[FEAT] 애플 소셜 유저 로그아웃 기능 구현 #217
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Kim-TaeUk
reviewed
Nov 6, 2024
Kim-TaeUk
reviewed
Nov 6, 2024
Kim-TaeUk
reviewed
Nov 7, 2024
src/main/java/org/websoso/WSSServer/oauth2/service/AppleService.java
Outdated
Show resolved
Hide resolved
rinarina0429
reviewed
Nov 7, 2024
Member
rinarina0429
left a comment
rinarina0429
left a comment
There was a problem hiding this comment.
이미 있는 리뷰 말고는 남길게 없는 것 같네요! 수고하셨습니다~~ 수정하고 리뷰 한번만 더 요청해주세요오
Kim-TaeUk
approved these changes
Nov 10, 2024
rinarina0429
approved these changes
Nov 10, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Related Issue
Key Changes
애플에서 따로 제공하는 로그아웃 API가 없어서 서비스 자체 로그아웃 기능을 구현했습니다.
구 방법
2. redis에서 해당 유저의 리프레시 토큰을 제거하고, 액세스 토큰을 더 이상 사용하지 못하도록 redis에 저장합니다.
-> 이 때, redis에 해당 액세스 토큰의 남은 유효시간만큼 저장돼있다가 후에는 삭제되도록 했습니다.
3. 사용자 인증이 필요한 API 호출 시 토큰 검증 필터에서 2번에서 저장된 액세스 토큰이 redis에 있는지 검사하고, 있다면 사용하지 못하도록 에러를 발생시킵니다.
2. redis에서 해당 유저의 리프레시 토큰을 제거하여, 액세스 및 리프레시 토큰 재발급을 방지합니다.
To Reviewers
References
https://un-lazy-midnight.tistory.com/160
Jwt 방식 로그아웃 + 조금의 stateful