forked from baron/baron-sso
linked RP 응답에 1st-party 앱 자동 로그인 init_url 추가
This commit is contained in:
@@ -4483,7 +4483,8 @@ type linkedRpSummary struct {
|
||||
ID string `json:"id"`
|
||||
Name string `json:"name"`
|
||||
Logo string `json:"logo,omitempty"`
|
||||
URL string `json:"url,omitempty"` // Added
|
||||
URL string `json:"url,omitempty"`
|
||||
InitURL string `json:"init_url,omitempty"`
|
||||
LastAuthenticatedAt string `json:"lastAuthenticatedAt,omitempty"`
|
||||
Status string `json:"status"`
|
||||
Scopes []string `json:"scopes,omitempty"`
|
||||
@@ -4564,17 +4565,19 @@ func (h *AuthHandler) ListLinkedRps(c *fiber.Ctx) error {
|
||||
if len(scopes) == 0 && strings.TrimSpace(client.Scope) != "" {
|
||||
scopes = strings.Fields(client.Scope)
|
||||
}
|
||||
initURL := resolveLinkedRPInitURL(client.ClientID, scopes, client.RedirectURIs)
|
||||
|
||||
existing := records[clientID]
|
||||
if existing == nil {
|
||||
records[clientID] = &linkedRpRecord{
|
||||
linkedRpSummary: linkedRpSummary{
|
||||
ID: clientID,
|
||||
Name: name,
|
||||
Logo: extractHydraClientLogo(client.Metadata),
|
||||
URL: clientURL,
|
||||
Status: "active", // Hydra 세션이 있으면 활성
|
||||
Scopes: scopes,
|
||||
ID: clientID,
|
||||
Name: name,
|
||||
Logo: extractHydraClientLogo(client.Metadata),
|
||||
URL: clientURL,
|
||||
InitURL: initURL,
|
||||
Status: "active", // Hydra 세션이 있으면 활성
|
||||
Scopes: scopes,
|
||||
},
|
||||
lastAuth: lastAuth,
|
||||
}
|
||||
@@ -4590,6 +4593,9 @@ func (h *AuthHandler) ListLinkedRps(c *fiber.Ctx) error {
|
||||
if existing.URL == "" {
|
||||
existing.URL = clientURL
|
||||
}
|
||||
if existing.InitURL == "" {
|
||||
existing.InitURL = initURL
|
||||
}
|
||||
existing.Scopes = mergeScopes(existing.Scopes, scopes)
|
||||
if lastAuth.After(existing.lastAuth) {
|
||||
existing.lastAuth = lastAuth
|
||||
@@ -4644,15 +4650,21 @@ func (h *AuthHandler) ListLinkedRps(c *fiber.Ctx) error {
|
||||
client.ClientURI,
|
||||
client.RedirectURIs,
|
||||
)
|
||||
initURL := resolveLinkedRPInitURL(
|
||||
client.ClientID,
|
||||
dc.GrantedScopes,
|
||||
client.RedirectURIs,
|
||||
)
|
||||
|
||||
records[dc.ClientID] = &linkedRpRecord{
|
||||
linkedRpSummary: linkedRpSummary{
|
||||
ID: dc.ClientID,
|
||||
Name: name,
|
||||
Logo: extractHydraClientLogo(client.Metadata),
|
||||
URL: clientURL,
|
||||
Status: status,
|
||||
Scopes: dc.GrantedScopes,
|
||||
ID: dc.ClientID,
|
||||
Name: name,
|
||||
Logo: extractHydraClientLogo(client.Metadata),
|
||||
URL: clientURL,
|
||||
InitURL: initURL,
|
||||
Status: status,
|
||||
Scopes: dc.GrantedScopes,
|
||||
},
|
||||
lastAuth: dc.UpdatedAt,
|
||||
}
|
||||
@@ -4726,6 +4738,11 @@ func (h *AuthHandler) ListLinkedRps(c *fiber.Ctx) error {
|
||||
}
|
||||
}
|
||||
record.URL = clientURL
|
||||
record.InitURL = resolveLinkedRPInitURL(
|
||||
client.ClientID,
|
||||
scopes,
|
||||
client.RedirectURIs,
|
||||
)
|
||||
} else {
|
||||
// Hydra 정보 없음 (삭제됨 등) -> Audit 정보나 ID로 대체
|
||||
if record.Name == "" {
|
||||
@@ -6778,6 +6795,63 @@ func resolveLinkedRPURL(clientID string, clientURI string, redirectURIs []string
|
||||
return ""
|
||||
}
|
||||
|
||||
func resolveLinkedRPInitURL(clientID string, scopes []string, redirectURIs []string) string {
|
||||
clientID = strings.TrimSpace(clientID)
|
||||
if clientID == "" {
|
||||
return ""
|
||||
}
|
||||
|
||||
switch clientID {
|
||||
case "adminfront":
|
||||
if value := strings.TrimRight(strings.TrimSpace(os.Getenv("ADMINFRONT_URL")), "/"); value != "" {
|
||||
return value + "/login?auto=1"
|
||||
}
|
||||
case "devfront":
|
||||
if value := strings.TrimRight(strings.TrimSpace(os.Getenv("DEVFRONT_URL")), "/"); value != "" {
|
||||
return value + "/login?auto=1&returnTo=%2Fclients"
|
||||
}
|
||||
}
|
||||
|
||||
hydraPublicURL := strings.TrimRight(os.Getenv("HYDRA_PUBLIC_URL"), "/")
|
||||
if hydraPublicURL == "" {
|
||||
userfrontURL := strings.TrimRight(os.Getenv("USERFRONT_URL"), "/")
|
||||
if userfrontURL == "" {
|
||||
userfrontURL = "https://sso.hmac.kr"
|
||||
}
|
||||
hydraPublicURL = userfrontURL + "/oidc"
|
||||
}
|
||||
|
||||
redirectURI := ""
|
||||
if len(redirectURIs) > 0 {
|
||||
redirectURI = strings.TrimSpace(redirectURIs[0])
|
||||
}
|
||||
|
||||
mergedScopes := make([]string, 0, len(scopes)+1)
|
||||
seen := map[string]struct{}{}
|
||||
for _, scope := range append([]string{"openid"}, scopes...) {
|
||||
scope = strings.TrimSpace(scope)
|
||||
if scope == "" {
|
||||
continue
|
||||
}
|
||||
if _, ok := seen[scope]; ok {
|
||||
continue
|
||||
}
|
||||
seen[scope] = struct{}{}
|
||||
mergedScopes = append(mergedScopes, scope)
|
||||
}
|
||||
|
||||
params := url.Values{}
|
||||
params.Set("client_id", clientID)
|
||||
params.Set("response_type", "code")
|
||||
params.Set("scope", strings.Join(mergedScopes, " "))
|
||||
params.Set("state", GenerateSecureAlnumToken(16))
|
||||
if redirectURI != "" {
|
||||
params.Set("redirect_uri", redirectURI)
|
||||
}
|
||||
|
||||
return fmt.Sprintf("%s/oauth2/auth?%s", hydraPublicURL, params.Encode())
|
||||
}
|
||||
|
||||
func mergeScopes(current []string, next []string) []string {
|
||||
if len(next) == 0 {
|
||||
return current
|
||||
|
||||
Reference in New Issue
Block a user