1. 현재 로그인 코드 분석 및 문제점
현재 구글 소셜 로그인 코드 흐름
프론트에서 구글 로그인 url 요청
http://localhost:8080/oath2/authorization/google → 구글 인증 서버 인증 → 구글 리소스 서버 접근 → 유저 정보 저장 및 토큰 생성 → 토큰은 redirect URL에 Query String으로 발급
현재 redirectUrl은 bidmarket.vercel.app/auth?token=~~ 으로 하드코딩 되어있는상태
- 현재 상황에서 토큰을 쿠키에 http only 옵션을 줘서 저장하고 메인페이지로 리다이렉트 시켜주고 싶음
- 우선 현재 코드가 어떻게 작동하는지 파악 할것임
현재 security 코드 분석
WebSecurityConfig 파일
@Configuration @EnableWebSecurity public class WebSecurityConfig { ...생략 @Bean public SecurityFilterChain filterChain(Jwt jwt, HttpSecurity http, OAuth2AuthorizedClientRepository repository, OAuth2AuthenticationSuccessHandler handler ) throws Exception { http.authorizeRequests() ...생략 /** * OAuth2 설정 */ .oauth2Login() .authorizationEndpoint() .authorizationRequestRepository(authorizationRequestRepository()) .and() .successHandler(handler) .authorizedClientRepository(repository) .and() ...생략 return http.build(); } }
OAuth2AuthenticationSuccessHandler 파일
package com.saiko.bidmarket.common.oauth2; import java.io.IOException; import java.nio.charset.StandardCharsets; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.security.core.Authentication; import org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationToken; import org.springframework.security.oauth2.core.user.OAuth2User; import org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler; import com.saiko.bidmarket.common.jwt.Jwt; import com.saiko.bidmarket.user.entity.User; import com.saiko.bidmarket.user.service.UserService; public class OAuth2AuthenticationSuccessHandler extends SavedRequestAwareAuthenticationSuccessHandler { private final Logger log = LoggerFactory.getLogger(this.getClass()); private final Jwt jwt; private final UserService userService; public OAuth2AuthenticationSuccessHandler(Jwt jwt, UserService userService) { this.jwt = jwt; this.userService = userService; } @Override public void onAuthenticationSuccess( HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws IOException { if (authentication instanceof OAuth2AuthenticationToken) { OAuth2AuthenticationToken oauth2Token = (OAuth2AuthenticationToken)authentication; OAuth2User principal = oauth2Token.getPrincipal(); log.debug("Message {}, {}", principal.getName(), principal.getAttributes()); String registrationId = oauth2Token.getAuthorizedClientRegistrationId(); User user = processUserOAuth2UserJoin(principal, registrationId); String loginSuccessJson = generateLoginSuccessJson(user); response.setContentType("application/json;charset=UTF-8"); response.setContentLength(loginSuccessJson.getBytes(StandardCharsets.UTF_8).length); response.sendRedirect("http://localhost:3000/auth?" + loginSuccessJson); } } private User processUserOAuth2UserJoin(OAuth2User oAuth2User, String registrationId) { return userService.join(oAuth2User, registrationId); } private String generateLoginSuccessJson(User user) { String token = generateToken(user); log.debug("Jwt({}) created for oauth2 login user {}", token, user.getId()); return "token=" + token; } private String generateToken(User user) { return jwt.sign(Jwt.Claims.from(user.getId(), new String[]{"ROLE_USER"})); } }
- 로그인 요청 URL
http://localhost:8080/oauth2/authorization/google
HttpCookieOAuth2AuthorizationRequestRepository 에 걸린 디버그
- authorization_uri = https://accounts.google.com/o/oauth2/v2/auth
- redirect_uri = http://localhost:8080/login/oauth2/code/google
AUTHORIZATION_REQUEST 쿠키 생성
구글 서버에 AUTHORIZATION_CODE를 요청하는 쿠키를 생성
