feat: add organisation sso portal (#1946)

Allow organisations to manage an SSO OIDC compliant portal. This method is intended to streamline the onboarding process and paves the way to allow organisations to manage their members in a more strict way.
2025-11-15 17:21:41 +10:00 · 2025-09-09 17:14:07 +10:00
parent 374f2c45b4
commit 9ac7b94d9a
56 changed files with 2922 additions and 200 deletions
--- a/packages/auth/server/routes/oauth.ts
+++ b/packages/auth/server/routes/oauth.ts
@ -4,6 +4,7 @@ import { z } from 'zod';

 import { GoogleAuthOptions, OidcAuthOptions } from '../config';
 import { handleOAuthAuthorizeUrl } from '../lib/utils/handle-oauth-authorize-url';
+import { getOrganisationAuthenticationPortalOptions } from '../lib/utils/organisation-portal';
 import type { HonoAuthContext } from '../types/context';

 const ZOAuthAuthorizeSchema = z.object({
@ -34,4 +35,20 @@ export const oauthRoute = new Hono<HonoAuthContext>()
      clientOptions: OidcAuthOptions,
      redirectPath,
    });
+  })
+  /**
+   * Organisation OIDC authorize endpoint.
+   */
+  .post('/authorize/oidc/org/:orgUrl', async (c) => {
+    const orgUrl = c.req.param('orgUrl');
+
+    const { clientOptions } = await getOrganisationAuthenticationPortalOptions({
+      type: 'url',
+      organisationUrl: orgUrl,
+    });
+
+    return await handleOAuthAuthorizeUrl({
+      c,
+      clientOptions,
+    });
  });