TEAM-SMASHING · leeeyubin · Apr 11, 2026 · Apr 11, 2026 · Apr 11, 2026 · Apr 11, 2026
diff --git a/src/main/kotlin/org/appjam/smashing/domain/auth/controller/AuthController.kt b/src/main/kotlin/org/appjam/smashing/domain/auth/controller/AuthController.kt
@@ -24,10 +24,10 @@ class AuthController(
     private val authService: AuthService,
 ) {
     @Operation(
-        summary = "카카오 로그인 API",
-        description = "카카오 로그인을 진행합니다."
+        summary = "소셜 로그인 API",
+        description = "소셜 로그인을 진행합니다."
     )
-    @PostMapping("/login/kakao")
+    @PostMapping("/login")
     fun signIn(
         @Valid @RequestBody signInRequest: SignInRequest
     ): ResponseEntity<ApiResponse<SignInResponse>> {

diff --git a/src/main/kotlin/org/appjam/smashing/domain/auth/dto/command/SignInRequestCommand.kt b/src/main/kotlin/org/appjam/smashing/domain/auth/dto/command/SignInRequestCommand.kt
@@ -1,5 +1,8 @@
 package org.appjam.smashing.domain.auth.dto.command
 
+import org.appjam.smashing.domain.auth.enums.ProviderType
+
 data class SignInRequestCommand(
-    val accessToken: String,
+    val idToken: String,
+    val provider: ProviderType,
 )
diff --git a/src/main/kotlin/org/appjam/smashing/domain/auth/dto/command/SignUpRequestCommand.kt b/src/main/kotlin/org/appjam/smashing/domain/auth/dto/command/SignUpRequestCommand.kt
@@ -1,10 +1,12 @@
 package org.appjam.smashing.domain.auth.dto.command
 
+import org.appjam.smashing.domain.auth.enums.ProviderType
 import org.appjam.smashing.domain.sport.enums.ExperienceRange
 import org.appjam.smashing.domain.user.enums.Gender
 
 data class SignUpRequestCommand(
-    val kakaoId: String,
+    val socialId: String,
+    val provider: ProviderType,
     val nickname: String,
     val gender: Gender,
     val openChatUrl: String,

diff --git a/src/main/kotlin/org/appjam/smashing/domain/auth/dto/request/SignInRequest.kt b/src/main/kotlin/org/appjam/smashing/domain/auth/dto/request/SignInRequest.kt
@@ -2,13 +2,18 @@ package org.appjam.smashing.domain.auth.dto.request
 
 import jakarta.validation.constraints.NotBlank
 import org.appjam.smashing.domain.auth.dto.command.SignInRequestCommand
+import org.appjam.smashing.domain.auth.enums.ProviderType
+import org.appjam.smashing.global.common.validator.annotation.ValidEnum
+import org.appjam.smashing.global.extensions.ofIgnoreCase
 
 data class SignInRequest(
-    @field:NotBlank(message = "엑세스 토큰을 입력해주세요.")
-    val accessToken: String?,
+    @field:NotBlank(message = "idToken을 입력해주세요.")
+    val idToken: String?,
+    @field:ValidEnum(message = "잘못된 provider 값입니다.", enumClass = ProviderType::class)
+    val provider: String?,
 ) {
-    fun toCommand(): SignInRequestCommand =
-        SignInRequestCommand(
-            accessToken = accessToken!!,
-        )
+    fun toCommand() = SignInRequestCommand(
+        idToken = idToken!!,
+        provider = ofIgnoreCase<ProviderType>(provider!!),
+    )
 }
diff --git a/src/main/kotlin/org/appjam/smashing/domain/auth/dto/request/SignUpRequest.kt b/src/main/kotlin/org/appjam/smashing/domain/auth/dto/request/SignUpRequest.kt
@@ -2,14 +2,17 @@ package org.appjam.smashing.domain.auth.dto.request
 
 import jakarta.validation.constraints.NotBlank
 import org.appjam.smashing.domain.auth.dto.command.SignUpRequestCommand
+import org.appjam.smashing.domain.auth.enums.ProviderType
 import org.appjam.smashing.domain.sport.enums.ExperienceRange
 import org.appjam.smashing.domain.user.enums.Gender
 import org.appjam.smashing.global.common.validator.annotation.ValidEnum
 import org.appjam.smashing.global.extensions.ofIgnoreCase
 
