From 5fa8833aa840eb3f119f61bb0ee16bc5ff03dd32 Mon Sep 17 00:00:00 2001
From: kyy <b24053@hanmaceng.co.kr>
Date: Thu, 9 Apr 2026 14:45:00 +0900
Subject: [PATCH] feat: replace mock login with real OIDC password grant
 communication

---
 server.js | 72 +++++++++++++++++++++++++++++++++++++------------------
 1 file changed, 49 insertions(+), 23 deletions(-)

diff --git a/server.js b/server.js
index 5c44636..3826310 100644
--- a/server.js
+++ b/server.js
@@ -78,38 +78,64 @@ app.get('/.well-known/jwks.json', (req, res) => {
 
 const delay = (ms) => new Promise(resolve => setTimeout(resolve, ms));
 
-// 로그인 API (Headless)
+// 로그인 API (Headless - Real OIDC 통신)
 app.post('/api/login', async (req, res) => {
     const { loginId, password } = req.body;
-    console.log(`[Headless Login Request] ID: ${loginId}`);
+    console.log(`[Real OIDC Request] Attempting login for ID: ${loginId}`);
 
     try {
-        console.log(`[OIDC Step 1] Authenticating as Trusted RP using client_id: ${process.env.CLIENT_ID}`);
-        console.log(`[OIDC Step 2] Requesting token with user identifiers (Back-channel)...`);
+        console.log(`[OIDC Step 1] Sending grant_type: 'password' request to SSO Token Endpoint...`);
         
-        // 실제 통신 시나리오 시뮬레이션
-        await delay(1200);
+        // 실제 SSO 서버에 토큰 요청 (Headless 인증)
+        const tokenSet = await oidcClient.grant({
+            grant_type: 'password',
+            username: loginId,
+            password: password,
+            scope: 'openid profile'
+        });
 
-        if (loginId && password) {
-            const userData = { id: loginId, name: '사용자(SSO)', loginTime: new Date().toISOString() };
-            console.log(`[OIDC Success] ID Token received and verified using SSO public keys.`);
-            
-            // 세션에 저장
-            req.session.user = userData;
+        console.log(`[OIDC Step 2] TokenSet received successfully.`);
+        
+        // ID Token 검증 및 클레임 추출
+        const claims = tokenSet.claims();
+        const userData = { 
+            id: claims.sub, 
+            name: claims.name || claims.nickname || loginId, 
+            loginTime: new Date().toISOString(),
+            id_token: tokenSet.id_token // 디버깅용
+        };
 
-            res.json({ 
-                success: true, 
-                message: 'SSO(OIDC) 인증 성공', 
-                user: userData,
-                redirectTo: '/home.html' 
-            });
-        } else {
-            res.status(401).json({ success: false, message: 'SSO 인증 실패: 아이디 또는 비밀번호를 확인해주세요.' });
-        }
+        console.log(`[OIDC Step 3] ID Token verified. User: ${userData.name}`);
+        
+        // 세션에 실제 SSO 사용자 정보 저장
+        req.session.user = userData;
+
+        res.json({ 
+            success: true, 
+            message: 'SSO(OIDC) 인증 성공', 
+            user: userData,
+            redirectTo: '/home.html' 
+        });
 
     } catch (err) {
-        console.error('OIDC Login error:', err);
-        res.status(500).json({ success: false, message: 'SSO 서버와의 통신 중 오류가 발생했습니다.' });
+        // SSO 서버에서 보낸 실제 에러 로그 출력
+        console.error('[OIDC Error] Authentication failed:');
+        if (err.response) {
+            console.error(' - Status:', err.response.statusCode);
+            console.error(' - Error:', err.response.body.error);
+            console.error(' - Description:', err.response.body.error_description);
+            
+            res.status(err.response.statusCode || 401).json({ 
+                success: false, 
+                message: `SSO 인증 실패: ${err.response.body.error_description || err.response.body.error}` 
+            });
+        } else {
+            console.error(' - Detail:', err.message);
+            res.status(500).json({ 
+                success: false, 
+                message: 'SSO 서버와 통신할 수 없습니다. (서버 설정 확인 필요)' 
+            });
+        }
     }
 });