From 8405fc1c4b19c0c887d52826ba4326086c13f616 Mon Sep 17 00:00:00 2001 From: KWY Date: Thu, 30 May 2024 22:35:35 +0900 Subject: [PATCH] =?UTF-8?q?#T-10855=20[feat]=20payload=20=EB=82=B4=20issue?= =?UTF-8?q?r=20aud=20=EC=B6=94=EA=B0=80?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit 플랫폼 인가 코드를 검증할 때, client id와 redirect uri가 일치하는지 검증하기 위해 issuer 내에는 client id를 aud 내에는 redirect uri를 기입했다 --- .../sopt/makers/operation/auth/api/AuthApiController.java | 6 +++--- .../org/sopt/makers/operation/auth/service/AuthService.java | 2 +- .../sopt/makers/operation/auth/service/AuthServiceImpl.java | 4 +++- 3 files changed, 7 insertions(+), 5 deletions(-) diff --git a/operation-api/src/main/java/org/sopt/makers/operation/auth/api/AuthApiController.java b/operation-api/src/main/java/org/sopt/makers/operation/auth/api/AuthApiController.java index 05e05be2..e7f78b5f 100644 --- a/operation-api/src/main/java/org/sopt/makers/operation/auth/api/AuthApiController.java +++ b/operation-api/src/main/java/org/sopt/makers/operation/auth/api/AuthApiController.java @@ -40,7 +40,7 @@ public ResponseEntity> authorize( if (!SocialType.isContains(type)) throw new AuthException(INVALID_SOCIAL_TYPE); val userId = findUserIdBySocialTypeAndCode(type, code); - val platformCode = generatePlatformCode(userId); + val platformCode = generatePlatformCode(clientId, redirectUri, userId); return ApiResponseUtil.success(SUCCESS_GET_AUTHORIZATION_CODE, new AuthorizationCodeResponse(platformCode)); } @@ -57,8 +57,8 @@ private Long findUserIdBySocialTypeAndCode(String type, String code) { return authService.getUserId(socialType, userSocialId); } - private String generatePlatformCode(Long userId) { - val platformCode = authService.generatePlatformCode(userId); + private String generatePlatformCode(String clientId, String redirectUri, Long userId) { + val platformCode = authService.generatePlatformCode(clientId, redirectUri, userId); tempPlatformCode.putIfAbsent(platformCode, platformCode); return platformCode; } diff --git a/operation-api/src/main/java/org/sopt/makers/operation/auth/service/AuthService.java b/operation-api/src/main/java/org/sopt/makers/operation/auth/service/AuthService.java index 3464ef0e..aca12053 100644 --- a/operation-api/src/main/java/org/sopt/makers/operation/auth/service/AuthService.java +++ b/operation-api/src/main/java/org/sopt/makers/operation/auth/service/AuthService.java @@ -9,5 +9,5 @@ public interface AuthService { Long getUserId(SocialType socialType, String userSocialId); - String generatePlatformCode(Long userId); + String generatePlatformCode(String clientId, String redirectUri, Long userId); } diff --git a/operation-api/src/main/java/org/sopt/makers/operation/auth/service/AuthServiceImpl.java b/operation-api/src/main/java/org/sopt/makers/operation/auth/service/AuthServiceImpl.java index f62ce1d3..f7dff82c 100644 --- a/operation-api/src/main/java/org/sopt/makers/operation/auth/service/AuthServiceImpl.java +++ b/operation-api/src/main/java/org/sopt/makers/operation/auth/service/AuthServiceImpl.java @@ -50,7 +50,7 @@ public Long getUserId(SocialType socialType, String userSocialId) { } @Override - public String generatePlatformCode(Long userId) { + public String generatePlatformCode(String clientId, String redirectUri, Long userId) { val platformCodeSecretKey = valueConfig.getPlatformCodeSecretKey(); val signatureAlgorithm = SignatureAlgorithm.HS256; @@ -59,6 +59,8 @@ public String generatePlatformCode(Long userId) { val exp = new Date().toInstant().atZone(KST) .toLocalDateTime().plusMinutes(5).atZone(KST).toInstant(); return Jwts.builder() + .setIssuer(clientId) + .setAudience(redirectUri) .setSubject(Long.toString(userId)) .setExpiration(Date.from(exp)) .signWith(signingKey, signatureAlgorithm)