woowacourse-teams · BGuga · May 22, 2024 · May 16, 2024 · May 16, 2024 · May 16, 2024
diff --git a/backend/src/main/java/com/festago/auth/infrastructure/openid/AppleOpenIdClient.java b/backend/src/main/java/com/festago/auth/infrastructure/openid/AppleOpenIdClient.java
@@ -4,13 +4,10 @@
 import com.festago.auth.domain.OpenIdNonceValidator;
 import com.festago.auth.domain.SocialType;
 import com.festago.auth.domain.UserInfo;
-import com.festago.common.exception.ErrorCode;
-import com.festago.common.exception.UnauthorizedException;
 import io.jsonwebtoken.Claims;
 import io.jsonwebtoken.Jwts;
 import java.time.Clock;
 import java.util.Date;
-import java.util.Set;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.stereotype.Component;
@@ -34,6 +31,7 @@ public AppleOpenIdClient(
         this.openIdNonceValidator = openIdNonceValidator;
         this.idTokenParser = new OpenIdIdTokenParser(Jwts.parser()
             .keyLocator(appleOpenIdPublicKeyLocator)
+            .requireAudience(clientId)
             .requireIssuer(ISSUER)
             .clock(() -> Date.from(clock.instant()))
             .build());
@@ -43,23 +41,12 @@ public AppleOpenIdClient(
     public UserInfo getUserInfo(String idToken) {
         Claims payload = idTokenParser.parse(idToken);
         openIdNonceValidator.validate(payload.get("nonce", String.class), payload.getExpiration());
-        validateAudience(payload.getAudience());
         return UserInfo.builder()
             .socialType(SocialType.APPLE)
             .socialId(payload.getSubject())
             .build();
     }
 
-    private void validateAudience(Set<String> audiences) {
-        for (String audience : audiences) {
-            if (clientId.equals(audience)) {
-                return;
-            }
-        }
-        log.info("허용되지 않는 id 토큰의 audience 값이 요청되었습니다. audiences={}", audiences);
-        throw new UnauthorizedException(ErrorCode.OPEN_ID_INVALID_TOKEN);
-    }
-
     @Override
     public SocialType getSocialType() {
         return SocialType.APPLE;

diff --git a/...end/src/main/java/com/festago/auth/infrastructure/openid/AppleOpenIdPublicKeyLocator.java b/...end/src/main/java/com/festago/auth/infrastructure/openid/AppleOpenIdPublicKeyLocator.java
@@ -13,7 +13,7 @@
 public class AppleOpenIdPublicKeyLocator implements Locator<Key> {
 
     private final AppleOpenIdJwksClient appleOpenIdJwksClient;
-    private final CachedAppleOpenIdKeyProvider cachedOpenIdKeyProvider;
+    private final CachedOpenIdKeyProvider cachedOpenIdKeyProvider;
 
     @Override
     public Key locate(Header header) {

diff --git a/...nd/src/main/java/com/festago/auth/infrastructure/openid/CachedAppleOpenIdKeyProvider.java b/...nd/src/main/java/com/festago/auth/infrastructure/openid/CachedAppleOpenIdKeyProvider.java
diff --git a/backend/src/main/java/com/festago/auth/infrastructure/openid/CachedOpenIdKeyProvider.java b/backend/src/main/java/com/festago/auth/infrastructure/openid/CachedOpenIdKeyProvider.java
@@ -10,10 +10,12 @@
 import java.util.concurrent.locks.ReentrantLock;
 import java.util.function.Supplier;
 import lombok.extern.slf4j.Slf4j;
+import org.springframework.context.annotation.Scope;
 import org.springframework.stereotype.Component;
 
 @Slf4j
 @Component
+@Scope("prototype")
 public class CachedOpenIdKeyProvider {
 
     private final Map<String, Key> cache = new HashMap<>();

diff --git a/backend/src/test/java/com/festago/auth/infrastructure/openid/AppleOpenIdClientTest.java b/backend/src/test/java/com/festago/auth/infrastructure/openid/AppleOpenIdClientTest.java
@@ -185,6 +185,4 @@ void setUp() {
         // then
         assertThat(expect.socialId()).isEqualTo(socialId);
     }
-
-
 }
diff --git a/backend/src/test/java/com/festago/auth/infrastructure/openid/AppleOpenIdJwksClientTest.java b/backend/src/test/java/com/festago/auth/infrastructure/openid/AppleOpenIdJwksClientTest.java
@@ -106,6 +106,4 @@ class AppleOpenIdJwksClientTest {
             .map(Identifiable::getId)
             .containsExactlyInAnyOrder("pyaRQpAbnY", "lVHdOx8ltR", "Bh6H7rHVmb");
     }
-
-
 }
diff --git a/...src/test/java/com/festago/auth/infrastructure/openid/AppleOpenIdPublicKeyLocatorTest.java b/...src/test/java/com/festago/auth/infrastructure/openid/AppleOpenIdPublicKeyLocatorTest.java
@@ -0,0 +1,30 @@
+package com.festago.auth.infrastructure.openid;
+
+import static org.assertj.core.api.Assertions.assertThat;
+
+import com.festago.support.ApplicationIntegrationTest;
+import org.junit.jupiter.api.DisplayNameGeneration;
+import org.junit.jupiter.api.DisplayNameGenerator.ReplaceUnderscores;
+import org.junit.jupiter.api.Test;
+import org.springframework.beans.factory.annotation.Autowired;
+
+@DisplayNameGeneration(ReplaceUnderscores.class)
+@SuppressWarnings("NonAsciiCharacters")
+class AppleOpenIdPublicKeyLocatorTest extends ApplicationIntegrationTest {
+
+    @Autowired
+    AppleOpenIdPublicKeyLocator appleOpenIdPublicKeyLocator;
+
+    @Autowired
+    KakaoOpenIdPublicKeyLocator kakaoOpenIdPublicKeyLocator;
+
+    @Test
+    void 소셜별_Locator_들은_캐싱을_공유하지_않는다() {
+
+        // given & when & then
+        assertThat(appleOpenIdPublicKeyLocator)
+            .usingRecursiveComparison()
+            .comparingOnlyFields("cachedOpenIdKeyProvider")
+            .isNotEqualTo(kakaoOpenIdPublicKeyLocator);
+    }
+}