fix(auth): separate pkce and headless trusted rp config

2026-03-31 10:44:04 +09:00
parent 4b34ab8161
commit 33afe1eddf
8 changed files with 274 additions and 62 deletions
--- a/backend/internal/handler/auth_handler_link_test.go
+++ b/backend/internal/handler/auth_handler_link_test.go
@@ -171,11 +171,12 @@ func TestHeadlessLinkInit_TrustedClientSuccess(t *testing.T) {
 				Challenge: "challenge-123",
 				Client: domain.HydraClient{
 					ClientID:                "trusted-rp",
-					TokenEndpointAuthMethod: "private_key_jwt",
-					JWKS:                    jwks,
+					TokenEndpointAuthMethod: "none",
 					Metadata: map[string]interface{}{
-						"status":                 "active",
-						"headless_login_enabled": true,
+						"status":                              "active",
+						"headless_login_enabled":              true,
+						"headless_token_endpoint_auth_method": "private_key_jwt",
+						"headless_jwks":                       jwks,
 					},
 				},
 			})
@@ -232,11 +233,12 @@ func TestHeadlessLinkPoll_AfterApprovalReturnsRedirect(t *testing.T) {
 				Challenge: "challenge-123",
 				Client: domain.HydraClient{
 					ClientID:                "trusted-rp",
-					TokenEndpointAuthMethod: "private_key_jwt",
-					JWKS:                    jwks,
+					TokenEndpointAuthMethod: "none",
 					Metadata: map[string]interface{}{
-						"status":                 "active",
-						"headless_login_enabled": true,
+						"status":                              "active",
+						"headless_login_enabled":              true,
+						"headless_token_endpoint_auth_method": "private_key_jwt",
+						"headless_jwks":                       jwks,
 					},
 				},
 			})