Upgrade to Pro — share decks privately, control downloads, hide ads and more …

클라이언트 권한 부여, 인증 시스템, OAuth-JWT

Avatar for Teddy Teddy
August 07, 2018
Programming
0
110

클라이언트 권한 부여, 인증 시스템, OAuth-JWT

Avatar for Teddy

Teddy

August 07, 2018
Tweet

More Decks by Teddy

See All by Teddy
스타트업 개발자의 이야기 (국민대)
Avatar for Teddy teddykims
1
100
개발자의 인공지능 뽀개기
Avatar for Teddy teddykims
0
160
Git 기초
Avatar for Teddy teddykims
0
83
2018.06, 싸이그래머 '심리상담과 IT'
Avatar for Teddy teddykims
0
120
WebSocket, Socket.io
Avatar for Teddy teddykims
1
57
2018.05, 소물, '소프트웨어와 미래 기술'
Avatar for Teddy teddykims
0
82
소프트웨어와 미래 기술 (Software, Future Tech)
Avatar for Teddy teddykims
0
190
리눅스 메모리 보호기법, 보안시스템의 이해
Avatar for Teddy teddykims
0
240
무선 네트워크 해킹과 보안 (Network Hacking)
Avatar for Teddy teddykims
0
220

Other Decks in Programming

See All in Programming
MDN Web Docs に日本語翻訳でコントリビュート
Avatar for uutan1108 ohmori_yusuke
0
660
AI によるインシデント初動調査の自動化を行う AI インシデントコマンダーを作った話
Avatar for azukiazusa azukiazusa1
1
750
Rust 製のコードエディタ “Zed” を使ってみた
Avatar for NearMeの技術発表資料です nearme_tech
PRO
0
210
FOSDEM 2026: STUNMESH-go: Building P2P WireGuard Mesh Without Self-Hosted Infrastructure
Avatar for Date Huang tjjh89017
0
180
AIエージェント、”どう作るか”で差は出るか? / AI Agents: Does the "How" Make a Difference?
Avatar for r-kagaya rkaga
4
2k
なるべく楽してバックエンドに型をつけたい!(楽とは言ってない)
Avatar for HIBIKI CUBE hibiki_cube
0
140
生成AIを使ったコードレビューで定性的に品質カバー
Avatar for Chiaki Okamoto chiilog
1
280
AgentCoreとHuman in the Loop
Avatar for Har1101 har1101
5
250
Automatic Grammar Agreementと Markdown Extended Attributes
について
Avatar for Kishikawa Katsumi kishikawakatsumi
0
200
AI時代の認知負荷との向き合い方
Avatar for OptFit Corp. optfit
0
170
【卒業研究】会話ログ分析によるユーザーごとの関心に応じた話題提案手法
Avatar for MomokoShirakawa momok47
0
200
OCaml 5でモダンな並列プログラミングを Enjoyしよう!
Avatar for Haochen Kotoi-Xie haochenx
0
150

Featured

See All Featured
Six Lessons from altMBA
Avatar for Skipper Chong Warson skipperchong
29
4.2k
Winning Ecommerce Organic Search in an AI Era - #searchnstuff2025
Avatar for Aleyda Solis aleyda
1
1.9k
Templates, Plugins, & Blocks: Oh My! Creating the theme that thinks of everything
Avatar for Michelle Schulp Hunt marktimemedia
31
2.7k
Bridging the Design Gap: How Collaborative Modelling removes blockers to flow between stakeholders and teams @FastFlow conf
Avatar for Kenny Baas-Schwegler baasie
0
450
Test your architecture with Archunit
Avatar for Yoan thirion
1
2.2k
State of Search Keynote: SEO is Dead Long Live SEO
Avatar for Ryan Jones ryanjones
0
120
The SEO Collaboration Effect
Avatar for Kristina Bergwall kristinabergwall1
0
360
Why Your Marketing Sucks and What You Can Do About It - Sophie Logan
Avatar for Sophie Logan marketingsoph
0
77
Why Mistakes Are the Best Teachers: Turning Failure into a Pathway for Growth
Avatar for Umar Saidu Auna auna
0
55
GraphQLの誤解/rethinking-graphql
Avatar for sonatard sonatard
74
11k
Heart Work Chapter 1 - Part 1
Avatar for Lake Fama lfama
PRO
5
35k
ピンチをチャンスに:未来をつくるプロダクトロードマップ #pmconf2020
Avatar for Aki / @LoveIdahoBurger aki_iinuma
128
55k

