Upgrade to Pro — share decks privately, control downloads, hide ads and more …

클라이언트 권한 부여, 인증 시스템, OAuth-JWT

Sponsored · SiteGround - Reliable hosting with speed, security, and support you can count on.
Avatar for Teddy Teddy
August 07, 2018
Programming
0
110

클라이언트 권한 부여, 인증 시스템, OAuth-JWT

Avatar for Teddy

Teddy

August 07, 2018
Tweet

More Decks by Teddy

See All by Teddy
스타트업 개발자의 이야기 (국민대)
Avatar for Teddy teddykims
1
100
개발자의 인공지능 뽀개기
Avatar for Teddy teddykims
0
160
Git 기초
Avatar for Teddy teddykims
0
83
2018.06, 싸이그래머 '심리상담과 IT'
Avatar for Teddy teddykims
0
120
WebSocket, Socket.io
Avatar for Teddy teddykims
1
57
2018.05, 소물, '소프트웨어와 미래 기술'
Avatar for Teddy teddykims
0
82
소프트웨어와 미래 기술 (Software, Future Tech)
Avatar for Teddy teddykims
0
190
리눅스 메모리 보호기법, 보안시스템의 이해
Avatar for Teddy teddykims
0
240
무선 네트워크 해킹과 보안 (Network Hacking)
Avatar for Teddy teddykims
0
220

Other Decks in Programming

See All in Programming
ぼくの開発環境2026
Avatar for yuzneri yuzneri
0
250
Gemini for developers
Avatar for Mete Atamel meteatamel
0
100
React Native × React Router v7 API通信の共通化で考えるべきこと
Avatar for Suguru Ohki suguruooki
0
100
MUSUBIXとは
Avatar for Hisaho nahisaho
0
140
CSC307 Lecture 02
Avatar for Javier Gonzalez-Sanchez javiergs
PRO
1
780
AI巻き込み型コードレビューのススメ
Avatar for Nealle nealle
2
1.4k
CSC307 Lecture 05
Avatar for Javier Gonzalez-Sanchez javiergs
PRO
0
500
AIによる高速開発をどう制御するか? ガードレール設置で開発速度と品質を両立させたチームの事例
Avatar for tonkotsuboy_com tonkotsuboy_com
7
2.4k
15年続くIoTサービスの SREエンジニアが挑む 分散トレーシング導入
Avatar for Melonps melonps
2
230
コマンドとリード間の連携に対する脅威分析フレームワーク
Avatar for Aja9tochin pandayumi
1
470
並行開発のためのコードレビュー
Avatar for Miyuki miyukiw
0
1.2k
Vibe Coding - AI 驅動的軟體開發
Avatar for Micky Li mickyp100
0
180

Featured

See All Featured
Digital Ethics as a Driver of Design Innovation
Avatar for Per Axbom axbom
PRO
1
190
[RailsConf 2023] Rails as a piece of cake
Avatar for Vladimir Dementyev palkan
59
6.3k
GraphQLの誤解/rethinking-graphql
Avatar for sonatard sonatard
74
11k
How to make the Groovebox
Avatar for あそなす asonas
2
1.9k
Navigating Weather and Climate Data
Avatar for Ryan Abernathey rabernat
0
110
Exploring anti-patterns in Rails
Avatar for Elle Meredith aemeredith
2
250
Ethics towards AI in product and experience design
Avatar for Skipper Chong Warson skipperchong
2
200
Reflections from 52 weeks, 52 projects
Avatar for Jefferson Lam jeffersonlam
356
21k
Making the Leap to Tech Lead
Avatar for Ryan Cromwell cromwellryan
135
9.7k
Agile Actions for Facilitating Distributed Teams - ADO2019
Avatar for Mark Kilby mkilby
0
120
Fight the Zombie Pattern Library - RWD Summit 2016
Avatar for Marcelo Somers marcelosomers
234
17k
The AI Search Optimization Roadmap by Aleyda Solis
Avatar for Aleyda Solis aleyda
1
5.2k

