forked from baron/baron-sso
OIDC 인증 로직 수정 및 백엔드 라우팅 오류 해결
This commit is contained in:
@@ -36,6 +36,15 @@ type HydraClient struct {
|
||||
Metadata map[string]interface{} `json:"metadata,omitempty"`
|
||||
}
|
||||
|
||||
type HydraConsentRequest struct {
|
||||
Challenge string `json:"challenge"`
|
||||
RequestedScope []string `json:"requested_scope"`
|
||||
RequestedAudience []string `json:"requested_access_token_audience"`
|
||||
Skip bool `json:"skip"`
|
||||
Subject string `json:"subject"`
|
||||
Client HydraClient `json:"client"`
|
||||
}
|
||||
|
||||
type HydraConsentSession struct {
|
||||
Subject string `json:"subject"`
|
||||
GrantedScope []string `json:"granted_scope"`
|
||||
@@ -347,3 +356,134 @@ func (s *HydraAdminService) buildURLWithParams(path string, params map[string]st
|
||||
u.RawQuery = q.Encode()
|
||||
return u.String(), nil
|
||||
}
|
||||
|
||||
type AcceptLoginRequestResponse struct {
|
||||
RedirectTo string `json:"redirectTo"`
|
||||
}
|
||||
|
||||
type AcceptConsentRequestResponse struct {
|
||||
RedirectTo string `json:"redirectTo"`
|
||||
}
|
||||
|
||||
func (s *HydraAdminService) GetConsentRequest(ctx context.Context, challenge string) (*HydraConsentRequest, error) {
|
||||
params := map[string]string{
|
||||
"consent_challenge": challenge,
|
||||
}
|
||||
endpoint, err := s.buildURLWithParams("/oauth2/auth/requests/consent", params)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
req, err := http.NewRequestWithContext(ctx, http.MethodGet, endpoint, nil)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("hydra admin: create request for get consent failed: %w", err)
|
||||
}
|
||||
|
||||
resp, err := s.httpClient().Do(req)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("hydra admin: get consent request failed: %w", err)
|
||||
}
|
||||
defer resp.Body.Close()
|
||||
|
||||
body, _ := io.ReadAll(resp.Body)
|
||||
if resp.StatusCode != http.StatusOK {
|
||||
return nil, fmt.Errorf("hydra admin: get consent failed status=%d body=%s", resp.StatusCode, string(body))
|
||||
}
|
||||
|
||||
var consentReq HydraConsentRequest
|
||||
if err := json.Unmarshal(body, &consentReq); err != nil {
|
||||
return nil, fmt.Errorf("hydra admin: decode get consent response failed: %w", err)
|
||||
}
|
||||
|
||||
return &consentReq, nil
|
||||
}
|
||||
|
||||
func (s *HydraAdminService) AcceptConsentRequest(ctx context.Context, challenge string, grantInfo *HydraConsentRequest) (*AcceptConsentRequestResponse, error) {
|
||||
params := map[string]string{
|
||||
"consent_challenge": challenge,
|
||||
}
|
||||
endpoint, err := s.buildURLWithParams("/oauth2/auth/requests/consent/accept", params)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
payload := map[string]interface{}{
|
||||
"grant_scope": grantInfo.RequestedScope,
|
||||
"grant_audience": grantInfo.RequestedAudience,
|
||||
"remember": true,
|
||||
"remember_for": 3600,
|
||||
}
|
||||
body, _ := json.Marshal(payload)
|
||||
|
||||
req, err := http.NewRequestWithContext(ctx, "PUT", endpoint, bytes.NewReader(body))
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("hydra admin: create request for accept consent failed: %w", err)
|
||||
}
|
||||
req.Header.Set("Content-Type", "application/json")
|
||||
|
||||
resp, err := s.httpClient().Do(req)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("hydra admin: accept consent request failed: %w", err)
|
||||
}
|
||||
defer resp.Body.Close()
|
||||
|
||||
respBody, _ := io.ReadAll(resp.Body)
|
||||
if resp.StatusCode != http.StatusOK {
|
||||
return nil, fmt.Errorf("hydra admin: accept consent failed status=%d body=%s", resp.StatusCode, string(respBody))
|
||||
}
|
||||
|
||||
// Hydra 응답(redirect_to)을 읽어서 우리 응답(redirectTo)으로 변환
|
||||
var hydraResp struct {
|
||||
RedirectTo string `json:"redirect_to"`
|
||||
}
|
||||
if err := json.Unmarshal(respBody, &hydraResp); err != nil {
|
||||
return nil, fmt.Errorf("hydra admin: decode accept consent response failed: %w", err)
|
||||
}
|
||||
|
||||
return &AcceptConsentRequestResponse{RedirectTo: hydraResp.RedirectTo}, nil
|
||||
}
|
||||
|
||||
|
||||
func (s *HydraAdminService) AcceptLoginRequest(ctx context.Context, challenge string, subject string) (*AcceptLoginRequestResponse, error) {
|
||||
params := map[string]string{
|
||||
"login_challenge": challenge,
|
||||
}
|
||||
endpoint, err := s.buildURLWithParams("/oauth2/auth/requests/login/accept", params)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
payload := map[string]interface{}{
|
||||
"subject": subject,
|
||||
"remember": true,
|
||||
"remember_for": 3600,
|
||||
}
|
||||
body, _ := json.Marshal(payload)
|
||||
|
||||
req, err := http.NewRequestWithContext(ctx, "PUT", endpoint, bytes.NewReader(body))
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("hydra admin: create request for accept login failed: %w", err)
|
||||
}
|
||||
req.Header.Set("Content-Type", "application/json")
|
||||
|
||||
resp, err := s.httpClient().Do(req)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("hydra admin: accept login request failed: %w", err)
|
||||
}
|
||||
defer resp.Body.Close()
|
||||
|
||||
respBody, _ := io.ReadAll(resp.Body)
|
||||
if resp.StatusCode != http.StatusOK {
|
||||
return nil, fmt.Errorf("hydra admin: accept login failed status=%d body=%s", resp.StatusCode, string(respBody))
|
||||
}
|
||||
|
||||
// Hydra 응답(redirect_to)을 읽어서 우리 응답(redirectTo)으로 변환
|
||||
var hydraResp struct {
|
||||
RedirectTo string `json:"redirect_to"`
|
||||
}
|
||||
if err := json.Unmarshal(respBody, &hydraResp); err != nil {
|
||||
return nil, fmt.Errorf("hydra admin: decode accept login response failed: %w", err)
|
||||
}
|
||||
|
||||
return &AcceptLoginRequestResponse{RedirectTo: hydraResp.RedirectTo}, nil
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user