🔐 OAuth2 인증

1. 인증 요청

요청

GET https://checkable.app/auth/member/oauth2/authorize?client_id=YOUR_CLIENT_ID&redirect_uri=YOUR_REDIRECT_URI&response_type=code&scope=all&state=STATE

응답

사용자가 인증을 승인하면 브라우저가 다음 URL로 리다이렉트됩니다: 
YOUR_REDIRECT_URI?code=AUTHORIZATION_CODE&state=STATE

에러

{
  "error": "invalid_request",
  "error_description": "Invalid client_id or redirect_uri"
}

2. 토큰 요청 (Public Client - PKCE)

요청

POST /api/auth/member/oauth2/token HTTP/1.1
Host: checkable.app
Content-Type: application/x-www-form-urlencoded

grant_type=authorization_code&
client_id=YOUR_CLIENT_ID&
code=AUTHORIZATION_CODE&
code_verifier=YOUR_CODE_VERIFIER&
redirect_uri=YOUR_REDIRECT_URI

응답

{
  "access_token": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9...",
  "token_type": "Bearer",
  "expires_in": 3600,
  "refresh_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
  "refresh_token_expires_in": 2592000,
  "scope": "all"
}

에러

{
  "error": "invalid_request",
  "error_description": "The authorization code is invalid or has expired."
}

3. 토큰 요청 (Confidential Client)

요청

POST /api/auth/member/oauth2/token HTTP/1.1
Host: checkable.app
Content-Type: application/x-www-form-urlencoded

grant_type=authorization_code&
client_id=YOUR_CLIENT_ID&
client_secret=YOUR_CLIENT_SECRET&
code=AUTHORIZATION_CODE&
redirect_uri=YOUR_REDIRECT_URI

응답

{
  "access_token": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9...",
  "token_type": "Bearer",
  "expires_in": 3600,
  "refresh_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
  "refresh_token_expires_in": 2592000,
  "scope": "all"
}

에러

{
  "error": "invalid_client",
  "error_description": "Invalid client credentials."
}

🚨 OAuth2 에러 코드

OAuth2 에러

  • invalid_request: 잘못된 요청 (모든 OAuth2 에러에 대해 사용됨)
  • invalid_client: 잘못된 클라이언트 정보
  • invalid_token: 잘못된 토큰
  • server_error: 서버 내부 오류

📞 지원

기술 지원

다음 단계