From 1f1e7b6ce729fec9d45af8d75559d751a8a16ba6 Mon Sep 17 00:00:00 2001
From: kyy <b24053@hanmaceng.co.kr>
Date: Wed, 4 Feb 2026 09:57:51 +0900
Subject: [PATCH] =?UTF-8?q?=ED=99=9C=EB=8F=99=EC=83=81=ED=99=A9=20?=
 =?UTF-8?q?=EC=B9=B4=EB=93=9C=20'=EC=97=B0=EB=8F=99=20=ED=95=B4=EC=A7=80'?=
 =?UTF-8?q?=20=EC=95=A1=EC=85=98=20=EC=B6=94=EA=B0=80?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../lib/core/services/auth_proxy_service.dart | 29 ++++++++++++++++---
 1 file changed, 25 insertions(+), 4 deletions(-)

diff --git a/userfront/lib/core/services/auth_proxy_service.dart b/userfront/lib/core/services/auth_proxy_service.dart
index 3ca09ca8..d5178f06 100644
--- a/userfront/lib/core/services/auth_proxy_service.dart
+++ b/userfront/lib/core/services/auth_proxy_service.dart
@@ -3,6 +3,7 @@ import 'package:http/http.dart' as http;
 import 'package:flutter_dotenv/flutter_dotenv.dart';
 import 'http_client.dart';
 import 'web_window.dart';
+import 'auth_token_store.dart';
 
 class AuthProxyService {
   static String _envOrDefault(String key, String fallback) {
@@ -596,11 +597,21 @@ class AuthProxyService {
 
   static Future<List<dynamic>> fetchLinkedRps() async {
     final url = Uri.parse('$_baseUrl/api/v1/user/rp/linked');
-    final client = createHttpClient(withCredentials: true);
+    final useCookie = AuthTokenStore.usesCookie();
+    final token = AuthTokenStore.getToken();
+
+    final client = createHttpClient(withCredentials: useCookie);
+    final headers = <String, String>{
+      'Content-Type': 'application/json',
+    };
+    if (!useCookie && token != null) {
+      headers['Authorization'] = 'Bearer $token';
+    }
+
     try {
       final response = await client.get(
         url,
-        headers: {'Content-Type': 'application/json'},
+        headers: headers,
       );
 
       if (response.statusCode == 200) {
@@ -616,11 +627,21 @@ class AuthProxyService {
 
   static Future<void> revokeLinkedRp(String clientId) async {
     final url = Uri.parse('$_baseUrl/api/v1/user/rp/linked/$clientId');
-    final client = createHttpClient(withCredentials: true);
+    final useCookie = AuthTokenStore.usesCookie();
+    final token = AuthTokenStore.getToken();
+
+    final client = createHttpClient(withCredentials: useCookie);
+    final headers = <String, String>{
+      'Content-Type': 'application/json',
+    };
+    if (!useCookie && token != null) {
+      headers['Authorization'] = 'Bearer $token';
+    }
+
     try {
       final response = await client.delete(
         url,
-        headers: {'Content-Type': 'application/json'},
+        headers: headers,
       );
 
       if (response.statusCode != 200) {