passport-oauth2 (feat: passport-apple)
0
- kakao
- REST API key 생성 및 Redirect URI 등록 : https://developers.kakao.com/console/app --> 제품 설정 --> 카카오 로그인 --> Redirect URI
- Kakao Login REST API : https://developers.kakao.com/docs/latest/ko/kakaologin/rest-api#request-code
https://kauth.kakao.com/oauth/authorize?scope=account_email&response_type=code&client_id=[REST API key]&redirect_uri=[Redirect URI]
- google
- Client ID 생성 및 Redirect URI 등록 : https://console.developers.google.com (https://console.cloud.google.com/apis) --> 프로젝트 선택 --> 사용자 인증 정보 --> OAuth 2.0 클라이언트 ID
- Google's OAuth 2.0 endpoint : https://developers.google.com/identity/protocols/oauth2/javascript-implicit-flow
https://accounts.google.com/o/oauth2/v2/auth?scope=https%3A//www.googleapis.com/auth/userinfo.profile%20https%3A//www.googleapis.com/auth/userinfo.email&access_type=offline&include_granted_scopes=true&response_type=code&redirect_uri=[Redirect URI]&client_id=[Client ID]
- apple
- Client ID 생성 및 Return URI 등록 : https://developer.apple.com/account/resources/identifiers/list/serviceId
- Key ID 생성 : https://developer.apple.com/account/resources/authkeys/list
- Sign in with Apple / Web Service Endpoint : https://developer.apple.com/documentation/sign_in_with_apple/request_an_authorization_to_the_sign_in_with_apple_server
https://appleid.apple.com/auth/authorize?client_id=[CLIENT_ID]&redirect_uri=[REDIRECT_URL]&response_type=code%20id_token&state=[STATE]&scope=name%20email&response_mode=form_post
- passport-oauth2에 의존적인 packages
- passport-kakao
- passport-google-oauth20
- passport-apple
https://github.com/youngkiu/nestjs-kakaologin/blob/main/src/auth/google/google.strategy.ts
다른 여타의 passport-oauth2와 다르게, validate() method를 구현하지 않으며,
(response_type=code%20id_token이기 때문이며, response_type=code이면 구현해야 한다.)
다른 여타의 passport-oauth2의 validate()에서 하는 역할을 constructor의 callback으로 제공한다.
https://github.com/ananay/passport-apple
import { Injectable } from '@nestjs/common';
import { ConfigService } from '@nestjs/config';
import { PassportStrategy } from '@nestjs/passport';
import { JwtService } from '@nestjs/jwt';
import { Strategy } from 'passport-apple';
import { PinoLogger } from 'nestjs-pino';
import { readFileSync } from 'fs';
import { AppleUserDataDto } from './apple_user_data.dto';
import { UserService } from '../../user/user.service';
import { CreateUserDto } from '../../user/create_user.dto';
@Injectable()
export class AppleStrategy extends PassportStrategy(Strategy) {
constructor(
private readonly configService: ConfigService,
private readonly jwtService: JwtService,
private readonly userService: UserService,
private readonly logger: PinoLogger,
) {
logger.setContext(AppleStrategy.name);
super(
{
clientID: configService.get<string>('APPLE_CLIENT_ID'),
teamID: configService.get<string>('APPLE_TEAM_ID'),
callbackURL: configService.get<string>('APPLE_CALLBACK_URL'),
keyID: configService.get<string>('APPLE_KEY_ID'),
privateKeyString: readFileSync(
configService.get<string>('APPLE_KEYFILE_PATH'),
),
passReqToCallback: true,
},
async function (req, accessToken, refreshToken, idToken, profile, cb) {
try {
const idTokenDecoded = jwtService.decode(idToken) as AppleUserDataDto;
logger.debug(JSON.stringify(idTokenDecoded));
const provider = 'google';
const { sub: providerId, email } = idTokenDecoded;
const user = await userService.find(provider, providerId);
if (user) {
return cb(null, user);
}
const userData: CreateUserDto = {
provider,
providerId,
email,
profile: idTokenDecoded,
accessToken,
refreshToken,
};
await userService.create(userData);
cb(null, userData);
} catch (error) {
logger.error(error);
}
},
);
}
}참고)
- https://developoerty.tistory.com/125
- https://lhr0419.medium.com/apple-login-%EC%82%AC%EC%9A%A9%ED%95%B4%EB%B3%B4%EA%B8%B0-a5b70fbf2f02
- https://d0lim.com/blog/2022/06/login-with-apple-workaround/
https://blog.devgenius.io/how-to-implement-apple-login-with-nestjs-in-seconds-b88f05abe847https://stackoverflow.com/questions/75494769/signin-with-apple-with-passport-apple-library-not-returning-id-token-in-nestjs- https://stackoverflow.com/questions/75394620/failed-to-obtain-access-token-error-when-using-passport-apple
