kevin/baron-sso
1
0
Fork 0
forked from baron/baron-sso
Code Pull Requests Activity

fix: resolve OIDC session state issue and synchronize portal sessions

Browse Source 
Details:
- Backend: Extract Kratos session cookies and propagate via SetCookies in AuthInfo.
- Backend: Include sessionJwt and token during OIDC flows in PasswordLogin.
- UserFront: Add _silentSessionRecovery in main.dart to recover session via cookies if localStorage token is missing.
- UserFront: Update AuthProxyService, AuthTokenStore, AuthNotifier to support silent recovery and immediate local state update before redirect.
- AdminFront/DevFront: Fix OIDC authority to point directly to Gateway proxy and add recovery/error UI components.
This commit is contained in:
조찬영
2026-04-21 14:10:27 +09:00
parent 1024ad17d3
commit 0f79b7635b
12 changed files with 199 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
userfront/lib/core/notifiers/auth_notifier.dart
View File

@@ -1,8 +1,15 @@
import 'package:flutter/foundation.dart';
import '../services/auth_token_store.dart';
class AuthNotifier extends ChangeNotifier {
static final AuthNotifier instance = AuthNotifier();
Future<void> onLoginSuccess(String token, {String? provider}) async {
AuthTokenStore.setToken(token, provider: provider);
AuthTokenStore.clearPendingProvider();
notifyListeners();
}
void notify() {
notifyListeners();
}

26
userfront/lib/core/services/auth_proxy_service.dart
View File

@@ -92,6 +92,32 @@ class AuthProxyService {
}
}
static Future<Map<String, dynamic>> getMe({String? token, bool useCookie = true}) async {
final url = Uri.parse('$_baseUrl/api/v1/user/me');
final client = createHttpClient(withCredentials: useCookie);
try {
final headers = <String, String>{'Content-Type': 'application/json'};
if (!useCookie && token != null && token.isNotEmpty) {
headers['Authorization'] = 'Bearer $token';
}
final response = await client.get(
url,
headers: headers,
);
if (response.statusCode == 200) {
return jsonDecode(response.body);
}
throw _error(
'err.userfront.auth_proxy.profile_load',
'프로필을 불러오지 못했습니다: {{error}}',
detail: response.body,
);
} finally {
client.close();
}
}
static Future<int> getSessionStatus({
String? token,
bool useCookie = false,

5
userfront/lib/core/services/auth_token_store.dart
View File

@@ -2,6 +2,11 @@ import 'auth_token_store_stub.dart'
if (dart.library.js_interop) 'auth_token_store_web.dart';
class AuthTokenStore {
static bool hasToken() {
final token = getToken();
return token != null && token.isNotEmpty;
}
static String? getToken() => authTokenStore.getToken();
static String? getProvider() => authTokenStore.getProvider();

22
userfront/lib/features/auth/presentation/login_screen.dart
View File

@@ -348,8 +348,18 @@ class _LoginScreenState extends ConsumerState<LoginScreen>
loginChallenge,
token: token,
);
// IMPORTANT: If backend returned a token during OIDC flow, save it to fix login state.
final jwt = res['sessionJwt'] ?? res['token'] ?? token;
if (jwt != null && jwt.isNotEmpty) {
final provider = res['provider'] as String? ?? AuthTokenStore.getProvider();
await AuthNotifier.instance.onLoginSuccess(jwt, provider: provider);
}
final redirectTo = res['redirectTo'] as String?;
if (redirectTo != null && redirectTo.isNotEmpty) {
// Give 50ms delay for localStorage to settle
await Future.delayed(const Duration(milliseconds: 50));
return _redirectToOidcTarget(redirectTo, source: 'accept_oidc_login');
}
} catch (e) {
@@ -1294,10 +1304,22 @@ class _LoginScreenState extends ConsumerState<LoginScreen>
loginChallenge,
token: token,
);
// IMPORTANT: If backend returned a token during OIDC flow, save it to fix login state.
final jwt = res['sessionJwt'] ?? res['token'] ?? token;
if (jwt != null && jwt.isNotEmpty) {
await AuthNotifier.instance.onLoginSuccess(
jwt,
provider: res['provider'] as String? ?? providerName,
);
}
final nextRedirectTo = res['redirectTo'] as String?;
if (nextRedirectTo != null && nextRedirectTo.isNotEmpty) {
loginChallengeLoopGuard.clear(loginChallenge);
// Give 50ms delay for localStorage to settle
await Future.delayed(const Duration(milliseconds: 50));
webWindow.redirectTo(nextRedirectTo); // Removed await
return;
} else {}

41
userfront/lib/main.dart
View File

@@ -73,6 +73,44 @@ Future<void> _loadBundledFonts() async {
}
}
Future<void> _silentSessionRecovery() async {
_log.info("[SessionRecovery] Starting silent session recovery check...");
// 1. Local token check
final hasLocalToken = AuthTokenStore.hasToken();
if (hasLocalToken) {
_log.info("[SessionRecovery] Local token found. Skipping recovery.");
return;
}
_log.info(
"[SessionRecovery] Local token missing. Checking for browser cookies...",
);
try {
// 2. Try fetching user info (backend will use cookies if present)
final userInfo = await AuthProxyService.getMe();
final subject = userInfo['id'] ?? userInfo['identity_id'] ?? '';
if (subject.isNotEmpty) {
_log.info(
"[SessionRecovery] Valid session found via cookies. Recovering login state...",
);
// For cookie-based auth, we don't necessarily have a JWT in local storage,
// but AuthNotifier needs to know we are logged in.
final jwt = userInfo['sessionJwt'] ?? userInfo['token'] ?? 'cookie-session';
await AuthNotifier.instance.onLoginSuccess(jwt);
_log.info("[SessionRecovery] Recovery complete. Subject: $subject");
} else {
_log.warning("[SessionRecovery] Session found but subject is empty.");
}
} catch (e) {
_log.info(
"[SessionRecovery] No valid cookie session found or request failed: $e",
);
}
}
void main() async {
WidgetsFlutterBinding.ensureInitialized();
usePathUrlStrategy();
@@ -115,6 +153,9 @@ void main() async {
// 폰트를 먼저 로딩해서 렌더링 깨짐(FOIT/FOUT) 최소화
await _loadBundledFonts();
// 2. Silent Session Recovery (from cookies)
await _silentSessionRecovery();
runApp(
// URL(/en, /ko)이 있으면 우선 적용해서 첫 렌더부터 올바른 언어로 시작합니다.
() {