feat: add organisation sso portal (#1946)

Allow organisations to manage an SSO OIDC compliant portal. This method is intended to streamline the onboarding process and paves the way to allow organisations to manage their members in a more strict way.
2025-11-15 09:12:02 +10:00 · 2025-09-09 17:14:07 +10:00
parent 374f2c45b4
commit 9ac7b94d9a
56 changed files with 2922 additions and 200 deletions
--- a/packages/auth/server/routes/callback.ts
+++ b/packages/auth/server/routes/callback.ts
@ -1,7 +1,10 @@
 import { Hono } from 'hono';

+import { AppError } from '@documenso/lib/errors/app-error';
+
 import { GoogleAuthOptions, OidcAuthOptions } from '../config';
 import { handleOAuthCallbackUrl } from '../lib/utils/handle-oauth-callback-url';
+import { handleOAuthOrganisationCallbackUrl } from '../lib/utils/handle-oauth-organisation-callback-url';
 import type { HonoAuthContext } from '../types/context';

 /**
@ -14,6 +17,31 @@ export const callbackRoute = new Hono<HonoAuthContext>()
   */
  .get('/oidc', async (c) => handleOAuthCallbackUrl({ c, clientOptions: OidcAuthOptions }))

+  /**
+   * Organisation OIDC callback verification.
+   */
+  .get('/oidc/org/:orgUrl', async (c) => {
+    const orgUrl = c.req.param('orgUrl');
+
+    try {
+      return await handleOAuthOrganisationCallbackUrl({
+        c,
+        orgUrl,
+      });
+    } catch (err) {
+      console.error(err);
+
+      if (err instanceof Error) {
+        throw new AppError(err.name, {
+          message: err.message,
+          statusCode: 500,
+        });
+      }
+
+      throw err;
+    }
+  })
+
  /**
   * Google callback verification.
   */