forked from baron/baron-sso
OIDC 인증 로직 수정 및 백엔드 라우팅 오류 해결
This commit is contained in:
@@ -1266,8 +1266,9 @@ func (h *AuthHandler) PasswordLogin(c *fiber.Ctx) error {
|
||||
ale.Operation = "Auth.Password().SignIn"
|
||||
|
||||
var req struct {
|
||||
LoginID string `json:"loginId"`
|
||||
Password string `json:"password"`
|
||||
LoginID string `json:"loginId"`
|
||||
Password string `json:"password"`
|
||||
LoginChallenge string `json:"login_challenge,omitempty"`
|
||||
}
|
||||
|
||||
if err := c.BodyParser(&req); err != nil {
|
||||
@@ -1314,6 +1315,21 @@ func (h *AuthHandler) PasswordLogin(c *fiber.Ctx) error {
|
||||
setSessionIDLocal(c, authInfo.SessionToken)
|
||||
ale.Log(slog.LevelInfo, "Login successful", slog.String("provider", h.IdpProvider.Name()), slog.String("subject", authInfo.Subject))
|
||||
|
||||
// --- OIDC 로그인 흐름 처리 ---
|
||||
if req.LoginChallenge != "" {
|
||||
slog.Info("OIDC login flow detected", "challenge", req.LoginChallenge)
|
||||
acceptResp, err := h.Hydra.AcceptLoginRequest(c.Context(), req.LoginChallenge, authInfo.Subject)
|
||||
if err != nil {
|
||||
slog.Error("failed to accept hydra login request", "error", err)
|
||||
return fiber.NewError(fiber.StatusInternalServerError, "Failed to accept OIDC login request")
|
||||
}
|
||||
slog.Info("Hydra login request accepted", "redirectTo", acceptResp.RedirectTo)
|
||||
return c.JSON(fiber.Map{
|
||||
"redirectTo": acceptResp.RedirectTo,
|
||||
})
|
||||
}
|
||||
// --- OIDC 로그인 흐름 처리 끝 ---
|
||||
|
||||
resp := fiber.Map{
|
||||
"sessionJwt": authInfo.SessionToken.JWT,
|
||||
"status": "ok",
|
||||
@@ -2897,6 +2913,48 @@ func (h *AuthHandler) ListLinkedRps(c *fiber.Ctx) error {
|
||||
return c.JSON(linkedRpListResponse{Items: items})
|
||||
}
|
||||
|
||||
func (h *AuthHandler) GetConsentRequest(c *fiber.Ctx) error {
|
||||
challenge := c.Query("consent_challenge")
|
||||
if challenge == "" {
|
||||
return fiber.NewError(fiber.StatusBadRequest, "consent_challenge is required")
|
||||
}
|
||||
|
||||
consentRequest, err := h.Hydra.GetConsentRequest(c.Context(), challenge)
|
||||
if err != nil {
|
||||
slog.Error("failed to get hydra consent request", "error", err)
|
||||
return fiber.NewError(fiber.StatusInternalServerError, "Failed to get consent information")
|
||||
}
|
||||
|
||||
return c.JSON(consentRequest)
|
||||
}
|
||||
|
||||
func (h *AuthHandler) AcceptConsentRequest(c *fiber.Ctx) error {
|
||||
var req struct {
|
||||
ConsentChallenge string `json:"consent_challenge"`
|
||||
}
|
||||
if err := c.BodyParser(&req); err != nil {
|
||||
return fiber.NewError(fiber.StatusBadRequest, "Invalid request body")
|
||||
}
|
||||
if req.ConsentChallenge == "" {
|
||||
return fiber.NewError(fiber.StatusBadRequest, "consent_challenge is required")
|
||||
}
|
||||
|
||||
consentRequest, err := h.Hydra.GetConsentRequest(c.Context(), req.ConsentChallenge)
|
||||
if err != nil {
|
||||
slog.Error("failed to get hydra consent request before accepting", "error", err)
|
||||
return fiber.NewError(fiber.StatusInternalServerError, "Failed to get consent information")
|
||||
}
|
||||
|
||||
acceptResp, err := h.Hydra.AcceptConsentRequest(c.Context(), req.ConsentChallenge, consentRequest)
|
||||
if err != nil {
|
||||
slog.Error("failed to accept hydra consent request", "error", err)
|
||||
return fiber.NewError(fiber.StatusInternalServerError, "Failed to accept consent request")
|
||||
}
|
||||
|
||||
return c.JSON(acceptResp)
|
||||
}
|
||||
|
||||
|
||||
func (h *AuthHandler) resolveCurrentProfile(c *fiber.Ctx) (*domain.UserProfileResponse, error) {
|
||||
token := h.getBearerToken(c)
|
||||
if token != "" {
|
||||
|
||||
Reference in New Issue
Block a user