From e12973741aec9d77307653d775dd8dd5472785a4 Mon Sep 17 00:00:00 2001
From: Aleksander <170264518+t-aleksander@users.noreply.github.com>
Date: Thu, 14 Nov 2024 15:56:52 +0100
Subject: [PATCH] add frontend

---
 proto                                         |   2 +-
 src/handlers/mod.rs                           |   7 +
 src/handlers/openid_login.rs                  |  34 ++--
 src/http.rs                                   |   4 +-
 web/src/components/App/App.tsx                |   5 +
 .../pages/openidCallback/OpenIDCallback.tsx   |  15 ++
 .../components/OpenIDCallbackCard.tsx         | 176 +++++++++++++++++
 .../openidCallback/components/style.scss      | 107 ++++++++++
 web/src/pages/openidCallback/style.scss       |  20 ++
 .../pages/token/components/OIDCButtons.tsx    | 183 ++++++++++++++++++
 web/src/pages/token/components/TokenCard.tsx  | 107 ++++++----
 web/src/pages/token/components/style.scss     | 153 +++++++++++++--
 web/src/pages/token/style.scss                |   6 -
 .../layout/BigInfoBox/BigInfoBox.tsx          |  35 ++++
 .../components/layout/BigInfoBox/style.scss   |  46 +++++
 web/src/shared/hooks/api/types.ts             |   5 +
 web/src/shared/hooks/api/useApi.tsx           |  15 ++
 web/src/shared/routes.ts                      |   1 +
 web/src/shared/scss/helpers/_typography.scss  |  21 ++
 19 files changed, 872 insertions(+), 70 deletions(-)
 create mode 100644 web/src/pages/openidCallback/OpenIDCallback.tsx
 create mode 100644 web/src/pages/openidCallback/components/OpenIDCallbackCard.tsx
 create mode 100644 web/src/pages/openidCallback/components/style.scss
 create mode 100644 web/src/pages/openidCallback/style.scss
 create mode 100644 web/src/pages/token/components/OIDCButtons.tsx
 create mode 100644 web/src/shared/components/layout/BigInfoBox/BigInfoBox.tsx
 create mode 100644 web/src/shared/components/layout/BigInfoBox/style.scss

diff --git a/proto b/proto
index 8309982..b9adb0b 160000
--- a/proto
+++ b/proto
@@ -1 +1 @@
-Subproject commit 8309982b94e82a7cbe39dd529967f43e49b3ef1d
+Subproject commit b9adb0bc87228c88c42f144caa47c8b69a3fb98c
diff --git a/src/handlers/mod.rs b/src/handlers/mod.rs
index e2a1c9c..cb22988 100644
--- a/src/handlers/mod.rs
+++ b/src/handlers/mod.rs
@@ -4,6 +4,7 @@ use axum::{extract::FromRequestParts, http::request::Parts};
 use axum_client_ip::{InsecureClientIp, LeftmostXForwardedFor};
 use axum_extra::{headers::UserAgent, TypedHeader};
 use tokio::{sync::oneshot::Receiver, time::timeout};
+use tonic::Code;
 
 use super::proto::DeviceInfo;
 use crate::{error::ApiError, proto::core_response::Payload};
@@ -53,6 +54,12 @@ async fn get_core_response(rx: Receiver<Payload>) -> Result<Payload, ApiError> {
     if let Ok(core_response) = timeout(CORE_RESPONSE_TIMEOUT, rx).await {
         debug!("Got gRPC response from Defguard core: {core_response:?}");
         if let Ok(Payload::CoreError(core_error)) = core_response {
+            if core_error.status_code == Code::FailedPrecondition as i32
+                && core_error.message == "no valid license"
+            {
+                debug!("Tried to get core response related to an enterprise feature but the enterprise is not enabled, ignoring it...");
+                return Err(ApiError::EnterpriseNotEnabled);
+            }
             error!(
                 "Received an error response from the core service. | status code: {} message: {}",
                 core_error.status_code, core_error.message
diff --git a/src/handlers/openid_login.rs b/src/handlers/openid_login.rs
index c000e02..cdf07d8 100644
--- a/src/handlers/openid_login.rs
+++ b/src/handlers/openid_login.rs
@@ -14,7 +14,9 @@ use crate::{
     error::ApiError,
     handlers::get_core_response,
     http::AppState,
-    proto::{core_request, core_response, AuthCallbackRequest, AuthInfoRequest},
+    proto::{
+        core_request, core_response, AuthCallbackRequest, AuthCallbackResponse, AuthInfoRequest,
+    },
 };
 
 const COOKIE_MAX_AGE: Duration = Duration::days(1);
@@ -30,12 +32,16 @@ pub(crate) fn router() -> Router<AppState> {
 #[derive(Serialize)]
 struct AuthInfo {
     url: String,
+    button_display_name: Option<String>,
 }
 
 impl AuthInfo {
     #[must_use]
-    fn new(url: String) -> Self {
-        Self { url }
+    fn new(url: String, button_display_name: Option<String>) -> Self {
+        Self {
+            url,
+            button_display_name,
+        }
     }
 }
 
@@ -76,7 +82,7 @@ async fn auth_info(
             .build();
         let private_cookies = private_cookies.add(nonce_cookie).add(csrf_cookie);
 
-        let auth_info = AuthInfo::new(response.url);
+        let auth_info = AuthInfo::new(response.url, response.button_display_name);
         Ok((private_cookies, Json(auth_info)))
     } else {
         error!("Received invalid gRPC response type: {payload:#?}");
@@ -86,16 +92,22 @@ async fn auth_info(
 
 #[derive(Debug, Deserialize)]
 pub struct AuthenticationResponse {
-    id_token: String,
+    code: String,
     state: String,
 }
 
