RP 공개키 등록 UI 및 SSH-RSA 자동 변환 기능 구현

devfront/src/locales/en.toml

@@ -390,6 +390,29 @@ subtitle = "Define the permission scopes this application can request."
 private_help = "Server side App: For apps that can safely store a client secret, such as Node.js or Java servers."
 pkce_help = "PKCE App (SPA/Mobile): For apps that cannot safely store a client secret. PKCE is mandatory."
 subtitle = "Select application type. Security level determines authentication method."
+trusted_help = "Operate as a trusted RP using private_key_jwt and public key registration. Headless login is only available for this profile."
+
+[msg.dev.clients.general.public_key]
+auth_method_client_secret_basic_help = "Standard authentication method for server-side applications."
+auth_method_none_help = "Use this for PKCE-based public clients."
+auth_method_private_key_jwt_help = "Signed key-based client authentication recommended for trusted RP bootstrap and JAR verification."
+guide_example = "Recommended example: https://rp.example.com/.well-known/jwks.json"
+guide_intro = "A JWKS URI is not created by Baron. It is the URL where the RP backend exposes its public key."
+guide_step_1 = "Generate a key pair on the RP server and keep the private key only in the RP backend."
+guide_step_2 = "Expose the public key from the RP backend through a JWKS (JSON Web Key Set) endpoint."
+guide_step_3 = "Enter a URL such as https://rp.example.com/.well-known/jwks.json in DevFront."
+headless_help = "Trusted RPs can keep their own login UI while Baron continues to handle authentication and OIDC progression."
+jwks_uri_help = "Enter the public key endpoint URL exposed by the RP backend. Example: https://rp.example.com/.well-known/jwks.json"
+request_object_alg_help = "Specify the JAR (Request Object) signing algorithm used for headless login."
+source_help = "Register the JWKS URI served by the RP so Baron can verify the public key."
+subtitle = "Manage the public key and headless login settings required for trusted RP evaluation."
+
+[msg.dev.clients.general.public_key.validation]
+headless_requires_alg = "Headless login requires a Request Object Signing Algorithm."
+headless_requires_private_key_jwt = "Headless login requires token endpoint auth method to be private_key_jwt."
+headless_requires_public_key = "Headless login requires a JWKS URI."
+invalid_jwks_uri = "JWKS URI format is invalid."
+private_key_jwt_requires_public_key = "Signed key-based authentication requires a JWKS URI."
 
 [msg.dev.clients.help]
 docs_body = "Includes PKCE, client_secret_basic, redirect URI validation tips."
@@ -1368,8 +1391,27 @@ delete = "Delete"
 [ui.dev.clients.general.security]
 private = "Server Side App"
 pkce = "PKCE"
+trusted = "Trusted RP"
 title = "Security Settings"
 
+[ui.dev.clients.general.public_key]
+auth_method = "Token Endpoint Auth Method"
+auth_method_client_secret_basic = "client_secret_basic"
+auth_method_none = "none"
+auth_method_private_key_jwt = "Signed Key Authentication"
+guide_toggle = "JWKS URI Setup Guide"
+headless_disabled = "Headless Disabled"
+headless_enabled = "Headless Enabled"
+headless_toggle = "Headless Login"
+jwks_uri = "JWKS URI"
+jwks_uri_placeholder = "https://rp.example.com/.well-known/jwks.json"
+request_object_alg = "Request Object Signing Algorithm"
+request_object_alg_placeholder = "RS256"
+source = "Public Key Source"
+source_uri = "JWKS URI"
+title = "Public Key Registration"
+validation_title = "Check before saving"
+
 [ui.dev.clients.help]
 docs_body = "Includes PKCE, client_secret_basic, redirect URI validation tips."
 docs_title = "Docs & Examples"

