Open
Conversation
sinsehwan
reviewed
Mar 17, 2026
Collaborator
sinsehwan
left a comment
sinsehwan
left a comment
There was a problem hiding this comment.
변경사항 확인했습니다! 다만 aud 검증 부분 한 번 체크해주세요
Comment on lines
+4
to
+8
| String access_token, | ||
| String expires_in, | ||
| String id_token, | ||
| String refresh_token, | ||
| String token_type |
Collaborator
There was a problem hiding this comment.
사소하긴 한데 카멜 케이스 + @JsonProperty 적용하면 좋을 것 같습니다
Comment on lines
+79
to
+80
| if (!clientId.equals(tokenClaims.getAudience())) { | ||
| throw new AuthenticationException(ExceptionCode.INVALID_TOKEN.getDescription()); |
Collaborator
There was a problem hiding this comment.
이거 tokenClims.getAudience() 반환형태가 Set인 것 같은데 !tokenClaims.getAudience().contains(clientId)로 수정해야 할 것 같습니다!
Comment on lines
+70
to
+79
| return Jwts.builder() | ||
| .setHeaderParam("kid", kid) | ||
| .setHeaderParam("alg", "ES256") | ||
| .setIssuer(teamId) | ||
| .setIssuedAt(new Date(System.currentTimeMillis())) | ||
| .setExpiration(expirationDate) | ||
| .setAudience("https://appleid.apple.com") | ||
| .setSubject(clientId) | ||
| .signWith(SignatureAlgorithm.ES256, getPrivateKey()) | ||
| .compact(); |
Collaborator
There was a problem hiding this comment.
jjwt 0.12~ 부터 deprecated된 함수들이 꽤 있는 것 같아요 찾아보니까 다음과 같이 쓰는 것 같던데 확인해주세요~
Jwts.builder()
.header().keyId(kid).add("alg", "ES256").and()
.issuer(teamId)
.issuedAt(new Date())
.expiration(expirationDate)
.audience().add("https://appleid.apple.com").and()
.subject(clientId)
.signWith(getPrivateKey(), Jwts.SIG.ES256)|
|
||
| private void joinAppleUser(UserEntity userEntity, OAuth2Response oAuth2Response) { | ||
|
|
||
| AppleOAuth2Rep appleOAuth2Rep = (AppleOAuth2Rep) oAuth2Response; |
Collaborator
There was a problem hiding this comment.
뭔가 UserService에서 apple 관련 의존 제거하면서 타입 캐스팅 안전하게 할 수 있으면 더 좋을 것 같은데 나중에 좀 더 고민해봐야겠네요
Comment on lines
+82
to
+92
| private PrivateKey getPrivateKey() { | ||
| try { | ||
| Reader pemReader = new StringReader(privateKey.replace("\\n", "\n")); | ||
| PEMParser pemParser = new PEMParser(pemReader); | ||
| JcaPEMKeyConverter converter = new JcaPEMKeyConverter(); | ||
| PrivateKeyInfo object = (PrivateKeyInfo)pemParser.readObject(); | ||
| return converter.getPrivateKey(object); | ||
| } catch (IOException e) { | ||
| throw new AuthenticationException(ExceptionCode.INVALID_TOKEN.getDescription()); | ||
| } | ||
| } |
Collaborator
There was a problem hiding this comment.
생성되는 PrivateKey가 항상 같으니 나중에 캐싱 적용해봐도 좋을 것 같아요!
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
변경점 👍
close: #52
애플 소셜 로그인을 구현했습니다.
카카오/구글/네이버의 소셜 로그인이랑 과정이 너무 많이 달라서 애를 많이 먹었습니다.
요약하자면 위와 같은 플로우를 갖습니다.
identity_token= 애플 소셜 로그인한 사용자의 정보가 들어있는 base64로 인코딩된 토큰public key= 애플에서 제공하는 identity_token을 검증하기 위한 공개키authorization_code= 애플 소셜 로그인 성공 후 발급되는1회용 인증 코드refresh_token= 만료기간이 없는 애플에서 관리하는 사용자에 대한 리프래시 토큰 (최초 로그인 시만 발급, 회원 탈퇴에 사용)client_secret= 이 요청을 보내는 서버가 Apple Developer 계정을 가진 실제 앱 서버인지 증명하는 키