baron-sso/backend/internal/domain/idp_models.go

package domain

import (
	"net/http"
	"time"
)

// BrokerUser is the standard user model used within Baron SSO business logic.
// It defines the canonical set of fields that must be supported by any underlying IDP.
type BrokerUser struct {
	ID          string `json:"id" required:"true"`
	Email       string `json:"email" required:"true"`
	Name        string `json:"name"`
	PhoneNumber string `json:"phone_number"`
	// Attributes stores custom user attributes.
	// The "required_keys" tag specifies which keys MUST be present in the IDP's schema support.
	Attributes map[string]interface{} `json:"attributes" required_keys:"grade,department"`
}

// IDPMetadata represents the schema capabilities of an Identity Provider.
type IDPMetadata struct {
	// SupportedFields lists the BrokerUser fields (json tag names) that the IDP supports.
	// For custom attributes, use the key name directly (e.g., "grade").
	SupportedFields []string
}

// Token represents a session or refresh token.
type Token struct {
	JWT        string
	Expiration time.Time
}

// AuthInfo contains authentication information after a successful login.
type AuthInfo struct {
	SessionToken *Token
	RefreshToken *Token
	// Subject는 IDP 세션이 대표하는 주체(예: Kratos identity.id)를 나타냅니다.
	Subject string
}

// IdentityProvider is the interface that all IDP adapters must implement.
type IdentityProvider interface {
	Name() string
	// GetMetadata returns the schema support information for this IDP.
	// This is used for startup-time validation.
	GetMetadata() (*IDPMetadata, error)
	// CreateUser는 BrokerUser 스키마를 기반으로 신규 사용자를 생성하고 주체 ID(예: identity.id)를 반환합니다.
	CreateUser(user *BrokerUser, password string) (string, error)
	// SignIn은 로그인 ID/비밀번호로 인증해 세션 정보를 반환합니다.
	SignIn(loginID, password string) (*AuthInfo, error)
	InitiatePasswordReset(loginID, redirectUrl string) error
	VerifyPasswordResetToken(token string) (*AuthInfo, error)
	UpdateUserPassword(loginID, newPassword string, r *http.Request) error
}