IdP 연동 기능 devfront 이전 및 클라이언트 종속으로 개편

backend/internal/domain/federation_models.go

@@ -18,16 +18,15 @@ const (
 // IdentityProviderConfig stores the configuration for an external Identity Provider.
 type IdentityProviderConfig struct {
 	ID           string         `gorm:"primaryKey;type:uuid;default:gen_random_uuid()" json:"id"`
-	TenantID     string         `gorm:"type:uuid;not null;index" json:"tenant_id"`
-	Tenant       Tenant         `gorm:"foreignKey:TenantID" json:"-"` // Belongs to Tenant
+	ClientID     string         `gorm:"type:uuid;not null;index" json:"client_id"` // Replaces TenantID
 	ProviderType ProviderType   `gorm:"type:varchar(10);not null" json:"provider_type"`
 	DisplayName  string         `gorm:"not null" json:"display_name"`
 	Status       string         `gorm:"default:'active'" json:"status"`
 
 	// OIDC Specific Fields
-	IssuerURL    *string `gorm:"null" json:"issuer_url,omitempty"`
-	ClientID     *string `gorm:"null" json:"client_id,omitempty"`
-	ClientSecret *string `gorm:"null" json:"client_secret,omitempty"`
+	IssuerURL       *string `gorm:"null" json:"issuer_url,omitempty"`
+	OIDCClientID    *string `gorm:"null" json:"oidc_client_id,omitempty"`    // Renamed from ClientID
+	OIDCClientSecret *string `gorm:"null" json:"oidc_client_secret,omitempty"` // Renamed from ClientSecret
 	// Scopes are space-separated
 	Scopes *string `gorm:"null" json:"scopes,omitempty"`
 

backend/internal/handler/federation_handler.go

@@ -62,6 +62,55 @@ func (h *FederationHandler) HandleOIDCCallback(c *fiber.Ctx) error {
 	return c.Redirect(redirectURL, fiber.StatusFound)
 }
 
+// --- New Client-based IdP Config Methods ---
+
+// ListIdpConfigsForClient handles listing all IdP configurations for a client.
+func (h *FederationHandler) ListIdpConfigsForClient(c *fiber.Ctx) error {
+	clientID := c.Params("clientId")
+	if clientID == "" {
+		return c.Status(fiber.StatusBadRequest).JSON(fiber.Map{"error": "clientId is required"})
+	}
+
+	var configs []domain.IdentityProviderConfig
+	if err := h.db.Where("client_id = ?", clientID).Find(&configs).Error; err != nil {
+		return c.Status(fiber.StatusInternalServerError).JSON(fiber.Map{"error": err.Error()})
+	}
+
+	return c.JSON(configs)
+}
+
+// CreateIdpConfigForClient handles the creation of a new IdP configuration for a client.
+func (h *FederationHandler) CreateIdpConfigForClient(c *fiber.Ctx) error {
+	clientID := c.Params("clientId")
+	if clientID == "" {
+		return c.Status(fiber.StatusBadRequest).JSON(fiber.Map{"error": "clientId is required in path"})
+	}
+
+	var req domain.IdentityProviderConfig
+	if err := c.BodyParser(&req); err != nil {
+		return c.Status(fiber.StatusBadRequest).JSON(fiber.Map{"error": "invalid request body"})
+	}
+
+	// Assign clientID from path parameter
+	req.ClientID = clientID
+
+	// Basic validation
+	if req.DisplayName == "" || req.ProviderType == "" {
+		return c.Status(fiber.StatusBadRequest).JSON(fiber.Map{"error": "display_name and provider_type are required"})
+	}
+	
+	// TODO: Optionally, validate if the clientID exists in Hydra
+
+	// Create in DB
+	if err := h.db.Create(&req).Error; err != nil {
+		return c.Status(fiber.StatusInternalServerError).JSON(fiber.Map{"error": err.Error()})
+	}
+
+	return c.Status(fiber.StatusCreated).JSON(req)
+}
+
+
+// --- Deprecated Tenant-based IdP Config Methods ---
 
 // ListIdpConfigsForTenant handles listing all IdP configurations for a tenant.
 func (h *FederationHandler) ListIdpConfigsForTenant(c *fiber.Ctx) error {
@@ -72,6 +121,8 @@ func (h *FederationHandler) ListIdpConfigsForTenant(c *fiber.Ctx) error {
 
 	// This is a temporary solution. We should create a proper method in the repository.
 	var configs []domain.IdentityProviderConfig
+	// Note: This now queries client_id, which is incorrect for tenants.
+	// This method is deprecated.
 	if err := h.db.Where("tenant_id = ?", tenantID).Find(&configs).Error; err != nil {
 		return c.Status(fiber.StatusInternalServerError).JSON(fiber.Map{"error": err.Error()})
 	}
@@ -86,14 +137,14 @@ func (h *FederationHandler) CreateIdpConfig(c *fiber.Ctx) error {
 		return c.Status(fiber.StatusBadRequest).JSON(fiber.Map{"error": "invalid request body"})
 	}
 
-	// Basic validation
-	if req.TenantID == "" || req.DisplayName == "" || req.ProviderType == "" {
-		return c.Status(fiber.StatusBadRequest).JSON(fiber.Map{"error": "tenant_id, display_name, and provider_type are required"})
+	// Basic validation - This is the old validation logic
+	if req.ClientID == "" || req.DisplayName == "" || req.ProviderType == "" {
+		return c.Status(fiber.StatusBadRequest).JSON(fiber.Map{"error": "client_id, display_name, and provider_type are required"})
 	}
 
-	// Check if tenant exists
+	// This check is now incorrect and deprecated.
 	var tenant domain.Tenant
-	if err := h.db.First(&tenant, "id = ?", req.TenantID).Error; err != nil {
+	if err := h.db.First(&tenant, "id = ?", req.ClientID).Error; err != nil {
 		if errors.Is(err, gorm.ErrRecordNotFound) {
 			return c.Status(fiber.StatusBadRequest).JSON(fiber.Map{"error": "tenant not found"})
 		}
@@ -107,4 +158,4 @@ func (h *FederationHandler) CreateIdpConfig(c *fiber.Ctx) error {
 
 	return c.Status(fiber.StatusCreated).JSON(req)
 }
-// TODO: Re-implement Update, Delete handlers for IdP Configs
+// TODO: Re-implement Update, Delete handlers for IdP Configs for Clients

backend/internal/service/federation_service.go

@@ -28,7 +28,7 @@ func (s *FederationService) InitiateOIDCLogin(ctx context.Context, providerID, l
 		return "", fmt.Errorf("failed to find provider: %w", err)
 	}
 
-	if provider == nil || provider.IssuerURL == nil || provider.ClientID == nil || provider.ClientSecret == nil || provider.Scopes == nil {
+	if provider == nil || provider.IssuerURL == nil || provider.OIDCClientID == nil || provider.OIDCClientSecret == nil || provider.Scopes == nil {
 		return "", fmt.Errorf("OIDC configuration for provider %s is incomplete", providerID)
 	}
 
@@ -38,8 +38,8 @@ func (s *FederationService) InitiateOIDCLogin(ctx context.Context, providerID, l
 	}
 
 	config := oauth2.Config{
-		ClientID:     *provider.ClientID,
-		ClientSecret: *provider.ClientSecret,
+		ClientID:     *provider.OIDCClientID,
+		ClientSecret: *provider.OIDCClientSecret,
 		Endpoint:     oidcProvider.Endpoint(),
 		RedirectURL:  "http://localhost:8080/api/v1/federation/oidc/callback", // This should be configurable
 		Scopes:       []string{*provider.Scopes},