환경변수 descope관련 값 제거, 비밀번호 변경기능 규격 변경

.env.sample

@@ -38,11 +38,6 @@ AUDIT_QUEUE_SIZE=2000      # 감사 로그 대기열(채널) 버퍼 크기
 # Redis Cache Configuration
 PROFILE_CACHE_TTL=30m     # User Profile Redis 캐시 만료 시간
 
-# Descope Project ID (Required for Auth)
-DESCOPE_PROJECT_ID=P2t...your_descope_project_id
-DESCOPE_MANAGEMENT_KEY=your_descope_management_key_here
-DESCOPE_TEST_ACCOUNT=tester@baroncs.co.kr
-
 # --- Naver Cloud Services ---
 NAVER_CLOUD_ACCESS_KEY=ncp_iam_...
 NAVER_CLOUD_SECRET_KEY=ncp_iam_...

.gitea/workflows/production_release.yml

@@ -109,8 +109,6 @@ jobs:
             "COOKIE_SECRET=${{ secrets.PROD_COOKIE_SECRET }}" \
             "JWT_SECRET=${{ secrets.PROD_JWT_SECRET }}" \
             "REDIS_ADDR=${{ vars.PROD_REDIS_ADDR }}" \
-            "DESCOPE_PROJECT_ID=${{ vars.DESCOPE_PROJECT_ID }}" \
-            "DESCOPE_MANAGEMENT_KEY=${{ secrets.DESCOPE_MANAGEMENT_KEY }}" \
             "NAVER_CLOUD_ACCESS_KEY=${{ vars.NAVER_CLOUD_ACCESS_KEY }}" \
             "NAVER_CLOUD_SECRET_KEY=${{ secrets.NAVER_CLOUD_SECRET_KEY }}" \
             "NAVER_CLOUD_SERVICE_ID=${{ vars.NAVER_CLOUD_SERVICE_ID }}" \

.gitea/workflows/staging_release.yml

@@ -75,8 +75,6 @@ jobs:
           AUDIT_WORKER_COUNT=5
           AUDIT_QUEUE_SIZE=2000
           PROFILE_CACHE_TTL=${{ vars.PROFILE_CACHE_TTL }}
-          DESCOPE_PROJECT_ID=${{ vars.DESCOPE_PROJECT_ID }}
-          DESCOPE_MANAGEMENT_KEY=${{ secrets.DESCOPE_MANAGEMENT_KEY }}
           DESCOPE_TEST_ACCOUNT=${{ vars.DESCOPE_TEST_ACCOUNT }}
           NAVER_CLOUD_ACCESS_KEY=${{ vars.NAVER_CLOUD_ACCESS_KEY }}
           NAVER_CLOUD_SECRET_KEY=${{ secrets.NAVER_CLOUD_SECRET_KEY }}

README.md

@@ -155,13 +155,9 @@ Kratos가 사용자 SoT이며 Hydra는 순수 OIDC 토큰 엔진입니다. 비
    ```bash
    cp .env.sample .env
    ```
-2. **중요**: `.env` 파일을 열어 **Descope Project ID**를 입력해야 합니다.
+2. **IDP 우선순위와 Ory 엔드포인트를 지정**합니다. 기본값은 Ory 입니다
-   ```env
-   DESCOPE_PROJECT_ID=P2t...
    ```
-3. **IDP 우선순위와 Ory 엔드포인트를 지정**합니다. 기본값은 Ory 우선 + Descope 폴백입니다.
+   IDP_PROVIDER=ory
-   ```env
-   IDP_PROVIDER=ory,descope
    KRATOS_ADMIN_URL=http://kratos:4434
    HYDRA_ADMIN_URL=http://hydra:4445
    HYDRA_PUBLIC_URL=http://hydra:4444

