feat(auth): add SSO with configurable identity providers and social l…#84
Merged
feat(auth): add SSO with configurable identity providers and social l…#84
Conversation
…ogin Closes #54 - Add identity_providers and user_social_accounts models and migration - Admin CRUD for identity providers (client secret encrypted) - OAuth2 flow: /auth/{slug}/login and /auth/{slug}/callback - Portal: Identity Providers admin page under Administrative - Portal: social login buttons on login page (Google, Microsoft, other) - Portal: show user avatar from IdP in navbar - API and auth error messages in English - Add make lint for api and portal (ruff, eslint, tsc)
- Add API_PUBLIC_URL and FRONTEND_URL to .env.example (SSO/OAuth section) - Expose same vars in docker-compose x-env-api with localhost defaults
- Replace "incorretos" assertion with "invalid" in login error tests - Align with API responses now returned in English (Invalid email or password)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
This PR adds SSO (Single Sign-On) with configurable identity providers, allowing users to sign in with OAuth2/OIDC providers such as Google and Microsoft in addition to email/password.
Backend (API):
identity_providersanduser_social_accounts(migration), with optionalorganization_idon identity providers for future per-organization IdPsclient_secretusing existingsecrets_cryptomodule/auth/admin/identity-providers(list, create, get, patch, delete)GET /auth/identity-providersto list enabled providers for the login pageGET /auth/{slug}/login(redirect to IdP) andGET /auth/{slug}/callback(exchange code, create/link user, issue JWT, redirect to portal)user_social_accountslinks users to provider identitiesPortal:
/login/callbackto handle OAuth redirect and store tokensOther:
PATCHand explicit OPTIONS handler for identity-provider routes;make linttarget runs API (ruff check + format) and Portal (eslint + tsc) as in CIRelated Issue
Closes #54
Type of Change
Component Affected
make lint)Checklist
General
Testing
Documentation
Screenshots (if applicable)
Test Plan
/login/callbackreceives tokens and redirects to home with user logged in; confirm error handling when state is invalid or provider is disabled.make lint(ormake api-lintandmake portal-lint) and ensure both API and Portal pass.Additional Notes
API_PUBLIC_URL(e.g.http://localhost:8000) andFRONTEND_URL(e.g.http://localhost:3000) so redirect_uri and post-login redirect are correct. ConfigureTRON_SECRETS_KEYfor encrypting identity provider client secrets.{API_PUBLIC_URL}/auth/google/callback.identity_providershas nullableorganization_idfor future per-organization IdP support.