https://www.youngju.dev/blog 천천히 올바르게. AI Researcher & DevOps Engineer Youngju's tech blog. GPU/CUDA, LLM, MLOps, Kubernetes AI workloads, distributed training, and data engineering. ko fjvbn2003@gmail.com (Youngju Kim) fjvbn2003@gmail.com (Youngju Kim) Fri, 12 Jun 2026 00:00:00 GMT https://www.youngju.dev/blog/devops/2026-06-12-advanced-oauth-flows-ciba-device-dpop.en https://www.youngju.dev/blog/devops/2026-06-12-advanced-oauth-flows-ciba-device-dpop.en A guide to advanced OAuth mechanisms for authentication scenarios that the standard redirect flow cannot solve. Covers the Device Authorization Grant (RFC 8628), CIBA with its poll/ping/push modes, the DPoP (RFC 9449) proof structure and replay defense, Keycloak configuration, and the 2026 context in which device flow is being rediscovered for AI agents and CLI tools. Fri, 12 Jun 2026 00:00:00 GMT fjvbn2003@gmail.com (Youngju Kim) oauthoidckeycloakcibadpopsecuritydevops https://www.youngju.dev/blog/devops/2026-06-12-advanced-oauth-flows-ciba-device-dpop.ja https://www.youngju.dev/blog/devops/2026-06-12-advanced-oauth-flows-ciba-device-dpop.ja 標準のリダイレクトフローでは解決できない認証シナリオのための高度な OAuth メカニズムを整理します。Device Authorization Grant（RFC 8628）、CIBA の poll/ping/push モード、DPoP（RFC 9449）の proof 構造とリプレイ防御、Keycloak の設定、そして AI エージェントと CLI ツールの認証で device flow が再評価される 2026 年の文脈まで扱います。 Fri, 12 Jun 2026 00:00:00 GMT fjvbn2003@gmail.com (Youngju Kim) oauthoidckeycloakcibadpopsecuritydevops https://www.youngju.dev/blog/devops/2026-06-12-advanced-oauth-flows-ciba-device-dpop https://www.youngju.dev/blog/devops/2026-06-12-advanced-oauth-flows-ciba-device-dpop 표준 리다이렉트 플로우로 풀리지 않는 인증 시나리오를 위한 고급 OAuth 메커니즘을 정리합니다. Device Authorization Grant(RFC 8628), CIBA의 poll/ping/push 모드, DPoP(RFC 9449)의 proof 구조와 replay 방어, Keycloak 설정, 그리고 AI 에이전트와 CLI 도구 인증으로 device flow가 재조명되는 2026년의 맥락까지 다룹니다. Fri, 12 Jun 2026 00:00:00 GMT fjvbn2003@gmail.com (Youngju Kim) oauthoidckeycloakcibadpopsecuritydevops