Merge pull request #147 from DevKor-github/fix/login

Yyang-YE · web-flow · commit e8d01839ded7 · 2025-01-25T22:35:33.000+09:00
Fix: 애플 dev-aud 추가
diff --git a/src/main/java/devkor/com/teamcback/domain/user/validator/AppleValidator.java b/src/main/java/devkor/com/teamcback/domain/user/validator/AppleValidator.java
@@ -26,6 +26,8 @@ public class AppleValidator {
 
     @Value("${jwt.social.apple.iss}")
     private String ISS;
+    @Value("${jwt.social.apple.dev-aud}")
+    private String DEV_AUD;
     @Value("${jwt.social.apple.aud}")
     private String AUD;
 
@@ -36,7 +38,7 @@ public OIDCPublicKeysResponse getCachedData() {
     public String validateToken(String token) {
         try {
             // id_token 정보
-            Header tokenInfo = oidcUtil.getUnsignedTokenClaims(token, AUD, ISS).getHeader();
+            Header tokenInfo = oidcUtil.getUnsignedTokenClaims(token, new String[] {DEV_AUD, AUD}, ISS).getHeader();
             String kid = (String) tokenInfo.get(KID);
             String alg = (String) tokenInfo.get(ALG);
 
diff --git a/src/main/java/devkor/com/teamcback/global/jwt/OIDC/OIDCUtil.java b/src/main/java/devkor/com/teamcback/global/jwt/OIDC/OIDCUtil.java
@@ -15,6 +15,7 @@
 import java.security.NoSuchAlgorithmException;
 import java.security.spec.InvalidKeySpecException;
 import java.security.spec.RSAPublicKeySpec;
+import java.util.Arrays;
 import java.util.Base64;
 import lombok.RequiredArgsConstructor;
 import org.springframework.stereotype.Component;
@@ -24,16 +25,25 @@
 public class OIDCUtil {
     private static final String KID = "kid";
     public String getKidFromUnsignedTokenHeader(String token, String aud, String iss) {
-        return (String) getUnsignedTokenClaims(token, aud, iss).getHeader().get(KID);
+        return (String) getUnsignedTokenClaims(token, new String[] {aud}, iss).getHeader().get(KID);
     }
 
-    public Jwt<Header, Claims> getUnsignedTokenClaims(String token, String aud, String iss) {
+    public Jwt<Header, Claims> getUnsignedTokenClaims(String token, String[] aud, String iss) {
         try {
-            return Jwts.parserBuilder()
-                .requireAudience(aud)
+            Jwt<Header, Claims> claims = Jwts.parserBuilder()
                 .requireIssuer(iss)
                 .build()
                 .parseClaimsJwt(getUnsignedToken(token));
+
+            // 추가적인 audience 검증
+            String audience = claims.getBody().getAudience();
+            if (audience == null || Arrays.stream(aud).noneMatch(audience::equals)) {
+                throw new GlobalException(INVALID_TOKEN);
+            }
+
+            return claims;
+        } catch (GlobalException e) {
+            throw new GlobalException(e.getResultCode());
         } catch (Exception e) {
             throw new GlobalException(INVALID_TOKEN);
         }
diff --git a/src/main/resources/application.yml b/src/main/resources/application.yml
@@ -93,6 +93,7 @@ jwt:
     apple:
       iss: ${APPLE_ISS}
       aud: ${APPLE_AUD}
+      dev-aud: ${APPLE_DEV_AUD}
   admin:
     token: ${JWT_ADMIN_TOKEN}
 
