[Fix/#384] Apple Login invalid_request 오류 해결 (#385)

Ssamssamukja · web-flow · commit e6c5ae0030b6 · 2026-03-03T03:13:06.000+09:00
* fix: form_post 적용 강제

* update: spotless 적용
diff --git a/clokey-api/src/main/java/org/clokey/global/security/AppleAwareOAuth2AuthorizationRequestResolver.java b/clokey-api/src/main/java/org/clokey/global/security/AppleAwareOAuth2AuthorizationRequestResolver.java
@@ -6,6 +6,7 @@
 import org.springframework.security.oauth2.client.web.DefaultOAuth2AuthorizationRequestResolver;
 import org.springframework.security.oauth2.client.web.OAuth2AuthorizationRequestResolver;
 import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest;
+import org.springframework.web.util.UriComponentsBuilder;
 
 @RequiredArgsConstructor
 public class AppleAwareOAuth2AuthorizationRequestResolver
@@ -36,9 +37,7 @@ public OAuth2AuthorizationRequest resolve(
             return null;
         }
         return "apple".equals(clientRegistrationId)
-                ? OAuth2AuthorizationRequest.from(authorizationRequest)
-                        .additionalParameters(params -> params.put("response_mode", "form_post"))
-                        .build()
+                ? enforceAppleResponseMode(authorizationRequest)
                 : authorizationRequest;
     }
 
@@ -55,10 +54,23 @@ private OAuth2AuthorizationRequest customizeIfApple(
         }
         String requestUri = request.getRequestURI();
         if (requestUri != null && requestUri.endsWith("/apple")) {
-            return OAuth2AuthorizationRequest.from(authorizationRequest)
-                    .additionalParameters(params -> params.put("response_mode", "form_post"))
-                    .build();
+            return enforceAppleResponseMode(authorizationRequest);
         }
         return authorizationRequest;
     }
+
+    private OAuth2AuthorizationRequest enforceAppleResponseMode(
+            OAuth2AuthorizationRequest authorizationRequest) {
+        String authorizationRequestUri =
+                UriComponentsBuilder.fromUriString(
+                                authorizationRequest.getAuthorizationRequestUri())
+                        .replaceQueryParam("response_mode", "form_post")
+                        .build(true)
+                        .toUriString();
+
+        return OAuth2AuthorizationRequest.from(authorizationRequest)
+                .additionalParameters(params -> params.put("response_mode", "form_post"))
+                .authorizationRequestUri(authorizationRequestUri)
+                .build();
+    }
 }
