\uc6f9\uc740 \ubcf8\ub798 \ubb34\uc0c1\ud0dc(Stateless) \ud504\ub85c\ud1a0\ucf5c\uc778 HTTP \uc704\uc5d0\uc11c \ub3d9\uc791,<\/p>\n\n\n\n
\uc989 \ud074\ub77c\uc774\uc5b8\ud2b8\uac00 \uc694\uccad\uc744 \ubcf4\ub0bc \ub54c\ub9c8\ub2e4 \uc11c\ubc84\ub294 \uc774 \uc694\uccad\uc774 \ub204\uad6c\ub85c\ubd80\ud130 \uc654\ub294\uc9c0\ub97c \uae30\ubcf8\uc801\uc73c\ub85c \uc54c \uc218 \uc5c6\ub2e4.(\uac80\uc99d \uc548\ub428)<\/p>\n\n\n\n
\uc0ac\uc6a9\uc790\uac00 \ub85c\uadf8\uc778\uc744 \ud574\ub3c4 \ub2e4\uc74c \uc694\uccad\uc5d0\uc11c \uc11c\ubc84\ub294 \uadf8 \uc0ac\uc6a9\uc790\uac00 \uc5ec\uc804\ud788 \ub85c\uadf8\uc778 \uc0c1\ud0dc\uc778\uc9c0 \uc54c \uc218 \uc5c6\ub2e4.<\/p>\n\n\n\n
\ub530\ub77c\uc11c, \uc778\uc99d \uc0c1\ud0dc\ub97c \uc720\uc9c0\ud558\uae30 \uc704\ud55c \uba54\ucee4\ub2c8\uc998\uc744 \ud544\uc694\ub85c \ud55c\ub2e4.<\/p>\n\n\n\n
\u2192 \ucfe0\ud0a4, \uc138\uc158, JWT<\/p>\n\n\n\n
<\/p>\n\n\n\n
<\/p>\n\n\n\n
<\/p>\n\n\n\n
\ube0c\ub77c\uc6b0\uc800\uac00 \uc800\uc7a5\ud558\ub294 \uc791\uc740 \ub370\uc774\ud130. \uc0c1\ud0dc \uc720\uc9c0\uc758 \uae30\ubcf8 \ub2e8\uc704,<\/p>\n\n\n\n
\uc0c1\ud0dc \uc720\uc9c0\ub97c \uc704\ud574 \uc0ac\uc6a9\ud55c\ub2e4. (Session ID \ubcf4\uad00, \ub85c\uadf8\uc778 \uc0c1\ud0dc \uc720\uc9c0, \uc0ac\uc6a9\uc790 \uc124\uc815 \uac12 \uc800\uc7a5 \ub4f1)<\/p>\n\n\n\n
\uc11c\ubc84\uac00 \uc751\ub2f5 \uc2dc Set-Cookie \ud5e4\ub354\ub97c \ub0b4\ub824\uc8fc\uba74, \ube0c\ub77c\uc6b0\uc800\ub294 \uc774\ud6c4 \ud574\ub2f9 \ub3c4\uba54\uc778 \uc694\uccad\ub9c8\ub2e4<\/p>\n\n\n\n
\uc790\ub3d9\uc73c\ub85c Cookie \ud5e4\ub354\ub97c \ubd99\uc778\ub2e4.<\/p>\n\n\n\n
<\/p>\n\n\n\n
<\/p>\n\n\n\n
<\/p>\n\n\n\n
\uc11c\ubc84\uc5d0\uc11c \uad00\ub9ac\ud558\ub294 \uc0ac\uc6a9\uc790 \uc0c1\ud0dc.<\/p>\n\n\n\n
\uc548\uc815\uc801\uc774\uc9c0\ub9cc \ud655\uc7a5\uc131\uc5d0\ub294 \ud55c\uacc4\uac00 \uc874\uc7ac\ud55c\ub2e4.<\/p>\n\n\n\n
\ubcf4\ud1b5 \uc11c\ubc84\ub294 \uc0ac\uc6a9\uc790\uac00 \ub85c\uadf8\uc778\ud558\uba74 \uace0\uc720\ud55c \uc138\uc158 ID\ub97c \ubc1c\uae09,<\/p>\n\n\n\n
\uc774 \uc138\uc158 ID\ub294 \ud074\ub77c\uc774\uc5b8\ud2b8\uc758 \ucfe0\ud0a4\uc5d0 \uc800\uc7a5\ub418\uace0, \uc694\uccad \uc2dc \ud568\uaed8 \uc804\uc1a1\ub41c\ub2e4.<\/p>\n\n\n\n
\uc11c\ubc84\ub294 \uc774 \uc138\uc158 ID\ub97c \uc870\ud68c\ud558\uc5ec \ud574\ub2f9 \uc0ac\uc6a9\uc790\uc758 \ub85c\uadf8\uc778 \uc0c1\ud0dc\ub098 \ub370\uc774\ud130\ub97c \ud655\uc778\ud55c\ub2e4.<\/p>\n\n\n\n
