adminfront/devfront 앱 실행 기본 URL 설정

.env.sample

@@ -108,10 +108,6 @@ HYDRA_ADMIN_URL=http://hydra:4445
 # Oathkeeper가 /oidc 경로를 Hydra Public API로 라우팅합니다.
 HYDRA_PUBLIC_URL=${OATHKEEPER_PUBLIC_URL}/oidc
 
-# OIDC 클라이언트 callback (콤마 구분)
-ADMINFRONT_CALLBACK_URLS=http://localhost:5173/auth/callback,https://sso.hmac.kr/auth/callback
-DEVFRONT_CALLBACK_URLS=http://localhost:5174/auth/callback,https://sso.hmac.kr/devfront/auth/callback
-
 # Kratos allowed_return_urls 확장 목록 (콤마 구분, 선택)
 # 기본값은 KRATOS_UI_URL, USERFRONT_URL, 각 callback URL을 자동 포함합니다.
 KRATOS_ALLOWED_RETURN_URLS_EXTRA=[]
@@ -134,9 +130,11 @@ CSRF_COOKIE_NAME=__HOST-baronSSO_csrf
 CSRF_COOKIE_SECRET=localcsrf123
 
 # AdminFront OIDC 설정
+ADMINFRONT_URL=http://localhost:5173
 ADMINFRONT_CALLBACK_URLS=http://localhost:5173/auth/callback,https://sso.hmac.kr/auth/callback
 
 # DevFront OIDC 설정
 VITE_OIDC_CLIENT_ID=devfront
 VITE_OIDC_AUTHORITY=https://sso.hmac.kr/oidc
-DEVFRONT_CALLBACK_URLS=http://localhost:5174/auth/callback,https://sso.hmac.kr/devfront/auth/callback
+DEVFRONT_URL=http://localhost:5174
+DEVFRONT_CALLBACK_URLS=http://localhost:5174/auth/callback,https://sso.hmac.kr/devfront/auth/callback

.gitea/workflows/staging_code_pull.yml

@@ -120,6 +120,8 @@ jobs:
 
                   # Frontend OIDC configs for Staging
                   VITE_OIDC_AUTHORITY=https://sso.hmac.kr/oidc
+                  ADMINFRONT_URL=http://172.16.10.176:5173
+                  DEVFRONT_URL=http://172.16.10.176:5174
                   ADMINFRONT_CALLBACK_URLS=http://localhost:5173/auth/callback,https://sso.hmac.kr/auth/callback,http://172.16.10.176:5173/auth/callback,https://sadmin.hmac.kr/auth/callback
                   DEVFRONT_CALLBACK_URLS=http://localhost:5174/auth/callback,https://sso.hmac.kr/devfront/auth/callback,http://172.16.10.176:5174/auth/callback,https://sdev.hmac.kr/auth/callback
                   # OATHKEEPER_INTROSPECT_CLIENT_ID=${{ vars.OATHKEEPER_INTROSPECT_CLIENT_ID }}

backend/internal/handler/auth_handler.go

@@ -3388,13 +3388,11 @@ func (h *AuthHandler) ListLinkedRps(c *fiber.Ctx) error {
 			name = clientID
 		}
 
-		// ClientURI가 없으면 RedirectURIs에서 호스트 부분만 추출하여 URL로 사용 (Fallback)
-		clientURL := strings.TrimSpace(client.ClientURI)
-		if clientURL == "" && len(client.RedirectURIs) > 0 {
-			if parsed, err := url.Parse(client.RedirectURIs[0]); err == nil {
-				clientURL = fmt.Sprintf("%s://%s", parsed.Scheme, parsed.Host)
-			}
-		}
+		clientURL := resolveLinkedRPURL(
+			client.ClientID,
+			client.ClientURI,
+			client.RedirectURIs,
+		)
 
 		lastAuth := time.Time{}
 		if session.AuthenticatedAt != nil {
@@ -3484,12 +3482,11 @@ func (h *AuthHandler) ListLinkedRps(c *fiber.Ctx) error {
 					name = client.ClientID
 				}
 
