tenant 제한 에러 처리 보안

userfront/lib/features/auth/presentation/consent_screen.dart

@@ -1,5 +1,3 @@
-import 'dart:convert';
-
 import 'package:flutter/material.dart';
 import 'package:go_router/go_router.dart';
 import 'package:userfront/i18n.dart';
@@ -153,19 +151,7 @@ class _ConsentScreenState extends State<ConsentScreen> {
         if (!mounted) {
           return;
         }
-        final localeCode =
-            extractLocaleFromPath(Uri.base) ?? resolvePreferredLocaleCode();
-        final target = buildLocalizedPath(
-          localeCode,
-          Uri(
-            path: '/error',
-            queryParameters: {
-              'error': e.errorCode,
-              'error_description': e.message,
-              if (e.details != null) 'details': jsonEncode(e.details),
-            },
-          ),
-        );
+        final target = buildTenantAccessErrorPath(e, Uri.base);
         context.go(target);
         return;
       }

userfront/lib/features/auth/presentation/login_screen.dart

@@ -17,6 +17,7 @@ import '../../../core/services/oidc_redirect_guard.dart';
 import '../../../core/notifiers/auth_notifier.dart';
 import '../domain/login_challenge_resolver.dart';
 import '../domain/cookie_session_policy.dart';
+import '../domain/consent_error_routing.dart';
 import '../domain/login_link_route_policy.dart';
 import '../domain/verification_completion_route.dart';
 import '../../profile/domain/notifiers/profile_notifier.dart';
@@ -1666,6 +1667,16 @@ class _LoginScreenState extends ConsumerState<LoginScreen>
             return;
           } else {}
         } catch (e) {
+          if (e is AuthProxyException &&
+              shouldRouteTenantAccessErrorToErrorScreen(e)) {
+            final target = buildTenantAccessErrorPath(e, Uri.base);
+            if (mounted) {
+              context.go(target);
+            } else {
+              webWindow.redirectTo(target);
+            }
+            return;
+          }
           _showError(tr('msg.userfront.login.oidc_failed'));
           return;
         }