From 9cdd89c1c1bdb51354b3492462550a2a205b848b Mon Sep 17 00:00:00 2001 From: Lectom C Han Date: Mon, 9 Feb 2026 18:01:59 +0900 Subject: [PATCH] =?UTF-8?q?=ED=99=98=EA=B2=BD=EB=B3=80=EC=88=98=20descope?= =?UTF-8?q?=EA=B4=80=EB=A0=A8=20=EA=B0=92=20=EC=A0=9C=EA=B1=B0,=20?= =?UTF-8?q?=EB=B9=84=EB=B0=80=EB=B2=88=ED=98=B8=20=EB=B3=80=EA=B2=BD?= =?UTF-8?q?=EA=B8=B0=EB=8A=A5=20=EA=B7=9C=EA=B2=A9=20=EB=B3=80=EA=B2=BD?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .env.sample | 5 ----- .gitea/workflows/production_release.yml | 2 -- .gitea/workflows/staging_release.yml | 2 -- README.md | 8 ++------ README_en.md | 7 ++----- backend/internal/service/kratos_admin_service.go | 16 +++++++--------- backend/internal/service/ory_service.go | 16 +++++++--------- docs/Gemini.md | 2 -- 8 files changed, 18 insertions(+), 40 deletions(-) diff --git a/.env.sample b/.env.sample index 505020cb..60e96060 100644 --- a/.env.sample +++ b/.env.sample @@ -38,11 +38,6 @@ AUDIT_QUEUE_SIZE=2000 # 감사 로그 대기열(채널) 버퍼 크기 # Redis Cache Configuration PROFILE_CACHE_TTL=30m # User Profile Redis 캐시 만료 시간 -# Descope Project ID (Required for Auth) -DESCOPE_PROJECT_ID=P2t...your_descope_project_id -DESCOPE_MANAGEMENT_KEY=your_descope_management_key_here -DESCOPE_TEST_ACCOUNT=tester@baroncs.co.kr - # --- Naver Cloud Services --- NAVER_CLOUD_ACCESS_KEY=ncp_iam_... NAVER_CLOUD_SECRET_KEY=ncp_iam_... diff --git a/.gitea/workflows/production_release.yml b/.gitea/workflows/production_release.yml index 1fdeaea6..81a9517e 100644 --- a/.gitea/workflows/production_release.yml +++ b/.gitea/workflows/production_release.yml @@ -109,8 +109,6 @@ jobs: "COOKIE_SECRET=${{ secrets.PROD_COOKIE_SECRET }}" \ "JWT_SECRET=${{ secrets.PROD_JWT_SECRET }}" \ "REDIS_ADDR=${{ vars.PROD_REDIS_ADDR }}" \ - "DESCOPE_PROJECT_ID=${{ vars.DESCOPE_PROJECT_ID }}" \ - "DESCOPE_MANAGEMENT_KEY=${{ secrets.DESCOPE_MANAGEMENT_KEY }}" \ "NAVER_CLOUD_ACCESS_KEY=${{ vars.NAVER_CLOUD_ACCESS_KEY }}" \ "NAVER_CLOUD_SECRET_KEY=${{ secrets.NAVER_CLOUD_SECRET_KEY }}" \ "NAVER_CLOUD_SERVICE_ID=${{ vars.NAVER_CLOUD_SERVICE_ID }}" \ diff --git a/.gitea/workflows/staging_release.yml b/.gitea/workflows/staging_release.yml index 372a8072..8b0632c2 100644 --- a/.gitea/workflows/staging_release.yml +++ b/.gitea/workflows/staging_release.yml @@ -75,8 +75,6 @@ jobs: AUDIT_WORKER_COUNT=5 AUDIT_QUEUE_SIZE=2000 PROFILE_CACHE_TTL=${{ vars.PROFILE_CACHE_TTL }} - DESCOPE_PROJECT_ID=${{ vars.DESCOPE_PROJECT_ID }} - DESCOPE_MANAGEMENT_KEY=${{ secrets.DESCOPE_MANAGEMENT_KEY }} DESCOPE_TEST_ACCOUNT=${{ vars.DESCOPE_TEST_ACCOUNT }} NAVER_CLOUD_ACCESS_KEY=${{ vars.NAVER_CLOUD_ACCESS_KEY }} NAVER_CLOUD_SECRET_KEY=${{ secrets.NAVER_CLOUD_SECRET_KEY }} diff --git a/README.md b/README.md index c44cfd3e..6ee5f36b 100644 --- a/README.md +++ b/README.md @@ -155,13 +155,9 @@ Kratos가 사용자 SoT이며 Hydra는 순수 OIDC 토큰 엔진입니다. 비 ```bash cp .env.sample .env ``` -2. **중요**: `.env` 파일을 열어 **Descope Project ID**를 입력해야 합니다. - ```env - DESCOPE_PROJECT_ID=P2t... +2. **IDP 우선순위와 Ory 엔드포인트를 지정**합니다. 기본값은 Ory 입니다 ``` -3. **IDP 우선순위와 Ory 엔드포인트를 지정**합니다. 