비밀번호 변경 중간 저장2

2026-01-26 20:29:35 +09:00
parent d922de5df6
commit 739da39a61
19 changed files with 1668 additions and 164 deletions
--- a/backend/internal/service/descope_service.go
+++ b/backend/internal/service/descope_service.go
@@ -2,13 +2,20 @@ package service

 import (
 	"baron-sso-backend/internal/domain"
+	"context"
+	"fmt"
 	"log/slog"
+	"net/http"
+	"os"
+	"time"

+	"github.com/descope/go-sdk/descope"
 	"github.com/descope/go-sdk/descope/client"
 )

 type DescopeProvider struct {
 	Client       *client.DescopeClient
+	FrontendURL  string
 	fieldMapping map[string]string // Key: Broker Field Name, Value: Descope Attribute Key
 }

@@ -36,6 +43,7 @@ func NewDescopeProvider(projectID, managementKey string) *DescopeProvider {

 	return &DescopeProvider{
 		Client:       descopeClient,
+		FrontendURL:  os.Getenv("FRONTEND_URL"),
 		fieldMapping: mapping,
 	}
 }
@@ -60,3 +68,56 @@ func (d *DescopeProvider) GetMetadata() (*domain.IDPMetadata, error) {
 		SupportedFields: supported,
 	}, nil
 }
+
+func (d *DescopeProvider) InitiatePasswordReset(loginID, redirectUrl string) error {
+    ctx := context.Background()
+    err := d.Client.Auth.Password().SendPasswordReset(ctx, loginID, redirectUrl, nil)
+    if err != nil {
+        slog.Error("Descope SendPasswordReset failed (raw)",
+            "loginID", loginID,
+            "redirectUrl", redirectUrl,
+            "err", err,
+            "err_type", fmt.Sprintf("%T", err),
+        )
+
+        if de, ok := err.(*descope.Error); ok {
+            status := de.Info[descope.ErrorInfoKeys.HTTPResponseStatusCode] // "Status-Code"
+            slog.Error("Descope error details",
+                "code", de.Code,
+                "description", de.Description,
+                "message", de.Message,
+                "status_code", status,
+                "info", de.Info,
+            )
+        }
+    }
+    return err
+}
+
+func (d *DescopeProvider) VerifyPasswordResetToken(token string) (*domain.AuthInfo, error) {
+	ctx := context.Background()
+	authInfo, err := d.Client.Auth.MagicLink().Verify(ctx, token, nil)
+	if err != nil {
+		return nil, err
+	}
+
+	res := &domain.AuthInfo{
+		SessionToken: &domain.Token{
+			JWT:        authInfo.SessionToken.JWT,
+			Expiration: time.Unix(authInfo.SessionToken.Expiration, 0),
+		},
+	}
+	if authInfo.RefreshToken != nil {
+		res.RefreshToken = &domain.Token{
+			JWT:        authInfo.RefreshToken.JWT,
+			Expiration: time.Unix(authInfo.RefreshToken.Expiration, 0),
+		}
+	}
+
+	return res, nil
+}
+
+func (d *DescopeProvider) UpdateUserPassword(loginID, newPassword string, r *http.Request) error {
+	ctx := context.Background()
+	return d.Client.Auth.Password().UpdateUserPassword(ctx, loginID, newPassword, r)
+}