Transcript

  1. ௿ۄ੉঱౟ ӂೠ ࠗৈ ੋૐ/ੋо दझమ !1

  2. ӝઓ੄ Api ࠁউ਷? !2

  3. दр হҊ ә೧ࢲ ݄ ݅ٞ !3

  4. ‘಴ળ’ ӏѺਵ۽ ٜ݅੗! !4

  5. ‘಴ળ’ <Api-Token> !5

  6. “ೲо ߉਷ ࢎਊ੗݅ API ܳ ࢎਊೡ ࣻ ੓׮.” !6

  7. “Api ߑޙ ஠٘” !7

  8. OAuth !8

  9. { "access_token": "J1qK1c18UUGJFAzz9xnH56584l4", “refresh_token”: "SDAS2328asdVASd1238asdA", "expires_in": 3600, "scope": "*", "token_type":

    "bearer" } !9

  10. ੋૐ, ੋоܳ ਤೠ Standard Protocol !10

  11. “যڌѱ ೞݶ ൝যઉ ੓ח Application ٜ੄ ੋૐ ҙܻܳ ઺ঔীࢲ औѱ

    ೡ Ѫੋо” !11

  12. “ਬ੷о ಕ੉झ࠘, ౟ਤఠ э਷ ৡۄੋ ࢲ࠺झ੄ ӝמਸ ׮ܲ জীࢲب ࢎਊೡ

    ࣻ ੓ѱ Ք !” !12

  13. OAuth 1.0 (RFC 5849, 2007) OAuth 1.0 A OAuth 2.0

    (RFC 6749, 2012) !13

  14. OAuth 1.x ਊয ߸҃ ࢲߡ ৉ೡ ܻ࠙ ੋૐ ੺ର хࣗച

    ঐഐച ߑध ߸҃ (٣૑ణ ࢲݺ -> HTTPS) ׮নೠ ੋૐ ߑध ઁҕ ੼੼ ೐ۨ੐ਕ௼ ഋక۽ .. OAuth 2.x !14

  15. !15

  16. { "access_token": "J1qK1c18UUGJFAzz9xnH56584l4", “refresh_token”: "SDAS2328asdVASd1238asdA", "expires_in": 3600, "scope": "*", "token_type":

    "bearer" } ݽٚ ష௾җ ੿ࠁܳ ؘ੉ఠ߬੉झী ੷੢ೞৈ ഛੋ੉ ೙ਃೣ. !16

  17. 1. ࠂ੟ೞ׮ 2. ޖѩ׮ !17

  18. Third-Party App / ࢲ࠺झী ੽Ӕೞח ৻ࠗ জ੄ ੋૐ ߂ ӂೠ

    ҙܻী ੸೤ !18

  19. JWT (JSON WEB TOKEN) !19

  20. { "access_token": "J1qK1c18UUGJFAzz9xnH56584l4", "expires_in": 3600, "token_type": "bearer" } !20

  21. Claim ӝ߈੄ ష௾ दझమ !21

  22. Claim = ࢎਊ੗ী ؀ೠ ࣘࢿ !22

  23. Claim = ࢎਊ੗ী ؀ೠ ࣘࢿ !23 { ‘id’: ‘teddy’, ‘group’:

    ‘admin’} eyDigJhpZOKAmTog4oCYdGVkZHnigJ ksIOKAmGdyb3Vw4oCZOiDigJhhZG1p buKAmX0=

  24. !24

  25. !25

  26. ష௾ ੗୓о ੿ࠁܳ о૑Ҋ ੓ӝী, ష௾ਸ о૑Ҋ ࢲ࠺झա API ੽Ӕਸ

    ઁযೡ ٸ ߹ب੄ ੋૐ ࢲߡ ੘স੉ ೙ਃೞ૑ ঋਵݴ, ష௾ ੗୓ܳ ࢲߡীࢲ ҙܻೡ ೙ਃо হӝ ٸޙী ҳഅ੉ ࢚؀੸ਵ۽ ױࣽ೧૓׮. !26

  27. !27 < ੌ߈ OAuth > < JWT >

  28. )VNBSU$PNQBOZ ӣక਌