offline_access 스코프 유지 처리 및 refresh_token 발급 경로 수정

2026-06-12 16:33:26 +09:00
parent e4680ec49d
commit bdd86f4d88
8 changed files with 28 additions and 19 deletions
--- a/backend/internal/handler/client_tenant_access_test.go
+++ b/backend/internal/handler/client_tenant_access_test.go
@@ -154,7 +154,7 @@ func TestMergeRequestedScopesWithClientRequirements_StripsRefreshTokenScopeAlias
 		[]string{"openid", "offline", "profile", "offline_access"},
 	)

-	assert.Equal(t, []string{"openid", "tenant", "profile", "email"}, merged)
+	assert.Equal(t, []string{"openid", "tenant", "profile", "offline_access", "email"}, merged)
 }

 func TestBuildHydraAuthorizationURL_StripsRefreshTokenScopeAliases(t *testing.T) {
@@ -169,9 +169,9 @@ func TestBuildHydraAuthorizationURL_StripsRefreshTokenScopeAliases(t *testing.T)
 	scopes := parsed.Query().Get("scope")
 	scopeItems := strings.Fields(scopes)

-	assert.Equal(t, "openid profile email", scopes)
+	assert.Equal(t, "openid profile offline_access email", scopes)
 	assert.NotContains(t, scopeItems, "offline")
-	assert.NotContains(t, scopeItems, "offline_access")
+	assert.Contains(t, scopeItems, "offline_access")
 }

 func TestGetConsentRequest_DeniesTenantAccess(t *testing.T) {