Gemini Project Context - Baron SSO

Name: Baron SSO
Organization: kr.co.baroncs
Type: User Authentication Hub &amp; Unified Launcher
Core Philosophy: Secure, Seamless, White-labeled.

Project Identity

Language (Backend): Go (Golang) 1.25+
Framework (Backend): Fiber (v2.25+)
Database:
- PostgreSQL (Primary/Meta)
- ClickHouse (Audit Logs - Local/Production)
Language (Frontend): Dart (Flutter 3.32+)
Platforms: Web (PoC), iOS, Android.
Auth Provider: Descope
- Method: Enchanted Link only (No Magic Link).
- Requirement: Invisible to end-users (White-labeling).

Same Browser SSO: Access apps from Baron SSO launcher (logged in state).
Cross-Device Auth: Approve PC login via Mobile Baron SSO app (Enchanted Link required).
Clean Login: Email/SMS initial login. Future: OTP, MFA.

Go: Follow standard Go project layout (cmd, internal, pkg). Use Clean Architecture principles where appropriate. Handle errors explicitly.
Flutter: Use Riverpod for state management. Separate UI (Widgets) from Business Logic (Providers/Repositories).
General: Comments in Korean or English (User is Korean speaker).

Root: /home/lectom/.gemini/antigravity/scratch/baron_sso

Source: descope-sample-apps/flutter_sample_app_auth_func
Findings:
- Setup: Uses .env for DESCOPE_PROJECT_ID.
- Initialization: Descope.projectId = ... and Descope.sessionManager.loadSession() in main.dart.
- Auth Check: Checks Descope.sessionManager.session?.refreshToken.isExpired.
- Note: Sample focuses on OAuth/OTP. Baron SSO requires Enchanted Link, which will use Descope.auth.enchantedLink.signUpOrIn(...) (inference based on SDK capability).
- Architecture: Simple Provider/State management recommended (Riverpod chosen for Baron SSO).