Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
클라이언트 권한 부여, 인증 시스템, OAuth-JWT
Search
Teddy
August 07, 2018
Programming
0
72
클라이언트 권한 부여, 인증 시스템, OAuth-JWT
Teddy
August 07, 2018
Tweet
Share
More Decks by Teddy
See All by Teddy
스타트업 개발자의 이야기 (국민대)
teddykims
1
70
개발자의 인공지능 뽀개기
teddykims
0
100
Git 기초
teddykims
0
56
2018.06, 싸이그래머 '심리상담과 IT'
teddykims
0
100
WebSocket, Socket.io
teddykims
1
32
2018.05, 소물, '소프트웨어와 미래 기술'
teddykims
0
71
소프트웨어와 미래 기술 (Software, Future Tech)
teddykims
0
160
리눅스 메모리 보호기법, 보안시스템의 이해
teddykims
0
190
무선 네트워크 해킹과 보안 (Network Hacking)
teddykims
0
170
Other Decks in Programming
See All in Programming
Azure OpenAI Serviceのプロンプトエンジニアリング入門
tomokusaba
3
870
AWS CDKコントリビュートTIPS / aws-cdk-contribution-tips
gotok365
4
380
サイコロで理解する統計的仮説検定の考え方
tatamiya
4
1k
冗長なエラーログを削減し、スタックトレースを手に入れる / Reducing Verbose Error Logs and Obtaining Stack Traces
upamune
0
1k
Polars入門
daikikatsuragawa
1
170
try! Swift Tokyo 初参加報告LT
hinakko2
0
230
What We Can Learn From OSS
inouehi
0
440
Sheets API使ってみた
toshi0383
2
160
FigmaとPHPで作る1ミリたりとも表示崩れしない最強の帳票印刷ソリューション
ttskch
43
19k
GitLab CI/CD で C#/WPFアプリケーションのテストとインストーラーのビルド・デプロイを自動化する
hacarus
0
280
CREってこういうこと? 体験入社 - 提案資料 - / what-is-cre-trial-employment
shinden
1
520
Scalable Customer Journey Orchestration (CJO)
lewuathe
0
420
Featured
See All Featured
GitHub's CSS Performance
jonrohan
1025
450k
What the flash - Photography Introduction
edds
64
11k
Typedesign – Prime Four
hannesfritz
36
2.1k
Building Your Own Lightsaber
phodgson
100
5.7k
Java REST API Framework Comparison - PWX 2021
mraible
PRO
18
6.9k
Large-scale JavaScript Application Architecture
addyosmani
504
110k
The Mythical Team-Month
searls
216
42k
Intergalactic Javascript Robots from Outer Space
tanoku
266
26k
A designer walks into a library…
pauljervisheath
201
23k
4 Signs Your Business is Dying
shpigford
176
21k
The Art of Programming - Codeland 2020
erikaheidi
43
12k
Scaling GitHub
holman
457
140k
Transcript
ۄ ӂೠ ࠗৈ ੋૐ/ੋо दझమ !1
ӝઓ Api ࠁউ? !2
दр হҊ ә೧ࢲ ݄ ݅ٞ !3
‘ળ’ ӏѺਵ۽ ٜ݅! !4
‘ળ’ <Api-Token> !5
“ೲо ߉ ࢎਊ݅ API ܳ ࢎਊೡ ࣻ .” !6
“Api ߑޙ ٘” !7
OAuth !8
{ "access_token": "J1qK1c18UUGJFAzz9xnH56584l4", “refresh_token”: "SDAS2328asdVASd1238asdA", "expires_in": 3600, "scope": "*", "token_type":
"bearer" } !9
ੋૐ, ੋоܳ ਤೠ Standard Protocol !10
“যڌѱ ೞݶ ൝যઉ ח Application ٜ ੋૐ ҙܻܳ ঔীࢲ औѱ
ೡ Ѫੋо” !11
“ਬо ಕझ࠘, ਤఠ э ৡۄੋ ࢲ࠺झ ӝמਸ ܲ জীࢲب ࢎਊೡ
ࣻ ѱ Ք !” !12
OAuth 1.0 (RFC 5849, 2007) OAuth 1.0 A OAuth 2.0
(RFC 6749, 2012) !13
OAuth 1.x ਊয ߸҃ ࢲߡ ೡ ܻ࠙ ੋૐ ର хࣗച
ঐഐച ߑध ߸҃ (٣ణ ࢲݺ -> HTTPS) নೠ ੋૐ ߑध ઁҕ ۨਕ ഋక۽ .. OAuth 2.x !14
!15
{ "access_token": "J1qK1c18UUGJFAzz9xnH56584l4", “refresh_token”: "SDAS2328asdVASd1238asdA", "expires_in": 3600, "scope": "*", "token_type":
"bearer" } ݽٚ షҗ ࠁܳ ؘఠ߬झী ೞৈ ഛੋ ਃೣ. !16
1. ࠂೞ 2. ޖѩ !17
Third-Party App / ࢲ࠺झী Ӕೞח ৻ࠗ জ ੋૐ ߂ ӂೠ
ҙܻী !18
JWT (JSON WEB TOKEN) !19
{ "access_token": "J1qK1c18UUGJFAzz9xnH56584l4", "expires_in": 3600, "token_type": "bearer" } !20
Claim ӝ߈ ష दझమ !21
Claim = ࢎਊী ೠ ࣘࢿ !22
Claim = ࢎਊী ೠ ࣘࢿ !23 { ‘id’: ‘teddy’, ‘group’:
‘admin’} eyDigJhpZOKAmTog4oCYdGVkZHnigJ ksIOKAmGdyb3Vw4oCZOiDigJhhZG1p buKAmX0=
!24
!25
ష о ࠁܳ оҊ ӝী, షਸ оҊ ࢲ࠺झա API Ӕਸ
ઁযೡ ٸ ߹ب ੋૐ ࢲߡ স ਃೞ ঋਵݴ, ష ܳ ࢲߡীࢲ ҙܻೡ ਃо হӝ ٸޙী ҳഅ ࢚ਵ۽ ױࣽ೧. !26
!27 < ੌ߈ OAuth > < JWT >
)VNBSU$PNQBOZ ӣక