Implement Kakao OAuth login using OIDC ID token#6
Merged
Conversation
Test Results8 tests 8 ✅ 0s ⏱️ Results for commit dd43b08. ♻️ This comment has been updated with latest results. |
jeyongsong
approved these changes
Feb 2, 2026
.github/workflows/be-deploy.yml
Outdated
Comment on lines
25
to
26
| submodules: recursive | ||
| token: ${{ secrets.BE_SUBMODULE_TOKEN }} |
Member
There was a problem hiding this comment.
👍 이거 앞에 prefix BE 빼도 되는딩 지금 레포는 우리 밖에 안쓰고 있어서!
Comment on lines
23
to
25
| jwks-uri: ${ouath.kakao.jwks-uri} | ||
| issuer: ${ouath.kakao.issuer} | ||
| audience: ${ouath.kakao.audience} |
Member
There was a problem hiding this comment.
아 그리고 이거 꿀팁이
시크릿 폴더안에 있는 변수들은 앞에 prefix로 secret 붙여야 덜 헷갈리더라~~
나중에 이게 변수인지 설정인지 헷갈리더라고
| // 프로필 완료 여부 (임시 stub) | ||
| val profile = profileRepository.findAll().firstOrNull() | ||
| // 프로필 완료 여부 | ||
| val profile = profileRepository.findByMemberId(memberId) |
| parameter.parameterType == AuthenticatedMemberInfo::class.java | ||
| } | ||
|
|
||
| override fun resolveArgument( |
| return | ||
| } | ||
|
|
||
| request.setAttribute(AuthConstants.CURRENT_MEMBER_ID, memberId) |
| response.contentType = MediaType.APPLICATION_JSON_VALUE | ||
| response.characterEncoding = "UTF-8" | ||
|
|
||
| val errorCode = ErrorCode.UNAUTHORIZED |
| .retrieve() | ||
| .body(JwksResponse::class.java) | ||
| } catch (ex: Exception) { | ||
| throw UnauthorizedException(ErrorCode.OIDC_PROVIDER_ERROR) |
Member
There was a problem hiding this comment.
4xx는 클라이언트쪽 문제라는 건데 이건 서버 쪽 문제지 않나??
그런 측면에서 500 쪽이 더 가까운듯?? 🙋 그냥 RuntimeException 던지고 GlobalExceptionHandler에서 내부 로그 찍고INTERNAL_SERVER_ERROR 로 보여주는거 어때?
Collaborator
Author
There was a problem hiding this comment.
진짜 너무 좋아 300만번 고민함
Comment on lines
11
to
12
| val issuer: String, | ||
| val audience: String, |
Member
There was a problem hiding this comment.
이거 OIDC id_token 검증할 때 사용 안해도 되남?? 🙋
Collaborator
Author
There was a problem hiding this comment.
엇 사용안하려고 검증로직에선 뺏는데 여기를 누락했슴요
삭제할게여~
# Conflicts: # .github/workflows/pr-workflow.yml
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This pull request introduces a comprehensive authentication and authorization system based on JWT and OIDC, along with improvements to controller endpoints to enforce user identity. It also includes infrastructure changes for submodule management and deployment configuration. The most important changes are grouped below.
Authentication & Authorization Infrastructure
JwtAuthenticationFilter), token provider (JwtTokenProvider), and argument resolver (AuthenticatedMemberResolver) to enable secure user identification and request filtering. This allows controllers to access the authenticated member's ID and restrict access based on authentication. [1] [2] [3] [4] [5] [6]Controller & Endpoint Changes
OnboardingControllerendpoints to require authenticated member information via the new resolver, ensuring all onboarding actions are tied to a verified user. [1] [2] [3]AuthControllerwith a Kakao sign-in/up endpoint, delegating authentication logic to the new service layer.Domain Model
Memberentity to represent authenticated users, including provider details and profile linkage for future extensibility.Configuration & Deployment
moa-secretsubmodule for secret management. [1] [2]prodprofile for production readiness.Error Handling
Let me know if you want to dive deeper into any specific part of the authentication flow or how to use these new controller patterns!