- Update Hydra and Kratos CORS config to specify allowed origins explicitly instead of using wildcard with allow_credentials: true
- Fix Nginx upstream resolution for Oathkeeper to use correct container hostname (ory_oathkeeper)
- Inject claim based on OIDC Client metadata
- Extract namespaced tenant metadata from traits and flatten it to root
- Expose all joined tenants metadata under and arrays
- Fix missing AuditLog generation during auto-accepted Consent
- Associate correct during auth events AuditLog recording
- Add unit and integration tests for dynamic claims
- Prevent infinite redirection loop by clearing oidc-client user state on 401 errors.
- Sync apiClient request interceptor to use userManager.getUser() for reliable token retrieval.
- Add extensive console logs for better session issue diagnosis.
- Fix TS error in LoginPage by updating button variant.
- Revert 'ae03fe1' (updated playwright fixtures to real domain) as requested.
Since the OIDC authority was updated to https://sso.hmac.kr/oidc, the Playwright mocks and localStorage seed values must match exactly for tests to pass in the new configuration.
Details:
- The route `admin.Post("/users")` was accidentally merged into a comment line for `admin.Get("/users/export")`. This caused the 405 Method Not Allowed error when trying to create users.
- Restored the route on its own line.
Details:
- Backend: Extract Kratos session cookies and propagate via SetCookies in AuthInfo.
- Backend: Include sessionJwt and token during OIDC flows in PasswordLogin.
- UserFront: Add _silentSessionRecovery in main.dart to recover session via cookies if localStorage token is missing.
- UserFront: Update AuthProxyService, AuthTokenStore, AuthNotifier to support silent recovery and immediate local state update before redirect.
- AdminFront/DevFront: Fix OIDC authority to point directly to Gateway proxy and add recovery/error UI components.
