Skip to content

[FIX] 로컬/배포 환경 대응을 위한 OAuth2 리다이렉트 로직 수정 #75

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
rhkr8521 merged 2 commits into from
Feb 11, 2026
Merged

[FIX] 로컬/배포 환경 대응을 위한 OAuth2 리다이렉트 로직 수정 #75

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
bff422d
[FIX] 로컬/배포 환경 대응을 위한 OAuth2 리다이렉트 로직 수정
gogori6565 Feb 9, 2026
9d0a731
[FIX] 로컬/배포 환경 대응을 위한 OAuth2 리다이렉트 로직 수정 (필드 type으로 변경)
gogori6565 Feb 11, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions src/main/java/com/moongeul/backend/api/member/controller/MemberController.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -47,7 +47,7 @@ public class MemberController {
@PostMapping("/google/login")
public ResponseEntity<ApiResponse<LoginResponseDTO>> loginWithGoogle(@Valid @RequestBody LoginRequestDTO loginRequestDTO) {

LoginResponseDTO response = memberService.loginWithGoogle(loginRequestDTO.getCode());
LoginResponseDTO response = memberService.loginWithGoogle(loginRequestDTO.getCode(), loginRequestDTO.getRedirectUri());
return ApiResponse.success(SuccessStatus.SEND_LOGIN_SUCCESS, response);
}

Expand All @@ -64,7 +64,7 @@ public ResponseEntity<ApiResponse<LoginResponseDTO>> loginWithGoogle(@Valid @Req
@PostMapping("/kakao/login")
public ResponseEntity<ApiResponse<LoginResponseDTO>> loginWithKakao(@Valid @RequestBody LoginRequestDTO loginRequestDTO) {

LoginResponseDTO response = memberService.loginWithKakao(loginRequestDTO.getCode());
LoginResponseDTO response = memberService.loginWithKakao(loginRequestDTO.getCode(), loginRequestDTO.getRedirectUri());
return ApiResponse.success(SuccessStatus.SEND_LOGIN_SUCCESS, response);
}

Expand Down
1 change: 1 addition & 0 deletions src/main/java/com/moongeul/backend/api/member/dto/LoginRequestDTO.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,4 +8,5 @@ public class LoginRequestDTO {

@NotBlank(message = "인가코드가 입력되지 않았습니다.")
private String code; // 인가코드
private String redirectUri; // 리다이렉트 uri
}
10 changes: 7 additions & 3 deletions src/main/java/com/moongeul/backend/api/member/service/GoogleOAuthService.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -33,10 +33,10 @@ public class GoogleOAuthService {
@Value("${spring.security.oauth2.client.registration.google.client-secret}")
private String clientSecret;
@Value("${spring.security.oauth2.client.registration.google.redirect-uri}")
private String redirectUri;
private String defaultRedirectUri;

// Google 토큰 획득 로직 (WebClient 방식으로 수정 - 비동기 방식 구현)
public AccessTokenResponseDTO getGoogleToken(String code) {
public AccessTokenResponseDTO getGoogleToken(String code, String redirectUri) {

String decodedCode;
try {
Expand All @@ -54,7 +54,11 @@ public AccessTokenResponseDTO getGoogleToken(String code) {
params.add("code", decodedCode);
params.add("client_id", clientId);
params.add("client_secret", clientSecret);
params.add("redirect_uri", redirectUri);

// 프론트에서 보낸 redirectUri가 있으면 그것을 사용하고, 없으면 설정 파일의 기본값을 사용
String finalRedirectUri = (redirectUri != null && !redirectUri.isBlank()) ? redirectUri : defaultRedirectUri;
Copy link
Member

@rhkr8521 rhkr8521 Feb 9, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

redirectUri를 직접 전송하는것 보단 local, deploy 처럼 서버에 두 Uri를 저장하고 서버에서 직접 관리하는게 좋을거같아요! 오픈 리다이렉트 피싱으로 공격이 이루어질수있어요!

Copy link
Contributor Author

@gogori6565 gogori6565 Feb 11, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

서버에서 직접 관리하는 방식으로 변경하였습니다! 조언 감사합니다.


params.add("redirect_uri", finalRedirectUri);
params.add("grant_type", "authorization_code"); // 인가 코드를 토큰으로 교환함을 명시

return webClient.post()
Expand Down
10 changes: 7 additions & 3 deletions src/main/java/com/moongeul/backend/api/member/service/KakaoOAuthService.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -30,17 +30,21 @@ public class KakaoOAuthService {
@Value("${spring.security.oauth2.client.registration.kakao.client-secret}")
private String clientSecret;
@Value("${spring.security.oauth2.client.registration.kakao.redirect-uri}")
private String redirectUri;
private String defaultRedirectUri;

// Kakao 토큰 획득 로직
public AccessTokenResponseDTO getKakaoToken(String code){
public AccessTokenResponseDTO getKakaoToken(String code, String redirectUri){

// HTTP Body 생성
MultiValueMap<String, String> params = new LinkedMultiValueMap<>();
params.add("grant_type", "authorization_code");
params.add("client_id", clientId);
params.add("client_secret", clientSecret);
params.add("redirect_uri", redirectUri);

// 프론트에서 보낸 redirectUri가 있으면 그것을 사용하고, 없으면 설정 파일의 기본값을 사용
String finalRedirectUri = (redirectUri != null && !redirectUri.isBlank()) ? redirectUri : defaultRedirectUri;

params.add("redirect_uri", finalRedirectUri);
params.add("code", code);

return webClient.post()
Expand Down
11 changes: 5 additions & 6 deletions src/main/java/com/moongeul/backend/api/member/service/MemberService.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -55,10 +55,10 @@ public class MemberService {

// 인가코드 받아 JWT로 교환 및 회원가입/로그인 처리
@Transactional
public LoginResponseDTO loginWithGoogle(String code){
public LoginResponseDTO loginWithGoogle(String code, String redirectUri){

// 1. 인가 코드로 Google Access Token 및 사용자 정보 획득
AccessTokenResponseDTO tokenDTO = googleOAuthService.getGoogleToken(code);
AccessTokenResponseDTO tokenDTO = googleOAuthService.getGoogleToken(code, redirectUri);
GoogleInfoResponseDTO userInfo = googleOAuthService.getGoogleUserInfo(tokenDTO.getAccessToken());

// 2. 사용자 정보 추출
Expand Down Expand Up @@ -89,9 +89,9 @@ public LoginResponseDTO loginWithGoogle(String code){
}

@Transactional
public LoginResponseDTO loginWithKakao(String code){
public LoginResponseDTO loginWithKakao(String code, String redirectUri){

AccessTokenResponseDTO tokenDTO = kakaoOAuthService.getKakaoToken(code);
AccessTokenResponseDTO tokenDTO = kakaoOAuthService.getKakaoToken(code, redirectUri);
KakaoInfoResponseDTO userInfo = kakaoOAuthService.getKakaoUserInfo(tokenDTO.getAccessToken());

// 2. 사용자 정보 추출
Expand Down Expand Up @@ -138,9 +138,8 @@ private Member signUp(String socialId, String email, String name, String picture
.socialType(socialType)
.role(Role.GUEST) // 이후 필요 정보 모두 입력 시 USER 로 승격
.build();
Member savedMember = memberRepository.save(newUser);

return savedMember;
return memberRepository.save(newUser);
}

// 사용자 정보 조회
Expand Down