diff options
| author | joonhoekim <26rote@gmail.com> | 2025-06-23 13:31:14 +0000 |
|---|---|---|
| committer | joonhoekim <26rote@gmail.com> | 2025-06-23 13:31:14 +0000 |
| commit | f4825dd3853188de4688fb4a56c0f4e847da314b (patch) | |
| tree | d4a46cac8545af78f48b1c960576a9b2d65ce37a /app/api | |
| parent | 1e46c2f3523f0f73a7ed378e9281dec24b23f8f8 (diff) | |
(김준회) SAML 2.0 SSO 처리 - HTTP / HTTPS 대응 처리
Diffstat (limited to 'app/api')
| -rw-r--r-- | app/api/auth/[...nextauth]/saml/provider.ts | 6 | ||||
| -rw-r--r-- | app/api/saml/callback/route.ts | 5 |
2 files changed, 9 insertions, 2 deletions
diff --git a/app/api/auth/[...nextauth]/saml/provider.ts b/app/api/auth/[...nextauth]/saml/provider.ts index 1f891661..8486a690 100644 --- a/app/api/auth/[...nextauth]/saml/provider.ts +++ b/app/api/auth/[...nextauth]/saml/provider.ts @@ -248,7 +248,11 @@ export async function createNextAuthToken(user: User): Promise<string> { // NextAuth 세션 쿠키 이름 가져오기 export function getSessionCookieName(): string { - return process.env.NODE_ENV === 'production' + // NEXTAUTH_URL이 HTTPS인 경우에만 __Secure- 접두사 사용 + const nextAuthUrl = process.env.NEXTAUTH_URL || ''; + const isHttps = nextAuthUrl.startsWith('https://'); + + return isHttps ? '__Secure-next-auth.session-token' : 'next-auth.session-token'; } diff --git a/app/api/saml/callback/route.ts b/app/api/saml/callback/route.ts index 7f454cb9..c0290e71 100644 --- a/app/api/saml/callback/route.ts +++ b/app/api/saml/callback/route.ts @@ -161,9 +161,12 @@ export async function POST(request: NextRequest) { // POST 요청에 대한 응답으로는 303 See Other를 사용하여 GET으로 강제 변환 const response = NextResponse.redirect(new URL(redirectPath, baseUrl), 303) + // NEXTAUTH_URL이 HTTPS인 경우에만 secure 쿠키 사용 + const isHttps = baseUrl.startsWith('https://'); + response.cookies.set(cookieName, encodedToken, { httpOnly: true, - secure: process.env.NODE_ENV === 'production', + secure: isHttps, sameSite: 'lax', path: '/', maxAge: 30 * 24 * 60 * 60 // 30일 |