์ด๋ฒ ์๊ฐ์๋ ๊ตฌ๊ธ๊ณ์ ์ผ๋ก ๋ก๊ทธ์ธ ๊ธฐ๋ฅ์ ๊ตฌํํด๋ณด๊ฒ ์ต๋๋ค.
์ฐธ๊ณ :
- ๋ค์ด๋ฒ ๊ณ์ ์ผ๋ก ๋ก๊ทธ์ธ์ ์ฌ๊ธฐ๋ฅผ ์ฐธ์กฐํ์๊ธฐ ๋ฐ๋๋๋ค.
- ์นด์นด์ค ๊ณ์ ์ผ๋ก ๋ก๊ทธ์ธ์ ์ฌ๊ธฐ๋ฅผ ์ฐธ์กฐํ์๊ธฐ ๋ฐ๋๋๋ค.
- ์์ ๋ก๊ทธ์ธ์ ํ๊ธฐ์ํด ํ์ํ API ํค ๋ฐ๊ธ์ ์ฌ๊ธฐ๋ฅผ ์ฐธ์กฐํ์๊ธฐ ๋ฐ๋๋๋ค.
1. ์ธ์ฆ ์ฝ๋ ๋ฐ๊ธฐ
์ํ๋ ํ๊ทธ์ ๋งํฌ๋ฅผ ์ถ๊ฐํด์ค๋๋ค.
<a href="https://accounts.google.com/o/oauth2/v2/auth?
scope=https%3A//www.googleapis.com/auth/drive.metadata.readonly&
access_type=offline&
include_granted_scopes=true&
response_type=code&
state=state_parameter_passthrough_value&
redirect_uri=https%3A//oauth2.example.com/code&
client_id=client_id">๊ตฌ๊ธ ๋ก๊ทธ์ธ</a>
ํด๋น ํ๊ทธ๋ฅผ ํด๋ฆญํ๊ฒ ๋๋ฉด, ๊ตฌ๊ธ ๋ฆฌ์์ค ์๋ฒ๋ก ์์ฒญ์ ๋ณด๋ด๊ฒ ๋๊ณ , ์ฐ๋ฆฌ๊ฐ ์ค์ ํ ๋ฆฌ๋ค์ด๋ ์ URI๋ก ์ฝ๋๋ฅผ ๋ฐ์ ์ ์์ต๋๋ค.
๋งํฌ๋ฅผ ํ์ธํด๋ณด๋ฉด, ์๋์ ๊ฐ์ด ์ฟผ๋ฆฌ ์คํธ๋ง ํ๋ผ๋ฏธํฐ์ code๊ฐ์ด ๋ด๊ฒจ์์ ๊ฒ์ ๋๋ค.
http://localhost:8080/login/oauth2/code/google?code=4%2F0AY0e-g6cMCFbgwTV.........AFZl50QB77171EBPQApBwA
2. ์ธ์ฆ ์ฝ๋๋ฅผ ๊ฐ์ง๊ณ Access ํ ํฐ์ผ๋ก ๊ตํํ๊ธฐ
2-1. Redirect URI ์์ฒญ์ ์ฒ๋ฆฌํ Controller ์์ฑ
@GetMapping("/google")
@ResponseBody
public String googleOAuthRedirect(@RequestParam String code) {
RestTemplate rt = new RestTemplate();
HttpHeaders headers = new HttpHeaders();
headers.add("Content-Type", "application/x-www-form-urlencoded");
MultiValueMap<String, String> params = new LinkedMultiValueMap<>();
params.add("client_id", "986673395771-5hs9a0e3keolbsa9rvc0ologqrq21vlm.apps.googleusercontent.com");
params.add("client_secret", "BaTi_oegV5ts5yMkHUhGv-ZN");
params.add("code", code);
params.add("grant_type", "authorization_code");
params.add("redirect_uri", "http://localhost:8080/login/oauth2/code/google");
HttpEntity<MultiValueMap<String, String>> accessTokenRequest = new HttpEntity<>(params, headers);
ResponseEntity<String> accessTokenResponse = rt.exchange(
"https://oauth2.googleapis.com/token",
HttpMethod.POST,
accessTokenRequest,
String.class
);
return "response : " + accessTokenResponse.getBody();
}๊ฐ๊ฐ ์๋ง์ ์ ๋ณด๋ฅผ ๋ฃ์ด์ค ๋ค ์๋ฒ์ ์์ฒญํ๋ฉด, ์์ธ์ค ํ ํฐ์ ๋ฐ์ ์ ์์ต๋๋ค.
3. ํ๋กํ ์ ๋ณด ์์ฒญํ๊ธฐ
๋์ ํ ๋ชป ์ฐพ๋ค๊ฐ ์๋์ ๊ฐ์ ์์ฒญ์ ์ฐพ์๋๋ฐ ๋ง๋์ง ๋ชจ๋ฅด๊ฒ ๋ค..
์์ ์ปจํธ๋กค๋ฌ์ ์๋ ํ๋กํ ์์ฒญ ์ฝ๋๋ง ๋ถ์ฌ์ฃผ๋ฉด ๋ฉ๋๋ค.
