fix: resolve OIDC session state issue and synchronize portal sessions

Details: - Backend: Extract Kratos session cookies and propagate via SetCookies in AuthInfo. - Backend: Include sessionJwt and token during OIDC flows in PasswordLogin. - UserFront: Add _silentSessionRecovery in main.dart to recover session via cookies if localStorage token is missing. - UserFront: Update AuthProxyService, AuthTokenStore, AuthNotifier to support silent recovery and immediate local state update before redirect. - AdminFront/DevFront: Fix OIDC authority to point directly to Gateway proxy and add recovery/error UI components.
2026-04-21 14:10:27 +09:00
parent 1024ad17d3
commit 0f79b7635b
12 changed files with 199 additions and 5 deletions
--- a/userfront/lib/features/auth/presentation/login_screen.dart
+++ b/userfront/lib/features/auth/presentation/login_screen.dart
@@ -348,8 +348,18 @@ class _LoginScreenState extends ConsumerState<LoginScreen>
        loginChallenge,
        token: token,
      );
+
+      // IMPORTANT: If backend returned a token during OIDC flow, save it to fix login state.
+      final jwt = res['sessionJwt'] ?? res['token'] ?? token;
+      if (jwt != null && jwt.isNotEmpty) {
+        final provider = res['provider'] as String? ?? AuthTokenStore.getProvider();
+        await AuthNotifier.instance.onLoginSuccess(jwt, provider: provider);
+      }
+
      final redirectTo = res['redirectTo'] as String?;
      if (redirectTo != null && redirectTo.isNotEmpty) {
+        // Give 50ms delay for localStorage to settle
+        await Future.delayed(const Duration(milliseconds: 50));
        return _redirectToOidcTarget(redirectTo, source: 'accept_oidc_login');
      }
    } catch (e) {
@@ -1294,10 +1304,22 @@ class _LoginScreenState extends ConsumerState<LoginScreen>
            loginChallenge,
            token: token,
          );
+
+          // IMPORTANT: If backend returned a token during OIDC flow, save it to fix login state.
+          final jwt = res['sessionJwt'] ?? res['token'] ?? token;
+          if (jwt != null && jwt.isNotEmpty) {
+            await AuthNotifier.instance.onLoginSuccess(
+              jwt,
+              provider: res['provider'] as String? ?? providerName,
+            );
+          }
+
          final nextRedirectTo = res['redirectTo'] as String?;

          if (nextRedirectTo != null && nextRedirectTo.isNotEmpty) {
            loginChallengeLoopGuard.clear(loginChallenge);
+            // Give 50ms delay for localStorage to settle
+            await Future.delayed(const Duration(milliseconds: 50));
            webWindow.redirectTo(nextRedirectTo); // Removed await
            return;
          } else {}