mirror of
https://github.com/logto-io/logto.git
synced 2025-02-17 22:04:19 -05:00
59 lines
3 KiB
Markdown
59 lines
3 KiB
Markdown
|
---
|
||
|
|
"@logto/console": minor
|
||
|
|
"@logto/core": minor
|
||
|
|
"@logto/experience": minor
|
||
|
|
"@logto/phrases": minor
|
||
|
|
"@logto/schemas": minor
|
||
|
|
---
|
||
|
|
|
||
|
|
Introduce new enterpeise single sign-on (SSO) feature to Logto.
|
||
|
|
|
||
|
|
## @logto/console
|
||
|
|
|
||
|
|
- Implement new enterprise SSO management pages. Allow create and manage SSO connectors through Logto console.
|
||
|
|
- Add enabled/disable SSO toggle switch on the sign-in-experience settings page.
|
||
|
|
|
||
|
|
## @logto/core
|
||
|
|
|
||
|
|
- Implement new SSO connector management APIs.
|
||
|
|
|
||
|
|
- `GET /api/sso-connector-providers` - List all the supported SSO connector providers.
|
||
|
|
- `POST /api/sso-connectors` - Create new SSO connector.
|
||
|
|
- `GET /api/sso-connectors` - List all the SSO connectors.
|
||
|
|
- `GET /api/sso-connectors/:id` - Get SSO connector by id.
|
||
|
|
- `PATCH /api/sso-connectors/:id` - Update SSO connector by id.
|
||
|
|
- `DELETE /api/sso-connectors/:id` - Delete SSO connector by id.
|
||
|
|
|
||
|
|
- Implement new SSO interaction APIs to enable the SSO connector sign-in methods
|
||
|
|
|
||
|
|
- `POST /api/interaction/single-sign-on/:connectorId/authorization-url` - Init a new SSO connector sign-in interaction flow by retrieving the IdP's authorization URL.
|
||
|
|
- `POST /api/interaction/single-sign-on/:connectorId/authentication` - Handle the SSO connector sign-in interaction flow by retrieving the IdP's authentication data.
|
||
|
|
- `POST /api/interaction/single-sign-on/:connectorId/registration` - Create new user account by using the SSO IdP's authentication result.
|
||
|
|
- `GET /api/interaction/single-sign-on/connectors` - List all the enabled SSO connectors by a given email address.
|
||
|
|
|
||
|
|
- Implement new SSO connector factory to support different SSO connector providers.
|
||
|
|
- `OIDC` - Standard OIDC connector that can be used to connect with any OIDC compatible IdP.
|
||
|
|
- `SAML` - Standard SAML 2.0 connector that can be used to connect with any SAML 2.0 compatible IdP.
|
||
|
|
- `AzureAD` - Azure Active Directory connector that can be used to connect with Azure AD.
|
||
|
|
- `Okta` - Okta connector that can be used to connect with Okta.
|
||
|
|
- `Google Workspace` - Google Workspace connector that can be used to connect with Google Workspace.
|
||
|
|
|
||
|
|
## @logto/experience
|
||
|
|
|
||
|
|
Implement the new SSO sign-in flow
|
||
|
|
|
||
|
|
- `/single-sign-on/email` - The SSO email form page for user to enter their email address.
|
||
|
|
- `/single-sign-on/connectors` - The SSO connectors page for user to select the enabled SSO connector they want to use.
|
||
|
|
- Implement the email identifier guard on all the sign-in and registration identifier forms. If the email address is enabled with SSO, redirect user to the SSO flow.
|
||
|
|
|
||
|
|
## @logto/phrases
|
||
|
|
|
||
|
|
Add new phrases for the new SSO feature.
|
||
|
|
|
||
|
|
## @logto/schemas
|
||
|
|
|
||
|
|
- Add new sso_connectors table, which is used to store the SSO connector data.
|
||
|
|
- Add new user_sso_identities table, which is used to store the user's SSO identity data received from IdP through a SSO interaction.
|
||
|
|
- Add new single_sign_on_enabled column to the sign_in_experiences table, which is used to indicate if the SSO feature is enabled for the sign-in experience.
|
||
|
|
- Define new SSO feature related types
|