fase(25-26): keyboard shortcuts, mobile responsive, enterprise SSO/audit
- Phase 25.4: N shortcut for new exploration on dashboard (react-hotkeys-hook) - Phase 25.5: overflow-x-auto on tables, responsive padding (p-4 md:p-6) - Phase 26: SAML/OIDC/LDAP providers (build-fixed), TOTP/MFA service - Phase 26: KyselySSOConfigRepository + KyselyTOTPRepository - Phase 26: SSO HTTP controller (config CRUD + MFA setup/verify/disable) - Phase 26: Audit module index.ts + SSO module index.ts - Phase 26: Session management endpoints (findByUserId, deleteById, list/revoke) - Phase 26: SSO and audit routes feature-gated (auth:sso, audit:logs) - Phase 26: Frontend SSOSection (SAML/OIDC/LDAP config + TOTP setup) - Phase 26: Frontend SessionsSection (list/revoke active sessions) - Phase 26: Settings navigation updated with SSO & Sessions sections Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
debian
45
dist/modules/sso/infrastructure/providers/OIDCProvider.js
vendored
Normal file
45
dist/modules/sso/infrastructure/providers/OIDCProvider.js
vendored
Normal file
@@ -0,0 +1,45 @@
|
||||
"use strict";
|
||||
Object.defineProperty(exports, "__esModule", { value: true });
|
||||
exports.OIDCProvider = void 0;
|
||||
/**
|
||||
* OIDC (OpenID Connect) SSO provider.
|
||||
* Supports Okta, Azure AD, Google Workspace.
|
||||
*/
|
||||
const openid_client_1 = require("openid-client");
|
||||
class OIDCProvider {
|
||||
constructor(config) {
|
||||
this.config = config;
|
||||
}
|
||||
async generateAuthUrl() {
|
||||
const issuerUrl = new URL(this.config.issuer);
|
||||
const oidcConfig = await (0, openid_client_1.discovery)(issuerUrl, this.config.clientId, this.config.clientSecret);
|
||||
const state = (0, openid_client_1.randomState)();
|
||||
const params = new URLSearchParams({
|
||||
client_id: this.config.clientId,
|
||||
redirect_uri: this.config.redirectUri,
|
||||
response_type: 'code',
|
||||
scope: (this.config.scopes ?? ['openid', 'email', 'profile']).join(' '),
|
||||
state,
|
||||
});
|
||||
const url = (0, openid_client_1.buildAuthorizationUrl)(oidcConfig, params);
|
||||
return { url: url.href, state, codeVerifier: '' };
|
||||
}
|
||||
async handleCallback(params, expectedState, _codeVerifier) {
|
||||
const issuerUrl = new URL(this.config.issuer);
|
||||
const oidcConfig = await (0, openid_client_1.discovery)(issuerUrl, this.config.clientId, this.config.clientSecret);
|
||||
const currentUrl = new URL(`${this.config.redirectUri}?${params.toString()}`);
|
||||
const tokens = await (0, openid_client_1.authorizationCodeGrant)(oidcConfig, currentUrl, {
|
||||
expectedState,
|
||||
});
|
||||
const claims = tokens.claims();
|
||||
if (!claims) {
|
||||
throw new Error('OIDC: no claims in token response');
|
||||
}
|
||||
return {
|
||||
sub: String(claims['sub'] ?? ''),
|
||||
email: typeof claims['email'] === 'string' ? claims['email'] : undefined,
|
||||
name: typeof claims['name'] === 'string' ? claims['name'] : undefined,
|
||||
};
|
||||
}
|
||||
}
|
||||
exports.OIDCProvider = OIDCProvider;
|
||||
Reference in New Issue
Block a user