테넌트 접속 제한 백엔드 로직 수정

backend/internal/repository/client_consent_repository.go

@@ -29,7 +29,7 @@ func NewClientConsentRepository(db *gorm.DB) ClientConsentRepository {
 
 func (r *clientConsentRepo) Find(ctx context.Context, clientID, subject string) (*domain.ClientConsent, error) {
 	var consent domain.ClientConsent
-	err := r.db.WithContext(ctx).Unscoped().
+	err := r.db.WithContext(ctx).
 		Where("client_id = ? AND subject = ?", clientID, subject).
 		First(&consent).Error
 	if err != nil {

backend/internal/repository/client_consent_repository_test.go

@@ -0,0 +1,31 @@
+package repository
+
+import (
+	"baron-sso-backend/internal/domain"
+	"context"
+	"testing"
+
+	"github.com/lib/pq"
+	"github.com/stretchr/testify/assert"
+)
+
+func TestClientConsentRepository_Find_IgnoresSoftDeletedConsent(t *testing.T) {
+	repo := NewClientConsentRepository(testDB)
+	ctx := context.Background()
+
+	consent := &domain.ClientConsent{
+		ClientID:      "client-soft-delete",
+		Subject:       "user-soft-delete",
+		GrantedScopes: pq.StringArray{"openid", "profile"},
+	}
+
+	err := repo.Upsert(ctx, consent)
+	assert.NoError(t, err)
+
+	err = repo.Delete(ctx, consent.Subject, consent.ClientID)
+	assert.NoError(t, err)
+
+	found, err := repo.Find(ctx, consent.ClientID, consent.Subject)
+	assert.NoError(t, err)
+	assert.Nil(t, found)
+}