From 24bdbce8508fa6815c70f8ad512f73e6b8003854 Mon Sep 17 00:00:00 2001
From: BGuga <tmdwns9913@gmail.com>
Date: Thu, 16 May 2024 12:09:01 +0900
Subject: [PATCH] =?UTF-8?q?refactor:=20Audience=20=EB=A5=BC=20OpenIdTokenP?=
 =?UTF-8?q?arser=20=EC=97=90=EC=84=9C=20=EA=B2=80=EC=A6=9D=ED=95=98?=
 =?UTF-8?q?=EB=8F=84=EB=A1=9D=20=EB=B3=80=EA=B2=BD?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../infrastructure/openid/AppleOpenIdClient.java  | 15 +--------------
 1 file changed, 1 insertion(+), 14 deletions(-)

diff --git a/backend/src/main/java/com/festago/auth/infrastructure/openid/AppleOpenIdClient.java b/backend/src/main/java/com/festago/auth/infrastructure/openid/AppleOpenIdClient.java
index df228713c..a64433ab3 100644
--- a/backend/src/main/java/com/festago/auth/infrastructure/openid/AppleOpenIdClient.java
+++ b/backend/src/main/java/com/festago/auth/infrastructure/openid/AppleOpenIdClient.java
@@ -4,13 +4,10 @@
 import com.festago.auth.domain.OpenIdNonceValidator;
 import com.festago.auth.domain.SocialType;
 import com.festago.auth.domain.UserInfo;
-import com.festago.common.exception.ErrorCode;
-import com.festago.common.exception.UnauthorizedException;
 import io.jsonwebtoken.Claims;
 import io.jsonwebtoken.Jwts;
 import java.time.Clock;
 import java.util.Date;
-import java.util.Set;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.stereotype.Component;
@@ -34,6 +31,7 @@ public AppleOpenIdClient(
         this.openIdNonceValidator = openIdNonceValidator;
         this.idTokenParser = new OpenIdIdTokenParser(Jwts.parser()
             .keyLocator(appleOpenIdPublicKeyLocator)
+            .requireAudience(clientId)
             .requireIssuer(ISSUER)
             .clock(() -> Date.from(clock.instant()))
             .build());
@@ -43,23 +41,12 @@ public AppleOpenIdClient(
     public UserInfo getUserInfo(String idToken) {
         Claims payload = idTokenParser.parse(idToken);
         openIdNonceValidator.validate(payload.get("nonce", String.class), payload.getExpiration());
-        validateAudience(payload.getAudience());
         return UserInfo.builder()
             .socialType(SocialType.APPLE)
             .socialId(payload.getSubject())
             .build();
     }
 
-    private void validateAudience(Set<String> audiences) {
-        for (String audience : audiences) {
-            if (clientId.equals(audience)) {
-                return;
-            }
-        }
-        log.info("허용되지 않는 id 토큰의 audience 값이 요청되었습니다. audiences={}", audiences);
-        throw new UnauthorizedException(ErrorCode.OPEN_ID_INVALID_TOKEN);
-    }
-
     @Override
     public SocialType getSocialType() {
         return SocialType.APPLE;