From 787d7aa0f003974809c99ee23bfbfb5dc01ee456 Mon Sep 17 00:00:00 2001
From: chan <b24028@hanmaceng.co.kr>
Date: Wed, 11 Feb 2026 16:34:52 +0900
Subject: [PATCH] =?UTF-8?q?fix:=20SSO=20=EB=A1=9C=EA=B7=B8=EC=9D=B8=20?=
 =?UTF-8?q?=EB=A6=AC=EB=8B=A4=EC=9D=B4=EB=A0=89=EC=85=98=20=EB=A1=9C?=
 =?UTF-8?q?=EC=A7=81=EC=9D=98=20=EC=8B=A0=EB=A2=B0=EC=84=B1=20=EA=B0=95?=
 =?UTF-8?q?=ED=99=94=20=EB=B0=8F=20=ED=99=98=EA=B2=BD=EB=B3=80=EC=88=98=20?=
 =?UTF-8?q?=EC=84=A4=EC=A0=95=20=EB=B3=B4=EC=99=84=20#243?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 docker-compose.yaml                             |  2 ++
 .../core/services/web_auth_integration_web.dart |  6 +++++-
 .../auth/presentation/login_screen.dart         | 14 +++++++++-----
 userfront/lib/main.dart                         | 17 +++++++++++++----
 4 files changed, 29 insertions(+), 10 deletions(-)

diff --git a/docker-compose.yaml b/docker-compose.yaml
index 8fc9d634..3be0fe1f 100644
--- a/docker-compose.yaml
+++ b/docker-compose.yaml
@@ -56,6 +56,7 @@ services:
         environment:
             - APP_ENV=${APP_ENV:-development}
             - API_PROXY_TARGET=http://baron_backend:3000
+            - USERFRONT_URL=${USERFRONT_URL}
         ports:
             - "${ADMIN_PORT:-5173}:5173"
         volumes:
@@ -74,6 +75,7 @@ services:
         environment:
             - APP_ENV=${APP_ENV:-development}
             - API_PROXY_TARGET=http://baron_backend:3000
+            - USERFRONT_URL=${USERFRONT_URL}
         ports:
             - "${DEVFRONT_PORT:-5174}:5173"
         volumes:
diff --git a/userfront/lib/core/services/web_auth_integration_web.dart b/userfront/lib/core/services/web_auth_integration_web.dart
index 454ff920..9edbfc2f 100644
--- a/userfront/lib/core/services/web_auth_integration_web.dart
+++ b/userfront/lib/core/services/web_auth_integration_web.dart
@@ -51,5 +51,9 @@ bool implIsPopup() {
   
   // Fallback: Check query parameters for integration source
   final uri = Uri.base;
-  return uri.queryParameters['source'] == 'adminfront';
+  if (uri.queryParameters['source'] == 'adminfront') return true;
+
+  // Manual parse fallback for cases where Uri.base might miss params due to hash routing
+  final search = html.window.location.search;
+  return search.contains('source=adminfront');
 }
diff --git a/userfront/lib/features/auth/presentation/login_screen.dart b/userfront/lib/features/auth/presentation/login_screen.dart
index 4b9e3cbf..eccc033e 100644
--- a/userfront/lib/features/auth/presentation/login_screen.dart
+++ b/userfront/lib/features/auth/presentation/login_screen.dart
@@ -16,8 +16,9 @@ import '../../../core/services/web_window.dart';
 class LoginScreen extends ConsumerStatefulWidget {
   final String? verificationToken;
   final String? loginChallenge;
+  final String? redirectUrl;
 
-  const LoginScreen({super.key, this.verificationToken, this.loginChallenge});
+  const LoginScreen({super.key, this.verificationToken, this.loginChallenge, this.redirectUrl});
 
   @override
   ConsumerState<LoginScreen> createState() => _LoginScreenState();
@@ -75,14 +76,17 @@ class _LoginScreenState extends ConsumerState<LoginScreen>
     _tabController = TabController(length: 3, vsync: this, initialIndex: 1);
     _tabController.addListener(_handleTabSelection);
     _drySendEnabled = _parseBoolParam(Uri.base.queryParameters['drySend']) && !AuthProxyService.isProdEnv;
+    _redirectUrl = widget.redirectUrl;
 
     WidgetsBinding.instance.addPostFrameCallback((_) async {
       final uri = Uri.base;
       
-      if (uri.queryParameters.containsKey('redirect_url')) {
-        _redirectUrl = uri.queryParameters['redirect_url'];
-      } else if (uri.queryParameters.containsKey('redirect_uri')) {
-        _redirectUrl = uri.queryParameters['redirect_uri'];
+      if (_redirectUrl == null) {
+        if (uri.queryParameters.containsKey('redirect_url')) {
+          _redirectUrl = uri.queryParameters['redirect_url'];
+        } else if (uri.queryParameters.containsKey('redirect_uri')) {
+          _redirectUrl = uri.queryParameters['redirect_uri'];
+        }
       }
 
       _loginChallenge = widget.loginChallenge ?? uri.queryParameters['login_challenge'];
diff --git a/userfront/lib/main.dart b/userfront/lib/main.dart
index 5c94c1b1..424149e3 100644
--- a/userfront/lib/main.dart
+++ b/userfront/lib/main.dart
@@ -94,15 +94,24 @@ final _router = GoRouter(
       path: '/signin',
       builder: (context, state) {
         final loginChallenge = state.uri.queryParameters['login_challenge'];
-        _routerLogger.info("Navigating to /signin with login_challenge: $loginChallenge");
-        return LoginScreen(key: state.pageKey, loginChallenge: loginChallenge);
+        final redirectUrl = state.uri.queryParameters['redirect_uri'] ?? state.uri.queryParameters['redirect_url'];
+        _routerLogger.info("Navigating to /signin with login_challenge: $loginChallenge, redirect: $redirectUrl");
+        return LoginScreen(
+          key: state.pageKey, 
+          loginChallenge: loginChallenge,
+          redirectUrl: redirectUrl,
+        );
       },
     ),
     GoRoute(
       path: '/login',
       builder: (context, state) {
-        _routerLogger.info("Navigating to /login");
-        return LoginScreen(key: state.pageKey);
+        final redirectUrl = state.uri.queryParameters['redirect_uri'] ?? state.uri.queryParameters['redirect_url'];
+        _routerLogger.info("Navigating to /login, redirect: $redirectUrl");
+        return LoginScreen(
+          key: state.pageKey,
+          redirectUrl: redirectUrl,
+        );
       },
     ),
     GoRoute(