feat(sso): allow to use OIDC and SAML (#7246)

## What it does ### Backend - [x] Add a mutation to create OIDC and SAML configuration - [x] Add a mutation to delete an SSO config - [x] Add a feature flag to toggle SSO - [x] Add a mutation to activate/deactivate an SSO config - [x] Add a mutation to delete an SSO config - [x] Add strategy to use OIDC or SAML - [ ] Improve error management ### Frontend - [x] Add section "security" in settings - [x] Add page to list SSO configurations - [x] Add page and forms to create OIDC or SAML configuration - [x] Add field to "connect with SSO" in the signin/signup process - [x] Trigger auth when a user switch to a workspace with SSO enable - [x] Add an option on the security page to activate/deactivate the global invitation link - [ ] Add new Icons for SSO Identity Providers (okta, Auth0, Azure, Microsoft) --------- Co-authored-by: Félix Malfait <felix@twenty.com> Co-authored-by: Charles Bochet <charles@twenty.com>
2024-10-21 20:07:08 +02:00
parent 11c3f1c399
commit 0f0a7966b1
132 changed files with 5245 additions and 306 deletions
--- a/packages/twenty-front/src/modules/auth/graphql/fragments/availableSSOIdentityProvidersFragment.ts
+++ b/packages/twenty-front/src/modules/auth/graphql/fragments/availableSSOIdentityProvidersFragment.ts
@ -0,0 +1,16 @@
+/* @license Enterprise */
+
+import { gql } from '@apollo/client';
+
+export const AVAILABLE_SSO_IDENTITY_PROVIDERS_FRAGMENT = gql`
+  fragment AvailableSSOIdentityProvidersFragment on FindAvailableSSOIDPOutput {
+    id
+    issuer
+    name
+    status
+    workspace {
+      id
+      displayName
+    }
+  }
+`;
--- a/packages/twenty-front/src/modules/auth/graphql/mutations/findAvailableSSOIdentityProviders.ts
+++ b/packages/twenty-front/src/modules/auth/graphql/mutations/findAvailableSSOIdentityProviders.ts
@ -0,0 +1,13 @@
+/* @license Enterprise */
+
+import { gql } from '@apollo/client';
+
+export const FIND_AVAILABLE_SSO_IDENTITY_PROVIDERS = gql`
+  mutation FindAvailableSSOIdentityProviders(
+    $input: FindAvailableSSOIDPInput!
+  ) {
+    findAvailableSSOIdentityProviders(input: $input) {
+      ...AvailableSSOIdentityProvidersFragment
+    }
+  }
+`;
--- a/packages/twenty-front/src/modules/auth/graphql/mutations/generateJWT.ts
+++ b/packages/twenty-front/src/modules/auth/graphql/mutations/generateJWT.ts
@ -3,8 +3,21 @@ import { gql } from '@apollo/client';
 export const GENERATE_JWT = gql`
  mutation GenerateJWT($workspaceId: String!) {
    generateJWT(workspaceId: $workspaceId) {
-      tokens {
-        ...AuthTokensFragment
+      ... on GenerateJWTOutputWithAuthTokens {
+        success
+        reason
+        authTokens {
+          tokens {
+            ...AuthTokensFragment
+          }
+        }
+      }
+      ... on GenerateJWTOutputWithSSOAUTH {
+        success
+        reason
+        availableSSOIDPs {
+          ...AvailableSSOIdentityProvidersFragment
+        }
      }
    }
  }
--- a/packages/twenty-front/src/modules/auth/graphql/mutations/getAuthorizationUrl.ts
+++ b/packages/twenty-front/src/modules/auth/graphql/mutations/getAuthorizationUrl.ts
@ -0,0 +1,11 @@
+import { gql } from '@apollo/client';
+
+export const GET_AUTHORIZATION_URL = gql`
+  mutation GetAuthorizationUrl($input: GetAuthorizationUrlInput!) {
+    getAuthorizationUrl(input: $input) {
+      id
+      type
+      authorizationURL
+    }
+  }
+`;