+#[derive(Serialize)]
+struct CallbackResponseData {
+    url: String,
+    token: String,
+}
+
 #[instrument(level = "debug", skip(state))]
 async fn auth_callback(
     State(state): State<AppState>,
     mut private_cookies: PrivateCookieJar,
     Json(payload): Json<AuthenticationResponse>,
-) -> Result<PrivateCookieJar, ApiError> {
+) -> Result<(PrivateCookieJar, Json<CallbackResponseData>), ApiError> {
     let nonce = private_cookies
         .get(NONCE_COOKIE_NAME)
         .ok_or(ApiError::Unauthorized("Nonce cookie not found".into()))?
@@ -116,7 +128,7 @@ async fn auth_callback(
         .remove(Cookie::from(CSRF_COOKIE_NAME));
 
     let request = AuthCallbackRequest {
-        id_token: payload.id_token,
+        code: payload.code,
         nonce,
         callback_url: state.callback_url().to_string(),
     };
@@ -125,11 +137,11 @@ async fn auth_callback(
         .grpc_server
         .send(Some(core_request::Payload::AuthCallback(request)), None)?;
     let payload = get_core_response(rx).await?;
-    if let core_response::Payload::Empty(()) = payload {
-        debug!("Received auth callback response (empty message)");
-        Ok(private_cookies)
+    if let core_response::Payload::AuthCallback(AuthCallbackResponse { url, token }) = payload {
+        debug!("Received auth callback response {url:?} {token:?}");
+        Ok((private_cookies, Json(CallbackResponseData { url, token })))
     } else {
-        error!("Received invalid gRPC response type: {payload:#?}");
+        error!("Received invalid gRPC response type during handling the OpenID authentication callback: {payload:#?}");
         Err(ApiError::InvalidResponseType)
     }
 }
diff --git a/src/http.rs b/src/http.rs
index 7278221..b910d61 100644
--- a/src/http.rs
+++ b/src/http.rs
@@ -50,9 +50,9 @@ impl AppState {
     #[must_use]
     pub(crate) fn callback_url(&self) -> Url {
         let mut url = self.url.clone();
-        // Append "/api/v1/openid/callback" to the URL.
+        // Append "/openid/callback" to the URL.
         if let Ok(mut path_segments) = url.path_segments_mut() {
-            path_segments.extend(&["api", "v1", "openid", "callback"]);
+            path_segments.extend(&["openid", "callback"]);
         }
         url
     }
diff --git a/web/src/components/App/App.tsx b/web/src/components/App/App.tsx
index e7d0289..6ecea23 100644
--- a/web/src/components/App/App.tsx
+++ b/web/src/components/App/App.tsx
@@ -22,6 +22,7 @@ import { PasswordResetPage } from '../../pages/passwordReset/PasswordResetPage';
 import { SessionTimeoutPage } from '../../pages/sessionTimeout/SessionTimeoutPage';
 import { TokenPage } from '../../pages/token/TokenPage';
 import { routes } from '../../shared/routes';
+import { OpenIDCallbackPage } from '../../pages/openidCallback/OpenIDCallback';
 
