From aafde5a851f427aee843943a001157225c8b3ebf Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=EB=AC=B8=ED=98=95=EC=84=9D?= <moon79@hanmaceng.co.kr>
Date: Mon, 22 Jun 2026 09:41:50 +0900
Subject: [PATCH] =?UTF-8?q?Update=20baronsso=20=EB=A1=9C=EA=B7=B8=EC=9D=B8?=
 =?UTF-8?q?=ED=9D=90=EB=A6=84=EA=B2=80=ED=86=A0.md?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 baronsso 로그인흐름검토.md | 61 ++++++++++++++++++++++++++++++++++++--
 1 file changed, 59 insertions(+), 2 deletions(-)

diff --git a/baronsso 로그인흐름검토.md b/baronsso 로그인흐름검토.md
index 17500e5..0490888 100644
--- a/baronsso 로그인흐름검토.md	
+++ b/baronsso 로그인흐름검토.md	
@@ -1,5 +1,4 @@
 
-
 Baron SSO에서 Gateway는 Nginx 입니다.
 
 정확히는 
@@ -36,7 +35,65 @@ ory_postgres
 baron_postgres
 
 
-
+왜 Gateway와 Oathkeeper가 둘 다 있는가?
+Nginx==건물 1층 안내데스크
+Oathkeeper==출입통제 게이트
+
+
+
+Nginx Gateway=baron_gateway="교통정리"담당
+
+=URL Routing 역할
+
+
+/          → UserFront
+
+/admin     → AdminFront
+
+/dev       → DevFront
+
+/api       → Backend
+
+/auth      → Ory
+
+
+Oathkeeper=ory_oathkeeper=인증/인가 Gateway
+=사용자 요청=GET /api/user/list
+
+
+Oathkeeper가 토큰/권한 검사한 후, 있으면 Backend 전달
+없으면 
+401
+403 반환
+
+
+
+========================
+사용자의 docker ps 결과로 추정되는 
+실제 [로그인]흐름
+
+브라우저
+
+ ↓
+
+baron_gateway
+
+ ↓
+
+baron_userfront
+
+ ↓
+
+ory_kratos
+
+ ↓
+
+ory_postgres
+
+
+========================
+SSO 로그인 완료
+ory_hydra : 토큰 발급