From bf2e6526e8ba44ddc895452ba0e5100f9f80c5e3 Mon Sep 17 00:00:00 2001 From: Chanhae Lee Date: Wed, 8 Apr 2026 18:38:54 +0900 Subject: [PATCH] =?UTF-8?q?fix(auth):=20Google=20azp=20=EA=B2=80=EC=A6=9D?= =?UTF-8?q?=EC=97=90=20=EB=8B=A4=EC=8B=9C=20=20iOS=20Client=20ID=20?= =?UTF-8?q?=EC=B6=94=EA=B0=80?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../auth/infra/oauth/client/GoogleOAuth2Client.java | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/src/main/java/com/devkor/ifive/nadab/domain/auth/infra/oauth/client/GoogleOAuth2Client.java b/src/main/java/com/devkor/ifive/nadab/domain/auth/infra/oauth/client/GoogleOAuth2Client.java index 70fe8504..9003dcac 100644 --- a/src/main/java/com/devkor/ifive/nadab/domain/auth/infra/oauth/client/GoogleOAuth2Client.java +++ b/src/main/java/com/devkor/ifive/nadab/domain/auth/infra/oauth/client/GoogleOAuth2Client.java @@ -203,10 +203,14 @@ private void validateIdTokenInfo(GoogleIdTokenInfoResponse tokenInfo) { throw new OAuth2Exception(ErrorCode.AUTH_OAUTH2_USERINFO_FAILED); } - // azp (Authorized party) 검증 (azp가 있으면 우리 앱의 Android Client ID인지 확인) - if (tokenInfo.getAzp() != null && !googleProperties.getAndroidClientId().equals(tokenInfo.getAzp())) { - log.warn("구글 ID Token 검증 실패: 유효하지 않은 authorized party - {}", tokenInfo.getAzp()); - throw new OAuth2Exception(ErrorCode.AUTH_OAUTH2_USERINFO_FAILED); + // azp (Authorized party) 검증 (azp가 있으면 Android 또는 iOS Client ID 중 하나와 일치하는지 확인) + if (tokenInfo.getAzp() != null) { + boolean isValidAzp = googleProperties.getAndroidClientId().equals(tokenInfo.getAzp()) || + googleProperties.getIosClientId().equals(tokenInfo.getAzp()); + if (!isValidAzp) { + log.warn("구글 ID Token 검증 실패: 유효하지 않은 authorized party - {}", tokenInfo.getAzp()); + throw new OAuth2Exception(ErrorCode.AUTH_OAUTH2_USERINFO_FAILED); + } } // 만료 시간 검증