 data class SignUpRequest(
-    @field:NotBlank(message = "kakaoId를 입력해주세요.")
-    val kakaoId: String?,
+    @field:NotBlank(message = "socialId를 입력해주세요.")
+    val socialId: String?,
+    @field:ValidEnum(message = "잘못된 provider 값입니다.", enumClass = ProviderType::class)
+    val provider: String?,
     @field:NotBlank(message = "nickname을 입력해주세요.")
     val nickname: String?,
     @field:NotBlank(message = "gender를 입력해주세요.")
@@ -26,7 +29,8 @@ data class SignUpRequest(
     val region: String?,
 ) {
     fun toCommand() = SignUpRequestCommand(
-        kakaoId = kakaoId!!,
+        socialId = socialId!!,
+        provider = ofIgnoreCase<ProviderType>(provider!!),
         nickname = nickname!!,
         gender = ofIgnoreCase<Gender>(gender!!),
         openChatUrl = openChatUrl!!,

diff --git a/src/main/kotlin/org/appjam/smashing/domain/auth/dto/response/SignInResponse.kt b/src/main/kotlin/org/appjam/smashing/domain/auth/dto/response/SignInResponse.kt
@@ -3,7 +3,7 @@ package org.appjam.smashing.domain.auth.dto.response
 data class SignInResponse(
     val accessToken: String?,
     val refreshToken: String?,
-    val kakaoId: String,
+    val socialId: String,
     val userId: String?,
     val nickname: String?,
 ) {
@@ -13,13 +13,13 @@ data class SignInResponse(
         fun from(
             accessToken: String? = null,
             refreshToken: String? = null,
-            kakaoId: String,
+            socialId: String,
             userId: String? = null,
             nickname: String? = null,
         ) = SignInResponse(
             accessToken = accessToken,
             refreshToken = refreshToken,
-            kakaoId = kakaoId,
+            socialId = socialId,
             userId = userId,
             nickname = nickname,
         )

diff --git a/src/main/kotlin/org/appjam/smashing/domain/auth/dto/response/SocialType.kt b/src/main/kotlin/org/appjam/smashing/domain/auth/dto/response/SocialType.kt
@@ -0,0 +1,8 @@
+package org.appjam.smashing.domain.auth.dto.response
+
+import org.appjam.smashing.domain.auth.enums.ProviderType
+
+data class SocialType(
+    val provider: ProviderType,
+    val socialId: String,
+)
diff --git a/src/main/kotlin/org/appjam/smashing/domain/auth/enums/ProviderType.kt b/src/main/kotlin/org/appjam/smashing/domain/auth/enums/ProviderType.kt
@@ -0,0 +1,5 @@
+package org.appjam.smashing.domain.auth.enums
+
+enum class ProviderType {
+    KAKAO, APPLE
+}
diff --git a/src/main/kotlin/org/appjam/smashing/domain/auth/service/AuthService.kt b/src/main/kotlin/org/appjam/smashing/domain/auth/service/AuthService.kt
@@ -42,12 +42,12 @@ class AuthService(
     fun signIn(
         requestCommand: SignInRequestCommand,
     ): SignInResponse {
-        val kakaoId = socialAuthServiceManager.getKakaoId(requestCommand.accessToken)
+        val (provider, socialId) = socialAuthServiceManager.getSocialId(requestCommand)
 
-        val user = userRepository.findByKakaoId(kakaoId)
-            ?: return SignInResponse.from(
-                kakaoId = kakaoId,
-            )
+        val user = userRepository.findBySocialIdAndProvider(
+            socialId = socialId,
+            provider = provider,
+        ) ?: return SignInResponse.from(socialId = socialId)
 
         val userId = user.id ?: throw CustomException(ErrorCode.USER_NOT_FOUND)
 
