ASAP-445 네이버 OAuth 상태(state) 파라미터 추가 및 토큰 요청 로직 리팩토링

Author: tlarbals824

Application-Module/src/main/kotlin/com/asap/application/user/port/out/AuthInfoRetrievePort.kt

@@ -14,5 +14,6 @@ interface AuthInfoRetrievePort {
     fun getAccessToken(
         provider: SocialLoginProvider,
         code: String,
+        state: String,
     ): String
 }

Bootstrap-Module/src/main/kotlin/com/asap/bootstrap/web/auth/controller/AuthController.kt

@@ -59,10 +59,12 @@ class AuthController(
         provider: String,
         request: OAuthAccessTokenRequest,
     ): OAuthAccessTokenResponse {
-        val accessToken = authInfoRetrievePort.getAccessToken(
-            provider = SocialLoginProvider.valueOf(provider),
-            code = request.code,
-        )
+        val accessToken =
+            authInfoRetrievePort.getAccessToken(
+                provider = SocialLoginProvider.valueOf(provider),
+                code = request.code,
+                state = request.state,
+            )
         return OAuthAccessTokenResponse(
             accessToken = accessToken,
         )

Bootstrap-Module/src/main/kotlin/com/asap/bootstrap/web/auth/dto/OAuthAccessTokenRequest.kt

@@ -2,4 +2,5 @@ package com.asap.bootstrap.web.auth.dto
 
 data class OAuthAccessTokenRequest(
     val code: String,
+    val state: String,
 )

Bootstrap-Module/src/test/kotlin/com/asap/bootstrap/acceptance/auth/controller/AuthControllerTest.kt

@@ -124,11 +124,12 @@ class AuthControllerTest : AcceptanceSupporter() {
         // given
         val provider = "KAKAO"
         val code = "authorization_code"
-        val request = OAuthAccessTokenRequest(code)
+        val state = "state"
+        val request = OAuthAccessTokenRequest(code, state)
         val expectedAccessToken = "access_token"
 
         BDDMockito
-            .given(authInfoRetrievePort.getAccessToken(SocialLoginProvider.valueOf(provider), code))
+            .given(authInfoRetrievePort.getAccessToken(SocialLoginProvider.valueOf(provider), code, state))
             .willReturn(expectedAccessToken)
 
         // when

Infrastructure-Module/Client/src/main/kotlin/com/asap/client/ClientProperties.kt

@@ -3,15 +3,15 @@ package com.asap.client
 import org.springframework.boot.context.properties.ConfigurationProperties
 
 @ConfigurationProperties(prefix = "client")
-class ClientProperties {
-    var oauth: OAuthProperties = OAuthProperties()
-}
+class ClientProperties(
+    var oauth: OAuthProperties = OAuthProperties(),
+)
 
-class OAuthProperties {
-    var naver: NaverOAuthProperties = NaverOAuthProperties()
-}
+class OAuthProperties(
+    var naver: NaverOAuthProperties = NaverOAuthProperties(),
+)
 
-class NaverOAuthProperties {
-    var clientId: String = ""
-    var clientSecret: String = ""
-}
+class NaverOAuthProperties(
+    var clientId: String = "",
+    var clientSecret: String = "",
+)

Infrastructure-Module/Client/src/main/kotlin/com/asap/client/oauth/OAuthInfoRetrieveAdapter.kt

@@ -34,9 +34,10 @@ class OAuthInfoRetrieveAdapter(
     override fun getAccessToken(
         provider: SocialLoginProvider,
         code: String,
+        state: String,
     ): String {
         val accessTokenResponse =
-            oAuthRetrieveHandlers[provider]?.getAccessToken(OAuthRetrieveHandler.OAuthGetAccessTokenRequest(code))
+            oAuthRetrieveHandlers[provider]?.getAccessToken(OAuthRetrieveHandler.OAuthGetAccessTokenRequest(code, state))
                 ?: throw OAuthException.OAuthRetrieveFailedException("OAuth Access Token을 가져오는 핸들러가 존재하지 않습니다.")
 
         return accessTokenResponse.accessToken

Infrastructure-Module/Client/src/main/kotlin/com/asap/client/oauth/OAuthRetrieveHandler.kt

@@ -19,6 +19,7 @@ interface OAuthRetrieveHandler {
 
     data class OAuthGetAccessTokenRequest(
         val code: String,
+        val state: String,
     )
 
     data class OAuthAccessTokenResponse(

Infrastructure-Module/Client/src/main/kotlin/com/asap/client/oauth/OAuthWebClientConfig.kt

@@ -34,4 +34,13 @@ class OAuthWebClientConfig {
             .baseUrl("https://openapi.naver.com")
             .defaultHeader("Content-Type", MediaType.APPLICATION_JSON_VALUE)
             .build()
+
+    @Bean
+    @Qualifier("getNaverAccessTokenWebClient")
+    fun getNaverAccessTokenWebClient(): WebClient =
+        WebClient
+            .builder()
+            .baseUrl("https://nid.naver.com")
+            .defaultHeader("Content-Type", MediaType.APPLICATION_JSON_VALUE)
+            .build()
 }

Infrastructure-Module/Client/src/main/kotlin/com/asap/client/oauth/platform/NaverOAuthRetrieveHandler.kt

