-
Notifications
You must be signed in to change notification settings - Fork 795
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: add oidc support #1103
base: main
Are you sure you want to change the base?
feat: add oidc support #1103
Conversation
@tankerkiller125 is attempting to deploy a commit to the Documenso Team Team on Vercel. A member of the Team first needs to authorize it. |
WalkthroughThe code changes introduce OpenID Connect (OIDC) as a generic OAuth option for Single Sign-On (SSO) throughout the application. These updates encompass setting up environmental configurations for OIDC, adjusting TypeScript declarations, and modifying sign-in and sign-up components to accommodate OIDC alongside Google SSO. Furthermore, the database schema and migrations are revised to include OIDC as an identity provider option. Changes
Assessment against linked issues
The changes effectively address the integration of OIDC as a generic OAuth option for SSO, aligning closely with the objectives specified in the linked issue. However, details regarding the implementation of default security checks and scopes need clarification. Recent Review DetailsConfiguration used: CodeRabbit UI Files selected for processing (1)
Files skipped from review as they are similar to previous changes (1)
Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media? TipsChatThere are 3 ways to chat with CodeRabbit:
Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments. CodeRabbit Commands (invoked as PR comments)
Additionally, you can add CodeRabbit Configration File (
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Actionable comments posted: 3
{isOIDCSSOEnabled && ( | ||
<> | ||
<Button | ||
type="button" | ||
size="lg" | ||
variant={'outline'} | ||
className="bg-background text-muted-foreground border" | ||
disabled={isSubmitting} | ||
onClick={onSignUpWithOIDCClick} | ||
> | ||
<FaIdCardClip className="mr-2 h-5 w-5" /> | ||
Sign Up with OIDC | ||
</Button> | ||
</> | ||
)} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The implementation of the OIDC sign-up button is correct. However, consider adding an aria-label to the button for better accessibility.
- <Button type="button" size="lg" variant={'outline'} className="bg-background text-muted-foreground border" disabled={isSubmitting} onClick={onSignUpWithOIDCClick}>
+ <Button type="button" size="lg" variant={'outline'} className="bg-background text-muted-foreground border" disabled={isSubmitting} onClick={onSignUpWithOIDCClick} aria-label="Sign up with OIDC">
Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation.
{isOIDCSSOEnabled && ( | |
<> | |
<Button | |
type="button" | |
size="lg" | |
variant={'outline'} | |
className="bg-background text-muted-foreground border" | |
disabled={isSubmitting} | |
onClick={onSignUpWithOIDCClick} | |
> | |
<FaIdCardClip className="mr-2 h-5 w-5" /> | |
Sign Up with OIDC | |
</Button> | |
</> | |
)} | |
{isOIDCSSOEnabled && ( | |
<> | |
<Button | |
type="button" | |
size="lg" | |
variant={'outline'} | |
className="bg-background text-muted-foreground border" | |
disabled={isSubmitting} | |
onClick={onSignUpWithOIDCClick} | |
aria-label="Sign up with OIDC" | |
> | |
<FaIdCardClip className="mr-2 h-5 w-5" /> | |
Sign Up with OIDC | |
</Button> | |
</> | |
)} |
const onSignUpWithOIDCClick = async () => { | ||
try { | ||
await signIn('google', { callbackUrl: SIGN_UP_REDIRECT_PATH }); | ||
} catch (err) { | ||
toast({ | ||
title: 'An unknown error occurred', | ||
description: | ||
'We encountered an unknown error while attempting to sign you Up. Please try again later.', | ||
variant: 'destructive', | ||
}); | ||
} | ||
}; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Replace the incorrect provider key in signIn
function.
- await signIn('google', { callbackUrl: SIGN_UP_REDIRECT_PATH });
+ await signIn('oidc', { callbackUrl: SIGN_UP_REDIRECT_PATH });
The onSignUpWithOIDCClick
function incorrectly uses 'google' as the provider key for the OIDC sign-in. This should be 'oidc' to match the intended authentication method.
Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation.
const onSignUpWithOIDCClick = async () => { | |
try { | |
await signIn('google', { callbackUrl: SIGN_UP_REDIRECT_PATH }); | |
} catch (err) { | |
toast({ | |
title: 'An unknown error occurred', | |
description: | |
'We encountered an unknown error while attempting to sign you Up. Please try again later.', | |
variant: 'destructive', | |
}); | |
} | |
}; | |
const onSignUpWithOIDCClick = async () => { | |
try { | |
await signIn('oidc', { callbackUrl: SIGN_UP_REDIRECT_PATH }); | |
} catch (err) { | |
toast({ | |
title: 'An unknown error occurred', | |
description: | |
'We encountered an unknown error while attempting to sign you Up. Please try again later.', | |
variant: 'destructive', | |
}); | |
} | |
}; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This has been fixed
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@tankerkiller125, thank you for the update and for fixing the issue with the OIDC sign-in provider key. If there's anything else you need help with, feel free to ask!
If you found this review helpful, would you consider giving us a shout-out on X?
Thank you for using CodeRabbit!
const onSignInWithOIDCClick = async () => { | ||
try { | ||
await signIn('oidc', { callbackUrl: LOGIN_REDIRECT_PATH }); | ||
} catch (err) { | ||
toast({ | ||
title: 'An unknown error occurred', | ||
description: | ||
'We encountered an unknown error while attempting to sign you In. Please try again later.', | ||
variant: 'destructive', | ||
}); | ||
} | ||
}; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Correct the provider key in the signIn
function for OIDC.
- await signIn('oidc', { callbackUrl: LOGIN_REDIRECT_PATH });
+ await signIn('oidc', { callbackUrl: LOGIN_REDIRECT_PATH });
The onSignInWithOIDCClick
function should use 'oidc' as the provider key for the OIDC sign-in to match the intended authentication method.
Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation.
const onSignInWithOIDCClick = async () => { | |
try { | |
await signIn('oidc', { callbackUrl: LOGIN_REDIRECT_PATH }); | |
} catch (err) { | |
toast({ | |
title: 'An unknown error occurred', | |
description: | |
'We encountered an unknown error while attempting to sign you In. Please try again later.', | |
variant: 'destructive', | |
}); | |
} | |
}; | |
const onSignInWithOIDCClick = async () => { | |
try { | |
await signIn('oidc', { callbackUrl: LOGIN_REDIRECT_PATH }); | |
} catch (err) { | |
toast({ | |
title: 'An unknown error occurred', | |
description: | |
'We encountered an unknown error while attempting to sign you In. Please try again later.', | |
variant: 'destructive', | |
}); | |
} | |
}; |
@tankerkiller125 this looks pretty neat 👀 Please give us some time to review this :) |
@ElTimuro No problem, one thing that we might want to do before merging (that I didn't do) is add an environment variable to allow custom naming of the Buttons (so instead of saying Sign up with OIDC it could say something like "Sign up with Example Company" or something. I simply wasn't sure how to best handle exposing environment variables to the UI as I was initially making the PR. |
|
I agree that the default should indeed be OIDC, but a customization option would be good. |
any progress on this? |
|
Hey there, apologies on the delay for this one. It seems pretty neat but would only support one OIDC provider per deployment (instance) correct? Ideally we would allow a given user to configure their OIDC provider and they would receive a URL for sign in or a subdomain. That said I'd be happy to merge this as a first cut for self-hosters since it does seem really neat and then work toward the improvement in the future 😄 |
@Mythie Yes, this only support a single OIDC provider, I did think about the multi-OIDC provider thing, however I just didn't see a good way to pull it off with my limited knowledge of the project, and NodeJS itself (and the supporting libraries). |
name: Pull Request
about: Submit changes to the project for review and inclusion
Description
This PR adds generic OIDC as an authentication provider. This allows personal users and companies potentially to define whatever IdP they want as long as it supports the OIDC well known format. (Azure, Zitadel, Authentik, KeyCloak, Google, etc. all support it)
Related Issue
Fixes #1090
Changes Made
IdentityProvider
EnumTesting Performed
Zitadel
User Info inside ID Token
in Token settingsAuthentik
Azure AD
Checklist
Additional Notes
Summary by CodeRabbit