forked from baron/baron-sso
chan
b582c82c6f
- Database: Add user_login_ids table for 1:N identifier mapping and remove legacy login_id column - Kratos: Update identity schema to use custom_login_ids array instead of a single id trait - Backend: Implement syncCustomLoginIDs to collect isLoginId fields across tenant schemas - Backend: Add backtracking logic to auto-assign session tenant based on used login identifier - Backend: Add 409 Conflict exception handling for Create/Update operations - AdminFront: Refactor UserDetailPage to a tabbed grid layout (Info, Tenants, Security) - AdminFront: Show '로그인 ID' badge on tenant schema fields used for authentication - UserFront: Remove legacy optional 'Login ID' input from signup flow - Tests: Add multi-identifier repository tests and update handler tests
Baron SSO
Baron SSO is a white-labeled User Authentication Hub and Unified Launcher. It leverages Descope for secure, passwordless authentication (Enchanted Link / Magic Link) and provides a custom Flutter UI for a seamless user experience. A Go (Fiber) backend manages Audit Logs via ClickHouse.
🏗 Architecture
1. Frontend (Flutter Web)
- Framework: Flutter 3.38.0+
- Organization:
kr.co.baroncs - Key Packages:
descope,flutter_riverpod,go_router - Features:
- Login UI with Tabs (Email / SMS)
- Descope SDK Integration (Enchanted Link, Magic Link)
2. Backend (Go Fiber)
- Language: Go 1.25+
- Framework: Fiber v2.25+
- Database:
- ClickHouse: Audit Logs (High performance ingestion)
- PostgreSQL: Metadata storage (Primary)
- Features:
POST /api/v1/audit: Endpoint to ingest audit logs.
3. Infrastructure (Docker)
- Services:
postgres,clickhouse(defined incompose.infra.yaml) - App:
userfront,backend(defined indocker-compose.yaml)
🚀 Getting Started
Prerequisites
- Docker & Docker Compose
- Flutter SDK (for local development, 3.38.0+)
- Go (for local backend development)
Environment Setup
-
Copy the sample environment file.
cp .env.sample .env -
Set the IDP priority and Ory admin endpoints. The default is Ory first with Descope as fallback.
IDP_PROVIDER=ory,descope KRATOS_ADMIN_URL=http://kratos:4434 HYDRA_ADMIN_URL=http://hydra:4445
Running the Stack
1. Start Infrastructure (Databases)
Start the persistent data layer first.
docker compose -f compose.infra.yaml up -d
2. Start Applications
Start the userfront and backend services.
docker compose up
- userfront: Accessible at http://localhost:5000
- backend: API active at http://localhost:3000
- ClickHouse: http://localhost:8123
Local Development (Manual)
If you prefer running without Docker for code editing:
Backend:
cd backend
go mod tidy
go run cmd/server/main.go
userfront:
cd userfront
flutter pub get
flutter run -d chrome
📂 Project Structure
baron_sso/
├── backend/ # Go Fiber Application
│ ├── cmd/server/ # Entry point
│ ├── internal/ # Domain, Handlers, Repository
│ └── Dockerfile
├── userfront/ # Flutter Application
│ ├── lib/ # UI & Logic
│ └── pubspec.yaml
├── compose.infra.yaml # DB Services (Postgres, ClickHouse)
├── docker-compose.yaml # App Services
├── .env.sample # Env Config Template
└── README.md # This file
📝 Status & Roadmap
- Phase 1: Initial Setup & Architecture (Done)
- Phase 2: Backend Audit API (Done)
- Phase 3: Frontend Login UI & Descope Auth Logic (Done)
- Phase 4: Connect Frontend to Audit API (Todo)
- Phase 5: Dashboard & Unified Launcher (Todo)