@@ -12,29 +12,33 @@ import org.springframework.web.util.UriComponentsBuilder
 @Component
 class NaverOAuthRetrieveHandler(
     @Qualifier("naverWebClient") naverWebClient: WebClient,
+    @Qualifier("getNaverAccessTokenWebClient") val getNaverAccessTokenWebClient: WebClient,
     private val clientProperties: ClientProperties,
 ) : AbstractOAuthRetrieveHandler<NaverOAuthRetrieveHandler.NaverOAuthUserInfoResponse>(naverWebClient) {
     private val naverOAuthConfig by lazy { clientProperties.oauth.naver }
 
     override fun getAccessToken(request: OAuthRetrieveHandler.OAuthGetAccessTokenRequest): OAuthRetrieveHandler.OAuthAccessTokenResponse {
-        val accessTokenUri =
+        val accessTokenUrl =
             NaverAccessTokenRequest(
                 grantType = "authorization_code",
                 clientId = naverOAuthConfig.clientId,
                 clientSecret = naverOAuthConfig.clientSecret,
                 code = request.code,
-            ).toUriComponents("/oauth2/token")
+            ).toUriComponents("/oauth2.0/token")
 
         val response =
-            webClient
+            getNaverAccessTokenWebClient
                 .get()
-                .uri(accessTokenUri)
+                .uri(accessTokenUrl)
                 .retrieve()
                 .bodyToMono(NaverAccessTokenResponse::class.java)
                 .block()
                 ?: throw OAuthException.OAuthRetrieveFailedException(getErrorMessage())
 
-        return OAuthRetrieveHandler.OAuthAccessTokenResponse(response.accessToken, response.tokenType)
+        return OAuthRetrieveHandler.OAuthAccessTokenResponse(
+            accessToken = response.accessToken,
+            refreshToken = response.tokenType,
+        )
     }
 
     override fun getApiEndpoint(): String = "/v1/nid/me"
@@ -45,10 +49,10 @@ class NaverOAuthRetrieveHandler(
 
     override fun mapToOAuthResponse(response: NaverOAuthUserInfoResponse): OAuthRetrieveHandler.OAuthResponse =
         OAuthRetrieveHandler.OAuthResponse(
-            username = response.response.nickname,
+            username = "",
             socialId = response.response.id,
             email = response.response.email,
-            profileImage = response.response.profile_image,
+            profileImage = "",
         )
 
     data class NaverOAuthUserInfoResponse(
@@ -59,29 +63,18 @@ class NaverOAuthRetrieveHandler(
 
     data class NaverUserResponse(
         val id: String,
-        val nickname: String,
-        val name: String,
         val email: String,
-        val gender: String,
-        val age: String,
-        val birthday: String,
-        val profile_image: String,
-        val birthyear: String,
-        val mobile: String,
     )
 
     data class NaverAccessTokenRequest(
-        @JsonProperty("grant_type")
         val grantType: String,
-        @JsonProperty("client_id")
         val clientId: String,
-        @JsonProperty("client_secret")
         val clientSecret: String,
         val code: String,
     ) {
-        fun toUriComponents(baseUri: String): String =
+        fun toUriComponents(basePath: String): String =
             UriComponentsBuilder
-                .fromPath(baseUri)
+                .fromPath(basePath)
                 .queryParam("grant_type", grantType)
                 .queryParam("client_id", clientId)
                 .queryParam("client_secret", clientSecret)
@@ -90,9 +83,13 @@ class NaverOAuthRetrieveHandler(
     }
 
     data class NaverAccessTokenResponse(
+        @JsonProperty("access_token")
         val accessToken: String,
+        @JsonProperty("refresh_token")
         val refreshToken: String,
+        @JsonProperty("token_type")
         val tokenType: String,
+        @JsonProperty("expires_in")
         val expiresIn: Int,
     )
 }

Infrastructure-Module/Client/src/test/kotlin/com/asap/client/oauth/platform/NaverOAuthRetrieveHandlerTest.kt

@@ -1,5 +1,8 @@
 package com.asap.client.oauth.platform
 
+import com.asap.client.ClientProperties
+import com.asap.client.NaverOAuthProperties
+import com.asap.client.OAuthProperties
 import com.asap.client.oauth.OAuthRetrieveHandler
 import com.asap.client.oauth.exception.OAuthException
 import io.kotest.assertions.throwables.shouldThrow
@@ -12,16 +15,29 @@ import org.springframework.web.reactive.function.client.WebClient
 
 class NaverOAuthRetrieveHandlerTest :
     BehaviorSpec({
-        var mockWebServer = MockWebServer().also {
-            it.start()
-        }
+        var mockWebServer =
+            MockWebServer().also {
+                it.start()
+            }
         var naverWebClient: WebClient =
             WebClient
                 .builder()
                 .baseUrl(mockWebServer.url("/").toString())
                 .defaultHeader("Content-Type", MediaType.APPLICATION_JSON_VALUE)
                 .build()
-        var naverOAuthRetrieveHandler = NaverOAuthRetrieveHandler(naverWebClient)
+
+        val config =
+            ClientProperties(
+                oauth =
+                    OAuthProperties(
+                        naver =
+                            NaverOAuthProperties(
+                                clientId = "test-client-id",
+                                clientSecret = "test-client-secret",
+                            ),
+                    ),
+            )
+        var naverOAuthRetrieveHandler = NaverOAuthRetrieveHandler(naverWebClient, naverWebClient, config)
 
         given("OAuth 요청이 성공적으로 처리되었을 때") {
             val accessToken = "test-access-token"
@@ -58,10 +74,8 @@ class NaverOAuthRetrieveHandlerTest :
                 val response = naverOAuthRetrieveHandler.getOAuthInfo(request)
 
                 then("올바른 OAuthResponse를 반환해야 한다") {
-                    response.username shouldBe "Test User"
                     response.socialId shouldBe "12345"
                     response.email shouldBe "test@example.com"
-                    response.profileImage shouldBe "https://example.com/profile.jpg"
 
                     // 요청 검증
                     val recordedRequest = mockWebServer.takeRequest()
@@ -110,4 +124,4 @@ class NaverOAuthRetrieveHandlerTest :
                 }
             }
         }
-    })
+    })