forked from baron/baron-sso
51 lines
2.2 KiB
Markdown
51 lines
2.2 KiB
Markdown
# Gemini Project Context - Baron SSO
|
|
|
|
## Project Identity
|
|
- **Name**: Baron SSO
|
|
- **Organization**: `kr.co.baroncs`
|
|
- **Type**: User Authentication Hub & Unified Launcher
|
|
- **Core Philosophy**: Secure, Seamless, White-labeled.
|
|
|
|
## Technical Preferences
|
|
- **Language (Backend)**: Go (Golang) 1.25+
|
|
- **Framework (Backend)**: Fiber (v2.25+)
|
|
- **Database**:
|
|
- PostgreSQL (Primary/Meta)
|
|
- ClickHouse (Audit Logs - Local/Production)
|
|
- **Language (Frontend)**: Dart (Flutter 3.32+)
|
|
- **Platforms**: Web (PoC), iOS, Android.
|
|
- **Auth Provider**: Descope
|
|
- **Method**: Enchanted Link only (No Magic Link).
|
|
- **Requirement**: Invisible to end-users (White-labeling).
|
|
|
|
## Core Scenarios
|
|
1. **Same Browser SSO**: Access apps from Baron SSO launcher (logged in state).
|
|
2. **Cross-Device Auth**: Approve PC login via Mobile Baron SSO app (Enchanted Link required).
|
|
3. **Clean Login**: Email/SMS initial login. Future: OTP, MFA.
|
|
|
|
## Future Milestones
|
|
- **Passkey Support**: Expanded seamless auth for Scenario 2 & 3.
|
|
- **MFA Expansion**: OTP integration.
|
|
|
|
## Coding Standards
|
|
- **Go**: Follow standard Go project layout (`cmd`, `internal`, `pkg`). Use Clean Architecture principles where appropriate. Handle errors explicitly.
|
|
- **Flutter**: Use Riverpod for state management. Separate UI (Widgets) from Business Logic (Providers/Repositories).
|
|
- **General**: Comments in Korean or English (User is Korean speaker).
|
|
|
|
## Workspace Structure
|
|
Root: `/home/lectom/.gemini/antigravity/scratch/baron_sso`
|
|
- `/backend`: Go Fiber Application
|
|
- `/userfront`: Flutter Application
|
|
- `/docs`: Documentation (PRD, API Specs)
|
|
|
|
## Current Status
|
|
- **Planning Phase**: Completed PRD & Architecture.
|
|
- **Next**: Backend Setup (Go/Fiber).
|
|
|
|
## Reference Analysis (Descope Sample App)
|
|
- **Source**: `descope-sample-apps/flutter_sample_app_auth_func`
|
|
- **Findings**:
|
|
- **Auth Check**: Checks `Descope.sessionManager.session?.refreshToken.isExpired`.
|
|
- **Note**: Sample focuses on OAuth/OTP. Baron SSO requires **Enchanted Link**, which will use `Descope.auth.enchantedLink.signUpOrIn(...)` (inference based on SDK capability).
|
|
- **Architecture**: Simple Provider/State management recommended (Riverpod chosen for Baron SSO).
|