 dayjs.extend(duration);
 dayjs.extend(utc);
@@ -52,6 +53,10 @@ const router = createBrowserRouter([
     path: routes.passwordReset,
     element: <PasswordResetPage />,
   },
+  {
+    path: routes.openidCallback,
+    element: <OpenIDCallbackPage />,
+  },
   {
     path: '/*',
     element: <Navigate to="/" replace />,
diff --git a/web/src/pages/openidCallback/OpenIDCallback.tsx b/web/src/pages/openidCallback/OpenIDCallback.tsx
new file mode 100644
index 0000000..0097de5
--- /dev/null
+++ b/web/src/pages/openidCallback/OpenIDCallback.tsx
@@ -0,0 +1,15 @@
+import './style.scss';
+
+import { LogoContainer } from '../../components/LogoContainer/LogoContainer';
+import { PageContainer } from '../../shared/components/layout/PageContainer/PageContainer';
+import { OpenIDCallbackCard } from './components/OpenIDCallbackCard';
+// import { TokenCard } from './components/TokenCard';
+
+export const OpenIDCallbackPage = () => {
+  return (
+    <PageContainer id="openidcallback-page">
+      <LogoContainer />
+      <OpenIDCallbackCard />
+    </PageContainer>
+  );
+};
diff --git a/web/src/pages/openidCallback/components/OpenIDCallbackCard.tsx b/web/src/pages/openidCallback/components/OpenIDCallbackCard.tsx
new file mode 100644
index 0000000..962313b
--- /dev/null
+++ b/web/src/pages/openidCallback/components/OpenIDCallbackCard.tsx
@@ -0,0 +1,176 @@
+import './style.scss';
+
+import { useQuery } from '@tanstack/react-query';
+import { useEffect, useState } from 'react';
+import { useBreakpoint } from 'use-breakpoint';
+
+import { AxiosError } from 'axios';
+import { useI18nContext } from '../../../i18n/i18n-react';
+import { ActionButton } from '../../../shared/components/layout/ActionButton/ActionButton';
+import { ActionButtonVariant } from '../../../shared/components/layout/ActionButton/types';
+import { BigInfoBox } from '../../../shared/components/layout/BigInfoBox/BigInfoBox';
+import { Button } from '../../../shared/components/layout/Button/Button';
+import { ButtonStyleVariant } from '../../../shared/components/layout/Button/types';
+import { Card } from '../../../shared/components/layout/Card/Card';
+import { Input } from '../../../shared/components/layout/Input/Input';
+import { LoaderSpinner } from '../../../shared/components/layout/LoaderSpinner/LoaderSpinner';
+import { MessageBox } from '../../../shared/components/layout/MessageBox/MessageBox';
+import { MessageBoxType } from '../../../shared/components/layout/MessageBox/types';
+import SvgIconDownload from '../../../shared/components/svg/IconDownload';
+import { deviceBreakpoints } from '../../../shared/constants';
+import { useApi } from '../../../shared/hooks/api/useApi';
+
+type ErrorResponse = {
+  error: string;
+};
+
+export const OpenIDCallbackCard = () => {
+  const { openIDCallback } = useApi();
+  const { breakpoint } = useBreakpoint(deviceBreakpoints);
+  const { LL } = useI18nContext();
+  const [error, setError] = useState<string | null>(null);
+
+  const { isLoading, data } = useQuery(
+    [],
+    () => {
+      const hashFragment = window.location.hash.substring(1);
+      const params = new URLSearchParams(hashFragment);
+      const error = params.get('error');
+      if (error) {
+        setError(error);
+        return;
+      }
+      const id_token = params.get('id_token');
+      const state = params.get('state');
+      if (!id_token || !state) {
+        setError(
+          "Missing id_token or state in the callback's URL. The provider might not be configured correctly.",
+        );
+        return;
+      }
+      if (id_token && state) {
+        return openIDCallback({
+          id_token,
+          state,
+        });
+      }
+    },
+    {
+      retry: false,
+      refetchOnWindowFocus: false,
+      refetchOnMount: false,
+      onError: (error: AxiosError) => {
+        console.error(error);
+        const errorResponse = error.response?.data as ErrorResponse;
+        console.log('errorResponse', errorResponse);
+        if (errorResponse.error) {
+          setError(errorResponse.error);
+        } else {
+          setError(String(error));
+        }
+      },
+      onSuccess(data) {
+        if (!data?.token || !data?.url) {
+          setError("The server's response is missing the token or url.");
+        }
+      },
+    },
+  );
+
+  if (isLoading) {
+    return (
+      <div className="loader-container">
+        <LoaderSpinner size={100} />
+      </div>
+    );
+  }
+
+  if (error) {
+    return (
+      <Card shaded={breakpoint !== 'mobile'} className="openidcallback-card">
+        <MessageBox
+          type={MessageBoxType.ERROR}
+          message={`There was an error while validating your account: ${error}`}
+        />
+        <Button
+          text="Go back"
+          styleVariant={ButtonStyleVariant.PRIMARY}
+          onClick={() => {
+            window.location.href = '/';
+          }}
+        />
+      </Card>
+    );
+  }
+
+  return (
+    <>
+      <Card shaded={breakpoint !== 'mobile'} className="openidcallback-card">
+        <h2>Start your enrollment process</h2>
+        <BigInfoBox
+          message={
+            'Thank you for validating your account, please follow instruction below for configuring your VPN connection.'
+          }
+        />
+        <div className="steps">
+          <p>1. Please download and install defguard VPN Desktop Client</p>
+          <div className="download-link">
+            <Button
+              text="Download Desktop Client"
+              styleVariant={ButtonStyleVariant.PRIMARY}
+              icon={<SvgIconDownload color="#fff" />}
+              onClick={() => {
+                window.open('https://defguard.net/download/', '_blank');
+              }}
+            />
+          </div>
+          <p>
+            2. Open the client and <i>Add Instance</i>. Copy the data provided below into
+            the corresponding fields. You can also learn more about the process in our{' '}
+            <a
+              href="https://docs.defguard.net/help/configuring-vpn/add-new-instance"
+              target="_blank"
+            >
+              documentation
+            </a>
+            .
+          </p>
+          <Card className="token-input shaded">
+            <h2>Please provide instance URL and token</h2>
+            <div className="labelled-input">
+              <label>Instance URL:</label>
+              <div className="input-copy">
+                <Input value={data?.url} readOnly />
+                <ActionButton
+                  variant={ActionButtonVariant.COPY}
+                  onClick={() => {
+                    navigator.clipboard.writeText(data?.url);
+                  }}
+                />
+              </div>
+            </div>
+
+            <div className="labelled-input">
+              <label>Token:</label>
+              <div className="input-copy">
+                <Input value={data?.token} readOnly />
+                <ActionButton
+                  variant={ActionButtonVariant.COPY}
+                  onClick={() => {
+                    navigator.clipboard.writeText(data?.token);
+                  }}
+                />
+              </div>
+            </div>
+
+            <Button
+              text="Add instance"
+              styleVariant={ButtonStyleVariant.PRIMARY}
+              disabled={true}
+            />
+          </Card>
+        </div>
+      </Card>