... ์ฝ๋ ์๋ต ....
// ์ฌ๊ธฐ์๋ถํฐ, ํ๋กํ ์ ๋ณด ์ป์ด์ค๋ ์์ฒญ
HttpHeaders headers1 = new HttpHeaders();
headers1.add("Authorization", "Bearer " + googleOauthParams.getAccess_token());
HttpEntity profileRequest = new HttpEntity(headers1);
ResponseEntity<String> profileResponse = rt.exchange(
"https://oauth2.googleapis.com/tokeninfo?id_token=" + googleOauthParams.getId_token(),
HttpMethod.GET,
profileRequest,
String.class
);
return "ํ๋กํ ์ ๋ณด : " + profileResponse.getBody();
}
์ด๋ ๊ฒ ์์ฒญ์ ํ๊ฒ ๋๋ฉด, ์๋ ์ฒ๋ผ ์ ์์ ์ผ๋ก ๋ฐ์ดํฐ๋ฅผ ๋ฐ์ ์ ์์ต๋๋ค!
{
// These six fields are included in all Google ID Tokens.
"iss": "https://accounts.google.com",
"sub": "110169484474386276334",
"azp": "1008719970978-hb24n2dstb40o45d4feuo2ukqmcc6381.apps.googleusercontent.com",
"aud": "1008719970978-hb24n2dstb40o45d4feuo2ukqmcc6381.apps.googleusercontent.com",
"iat": "1433978353",
"exp": "1433981953",
// These seven fields are only included when the user has granted the "profile" and
// "email" OAuth scopes to the application.
"email": "testuser@gmail.com",
"email_verified": "true",
"name" : "Test User",
"picture": "https://lh4.googleusercontent.com/-kYgzyAWpZzJ/ABCDEFGHI/AAAJKLMNOP/tIXL9Ir44LE/s99-c/photo.jpg",
"given_name": "Test",
"family_name": "User",
"locale": "en"
}
์ด์์ผ๋ก ๊ตฌ๊ธ ์์ด๋๋ก ๋ก๊ทธ์ธ ๊ธฐ๋ฅ์ ๊ตฌํํด๋ณด์์ต๋๋ค.
๊ฐ์ฌํฉ๋๋ค.
REFERENCE
์น ์๋ฒ ์ ํ๋ฆฌ์ผ์ด์ ์ OAuth 2.0 ์ฌ์ฉ | Google ID ํ๋ซํผ | Google Developers
developers.google.com
์ด๋ฒ ์๊ฐ์๋ ๊ตฌ๊ธ๊ณ์ ์ผ๋ก ๋ก๊ทธ์ธ ๊ธฐ๋ฅ์ ๊ตฌํํด๋ณด๊ฒ ์ต๋๋ค.
์ฐธ๊ณ :
- ๋ค์ด๋ฒ ๊ณ์ ์ผ๋ก ๋ก๊ทธ์ธ์ ์ฌ๊ธฐ๋ฅผ ์ฐธ์กฐํ์๊ธฐ ๋ฐ๋๋๋ค.
- ์นด์นด์ค ๊ณ์ ์ผ๋ก ๋ก๊ทธ์ธ์ ์ฌ๊ธฐ๋ฅผ ์ฐธ์กฐํ์๊ธฐ ๋ฐ๋๋๋ค.
- ์์ ๋ก๊ทธ์ธ์ ํ๊ธฐ์ํด ํ์ํ API ํค ๋ฐ๊ธ์ ์ฌ๊ธฐ๋ฅผ ์ฐธ์กฐํ์๊ธฐ ๋ฐ๋๋๋ค.
1. ์ธ์ฆ ์ฝ๋ ๋ฐ๊ธฐ
์ํ๋ ํ๊ทธ์ ๋งํฌ๋ฅผ ์ถ๊ฐํด์ค๋๋ค.
<a href="https://accounts.google.com/o/oauth2/v2/auth?
scope=https%3A//www.googleapis.com/auth/drive.metadata.readonly&
access_type=offline&
include_granted_scopes=true&
response_type=code&
state=state_parameter_passthrough_value&
redirect_uri=https%3A//oauth2.example.com/code&
client_id=client_id">๊ตฌ๊ธ ๋ก๊ทธ์ธ</a>
ํด๋น ํ๊ทธ๋ฅผ ํด๋ฆญํ๊ฒ ๋๋ฉด, ๊ตฌ๊ธ ๋ฆฌ์์ค ์๋ฒ๋ก ์์ฒญ์ ๋ณด๋ด๊ฒ ๋๊ณ , ์ฐ๋ฆฌ๊ฐ ์ค์ ํ ๋ฆฌ๋ค์ด๋ ์ URI๋ก ์ฝ๋๋ฅผ ๋ฐ์ ์ ์์ต๋๋ค.
