Trusted RP 생성 흐름 테스트 추가

backend/internal/handler/dev_handler_test.go

@@ -7,6 +7,7 @@ import (
 	"context"
 	"encoding/json"
 	"fmt"
+	"io"
 	"net/http"
 	"net/http/httptest"
 	"testing"
@@ -610,6 +611,156 @@ func TestDevHandler_NoAuditNoAction(t *testing.T) {
 	})
 }
 
+func TestCreateClient_TrustedRPPayloadMapping(t *testing.T) {
+	var captured domain.HydraClient
+
+	transport := roundTripFunc(func(r *http.Request) (*http.Response, error) {
+		if r.Method == http.MethodPost && r.URL.Path == "/clients" {
+			body, err := io.ReadAll(r.Body)
+			assert.NoError(t, err)
+			err = json.Unmarshal(body, &captured)
+			assert.NoError(t, err)
+
+			return httpJSONAny(r, http.StatusCreated, map[string]any{
+				"client_id":                  captured.ClientID,
+				"client_name":                captured.ClientName,
+				"redirect_uris":              captured.RedirectURIs,
+				"grant_types":                captured.GrantTypes,
+				"response_types":             captured.ResponseTypes,
+				"scope":                      captured.Scope,
+				"token_endpoint_auth_method": captured.TokenEndpointAuthMethod,
+				"jwks":                       captured.JWKS,
+				"metadata":                   captured.Metadata,
+			}), nil
+		}
+		return httpJSONAny(r, http.StatusNotFound, nil), nil
+	})
+
+	h := &DevHandler{
+		Hydra: &service.HydraAdminService{
+			AdminURL:   "http://hydra.test",
+			PublicURL:  "http://hydra.public",
+			HTTPClient: &http.Client{Transport: transport},
+		},
+		Keto: new(devMockKetoService),
+	}
+
+	app := fiber.New()
+	app.Use(func(c *fiber.Ctx) error {
+		c.Locals("user_profile", &domain.UserProfileResponse{ID: "test-user", Role: domain.RoleSuperAdmin})
+		return c.Next()
+	})
+	app.Post("/api/v1/dev/clients", h.CreateClient)
+
+	body, _ := json.Marshal(map[string]any{
+		"name":                    "Trusted RP App",
+		"type":                    "pkce",
+		"redirectUris":            []string{"https://rp.example.com/callback"},
+		"scopes":                  []string{"openid", "profile"},
+		"tokenEndpointAuthMethod": "private_key_jwt",
+		"jwks": map[string]any{
+			"keys": []map[string]any{{
+				"kty": "RSA",
+				"alg": "RS256",
+				"n":   "AQIDBAUGBw",
+				"e":   "AQAB",
+			}},
+		},
+		"metadata": map[string]any{
+			"headless_login_enabled":     true,
+			"request_object_signing_alg": "RS256",
+		},
+	})
+	req := httptest.NewRequest(http.MethodPost, "/api/v1/dev/clients", bytes.NewReader(body))
+	req.Header.Set("Content-Type", "application/json")
+
+	resp, _ := app.Test(req, -1)
+	assert.Equal(t, http.StatusCreated, resp.StatusCode)
+	assert.Equal(t, "private_key_jwt", captured.TokenEndpointAuthMethod)
+	assert.NotNil(t, captured.JWKS)
+	assert.True(t, captured.IsTrustedRP())
+	assert.True(t, captured.IsHeadlessLoginEnabled())
+	assert.Equal(t, true, captured.Metadata["headless_login_enabled"])
+	assert.Equal(t, "RS256", captured.Metadata["request_object_signing_alg"])
+}
+
+func TestUpdateClient_TrustedRPPayloadMapping(t *testing.T) {
+	var captured domain.HydraClient
+
+	transport := roundTripFunc(func(r *http.Request) (*http.Response, error) {
+		if r.Method == http.MethodGet && r.URL.Path == "/clients/client-trusted" {
+			return httpJSONAny(r, http.StatusOK, map[string]any{
+				"client_id":                  "client-trusted",
+				"client_name":                "Trusted Before",
+				"redirect_uris":              []string{"https://before.example.com/callback"},
+				"grant_types":                []string{"authorization_code", "refresh_token"},
+				"response_types":             []string{"code"},
+				"scope":                      "openid profile",
+				"token_endpoint_auth_method": "none",
+				"metadata": map[string]any{
+					"status": "active",
+				},
+			}), nil
+		}
+		if r.Method == http.MethodPut && r.URL.Path == "/clients/client-trusted" {
+			body, err := io.ReadAll(r.Body)
+			assert.NoError(t, err)
+			err = json.Unmarshal(body, &captured)
+			assert.NoError(t, err)
+
+			return httpJSONAny(r, http.StatusOK, map[string]any{
+				"client_id":                  captured.ClientID,
+				"client_name":                captured.ClientName,
+				"redirect_uris":              captured.RedirectURIs,
+				"grant_types":                captured.GrantTypes,
+				"response_types":             captured.ResponseTypes,
+				"scope":                      captured.Scope,
+				"token_endpoint_auth_method": captured.TokenEndpointAuthMethod,
+				"jwks_uri":                   captured.JWKSUri,
+				"metadata":                   captured.Metadata,
+			}), nil
+		}
+		return httpJSONAny(r, http.StatusNotFound, nil), nil
+	})
+
+	h := &DevHandler{
+		Hydra: &service.HydraAdminService{
+			AdminURL:   "http://hydra.test",
+			PublicURL:  "http://hydra.public",
+			HTTPClient: &http.Client{Transport: transport},
+		},
+		Keto: new(devMockKetoService),
+	}
+
+	app := fiber.New()
+	app.Use(func(c *fiber.Ctx) error {
+		c.Locals("user_profile", &domain.UserProfileResponse{ID: "test-user", Role: domain.RoleSuperAdmin})
+		return c.Next()
+	})
+	app.Put("/api/v1/dev/clients/:id", h.UpdateClient)
+
+	body, _ := json.Marshal(map[string]any{
+		"name":                    "Trusted After",
+		"type":                    "pkce",
+		"tokenEndpointAuthMethod": "private_key_jwt",
+		"jwksUri":                 "https://rp.example.com/.well-known/jwks.json",
+		"metadata": map[string]any{
+			"headless_login_enabled":     true,
+			"request_object_signing_alg": "RS256",
+		},
+	})
+	req := httptest.NewRequest(http.MethodPut, "/api/v1/dev/clients/client-trusted", bytes.NewReader(body))
+	req.Header.Set("Content-Type", "application/json")
+
+	resp, _ := app.Test(req, -1)
+	assert.Equal(t, http.StatusOK, resp.StatusCode)
+	assert.Equal(t, "private_key_jwt", captured.TokenEndpointAuthMethod)
+	assert.Equal(t, "https://rp.example.com/.well-known/jwks.json", captured.JWKSUri)
+	assert.True(t, captured.IsTrustedRP())
+	assert.True(t, captured.IsHeadlessLoginEnabled())
+	assert.Equal(t, true, captured.Metadata["headless_login_enabled"])
+}
+
 func TestListAuditLogs_TenantMemberForbidden(t *testing.T) {
 	h := &DevHandler{
 		Hydra:     &service.HydraAdminService{AdminURL: "http://hydra.test"},