+    </>
+  );
+};
diff --git a/web/src/pages/openidCallback/components/style.scss b/web/src/pages/openidCallback/components/style.scss
new file mode 100644
index 0000000..8904637
--- /dev/null
+++ b/web/src/pages/openidCallback/components/style.scss
@@ -0,0 +1,107 @@
+@use '@scssutils' as *;
+
+#openidcallback-page {
+  .openidcallback-card {
+    box-sizing: border-box;
+    padding: 50px 40px;
+    width: 100%;
+    display: flex;
+    flex-direction: column;
+    gap: 20px;
+
+    .steps {
+      display: flex;
+      flex-direction: column;
+      gap: 20px;
+
+      a {
+        color: unset;
+      }
+
+      p {
+        @include typography(openidcallback-steps);
+        color: var(--text-body-primary);
+      }
+
+      .download-link {
+        display: flex;
+        justify-content: center;
+        padding: 30px 0;
+
+        .btn {
+          padding: 12px 48px;
+          height: 60px;
+          width: 334px;
+
+          span {
+            @include typography(client-download-button);
+          }
+
+          svg {
+            width: 36px;
+            height: 36px;
+            path {
+              fill: var(--text-button-secondary);
+            }
+          }
+        }
+      }
+
+      .token-input {
+        padding: 32px 64px;
+        display: flex;
+        flex-direction: column;
+        align-items: center;
+        gap: 48px;
+
+        .btn {
+          height: 47px;
+          width: 198px;
+
+          span {
+            @include typography(client-download-button);
+          }
+        }
+
+        .labelled-input {
+          width: 100%;
+
+          label {
+            @include typography(app-wizard-1);
+            color: var(--text-body-tertiary);
+          }
+        }
+
+        .input-copy {
+          display: flex;
+          align-items: center;
+          position: relative;
+
+          .input {
+            padding: 0;
+            width: 100%;
+          }
+
+          .action-button {
+            position: absolute;
+            right: 9px;
+          }
+        }
+      }
+    }
+
+    h2 {
+      @include typography(app-body-1);
+      color: var(--text-body-primary);
+      margin-bottom: 15px;
+      text-align: left;
+    }
+  }
+
+  .loader-container {
+    min-height: 300px;
+    display: flex;
+    justify-content: center;
+    align-items: center;
+  }
+}
diff --git a/web/src/pages/openidCallback/style.scss b/web/src/pages/openidCallback/style.scss
new file mode 100644
index 0000000..6bc0f3b
--- /dev/null
+++ b/web/src/pages/openidCallback/style.scss
@@ -0,0 +1,20 @@
+@use '@scssutils' as *;
+
+#openidcallback-page {
+  @include media-breakpoint-up(lg) {
+    padding: 100px 50px;
+  }
+
+  & > * {
+    max-width: 920px;
+  }
+
+  & > .logo-container {
+    display: none;
+    margin-bottom: 30px;
+    @include media-breakpoint-up(lg) {
+      display: flex;
+      margin-bottom: 100px;
+    }
+  }
+}
diff --git a/web/src/pages/token/components/OIDCButtons.tsx b/web/src/pages/token/components/OIDCButtons.tsx
new file mode 100644
index 0000000..aedcc35
--- /dev/null
+++ b/web/src/pages/token/components/OIDCButtons.tsx
@@ -0,0 +1,183 @@
+import { Button } from '../../../shared/components/layout/Button/Button';
+import {
+  ButtonSize,
+  ButtonStyleVariant,
+} from '../../../shared/components/layout/Button/types';
+
+export const OpenIdLoginButton = ({ url }: { url: string }) => {
+  const { hostname } = new URL(url);
+
+  if (hostname === 'accounts.google.com') {
+    return <GoogleButton url={url} />;
+  } else if (hostname === 'login.microsoftonline.com') {
+    return <MicrosoftButton url={url} />;
+  } else {
+    return <CustomButton url={url} />;
+  }
+};
+
+const GoogleButton = ({ url }: { url: string }) => {
+  return (
+    <button
+      className="gsi-material-button"
+      onClick={() => {
+        window.location.assign(url);
+      }}
+      type="button"
+    >
+      <div className="gsi-material-button-state"></div>
+      <div className="gsi-material-button-content-wrapper">
+        <div className="gsi-material-button-icon">
+          <svg
+            version="1.1"
+            xmlns="http://www.w3.org/2000/svg"
+            viewBox="0 0 48 48"
+            xmlnsXlink="http://www.w3.org/1999/xlink"
+            style={{
+              display: 'block',
+            }}
+          >
+            <path
+              fill="#EA4335"
+              d="M24 9.5c3.54 0 6.71 1.22 9.21 3.6l6.85-6.85C35.9 2.38 30.47 0 24 0 14.62 0 6.51 5.38 2.56 13.22l7.98 6.19C12.43 13.72 17.74 9.5 24 9.5z"
+            ></path>
+            <path
+              fill="#4285F4"
+              d="M46.98 24.55c0-1.57-.15-3.09-.38-4.55H24v9.02h12.94c-.58 2.96-2.26 5.48-4.78 7.18l7.73 6c4.51-4.18 7.09-10.36 7.09-17.65z"
+            ></path>
+            <path
+              fill="#FBBC05"
+              d="M10.53 28.59c-.48-1.45-.76-2.99-.76-4.59s.27-3.14.76-4.59l-7.98-6.19C.92 16.46 0 20.12 0 24c0 3.88.92 7.54 2.56 10.78l7.97-6.19z"
+            ></path>
+            <path
+              fill="#34A853"
+              d="M24 48c6.48 0 11.93-2.13 15.89-5.81l-7.73-6c-2.15 1.45-4.92 2.3-8.16 2.3-6.26 0-11.57-4.22-13.47-9.91l-7.98 6.19C6.51 42.62 14.62 48 24 48z"
+            ></path>
+            <path fill="none" d="M0 0h48v48H0z"></path>
+          </svg>
+        </div>
+        <span className="gsi-material-button-contents">Sign in with Google</span>
+        <span
+          style={{
+            display: 'none',
+          }}
+        >
+          Sign in with Google
+        </span>
+      </div>
+    </button>
+  );
+};
+
+const CustomButton = ({ url }: { url: string }) => {
+  return (
+    <Button
+      size={ButtonSize.LARGE}
+      styleVariant={ButtonStyleVariant.PRIMARY}
+      text="Login with OIDC"
+      data-testid="login-oidc"
+      onClick={() => {
+        window.location.assign(url);
+      }}
+      type="button"
+    />
+  );
+};
+
+const MicrosoftButton = ({ url }: { url: string }) => {
+  return (
+    <button
+      onClick={() => {
+        window.location.assign(url);
+      }}
+      className="ms-button"
+      type="button"
+    >
+      <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 215 41">
+        <title>Sign in with Microsoft</title>
+        <rect width="215" height="41" fill="#fff" />
+        <path d="M214,1V40H1V1H214m1-1H0V41H215V0Z" fill="#8c8c8c" />
+        <path
+          d="M45.812,25.082V23.288a2.849,2.849,0,0,0,.576.4,4.5,4.5,0,0,0,.707.3,5.513,5.513,0,0,0,.747.187,3.965,3.965,0,0,0,.688.065,2.937,2.937,0,0,0,1.637-.365,1.2,1.2,0,0,0,.538-1.062,1.16,1.16,0,0,0-.179-.649,1.928,1.928,0,0,0-.5-.5,5.355,5.355,0,0,0-.757-.435q-.437-.209-.935-.436c-.356-.19-.687-.383-1-.578a4.358,4.358,0,0,1-.8-.648,2.728,2.728,0,0,1-.534-.8,2.6,2.6,0,0,1-.194-1.047,2.416,2.416,0,0,1,.333-1.285,2.811,2.811,0,0,1,.879-.9,4.026,4.026,0,0,1,1.242-.528,5.922,5.922,0,0,1,1.42-.172,5.715,5.715,0,0,1,2.4.374v1.721a3.832,3.832,0,0,0-2.3-.645,4.106,4.106,0,0,0-.773.074,2.348,2.348,0,0,0-.689.241,1.5,1.5,0,0,0-.494.433,1.054,1.054,0,0,0-.19.637,1.211,1.211,0,0,0,.146.608,1.551,1.551,0,0,0,.429.468,4.276,4.276,0,0,0,.688.414c.271.134.584.28.942.436q.547.285,1.036.6a4.881,4.881,0,0,1,.856.7,3.015,3.015,0,0,1,.586.846,2.464,2.464,0,0,1,.217,1.058,2.635,2.635,0,0,1-.322,1.348,2.608,2.608,0,0,1-.868.892,3.82,3.82,0,0,1-1.257.5,6.988,6.988,0,0,1-1.5.155c-.176,0-.392-.014-.649-.04s-.518-.067-.787-.117a7.772,7.772,0,0,1-.761-.187A2.4,2.4,0,0,1,45.812,25.082Z"
