환경변수 descope관련 값 제거, 비밀번호 변경기능 규격 변경

2026-02-09 18:01:59 +09:00
parent 8e45422606
commit 9cdd89c1c1
8 changed files with 18 additions and 40 deletions
--- a/.env.sample
+++ b/.env.sample
@@ -38,11 +38,6 @@ AUDIT_QUEUE_SIZE=2000      # 감사 로그 대기열(채널) 버퍼 크기
 # Redis Cache Configuration
 PROFILE_CACHE_TTL=30m     # User Profile Redis 캐시 만료 시간

-# Descope Project ID (Required for Auth)
-DESCOPE_PROJECT_ID=P2t...your_descope_project_id
-DESCOPE_MANAGEMENT_KEY=your_descope_management_key_here
-DESCOPE_TEST_ACCOUNT=tester@baroncs.co.kr
-
 # --- Naver Cloud Services ---
 NAVER_CLOUD_ACCESS_KEY=ncp_iam_...
 NAVER_CLOUD_SECRET_KEY=ncp_iam_...
--- a/.gitea/workflows/production_release.yml
+++ b/.gitea/workflows/production_release.yml
@@ -109,8 +109,6 @@ jobs:
            "COOKIE_SECRET=${{ secrets.PROD_COOKIE_SECRET }}" \
            "JWT_SECRET=${{ secrets.PROD_JWT_SECRET }}" \
            "REDIS_ADDR=${{ vars.PROD_REDIS_ADDR }}" \
-            "DESCOPE_PROJECT_ID=${{ vars.DESCOPE_PROJECT_ID }}" \
-            "DESCOPE_MANAGEMENT_KEY=${{ secrets.DESCOPE_MANAGEMENT_KEY }}" \
            "NAVER_CLOUD_ACCESS_KEY=${{ vars.NAVER_CLOUD_ACCESS_KEY }}" \
            "NAVER_CLOUD_SECRET_KEY=${{ secrets.NAVER_CLOUD_SECRET_KEY }}" \
            "NAVER_CLOUD_SERVICE_ID=${{ vars.NAVER_CLOUD_SERVICE_ID }}" \
--- a/.gitea/workflows/staging_release.yml
+++ b/.gitea/workflows/staging_release.yml
@@ -75,8 +75,6 @@ jobs:
          AUDIT_WORKER_COUNT=5
          AUDIT_QUEUE_SIZE=2000
          PROFILE_CACHE_TTL=${{ vars.PROFILE_CACHE_TTL }}
-          DESCOPE_PROJECT_ID=${{ vars.DESCOPE_PROJECT_ID }}
-          DESCOPE_MANAGEMENT_KEY=${{ secrets.DESCOPE_MANAGEMENT_KEY }}
          DESCOPE_TEST_ACCOUNT=${{ vars.DESCOPE_TEST_ACCOUNT }}
          NAVER_CLOUD_ACCESS_KEY=${{ vars.NAVER_CLOUD_ACCESS_KEY }}
          NAVER_CLOUD_SECRET_KEY=${{ secrets.NAVER_CLOUD_SECRET_KEY }}
--- a/README.md
+++ b/README.md
@@ -155,13 +155,9 @@ Kratos가 사용자 SoT이며 Hydra는 순수 OIDC 토큰 엔진입니다. 비
   ```bash
   cp .env.sample .env
   ```
-2. **중요**: `.env` 파일을 열어 **Descope Project ID**를 입력해야 합니다.
-   ```env
-   DESCOPE_PROJECT_ID=P2t...
+2. **IDP 우선순위와 Ory 엔드포인트를 지정**합니다. 기본값은 Ory 입니다
   ```
-3. **IDP 우선순위와 Ory 엔드포인트를 지정**합니다. 기본값은 Ory 우선 + Descope 폴백입니다.
-   ```env
-   IDP_PROVIDER=ory,descope
+   IDP_PROVIDER=ory
   KRATOS_ADMIN_URL=http://kratos:4434
   HYDRA_ADMIN_URL=http://hydra:4445
   HYDRA_PUBLIC_URL=http://hydra:4444
--- a/README_en.md
+++ b/README_en.md
@@ -40,11 +40,8 @@ It leverages **Descope** for secure, passwordless authentication (Enchanted Link
   ```bash
   cp .env.sample .env
   ```
-2. **Crucial**: Edit `.env` and provide your **Descope Project ID**.
-   ```env
-   DESCOPE_PROJECT_ID=P2t...
-   ```
-3. Set the **IDP priority and Ory admin endpoints**. The default is Ory first with Descope as fallback.
+
+2. Set the **IDP priority and Ory admin endpoints**. The default is Ory first with Descope as fallback.
   ```env
   IDP_PROVIDER=ory,descope
   KRATOS_ADMIN_URL=http://kratos:4434
--- a/backend/internal/service/kratos_admin_service.go
+++ b/backend/internal/service/kratos_admin_service.go
@@ -163,22 +163,20 @@ func (s *KratosAdminService) UpdateIdentity(ctx context.Context, identityID stri
 }

