refactor: 보안 정책 준수를 위해 Keto 포트 외부 노출 제거 및 내부 통신으로 변경 #239

userfront/lib/core/services/web_auth_integration_web.dart

@@ -11,8 +11,8 @@ void implSendLoginSuccess(String token) {
     effectiveToken = AuthTokenStore.getToken() ?? "";
   }
 
-  final uri = Uri.parse(html.window.location.href);
-  final redirectUri = uri.queryParameters['redirect_uri'];
+  final uri = Uri.base;
+  final redirectUri = uri.queryParameters['redirect_uri'] ?? uri.queryParameters['redirect_url'];
 
   if (redirectUri != null && redirectUri.isNotEmpty) {
     // Redirection flow
@@ -47,5 +47,9 @@ void implSendLoginSuccess(String token) {
 }
 
 bool implIsPopup() {
-  return html.window.opener != null;
+  if (html.window.opener != null) return true;
+  
+  // Fallback: Check query parameters for integration source
+  final uri = Uri.base;
+  return uri.queryParameters['source'] == 'adminfront';
 }

userfront/lib/features/auth/presentation/login_screen.dart

@@ -78,6 +78,13 @@ class _LoginScreenState extends ConsumerState<LoginScreen>
 
     WidgetsBinding.instance.addPostFrameCallback((_) async {
       final uri = Uri.base;
+      
+      if (uri.queryParameters.containsKey('redirect_url')) {
+        _redirectUrl = uri.queryParameters['redirect_url'];
+      } else if (uri.queryParameters.containsKey('redirect_uri')) {
+        _redirectUrl = uri.queryParameters['redirect_uri'];
+      }
+
       _loginChallenge = widget.loginChallenge ?? uri.queryParameters['login_challenge'];
       final loginIdParam = uri.queryParameters['loginId'];
       final codeParam = uri.queryParameters['code'];
@@ -114,12 +121,6 @@ class _LoginScreenState extends ConsumerState<LoginScreen>
         if (!mounted) return;
         await _tryCookieSession();
       }
-
-      if (uri.queryParameters.containsKey('redirect_url')) {
-        _redirectUrl = uri.queryParameters['redirect_url'];
-      } else if (uri.queryParameters.containsKey('redirect_uri')) {
-        _redirectUrl = uri.queryParameters['redirect_uri'];
-      }
     });
   }