#T-10855 [feat] payload 내 issuer aud 추가

플랫폼 인가 코드를 검증할 때, client id와 redirect uri가 일치하는지 검증하기 위해 issuer 내에는 client id를 aud 내에는 redirect uri를 기입했다
sopt-makers · May 30, 2024 · 8405fc1 · 8405fc1
1 parent 9f5a36e
commit 8405fc1
Show file tree

Hide file tree

Showing 3 changed files with 7 additions and 5 deletions.
diff --git a/operation-api/src/main/java/org/sopt/makers/operation/auth/api/AuthApiController.java b/operation-api/src/main/java/org/sopt/makers/operation/auth/api/AuthApiController.java
@@ -40,7 +40,7 @@ public ResponseEntity<BaseResponse<?>> authorize(
         if (!SocialType.isContains(type)) throw new AuthException(INVALID_SOCIAL_TYPE);
 
         val userId = findUserIdBySocialTypeAndCode(type, code);
-        val platformCode = generatePlatformCode(userId);
+        val platformCode = generatePlatformCode(clientId, redirectUri, userId);
         return ApiResponseUtil.success(SUCCESS_GET_AUTHORIZATION_CODE, new AuthorizationCodeResponse(platformCode));
     }
 
@@ -57,8 +57,8 @@ private Long findUserIdBySocialTypeAndCode(String type, String code) {
         return authService.getUserId(socialType, userSocialId);
     }
 
-    private String generatePlatformCode(Long userId) {
-        val platformCode = authService.generatePlatformCode(userId);
+    private String generatePlatformCode(String clientId, String redirectUri, Long userId) {
+        val platformCode = authService.generatePlatformCode(clientId, redirectUri, userId);
         tempPlatformCode.putIfAbsent(platformCode, platformCode);
         return platformCode;
     }

diff --git a/operation-api/src/main/java/org/sopt/makers/operation/auth/service/AuthService.java b/operation-api/src/main/java/org/sopt/makers/operation/auth/service/AuthService.java
@@ -9,5 +9,5 @@ public interface AuthService {
 
     Long getUserId(SocialType socialType, String userSocialId);
 
-    String generatePlatformCode(Long userId);
+    String generatePlatformCode(String clientId, String redirectUri, Long userId);
 }
diff --git a/operation-api/src/main/java/org/sopt/makers/operation/auth/service/AuthServiceImpl.java b/operation-api/src/main/java/org/sopt/makers/operation/auth/service/AuthServiceImpl.java
@@ -50,7 +50,7 @@ public Long getUserId(SocialType socialType, String userSocialId) {
     }
 
     @Override
-    public String generatePlatformCode(Long userId) {
+    public String generatePlatformCode(String clientId, String redirectUri, Long userId) {
         val platformCodeSecretKey = valueConfig.getPlatformCodeSecretKey();
 
         val signatureAlgorithm = SignatureAlgorithm.HS256;
@@ -59,6 +59,8 @@ public String generatePlatformCode(Long userId) {
         val exp = new Date().toInstant().atZone(KST)
                 .toLocalDateTime().plusMinutes(5).atZone(KST).toInstant();
         return Jwts.builder()
+                .setIssuer(clientId)
+                .setAudience(redirectUri)
                 .setSubject(Long.toString(userId))
                 .setExpiration(Date.from(exp))
                 .signWith(signingKey, signatureAlgorithm)