UPbrella · Gwonwoo-Nam · Dec 6, 2025 · Nov 29, 2025 · Nov 29, 2025 · Nov 29, 2025
diff --git a/build.gradle b/build.gradle
@@ -87,6 +87,12 @@ dependencies {
     // datadog
     implementation 'org.springframework.boot:spring-boot-starter-actuator'
     implementation 'io.micrometer:micrometer-registry-datadog'
+
+    // JWT for Apple Sign In
+    implementation 'io.jsonwebtoken:jjwt-api:0.11.5'
+    runtimeOnly 'io.jsonwebtoken:jjwt-impl:0.11.5'
+    runtimeOnly 'io.jsonwebtoken:jjwt-jackson:0.11.5'
+    implementation 'org.bouncycastle:bcpkix-jdk15on:1.70'
 }
 
 // Kotlin 컴파일 옵션 설정

diff --git a/src/main/kotlin/upbrella/be/user/controller/UserController.kt b/src/main/kotlin/upbrella/be/user/controller/UserController.kt
@@ -9,6 +9,7 @@ import upbrella.be.user.dto.request.JoinRequest
 import upbrella.be.user.dto.request.LoginCodeRequest
 import upbrella.be.user.dto.request.UpdateBankAccountRequest
 import upbrella.be.user.dto.response.*
+import upbrella.be.user.dto.token.AppleOauthInfo
 import upbrella.be.user.dto.token.KakaoOauthInfo
 import upbrella.be.user.dto.token.OauthToken
 import upbrella.be.user.exception.InvalidLoginCodeException
@@ -26,6 +27,7 @@ class UserController(
     private val oauthLoginService: OauthLoginService,
     private val userService: UserService,
     private val kakaoOauthInfo: KakaoOauthInfo,
+    private val appleOauthInfo: AppleOauthInfo,
     private val rentService: RentService,
     private val blackListService: BlackListService,
 ) {
@@ -86,16 +88,52 @@ class UserController(
             ))
     }
 
+    @PostMapping("/users/oauth/apple/login")
+    fun appleLogin(session: HttpSession, @RequestBody code: LoginCodeRequest): ResponseEntity<CustomResponse<Unit>> {
+        val appleAccessToken: OauthToken
+
+        try {
+            appleAccessToken = oauthLoginService.getOauthToken(code.code, appleOauthInfo)!!
+        } catch (e: HttpClientErrorException) {
+            throw InvalidLoginCodeException("[ERROR] 로그인 코드가 유효하지 않습니다.")
+        }
+
+        val appleLoggedInUser = oauthLoginService.processAppleLogin(appleAccessToken.accessToken, appleOauthInfo.loginUri)
+        session.setAttribute("appleUser", appleLoggedInUser)
+
+        return ResponseEntity
+            .ok()
+            .body(CustomResponse(
+                "success",
+                200,
+                "애플 로그인 성공",
+                null
+            ))
+    }
+
     @PostMapping("/users/login")
     fun upbrellaLogin(session: HttpSession): ResponseEntity<CustomResponse<Unit>> {
-        if (session.getAttribute("kakaoUser") == null) {
-            throw NotSocialLoginedException("[ERROR] 카카오 로그인을 먼저 해주세요.")
+        val kakaoUser = session.getAttribute("kakaoUser") as? KakaoLoginResponse
+        val appleUser = session.getAttribute("appleUser") as? AppleLoginResponse
+
+        if (kakaoUser == null && appleUser == null) {
+            throw NotSocialLoginedException("[ERROR] 소셜 로그인을 먼저 해주세요.")
         }
 
-        val kakaoUser = session.getAttribute("kakaoUser") as KakaoLoginResponse
-        val loggedInUser = userService.login(kakaoUser.id!!)
+        val loggedInUser = when {
+            kakaoUser != null -> {
+                val user = userService.login(kakaoUser.id!!)
+                session.removeAttribute("kakaoUser")
+                user
+            }
+            appleUser != null -> {
+                val user = userService.loginApple(appleUser.sub!!)
+                session.removeAttribute("appleUser")
+                user
+            }
+            else -> throw NotSocialLoginedException("[ERROR] 소셜 로그인을 먼저 해주세요.")
+        }
 