+          fill="#5e5e5e"
+        />
+        <path
+          d="M55.129,16.426a1.02,1.02,0,0,1-.714-.272.89.89,0,0,1-.3-.688.916.916,0,0,1,.3-.7,1.008,1.008,0,0,1,.714-.278,1.039,1.039,0,0,1,.732.278.909.909,0,0,1,.3.7.9.9,0,0,1-.3.678A1.034,1.034,0,0,1,55.129,16.426Zm.842,9.074h-1.7V18h1.7Z"
+          fill="#5e5e5e"
+        />
+        <path
+          d="M65.017,24.9q0,4.131-4.153,4.131a6.187,6.187,0,0,1-2.556-.491V26.986a4.726,4.726,0,0,0,2.337.7,2.342,2.342,0,0,0,2.672-2.628V24.24h-.029a2.947,2.947,0,0,1-4.742.436,4.041,4.041,0,0,1-.838-2.684,4.738,4.738,0,0,1,.9-3.04,3,3,0,0,1,2.476-1.128,2.384,2.384,0,0,1,2.2,1.216h.029V18h1.7Zm-1.684-2.835v-.973a1.91,1.91,0,0,0-.524-1.352A1.718,1.718,0,0,0,61.5,19.18a1.793,1.793,0,0,0-1.512.714,3.217,3.217,0,0,0-.546,2,2.774,2.774,0,0,0,.524,1.769,1.678,1.678,0,0,0,1.387.662,1.805,1.805,0,0,0,1.429-.632A2.391,2.391,0,0,0,63.333,22.064Z"
+          fill="#5e5e5e"
+        />
+        <path
+          d="M73.908,25.5h-1.7V21.273q0-2.1-1.486-2.1a1.622,1.622,0,0,0-1.282.582,2.162,2.162,0,0,0-.5,1.469V25.5H67.229V18h1.707v1.245h.029A2.673,2.673,0,0,1,71.4,17.824a2.265,2.265,0,0,1,1.868.795,3.57,3.57,0,0,1,.644,2.3Z"
+          fill="#5e5e5e"
+        />
+        <path
+          d="M80.962,16.426a1.02,1.02,0,0,1-.714-.272.89.89,0,0,1-.3-.688.916.916,0,0,1,.3-.7,1.008,1.008,0,0,1,.714-.278,1.039,1.039,0,0,1,.732.278.909.909,0,0,1,.3.7.9.9,0,0,1-.3.678A1.034,1.034,0,0,1,80.962,16.426ZM81.8,25.5H80.1V18h1.7Z"
+          fill="#5e5e5e"
+        />
+        <path
+          d="M90.7,25.5H89V21.273q0-2.1-1.486-2.1a1.622,1.622,0,0,0-1.282.582,2.157,2.157,0,0,0-.506,1.469V25.5H84.023V18H85.73v1.245h.03a2.673,2.673,0,0,1,2.431-1.421,2.265,2.265,0,0,1,1.868.795,3.57,3.57,0,0,1,.644,2.3Z"
+          fill="#5e5e5e"
+        />
+        <path
+          d="M106.984,18l-2.212,7.5h-1.78l-1.361-5.083a3.215,3.215,0,0,1-.1-.659H101.5a3.069,3.069,0,0,1-.131.644l-1.48,5.1H98.145L95.939,18H97.7l1.363,5.405a3.16,3.16,0,0,1,.087.645H99.2a3.384,3.384,0,0,1,.117-.659L100.832,18h1.6l1.347,5.428a3.732,3.732,0,0,1,.095.644h.052a3.387,3.387,0,0,1,.11-.644L105.365,18Z"
+          fill="#5e5e5e"
+        />
+        <path
+          d="M109.1,16.426a1.018,1.018,0,0,1-.714-.272.886.886,0,0,1-.3-.688.912.912,0,0,1,.3-.7,1.006,1.006,0,0,1,.714-.278,1.039,1.039,0,0,1,.732.278.912.912,0,0,1,.3.7.9.9,0,0,1-.3.678A1.034,1.034,0,0,1,109.1,16.426Zm.841,9.074h-1.7V18h1.7Z"
+          fill="#5e5e5e"
+        />
+        <path
+          d="M116.117,25.42a2.955,2.955,0,0,1-1.31.248q-2.182,0-2.183-2.094V19.333h-1.253V18h1.253V16.264l1.7-.483V18h1.794v1.333h-1.794v3.75a1.484,1.484,0,0,0,.241.952,1.006,1.006,0,0,0,.807.285,1.167,1.167,0,0,0,.746-.248Z"
+          fill="#5e5e5e"
+        />
+        <path
+          d="M124.248,25.5h-1.7V21.4q0-2.226-1.487-2.226a1.556,1.556,0,0,0-1.26.644,2.568,2.568,0,0,0-.513,1.649V25.5h-1.707V14.4h1.707v4.849h.029a2.685,2.685,0,0,1,2.432-1.421q2.5,0,2.5,3.055Z"
+          fill="#5e5e5e"
+        />
+        <path
+          d="M141.907,25.5h-1.728V18.7q0-.835.1-2.043h-.029a6.992,6.992,0,0,1-.285.988L136.831,25.5h-1.2l-3.143-7.793a7.236,7.236,0,0,1-.277-1.047h-.029q.057.63.058,2.058V25.5h-1.611V15h2.453l2.762,7a10.884,10.884,0,0,1,.41,1.2h.036c.181-.551.327-.962.44-1.23L139.541,15h2.366Z"
+          fill="#5e5e5e"
+        />
+        <path
+          d="M145.158,16.426a1.022,1.022,0,0,1-.714-.272.89.89,0,0,1-.3-.688.916.916,0,0,1,.3-.7,1.009,1.009,0,0,1,.714-.278,1.043,1.043,0,0,1,.733.278.911.911,0,0,1,.3.7.9.9,0,0,1-.3.678A1.038,1.038,0,0,1,145.158,16.426ZM146,25.5h-1.7V18H146Z"
+          fill="#5e5e5e"
+        />
+        <path
+          d="M153.589,25.156a4.2,4.2,0,0,1-2.131.52,3.606,3.606,0,0,1-2.695-1.044,3.691,3.691,0,0,1-1.026-2.706,4.07,4.07,0,0,1,1.1-2.978,3.944,3.944,0,0,1,2.948-1.124,4.3,4.3,0,0,1,1.81.36v1.582a2.743,2.743,0,0,0-1.67-.586,2.32,2.32,0,0,0-1.766.728,2.665,2.665,0,0,0-.688,1.908,2.536,2.536,0,0,0,.648,1.838,2.3,2.3,0,0,0,1.739.674,2.716,2.716,0,0,0,1.729-.652Z"
+          fill="#5e5e5e"
+        />
+        <path
+          d="M159.625,19.619a1.4,1.4,0,0,0-.887-.242,1.513,1.513,0,0,0-1.259.682,3.04,3.04,0,0,0-.506,1.852V25.5h-1.7V18h1.7v1.545H157a2.606,2.606,0,0,1,.766-1.233,1.724,1.724,0,0,1,1.154-.444,1.432,1.432,0,0,1,.7.14Z"
+          fill="#5e5e5e"
+        />
+        <path
+          d="M164.02,25.676a3.719,3.719,0,0,1-2.773-1.051,3.8,3.8,0,0,1-1.036-2.787,3.7,3.7,0,0,1,3.991-4.014,3.6,3.6,0,0,1,2.739,1.033,3.986,3.986,0,0,1,.982,2.864,3.932,3.932,0,0,1-1.059,2.875A3.8,3.8,0,0,1,164.02,25.676Zm.08-6.5a1.938,1.938,0,0,0-1.575.7,2.913,2.913,0,0,0-.579,1.919,2.744,2.744,0,0,0,.586,1.856,1.965,1.965,0,0,0,1.568.678,1.87,1.87,0,0,0,1.542-.666,2.956,2.956,0,0,0,.538-1.9,3,3,0,0,0-.538-1.911A1.858,1.858,0,0,0,164.1,19.18Z"
+          fill="#5e5e5e"
+        />
+        <path
+          d="M169.182,25.266V23.691a3.392,3.392,0,0,0,2.1.725q1.539,0,1.538-.908a.714.714,0,0,0-.132-.436,1.241,1.241,0,0,0-.355-.318,2.784,2.784,0,0,0-.527-.25q-.3-.108-.677-.248a7.052,7.052,0,0,1-.832-.389,2.545,2.545,0,0,1-.615-.465,1.745,1.745,0,0,1-.37-.59,2.145,2.145,0,0,1-.125-.769,1.775,1.775,0,0,1,.256-.955,2.223,2.223,0,0,1,.69-.7,3.289,3.289,0,0,1,.98-.425,4.511,4.511,0,0,1,1.136-.143,5.181,5.181,0,0,1,1.86.315v1.487a3.136,3.136,0,0,0-1.816-.542,2.317,2.317,0,0,0-.582.066,1.472,1.472,0,0,0-.443.183.886.886,0,0,0-.286.282.669.669,0,0,0-.1.363.77.77,0,0,0,.1.41.93.93,0,0,0,.3.3,2.654,2.654,0,0,0,.483.234q.282.105.649.23a9.4,9.4,0,0,1,.867.4,2.886,2.886,0,0,1,.656.465,1.806,1.806,0,0,1,.417.6,2.034,2.034,0,0,1,.147.81,1.847,1.847,0,0,1-.264,1,2.205,2.205,0,0,1-.7.7,3.292,3.292,0,0,1-1.015.413,5.222,5.222,0,0,1-1.212.136A5.115,5.115,0,0,1,169.182,25.266Z"
+          fill="#5e5e5e"
+        />
+        <path
+          d="M179.443,25.676a3.717,3.717,0,0,1-2.772-1.051,3.793,3.793,0,0,1-1.036-2.787,3.7,3.7,0,0,1,3.991-4.014,3.6,3.6,0,0,1,2.739,1.033,3.986,3.986,0,0,1,.982,2.864,3.932,3.932,0,0,1-1.059,2.875A3.8,3.8,0,0,1,179.443,25.676Zm.08-6.5a1.936,1.936,0,0,0-1.574.7,2.908,2.908,0,0,0-.579,1.919,2.739,2.739,0,0,0,.586,1.856,1.964,1.964,0,0,0,1.567.678,1.868,1.868,0,0,0,1.542-.666,2.95,2.95,0,0,0,.539-1.9,2.99,2.99,0,0,0-.539-1.911A1.857,1.857,0,0,0,179.523,19.18Z"
+          fill="#5e5e5e"
+        />
+        <path
+          d="M189.067,15.781a1.533,1.533,0,0,0-.784-.2q-1.237,0-1.237,1.4V18h1.743v1.333h-1.736V25.5h-1.7V19.333h-1.282V18h1.282V16.784a2.362,2.362,0,0,1,.777-1.871,2.82,2.82,0,0,1,1.94-.684,2.879,2.879,0,0,1,1,.138Z"
+          fill="#5e5e5e"
+        />
+        <path
+          d="M194.23,25.42a2.955,2.955,0,0,1-1.31.248q-2.182,0-2.183-2.094V19.333h-1.253V18h1.253V16.264l1.7-.483V18h1.793v1.333h-1.793v3.75a1.484,1.484,0,0,0,.241.952,1,1,0,0,0,.806.285,1.165,1.165,0,0,0,.746-.248Z"
+          fill="#5e5e5e"
+        />
+        <rect x="13" y="11" width="9" height="9" fill="#f25022" />
+        <rect x="13" y="21" width="9" height="9" fill="#00a4ef" />
+        <rect x="23" y="11" width="9" height="9" fill="#7fba00" />
+        <rect x="23" y="21" width="9" height="9" fill="#ffb900" />
+      </svg>
+    </button>
+  );
+};
diff --git a/web/src/pages/token/components/TokenCard.tsx b/web/src/pages/token/components/TokenCard.tsx
index b6d38d4..3531d94 100644
--- a/web/src/pages/token/components/TokenCard.tsx
+++ b/web/src/pages/token/components/TokenCard.tsx
@@ -1,9 +1,9 @@
 import './style.scss';
 
