Merge branch 'dev' into feature/i18n

devfront/src/lib/apiClient.ts

@@ -1,4 +1,5 @@
 import axios from "axios";
+import { userManager } from "./auth";
 
 const apiClient = axios.create({
   baseURL:
@@ -7,15 +8,15 @@ const apiClient = axios.create({
     "/api/v1",
 });
 
-apiClient.interceptors.request.use((config) => {
-  // TODO: IdP 중립 Auth 레이어 연동 시 세션 토큰을 주입한다.
-  const sessionToken = window.localStorage.getItem("admin_session");
-  if (sessionToken) {
-    config.headers.Authorization = `Bearer ${sessionToken}`;
+apiClient.interceptors.request.use(async (config) => {
+  // OIDC Access Token 주입
+  const user = await userManager.getUser();
+  if (user?.access_token) {
+    config.headers.Authorization = `Bearer ${user.access_token}`;
   }
 
   // TODO: 테넌트 선택 값을 보관하고 헤더로 전달한다.
-  const tenantId = window.localStorage.getItem("admin_tenant");
+  const tenantId = window.localStorage.getItem("dev_tenant_id"); // 키 이름을 좀 더 명확하게 변경 고려
   if (tenantId) {
     config.headers["X-Tenant-ID"] = tenantId;
   }
@@ -26,7 +27,13 @@ apiClient.interceptors.request.use((config) => {
 apiClient.interceptors.response.use(
   (response) => response,
   (error) => {
-    // TODO: 401/403 응답 시 로그인/재인증 플로우로 리다이렉션한다.
+    if (error.response?.status === 401) {
+      // 401 발생 시 로그인 페이지로 리다이렉트
+      const isAuthPath = window.location.pathname.startsWith("/callback");
+      if (!isAuthPath) {
+        userManager.signinRedirect();
+      }
+    }
     return Promise.reject(error);
   },
 );

devfront/src/lib/auth.ts

@@ -0,0 +1,20 @@
+import { UserManager, WebStorageStateStore } from "oidc-client-ts";
+import type { AuthProviderProps } from "react-oidc-context";
+
+export const oidcConfig: AuthProviderProps = {
+  authority: import.meta.env.VITE_OIDC_AUTHORITY || "http://localhost:5000/oidc", // Gateway Proxy URL
+  client_id: import.meta.env.VITE_OIDC_CLIENT_ID || "devfront-client",
+  redirect_uri: `${window.location.origin}/callback`,
+  response_type: "code",
+  scope: "openid offline_access profile email", // offline_access for refresh token
+  post_logout_redirect_uri: window.location.origin,
+  userStore: new WebStorageStateStore({ store: window.localStorage }),
+  automaticSilentRenew: true,
+};
+
+export const userManager = new UserManager({
+  ...oidcConfig,
+  authority: oidcConfig.authority || "",
+  client_id: oidcConfig.client_id || "",
+  redirect_uri: oidcConfig.redirect_uri || "",
+});

devfront/src/lib/devApi.ts

@@ -9,6 +9,7 @@ export type ClientSummary = {
   type: ClientType;
   status: ClientStatus;
   createdAt?: string;
+  clientSecret?: string;
   redirectUris: string[];
   scopes: string[];
 };