Upgrade to Pro — share decks privately, control downloads, hide ads and more …

클라이언트 권한 부여, 인증 시스템, OAuth-JWT

Avatar for Teddy Teddy
August 07, 2018
Programming
0
110

클라이언트 권한 부여, 인증 시스템, OAuth-JWT

Avatar for Teddy

Teddy

August 07, 2018
Tweet

More Decks by Teddy

See All by Teddy
스타트업 개발자의 이야기 (국민대)
Avatar for Teddy teddykims
1
100
개발자의 인공지능 뽀개기
Avatar for Teddy teddykims
0
160
Git 기초
Avatar for Teddy teddykims
0
83
2018.06, 싸이그래머 '심리상담과 IT'
Avatar for Teddy teddykims
0
120
WebSocket, Socket.io
Avatar for Teddy teddykims
1
57
2018.05, 소물, '소프트웨어와 미래 기술'
Avatar for Teddy teddykims
0
82
소프트웨어와 미래 기술 (Software, Future Tech)
Avatar for Teddy teddykims
0
190
리눅스 메모리 보호기법, 보안시스템의 이해
Avatar for Teddy teddykims
0
240
무선 네트워크 해킹과 보안 (Network Hacking)
Avatar for Teddy teddykims
0
220

Other Decks in Programming

See All in Programming
Python札幌 LT資料
Avatar for t3tra t3tra
7
1.1k
AIエージェント、”どう作るか”で差は出るか? / AI Agents: Does the "How" Make a Difference?
Avatar for r-kagaya rkaga
3
1.7k
Giselleで作るAI QAアシスタント 〜 Pull Requestレビューに継続的QAを
Avatar for Tadashi Shigeoka codenote
0
340
AIで開発はどれくらい加速したのか?AIエージェントによるコード生成を、現場の評価と研究開発の評価の両面からdeep diveしてみる
Avatar for どすこい daisuketakeda
1
780
CSC307 Lecture 03
Avatar for Javier Gonzalez-Sanchez javiergs
PRO
1
480
AI Agent の開発と運用を支える Durable Execution #AgentsInProd
Avatar for izumin5210 izumin5210
7
2k
それ、本当に安全? ファイルアップロードで見落としがちなセキュリティリスクと対策
Avatar for ikechi penpeen
7
2.2k
大規模Cloud Native環境におけるFalcoの運用
Avatar for Chihiro Hasegawa owlinux1000
0
250
AI Agent Tool のためのバックエンドアーキテクチャを考える #encraft
Avatar for izumin5210 izumin5210
6
1.7k
CSC307 Lecture 05
Avatar for Javier Gonzalez-Sanchez javiergs
PRO
0
470
Basic Architectures
Avatar for Denys Poltorak denyspoltorak
0
310
Denoのセキュリティに関する仕組みの紹介 (toranoana.deno #23)
Avatar for uki00a uki00a
0
240

Featured

See All Featured
StorybookのUI Testing Handbookを読んだ
Avatar for Shingo Yamazaki zakiyama
31
6.5k
ピンチをチャンスに:未来をつくるプロダクトロードマップ #pmconf2020
Avatar for Aki / @LoveIdahoBurger aki_iinuma
128
55k
The Art of Programming - Codeland 2020
Avatar for Erika Heidi erikaheidi
57
14k
How to audit for AI Accessibility on your Front & Back End
Avatar for davetheseo davetheseo
0
140
Performance Is Good for Brains [We Love Speed 2024]
Avatar for Tammy Everts tammyeverts
12
1.4k
Exploring the Power of Turbo Streams & Action Cable | RailsConf2023
Avatar for Kevin Liebholz kevinliebholz
37
6.2k
Exploring the relationship between traditional SERPs and Gen AI search
Avatar for Ray Grieselhuber raygrieselhuber
PRO
2
3.5k
16th Malabo Montpellier Forum Presentation
Avatar for AKADEMIYA2063 akademiya2063
PRO
0
40
How To Stay Up To Date on Web Technology
Avatar for Chris Coyier chriscoyier
791
250k
XXLCSS - How to scale CSS and keep your sanity
Avatar for Zaharenia Atzitzikaki sugarenia
249
1.3M
Google's AI Overviews - The New Search
Avatar for Barry Adams badams
0
890
Helping Users Find Their Own Way: Creating Modern Search Experiences
Avatar for Dan Newman danielanewman
31
3.1k