<\/p>\n\n\n\n
<\/p>\n\n\n\n
<\/p>\n\n\n\n
<\/p>\n\n\n\n
\uc138\uc158\uc744 \uc11c\ubc84\uc5d0 \uc800\uc7a5\ud558\uc9c0 \uc54a\uace0, \ud1a0\ud070 \uc790\uccb4\uc5d0 \uc0ac\uc6a9\uc790 \uc0c1\ud0dc\ub97c \ub2f4\ub294 \ubc29\uc2dd.<\/p>\n\n\n\n
\uc0c1\ud0dc\ub97c \ud1a0\ud070 \uc790\uccb4\uc5d0 \ub2f4\uae30 \ub54c\ubb38\uc5d0 \uc11c\ubc84 \ud655\uc7a5\uc131\uc5d0 \uc720\ub9ac\ud558\uc9c0\ub9cc \ud0c8\ucde8 \uc2dc \uc704\ud5d8\ud560 \uc218 \uc788\uc74c.<\/p>\n\n\n\n
\ub85c\uadf8\uc778 \uc131\uacf5 \uc2dc \uc11c\ubc84\uac00 \uc11c\uba85\ub41c JWT\ub97c \ubc1c\uae09,<\/p>\n\n\n\n
\ud074\ub77c\uc774\uc5b8\ud2b8\ub294 JWT\ub97c \ub85c\uceec \uc2a4\ud1a0\ub9ac\uc9c0, \uc138\uc158 \uc2a4\ud1a0\ub9ac\uc9c0, \ud639\uc740 \ucfe0\ud0a4\uc5d0 \uc800\uc7a5. \uc774\ud6c4 API \uc694\uccad\uc2dc, \ud5e4\ub354\uc5d0 \ud3ec\ud568<\/p>\n\n\n\n
\uc11c\ubc84\ub294 \uc11c\uba85\ub9cc \uac80\uc99d\ud558\uba74 \uc694\uccad\uc790 \uc2dd\ubcc4 \uac00\ub2a5.<\/p>\n\n\n\n
Authorization: Bearer <token><\/code><\/pre>\n\n\n\n\uc7a5\uc810<\/h3>\n\n\n\n\n- \ubb34\uc0c1\ud0dc(Stateless) \u2192 \uc11c\ubc84 \ud655\uc7a5\uc131\uc5d0 \uc720\ub9ac.<\/li>\n\n\n\n
- \ub2e4\uc591\ud55c \uc11c\ube44\uc2a4\/\ub3c4\uba54\uc778 \uac04 \uc778\uc99d \uacf5\uc720(SSO)\uc5d0 \uc720\uc6a9\ud568<\/li>\n\n\n\n
- JSON \ud3ec\ub9f7 \u2192 \uc77d\uae30\/\ud30c\uc2f1 \uc26c\uc6c0.<\/li>\n<\/ul>\n\n\n\n
\ub2e8\uc810<\/h3>\n\n\n\n\n- \ud1a0\ud070 \uc790\uccb4\uac00 \uae38\ub2e4. \uc989, HTTP \ud5e4\ub354 \ubd80\ub2f4.<\/li>\n\n\n\n
- \ud1a0\ud070\uc774 \ud0c8\ucde8\ub418\uba74 \ub9cc\ub8cc\ub420 \ub54c\uae4c\uc9c0 \uc545\uc6a9\uc774 \uac00\ub2a5\ud568(\uc11c\ubc84\uc5d0\uc11c \uac15\uc81c \ud3d0\uae30 \uc5b4\ub824\uc6c0)<\/li>\n\n\n\n
- \ub85c\uceec \uc2a4\ud1a0\ub9ac\uc9c0\/\uc138\uc158 \uc2a4\ud1a0\ub9ac\uc9c0 \uc800\uc7a5 \uc2dc XSS \uacf5\uaca9\uc5d0 \ucde8\uc57d.<\/li>\n<\/ul>\n\n\n\n
<\/p>\n\n\n\n
<\/p>\n\n\n\n
HttpOnly ?<\/h2>\n\n\n\n
\ucfe0\ud0a4\ub97c \uc548\uc804\ud558\uac8c \uc9c0\ud0a4\ub294 \ucd5c\uc18c\ud55c\uc758 \ubcf4\uc548 \uc635\uc158,<\/p>\n\n\n\n
\ucfe0\ud0a4\ub97c \uc0ac\uc6a9\ud560 \ub54c \ubcf4\uc548\uc744 \uac15\ud654\ud558\ub824\uba74 HttpOnly \uc635\uc158\uc744 \ubc18\ub4dc\uc2dc \uace0\ub824\ud574\uc57c \ud55c\ub2e4.<\/p>\n\n\n\n
