From e61491800a4bc1407488f694e2a514c0f30055e9 Mon Sep 17 00:00:00 2001
From: happybell80 <goeun2dcc@gmail.com>
Date: Wed, 17 Sep 2025 20:38:11 +0900
Subject: [PATCH] Fix documentation inaccuracies for NAVER WORKS OAuth

- Change nginx-deploy to nginx-infra (actual directory name)
- Clarify DB table name: user (SQLAlchemy) not users
- Update Private Key storage: Base64 in .env, not file path
- Clarify callback: GET only (standard OAuth), not POST
- Add RS256 algorithm confirmation for JWT signing
---
 ...΄λ²„μ›μŠ€_μΊ˜λ¦°λ”_API_연동_κ°€μ΄λ“œ.md | 17 ++++++++++-------
 1 file changed, 10 insertions(+), 7 deletions(-)

diff --git a/ideas/250916_λ„€μ΄λ²„μ›μŠ€_μΊ˜λ¦°λ”_API_연동_κ°€μ΄λ“œ.md b/ideas/250916_λ„€μ΄λ²„μ›μŠ€_μΊ˜λ¦°λ”_API_연동_κ°€μ΄λ“œ.md
index 160330f..e43d77e 100644
--- a/ideas/250916_λ„€μ΄λ²„μ›μŠ€_μΊ˜λ¦°λ”_API_연동_κ°€μ΄λ“œ.md
+++ b/ideas/250916_λ„€μ΄λ²„μ›μŠ€_μΊ˜λ¦°λ”_API_연동_κ°€μ΄λ“œ.md
@@ -153,17 +153,20 @@
 #### μˆ˜μ • ν•„μš”
 - **`auth-server/app/main.py`**: naverworks λΌμš°ν„° 등둝 (`prefix="/auth/naverworks"`)
 - **`auth-server/.env`**: NAVERWORKS_CLIENT_ID, SECRET, REDIRECT_URI μΆ”κ°€
-- **`nginx-deploy`**: `/auth/naverworks`, `/api/naverworks` λΌμš°νŒ… μ„€μ •
+- **`nginx-infra`**: `/auth/naverworks`, `/api/naverworks` λΌμš°νŒ… μ„€μ •
 
 #### DB μŠ€ν‚€λ§ˆ
-- **κΈ°μ‘΄ users ν…Œμ΄λΈ” ν™œμš©**: oauth_provider="naverworks", oauth_id={NAVER WORKS userId}
+- **κΈ°μ‘΄ user ν…Œμ΄λΈ” ν™œμš©** (SQLAlchemy: `__tablename__ = "user"`):
+  - oauth_provider="naverworks"
+  - oauth_id={NAVER WORKS userId}
 - **μ‹ κ·œ ν…Œμ΄λΈ”**: `team.naverworks_token` (Service Account 토큰 μ €μž₯용)
 
 ### 5.2 κ΅¬ν˜„ ν”Œλ‘œμš° (Slack νŒ¨ν„΄ μ°Έμ‘°)
 
 #### OAuth 둜그인 μ—”λ“œν¬μΈνŠΈ
 - **GET /auth/naverworks/login/**: State 생성 β†’ Redis μ €μž₯ β†’ OAuth λ¦¬λ‹€μ΄λ ‰νŠΈ
-- **GET|POST /auth/naverworks/callback**: State 검증 β†’ Token κ΅ν™˜ β†’ Userinfo 쑰회 β†’ User 맀핑 β†’ JWT λ°œκΈ‰
+- **GET /auth/naverworks/callback**: State 검증 β†’ Token κ΅ν™˜ β†’ Userinfo 쑰회 β†’ User 맀핑 β†’ JWT λ°œκΈ‰
+  - 주의: ν‘œμ€€ OAuth 2.0은 GET 콜백 μ‚¬μš© (Slack OIDC의 POST form_post와 닀름)
 
 #### Redis Keys
 - `oauth:state:{state}`: CSRF λ°©μ§€μš© state μ €μž₯ (TTL 300s)
@@ -180,14 +183,14 @@
 #### 결정사항 (ν™•μ •)
 - **Redirect URL 도메인**: `auth.ro-being.com` μ‚¬μš© (Gmail/Slackκ³Ό 톡일)
 - **Private Key 처리**:
-  - 2025-09-17: Git μž„μ‹œ commit ν›„ μ„œλ²„ 전솑 μ™„λ£Œ
-  - μ„œλ²„ 51123: Base64둜 .env νŒŒμΌμ— μ €μž₯됨
-  - Gitμ—μ„œ μ‚­μ œ μ™„λ£Œ (commit a4a2b9c)
+  - 2025-09-17: Git μž„μ‹œ commit ν›„ μ„œλ²„ 전솑
+  - μ„œλ²„ μ €μž₯: Base64 μΈμ½”λ”©ν•˜μ—¬ .env의 NAVERWORKS_PRIVATE_KEY_BASE64에 μ €μž₯
+  - Gitμ—μ„œ μ‚­μ œ μ™„λ£Œ (λ³΄μ•ˆμƒ Git μ €μž₯ κΈˆμ§€)
 - **NAVER WORKS 토큰 ν…Œμ΄λΈ”**: `naverworks_token` (team μŠ€ν‚€λ§ˆ μ•„λž˜, λ‹¨μˆ˜ν˜•)
 
 #### ν™•μΈν•„μš”
 - **OIDC userinfo 응닡 ν˜•μ‹**: sub, userId λ“± μ •ν™•ν•œ ν•„λ“œλͺ…
-- **Service Account JWT μ„œλͺ…**: μ•Œκ³ λ¦¬μ¦˜ (RS256 λ“±)
+- **Service Account JWT μ„œλͺ…**: RS256 μ•Œκ³ λ¦¬μ¦˜ (RSA 2048 bits) μ‚¬μš© 확인됨
 - **Rate Limit**: API 호좜 μ œν•œ 및 μΏΌν„°
 - **Private Key ꡐ체 μ‹œ**: κΈ°μ‘΄ 토큰 μœ νš¨μ„± μœ μ§€ μ—¬λΆ€