 import { zodResolver } from '@hookform/resolvers/zod';
-import { useMutation } from '@tanstack/react-query';
+import { useMutation, useQuery } from '@tanstack/react-query';
 import dayjs from 'dayjs';
-import { useMemo } from 'react';
+import { useEffect, useMemo, useState } from 'react';
 import { SubmitHandler, useForm } from 'react-hook-form';
 import { useNavigate } from 'react-router-dom';
 import { useBreakpoint } from 'use-breakpoint';
@@ -28,6 +28,9 @@ import { deviceBreakpoints } from '../../../shared/constants';
 import { useApi } from '../../../shared/hooks/api/useApi';
 import { routes } from '../../../shared/routes';
 import { useEnrollmentStore } from '../../enrollment/hooks/store/useEnrollmentStore';
+import { BigInfoBox } from '../../../shared/components/layout/BigInfoBox/BigInfoBox';
+import { LoaderSpinner } from '../../../shared/components/layout/LoaderSpinner/LoaderSpinner';
+import { OpenIdLoginButton } from './OIDCButtons';
 
 type FormFields = {
   token: string;
@@ -37,6 +40,7 @@ export const TokenCard = () => {
   const navigate = useNavigate();
   const {
     enrollment: { start: startEnrollment },
+    getOpenIDAuthInfo,
   } = useApi();
   const { breakpoint } = useBreakpoint(deviceBreakpoints);
   const { LL } = useI18nContext();
@@ -53,6 +57,7 @@ export const TokenCard = () => {
         .required(),
     [LL.pages.token.card.form.errors.token],
   );
+  const [openIDUrl, setOpenIDUrl] = useState(null);
 