๋งํฌ๋ฅผ ํ์ธํด๋ณด๋ฉด, ์๋์ ๊ฐ์ด ์ฟผ๋ฆฌ ์คํธ๋ง ํ๋ผ๋ฏธํฐ์ code๊ฐ์ด ๋ด๊ฒจ์์ ๊ฒ์ ๋๋ค.
http://localhost:8080/login/oauth2/code/google?code=4%2F0AY0e-g6cMCFbgwTV.........AFZl50QB77171EBPQApBwA
2. ์ธ์ฆ ์ฝ๋๋ฅผ ๊ฐ์ง๊ณ Access ํ ํฐ์ผ๋ก ๊ตํํ๊ธฐ
2-1. Redirect URI ์์ฒญ์ ์ฒ๋ฆฌํ Controller ์์ฑ
@GetMapping("/google")
@ResponseBody
public String googleOAuthRedirect(@RequestParam String code) {
RestTemplate rt = new RestTemplate();
HttpHeaders headers = new HttpHeaders();
headers.add("Content-Type", "application/x-www-form-urlencoded");
MultiValueMap<String, String> params = new LinkedMultiValueMap<>();
params.add("client_id", "986673395771-5hs9a0e3keolbsa9rvc0ologqrq21vlm.apps.googleusercontent.com");
params.add("client_secret", "BaTi_oegV5ts5yMkHUhGv-ZN");
params.add("code", code);
params.add("grant_type", "authorization_code");
params.add("redirect_uri", "http://localhost:8080/login/oauth2/code/google");
HttpEntity<MultiValueMap<String, String>> accessTokenRequest = new HttpEntity<>(params, headers);
ResponseEntity<String> accessTokenResponse = rt.exchange(
"https://oauth2.googleapis.com/token",
HttpMethod.POST,
accessTokenRequest,
String.class
);
return "response : " + accessTokenResponse.getBody();
}๊ฐ๊ฐ ์๋ง์ ์ ๋ณด๋ฅผ ๋ฃ์ด์ค ๋ค ์๋ฒ์ ์์ฒญํ๋ฉด, ์์ธ์ค ํ ํฐ์ ๋ฐ์ ์ ์์ต๋๋ค.
3. ํ๋กํ ์ ๋ณด ์์ฒญํ๊ธฐ
๋์ ํ ๋ชป ์ฐพ๋ค๊ฐ ์๋์ ๊ฐ์ ์์ฒญ์ ์ฐพ์๋๋ฐ ๋ง๋์ง ๋ชจ๋ฅด๊ฒ ๋ค..
์์ ์ปจํธ๋กค๋ฌ์ ์๋ ํ๋กํ ์์ฒญ ์ฝ๋๋ง ๋ถ์ฌ์ฃผ๋ฉด ๋ฉ๋๋ค.
... ์ฝ๋ ์๋ต ....
// ์ฌ๊ธฐ์๋ถํฐ, ํ๋กํ ์ ๋ณด ์ป์ด์ค๋ ์์ฒญ
HttpHeaders headers1 = new HttpHeaders();
headers1.add("Authorization", "Bearer " + googleOauthParams.getAccess_token());
HttpEntity profileRequest = new HttpEntity(headers1);
ResponseEntity<String> profileResponse = rt.exchange(
"https://oauth2.googleapis.com/tokeninfo?id_token=" + googleOauthParams.getId_token(),
HttpMethod.GET,
profileRequest,
String.class
);
return "ํ๋กํ ์ ๋ณด : " + profileResponse.getBody();
}
์ด๋ ๊ฒ ์์ฒญ์ ํ๊ฒ ๋๋ฉด, ์๋ ์ฒ๋ผ ์ ์์ ์ผ๋ก ๋ฐ์ดํฐ๋ฅผ ๋ฐ์ ์ ์์ต๋๋ค!
{
// These six fields are included in all Google ID Tokens.
"iss": "https://accounts.google.com",
"sub": "110169484474386276334",
"azp": "1008719970978-hb24n2dstb40o45d4feuo2ukqmcc6381.apps.googleusercontent.com",
"aud": "1008719970978-hb24n2dstb40o45d4feuo2ukqmcc6381.apps.googleusercontent.com",
"iat": "1433978353",
"exp": "1433981953",
// These seven fields are only included when the user has granted the "profile" and
// "email" OAuth scopes to the application.
"email": "testuser@gmail.com",
"email_verified": "true",
"name" : "Test User",
"picture": "https://lh4.googleusercontent.com/-kYgzyAWpZzJ/ABCDEFGHI/AAAJKLMNOP/tIXL9Ir44LE/s99-c/photo.jpg",
"given_name": "Test",
"family_name": "User",
"locale": "en"
}
์ด์์ผ๋ก ๊ตฌ๊ธ ์์ด๋๋ก ๋ก๊ทธ์ธ ๊ธฐ๋ฅ์ ๊ตฌํํด๋ณด์์ต๋๋ค.
๊ฐ์ฌํฉ๋๋ค.
REFERENCE
์น ์๋ฒ ์ ํ๋ฆฌ์ผ์ด์ ์ OAuth 2.0 ์ฌ์ฉ | Google ID ํ๋ซํผ | Google Developers
developers.google.com
