Ç¥ÁØÈ­ Âü¿©¾È³»

TTAÀÇ Ç¥ÁØÇöȲ

Ȩ > Ç¥ÁØÈ­ °³¿ä > TTAÀÇ Ç¥ÁØÇöȲ

Ç¥ÁعøÈ£ TTAE.IF-RFC7523 ±¸Ç¥ÁعøÈ£
Á¦°³Á¤ÀÏ 2018-12-19 ÃÑÆäÀÌÁö 20
ÇѱÛÇ¥ÁØ¸í °ø°³ÀÎÁõ 2.0 Ŭ¶óÀ̾ðÆ® ÀÎÁõ ¹× Àΰ¡ ½ÂÀÎÀ» À§ÇÑ JSON À¥ ÅäÅ«(JWT) ÇÁ·ÎÆÄÀÏ
¿µ¹®Ç¥Áظí JSON Web Token (JWT) Profile for OAuth 2.0 Client Authentication and Authorization Grants
Çѱ۳»¿ë¿ä¾à ÀÌ Ç¥ÁØÀº JWT º£¾î·¯ ÁÖÀåÀ» »ç¿ëÇÏ¿© °ø°³ÀÎÁõ(OAuth) 2.0 ¾×¼¼½º ÅäÅ«À» ¿äûÇÏ°í Ŭ¶óÀ̾ðÆ® Å©¸®µ§¼È·Î »ç¿ëÇÏ´Â È®Àå ½ÂÀΠŸÀÔÀ» Á¤ÀÇÇϱâ À§ÇØ °ø°³ÀÎÁõ ÁÖÀå ÇÁ·¹ÀÓ¿öÅ©[RFC751]¸¦ ±¸Ã¼È­ÇÑ´Ù.
º» Ç¥ÁØÀº »ç¿ëÀÚ°¡ Àΰ¡ ¼­¹ö¿¡°Ô Á÷Á¢ÀûÀÎ ½ÂÀÎ ´Ü°è ¾øÀÌ, Ŭ¶óÀ̾ðÆ®°¡ JWT·Î ±âÁ¸ÀÇ ½Å·Ú °ü°è¸¦ È°¿ëÇÏ°íÀÚ ÇÒ ¶§ JWT¸¦ »ç¿ëÇÏ¿© ¾×¼¼½º ÅäÅ«À» ¿äûÇÏ´Â ¹æ¹ýÀ» Á¤ÀÇÇÑ´Ù. ¶ÇÇÑ JWT¸¦ Ŭ¶óÀ̾ðÆ® ÀÎÁõ ¸ÞÄ¿´ÏÁòÀ¸·Î »ç¿ëÇÏ´Â ¹æ¹ýÀ» Á¤ÀÇÇÑ´Ù.
¿µ¹®³»¿ë¿ä¾à The standard profiles the OAuth Assertion Framework [RFC7521] to define an extension grant type that uses a JWT Bearer Token to request an OAuth 2.0 access token as well as for use as client credentials.
The standard defines how a JWT Bearer Token can be used to request an access token when a client wishes to utilize an existing trust relationship, expressed through the semantics of the JWT, without a direct user-approval step at the authorization server. It also defines how a JWT can be used as a client authentication mechanism.
±¹Á¦Ç¥ÁØ
°ü·ÃÆÄÀÏ TTAE.IF-RFC7523.pdf TTAE.IF-RFC7523.pdf            

ÀÌÀü
¿þÀÌºí·¿ º¯È¯ ±â¹Ý ¼ûÀº ºñµ¿±â ºü¸¥ ¸µÅ©(WHA-QL) ¾ÆÅ°ÅØó
´ÙÀ½
±¤ Ä«¸Þ¶ó Åë½Å ¹°¸® °èÃþ ¸ðµå¸¦ À§ÇÑ ¼ÒÇÁÆ®¿þ¾î Á¤ÀÇ ±¸¼º ¹æ¹ý