diff --git a/authorization-server/src/main/java/io/bluemoon/authorizationserver/config/WebSecurityConfig.java b/authorization-server/src/main/java/io/bluemoon/authorizationserver/config/WebSecurityConfig.java
index 95ef293..a8c6f14 100644
--- a/authorization-server/src/main/java/io/bluemoon/authorizationserver/config/WebSecurityConfig.java
+++ b/authorization-server/src/main/java/io/bluemoon/authorizationserver/config/WebSecurityConfig.java
@@ -2,6 +2,7 @@ package io.bluemoon.authorizationserver.config;
 
 import io.bluemoon.authorizationserver.service.user.CustomUserDetailsServiceImpl;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.beans.factory.annotation.Qualifier;
 import org.springframework.boot.autoconfigure.security.SecurityProperties;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
@@ -12,9 +13,15 @@ import org.springframework.security.config.annotation.authentication.builders.Au
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
 import org.springframework.security.crypto.password.NoOpPasswordEncoder;
+import org.springframework.security.oauth2.client.OAuth2ClientContext;
+import org.springframework.security.oauth2.client.filter.OAuth2ClientAuthenticationProcessingFilter;
+import org.springframework.security.oauth2.config.annotation.web.configuration.EnableOAuth2Client;
+
+import javax.servlet.Filter;
 
 @Configuration
 //@Order(SecurityProperties.BASIC_AUTH_ORDER - 6)
+@EnableOAuth2Client
 @Order(-1)
 public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
 
@@ -80,4 +87,5 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
     public static NoOpPasswordEncoder passwordEncoder() {
         return (NoOpPasswordEncoder) NoOpPasswordEncoder.getInstance();
     }
+
 }
diff --git a/authorization-server/src/main/resources/application.properties b/authorization-server/src/main/resources/application.properties
index abee57d..a62f53a 100644
--- a/authorization-server/src/main/resources/application.properties
+++ b/authorization-server/src/main/resources/application.properties
@@ -16,4 +16,14 @@ spring.jpa.hibernate.ddl-auto=update
 spring.jpa.generate-ddl=true
 spring.jpa.show-sql=true
 #spring.jpa.generate-ddl=false
-#spring.jpa.hibernate.ddl-auto=none
\ No newline at end of file
+#spring.jpa.hibernate.ddl-auto=none
+
+facebook.client.client-id=1684497291764010
+facebook.client.client-secret=cfefbfbb6ca436828f197df32d85b861
+facebook.client.access-token-uri=https://graph.facebook.com/oauth/access_token
+facebook.client.user-authorization-uri=https://www.facebook.com/dialog/oauth
+facebook.client.token-name=oauth_token
+facebook.client.authentication-scheme=query
+facebook.client.client-authentication-scheme=form
+
+facebook.resource.user-info-uri=https://graph.facebook.com/me
\ No newline at end of file
diff --git a/gateway-zuul/src/main/java/io/bluemoon/gatewayzuul/config/GatewayConfiguration.java b/gateway-zuul/src/main/java/io/bluemoon/gatewayzuul/config/GatewayConfiguration.java
new file mode 100644
index 0000000..f3bd825
--- /dev/null
+++ b/gateway-zuul/src/main/java/io/bluemoon/gatewayzuul/config/GatewayConfiguration.java
@@ -0,0 +1,27 @@
+package io.bluemoon.gatewayzuul.config;
+
+import org.springframework.boot.autoconfigure.security.oauth2.client.EnableOAuth2Sso;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.core.annotation.Order;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
+import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;
+
+/**
+ * 리소스 서버는 OAuth2 토큰에 의해 보호되는 리소스를 제공.
+ * Spring OAuth2는 이 보호 기능을 구현하는 Spring security 인증 필터를 제공.
+ */
+//@Configuration
+//@EnableResourceServer
+//@EnableOAuth2Sso
+//@Order(value = -1)
+public class GatewayConfiguration extends ResourceServerConfigurerAdapter {
+
+    @Override
+    public void configure(HttpSecurity http) throws Exception {
+        http.authorizeRequests()
+                .antMatchers("/mk-auth/**", "login").permitAll()
+                .anyRequest()
+                .authenticated();
+    }
+}
diff --git a/gateway-zuul/src/main/java/io/bluemoon/gatewayzuul/config/SecurityConfig.java b/gateway-zuul/src/main/java/io/bluemoon/gatewayzuul/config/SecurityConfig.java
index 9c5c6d5..c38e133 100644
--- a/gateway-zuul/src/main/java/io/bluemoon/gatewayzuul/config/SecurityConfig.java
+++ b/gateway-zuul/src/main/java/io/bluemoon/gatewayzuul/config/SecurityConfig.java
@@ -32,10 +32,12 @@ import javax.servlet.http.HttpServletResponse;
 import java.io.IOException;
 import java.util.regex.Pattern;
 
+
+
 @Configuration
 @EnableOAuth2Sso
 @EnableResourceServer
-@Order(value = -1)
+@Order(value = 0)
 public class SecurityConfig  extends WebSecurityConfigurerAdapter {
 
 //    @Bean