Implement Apple OAuth login using OIDC ID token (#11)

subsub97 · web-flow · commit 7d1822a5daea · 2026-02-08T00:24:20.000+09:00
diff --git a/src/main/kotlin/com/moa/common/exception/ErrorCode.kt b/src/main/kotlin/com/moa/common/exception/ErrorCode.kt
@@ -18,6 +18,5 @@ enum class ErrorCode(
     REQUIRED_TERMS_MUST_BE_AGREED("REQUIRED_TERMS_MUST_BE_AGREED", "필수 약관은 동의해야 합니다"),
 
     INVALID_ID_TOKEN("INVALID_ID_TOKEN", "유효하지 않은 ID 토큰입니다"),
-    INVALID_PROVIDER("INVALID_PROVIDER", "유효하지 않는 로그인 방식입니다."),
     EXPIRED_TOKEN("EXPIRED_TOKEN", "토큰이 만료되었습니다"),
 }
diff --git a/src/main/kotlin/com/moa/common/oidc/OidcIdTokenValidator.kt b/src/main/kotlin/com/moa/common/oidc/OidcIdTokenValidator.kt
@@ -15,29 +15,27 @@ class OidcIdTokenValidator(
     private val objectMapper: ObjectMapper
 ) {
     fun validate(provider: ProviderType, idToken: String): OidcUserInfo {
-        val providerProperties = getProviderProperties(provider)
-
-        return validateToken(idToken, providerProperties, provider)
+        return validateToken(idToken, provider)
     }
 
-    private fun getProviderProperties(provider: ProviderType): OidcProviderConfig.ProviderProperties {
+    private fun getJwksConfig(provider: ProviderType): Pair<String, Long> {
         return when (provider) {
-            ProviderType.KAKAO -> config.kakao
-            else -> throw UnauthorizedException(ErrorCode.INVALID_PROVIDER)
+            ProviderType.KAKAO -> config.kakao.jwksUri to config.kakao.cacheTtlSeconds
+            ProviderType.APPLE -> config.apple.jwksUri to config.apple.cacheTtlSeconds
         }
     }
 
     private fun validateToken(
         idToken: String,
-        providerConfig: OidcProviderConfig.ProviderProperties,
         provider: ProviderType
     ): OidcUserInfo {
+        val (jwksUri, cacheTtlSeconds) = getJwksConfig(provider)
         val kid = extractKid(idToken)
 
         val publicKey = publicKeyCache.getPublicKey(
-            jwksUri = providerConfig.jwksUri,
+            jwksUri = jwksUri,
             kid = kid,
-            ttlSeconds = providerConfig.cacheTtlSeconds,
+            ttlSeconds = cacheTtlSeconds,
         )
 
         val claims = try {
diff --git a/src/main/kotlin/com/moa/common/oidc/OidcProviderConfig.kt b/src/main/kotlin/com/moa/common/oidc/OidcProviderConfig.kt
@@ -4,9 +4,15 @@ import org.springframework.boot.context.properties.ConfigurationProperties
 
 @ConfigurationProperties(prefix = "oidc")
 data class OidcProviderConfig(
-    val kakao: ProviderProperties,
+    val kakao: KakaoProviderProperties,
+    val apple: AppleProviderProperties,
 ) {
-    data class ProviderProperties(
+    data class KakaoProviderProperties(
+        val jwksUri: String,
+        val cacheTtlSeconds: Long = 3600,
+    )
+
+    data class AppleProviderProperties(
         val jwksUri: String,
         val cacheTtlSeconds: Long = 3600,
     )
diff --git a/src/main/kotlin/com/moa/controller/AuthController.kt b/src/main/kotlin/com/moa/controller/AuthController.kt
@@ -2,6 +2,8 @@ package com.moa.controller
 
