개요
- 1. 흐름 및 특징
- 애플리케이션이 사용자 이름과 암호를 액세스 토큰으로 교환할 때 사용된다.
- 타사 어플리케이션이 이 권한을 사용하도록 허용해서는 안되고 고도의 신뢰할 자사 어플리케이션에서만 사용해야 한다. (어플리케이션이 사용자의 ID, PW를 알수있기 때문에 신뢰할수 있는 어플리케이션에 사용해야함)
- ID, PW를 어플리케이션이 인가서버로 보내야 하기 때문에 Back Channel 에서 사용해야한다.
- 2. 권한 부여 승인 요청 시 매개변수
- grant_type=password (필수)
- username (필수)
- password (필수)
- client_id (필수)
- client_secret (필수)
- scope (선택사항)
흐름
실습
기본세팅 : https://hwanguu.tistory.com/71
Oauth2 Keycloak Docker compose, 기본세팅
version: '3.9'services: postgres: image: postgres:latest container_name: postgres restart: always environment: POSTGRES_USER: keycloak POSTGRES_PASSWORD: keycloak POSTGRES_DB: keycloak ports: - "5432:5432" keycloak: image: quay.io/keycloak/keycloak:19.0.1
hwanguu.tistory.com
1. 인증 서버 API 호출
2. return 값 확인
{
"access_token": "eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJqOXYyeTNJN0RzTy02aFhqanFGUi1YSURWd2RvWUwyemRfVjN3c05EREFZIn0.eyJleHAiOjE3MzY2ODg2MTYsImlhdCI6MTczNjY4ODMxNiwianRpIjoiODI3YjlkMzMtOGU2YS00YTlkLTk2ZGItZjAwMDY2M2U0YTE2IiwiaXNzIjoiaHR0cDovL2xvY2FsaG9zdDo4MDgwL3JlYWxtcy9vYXV0aDIiLCJhdWQiOiJhY2NvdW50Iiwic3ViIjoiYjdiZjc5OTgtNWM5OC00ODZiLTk3YmItYjgzMDM3NDBkZGI3IiwidHlwIjoiQmVhcmVyIiwiYXpwIjoib2F1dGgyLWNsaWVudC1hcHAiLCJzZXNzaW9uX3N0YXRlIjoiZjllOWJiNDgtZDQwMy00NzMyLWJhN2ItNzc0MjEyMWRkMzMzIiwiYWNyIjoiMSIsInJlYWxtX2FjY2VzcyI6eyJyb2xlcyI6WyJvZmZsaW5lX2FjY2VzcyIsInVtYV9hdXRob3JpemF0aW9uIiwiZGVmYXVsdC1yb2xlcy1vYXV0aDIiXX0sInJlc291cmNlX2FjY2VzcyI6eyJhY2NvdW50Ijp7InJvbGVzIjpbIm1hbmFnZS1hY2NvdW50IiwibWFuYWdlLWFjY291bnQtbGlua3MiLCJ2aWV3LXByb2ZpbGUiXX19LCJzY29wZSI6ImVtYWlsIHByb2ZpbGUiLCJzaWQiOiJmOWU5YmI0OC1kNDAzLTQ3MzItYmE3Yi03NzQyMTIxZGQzMzMiLCJlbWFpbF92ZXJpZmllZCI6ZmFsc2UsIm5hbWUiOiJjaG9pIHNlaHdhbiIsInByZWZlcnJlZF91c2VybmFtZSI6InVzZXIiLCJnaXZlbl9uYW1lIjoiY2hvaSIsImZhbWlseV9uYW1lIjoic2Vod2FuIiwiZW1haWwiOiJ1c2VyQG5hdmVyLmNvbSJ9.dKXHs3hNUPR_JgX4XYTEde3MHdjht8A4D3StlKLUGvNq_embsGFKBaT2YhT16I5m5qmR4-FZadAbsNP1RETu-g27mZrdOHRyrHs5JPlomikwlLADLTUv10M2miluWmEQbTne3ReYdSPKmeU6d450PXC7cY5-6SwV794sIkG90m6i7V1wFucVdm8YEyOl2PRDlNgfqBIw50UcDgEtlg9jOfhs5SRmAtOeIfmYmFKXYoyfN1M-TiCm-Vm_6XP38uVdjQmDRPNj_x6osc0fv88gHOtdoXYzub4JD57xzIQ1Mlp-ftP8ut8QUYULh5oBjbKjxGz7cyTKo75ShTh8liDh8g",
"expires_in": 300,
"refresh_expires_in": 1800,
"refresh_token": "eyJhbGciOiJIUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICI4NWNmMTZkNS04OWY1LTQxY2EtOWQ4ZS1hMjZiODFiMGVmNjgifQ.eyJleHAiOjE3MzY2OTAxMTYsImlhdCI6MTczNjY4ODMxNiwianRpIjoiN2VlNzgxN2EtOTk5Ny00ZDNhLWJkYTEtZDVmZTcxYzBlMjRlIiwiaXNzIjoiaHR0cDovL2xvY2FsaG9zdDo4MDgwL3JlYWxtcy9vYXV0aDIiLCJhdWQiOiJodHRwOi8vbG9jYWxob3N0OjgwODAvcmVhbG1zL29hdXRoMiIsInN1YiI6ImI3YmY3OTk4LTVjOTgtNDg2Yi05N2JiLWI4MzAzNzQwZGRiNyIsInR5cCI6IlJlZnJlc2giLCJhenAiOiJvYXV0aDItY2xpZW50LWFwcCIsInNlc3Npb25fc3RhdGUiOiJmOWU5YmI0OC1kNDAzLTQ3MzItYmE3Yi03NzQyMTIxZGQzMzMiLCJzY29wZSI6ImVtYWlsIHByb2ZpbGUiLCJzaWQiOiJmOWU5YmI0OC1kNDAzLTQ3MzItYmE3Yi03NzQyMTIxZGQzMzMifQ.T62gCwem9Hb7W4zhRfF-c6ss6S8jyccJamT7tRBTWoI",
"token_type": "Bearer",
"not-before-policy": 0,
"session_state": "f9e9bb48-d403-4732-ba7b-7742121dd333",
"scope": "email profile"
}
References 및 사진 출처
정수원 스프링 시큐리티 OAuth2
'Spring > Oauth2' 카테고리의 다른 글
| Oauth2 Refresh Token Grant (0) | 2025.01.12 |
|---|---|
| Oauth2 Client Credentials Grant (0) | 2025.01.12 |
| Oauth2 Implicit Grant (0) | 2025.01.12 |
| Oauth2 Keycloak Docker compose, 기본세팅 (0) | 2025.01.12 |
| Oauth2 Authorization Code Grant (0) | 2025.01.12 |