1
0
forked from baron/baron-sso

ory-hosting 기본구동

This commit is contained in:
Lectom C Han
2026-01-27 22:58:49 +09:00
parent 41f0549435
commit c3f7b18afc
31 changed files with 1910 additions and 176 deletions

View File

@@ -7,6 +7,7 @@ import (
"log/slog"
"net/http"
"os"
"strings"
"time"
"github.com/descope/go-sdk/descope"
@@ -69,6 +70,81 @@ func (d *DescopeProvider) GetMetadata() (*domain.IDPMetadata, error) {
}, nil
}
// CreateUser는 Descope Management API를 사용해 사용자를 생성합니다.
func (d *DescopeProvider) CreateUser(user *domain.BrokerUser, password string) (string, error) {
if d.Client == nil {
return "", fmt.Errorf("descope provider: client is nil")
}
if user == nil {
return "", fmt.Errorf("descope provider: user payload is nil")
}
if user.Email == "" || password == "" {
return "", fmt.Errorf("descope provider: email and password are required")
}
normalizedPhone := user.PhoneNumber
normalizedPhone = strings.ReplaceAll(normalizedPhone, "-", "")
normalizedPhone = strings.ReplaceAll(normalizedPhone, " ", "")
if strings.HasPrefix(normalizedPhone, "010") {
normalizedPhone = "+82" + normalizedPhone[1:]
} else if strings.HasPrefix(normalizedPhone, "82") {
normalizedPhone = "+" + normalizedPhone
}
// 존재 여부 확인
exists, _ := d.Client.Management.User().Load(context.Background(), user.Email)
if exists != nil {
return "", fmt.Errorf("descope provider: user already exists")
}
descopeUser := &descope.UserRequest{}
descopeUser.Email = user.Email
descopeUser.Phone = normalizedPhone
descopeUser.Name = user.Name
descopeUser.CustomAttributes = map[string]any{}
for k, v := range user.Attributes {
descopeUser.CustomAttributes[k] = v
}
descopeUser.CustomAttributes["createdAt"] = time.Now().Format(time.RFC3339)
if _, err := d.Client.Management.User().Create(context.Background(), user.Email, descopeUser); err != nil {
return "", fmt.Errorf("descope provider: create user failed: %w", err)
}
if err := d.Client.Management.User().SetPassword(context.Background(), user.Email, password); err != nil {
_ = d.Client.Management.User().Delete(context.Background(), user.Email)
return "", fmt.Errorf("descope provider: set password failed: %w", err)
}
slog.Info("Descope user created", "email", user.Email)
return user.Email, nil
}
// SignIn은 Descope Password 로그인 후 세션 토큰을 반환합니다.
func (d *DescopeProvider) SignIn(loginID, password string) (*domain.AuthInfo, error) {
if d.Client == nil {
return nil, fmt.Errorf("descope provider: client is nil")
}
authInfo, err := d.Client.Auth.Password().SignIn(context.Background(), loginID, password, nil)
if err != nil {
return nil, err
}
res := &domain.AuthInfo{
SessionToken: &domain.Token{
JWT: authInfo.SessionToken.JWT,
Expiration: time.Unix(authInfo.SessionToken.Expiration, 0),
},
Subject: authInfo.User.UserID,
}
if authInfo.RefreshToken != nil {
res.RefreshToken = &domain.Token{
JWT: authInfo.RefreshToken.JWT,
Expiration: time.Unix(authInfo.RefreshToken.Expiration, 0),
}
}
return res, nil
}
func (d *DescopeProvider) InitiatePasswordReset(loginID, redirectUrl string) error {
ctx := context.Background()
err := d.Client.Auth.Password().SendPasswordReset(ctx, loginID, redirectUrl, nil)