feat(schemas): add idp-initiated SSO client side callback url columns (#6675)

* feat(core): consume IdP initiated session on SSO verification flow Auto consume the IdP initiated SAML SSO session on the SSO sign-in verification flow * test(core): add unit test cases add unit test cases * feat(schemas): add client idp-initiated auth callback url column add client idp-initiated auth callback url column * fix(test): fix ut fix ut
2025-03-10 22:22:45 -05:00 · 2024-10-16 16:58:20 +08:00 · 2024-10-16 16:58:20 +08:00 · 2c8343a757
commit 2c8343a757
parent a7db62cd63
3 changed files with 48 additions and 2 deletions
--- a/packages/core/src/libraries/sso-connector.test.ts
+++ b/packages/core/src/libraries/sso-connector.test.ts
@ -180,6 +180,8 @@ describe('SsoConnectorLibrary', () => {
    const authConfig: SsoConnectorIdpInitiatedAuthConfig = {
      tenantId: 'tenantId',
      defaultApplicationId: 'appId',
+      autoSendAuthorizationRequest: true,
+      clientIdpInitiatedAuthCallbackUri: null,
      connectorId: 'connectorId',
      redirectUri: 'https://app.com',
      authParameters: {},
--- a/packages/schemas/alterations/next-1728887713-add-client-idp-initiated-auth-callback-uri-columns.ts
+++ b/packages/schemas/alterations/next-1728887713-add-client-idp-initiated-auth-callback-uri-columns.ts
@ -0,0 +1,40 @@
+import { sql } from '@silverhand/slonik';
+
+import type { AlterationScript } from '../lib/types/alteration.js';
+
+const alteration: AlterationScript = {
+  up: async (pool) => {
+    await pool.query(sql`
+      alter table sso_connector_idp_initiated_auth_configs
+        add column client_idp_initiated_auth_callback_uri text;
+      
+      alter table sso_connector_idp_initiated_auth_configs
+        add column auto_send_authorization_request boolean not null default false;
+
+      alter table sso_connector_idp_initiated_auth_configs
+        drop constraint application_type;
+
+      alter table sso_connector_idp_initiated_auth_configs
+        add constraint application_type
+          check (check_application_type(default_application_id, 'Traditional', 'SPA'));
+    `);
+  },
+  down: async (pool) => {
+    await pool.query(sql`
+      alter table sso_connector_idp_initiated_auth_configs
+        drop constraint application_type;
+
+      alter table sso_connector_idp_initiated_auth_configs
+        drop column client_idp_initiated_auth_callback_uri;
+
+      alter table sso_connector_idp_initiated_auth_configs
+        drop column auto_send_authorization_request;
+
+      alter table sso_connector_idp_initiated_auth_configs
+        add constraint application_type
+          check (check_application_type(default_application_id, 'Traditional'));
+    `);
+  },
+};
+
+export default alteration;
--- a/packages/schemas/tables/sso_connector_idp_initiated_auth_configs.sql
+++ b/packages/schemas/tables/sso_connector_idp_initiated_auth_configs.sql
@ -12,9 +12,13 @@ create table sso_connector_idp_initiated_auth_configs (
  redirect_uri text,
  /** Additional OIDC auth parameters. */
  auth_parameters jsonb /* @use IdpInitiatedAuthParams */ not null default '{}'::jsonb,
+  /** Whether to auto-trigger the auth flow on an IdP-initiated auth request. */
+  auto_send_authorization_request boolean not null default false,
+  /** The client side callback URI for handling IdP-initiated auth request. */
+  client_idp_initiated_auth_callback_uri text,
  created_at timestamptz not null default(now()),
  primary key (tenant_id, connector_id),
-  /** Insure the application type is Traditional. */
+  /** Insure the application type is Traditional or SPA. */
  constraint application_type
-    check (check_application_type(default_application_id, 'Traditional'))
+    check (check_application_type(default_application_id, 'Traditional', 'SPA'))
 );