   const { control, handleSubmit, setError } = useForm<FormFields>({
     mode: 'all',
@@ -62,6 +67,23 @@ export const TokenCard = () => {
     resolver: zodResolver(schema),
   });
 
+  // useEffect(() => {
+  //   getOpenIDAuthInfo().then((res) => {
+  //     console.log(res);
+  //   });
+  // });
+
+  const { isLoading: openidLoading, data: openidData } = useQuery(
+    [],
+    () => getOpenIDAuthInfo(),
+    {
+      refetchOnMount: true,
+      refetchOnWindowFocus: false,
+    },
+  );
+
+  console.log(openidLoading);
+
   const { isLoading, mutate } = useMutation({
     mutationFn: startEnrollment,
     onSuccess: (res) => {
@@ -100,42 +122,19 @@ export const TokenCard = () => {
     }
   };
 
+  if (openidLoading) {
+    return (
+      <div className="loader-container">
+        <LoaderSpinner size={100} />
+      </div>
+    );
+  }
+
   return (
     <>
-      <div className="controls">
-        <Button
-          size={ButtonSize.LARGE}
-          styleVariant={ButtonStyleVariant.LINK}
-          text={LL.common.controls.back()}
-          icon={
-            <ArrowSingle
-              size={ArrowSingleSize.SMALL}
-              direction={ArrowSingleDirection.LEFT}
-            />
-          }
-          onClick={() => navigate(routes.main)}
-        />
-        <Button
-          data-testid="enrollment-token-submit-button"
-          size={ButtonSize.LARGE}
-          styleVariant={ButtonStyleVariant.PRIMARY}
-          text={LL.pages.resetPassword.steps.email.controls.send()}
-          rightIcon={
-            <ArrowSingle
-              size={ArrowSingleSize.SMALL}
-              direction={ArrowSingleDirection.RIGHT}
-            />
-          }
-          onClick={handleSubmit(handleValidSubmit)}
-        />
-      </div>
       <Card shaded={breakpoint !== 'mobile'} className="token-card">
         <h2>{LL.pages.token.card.title()}</h2>
-        <MessageBox
-          message={LL.pages.token.card.messageBox.email()}
-          type={MessageBoxType.INFO}
-          dismissId="token-page-card-email"
-        />
+        <BigInfoBox message={LL.pages.token.card.messageBox.email()} />
         <form
           data-testid="enrollment-token-form"
           onSubmit={handleSubmit(handleValidSubmit)}
@@ -146,6 +145,46 @@ export const TokenCard = () => {
             required
           />
         </form>
+        {openidData?.url && (
+          <>
+            <h2 className="openid-heading">Or Sign In with External SSO</h2>
+            <BigInfoBox
+              message={
+                'If you would like to initiate the enrollment process using External SSO, please click the link below to sign in and start the process.'
+              }
+            />
+            <div className="openid-button">
+              <OpenIdLoginButton url={openidData.url} />
+            </div>
+          </>
+        )}
+        <div className="controls">
+          <Button
+            size={ButtonSize.LARGE}
+            styleVariant={ButtonStyleVariant.LINK}
+            text={LL.common.controls.back()}
+            icon={
+              <ArrowSingle
+                size={ArrowSingleSize.SMALL}
+                direction={ArrowSingleDirection.LEFT}
+              />
+            }
+            onClick={() => navigate(routes.main)}
+          />
+          <Button
+            data-testid="enrollment-token-submit-button"
+            size={ButtonSize.LARGE}
+            styleVariant={ButtonStyleVariant.PRIMARY}
+            text={LL.pages.resetPassword.steps.email.controls.send()}
+            rightIcon={
+              <ArrowSingle
+                size={ArrowSingleSize.SMALL}
+                direction={ArrowSingleDirection.RIGHT}
+              />
+            }
+            onClick={handleSubmit(handleValidSubmit)}
+          />
+        </div>
       </Card>
     </>
   );
diff --git a/web/src/pages/token/components/style.scss b/web/src/pages/token/components/style.scss
index 94ba251..442abf9 100644
--- a/web/src/pages/token/components/style.scss
+++ b/web/src/pages/token/components/style.scss
@@ -16,22 +16,143 @@
 
     & > form {
       margin-top: 40px;
-      .controls {
-        width: 100%;
-        margin-top: 15px;
-        .btn {
-          width: 100%;
-          svg {
-            g {
-              fill: var(--surface-icon-secondary);
-            }
-          }
-          .arrow-single {
-            width: 100%;
-            height: 100%;
-          }
-        }
-      }
     }
   }
+
+  .loader-container {
+    min-height: 300px;
+    display: flex;
+    justify-content: center;
+    align-items: center;
+  }
+
+  .openid-button {
+    display: flex;
+    justify-content: center;
+    padding: 50px 0;
+  }
+
+  .openid-heading {
+    margin-top: 20px;
+  }
+}
+
+.gsi-material-button {
+  -moz-user-select: none;
+  -webkit-user-select: none;
+  -ms-user-select: none;
+  -webkit-appearance: none;
+  background-color: WHITE;
+  background-image: none;
+  border: 1px solid #747775;
+  -webkit-border-radius: 4px;
+  border-radius: 4px;
+  -webkit-box-sizing: border-box;
+  box-sizing: border-box;
+  color: #1f1f1f;
+  cursor: pointer;
+  font-family: 'Roboto', arial, sans-serif;
+  font-size: 14px;
+  letter-spacing: 0.25px;
+  outline: none;
+  overflow: hidden;
+  padding: 10px 30px;
+  position: relative;
+  text-align: center;
+  -webkit-transition:
+    background-color 0.218s,
+    border-color 0.218s,
+    box-shadow 0.218s;
+  transition:
+    background-color 0.218s,
+    border-color 0.218s,
+    box-shadow 0.218s;
+  vertical-align: middle;
+  white-space: nowrap;
+  width: auto;
+  max-width: 400px;
+  min-width: min-content;
+}
+
+.gsi-material-button .gsi-material-button-icon {
+  height: 20px;
+  margin-right: 12px;
+  min-width: 20px;
+  width: 20px;
+}
+
+.gsi-material-button .gsi-material-button-content-wrapper {
+  -webkit-align-items: center;
+  align-items: center;
+  display: flex;
+  -webkit-flex-direction: row;
+  flex-direction: row;
+  -webkit-flex-wrap: nowrap;
+  flex-wrap: nowrap;
+  height: 100%;
+  justify-content: space-between;
+  position: relative;
+  width: 100%;
+}
+
+.gsi-material-button .gsi-material-button-contents {
+  -webkit-flex-grow: 1;
+  flex-grow: 1;
+  font-family: 'Roboto', arial, sans-serif;
+  font-weight: 500;
+  overflow: hidden;
+  text-overflow: ellipsis;
+  vertical-align: top;
+}
+
+.gsi-material-button .gsi-material-button-state {
+  -webkit-transition: opacity 0.218s;
+  transition: opacity 0.218s;
+  bottom: 0;
+  left: 0;
+  opacity: 0;
+  position: absolute;
+  right: 0;
+  top: 0;
+}
+
+.gsi-material-button:disabled {
+  cursor: default;
+  background-color: #ffffff61;
+  border-color: #1f1f1f1f;
+}
+
+.gsi-material-button:disabled .gsi-material-button-contents {
+  opacity: 38%;
+}
+
+.gsi-material-button:disabled .gsi-material-button-icon {
+  opacity: 38%;
+}
+
+.gsi-material-button:not(:disabled):active .gsi-material-button-state,
+.gsi-material-button:not(:disabled):focus .gsi-material-button-state {
+  background-color: #303030;
+  opacity: 12%;
+}
+
+.gsi-material-button:not(:disabled):hover {
+  -webkit-box-shadow:
+    0 1px 2px 0 rgba(60, 64, 67, 0.3),
+    0 1px 3px 1px rgba(60, 64, 67, 0.15);
+  box-shadow:
+    0 1px 2px 0 rgba(60, 64, 67, 0.3),
+    0 1px 3px 1px rgba(60, 64, 67, 0.15);
+}
+
+.gsi-material-button:not(:disabled):hover .gsi-material-button-state {
+  background-color: #303030;
+  opacity: 8%;
+}
+
+.ms-button {
+  background-color: transparent;
+  border: none;
+  cursor: pointer;
+  padding: 0;
 }
diff --git a/web/src/pages/token/style.scss b/web/src/pages/token/style.scss
index 96b809d..03ad499 100644
--- a/web/src/pages/token/style.scss
+++ b/web/src/pages/token/style.scss
@@ -27,12 +27,6 @@
     column-gap: 32px;
     width: 100%;
     box-sizing: border-box;
-    padding: 0 20px;
-    margin-bottom: 50px;
-
-    @include media-breakpoint-up(md) {
-      padding: 0 135px;
-    }
 