-        session.removeAttribute("kakaoUser")
         session.setAttribute("user", loggedInUser)
 
         log.info("UUL 로그인 성공")
@@ -125,17 +163,30 @@ class UserController(
 
     @PostMapping("/users/join")
     fun kakaoJoin(session: HttpSession, @RequestBody @Valid joinRequest: JoinRequest): ResponseEntity<CustomResponse<Unit>> {
-        val kakaoUser = session.getAttribute("kakaoUser") as KakaoLoginResponse?
+        val kakaoUser = session.getAttribute("kakaoUser") as? KakaoLoginResponse
+        val appleUser = session.getAttribute("appleUser") as? AppleLoginResponse
 
         if (session.getAttribute("user") != null) {
             throw LoginedMemberException("[ERROR] 이미 로그인된 상태입니다.")
         }
-        if (kakaoUser == null) {
-            throw NotSocialLoginedException("[ERROR] 카카오 로그인을 먼저 해주세요.")
+        if (kakaoUser == null && appleUser == null) {
+            throw NotSocialLoginedException("[ERROR] 소셜 로그인을 먼저 해주세요.")
+        }
+
+        val loggedInUser = when {
+            kakaoUser != null -> {
+                val user = userService.join(kakaoUser, joinRequest)
+                session.removeAttribute("kakaoUser")
+                user
+            }
+            appleUser != null -> {
+                val user = userService.joinApple(appleUser, joinRequest)
+                session.removeAttribute("appleUser")
+                user
+            }
+            else -> throw NotSocialLoginedException("[ERROR] 소셜 로그인을 먼저 해주세요.")
         }
 
-        val loggedInUser = userService.join(kakaoUser, joinRequest)
-        session.removeAttribute("kakaoId")
         session.setAttribute("user", loggedInUser)
 
         log.info("UNU 회원가입 성공")
@@ -144,7 +195,7 @@ class UserController(
             .body(CustomResponse(
                 "success",
                 200,
-                "카카오 회원가입 성공",
+                "소셜 회원가입 성공",
                 null
             ))
     }

diff --git a/src/main/kotlin/upbrella/be/user/dto/response/AppleLoginResponse.kt b/src/main/kotlin/upbrella/be/user/dto/response/AppleLoginResponse.kt
@@ -0,0 +1,14 @@
+package upbrella.be.user.dto.response
+
+import com.fasterxml.jackson.annotation.JsonProperty
+
+data class AppleLoginResponse(
+    @JsonProperty("sub")
+    val sub: String?, // Apple user identifier
+
+    @JsonProperty("email")
+    val email: String?,
+
+    @JsonProperty("email_verified")
+    val emailVerified: Boolean?
+)
diff --git a/src/main/kotlin/upbrella/be/user/dto/token/AppleOauthInfo.kt b/src/main/kotlin/upbrella/be/user/dto/token/AppleOauthInfo.kt
@@ -0,0 +1,45 @@
+package upbrella.be.user.dto.token
+
+import org.springframework.beans.factory.annotation.Value
+import org.springframework.stereotype.Component
+import upbrella.be.util.AppleJwtGenerator
+import javax.annotation.PostConstruct
+
+@Component
+open class AppleOauthInfo(
+    @Value("\${APPLE_CLIENT_ID_DEV}")
+    val clientId: String,
+
+    @Value("\${APPLE_TEAM_ID_DEV}")
+    private val teamId: String,
+
+    @Value("\${APPLE_KEY_ID_DEV}")
+    private val keyId: String,
+
+    @Value("\${APPLE_P8_KEY_PATH_DEV}")
+    private val p8KeyPath: String,
+
+    @Value("\${APPLE_REDIRECT_URI_DEV}")
+    val redirectUri: String,
+
+    @Value("\${APPLE_LOGIN_URI_DEV}")
+    val loginUri: String,
+
+    private val appleJwtGenerator: AppleJwtGenerator
+) {
+    private var _clientSecret: String = ""
+
+    val clientSecret: String
+        get() = _clientSecret
+
+    @PostConstruct
+    fun init() {
+        // Apple JWT Client Secret을 동적으로 생성
+        _clientSecret = appleJwtGenerator.generateClientSecret(
+            teamId = teamId,
+            keyId = keyId,
+            clientId = clientId,
+            p8KeyPath = p8KeyPath
+        )
+    }
+}
diff --git a/src/main/kotlin/upbrella/be/user/entity/User.kt b/src/main/kotlin/upbrella/be/user/entity/User.kt
@@ -1,6 +1,7 @@
 package upbrella.be.user.entity
 