 func (s *KratosAdminService) UpdateIdentityPassword(ctx context.Context, identityID, newPassword string) error {
-	payload := map[string]interface{}{
-		"credentials": map[string]interface{}{
-			"password": map[string]interface{}{
-				"config": map[string]string{
-					"password": newPassword,
-				},
-			},
+	patchOps := []map[string]interface{}{
+		{
+			"op":    "add",
+			"path":  "/credentials/password/config/password",
+			"value": newPassword,
 		},
 	}
-	body, _ := json.Marshal(payload)
+	body, _ := json.Marshal(patchOps)
 	endpoint := fmt.Sprintf("%s/admin/identities/%s", strings.TrimRight(s.AdminURL, "/"), identityID)
 	req, err := http.NewRequestWithContext(ctx, http.MethodPatch, endpoint, bytes.NewReader(body))
 	if err != nil {
 		return err
 	}
-	req.Header.Set("Content-Type", "application/json")
+	req.Header.Set("Content-Type", "application/json-patch+json")

 	resp, err := s.httpClient().Do(req)
 	if err != nil {
--- a/backend/internal/service/ory_service.go
+++ b/backend/internal/service/ory_service.go
@@ -697,22 +697,20 @@ func (o *OryProvider) UpdateUserPassword(loginID, newPassword string, r *http.Re
 		return fmt.Errorf("ory provider: identity not found for loginID=%s", loginID)
 	}

-	payload := map[string]interface{}{
-		"credentials": map[string]interface{}{
-			"password": map[string]interface{}{
-				"config": map[string]string{
-					"password": newPassword,
-				},
-			},
+	patchOps := []map[string]interface{}{
+		{
+			"op":    "add",
+			"path":  "/credentials/password/config/password",
+			"value": newPassword,
 		},
 	}

-	body, _ := json.Marshal(payload)
+	body, _ := json.Marshal(patchOps)
 	req, err := http.NewRequestWithContext(context.Background(), http.MethodPatch, fmt.Sprintf("%s/admin/identities/%s", o.KratosAdminURL, identityID), bytes.NewReader(body))
 	if err != nil {
 		return fmt.Errorf("ory provider: build request failed: %w", err)
 	}
-	req.Header.Set("Content-Type", "application/json")
+	req.Header.Set("Content-Type", "application/json-patch+json")

 	resp, err := o.httpClient().Do(req)
 	if err != nil {
--- a/docs/Gemini.md
+++ b/docs/Gemini.md
@@ -45,8 +45,6 @@ Root: `/home/lectom/.gemini/antigravity/scratch/baron_sso`
 ## Reference Analysis (Descope Sample App)
 - **Source**: `descope-sample-apps/flutter_sample_app_auth_func`
 - **Findings**:
-    - **Setup**: Uses `.env` for `DESCOPE_PROJECT_ID`.
-    - **Initialization**: `Descope.projectId = ...` and `Descope.sessionManager.loadSession()` in `main.dart`.
    - **Auth Check**: Checks `Descope.sessionManager.session?.refreshToken.isExpired`.
    - **Note**: Sample focuses on OAuth/OTP. Baron SSO requires **Enchanted Link**, which will use `Descope.auth.enchantedLink.signUpOrIn(...)` (inference based on SDK capability).
    - **Architecture**: Simple Provider/State management recommended (Riverpod chosen for Baron SSO).