From 763c04398e507ab2ac34549d98fefd4af433bbfd Mon Sep 17 00:00:00 2001
From: kyy <b24053@hanmaceng.co.kr>
Date: Tue, 7 Apr 2026 10:32:36 +0900
Subject: [PATCH] =?UTF-8?q?=EC=A0=91=EC=86=8D=EC=9D=B4=EB=A0=A5=20OIDC=20?=
 =?UTF-8?q?=EC=A0=91=EC=86=8D=20=EB=A1=9C=EA=B7=B8=20=EB=88=84=EB=9D=BD=20?=
 =?UTF-8?q?=EC=88=98=EC=A0=95?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 backend/internal/handler/auth_handler.go | 102 ++++++++++++++++-------
 1 file changed, 73 insertions(+), 29 deletions(-)

diff --git a/backend/internal/handler/auth_handler.go b/backend/internal/handler/auth_handler.go
index 28259b32..f26e8683 100644
--- a/backend/internal/handler/auth_handler.go
+++ b/backend/internal/handler/auth_handler.go
@@ -4246,11 +4246,10 @@ func (h *AuthHandler) GetAuthTimeline(c *fiber.Ctx) error {
 					continue
 				}
 				consent, ok := consentMap[clientID]
-				if !ok {
-					continue
-				}
-				if !consent.ConsentAt.IsZero() && log.Timestamp.Before(consent.ConsentAt) {
-					continue
+				if ok {
+					if !consent.ConsentAt.IsZero() && log.Timestamp.Before(consent.ConsentAt) {
+						continue
+					}
 				}
 				oathkeeperLogs = append(oathkeeperLogs, log)
 				if len(oathkeeperLogs) >= fetchLimit {
@@ -4299,36 +4298,75 @@ func (h *AuthHandler) GetAuthTimeline(c *fiber.Ctx) error {
 		return info, true
 	}
 
+	clientCache := make(map[string]loginClientInfo)
+	resolveClientByID := func(cid string) (loginClientInfo, bool) {
+		cid = strings.TrimSpace(cid)
+		if cid == "" || h.Hydra == nil {
+			return loginClientInfo{}, false
+		}
+		if cached, ok := clientCache[cid]; ok {
+			return cached, cached.ClientID != ""
+		}
+		client, err := h.Hydra.GetClient(c.Context(), cid)
+		if err != nil || client == nil {
+			clientCache[cid] = loginClientInfo{}
+			return loginClientInfo{}, false
+		}
+		name := strings.TrimSpace(client.ClientName)
+		if name == "" {
+			name = cid
+		}
+		info := loginClientInfo{
+			ClientID: cid,
+			Name:     name,
+		}
+		clientCache[cid] = info
+		return info, true
+	}
+
 	items := make([]authTimelineItem, 0, len(authLogs)+len(oathkeeperLogs))
 	for i := range authLogs {
 		log := authLogs[i]
 		appName := "Baron 로그인"
 		clientID := ""
 		path := strings.ToLower(extractAuditPath(log))
-		if strings.Contains(path, "/api/v1/auth/oidc/login/accept") {
-			appName = "OIDC 로그인"
-			// 우선 audit details의 client 정보를 사용하고, 없으면 Hydra 조회로 보강
-			if details, err := utils.ParseAuditDetails(log.Details); err == nil && details != nil {
-				if name, ok := details["client_name"].(string); ok && strings.TrimSpace(name) != "" {
-					appName = strings.TrimSpace(name)
-				}
-				if cid, ok := details["client_id"].(string); ok && strings.TrimSpace(cid) != "" {
-					clientID = strings.TrimSpace(cid)
-					if appName == "OIDC 로그인" {
-						appName = clientID
-					}
-				}
+		
+		isOidcAccept := strings.Contains(path, "/api/v1/auth/oidc/login/accept")
+		isPasswordLogin := strings.Contains(path, "/api/v1/auth/password/login")
+		
+		// 우선 audit details의 client 정보를 사용
+		if details, err := utils.ParseAuditDetails(log.Details); err == nil && details != nil {
+			if cid, ok := details["client_id"].(string); ok && strings.TrimSpace(cid) != "" {
+				clientID = strings.TrimSpace(cid)
 			}
-			if appName == "OIDC 로그인" {
-				loginChallenge := extractLoginChallengeFromAuditDetails(log.Details)
-				if loginChallenge != "" {
-					if info, ok := resolveLoginClient(loginChallenge); ok {
-						appName = info.Name
-						clientID = info.ClientID
-					}
+			if name, ok := details["client_name"].(string); ok && strings.TrimSpace(name) != "" {
+				appName = strings.TrimSpace(name)
+			}
+		}
+		
+		// 기본값이거나 클라이언트 ID인 경우 Hydra 조회로 보강
+		if appName == "Baron 로그인" || appName == "" {
+			if isOidcAccept {
+				appName = "OIDC 로그인"
+			}
+			if clientID != "" {
+				appName = clientID
+				if info, ok := resolveClientByID(clientID); ok {
+					appName = info.Name
 				}
 			}
 		}
+
+		if (isOidcAccept || isPasswordLogin) && (appName == "OIDC 로그인" || appName == "Baron 로그인" || appName == clientID) {
+			loginChallenge := extractLoginChallengeFromAuditDetails(log.Details)
+			if loginChallenge != "" {
+				if info, ok := resolveLoginClient(loginChallenge); ok {
+					appName = info.Name
+					clientID = info.ClientID
+				}
+			}
+		}
+
 		item := authTimelineItem{
 			EventID:    log.EventID,
 			Timestamp:  log.Timestamp,
@@ -4353,11 +4391,17 @@ func (h *AuthHandler) GetAuthTimeline(c *fiber.Ctx) error {
 		if clientID == "" {
 			continue
 		}
-		consent := consentMap[clientID]
-		appName := consent.Name
-		if appName == "" {
-			appName = clientID
+		
+		appName := clientID
+		if consent, ok := consentMap[clientID]; ok {
+			appName = consent.Name
 		}
+		if appName == "" || appName == clientID {
+			if info, ok := resolveClientByID(clientID); ok {
+				appName = info.Name
+			}
+		}
+
 		details := map[string]any{
 			"path":        log.Path,
 			"client_id":   clientID,