README_en.md

@@ -40,11 +40,8 @@ It leverages **Descope** for secure, passwordless authentication (Enchanted Link
    ```bash
    cp .env.sample .env
    ```
-2. **Crucial**: Edit `.env` and provide your **Descope Project ID**.
+
-   ```env
+2. Set the **IDP priority and Ory admin endpoints**. The default is Ory first with Descope as fallback.
-   DESCOPE_PROJECT_ID=P2t...
-   ```
-3. Set the **IDP priority and Ory admin endpoints**. The default is Ory first with Descope as fallback.
    ```env
    IDP_PROVIDER=ory,descope
    KRATOS_ADMIN_URL=http://kratos:4434

backend/internal/service/kratos_admin_service.go

@@ -163,22 +163,20 @@ func (s *KratosAdminService) UpdateIdentity(ctx context.Context, identityID stri
 }
 
 func (s *KratosAdminService) UpdateIdentityPassword(ctx context.Context, identityID, newPassword string) error {
-	payload := map[string]interface{}{
+	patchOps := []map[string]interface{}{
-		"credentials": map[string]interface{}{
+		{
-			"password": map[string]interface{}{
+			"op":    "add",
-				"config": map[string]string{
+			"path":  "/credentials/password/config/password",
-					"password": newPassword,
+			"value": newPassword,
-				},
-			},
 		},
 	}
-	body, _ := json.Marshal(payload)
+	body, _ := json.Marshal(patchOps)
 	endpoint := fmt.Sprintf("%s/admin/identities/%s", strings.TrimRight(s.AdminURL, "/"), identityID)
 	req, err := http.NewRequestWithContext(ctx, http.MethodPatch, endpoint, bytes.NewReader(body))
 	if err != nil {
 		return err
 	}
-	req.Header.Set("Content-Type", "application/json")
+	req.Header.Set("Content-Type", "application/json-patch+json")
 
 	resp, err := s.httpClient().Do(req)
 	if err != nil {

backend/internal/service/ory_service.go

@@ -697,22 +697,20 @@ func (o *OryProvider) UpdateUserPassword(loginID, newPassword string, r *http.Re
 		return fmt.Errorf("ory provider: identity not found for loginID=%s", loginID)
 	}
 
-	payload := map[string]interface{}{
+	patchOps := []map[string]interface{}{
-		"credentials": map[string]interface{}{
+		{
-			"password": map[string]interface{}{
+			"op":    "add",
-				"config": map[string]string{
+			"path":  "/credentials/password/config/password",
-					"password": newPassword,
+			"value": newPassword,
-				},
-			},
 		},
 	}
 
-	body, _ := json.Marshal(payload)
+	body, _ := json.Marshal(patchOps)
 	req, err := http.NewRequestWithContext(context.Background(), http.MethodPatch, fmt.Sprintf("%s/admin/identities/%s", o.KratosAdminURL, identityID), bytes.NewReader(body))
 	if err != nil {
 		return fmt.Errorf("ory provider: build request failed: %w", err)
 	}
-	req.Header.Set("Content-Type", "application/json")
+	req.Header.Set("Content-Type", "application/json-patch+json")
 
 	resp, err := o.httpClient().Do(req)
 	if err != nil {

docs/Gemini.md

@@ -45,8 +45,6 @@ Root: `/home/lectom/.gemini/antigravity/scratch/baron_sso`
 ## Reference Analysis (Descope Sample App)
 - **Source**: `descope-sample-apps/flutter_sample_app_auth_func`
 - **Findings**:
-    - **Setup**: Uses `.env` for `DESCOPE_PROJECT_ID`.
-    - **Initialization**: `Descope.projectId = ...` and `Descope.sessionManager.loadSession()` in `main.dart`.
     - **Auth Check**: Checks `Descope.sessionManager.session?.refreshToken.isExpired`.
     - **Note**: Sample focuses on OAuth/OTP. Baron SSO requires **Enchanted Link**, which will use `Descope.auth.enchantedLink.signUpOrIn(...)` (inference based on SDK capability).
     - **Architecture**: Simple Provider/State management recommended (Riverpod chosen for Baron SSO).