 import com.moa.common.response.ApiResponse
 import com.moa.service.AuthService
+import com.moa.service.dto.AppleSignInUpRequest
+import com.moa.service.dto.AppleSignInUpResponse
 import com.moa.service.dto.KaKaoSignInUpRequest
 import com.moa.service.dto.KakaoSignInUpResponse
 import jakarta.validation.Valid
@@ -19,4 +21,9 @@ class AuthController(
     fun kakaoSignInUp(@RequestBody @Valid kaKaoSignInUpRequest: KaKaoSignInUpRequest): ResponseEntity<ApiResponse<KakaoSignInUpResponse>> {
         return ResponseEntity.ok(ApiResponse.success(authService.kakaoSignInUp(kaKaoSignInUpRequest)))
     }
+
+    @PostMapping("/api/v1/auth/apple")
+    fun appleSignInUp(@RequestBody appleSignInUpRequest: AppleSignInUpRequest): ResponseEntity<ApiResponse<AppleSignInUpResponse>> {
+        return ResponseEntity.ok(ApiResponse.success(authService.appleSignInUp(appleSignInUpRequest)))
+    }
 }
diff --git a/src/main/kotlin/com/moa/service/AuthService.kt b/src/main/kotlin/com/moa/service/AuthService.kt
@@ -5,6 +5,8 @@ import com.moa.common.oidc.OidcIdTokenValidator
 import com.moa.entity.Member
 import com.moa.entity.ProviderType
 import com.moa.repository.MemberRepository
+import com.moa.service.dto.AppleSignInUpRequest
+import com.moa.service.dto.AppleSignInUpResponse
 import com.moa.service.dto.KaKaoSignInUpRequest
 import com.moa.service.dto.KakaoSignInUpResponse
 import org.springframework.stereotype.Service
@@ -48,4 +50,36 @@ class AuthService(
             registerToken,
         )
     }
+
+    @Transactional
+    fun appleSignInUp(request: AppleSignInUpRequest): AppleSignInUpResponse {
+        val userInfo = oidcIdTokenValidator.validate(ProviderType.APPLE, request.idToken)
+
+        val member = memberRepository.findByProviderAndProviderSubject(
+            provider = userInfo.provider,
+            providerSubject = userInfo.subject,
+        )
+
+        member?.let {
+            return AppleSignInUpResponse(
+                jwtTokenProvider.createAccessToken(member.id)
+            )
+        }
+
+        val registeredMember = memberRepository.save(
+            Member(
+                provider = ProviderType.APPLE,
+                providerSubject = userInfo.subject,
+                profile = null,
+            )
+        )
+
+        val registerToken = jwtTokenProvider.createAccessToken(
+            registeredMember.id
+        )
+
+        return AppleSignInUpResponse(
+            registerToken,
+        )
+    }
 }
diff --git a/src/main/kotlin/com/moa/service/dto/AppleSignInUpRequest.kt b/src/main/kotlin/com/moa/service/dto/AppleSignInUpRequest.kt
@@ -0,0 +1,9 @@
+package com.moa.service.dto
+
+import jakarta.validation.constraints.NotBlank
+
+data class AppleSignInUpRequest(
+    @field:NotBlank
+    val idToken: String,
+    val fcmDeviceToken: String? = null,
+)
diff --git a/src/main/kotlin/com/moa/service/dto/AppleSignInUpResponse.kt b/src/main/kotlin/com/moa/service/dto/AppleSignInUpResponse.kt
@@ -0,0 +1,5 @@
+package com.moa.service.dto
+
+data class AppleSignInUpResponse(
+    val accessToken: String? = null,
+)
diff --git a/src/main/resources/application-local.yml b/src/main/resources/application-local.yml
@@ -30,3 +30,6 @@ oidc:
   kakao:
     jwks-uri: ${secret.oauth.kakao.jwks-uri}
     cache-ttl-seconds: ${secret.oauth.cache-ttl-seconds}
+  apple:
+    jwks-uri: ${secret.oauth.apple.jwks-uri}
+    cache-ttl-seconds: ${secret.oauth.cache-ttl-seconds}
diff --git a/src/main/resources/application-prod.yml b/src/main/resources/application-prod.yml
@@ -8,7 +8,7 @@ spring:
   jpa:
     database-platform: org.hibernate.dialect.MySQLDialect
     hibernate:
-      ddl-auto: update
+      ddl-auto: create-drop
     properties:
       hibernate:
         format_sql: true
@@ -22,3 +22,6 @@ oidc:
   kakao:
     jwks-uri: ${secret.oauth.kakao.jwks-uri}
     cache-ttl-seconds: ${secret.oauth.cache-ttl-seconds}
+  apple:
+    jwks-uri: ${secret.oauth.apple.jwks-uri}
+    cache-ttl-seconds: ${secret.oauth.cache-ttl-seconds}
diff --git a/src/main/resources/moa-secret b/src/main/resources/moa-secret
@@ -1 +1 @@
-Subproject commit ffc16e3af877893dcd5c8df73137bb1b4559ede9
+Subproject commit 613485d9ba20c5131791aab9ddcac48a2cd7ddb0
diff --git a/src/test/resources/application-test.yml b/src/test/resources/application-test.yml
@@ -10,3 +10,6 @@ oidc:
   kakao:
     jwks-uri: ${secret.oauth.kakao.jwks-uri}
     cache-ttl-seconds: ${secret.oauth.cache-ttl-seconds}
+  apple:
+    jwks-uri: ${secret.oauth.apple.jwks-uri}
+    cache-ttl-seconds: ${secret.oauth.cache-ttl-seconds}

Original file line number	Diff line number	Diff line change
`@@ -18,6 +18,5 @@ enum class ErrorCode(`
`18`	`18`	`REQUIRED_TERMS_MUST_BE_AGREED("REQUIRED_TERMS_MUST_BE_AGREED", "필수 약관은 동의해야 합니다"),`
`19`	`19`
`20`	`20`	`INVALID_ID_TOKEN("INVALID_ID_TOKEN", "유효하지 않은 ID 토큰입니다"),`
`21`		`- INVALID_PROVIDER("INVALID_PROVIDER", "유효하지 않는 로그인 방식입니다."),`
`22`	`21`	`EXPIRED_TOKEN("EXPIRED_TOKEN", "토큰이 만료되었습니다"),`
`23`	`22`	`}`