HttpOnly \ucfe0\ud0a4\ub294 \uc790\ubc14\uc2a4\ud06c\ub9bd\ud2b8(document.cookie)\ub85c \uc811\uadfc\ud560 \uc218 \uc5c6\uace0,<\/p>\n\n\n\n
\uc624\uc9c1 HTTP \uc694\uccad\uc5d0\ub9cc \uc790\ub3d9\uc73c\ub85c \ucca8\ubd80\ub41c\ub2e4.<\/p>\n\n\n\n
\u2192 \uc989, XSS \uacf5\uaca9\uc790\uac00 \uc790\ubc14\uc2a4\ud06c\ub9bd\ud2b8\ub97c \uc8fc\uc785\ud558\ub354\ub77c\ub3c4 \ucfe0\ud0a4 \uac12\uc744 \uc77d\uc5b4\ub0b4\uae30 \uc5b4\ub835\ub2e4.<\/p>\n\n\n\n
\ubcf4\ud1b5 \uc138\uc158 ID\ub098 JWT Access Token\uc744 \ucfe0\ud0a4\uc5d0 \uc800\uc7a5\ud560 \ub54c<\/p>\n\n\n\n
HttpOnly + Secure \uc635\uc158\uc744 \ud568\uaed8 \uc124\uc815\ud55c\ub2e4.<\/p>\n\n\n\n
*Secure: HTTPS\uc5d0\uc11c\ub9cc \uc804\uc1a1<\/p>\n\n\n\n
*SameSite: \ud06c\ub85c\uc2a4\uc0ac\uc774\ud2b8 \uc694\uccad \uc2dc \ucfe0\ud0a4 \uc804\uc1a1 \uc81c\ud55c(CSRF \ubc29\uc5b4)<\/p>\n\n\n\n
<\/p>\n\n\n\n
<\/p>\n\n\n\n
\uc2e4\ubb34\uc5d0\uc11c \uc0ac\uc6a9\ud560 \ub54c<\/h2>\n\n\n\n\uc18c\uaddc\ubaa8 \uc11c\ube44\uc2a4\uc5d0\uc11c \uc778\uc99d \uba54\ucee4\ub2c8\uc998<\/h3>\n\n\n\n
\ub2e8\uc21c \ub85c\uadf8\uc778 \uc720\uc9c0\uc5d0\uc11c\ub294 \ub2e4\uc74c\uacfc \uac19\uc774 \uc548\uc804\ud558\uace0 \uac04\ub2e8\ud558\uac8c \uc124\uacc4\ud560 \uc218 \uc788\ub2e4<\/p>\n\n\n\n
\u2192 \uc138\uc158 \uae30\ubc18 + HttpOnly \ucfe0\ud0a4<\/p>\n\n\n\n
\ub300\uaddc\ubaa8\/\ubd84\uc0b0 \uc544\ud0a4\ud14d\ucc98 \uc11c\ube44\uc2a4\uc5d0\uc11c\uc758 \uc778\uc99d \uba54\ucee4\ub2c8\uc998<\/h3>\n\n\n\n
JWT \uae30\ubc18 \ud1a0\ud070 \uc778\uc99d\uc73c\ub85c \uc124\uacc4\ud558\uba74 \uc11c\ubc84 \ud655\uc7a5\uc131\uc5d0 \uc720\ub9ac.<\/p>\n\n\n\n
\ub2e8, Refresh Token + \uc9e7\uc740 Access Token \uc8fc\uae30\ub85c \ubcf4\uc644\ud574\uc57c \ubcf4\uc548\uc744 \uac15\ud654\ud560 \uc218 \uc788\uc74c<\/p>\n\n\n\n
\ubcf4\uc548 \uac15\ud654\uc5d0 \uc788\uc5b4\uc11c \ud544\uc694\ud55c \ubd80\ubd84<\/h3>\n\n\n\n\n- \ubbfc\uac10\ud55c \ub370\uc774\ud130\ub294 \ucfe0\ud0a4\/\uc2a4\ud1a0\ub9ac\uc9c0\uc5d0 \uc9c1\uc811 \uc800\uc7a5\ud558\uc9c0 \uc54a\ub3c4\ub85d \ud560 \uac83.<\/li>\n\n\n\n
- HttpOnly, Secure, SameSite \uc635\uc158\uc744 \uc801\uadf9 \uc0ac\uc6a9<\/li>\n\n\n\n
- JWT\ub294 \uaf2d \uc9e7\uc740 \uc218\uba85 + Refresh Token \uad6c\uc870\ub85c \uc6b4\uc601\ud558\ub3c4\ub85d \ud55c\ub2e4.<\/li>\n<\/ul>\n\n\n\n
<\/p>\n","protected":false},"excerpt":{"rendered":"
