fix(oauth): naver oauth token revocation에서 인코딩으로 인한 에러 수정

[huhdy32]

문제

query param으로 전달되는 access token에 + 문자가 존재할 시,
네이버 oauth 서버의 디코딩 과정에서 access token의 +이 공백으로 치환됨.

이에 따라 토큰 폐기 실패하는 문제가 있었음.

ex) 
원본 access token: `aaa+aaa`
디코딩 된 access token: `aaa aaa`

-> `aaa+aaa`을 삭제해야 하나, `aaa aaa` 삭제 처리
따라서 폐기 실패

해결

RestClient에서 당연히 인코딩 처리해줄줄 알았으나,
문서 내용을 읽어보니, ASCII 위반 문자만 개별적으로 인코딩하도록 함 ㅠ

• 문자 또한 ASCII에 포함되어 있음으로, 인코딩하지 않았음

-> UTF-8인코딩 후, 퍼센트 인코딩으로 해결

+) restClient에서 템플릿 변수 바인딩을 통해 strict encoding 적용
https://docs.spring.io/spring-framework/reference/web/webmvc/mvc-uri-building.html

Summary by CodeRabbit

• Refactor
  • Enhanced OAuth token handling mechanism for improved code maintainability and security.

[coderabbitai]

Note

Other AI code review bot(s) detected

CodeRabbit has detected other AI code review bot(s) in this pull request and will avoid duplicating their findings in the review comments. This may lead to a less comprehensive review.

Walkthrough

The access_token parameter in NaverOAuthClient's revoke method is now passed as a URI template placeholder "{access_token}" with the actual token value supplied via a build(...) argument, shifting token substitution from inline to build-time resolution.

Changes

Cohort / File(s)	Summary
OAuth Token Revocation domain/mathrank-auth-domain/src/main/java/kr/co/mathrank/domain/auth/client/NaverOAuthClient.java	Modified revoke method to use URI template placeholder "{access_token}" with token supplied via build(...) argument instead of direct inline token value substitution

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~8 minutes

• Verify that URI template substitution at build-time produces equivalent results to the previous inline approach
• Confirm the build(...) method correctly injects the token value into the placeholder
• Check for any edge cases with special characters in the token value that might differ between inline vs. template substitution

Possibly related PRs

• fix(oauth): naver oauth token revocation에서 인코딩으로 인한 에러 수정 #275: Modifies NaverOAuthClient.revoke access_token handling with URI template substitution and percent-encoding
• Revert "fix(oauth): naver oauth token revocation에서 인코딩으로 인한 에러 수정" #276: Adjusts NaverOAuthClient.revoke token supply mechanism between raw token encoding and URI template approaches

Poem

🐰 A token hops through templates fair,
No longer rushed, but takes its care,
Build-time brings it to its place,
With timely grace and steady pace! ✨

Pre-merge checks and finishing touches

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	You can run @coderabbitai generate docstrings to improve docstring coverage.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title clearly describes the main fix: addressing encoding errors in Naver OAuth token revocation, which matches the changeset's core purpose of handling access token encoding properly.

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch fix/oauth

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[gemini-code-assist]

Summary of Changes

Hello @huhdy32, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

이 Pull Request는 네이버 OAuth 연동 시 access token에 포함된 '+' 문자가 잘못 인코딩되어 토큰 폐기 요청이 실패하던 문제를 해결합니다. RestClient의 URI 빌더에서 템플릿 변수 바인딩을 활용하여 access token이 올바르게 퍼센트 인코딩되도록 함으로써, 안정적인 토큰 관리 기능을 제공합니다.

Highlights

• 네이버 OAuth 토큰 인코딩 문제 해결: access token에 '+' 문자가 포함될 경우, 네이버 OAuth 서버에서 해당 문자가 공백으로 잘못 디코딩되어 토큰 폐기 요청이 실패하던 문제를 수정했습니다.
• RestClient 인코딩 방식 개선: RestClient의 URI 빌더에서 queryParam에 직접 토큰을 전달하는 대신, URI 템플릿 변수 {access_token}을 사용하고 build() 메서드에서 실제 토큰 값을 바인딩하여 strict encoding이 적용되도록 변경했습니다.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

네이버 OAuth 토큰 폐기 시 access token의 인코딩 문제를 수정한 PR이군요. RestClient와 URI 템플릿 변수를 사용하여 +와 같은 특수 문자가 올바르게 인코딩되도록 한 점이 좋습니다. 이는 Spring에서 권장하는 안전한 방법입니다. 한편, 코드의 일관성과 안정성을 높이기 위해 클래스 내 다른 API 호출에도 동일한 인코딩 방식을 적용하는 것을 고려해보시면 좋을 것 같습니다. 관련하여 상세한 의견을 리뷰 코멘트로 남겼습니다.