프론트엔드 동의 화면 추가 및 OIDC 로그인 흐름 완성

userfront/lib/features/auth/presentation/login_screen.dart

@@ -10,10 +10,13 @@ import '../../../core/services/auth_proxy_service.dart';
 import '../../../core/services/auth_token_store.dart';
 import '../../../core/notifiers/auth_notifier.dart';
 import '../../profile/domain/notifiers/profile_notifier.dart';
+import 'dart:html' as html;
 
 class LoginScreen extends ConsumerStatefulWidget {
   final String? verificationToken;
-  const LoginScreen({super.key, this.verificationToken});
+  final String? loginChallenge;
+
+  const LoginScreen({super.key, this.verificationToken, this.loginChallenge});
 
   @override
   ConsumerState<LoginScreen> createState() => _LoginScreenState();
@@ -26,6 +29,7 @@ class _LoginScreenState extends ConsumerState<LoginScreen>
   final TextEditingController _passwordLoginIdController = TextEditingController();
   final TextEditingController _passwordController = TextEditingController();
   String? _redirectUrl;
+  String? _loginChallenge;
 
   // QR Login Variables
   String? _qrImageBase64;
@@ -58,14 +62,13 @@ class _LoginScreenState extends ConsumerState<LoginScreen>
   @override
   void initState() {
     super.initState();
-    // 탭 컨트롤러: 3개 탭, 기본 선택은 두 번째 탭("로그인 링크")
     _tabController = TabController(length: 3, vsync: this, initialIndex: 1);
     _tabController.addListener(_handleTabSelection);
     _drySendEnabled = _parseBoolParam(Uri.base.queryParameters['drySend']) && !AuthProxyService.isProdEnv;
-    
-    // Check for tokens (Path Parameter or Legacy Query Parameter)
+
     WidgetsBinding.instance.addPostFrameCallback((_) {
       final uri = Uri.base;
+      _loginChallenge = widget.loginChallenge ?? uri.queryParameters['login_challenge'];
       final loginIdParam = uri.queryParameters['loginId'];
       final codeParam = uri.queryParameters['code'];
       final pendingRefParam = uri.queryParameters['pendingRef'];
@@ -190,7 +193,6 @@ class _LoginScreenState extends ConsumerState<LoginScreen>
     });
   }
 
-  // JWT를 디코딩해 표시용 로그인 아이디 추출
   String _getLoginIdFromJwt(String jwt) {
     try {
       final parts = jwt.split('.');
@@ -198,7 +200,6 @@ class _LoginScreenState extends ConsumerState<LoginScreen>
       
       final payload = utf8.decode(base64Url.decode(base64Url.normalize(parts[1])));
       final data = json.decode(payload);
-      // 일반적으로 name/email/sub 필드를 사용
       return data['name'] ?? data['email'] ?? data['sub'] ?? 'User';
     } catch (e) {
       debugPrint("[JWT] Decode error: $e");
@@ -207,7 +208,6 @@ class _LoginScreenState extends ConsumerState<LoginScreen>
   }
 
   void _handleTabSelection() {
-    // QR 탭 (세 번째 탭, index 2)이 선택되었을 때 QR 플로우 시작
     if (_tabController.index == 2 && _qrPendingRef == null) {
       _startQrFlow();
     } else if (_tabController.index != 2) {
@@ -626,7 +626,6 @@ class _LoginScreenState extends ConsumerState<LoginScreen>
     super.dispose();
   }
 
-  // 이메일/비밀번호 로그인 처리
   Future<void> _handlePasswordLogin() async {
     final input = _passwordLoginIdController.text.trim();
     final password = _passwordController.text.trim();
@@ -637,14 +636,12 @@ class _LoginScreenState extends ConsumerState<LoginScreen>
 
     String loginId = input;
     if (!input.contains('@')) {
-      // Format phone number if it's not an email
       loginId = input.replaceAll(RegExp(r'[-\s]'), '');
       if (loginId.startsWith('010')) {
         loginId = '+82${loginId.substring(1)}';
       }
     }
 
-    // 로딩 인디케이터 표시
     showDialog(
       context: context,
       barrierDismissible: false,
@@ -652,15 +649,23 @@ class _LoginScreenState extends ConsumerState<LoginScreen>
     );
 
     try {
-      final res = await AuthProxyService.loginWithPassword(loginId, password);
+      final res = await AuthProxyService.loginWithPassword(loginId, password, loginChallenge: _loginChallenge);
       final jwt = res['sessionJwt'];
       final provider = res['provider'] as String?;
-      if (jwt != null && mounted) {
-        Navigator.of(context).pop(); // 로딩 닫기
+      final redirectTo = res['redirectTo'] as String?;
+
+      if (mounted) Navigator.of(context).pop();
+
+      if (redirectTo != null && redirectTo.isNotEmpty) {
+        html.window.location.href = redirectTo;
+        return;
+      }
+
+      if (jwt != null) {
         _onLoginSuccess(jwt, provider: provider);
       }
     } catch (e) {
-      if (mounted) Navigator.of(context).pop(); // 로딩 닫기
+      if (mounted) Navigator.of(context).pop();
       if (e.toString().contains("User not registered")) {
         _showUnregisteredDialog();
       } else {
@@ -669,14 +674,12 @@ class _LoginScreenState extends ConsumerState<LoginScreen>
     }
   }
 