\uc778\uc99d\uacfc \uc0c1\ud0dc \uad00\ub9ac\uc758 \ud544\uc694\uc131 \uc6f9\uc740 \ubcf8\ub798 \ubb34\uc0c1\ud0dc(Stateless) \ud504\ub85c\ud1a0\ucf5c\uc778 HTTP \uc704\uc5d0\uc11c \ub3d9\uc791, \uc989 \ud074\ub77c\uc774\uc5b8\ud2b8\uac00 \uc694\uccad\uc744 \ubcf4\ub0bc \ub54c\ub9c8\ub2e4 \uc11c\ubc84\ub294 \uc774 \uc694\uccad\uc774 \ub204\uad6c\ub85c\ubd80\ud130 \uc654\ub294\uc9c0\ub97c \uae30\ubcf8\uc801\uc73c\ub85c \uc54c \uc218 \uc5c6\ub2e4.(\uac80\uc99d \uc548\ub428) \uc0ac\uc6a9\uc790\uac00 \ub85c\uadf8\uc778\uc744 \ud574\ub3c4 \ub2e4\uc74c \uc694\uccad\uc5d0\uc11c \uc11c\ubc84\ub294 \uadf8 \uc0ac\uc6a9\uc790\uac00 \uc5ec\uc804\ud788 \ub85c\uadf8\uc778 \uc0c1\ud0dc\uc778\uc9c0 \uc54c \uc218 \uc5c6\ub2e4. \ub530\ub77c\uc11c, \uc778\uc99d \uc0c1\ud0dc\ub97c \uc720\uc9c0\ud558\uae30 \uc704\ud55c \uba54\ucee4\ub2c8\uc998\uc744 \ud544\uc694\ub85c \ud55c\ub2e4. \u2192 \ucfe0\ud0a4, \uc138\uc158, JWT \ucfe0\ud0a4(Cookie) \ube0c\ub77c\uc6b0\uc800\uac00 \uc800\uc7a5\ud558\ub294 […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[41],"tags":[168,72,165,167,164,170],"class_list":["post-240","post","type-post","status-publish","format-standard","hentry","category-computer-science","tag-jwt","tag-72","tag-165","tag-167","tag-164","tag-170"],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/hed-g.me\/index.php?rest_route=\/wp\/v2\/posts\/240","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/hed-g.me\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/hed-g.me\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/hed-g.me\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/hed-g.me\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=240"}],"version-history":[{"count":1,"href":"https:\/\/hed-g.me\/index.php?rest_route=\/wp\/v2\/posts\/240\/revisions"}],"predecessor-version":[{"id":241,"href":"https:\/\/hed-g.me\/index.php?rest_route=\/wp\/v2\/posts\/240\/revisions\/241"}],"wp:attachment":[{"href":"https:\/\/hed-g.me\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=240"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/hed-g.me\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=240"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/hed-g.me\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=240"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}