@@ -56,7 +56,7 @@ class AuthService(
         return SignInResponse.from(
             accessToken = token.accessToken.token,
             refreshToken = token.refreshToken.token,
-            kakaoId = kakaoId,
+            socialId = socialId,
             userId = userId,
             nickname = user.nickname,
         )
@@ -81,7 +81,8 @@ class AuthService(
 
         val user = userRepository.save(
             User.create(
-                kakaoId = requestCommand.kakaoId,
+                socialId = requestCommand.socialId,
+                provider = requestCommand.provider,
                 nickname = requestCommand.nickname,
                 gender = requestCommand.gender,
                 openchatUrl = requestCommand.openChatUrl.trim(),
@@ -173,8 +174,8 @@ class AuthService(
     }
 
     private fun validateUser(requestCommand: SignUpRequestCommand) {
-        if (userRepository.existsByKakaoId(requestCommand.kakaoId)) {
-            throw CustomException(ErrorCode.DUPLICATE_KAKAO_ID)
+        if (userRepository.existsBySocialId(requestCommand.socialId)) {
+            throw CustomException(ErrorCode.DUPLICATE_SOCIAL_ID)
         }
 
         if (userRepository.existsByNickname(requestCommand.nickname)) {

diff --git a/src/main/kotlin/org/appjam/smashing/domain/auth/social/OidcTokenValidator.kt b/src/main/kotlin/org/appjam/smashing/domain/auth/social/OidcTokenValidator.kt
@@ -0,0 +1,68 @@
+package org.appjam.smashing.domain.auth.social
+
+import com.fasterxml.jackson.databind.JsonNode
+import com.fasterxml.jackson.databind.ObjectMapper
+import io.jsonwebtoken.Jwts
+import org.appjam.smashing.global.exception.CustomException
+import org.appjam.smashing.global.exception.ErrorCode
+import org.springframework.stereotype.Component
+import org.springframework.web.client.RestTemplate
+import java.math.BigInteger
+import java.security.KeyFactory
+import java.security.PublicKey
+import java.security.spec.RSAPublicKeySpec
+import java.util.*
+
+@Component
+class OidcTokenValidator {
+    fun extractSocialId(
+        idToken: String,
+        jwksUri: String,
+        iss: String,
+    ): String = try {
+        val publicKey = getPublicKey(
+            idToken = idToken,
+            jwksUri = jwksUri,
+        )
+
+        val claims = Jwts.parserBuilder()
+            .setSigningKey(publicKey)
+            .build()
+            .parseClaimsJws(idToken)
+            .body
+
+        if (claims.issuer != iss) throw CustomException(ErrorCode.INVALID_ISS)
+
+        claims.subject
+    } catch (e: Exception) {
+        throw CustomException(ErrorCode.INVALID_ID_TOKEN)
+    }
+
+    private fun getPublicKey(
+        idToken: String,
+        jwksUri: String,
+    ): PublicKey {
+        val header = String(Base64.getUrlDecoder().decode(idToken.split(".")[0]))
+        val kid = ObjectMapper().readTree(header).get(KID).asText()
+
+        val jwks = RestTemplate().getForObject(jwksUri, JsonNode::class.java)
+            ?: throw CustomException(ErrorCode.INVALID_ID_TOKEN)
+
+        val key = jwks[KEYS].find { it[KID].asText() == kid }
+            ?: throw CustomException(ErrorCode.INVALID_ID_TOKEN)
+
+        val n = BigInteger(1, Base64.getUrlDecoder().decode(key[N].asText()))
+        val e = BigInteger(1, Base64.getUrlDecoder().decode(key[E].asText()))
+
+        return KeyFactory.getInstance(RSA)
+            .generatePublic(RSAPublicKeySpec(n, e))
+    }
+
+    companion object {
+        private const val KID = "kid"
+        private const val KEYS = "keys"
+        private const val N = "n"
+        private const val E = "e"
+        private const val RSA = "RSA"
+    }
+}
diff --git a/src/main/kotlin/org/appjam/smashing/domain/auth/social/SocialAuthServiceManager.kt b/src/main/kotlin/org/appjam/smashing/domain/auth/social/SocialAuthServiceManager.kt
@@ -1,11 +1,31 @@
 package org.appjam.smashing.domain.auth.social
 
