Gergő Jedlicska
7fbda629b7
* feat(workspaces): add workspace sso feature flag * feat(workspaceSso): wip validate sso * feat(workspaces): validate and add sso provider to the workspace with user sso sessions * feat(workspaces): validate and add sso provider to the workspace with user sso sessions
86 lines
2.0 KiB
TypeScript
86 lines
2.0 KiB
TypeScript
import { z } from 'zod'
|
|
|
|
export const oidcProvider = z.object({
|
|
providerName: z.string().min(1),
|
|
clientId: z.string().min(5),
|
|
clientSecret: z.string().min(1),
|
|
issuerUrl: z.string().min(1).url()
|
|
})
|
|
|
|
export type OIDCProvider = z.infer<typeof oidcProvider>
|
|
|
|
type ProviderBaseRecord = {
|
|
id: string
|
|
createdAt: Date
|
|
updatedAt: Date
|
|
}
|
|
|
|
export type OIDCProviderRecord = {
|
|
providerType: 'oidc'
|
|
provider: OIDCProvider
|
|
} & ProviderBaseRecord
|
|
|
|
// since storage is encrypted and provider data should be stored as a json string,
|
|
// this record type could be extended to be a union for other provider types too, like SAML
|
|
export type ProviderRecord = OIDCProviderRecord
|
|
|
|
export type StoreProviderRecord = (args: {
|
|
providerRecord: ProviderRecord
|
|
}) => Promise<void>
|
|
|
|
export type WorkspaceSsoProvider = {
|
|
workspaceId: string
|
|
providerId: string
|
|
} & ProviderRecord
|
|
|
|
export type GetWorkspaceSsoProvider = (args: {
|
|
workspaceId: string
|
|
}) => Promise<WorkspaceSsoProvider | null>
|
|
|
|
export type UserSsoSession = {
|
|
userId: string
|
|
providerId: string
|
|
createdAt: Date
|
|
lifespan: number
|
|
}
|
|
|
|
export type StoreUserSsoSession = (args: {
|
|
userSsoSession: UserSsoSession
|
|
}) => Promise<void>
|
|
|
|
export const oidcProviderValidationRequest = z.object({
|
|
token: z.string(),
|
|
provider: oidcProvider
|
|
})
|
|
export type OIDCProviderValidationRequest = z.infer<
|
|
typeof oidcProviderValidationRequest
|
|
>
|
|
|
|
export type OIDCProviderAttributes = {
|
|
issuer: {
|
|
claimsSupported: string[]
|
|
grantTypesSupported: string[]
|
|
responseTypesSupported: string[]
|
|
}
|
|
client: {
|
|
grantTypes: string[]
|
|
}
|
|
}
|
|
|
|
export type GetOIDCProviderAttributes = (args: {
|
|
provider: OIDCProvider
|
|
}) => Promise<OIDCProviderAttributes>
|
|
|
|
export type StoreOIDCProviderValidationRequest = (
|
|
args: OIDCProviderValidationRequest
|
|
) => Promise<void>
|
|
|
|
export type GetOIDCProviderData = (args: {
|
|
validationToken: string
|
|
}) => Promise<OIDCProvider | null>
|
|
|
|
export type AssociateSsoProviderWithWorkspace = (args: {
|
|
workspaceId: string
|
|
providerId: string
|
|
}) => Promise<void>
|