-				clientURL := strings.TrimSpace(client.ClientURI)
-				if clientURL == "" && len(client.RedirectURIs) > 0 {
-					if parsed, err := url.Parse(client.RedirectURIs[0]); err == nil {
-						clientURL = fmt.Sprintf("%s://%s", parsed.Scheme, parsed.Host)
-					}
-				}
+				clientURL := resolveLinkedRPURL(
+					client.ClientID,
+					client.ClientURI,
+					client.RedirectURIs,
+				)
 
 				records[dc.ClientID] = &linkedRpRecord{
 					linkedRpSummary: linkedRpSummary{
@@ -5423,6 +5420,32 @@ func extractHydraClientLogo(metadata map[string]interface{}) string {
 	return ""
 }
 
+func resolveLinkedRPURL(clientID string, clientURI string, redirectURIs []string) string {
+	switch strings.TrimSpace(clientID) {
+	case "adminfront":
+		if value := strings.TrimSpace(os.Getenv("ADMINFRONT_URL")); value != "" {
+			return value
+		}
+	case "devfront":
+		if value := strings.TrimSpace(os.Getenv("DEVFRONT_URL")); value != "" {
+			return value
+		}
+	}
+
+	clientURL := strings.TrimSpace(clientURI)
+	if clientURL != "" {
+		return clientURL
+	}
+
+	if len(redirectURIs) > 0 {
+		if parsed, err := url.Parse(redirectURIs[0]); err == nil {
+			return fmt.Sprintf("%s://%s", parsed.Scheme, parsed.Host)
+		}
+	}
+
+	return ""
+}
+
 func mergeScopes(current []string, next []string) []string {
 	if len(next) == 0 {
 		return current

scripts/auth_config.sh

@@ -17,8 +17,10 @@ USERFRONT_URL="${USERFRONT_URL:-http://localhost:5000}"
 OATHKEEPER_PUBLIC_URL="${OATHKEEPER_PUBLIC_URL:-$USERFRONT_URL}"
 HYDRA_PUBLIC_URL="${HYDRA_PUBLIC_URL:-${OATHKEEPER_PUBLIC_URL%/}/oidc}"
 KRATOS_UI_URL="${KRATOS_UI_URL:-http://localhost:5000}"
-ADMINFRONT_CALLBACK_URLS="${ADMINFRONT_CALLBACK_URLS:-http://localhost:5173/auth/callback}"
-DEVFRONT_CALLBACK_URLS="${DEVFRONT_CALLBACK_URLS:-http://localhost:5174/callback}"
+ADMINFRONT_URL="${ADMINFRONT_URL:-http://172.16.10.176:5173}"
+DEVFRONT_URL="${DEVFRONT_URL:-http://172.16.10.176:5174}"
+ADMINFRONT_CALLBACK_URLS="${ADMINFRONT_CALLBACK_URLS:-http://172.16.10.176:5173/auth/callback}"
+DEVFRONT_CALLBACK_URLS="${DEVFRONT_CALLBACK_URLS:-http://172.16.10.176:5174/auth/callback}"
 KRATOS_ALLOWED_RETURN_URLS_EXTRA="${KRATOS_ALLOWED_RETURN_URLS_EXTRA:-}"
 
 declare -a WARNINGS=()
@@ -382,12 +384,21 @@ run_validation() {
   validate_dotenv_line_safety "HYDRA_PUBLIC_URL"
   validate_dotenv_line_safety "KRATOS_BROWSER_URL"
   validate_dotenv_line_safety "KRATOS_UI_URL"
+  validate_dotenv_line_safety "ADMINFRONT_URL"
+  validate_dotenv_line_safety "DEVFRONT_URL"
   validate_dotenv_line_safety "ADMINFRONT_CALLBACK_URLS"
   validate_dotenv_line_safety "DEVFRONT_CALLBACK_URLS"
 
+  if [[ -n "$ADMINFRONT_URL" ]]; then
+    validate_urls "ADMINFRONT_URL" "$ADMINFRONT_URL"
+  fi
+  if [[ -n "$DEVFRONT_URL" ]]; then
+    validate_urls "DEVFRONT_URL" "$DEVFRONT_URL"
+  fi
+
   collect_values
   validate_callback_group "ADMINFRONT_CALLBACK_URLS" "/auth/callback" "${ADMIN_CALLBACKS[@]}"
-  validate_callback_group "DEVFRONT_CALLBACK_URLS" "/callback" "${DEV_CALLBACKS[@]}"
+  validate_callback_group "DEVFRONT_CALLBACK_URLS" "/auth/callback" "${DEV_CALLBACKS[@]}"
   validate_gateway_mapping
   build_allowed_return_urls
 }