     &.single {
       grid-template-columns: 1fr;
diff --git a/web/src/shared/components/layout/BigInfoBox/BigInfoBox.tsx b/web/src/shared/components/layout/BigInfoBox/BigInfoBox.tsx
new file mode 100644
index 0000000..2b264bc
--- /dev/null
+++ b/web/src/shared/components/layout/BigInfoBox/BigInfoBox.tsx
@@ -0,0 +1,35 @@
+import './style.scss';
+
+import { isUndefined } from 'lodash-es';
+import { HTMLProps, ReactNode, useMemo } from 'react';
+
+import SvgIconInfo from '../../svg/IconInfo';
+
+interface Props extends HTMLProps<HTMLDivElement> {
+  message?: string | ReactNode;
+  children?: ReactNode;
+}
+
+/**
+ * Big infobox with a message.
+ */
+export const BigInfoBox = ({ message, className, children, ...props }: Props) => {
+  const renderMessage = useMemo(() => {
+    if (!isUndefined(children)) {
+      return children;
+    }
+    if (typeof message === 'string') {
+      return <p>{message}</p>;
+    }
+    return message;
+  }, [message, children]);
+
+  return (
+    <div className="big-info-box" {...props}>
+      <div className="icon-container">
+        <SvgIconInfo />
+      </div>
+      <div className="message">{renderMessage}</div>
+    </div>
+  );
+};
diff --git a/web/src/shared/components/layout/BigInfoBox/style.scss b/web/src/shared/components/layout/BigInfoBox/style.scss
new file mode 100644
index 0000000..7f39d7e
--- /dev/null
+++ b/web/src/shared/components/layout/BigInfoBox/style.scss
@@ -0,0 +1,46 @@
+@use '../../../scss/helpers' as *;
+
+.big-info-box {
+  height: auto;
+  width: 100%;
+  display: flex;
+  align-items: center;
+  justify-items: center;
+  gap: 20px;
+  border-radius: 10px;
+  border: 1px solid var(--surface-tag-modal);
+  box-sizing: border-box;
+  padding: 20px;
+
+  & > .icon-container {
+    display: flex;
+    align-items: center;
+
+    & > svg {
+      width: 42px;
+      height: 42px;
+    }
+  }
+
+  .message {
+    box-sizing: border-box;
+    p,
+    span,
+    b,
+    strong {
+      @include typography(infobox-message);
+    }
+
+    b,
+    strong {
+      font-weight: 700;
+    }
+
+    p,
+    span {
+      color: inherit;
+      max-width: 100%;
+      white-space: normal;
+    }
+  }
+}
diff --git a/web/src/shared/hooks/api/types.ts b/web/src/shared/hooks/api/types.ts
index 170e086..edf1a1d 100644
--- a/web/src/shared/hooks/api/types.ts
+++ b/web/src/shared/hooks/api/types.ts
@@ -93,4 +93,9 @@ export type UseApi = {
     reset: (data: PasswordResetRequest) => Promise<EmptyApiResponse>;
   };
   getAppInfo: () => Promise<AppInfo>;
+  getOpenIDAuthInfo: () => Promise<{ url: string }>;
+  openIDCallback: (data: { id_token: string; state: string }) => Promise<{
+    token: string;
+    url: string;
+  }>;
 };
diff --git a/web/src/shared/hooks/api/useApi.tsx b/web/src/shared/hooks/api/useApi.tsx
index 2c2c89f..53403d2 100644
--- a/web/src/shared/hooks/api/useApi.tsx
+++ b/web/src/shared/hooks/api/useApi.tsx
@@ -33,6 +33,19 @@ export const useApi = (): UseApi => {
   const resetPassword: UseApi['passwordReset']['reset'] = (data) =>
     client.post('/password-reset/reset', data).then(unpackRequest);
 
+  const getOpenIDAuthInfo: UseApi['getOpenIDAuthInfo'] = () =>
+    client
+      .get('/openid/auth_info')
+      .then((res) => res.data)
+      .catch((_) => {
+        return {
+          url: null,
+        };
+      });
+
+  const openIDCallback: UseApi['openIDCallback'] = (data) =>
+    client.post('/openid/callback', data).then(unpackRequest);
+
   return {
     enrollment: {
       start: startEnrollment,
@@ -45,5 +58,7 @@ export const useApi = (): UseApi => {
       reset: resetPassword,
     },
     getAppInfo,
+    getOpenIDAuthInfo,
+    openIDCallback,
   };
 };
diff --git a/web/src/shared/routes.ts b/web/src/shared/routes.ts
index 26fcd98..97c5e53 100644
--- a/web/src/shared/routes.ts
+++ b/web/src/shared/routes.ts
@@ -4,4 +4,5 @@ export const routes = {
   token: '/token',
   timeout: '/timeout',
   passwordReset: '/password-reset',
+  openidCallback: '/openid/callback',
 };
diff --git a/web/src/shared/scss/helpers/_typography.scss b/web/src/shared/scss/helpers/_typography.scss
index aac40a5..9daa510 100644
--- a/web/src/shared/scss/helpers/_typography.scss
+++ b/web/src/shared/scss/helpers/_typography.scss
@@ -219,4 +219,25 @@
     text-decoration: underline;
     font-weight: 500;
   }
+
+  @if $value ==infobox-message {
+    font-family: 'Poppins';
+    font-size: 15px;
+    line-height: 23px;
+    font-weight: 400;
+  }
+
+  @if $value ==openidcallback-steps {
+    font-family: 'Poppins';
+    font-size: 15px;
+    line-height: 23px;
+    font-weight: 400;
+  }
+
+  @if $value ==client-download-button {
+    font-family: 'Poppins';
+    font-size: 15px;
+    line-height: normal;
+    font-weight: 600;
+  }
 }