forked from baron/baron-sso
orgfront refresh token 관리 추가
This commit is contained in:
@@ -1,17 +1,17 @@
|
||||
import { UserManager, WebStorageStateStore } from "oidc-client-ts";
|
||||
import type { AuthProviderProps } from "react-oidc-context";
|
||||
import { buildCommonUserManagerSettings } from "../../../common/core/auth";
|
||||
import {
|
||||
buildCommonOidcRuntimeConfig,
|
||||
buildCommonUserManagerSettings,
|
||||
} from "../../../common/core/auth";
|
||||
import { resolveOrgFrontPublicOrigin } from "./authConfig";
|
||||
buildOrgFrontOidcRuntimeConfig,
|
||||
resolveOrgFrontPublicOrigin,
|
||||
} from "./authConfig";
|
||||
|
||||
const orgFrontPublicOrigin = resolveOrgFrontPublicOrigin(
|
||||
import.meta.env.VITE_ORGFRONT_PUBLIC_URL,
|
||||
window.location.origin,
|
||||
);
|
||||
|
||||
export const oidcConfig: AuthProviderProps = buildCommonOidcRuntimeConfig({
|
||||
export const oidcConfig: AuthProviderProps = buildOrgFrontOidcRuntimeConfig({
|
||||
authority:
|
||||
import.meta.env.VITE_OIDC_AUTHORITY || "http://localhost:5000/oidc",
|
||||
clientId: import.meta.env.VITE_OIDC_CLIENT_ID || "orgfront",
|
||||
|
||||
@@ -1,6 +1,7 @@
|
||||
import { describe, expect, it } from "vitest";
|
||||
import {
|
||||
buildOrgFrontAuthRedirectUris,
|
||||
buildOrgFrontOidcRuntimeConfig,
|
||||
ORGFRONT_AUTH_CALLBACK_PATH,
|
||||
resolveOrgFrontPublicOrigin,
|
||||
} from "./authConfig";
|
||||
@@ -26,4 +27,18 @@ describe("orgfront auth config", () => {
|
||||
it("keeps the callback path aligned with the registered redirect path", () => {
|
||||
expect(ORGFRONT_AUTH_CALLBACK_PATH).toBe("/auth/callback");
|
||||
});
|
||||
|
||||
it("requests offline access and enables refresh-token based renewal", () => {
|
||||
const config = buildOrgFrontOidcRuntimeConfig({
|
||||
authority: "https://sso.hmac.kr/oidc",
|
||||
clientId: "orgfront",
|
||||
origin: "https://org.hmac.kr",
|
||||
userStore: { kind: "test-store" },
|
||||
});
|
||||
|
||||
expect(config.scope.split(/\s+/)).toEqual(
|
||||
expect.arrayContaining(["openid", "offline_access", "profile", "email"]),
|
||||
);
|
||||
expect(config.automaticSilentRenew).toBe(true);
|
||||
});
|
||||
});
|
||||
|
||||
@@ -1,3 +1,8 @@
|
||||
import {
|
||||
buildCommonOidcRuntimeConfig,
|
||||
type CommonOidcConfigOptions,
|
||||
} from "../../../common/core/auth";
|
||||
|
||||
export interface OrgFrontAuthRedirectUris {
|
||||
redirectUri: string;
|
||||
postLogoutRedirectUri: string;
|
||||
@@ -31,3 +36,12 @@ export function buildOrgFrontAuthRedirectUris(
|
||||
popupRedirectUri: `${publicOrigin}${ORGFRONT_AUTH_CALLBACK_PATH}`,
|
||||
};
|
||||
}
|
||||
|
||||
export function buildOrgFrontOidcRuntimeConfig<TUserStore>(
|
||||
options: Omit<CommonOidcConfigOptions<TUserStore>, "automaticSilentRenew">,
|
||||
) {
|
||||
return buildCommonOidcRuntimeConfig({
|
||||
...options,
|
||||
automaticSilentRenew: true,
|
||||
});
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user