Transcript

  1. ௿ۄ੉঱౟ ӂೠ ࠗৈ ੋૐ/ੋо दझమ !1

  2. ӝઓ੄ Api ࠁউ਷? !2

  3. दр হҊ ә೧ࢲ ݄ ݅ٞ !3

  4. ‘಴ળ’ ӏѺਵ۽ ٜ݅੗! !4

  5. ‘಴ળ’ <Api-Token> !5

  6. “ೲо ߉਷ ࢎਊ੗݅ API ܳ ࢎਊೡ ࣻ ੓׮.” !6

  7. “Api ߑޙ ஠٘” !7

  8. OAuth !8

  9. { "access_token": "J1qK1c18UUGJFAzz9xnH56584l4", “refresh_token”: "SDAS2328asdVASd1238asdA", "expires_in": 3600, "scope": "*", "token_type":

    "bearer" } !9

  10. ੋૐ, ੋоܳ ਤೠ Standard Protocol !10

  11. “যڌѱ ೞݶ ൝যઉ ੓ח Application ٜ੄ ੋૐ ҙܻܳ ઺ঔীࢲ औѱ

    ೡ Ѫੋо” !11

  12. “ਬ੷о ಕ੉झ࠘, ౟ਤఠ э਷ ৡۄੋ ࢲ࠺झ੄ ӝמਸ ׮ܲ জীࢲب ࢎਊೡ

    ࣻ ੓ѱ Ք !” !12

  13. OAuth 1.0 (RFC 5849, 2007) OAuth 1.0 A OAuth 2.0

    (RFC 6749, 2012) !13

  14. OAuth 1.x ਊয ߸҃ ࢲߡ ৉ೡ ܻ࠙ ੋૐ ੺ର хࣗച

    ঐഐച ߑध ߸҃ (٣૑ణ ࢲݺ -> HTTPS) ׮নೠ ੋૐ ߑध ઁҕ ੼੼ ೐ۨ੐ਕ௼ ഋక۽ .. OAuth 2.x !14

  15. !15

  16. { "access_token": "J1qK1c18UUGJFAzz9xnH56584l4", “refresh_token”: "SDAS2328asdVASd1238asdA", "expires_in": 3600, "scope": "*", "token_type":

    "bearer" } ݽٚ ష௾җ ੿ࠁܳ ؘ੉ఠ߬੉झী ੷੢ೞৈ ഛੋ੉ ೙ਃೣ. !16

  17. 1. ࠂ੟ೞ׮ 2. ޖѩ׮ !17

  18. Third-Party App / ࢲ࠺झী ੽Ӕೞח ৻ࠗ জ੄ ੋૐ ߂ ӂೠ

    ҙܻী ੸೤ !18

  19. JWT (JSON WEB TOKEN) !19

  20. { "access_token": "J1qK1c18UUGJFAzz9xnH56584l4", "expires_in": 3600, "token_type": "bearer" } !20

  21. Claim ӝ߈੄ ష௾ दझమ !21

  22. Claim = ࢎਊ੗ী ؀ೠ ࣘࢿ !22

  23. Claim = ࢎਊ੗ী ؀ೠ ࣘࢿ !23 { ‘id’: ‘teddy’, ‘group’:

    ‘admin’} eyDigJhpZOKAmTog4oCYdGVkZHnigJ ksIOKAmGdyb3Vw4oCZOiDigJhhZG1p buKAmX0=

  24. !24

  25. !25

  26. ష௾ ੗୓о ੿ࠁܳ о૑Ҋ ੓ӝী, ష௾ਸ о૑Ҋ ࢲ࠺झա API ੽Ӕਸ

    ઁযೡ ٸ ߹ب੄ ੋૐ ࢲߡ ੘স੉ ೙ਃೞ૑ ঋਵݴ, ష௾ ੗୓ܳ ࢲߡীࢲ ҙܻೡ ೙ਃо হӝ ٸޙী ҳഅ੉ ࢚؀੸ਵ۽ ױࣽ೧૓׮. !26

  27. !27 < ੌ߈ OAuth > < JWT >

  28. )VNBSU$PNQBOZ ӣక਌