글로벌 로그인 연동 Resource Server 에는 무엇이 있을까?
바로 Google, Facebook 이다. 글로벌하게 자주 쓰이는 로그인 연동 방식이다.
자, 우리의 개발자들은 생각한다.
뭐? 자주 쓰인다고 ???
자동화해야겠다.
그래서 탄생한 것이 ...
CommonOAuth2Provider 객체이다.
//
// Source code recreated from a .class file by IntelliJ IDEA
// (powered by FernFlower decompiler)
//
package org.springframework.security.config.oauth2.client;
import org.springframework.security.oauth2.client.registration.ClientRegistration;
import org.springframework.security.oauth2.core.AuthorizationGrantType;
import org.springframework.security.oauth2.core.ClientAuthenticationMethod;
public enum CommonOAuth2Provider {
GOOGLE {
public ClientRegistration.Builder getBuilder(String registrationId) {
ClientRegistration.Builder builder = this.getBuilder(registrationId, ClientAuthenticationMethod.CLIENT_SECRET_BASIC, "{baseUrl}/{action}/oauth2/code/{registrationId}");
builder.scope(new String[]{"openid", "profile", "email"});
builder.authorizationUri("https://accounts.google.com/o/oauth2/v2/auth");
builder.tokenUri("https://www.googleapis.com/oauth2/v4/token");
builder.jwkSetUri("https://www.googleapis.com/oauth2/v3/certs");
builder.issuerUri("https://accounts.google.com");
builder.userInfoUri("https://www.googleapis.com/oauth2/v3/userinfo");
builder.userNameAttributeName("sub");
builder.clientName("Google");
return builder;
}
},
GITHUB {
public ClientRegistration.Builder getBuilder(String registrationId) {
ClientRegistration.Builder builder = this.getBuilder(registrationId, ClientAuthenticationMethod.CLIENT_SECRET_BASIC, "{baseUrl}/{action}/oauth2/code/{registrationId}");
builder.scope(new String[]{"read:user"});
builder.authorizationUri("https://github.com/login/oauth/authorize");
builder.tokenUri("https://github.com/login/oauth/access_token");
builder.userInfoUri("https://api.github.com/user");
builder.userNameAttributeName("id");
builder.clientName("GitHub");
return builder;
}
},
FACEBOOK {
public ClientRegistration.Builder getBuilder(String registrationId) {
ClientRegistration.Builder builder = this.getBuilder(registrationId, ClientAuthenticationMethod.CLIENT_SECRET_POST, "{baseUrl}/{action}/oauth2/code/{registrationId}");
builder.scope(new String[]{"public_profile", "email"});
builder.authorizationUri("https://www.facebook.com/v2.8/dialog/oauth");
builder.tokenUri("https://graph.facebook.com/v2.8/oauth/access_token");
builder.userInfoUri("https://graph.facebook.com/me?fields=id,name,email");
builder.userNameAttributeName("id");
builder.clientName("Facebook");
return builder;
}
},
...
public abstract ClientRegistration.Builder getBuilder(String registrationId);
}
따라서 우리 개발자는 다음 속성만 설정해두면 구글 로그인 연동이 알아서 구현된다!!
spring:
security:
oauth2:
client:
registration:
google:
client-id: your-google-client-id
client-secret: your-google-client-secret
redirect-uri: "{baseUrl}/login/oauth2/code/google"'Framework > Spring' 카테고리의 다른 글
| [SAML 2.0] IdP 와 SP 인증을 직접 구현해보자. (1) - IdP 설정 (0) | 2024.12.20 |
|---|---|
| [SAML 2.0] Security Assertion Markup Language (0) | 2024.12.18 |
| [OAuth2] Spring Security 가 OAuth2 를 구현하는 방법 (0) | 2024.12.08 |
| [OAuth2] accessToken에 이어서 왜 refreshToken 까지 필요할까? (1) | 2024.11.30 |
| [Spring Security] HttpBasic 방식을 비활성화 하는 이유 (0) | 2024.11.27 |