 import upbrella.be.user.dto.request.JoinRequest
+import upbrella.be.user.dto.response.AppleLoginResponse
 import upbrella.be.user.dto.response.KakaoLoginResponse
 import upbrella.be.util.AesEncryptor
 import upbrella.be.util.BaseTimeEntity
@@ -15,6 +16,7 @@ class User(
     var name: String,
     var phoneNumber: String,
     var email: String,
+    var provider: String = "KAKAO", // KAKAO or APPLE
     var adminStatus: Boolean = false,
     var bank: String? = null,
     var accountNumber: String? = null,
@@ -34,6 +36,23 @@ class User(
                 name = joinRequest.name,
                 phoneNumber = joinRequest.phoneNumber,
                 email = kakaoUser.kakaoAccount?.email ?: "",
+                provider = "KAKAO",
+                bank = aesEncryptor.encrypt(joinRequest.bank),
+                accountNumber = aesEncryptor.encrypt(joinRequest.accountNumber)
+            )
+        }
+
+        fun createNewAppleUser(
+            appleUser: AppleLoginResponse,
+            joinRequest: JoinRequest,
+            aesEncryptor: AesEncryptor
+        ): User {
+            return User(
+                socialId = appleUser.sub.hashCode().toLong(),
+                name = joinRequest.name,
+                phoneNumber = joinRequest.phoneNumber,
+                email = appleUser.email ?: "",
+                provider = "APPLE",
                 bank = aesEncryptor.encrypt(joinRequest.bank),
                 accountNumber = aesEncryptor.encrypt(joinRequest.accountNumber)
             )

diff --git a/src/main/kotlin/upbrella/be/user/service/OauthLoginService.kt b/src/main/kotlin/upbrella/be/user/service/OauthLoginService.kt
@@ -5,7 +5,9 @@ import org.springframework.stereotype.Service
 import org.springframework.util.LinkedMultiValueMap
 import org.springframework.util.MultiValueMap
 import org.springframework.web.client.RestTemplate
+import upbrella.be.user.dto.response.AppleLoginResponse
 import upbrella.be.user.dto.response.KakaoLoginResponse
+import upbrella.be.user.dto.token.AppleOauthInfo
 import upbrella.be.user.dto.token.KakaoOauthInfo
 import upbrella.be.user.dto.token.OauthToken
 
@@ -15,6 +17,14 @@ class OauthLoginService(
 ) {
 
     fun getOauthToken(code: String, oauthInfo: KakaoOauthInfo): OauthToken? {
+        return getOauthTokenInternal(code, oauthInfo.clientId, oauthInfo.clientSecret, oauthInfo.redirectUri)
+    }
+
+    fun getOauthToken(code: String, oauthInfo: AppleOauthInfo): OauthToken? {
+        return getOauthTokenInternal(code, oauthInfo.clientId, oauthInfo.clientSecret, oauthInfo.redirectUri)
+    }
+
+    private fun getOauthTokenInternal(code: String, clientId: String, clientSecret: String, redirectUri: String): OauthToken? {
         val headers: MultiValueMap<String, String> = LinkedMultiValueMap<String, String>().apply {
             setAll(
                 mapOf(
@@ -28,15 +38,15 @@ class OauthLoginService(
             setAll(
                 mapOf(
                     "grant_type" to "authorization_code",
-                    "client_id" to oauthInfo.clientId,
-                    "client_secret" to oauthInfo.clientSecret,
+                    "client_id" to clientId,
+                    "client_secret" to clientSecret,
                     "code" to code
                 )
             )
         }
 
         val request = HttpEntity(requestPayloads, headers)
-        val response = restTemplate.postForEntity(oauthInfo.redirectUri, request, OauthToken::class.java)
+        val response = restTemplate.postForEntity(redirectUri, request, OauthToken::class.java)
 
         return response.body
     }
@@ -62,4 +72,8 @@ class OauthLoginService(
     fun processKakaoLogin(accessToken: String, loginUri: String): KakaoLoginResponse? {
         return processLogin(accessToken, loginUri, KakaoLoginResponse::class.java)
     }
+
+    fun processAppleLogin(accessToken: String, loginUri: String): AppleLoginResponse? {
+        return processLogin(accessToken, loginUri, AppleLoginResponse::class.java)
+    }
 }
diff --git a/src/main/kotlin/upbrella/be/user/service/UserService.kt b/src/main/kotlin/upbrella/be/user/service/UserService.kt
@@ -7,6 +7,7 @@ import upbrella.be.rent.service.RentService
 import upbrella.be.user.dto.request.JoinRequest
 import upbrella.be.user.dto.request.UpdateBankAccountRequest
 import upbrella.be.user.dto.response.AllUsersInfoResponse
+import upbrella.be.user.dto.response.AppleLoginResponse
 import upbrella.be.user.dto.response.KakaoLoginResponse
 import upbrella.be.user.dto.response.SessionUser
 import upbrella.be.user.dto.response.UmbrellaBorrowedByUserResponse
@@ -36,6 +37,12 @@ class UserService(
         return SessionUser.fromUser(foundUser)
     }
 
