admin/twenty
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

feat(sso): add support for identityProviderId in SAML flow (#9411)

Browse Source 
Updated SAML callback URLs and relevant logic to include
identityProviderId, ensuring better handling of multiple identity
providers. Refactored client and server-side code to streamline form
interactions and validation within the SSO module.

Fix https://github.com/twentyhq/twenty/issues/9323
https://github.com/twentyhq/twenty/issues/9325
This commit is contained in:
Antoine Moreaux
2025-01-07 10:30:13 +01:00
committed by GitHub
parent 9392acbee5
commit 00e71477d3
6 changed files with 31 additions and 30 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
packages/twenty-server/src/engine/core-modules/auth/controllers/sso-auth.controller.ts
View File

@ -58,6 +58,7 @@ export class SSOAuthController {
type: IdentityProviderType.SAML,
}),
callbackUrl: this.ssoService.buildCallbackUrl({
id: req.params.identityProviderId,
type: IdentityProviderType.SAML,
}),
});
@ -104,7 +105,7 @@ export class SSOAuthController {
}
}
@Post('saml/callback')
@Post('saml/callback/:identityProviderId')
@UseGuards(SSOProviderEnabledGuard, SAMLAuthGuard)
async samlAuthCallback(@Req() req: any, @Res() res: Response) {
try {

6
packages/twenty-server/src/engine/core-modules/auth/guards/saml-auth.guard.ts
View File

@ -20,12 +20,6 @@ export class SAMLAuthGuard extends AuthGuard('saml') {
try {
const request = context.switchToHttp().getRequest();
const RelayState =
'RelayState' in request.body ? JSON.parse(request.body.RelayState) : {};
request.params.identityProviderId =
request.params.identityProviderId ?? RelayState.identityProviderId;
if (!request.params.identityProviderId) {
throw new AuthException(
'Invalid SAML identity provider',

4
packages/twenty-server/src/engine/core-modules/sso/services/sso.service.ts
View File

@ -155,11 +155,11 @@ export class SSOService {
}
buildCallbackUrl(
identityProvider: Pick<WorkspaceSSOIdentityProvider, 'type'>,
identityProvider: Pick<WorkspaceSSOIdentityProvider, 'type' | 'id'>,
) {
const callbackURL = new URL(this.environmentService.get('SERVER_URL'));
callbackURL.pathname = `/auth/${identityProvider.type.toLowerCase()}/callback`;
callbackURL.pathname = `/auth/${identityProvider.type.toLowerCase()}/callback/${identityProvider.id}`;
return callbackURL.toString();
}