-  // 로그인 링크 전송 처리
   Future<void> _handleLinkLogin() async {
     final input = _linkIdController.text.trim();
     if (input.isEmpty) return;
 
     String loginId = input;
     if (!input.contains('@')) {
-      // Format phone number if it's not an email
       loginId = input.replaceAll(RegExp(r'[-\s]'), '');
       if (loginId.startsWith('010')) {
         loginId = '+82${loginId.substring(1)}';
@@ -685,7 +688,6 @@ class _LoginScreenState extends ConsumerState<LoginScreen>
     
     debugPrint("[Auth] Initiating Enchanted Link for: $loginId");
     
-    // 링크 전송 전 사용자 존재 여부 체크 (백엔드에서 이미 처리하지만 에러 핸들링을 위해)
     try {
       await _startEnchantedFlow(loginId, isEmail: input.contains('@'));
     } catch (e) {
@@ -707,7 +709,6 @@ class _LoginScreenState extends ConsumerState<LoginScreen>
         );
       }
 
-      // 1. Init via Backend API
       final initResponse = await AuthProxyService.initEnchantedLink(
         loginId,
         codeOnly: codeOnly,
@@ -727,13 +728,12 @@ class _LoginScreenState extends ConsumerState<LoginScreen>
           _lastLinkLoginId = loginId;
           _lastLinkIsEmail = isEmail;
         });
-        Navigator.of(context).pop(); // Close Loading
+        Navigator.of(context).pop();
 
         _showInfo(isEmail
             ? "입력하신 이메일로 로그인 링크를 보냈습니다."
             : "입력하신 번호로 로그인 링크를 보냈습니다.");
 
-        // 2. Poll Backend manually
         final initialInterval = (interval is int && interval > 0)
             ? Duration(seconds: interval)
             : const Duration(seconds: 2);
@@ -761,7 +761,7 @@ class _LoginScreenState extends ConsumerState<LoginScreen>
 
   Future<void> _pollForSession(String pendingRef, {Duration? initialInterval}) async {
     int attempts = 0;
-    const maxAttempts = 60; // 2 minutes
+    const maxAttempts = 60;
     var pollInterval = initialInterval ?? const Duration(seconds: 2);
     debugPrint("[Auth] Starting poll for ref: $pendingRef");
 
@@ -789,7 +789,7 @@ class _LoginScreenState extends ConsumerState<LoginScreen>
         }
         if (result['error'] == 'expired_token') {
           if (mounted) {
-            Navigator.of(context).pop(); // Close Polling Dialog
+            Navigator.of(context).pop();
             _showError("Login timed out.");
           }
           return;
@@ -820,7 +820,7 @@ class _LoginScreenState extends ConsumerState<LoginScreen>
 
     if (mounted) {
       debugPrint("[Auth] Polling timed out for ref: $pendingRef");
-      Navigator.of(context).pop(); // Close Polling Dialog
+      Navigator.of(context).pop();
       _showError("Login timed out.");
     }
   }
@@ -879,19 +879,16 @@ class _LoginScreenState extends ConsumerState<LoginScreen>
     AuthTokenStore.setToken(token, provider: providerName);
     AuthTokenStore.clearPendingProvider();
 
-    // 로그인 성공 직후 백엔드에서 전체 프로필 정보를 가져와 세션 업데이트
     try {
       await ref.read(profileProvider.notifier).loadProfile();
     } catch (e) {
       debugPrint("[Auth] Failed to pre-fetch profile: $e");
     }
 
-    // 1. Handle Popup Flow
     if (WebAuthIntegration.isPopup()) {
       debugPrint("[Auth] Popup detected. Notifying opener and attempting to close.");
       WebAuthIntegration.sendLoginSuccess(token);
     } else {
-      // 2. Handle Redirect Flow
       if (_redirectUrl != null && _redirectUrl!.isNotEmpty) {
         debugPrint("[Auth] Redirecting standalone window to: $_redirectUrl");
         final target = "$_redirectUrl?token=$token";
@@ -900,7 +897,6 @@ class _LoginScreenState extends ConsumerState<LoginScreen>
       }
     }
 
-    // 3. Standalone mode / Fallback
     debugPrint("[Auth] Login success. Navigating to root.");
     AuthNotifier.instance.notify();
     if (mounted) {
@@ -908,7 +904,6 @@ class _LoginScreenState extends ConsumerState<LoginScreen>
     }
   }
 
-  // [New] 미등록 회원 안내 팝업
   void _showUnregisteredDialog() {
     showDialog(
       context: context,
@@ -1010,7 +1005,6 @@ class _LoginScreenState extends ConsumerState<LoginScreen>
                         child: TabBarView(
                           controller: _tabController,
                           children: [
-                            // 1. 이메일/비밀번호 로그인 폼
                             Padding(
                               padding: const EdgeInsets.only(top: 16.0),
                               child: Column(
@@ -1047,7 +1041,6 @@ class _LoginScreenState extends ConsumerState<LoginScreen>
                               ),
                             ),
                             
-                            // 2. 로그인 링크 전송 -> 전송 후 코드 입력으로 전환
                             Padding(
                               padding: const EdgeInsets.only(top: 16.0),
                               child: Column(
@@ -1188,7 +1181,6 @@ class _LoginScreenState extends ConsumerState<LoginScreen>
                               ),
                             ),
 
-                            // 3. QR 로그인 뷰
                             Column(
                               mainAxisAlignment: MainAxisAlignment.center,
                               crossAxisAlignment: CrossAxisAlignment.center,