Infrastructure/logto
0
Fork 0
mirror of https://github.com/logto-io/logto.git synced 2025-01-13 21:30:30 -05:00
Code Issues Activity
logto/.changeset/friendly-adults-swim.md
simeng-li 338c7ab1a9
feat: add sso changeset (#5061) 
* feat: add sso changeset

add sso changeset

* chore: update changeset

update changeset

* chore: fix the md syntax

fix the md syntax
2023-12-05 22:01:52 +08:00

3 KiB
Raw Blame History

@logto/console @logto/core @logto/experience @logto/phrases @logto/schemas
minor minor minor minor minor

Introduce new enterpeise single sign-on (SSO) feature to Logto.

@logto/console

  • Implement new enterprise SSO management pages. Allow create and manage SSO connectors through Logto console.
  • Add enabled/disable SSO toggle switch on the sign-in-experience settings page.

@logto/core

  • Implement new SSO connector management APIs.

    • GET /api/sso-connector-providers - List all the supported SSO connector providers.
    • POST /api/sso-connectors - Create new SSO connector.
    • GET /api/sso-connectors - List all the SSO connectors.
    • GET /api/sso-connectors/:id - Get SSO connector by id.
    • PATCH /api/sso-connectors/:id - Update SSO connector by id.
    • DELETE /api/sso-connectors/:id - Delete SSO connector by id.

  • Implement new SSO interaction APIs to enable the SSO connector sign-in methods

    • POST /api/interaction/single-sign-on/:connectorId/authorization-url - Init a new SSO connector sign-in interaction flow by retrieving the IdP's authorization URL.
    • POST /api/interaction/single-sign-on/:connectorId/authentication - Handle the SSO connector sign-in interaction flow by retrieving the IdP's authentication data.
    • POST /api/interaction/single-sign-on/:connectorId/registration - Create new user account by using the SSO IdP's authentication result.
    • GET /api/interaction/single-sign-on/connectors - List all the enabled SSO connectors by a given email address.

  • Implement new SSO connector factory to support different SSO connector providers.

    • OIDC - Standard OIDC connector that can be used to connect with any OIDC compatible IdP.
    • SAML - Standard SAML 2.0 connector that can be used to connect with any SAML 2.0 compatible IdP.
    • AzureAD - Azure Active Directory connector that can be used to connect with Azure AD.
    • Okta - Okta connector that can be used to connect with Okta.
    • Google Workspace - Google Workspace connector that can be used to connect with Google Workspace.

@logto/experience

Implement the new SSO sign-in flow

  • /single-sign-on/email - The SSO email form page for user to enter their email address.
  • /single-sign-on/connectors - The SSO connectors page for user to select the enabled SSO connector they want to use.
  • Implement the email identifier guard on all the sign-in and registration identifier forms. If the email address is enabled with SSO, redirect user to the SSO flow.

@logto/phrases

Add new phrases for the new SSO feature.

@logto/schemas

  • Add new sso_connectors table, which is used to store the SSO connector data.
  • Add new user_sso_identities table, which is used to store the user's SSO identity data received from IdP through a SSO interaction.
  • Add new single_sign_on_enabled column to the sign_in_experiences table, which is used to indicate if the SSO feature is enabled for the sign-in experience.
  • Define new SSO feature related types