
            "price02": 5000,
            "stock": null
          },
          {
            "id": "7",
            "code": "cube-06",
            "price02": 34500,
            "stock": null
          },
          {
            "id": "5",
            "code": "cube-04",
            "price02": 93000,
            "stock": null
          },
          {
            "id": "8",
            "code": "cube-07",
            "price02": 18000,
            "stock": null
          },
          {
            "id": "3",
            "code": "cube-02",
            "price02": 93000,
            "stock": null
          }
        ],
        "Status": {
          "id": "1",
          "name": "公開"
        },
        "Creator": null,
        "ProductTag": []
      },
      {
        "id": "2",
        "name": "チェリーアイスサンド",
        "ProductClasses": [
          {
            "id": "11",
            "code": "sand-01",
            "price02": 2800,
            "stock": 100
          }
        ],
        "Status": {
          "id": "1",
          "name": "公開"
        },
        "Creator": null,
        "ProductTag": []
      }
    ],
    "orders": [
      {
        "id": "4",
        "pre_order_id": "3e519f007d819c5bfd47c5bd636f93941e83287e",
        "name01": "浜田",
        "name02": "洋介",
        "message": "製もくカムパネルラが少しおあがりました。全まったい草に投なげつけてしますけすると呼よび子はびっくり塩水しおみずが寄よってしまい、ここで天上へ行くときました三角標さんですければ見ると思って、サファイアモンド会社の前のレンランプではあれをもらはな、白鳥停車場ていたわ」「ああほんと両腕りょうど両手りょうあれ工兵大隊こうのような新しいのためいきを重かさんもどころの外を見ましたかった小さな銀河ぎんが、草を。",
        "Country": null,
        "OrderItems": [
          {
            "id": "19",
            "product_name": "おとりください」ジョバンニは。",
            "price": 37411
          },
          {
            "id": "20",
            "product_name": "おとりください」ジョバンニは。",
            "price": 42262
          },
          {
            "id": "21",
            "product_name": "おとりください」ジョバンニは。",
            "price": 38407
          },
          {
            "id": "24",
            "product_name": "値引き",
            "price": -6688
          },
          {
            "id": "22",
            "product_name": "送料",
            "price": 1000
          },
          {
            "id": "23",
            "product_name": "手数料",
            "price": 5940
          }
        ],
        "Shippings": [
          {
            "id": "4"
          }
        ]
      },
      {
        "id": "3",
        "pre_order_id": "02cb2d46d82df90c5acd8f0c85547592458d640e",
        "name01": "浜田",
        "name02": "洋介",
        "message": "そうに、おってわざわざと穫とれない天の川の水は、夜の軽便鉄道ぎんやり見えないですかしの柵さく折おっしょう」「ああわててしました。「お母さんあるとみえてきます。さぎな声がし、青く茂しげみの御前みませんろが青ざめと光っていました。そして、そこなんです。みんなあかり覚悟かくひょうものが、一枚の紙をジョバンニはもちが漕こいつかのシグナルの足もとうに見え、おこっちかくひっぱりぽくぽくそらを光らせなかいがん。",
        "Country": null,
        "OrderItems": [
          {
            "id": "15",
            "product_name": "おとりください」ジョバンニは。",
            "price": 38407
          },
          {
            "id": "18",
            "product_name": "値引き",
            "price": -6688
          },
          {
            "id": "17",
            "product_name": "手数料",
            "price": 5940
          },
          {
            "id": "16",
            "product_name": "送料",
            "price": 1000
          },
          {
            "id": "14",
            "product_name": "おとりください」ジョバンニは。",
            "price": 42262
          },
          {
            "id": "13",
            "product_name": "おとりください」ジョバンニは。",
            "price": 37411
          }
        ],
        "Shippings": [
          {
            "id": "3"
          }
        ]
      },
      {
        "id": "1",
        "pre_order_id": "1a243befa5ffa9f78adada885c40a667bbacefdf",
        "name01": "廣川",
        "name02": "",
        "message": "だまっていまでもいいました。ジョバンニがやいたから下へ白くなりましたり下った硝子ガラスよりは、次つぎの三角標さんやり言いっしです。つまれた、赤や緑みどりのボートをおろしきもちぎれの考えるように見入り乱みだを半分出しました。(ああ、こっちからあがりましたことなりましたら、どこかその一ところ帰って、おしの上着うわぎしてカムパネルラという証拠しょう掘ほり出され、ジョバンニが言いいましたが、立派りっぱり。",
        "Country": null,
        "OrderItems": [
          {
            "id": "6",
            "product_name": "値引き",
            "price": -4147
          },
          {
            "id": "1",
            "product_name": "くくみも、誰だれともある。もと、もらった大きな活版所かんごはんぶんは、北の方。",
            "price": 72389
          },
          {
            "id": "2",
            "product_name": "くくみも、誰だれともある。もと、もらった大きな活版所かんごはんぶんは、北の方。",
            "price": 10001
          },
          {
            "id": "3",
            "product_name": "くくみも、誰だれともある。もと、もらった大きな活版所かんごはんぶんは、北の方。",
            "price": 32279
          },
          {
            "id": "4",
            "product_name": "送料",
            "price": 0
          },
          {
            "id": "5",
            "product_name": "手数料",
            "price": 6384
          }
        ],
        "Shippings": [
          {
            "id": "1"
          }
        ]
      }
    ],
    "customers": [
      {
        "name01": "廣川",
        "name02": "",
        "email": "1582779611.653.ukiriyama@example.org",
        "point": 47443
      },
      {
        "name01": "浜田",
        "name02": "洋介",
        "email": "1582779611.7028.yuki.tanabe@example.net",
        "point": 89873
      }
    ]
  }
}

@kiy0taka kiy0taka changed the title [WIP] API: GraphQLとOAuth2.0の実装 API: GraphQLとOAuth2.0の実装 Feb 27, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
affected:外部仕様 外部仕様の変更や追加 enhancement 機能追加 experimental
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants