forked from baron/baron-sso
ory-hosting 기본구동
This commit is contained in:
@@ -7,6 +7,7 @@ import (
|
||||
"log/slog"
|
||||
"net/http"
|
||||
"os"
|
||||
"strings"
|
||||
"time"
|
||||
|
||||
"github.com/descope/go-sdk/descope"
|
||||
@@ -69,6 +70,81 @@ func (d *DescopeProvider) GetMetadata() (*domain.IDPMetadata, error) {
|
||||
}, nil
|
||||
}
|
||||
|
||||
// CreateUser는 Descope Management API를 사용해 사용자를 생성합니다.
|
||||
func (d *DescopeProvider) CreateUser(user *domain.BrokerUser, password string) (string, error) {
|
||||
if d.Client == nil {
|
||||
return "", fmt.Errorf("descope provider: client is nil")
|
||||
}
|
||||
if user == nil {
|
||||
return "", fmt.Errorf("descope provider: user payload is nil")
|
||||
}
|
||||
if user.Email == "" || password == "" {
|
||||
return "", fmt.Errorf("descope provider: email and password are required")
|
||||
}
|
||||
|
||||
normalizedPhone := user.PhoneNumber
|
||||
normalizedPhone = strings.ReplaceAll(normalizedPhone, "-", "")
|
||||
normalizedPhone = strings.ReplaceAll(normalizedPhone, " ", "")
|
||||
if strings.HasPrefix(normalizedPhone, "010") {
|
||||
normalizedPhone = "+82" + normalizedPhone[1:]
|
||||
} else if strings.HasPrefix(normalizedPhone, "82") {
|
||||
normalizedPhone = "+" + normalizedPhone
|
||||
}
|
||||
|
||||
// 존재 여부 확인
|
||||
exists, _ := d.Client.Management.User().Load(context.Background(), user.Email)
|
||||
if exists != nil {
|
||||
return "", fmt.Errorf("descope provider: user already exists")
|
||||
}
|
||||
|
||||
descopeUser := &descope.UserRequest{}
|
||||
descopeUser.Email = user.Email
|
||||
descopeUser.Phone = normalizedPhone
|
||||
descopeUser.Name = user.Name
|
||||
descopeUser.CustomAttributes = map[string]any{}
|
||||
for k, v := range user.Attributes {
|
||||
descopeUser.CustomAttributes[k] = v
|
||||
}
|
||||
descopeUser.CustomAttributes["createdAt"] = time.Now().Format(time.RFC3339)
|
||||
|
||||
if _, err := d.Client.Management.User().Create(context.Background(), user.Email, descopeUser); err != nil {
|
||||
return "", fmt.Errorf("descope provider: create user failed: %w", err)
|
||||
}
|
||||
if err := d.Client.Management.User().SetPassword(context.Background(), user.Email, password); err != nil {
|
||||
_ = d.Client.Management.User().Delete(context.Background(), user.Email)
|
||||
return "", fmt.Errorf("descope provider: set password failed: %w", err)
|
||||
}
|
||||
|
||||
slog.Info("Descope user created", "email", user.Email)
|
||||
return user.Email, nil
|
||||
}
|
||||
|
||||
// SignIn은 Descope Password 로그인 후 세션 토큰을 반환합니다.
|
||||
func (d *DescopeProvider) SignIn(loginID, password string) (*domain.AuthInfo, error) {
|
||||
if d.Client == nil {
|
||||
return nil, fmt.Errorf("descope provider: client is nil")
|
||||
}
|
||||
authInfo, err := d.Client.Auth.Password().SignIn(context.Background(), loginID, password, nil)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
res := &domain.AuthInfo{
|
||||
SessionToken: &domain.Token{
|
||||
JWT: authInfo.SessionToken.JWT,
|
||||
Expiration: time.Unix(authInfo.SessionToken.Expiration, 0),
|
||||
},
|
||||
Subject: authInfo.User.UserID,
|
||||
}
|
||||
if authInfo.RefreshToken != nil {
|
||||
res.RefreshToken = &domain.Token{
|
||||
JWT: authInfo.RefreshToken.JWT,
|
||||
Expiration: time.Unix(authInfo.RefreshToken.Expiration, 0),
|
||||
}
|
||||
}
|
||||
return res, nil
|
||||
}
|
||||
|
||||
func (d *DescopeProvider) InitiatePasswordReset(loginID, redirectUrl string) error {
|
||||
ctx := context.Background()
|
||||
err := d.Client.Auth.Password().SendPasswordReset(ctx, loginID, redirectUrl, nil)
|
||||
|
||||
Reference in New Issue
Block a user