1
0
forked from baron/baron-sso

OIDC 인증 로직 수정 및 백엔드 라우팅 오류 해결

This commit is contained in:
2026-02-02 14:44:33 +09:00
parent fa1f37dc90
commit 849424f030
3 changed files with 204 additions and 2 deletions

View File

@@ -36,6 +36,15 @@ type HydraClient struct {
Metadata map[string]interface{} `json:"metadata,omitempty"`
}
type HydraConsentRequest struct {
Challenge string `json:"challenge"`
RequestedScope []string `json:"requested_scope"`
RequestedAudience []string `json:"requested_access_token_audience"`
Skip bool `json:"skip"`
Subject string `json:"subject"`
Client HydraClient `json:"client"`
}
type HydraConsentSession struct {
Subject string `json:"subject"`
GrantedScope []string `json:"granted_scope"`
@@ -347,3 +356,134 @@ func (s *HydraAdminService) buildURLWithParams(path string, params map[string]st
u.RawQuery = q.Encode()
return u.String(), nil
}
type AcceptLoginRequestResponse struct {
RedirectTo string `json:"redirectTo"`
}
type AcceptConsentRequestResponse struct {
RedirectTo string `json:"redirectTo"`
}
func (s *HydraAdminService) GetConsentRequest(ctx context.Context, challenge string) (*HydraConsentRequest, error) {
params := map[string]string{
"consent_challenge": challenge,
}
endpoint, err := s.buildURLWithParams("/oauth2/auth/requests/consent", params)
if err != nil {
return nil, err
}
req, err := http.NewRequestWithContext(ctx, http.MethodGet, endpoint, nil)
if err != nil {
return nil, fmt.Errorf("hydra admin: create request for get consent failed: %w", err)
}
resp, err := s.httpClient().Do(req)
if err != nil {
return nil, fmt.Errorf("hydra admin: get consent request failed: %w", err)
}
defer resp.Body.Close()
body, _ := io.ReadAll(resp.Body)
if resp.StatusCode != http.StatusOK {
return nil, fmt.Errorf("hydra admin: get consent failed status=%d body=%s", resp.StatusCode, string(body))
}
var consentReq HydraConsentRequest
if err := json.Unmarshal(body, &consentReq); err != nil {
return nil, fmt.Errorf("hydra admin: decode get consent response failed: %w", err)
}
return &consentReq, nil
}
func (s *HydraAdminService) AcceptConsentRequest(ctx context.Context, challenge string, grantInfo *HydraConsentRequest) (*AcceptConsentRequestResponse, error) {
params := map[string]string{
"consent_challenge": challenge,
}
endpoint, err := s.buildURLWithParams("/oauth2/auth/requests/consent/accept", params)
if err != nil {
return nil, err
}
payload := map[string]interface{}{
"grant_scope": grantInfo.RequestedScope,
"grant_audience": grantInfo.RequestedAudience,
"remember": true,
"remember_for": 3600,
}
body, _ := json.Marshal(payload)
req, err := http.NewRequestWithContext(ctx, "PUT", endpoint, bytes.NewReader(body))
if err != nil {
return nil, fmt.Errorf("hydra admin: create request for accept consent failed: %w", err)
}
req.Header.Set("Content-Type", "application/json")
resp, err := s.httpClient().Do(req)
if err != nil {
return nil, fmt.Errorf("hydra admin: accept consent request failed: %w", err)
}
defer resp.Body.Close()
respBody, _ := io.ReadAll(resp.Body)
if resp.StatusCode != http.StatusOK {
return nil, fmt.Errorf("hydra admin: accept consent failed status=%d body=%s", resp.StatusCode, string(respBody))
}
// Hydra 응답(redirect_to)을 읽어서 우리 응답(redirectTo)으로 변환
var hydraResp struct {
RedirectTo string `json:"redirect_to"`
}
if err := json.Unmarshal(respBody, &hydraResp); err != nil {
return nil, fmt.Errorf("hydra admin: decode accept consent response failed: %w", err)
}
return &AcceptConsentRequestResponse{RedirectTo: hydraResp.RedirectTo}, nil
}
func (s *HydraAdminService) AcceptLoginRequest(ctx context.Context, challenge string, subject string) (*AcceptLoginRequestResponse, error) {
params := map[string]string{
"login_challenge": challenge,
}
endpoint, err := s.buildURLWithParams("/oauth2/auth/requests/login/accept", params)
if err != nil {
return nil, err
}
payload := map[string]interface{}{
"subject": subject,
"remember": true,
"remember_for": 3600,
}
body, _ := json.Marshal(payload)
req, err := http.NewRequestWithContext(ctx, "PUT", endpoint, bytes.NewReader(body))
if err != nil {
return nil, fmt.Errorf("hydra admin: create request for accept login failed: %w", err)
}
req.Header.Set("Content-Type", "application/json")
resp, err := s.httpClient().Do(req)
if err != nil {
return nil, fmt.Errorf("hydra admin: accept login request failed: %w", err)
}
defer resp.Body.Close()
respBody, _ := io.ReadAll(resp.Body)
if resp.StatusCode != http.StatusOK {
return nil, fmt.Errorf("hydra admin: accept login failed status=%d body=%s", resp.StatusCode, string(respBody))
}
// Hydra 응답(redirect_to)을 읽어서 우리 응답(redirectTo)으로 변환
var hydraResp struct {
RedirectTo string `json:"redirect_to"`
}
if err := json.Unmarshal(respBody, &hydraResp); err != nil {
return nil, fmt.Errorf("hydra admin: decode accept login response failed: %w", err)
}
return &AcceptLoginRequestResponse{RedirectTo: hydraResp.RedirectTo}, nil
}