-import org.appjam.smashing.domain.auth.social.kakao.KakaoAuthTokenValidator
+import org.appjam.smashing.domain.auth.dto.command.SignInRequestCommand
+import org.appjam.smashing.domain.auth.dto.response.SocialType
+import org.appjam.smashing.domain.auth.enums.ProviderType.APPLE
+import org.appjam.smashing.domain.auth.enums.ProviderType.KAKAO
+import org.appjam.smashing.domain.auth.social.apple.AppleOidcValidator
+import org.appjam.smashing.domain.auth.social.kakao.KakaoOidcValidator
 import org.springframework.stereotype.Component
 
 @Component
 class SocialAuthServiceManager(
-    private val kakaoAuthTokenValidator: KakaoAuthTokenValidator,
+    private val kakaoOidcValidator: KakaoOidcValidator,
+    private val appleOidcValidator: AppleOidcValidator,
 ) {
-    fun getKakaoId(authAccessToken: String): String = kakaoAuthTokenValidator.extractKakaoId(authAccessToken)
+    fun getSocialId(command: SignInRequestCommand): SocialType {
+        val idToken = command.idToken
+
+        return when (command.provider) {
+            KAKAO -> SocialType(
+                provider = KAKAO,
+                socialId = kakaoOidcValidator.extractKakaoId(idToken),
+            )
+
+            APPLE -> SocialType(
+                provider = APPLE,
+                socialId = appleOidcValidator.extractAppleId(idToken),
+            )
+        }
+    }
 }
diff --git a/src/main/kotlin/org/appjam/smashing/domain/auth/social/apple/AppleOidcValidator.kt b/src/main/kotlin/org/appjam/smashing/domain/auth/social/apple/AppleOidcValidator.kt
@@ -0,0 +1,21 @@
+package org.appjam.smashing.domain.auth.social.apple
+
+import org.appjam.smashing.domain.auth.social.OidcTokenValidator
+import org.springframework.stereotype.Component
+
+@Component
+class AppleOidcValidator(
+    private val oidcTokenValidator: OidcTokenValidator,
+) {
+    fun extractAppleId(idToken: String): String =
+        oidcTokenValidator.extractSocialId(
+            idToken = idToken,
+            jwksUri = JWKS_URI,
+            iss = ISS,
+        )
+
+    companion object {
+        private const val JWKS_URI = "https://appleid.apple.com/auth/keys"
+        private const val ISS = "https://appleid.apple.com"
+    }
+}
diff --git a/src/main/kotlin/org/appjam/smashing/domain/auth/social/kakao/KakaoApiClient.kt b/src/main/kotlin/org/appjam/smashing/domain/auth/social/kakao/KakaoApiClient.kt
diff --git a/src/main/kotlin/org/appjam/smashing/domain/auth/social/kakao/KakaoAuthTokenValidator.kt b/src/main/kotlin/org/appjam/smashing/domain/auth/social/kakao/KakaoAuthTokenValidator.kt
diff --git a/src/main/kotlin/org/appjam/smashing/domain/auth/social/kakao/KakaoOidcValidator.kt b/src/main/kotlin/org/appjam/smashing/domain/auth/social/kakao/KakaoOidcValidator.kt
@@ -0,0 +1,21 @@
+package org.appjam.smashing.domain.auth.social.kakao
+
+import org.appjam.smashing.domain.auth.social.OidcTokenValidator
+import org.springframework.stereotype.Component
+
+@Component
+class KakaoOidcValidator(
+    private val oidcTokenValidator: OidcTokenValidator,
+) {
+    fun extractKakaoId(idToken: String): String =
+        oidcTokenValidator.extractSocialId(
+            idToken = idToken,
+            jwksUri = JWKS_URI,
+            iss = ISS,
+        )
+
+    companion object {
+        private const val JWKS_URI = "https://kauth.kakao.com/.well-known/jwks.json"
+        private const val ISS = "https://kauth.kakao.com"
+    }
+}
diff --git a/...ain/kotlin/org/appjam/smashing/domain/auth/social/kakao/dto/response/KakaoUserResponse.kt b/...ain/kotlin/org/appjam/smashing/domain/auth/social/kakao/dto/response/KakaoUserResponse.kt