Implement tenant import and RP auto login policies

2026-04-30 15:45:34 +09:00
parent 24807eab0f
commit f7e4d43b16
76 changed files with 5307 additions and 441 deletions
--- a/backend/internal/handler/auth_handler_linked_test.go
+++ b/backend/internal/handler/auth_handler_linked_test.go
@@ -55,6 +55,21 @@ func TestListLinkedRps_PriorityAndAggregation(t *testing.T) {
 						"grant_scope": []string{"openid", "profile"},
 						"handled_at":  time.Now().Format(time.RFC3339),
 					},
+					{
+						"client": map[string]interface{}{
+							"client_id":   "orgfront",
+							"client_name": "OrgFront",
+							"metadata": map[string]interface{}{
+								"auto_login_supported": true,
+								"auto_login_url":       "http://localhost:5175/login?auto=1",
+							},
+							"redirect_uris": []string{
+								"http://localhost:5175/auth/callback",
+							},
+						},
+						"grant_scope": []string{"openid", "profile"},
+						"handled_at":  time.Now().Format(time.RFC3339),
+					},
 				}), nil
 			}
 			if r.URL.Path == "/admin/clients/client-audit" {
@@ -129,16 +144,18 @@ func TestListLinkedRps_PriorityAndAggregation(t *testing.T) {

 	var res struct {
 		Items []struct {
-			ID      string   `json:"id"`
-			Name    string   `json:"name"`
-			Status  string   `json:"status"`
-			Scopes  []string `json:"scopes"`
-			InitURL string   `json:"init_url"`
+			ID                 string   `json:"id"`
+			Name               string   `json:"name"`
+			Status             string   `json:"status"`
+			Scopes             []string `json:"scopes"`
+			InitURL            string   `json:"init_url"`
+			AutoLoginSupported bool     `json:"auto_login_supported"`
+			AutoLoginURL       string   `json:"auto_login_url"`
 		} `json:"items"`
 	}
 	json.NewDecoder(resp.Body).Decode(&res)

-	assert.Equal(t, 3, len(res.Items))
+	assert.Equal(t, 4, len(res.Items))

 	statusMap := make(map[string]string)
 	for _, item := range res.Items {
@@ -146,6 +163,7 @@ func TestListLinkedRps_PriorityAndAggregation(t *testing.T) {
 	}

 	assert.Equal(t, "active", statusMap["devfront"])
+	assert.Equal(t, "active", statusMap["orgfront"])
 	assert.Equal(t, "inactive", statusMap["client-consent"])
 	assert.Equal(t, "inactive", statusMap["client-audit"])

@@ -164,6 +182,23 @@ func TestListLinkedRps_PriorityAndAggregation(t *testing.T) {
 	assert.Equal(t, "/login", parsedInitURL.Path)
 	assert.Equal(t, "1", parsedInitURL.Query().Get("auto"))
 	assert.Equal(t, "/clients", parsedInitURL.Query().Get("returnTo"))
+
+	var orgfrontItem struct {
+		InitURL            string
+		AutoLoginSupported bool
+		AutoLoginURL       string
+	}
+	for _, item := range res.Items {
+		if item.ID == "orgfront" {
+			orgfrontItem.InitURL = item.InitURL
+			orgfrontItem.AutoLoginSupported = item.AutoLoginSupported
+			orgfrontItem.AutoLoginURL = item.AutoLoginURL
+			break
+		}
+	}
+	assert.True(t, orgfrontItem.AutoLoginSupported)
+	assert.Equal(t, "http://localhost:5175/login?auto=1", orgfrontItem.AutoLoginURL)
+	assert.Equal(t, orgfrontItem.AutoLoginURL, orgfrontItem.InitURL)
 }

 func TestListLinkedRps_EnrichesLogoFromHydraClientWhenConsentSessionOmitsMetadata(t *testing.T) {