From 0680384ee1f59ea90a1a825f645d99ab8760946e Mon Sep 17 00:00:00 2001
From: happybell80 <goeun2dcc@gmail.com>
Date: Wed, 17 Sep 2025 20:29:39 +0900
Subject: [PATCH] Update NAVER WORKS API guide with implementation details and
 security notes

---
 ...²„μ›μŠ€_μΊ˜λ¦°λ”_API_연동_κ°€μ΄λ“œ.md | 45 ++++++++-----------
 1 file changed, 19 insertions(+), 26 deletions(-)

diff --git a/ideas/250916_λ„€μ΄λ²„μ›μŠ€_μΊ˜λ¦°λ”_API_연동_κ°€μ΄λ“œ.md b/ideas/250916_λ„€μ΄λ²„μ›μŠ€_μΊ˜λ¦°λ”_API_연동_κ°€μ΄λ“œ.md
index 134b099..a4b98f2 100644
--- a/ideas/250916_λ„€μ΄λ²„μ›μŠ€_μΊ˜λ¦°λ”_API_연동_κ°€μ΄λ“œ.md
+++ b/ideas/250916_λ„€μ΄λ²„μ›μŠ€_μΊ˜λ¦°λ”_API_연동_κ°€μ΄λ“œ.md
@@ -128,41 +128,34 @@
 - **`auth-server/.env`**: NAVERWORKS_CLIENT_ID, SECRET, REDIRECT_URI μΆ”κ°€
 - **`nginx-deploy`**: `/auth/naverworks`, `/api/naverworks` λΌμš°νŒ… μ„€μ •
 
+#### DB μŠ€ν‚€λ§ˆ
+- **κΈ°μ‘΄ users ν…Œμ΄λΈ” ν™œμš©**: oauth_provider="naverworks", oauth_id={NAVER WORKS userId}
+- **μ‹ κ·œ ν…Œμ΄λΈ”**: `team.naverworks_token` (Service Account 토큰 μ €μž₯용)
+
 ### 5.2 κ΅¬ν˜„ ν”Œλ‘œμš° (Slack νŒ¨ν„΄ μ°Έμ‘°)
 
-#### OAuth 둜그인 ν”Œλ‘œμš°
-```python
-# auth-server/app/providers/naverworks.py κ΅¬ν˜„ ν•„μš”
+#### OAuth 둜그인 μ—”λ“œν¬μΈνŠΈ
+- **GET /auth/naverworks/login/**: State 생성 β†’ Redis μ €μž₯ β†’ OAuth λ¦¬λ‹€μ΄λ ‰νŠΈ
+- **GET|POST /auth/naverworks/callback**: State 검증 β†’ Token κ΅ν™˜ β†’ Userinfo 쑰회 β†’ User 맀핑 β†’ JWT λ°œκΈ‰
 
-@router.get("/login/")
-async def naverworks_login():
-    # 1. State 생성 β†’ Redis μ €μž₯ (TTL 300s)
-    # 2. Redirect to https://auth.worksmobile.com/oauth2/v2.0/authorize
+#### Redis Keys
+- `oauth:state:{state}`: CSRF λ°©μ§€μš© state μ €μž₯ (TTL 300s)
+- `auth:temp:{temp_code}`: Frontend μ „λ‹¬μš© μž„μ‹œ μ½”λ“œ (TTL 60s)
+- `naverworks:service:token`: Service Account 토큰 캐싱 (TTL 3600s)
 
-@router.get("/callback")
-@router.post("/callback")  # form_post 지원
-async def naverworks_login_callback():
-    # 1. State 검증
-    # 2. Code β†’ Token κ΅ν™˜ (POST https://auth.worksmobile.com/oauth2/v2.0/token)
-    # 3. Userinfo 쑰회 (GET https://www.worksapis.com/v1.0/oidc/userinfo)
-    # 4. User DB 맀핑 (oauth_provider="naverworks")
-    # 5. JWT 생성 β†’ Redis temp code β†’ Frontend redirect
-```
-
-#### Service Account JWT 인증
-```python
-async def get_service_account_token():
-    # 1. Private Key λ‘œλ“œ (파일 μ‹œμŠ€ν…œ)
-    # 2. JWT Assertion 생성
-    # 3. Token μš”μ²­ (grant_type=urn:ietf:params:oauth:grant-type:jwt-bearer)
-    # 4. Access Token 캐싱 (Redis TTL 3600s)
-```
+#### Slack OAuth 참쑰 파일
+- **κ΅¬ν˜„ νŒ¨ν„΄**: `auth-server/app/providers/slack.py`
+- **Gmail passport**: `auth-server/app/providers/gmail_passport.py`
+- **JWT 생성**: `auth-server/app/core/auth.py`의 create_access_token()
 
 ### 5.3 κ²°μ •/확인 ν•„μš” 사항
 
 #### 결정사항 (ν™•μ •)
 - **Redirect URL 도메인**: `auth.ro-being.com` μ‚¬μš©
-- **Private Key μ €μž₯ 경둜**: `auth-server/private_20250917185550.key`
+- **Private Key 처리**:
+  - 2025-09-17: Git μž„μ‹œ commit ν›„ μ„œλ²„ 전솑 μ™„λ£Œ
+  - μ„œλ²„ 51123 μ•ˆμ „ μ €μž₯: `/secure/naverworks/private_20250917185550.key`
+  - Gitμ—μ„œ μ‚­μ œ μ™„λ£Œ (commit a4a2b9c)
 - **NAVER WORKS 토큰 ν…Œμ΄λΈ”**: `naverworks_token` (team μŠ€ν‚€λ§ˆ μ•„λž˜, λ‹¨μˆ˜ν˜•)
 
 #### ν™•μΈν•„μš”