+    fun loginApple(appleSub: String): SessionUser {
+        val foundUser = userReader.findBySocialId(appleSub.hashCode().toLong())
+
+        return SessionUser.fromUser(foundUser)
+    }
+
     fun join(kakaoUser: KakaoLoginResponse, joinRequest: JoinRequest): SessionUser {
         val socialIdHash = kakaoUser.id.hashCode().toLong()
 
@@ -54,6 +61,24 @@ class UserService(
         return SessionUser.fromUser(joinedUser)
     }
 
+    fun joinApple(appleUser: AppleLoginResponse, joinRequest: JoinRequest): SessionUser {
+        val socialIdHash = appleUser.sub.hashCode().toLong()
+
+        if (userReader.existsBySocialId(socialIdHash)) {
+            throw ExistingMemberException("[ERROR] 이미 가입된 회원입니다. 로그인 폼으로 이동합니다.")
+        }
+
+        if (blackListReader.existsBySocialId(socialIdHash)) {
+            throw BlackListUserException("[ERROR] 정지된 회원입니다. 정지된 회원은 재가입이 불가능합니다.")
+        }
+
+        val joinedUser = userWriter.save(
+            User.createNewAppleUser(appleUser, joinRequest, aesEncryptor)
+        )
+
+        return SessionUser.fromUser(joinedUser)
+    }
+
     fun findUsers(): AllUsersInfoResponse {
         val users = userReader.findAll()
         users.forEach { it.decryptData(aesEncryptor) }

diff --git a/src/main/kotlin/upbrella/be/util/AppleJwtGenerator.kt b/src/main/kotlin/upbrella/be/util/AppleJwtGenerator.kt
@@ -0,0 +1,62 @@
+package upbrella.be.util
+
+import io.jsonwebtoken.Jwts
+import io.jsonwebtoken.SignatureAlgorithm
+import org.bouncycastle.asn1.pkcs.PrivateKeyInfo
+import org.bouncycastle.openssl.PEMParser
+import org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter
+import org.springframework.core.io.ClassPathResource
+import org.springframework.stereotype.Component
+import java.io.StringReader
+import java.security.PrivateKey
+import java.util.*
+
+@Component
+class AppleJwtGenerator {
+
+    /**
+     * Apple p8 키 파일로 JWT Client Secret 생성
+     *
+     * @param teamId Apple Developer Team ID (10자리)
+     * @param keyId p8 키 파일의 Key ID
+     * @param clientId Apple Service ID (com.example.app)
+     * @param p8KeyPath 클래스패스 내 p8 파일 경로 (예: "keys/AuthKey_ABCD123456.p8")
+     * @return JWT 토큰 문자열
+     */
+    fun generateClientSecret(
+        teamId: String,
+        keyId: String,
+        clientId: String,
+        p8KeyPath: String
+    ): String {
+        val now = Date()
+        val expirationTime = Date(now.time + 15777000000L) // 6개월 (최대)
+
+        val privateKey = loadPrivateKey(p8KeyPath)
+
+        return Jwts.builder()
+            .setHeaderParam("kid", keyId)
+            .setHeaderParam("alg", "ES256")
+            .setIssuer(teamId)
+            .setIssuedAt(now)
+            .setExpiration(expirationTime)
+            .setAudience("https://appleid.apple.com")
+            .setSubject(clientId)
+            .signWith(privateKey, SignatureAlgorithm.ES256)
+            .compact()
+    }
+
+    /**
+     * p8 파일에서 PrivateKey 로드
+     */
+    private fun loadPrivateKey(p8KeyPath: String): PrivateKey {
+        val resource = ClassPathResource(p8KeyPath)
+        val p8Content = resource.inputStream.bufferedReader().use { it.readText() }
+
+        val pemParser = PEMParser(StringReader(p8Content))
+        val privateKeyInfo = pemParser.readObject() as PrivateKeyInfo
+        pemParser.close()
+
+        return JcaPEMKeyConverter().getPrivateKey(privateKeyInfo)
+    }
+}