orgfront refresh token 관리 추가

2026-06-18 08:00:57 +09:00
parent 5f3167a503
commit 33249eb229
32 changed files with 867 additions and 337 deletions
--- a/orgfront/src/lib/auth.ts
+++ b/orgfront/src/lib/auth.ts
@@ -1,17 +1,17 @@
 import { UserManager, WebStorageStateStore } from "oidc-client-ts";
 import type { AuthProviderProps } from "react-oidc-context";
+import { buildCommonUserManagerSettings } from "../../../common/core/auth";
 import {
-  buildCommonOidcRuntimeConfig,
-  buildCommonUserManagerSettings,
-} from "../../../common/core/auth";
-import { resolveOrgFrontPublicOrigin } from "./authConfig";
+  buildOrgFrontOidcRuntimeConfig,
+  resolveOrgFrontPublicOrigin,
+} from "./authConfig";

 const orgFrontPublicOrigin = resolveOrgFrontPublicOrigin(
  import.meta.env.VITE_ORGFRONT_PUBLIC_URL,
  window.location.origin,
 );

-export const oidcConfig: AuthProviderProps = buildCommonOidcRuntimeConfig({
+export const oidcConfig: AuthProviderProps = buildOrgFrontOidcRuntimeConfig({
  authority:
    import.meta.env.VITE_OIDC_AUTHORITY || "http://localhost:5000/oidc",
  clientId: import.meta.env.VITE_OIDC_CLIENT_ID || "orgfront",
--- a/orgfront/src/lib/authConfig.test.ts
+++ b/orgfront/src/lib/authConfig.test.ts
@@ -1,6 +1,7 @@
 import { describe, expect, it } from "vitest";
 import {
  buildOrgFrontAuthRedirectUris,
+  buildOrgFrontOidcRuntimeConfig,
  ORGFRONT_AUTH_CALLBACK_PATH,
  resolveOrgFrontPublicOrigin,
 } from "./authConfig";
@@ -26,4 +27,18 @@ describe("orgfront auth config", () => {
  it("keeps the callback path aligned with the registered redirect path", () => {
    expect(ORGFRONT_AUTH_CALLBACK_PATH).toBe("/auth/callback");
  });
+
+  it("requests offline access and enables refresh-token based renewal", () => {
+    const config = buildOrgFrontOidcRuntimeConfig({
+      authority: "https://sso.hmac.kr/oidc",
+      clientId: "orgfront",
+      origin: "https://org.hmac.kr",
+      userStore: { kind: "test-store" },
+    });
+
+    expect(config.scope.split(/\s+/)).toEqual(
+      expect.arrayContaining(["openid", "offline_access", "profile", "email"]),
+    );
+    expect(config.automaticSilentRenew).toBe(true);
+  });
 });
--- a/orgfront/src/lib/authConfig.ts
+++ b/orgfront/src/lib/authConfig.ts
@@ -1,3 +1,8 @@
+import {
+  buildCommonOidcRuntimeConfig,
+  type CommonOidcConfigOptions,
+} from "../../../common/core/auth";
+
 export interface OrgFrontAuthRedirectUris {
  redirectUri: string;
  postLogoutRedirectUri: string;
@@ -31,3 +36,12 @@ export function buildOrgFrontAuthRedirectUris(
    popupRedirectUri: `${publicOrigin}${ORGFRONT_AUTH_CALLBACK_PATH}`,
  };
 }
+
+export function buildOrgFrontOidcRuntimeConfig<TUserStore>(
+  options: Omit<CommonOidcConfigOptions<TUserStore>, "automaticSilentRenew">,
+) {
+  return buildCommonOidcRuntimeConfig({
+    ...options,
+    automaticSilentRenew: true,
+  });
+}