Transcript

  1. ௿ۄ੉঱౟ ӂೠ ࠗৈ ੋૐ/ੋо दझమ !1

  2. ӝઓ੄ Api ࠁউ਷? !2

  3. दр হҊ ә೧ࢲ ݄ ݅ٞ !3

  4. ‘಴ળ’ ӏѺਵ۽ ٜ݅੗! !4

  5. ‘಴ળ’ <Api-Token> !5

  6. “ೲо ߉਷ ࢎਊ੗݅ API ܳ ࢎਊೡ ࣻ ੓׮.” !6

  7. “Api ߑޙ ஠٘” !7

  8. OAuth !8

  9. { "access_token": "J1qK1c18UUGJFAzz9xnH56584l4", “refresh_token”: "SDAS2328asdVASd1238asdA", "expires_in": 3600, "scope": "*", "token_type":

    "bearer" } !9

  10. ੋૐ, ੋоܳ ਤೠ Standard Protocol !10

  11. “যڌѱ ೞݶ ൝যઉ ੓ח Application ٜ੄ ੋૐ ҙܻܳ ઺ঔীࢲ औѱ

    ೡ Ѫੋо” !11

  12. “ਬ੷о ಕ੉झ࠘, ౟ਤఠ э਷ ৡۄੋ ࢲ࠺झ੄ ӝמਸ ׮ܲ জীࢲب ࢎਊೡ

    ࣻ ੓ѱ Ք !” !12

  13. OAuth 1.0 (RFC 5849, 2007) OAuth 1.0 A OAuth 2.0

    (RFC 6749, 2012) !13

  14. OAuth 1.x ਊয ߸҃ ࢲߡ ৉ೡ ܻ࠙ ੋૐ ੺ର хࣗച

    ঐഐച ߑध ߸҃ (٣૑ణ ࢲݺ -> HTTPS) ׮নೠ ੋૐ ߑध ઁҕ ੼੼ ೐ۨ੐ਕ௼ ഋక۽ .. OAuth 2.x !14

  15. !15

  16. { "access_token": "J1qK1c18UUGJFAzz9xnH56584l4", “refresh_token”: "SDAS2328asdVASd1238asdA", "expires_in": 3600, "scope": "*", "token_type":

    "bearer" } ݽٚ ష௾җ ੿ࠁܳ ؘ੉ఠ߬੉झী ੷੢ೞৈ ഛੋ੉ ೙ਃೣ. !16

  17. 1. ࠂ੟ೞ׮ 2. ޖѩ׮ !17

  18. Third-Party App / ࢲ࠺झী ੽Ӕೞח ৻ࠗ জ੄ ੋૐ ߂ ӂೠ

    ҙܻী ੸೤ !18

  19. JWT (JSON WEB TOKEN) !19

  20. { "access_token": "J1qK1c18UUGJFAzz9xnH56584l4", "expires_in": 3600, "token_type": "bearer" } !20

  21. Claim ӝ߈੄ ష௾ दझమ !21

  22. Claim = ࢎਊ੗ী ؀ೠ ࣘࢿ !22

  23. Claim = ࢎਊ੗ী ؀ೠ ࣘࢿ !23 { ‘id’: ‘teddy’, ‘group’:

    ‘admin’} eyDigJhpZOKAmTog4oCYdGVkZHnigJ ksIOKAmGdyb3Vw4oCZOiDigJhhZG1p buKAmX0=

  24. !24

  25. !25

  26. ష௾ ੗୓о ੿ࠁܳ о૑Ҋ ੓ӝী, ష௾ਸ о૑Ҋ ࢲ࠺झա API ੽Ӕਸ

    ઁযೡ ٸ ߹ب੄ ੋૐ ࢲߡ ੘স੉ ೙ਃೞ૑ ঋਵݴ, ష௾ ੗୓ܳ ࢲߡীࢲ ҙܻೡ ೙ਃо হӝ ٸޙী ҳഅ੉ ࢚؀੸ਵ۽ ױࣽ೧૓׮. !26

  27. !27 < ੌ߈ OAuth > < JWT >

  28. )VNBSU$PNQBOZ ӣక਌