kevin/baron-sso
1
0
Fork 0
forked from baron/baron-sso
Code Pull Requests Activity

ID Token에 rt_expires_at 클레임 추가

Browse Source
This commit is contained in:
김용연
2026-06-15 14:42:02 +09:00
parent bfd9cab260
commit 006113ebc7
2 changed files with 49 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
test/ory_v26_compose_policy_test.sh
View File

@@ -306,6 +306,17 @@ if ! grep -q 'scripts/render_ory_config.sh' "$repo_root/.gitea/workflows/staging
exit 1
fi
for workflow_file in \
"$repo_root/.gitea/workflows/staging_code_pull.yml" \
"$repo_root/.gitea/workflows/staging_release.yml" \
"$repo_root/.gitea/workflows/production_release.yml"
do
if ! grep -q 'HYDRA_REFRESH_TOKEN_TTL' "$workflow_file"; then
echo "ERROR: workflow must propagate HYDRA_REFRESH_TOKEN_TTL into deployment env: $workflow_file" >&2
exit 1
fi
done
if ! grep -q 'up -d --force-recreate kratos hydra keto oathkeeper' "$repo_root/.gitea/workflows/staging_code_pull.yml"; then
echo "ERROR: staging code pull must restart Ory services after rendering static config." >&2
exit 1
@@ -334,11 +345,13 @@ KRATOS_UI_URL=https://sso.hmac.kr
KRATOS_BROWSER_URL=https://sso.hmac.kr/auth
KRATOS_ADMIN_URL=http://kratos:4434
ORY_POSTGRES_PASSWORD=policy-test
HYDRA_REFRESH_TOKEN_TTL=168h
KRATOS_ALLOWED_RETURN_URLS_JSON=
KRATOS_ALLOWED_RETURN_URLS_EXTRA=
EOF
ORY_CONFIG_ENV_FILES="$stage_render_env" ORY_CONFIG_OUTPUT_DIR="$stage_render_dir/ory" "$repo_root/scripts/render_ory_config.sh" >/dev/null
stage_rendered_kratos="$stage_render_dir/ory/kratos/kratos.yml"
stage_rendered_hydra="$stage_render_dir/ory/hydra/hydra.yml"
if ! awk '/allowed_return_urls:/ { in_block=1; next } in_block && /^[[:space:]]+methods:/ { exit } in_block { print }' "$stage_rendered_kratos" | grep -q 'https://sso.hmac.kr'; then
echo "ERROR: rendered stage Kratos config must include the public userfront URL in allowed_return_urls." >&2
exit 1
@@ -351,6 +364,10 @@ if ! awk '/session:/ { in_session=1 } in_session && /domain:/ { print; exit }' "
echo "ERROR: rendered stage Kratos config must derive hmac.kr as session.cookie.domain." >&2
exit 1
fi
if ! awk '/ttl:/ { in_ttl=1; next } in_ttl && /^[^[:space:]]/ { exit } in_ttl { print }' "$stage_rendered_hydra" | grep -q 'refresh_token: 168h'; then
echo "ERROR: rendered stage Hydra config must include HYDRA_REFRESH_TOKEN_TTL as ttl.refresh_token." >&2
exit 1
fi
rm -rf "$stage_render_dir" "$stage_render_env"
for generated_config in \