[Update] oauth 탐지 로직 정교화

2025-06-02 10:50:11 +09:00 · 2025-06-02 10:50:11 +09:00 · b8b7edb5ac
commit b8b7edb5ac
parent 9ccd1eb7ac
4 changed files with 180 additions and 45 deletions
--- a/packages/backend/src/index.ts
+++ b/packages/backend/src/index.ts
@ -6,17 +6,15 @@ import { CsrfCheck } from "./controller/csrfCheck";
 import { PKCECheck } from "./controller/PKCECheck";
 import { AccessTokenLeakController } from "./controller/accessTokenDetector";
 import { ScopeDetection } from "./controller/scopeDetection";
-import { NonceCheckController } from "./controller/nonceCheck";
+// import { NonceCheckController } from "./controller/nonceCheck";

 export type API = DefineAPI<{}>;

 const csrfCheck = new CsrfCheck();
-// const implicitGrantController = new ImplicitGrantController();
-// const authZCodeGrantController = new AuthZCodeGrantController();
 const pkceCheckController = new PKCECheck();
 const tokenCheck = new AccessTokenLeakController();
 const ScopeDetectionController = new ScopeDetection();
-const nonceCheckController = new NonceCheckController();
+// const nonceCheckController = new NonceCheckController();

 export function init(sdk: SDK<API>) {
  sdk.events.onInterceptResponse(async (sdk, req: Request, res: Response) => {
@ -26,14 +24,14 @@ export function init(sdk: SDK<API>) {
    await tokenCheck.testResp(sdk, res, req);
    await ScopeDetectionController.scan(sdk, req.getUrl());

-    if (NonceCheckController.isOidcFlow(req, res)) {
-      await sdk.findings.create({
-        title: "OIDC Flow Detected",
-        description: "The request appears to be part of an OIDC flow.",
-        request: req,
-        reporter: "",
-      });
-    }
+    // if (NonceCheckController.isOidcFlow(req, res)) {
+    //   await sdk.findings.create({
+    //     title: "OIDC Flow Detected",
+    //     description: "The request appears to be part of an OIDC flow.",
+    //     request: req,
+    //     reporter: "",
+    //   });
+    // }
  });

  /*