kevin/baron-sso
1
0
Fork 0
forked from baron/baron-sso
Code Pull Requests Activity

RP 테넌트 접근 정책 변경 시 기존 consent 자동 폐기

Browse Source
This commit is contained in:
김용연
2026-04-24 17:59:54 +09:00
parent b9232687b5
commit 3f85f6cfe3
8 changed files with 500 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
backend/internal/handler/auth_handler.go
View File

@@ -5120,6 +5120,7 @@ func (h *AuthHandler) GetConsentRequest(c *fiber.Ctx) error {
slog.Error("failed to get hydra consent request", "error", err)
return fiber.NewError(fiber.StatusInternalServerError, "Failed to get consent information")
}
consentRequest.RequestedScope = mergeRequestedScopesWithClientRequirements(consentRequest.Client, consentRequest.RequestedScope)
// [DEBUG] Hydra 응답 상세 로깅
slog.Info("GetConsentRequest Debug",
@@ -5323,6 +5324,7 @@ func (h *AuthHandler) AcceptConsentRequest(c *fiber.Ctx) error {
slog.Error("failed to get hydra consent request before accepting", "error", err)
return fiber.NewError(fiber.StatusInternalServerError, "Failed to get consent information")
}
consentRequest.RequestedScope = mergeRequestedScopesWithClientRequirements(consentRequest.Client, consentRequest.RequestedScope)
// 2. 스코프 필터링 (사용자가 선택한 것만 허용)
if len(req.GrantScope) > 0 {
@@ -5339,6 +5341,7 @@ func (h *AuthHandler) AcceptConsentRequest(c *fiber.Ctx) error {
}
consentRequest.RequestedScope = filteredScopes
}
consentRequest.RequestedScope = mergeRequestedScopesWithClientRequirements(consentRequest.Client, consentRequest.RequestedScope)
profile, err := h.resolveCurrentProfile(c)
if err == nil && profile != nil {