devfront/src/locales/ko.toml

@@ -390,6 +390,29 @@ subtitle = "이 앱이 요청할 수 있는 권한 범위를 정의합니다."
 pkce_help = "PKCE 앱 (SPA/모바일): 브라우저나 앱처럼 비밀키를 보관하기 어려운 경우 사용하며, PKCE가 강제됩니다."
 private_help = "Server side App (서버 사이드 앱): Node.js, Java 등 비밀키를 안전하게 보관 가능한 경우 사용합니다."
 subtitle = "앱 유형을 선택하세요. 보안 수준에 따라 인증 방식이 달라집니다."
+trusted_help = "private_key_jwt와 공개키 등록을 사용해 trusted RP로 운영합니다.\nHeadless Login은 이 프로필에서만 사용할 수 있습니다."
+
+[msg.dev.clients.general.public_key]
+auth_method_client_secret_basic_help = "일반적인 서버 사이드 앱 인증 방식입니다."
+auth_method_none_help = "PKCE 기반 public client에 사용하는 방식입니다."
+auth_method_private_key_jwt_help = "Trusted RP bootstrap과 JAR 검증에 필요한 서명 키 기반 인증 방식입니다."
+guide_example = "권장 예시: https://rp.example.com/.well-known/jwks.json"
+guide_intro = "JWKS URI는 Baron이 만드는 값이 아니라 RP backend가 공개키를 노출하는 URL입니다."
+guide_step_1 = "RP 서버에서 key pair를 생성하고 private key는 RP backend에만 보관합니다."
+guide_step_2 = "RP backend가 public key를 JWKS(JSON Web Key Set) 형태로 제공하는 endpoint를 준비합니다."
+guide_step_3 = "예: https://rp.example.com/.well-known/jwks.json 같은 URL을 DevFront에 입력합니다."
+headless_help = "Trusted RP는 RP 자체 로그인 UI를 사용할 수 있지만, bootstrap 검증, 사용자 인증 처리, Hydra 연계, 최종 redirect 생성은 Baron backend가 담당합니다."
+jwks_uri_help = "RP backend가 제공하는 공개키 endpoint URL을 입력하세요. 예: https://rp.example.com/.well-known/jwks.json"
+request_object_alg_help = "Headless Login을 사용할 때 JAR(Request Object) 서명 알고리즘을 명시합니다."
+source_help = "운영 환경에서는 RP가 서빙하는 JWKS URI를 등록해 공개키를 검증합니다."
+subtitle = "Trusted RP 판정에 필요한 공개키와 headless login 관련 설정을 관리합니다."
+
+[msg.dev.clients.general.public_key.validation]
+headless_requires_alg = "Headless Login을 사용하려면 Request Object Signing Algorithm을 입력해야 합니다."
+headless_requires_private_key_jwt = "Headless Login을 사용하려면 token endpoint auth method가 private_key_jwt여야 합니다."
+headless_requires_public_key = "Headless Login을 사용하려면 JWKS URI가 필요합니다."
+invalid_jwks_uri = "JWKS URI 형식이 올바르지 않습니다."
+private_key_jwt_requires_public_key = "서명 키 기반 인증을 사용하려면 JWKS URI가 필요합니다."
 
 [msg.dev.clients.help]
 docs_body = "Includes PKCE, client_secret_basic, redirect URI validation tips."
@@ -1367,8 +1390,27 @@ delete = "삭제"
 [ui.dev.clients.general.security]
 private = "Server side App"
 pkce = "PKCE"
+trusted = "Trusted RP"
 title = "보안 설정"
 
+[ui.dev.clients.general.public_key]
+auth_method = "Token Endpoint Auth Method"
+auth_method_client_secret_basic = "client_secret_basic"
+auth_method_none = "none"
+auth_method_private_key_jwt = "서명 키 기반 인증"
+guide_toggle = "JWKS URI 준비 가이드"
+headless_disabled = "Headless Disabled"
+headless_enabled = "Headless Enabled"
+headless_toggle = "Headless Login"
+jwks_uri = "JWKS URI"
+jwks_uri_placeholder = "https://rp.example.com/.well-known/jwks.json"
+request_object_alg = "Request Object Signing Algorithm"
+request_object_alg_placeholder = "RS256"
+source = "Public Key Source"
+source_uri = "JWKS URI"
+title = "공개키 등록"
+validation_title = "저장 전 확인 필요"
+
 [ui.dev.clients.help]
 docs_body = "Includes PKCE, client_secret_basic, redirect URI validation tips."
 docs_title = "Docs & Examples"

devfront/src/locales/template.toml

@@ -390,6 +390,29 @@ subtitle = ""
 private_help = ""
 pkce_help = ""
 subtitle = ""
+trusted_help = ""
+
+[msg.dev.clients.general.public_key]
+auth_method_client_secret_basic_help = ""
+auth_method_none_help = ""
+auth_method_private_key_jwt_help = ""
+guide_example = ""
+guide_intro = ""
+guide_step_1 = ""
+guide_step_2 = ""
+guide_step_3 = ""
+headless_help = ""
+jwks_uri_help = ""
+request_object_alg_help = ""
+source_help = ""
+subtitle = ""
+
+[msg.dev.clients.general.public_key.validation]
+headless_requires_alg = ""
+headless_requires_private_key_jwt = ""
+headless_requires_public_key = ""
+invalid_jwks_uri = ""
+private_key_jwt_requires_public_key = ""
 
 [msg.dev.clients.help]
 docs_body = ""
@@ -1367,8 +1390,27 @@ delete = ""
 [ui.dev.clients.general.security]
 private = ""
 pkce = ""
+trusted = ""
 title = ""
 
+[ui.dev.clients.general.public_key]
+auth_method = ""
+auth_method_client_secret_basic = ""
+auth_method_none = ""
+auth_method_private_key_jwt = ""
+guide_toggle = ""
+headless_disabled = ""
+headless_enabled = ""
+headless_toggle = ""
+jwks_uri = ""
+jwks_uri_placeholder = ""
+request_object_alg = ""
+request_object_alg_placeholder = ""
+source = ""
+source_uri = ""
+title = ""
+validation_title = ""
+
 [ui.dev.clients.help]
 docs_body = ""
 docs_title = ""