기본값은 Ory 우선 + Descope 폴백입니다. - ```env - IDP_PROVIDER=ory,descope + IDP_PROVIDER=ory KRATOS_ADMIN_URL=http://kratos:4434 HYDRA_ADMIN_URL=http://hydra:4445 HYDRA_PUBLIC_URL=http://hydra:4444 diff --git a/README_en.md b/README_en.md index 8226818f..8d54e892 100644 --- a/README_en.md +++ b/README_en.md @@ -40,11 +40,8 @@ It leverages **Descope** for secure, passwordless authentication (Enchanted Link ```bash cp .env.sample .env ``` -2. **Crucial**: Edit `.env` and provide your **Descope Project ID**. - ```env - DESCOPE_PROJECT_ID=P2t... - ``` -3. Set the **IDP priority and Ory admin endpoints**. The default is Ory first with Descope as fallback. + +2. Set the **IDP priority and Ory admin endpoints**. The default is Ory first with Descope as fallback. ```env IDP_PROVIDER=ory,descope KRATOS_ADMIN_URL=http://kratos:4434 diff --git a/backend/internal/service/kratos_admin_service.go b/backend/internal/service/kratos_admin_service.go index 344a70b5..800407d4 100644 --- a/backend/internal/service/kratos_admin_service.go +++ b/backend/internal/service/kratos_admin_service.go @@ -163,22 +163,20 @@ func (s *KratosAdminService) UpdateIdentity(ctx context.Context, identityID stri } func (s *KratosAdminService) UpdateIdentityPassword(ctx context.Context, identityID, newPassword string) error { - payload := map[string]interface{}{ - "credentials": map[string]interface{}{ - "password": map[string]interface{}{ - "config": map[string]string{ - "password": newPassword, - }, - }, + patchOps := []map[string]interface{}{ + { + "op": "add", + "path": "/credentials/password/config/password", + "value": newPassword, }, } - body, _ := json.Marshal(payload) + body, _ := json.Marshal(patchOps) endpoint := fmt.Sprintf("%s/admin/identities/%s", strings.TrimRight(s.AdminURL, "/"), identityID) req, err := http.NewRequestWithContext(ctx, http.MethodPatch, endpoint, bytes.NewReader(body)) if err != nil { return err } - req.Header.Set("Content-Type", "application/json") + req.Header.Set("Content-Type", "application/json-patch+json") resp, err := s.httpClient().Do(req) if err != nil { diff --git a/backend/internal/service/ory_service.go b/backend/internal/service/ory_service.go index a205ca68..bab1e8c0 100644 --- a/backend/internal/service/ory_service.go +++ b/backend/internal/service/ory_service.go @@ -697,22 +697,20 @@ func (o *OryProvider) UpdateUserPassword(loginID, newPassword string, r *http.Re return fmt.Errorf("ory provider: identity not found for loginID=%s", loginID) } - payload := map[string]interface{}{ - "credentials": map[string]interface{}{ - "password": map[string]interface{}{ - "config": map[string]string{ - "password": newPassword, - }, - }, + patchOps := []map[string]interface{}{ + { + "op": "add", + "path": "/credentials/password/config/password", + "value": newPassword, }, } - body, _ := json.Marshal(payload) + body, _ := json.Marshal(patchOps) req, err := http.NewRequestWithContext(context.Background(), http.MethodPatch, fmt.Sprintf("%s/admin/identities/%s", o.KratosAdminURL, identityID), bytes.NewReader(body)) if err != nil { return fmt.Errorf("ory provider: build request failed: %w", err) } - req.Header.Set("Content-Type", "application/json") + req.Header.Set("Content-Type", "application/json-patch+json") resp, err := o.httpClient().Do(req) if err != nil { diff --git a/docs/Gemini.md b/docs/Gemini.md index 156f19e3..ae931421 100644 --- a/docs/Gemini.md +++ b/docs/Gemini.md @@ -45,8 +45,6 @@ Root: `/home/lectom/.gemini/antigravity/scratch/baron_sso` ## Reference Analysis (Descope Sample App) - **Source**: `descope-sample-apps/flutter_sample_app_auth_func` - **Findings**: - - **Setup**: Uses `.env` for `DESCOPE_PROJECT_ID`. - - **Initialization**: `Descope.projectId = ...` and `Descope.sessionManager.loadSession()` in `main.dart`. - **Auth Check**: Checks `Descope.sessionManager.session?.refreshToken.isExpired`. - **Note**: Sample focuses on OAuth/OTP. Baron SSO requires **Enchanted Link**, which will use `Descope.auth.enchantedLink.signUpOrIn(...)` (inference based on SDK capability). - **Architecture**: Simple Provider/State management recommended (Riverpod chosen for Baron SSO).