kevin/baron-sso
1
0
Fork 0
forked from baron/baron-sso
Code Pull Requests Activity

headless login으로 리펙토링

Browse Source
This commit is contained in:
Lectom C Han
2026-04-01 10:50:31 +09:00
parent d9b0ec410c
commit 94362bf8eb
15 changed files with 276 additions and 127 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
backend/internal/domain/hydra_models.go
View File

@@ -27,8 +27,8 @@ type HydraClient struct {
Metadata map[string]interface{} `json:"metadata,omitempty"`
}
func (c *HydraClient) IsTrustedRP() bool {
// A Trusted RP must have a public key registered (URI or Inline)
func (c *HydraClient) SupportsHeadlessLogin() bool {
// A headless login client must have a public key registered (URI or Inline)
// and use private_key_jwt for token endpoint authentication.
hasPublicKey := c.HeadlessJWKSURI() != "" || c.HeadlessJWKS() != nil
isPrivateKeyJwt := c.HeadlessTokenEndpointAuthMethod() == "private_key_jwt"
@@ -67,7 +67,7 @@ func (c *HydraClient) HeadlessJWKS() interface{} {
}
func (c *HydraClient) IsHeadlessLoginEnabled() bool {
if !c.IsTrustedRP() {
if !c.SupportsHeadlessLogin() {
return false
}
if c.Metadata == nil {

26
backend/internal/domain/hydra_models_test.go
View File

@@ -2,8 +2,8 @@ package domain
import "testing"
func TestHydraClient_TrustedRPFlags(t *testing.T) {
t.Run("metadata-backed headless trusted rp is supported", func(t *testing.T) {
func TestHydraClient_HeadlessLoginFlags(t *testing.T) {
t.Run("metadata-backed headless login client is supported", func(t *testing.T) {
client := HydraClient{
TokenEndpointAuthMethod: "none",
Metadata: map[string]any{
@@ -17,8 +17,8 @@ func TestHydraClient_TrustedRPFlags(t *testing.T) {
},
}
if !client.IsTrustedRP() {
t.Fatalf("expected metadata-backed trusted rp")
if !client.SupportsHeadlessLogin() {
t.Fatalf("expected metadata-backed headless login client")
}
if !client.IsHeadlessLoginEnabled() {
t.Fatalf("expected metadata-backed headless login enabled")
@@ -38,15 +38,15 @@ func TestHydraClient_TrustedRPFlags(t *testing.T) {
},
}
if !client.IsTrustedRP() {
t.Fatalf("expected trusted rp")
if !client.SupportsHeadlessLogin() {
t.Fatalf("expected headless login client")
}
if !client.IsHeadlessLoginEnabled() {
t.Fatalf("expected headless login enabled")
}
})
t.Run("jwks uri without private_key_jwt is not trusted", func(t *testing.T) {
t.Run("jwks uri without private_key_jwt does not support headless login", func(t *testing.T) {
client := HydraClient{
TokenEndpointAuthMethod: "none",
JWKSUri: "https://rp.example.com/.well-known/jwks.json",
@@ -55,15 +55,15 @@ func TestHydraClient_TrustedRPFlags(t *testing.T) {
},
}
if client.IsTrustedRP() {
t.Fatalf("expected untrusted rp")
if client.SupportsHeadlessLogin() {
t.Fatalf("expected headless login prerequisites to be missing")
}
if client.IsHeadlessLoginEnabled() {
t.Fatalf("expected headless login disabled when client is not trusted")
t.Fatalf("expected headless login disabled when prerequisites are missing")
}
})
t.Run("trusted rp without boolean metadata flag is not headless enabled", func(t *testing.T) {
t.Run("headless login client without boolean metadata flag is not enabled", func(t *testing.T) {
client := HydraClient{
TokenEndpointAuthMethod: "private_key_jwt",
JWKSUri: "https://rp.example.com/.well-known/jwks.json",
@@ -72,8 +72,8 @@ func TestHydraClient_TrustedRPFlags(t *testing.T) {
},
}
if !client.IsTrustedRP() {
t.Fatalf("expected trusted rp")
if !client.SupportsHeadlessLogin() {
t.Fatalf("expected headless login client")
}
if client.IsHeadlessLoginEnabled() {
t.Fatalf("expected headless login disabled for non-bool metadata")