fix: resolve OIDC session state issue and synchronize portal sessions

Details: - Backend: Extract Kratos session cookies and propagate via SetCookies in AuthInfo. - Backend: Include sessionJwt and token during OIDC flows in PasswordLogin. - UserFront: Add _silentSessionRecovery in main.dart to recover session via cookies if localStorage token is missing. - UserFront: Update AuthProxyService, AuthTokenStore, AuthNotifier to support silent recovery and immediate local state update before redirect. - AdminFront/DevFront: Fix OIDC authority to point directly to Gateway proxy and add recovery/error UI components.
2026-04-21 14:10:27 +09:00
parent 1024ad17d3
commit 0f79b7635b
12 changed files with 199 additions and 5 deletions
--- a/adminfront/src/features/auth/LoginPage.tsx
+++ b/adminfront/src/features/auth/LoginPage.tsx
@@ -64,6 +64,26 @@ function LoginPage() {
          </div>
        </div>

+        {auth.error && (
+          <div className="rounded-lg bg-destructive/15 p-4 text-sm text-destructive border border-destructive/20 animate-in fade-in slide-in-from-top-1">
+            <div className="font-bold flex items-center gap-2 mb-1">
+              <ShieldHalf size={16} />
+              인증 오류가 발생했습니다
+            </div>
+            <p className="opacity-90">{auth.error.message}</p>
+            <Button
+              variant="link"
+              className="p-0 h-auto text-destructive underline mt-2"
+              onClick={() => {
+                window.location.href =
+                  window.location.origin + window.location.pathname;
+              }}
+            >
+              다시 시도하기
+            </Button>
+          </div>
+        )}
+
        <Card className="border-primary/20 bg-card/50 backdrop-blur-xl shadow-2xl">
          <CardHeader className="space-y-1">
            <CardTitle className="text-2xl flex items-center gap-2">
--- a/adminfront/src/lib/auth.ts
+++ b/adminfront/src/lib/auth.ts
@@ -3,12 +3,13 @@ import type { AuthProviderProps } from "react-oidc-context";

 export const oidcConfig: AuthProviderProps = {
  authority:
-    import.meta.env.VITE_OIDC_AUTHORITY || "http://localhost:5000/oidc", // Gateway Proxy URL
+    import.meta.env.VITE_OIDC_AUTHORITY || "https://sso.hmac.kr/oidc", // Gateway Proxy URL
  client_id: import.meta.env.VITE_OIDC_CLIENT_ID || "adminfront",
  redirect_uri: `${window.location.origin}/auth/callback`,
  response_type: "code",
  scope: "openid offline_access profile email", // offline_access for refresh token
  post_logout_redirect_uri: window.location.origin,
+  popup_redirect_uri: `${window.location.origin}/auth/callback`,
  userStore: new WebStorageStateStore({ store: window.localStorage }),
  automaticSilentRenew: false,
 };