More fixes in SSO

2025-12-12 22:46:46 +03:00 · 2025-07-26 20:33:26 +05:30
parent 1f6add5fff
commit 0920314679
8 changed files with 1866 additions and 14 deletions
--- a/src/pages/api/auth/sso/register.ts
+++ b/src/pages/api/auth/sso/register.ts
@@ -77,7 +77,7 @@ export async function POST(context: APIContext) {
        jwksEndpoint,
        discoveryEndpoint,
        userInfoEndpoint,
-        scopes = ["openid", "email", "profile"],
+        scopes,
        pkce = true,
        mapping = {
          id: "sub",
@@ -88,6 +88,23 @@ export async function POST(context: APIContext) {
        }
      } = body;

+      // Handle provider-specific scope defaults
+      let finalScopes = scopes;
+      if (!finalScopes) {
+        // Check if this is a Google provider
+        const isGoogle = issuer.includes('google.com') || 
+                        issuer.includes('googleapis.com') ||
+                        domain.includes('google.com');
+        
+        if (isGoogle) {
+          // Google doesn't support offline_access scope
+          finalScopes = ["openid", "email", "profile"];
+        } else {
+          // Default scopes for other providers
+          finalScopes = ["openid", "email", "profile", "offline_access"];
+        }
+      }
+
      registrationBody.oidcConfig = {
        clientId,
        clientSecret,
@@ -96,7 +113,7 @@ export async function POST(context: APIContext) {
        jwksEndpoint,
        discoveryEndpoint,
        userInfoEndpoint,
-        scopes,
+        scopes: finalScopes,
        pkce,
      };
      registrationBody.mapping = mapping;
--- a/src/pages/api/sso/providers.ts
+++ b/src/pages/api/sso/providers.ts
@@ -13,7 +13,14 @@ export async function GET(context: APIContext) {

    const providers = await db.select().from(ssoProviders);

-    return new Response(JSON.stringify(providers), {
+    // Parse JSON fields before sending
+    const formattedProviders = providers.map(provider => ({
+      ...provider,
+      oidcConfig: provider.oidcConfig ? JSON.parse(provider.oidcConfig) : undefined,
+      samlConfig: provider.samlConfig ? JSON.parse(provider.samlConfig) : undefined,
+    }));
+
+    return new Response(JSON.stringify(formattedProviders), {
      status: 200,
      headers: { "Content-Type": "application/json" },
    });
@@ -102,7 +109,14 @@ export async function POST(context: APIContext) {
      })
      .returning();

-    return new Response(JSON.stringify(newProvider), {
+    // Parse JSON fields before sending
+    const formattedProvider = {
+      ...newProvider,
+      oidcConfig: newProvider.oidcConfig ? JSON.parse(newProvider.oidcConfig) : undefined,
+      samlConfig: newProvider.samlConfig ? JSON.parse(newProvider.samlConfig) : undefined,
+    };
+
+    return new Response(JSON.stringify(formattedProvider), {
      status: 201,
      headers: { "Content-Type": "application/json" },
    });