mirror of
https://github.com/documenso/documenso.git
synced 2025-11-10 04:22:32 +10:00
a902bec96d
Use the `select_account` prompt for SSO OIDC to avoid constantly asking for credentials to be entered with a client has an existing session with the SSO provider.
56 lines
1.5 KiB
TypeScript
56 lines
1.5 KiB
TypeScript
import { sValidator } from '@hono/standard-validator';
|
|
import { Hono } from 'hono';
|
|
import { z } from 'zod';
|
|
|
|
import { GoogleAuthOptions, OidcAuthOptions } from '../config';
|
|
import { handleOAuthAuthorizeUrl } from '../lib/utils/handle-oauth-authorize-url';
|
|
import { getOrganisationAuthenticationPortalOptions } from '../lib/utils/organisation-portal';
|
|
import type { HonoAuthContext } from '../types/context';
|
|
|
|
const ZOAuthAuthorizeSchema = z.object({
|
|
redirectPath: z.string().optional(),
|
|
});
|
|
|
|
export const oauthRoute = new Hono<HonoAuthContext>()
|
|
/**
|
|
* Google authorize endpoint.
|
|
*/
|
|
.post('/authorize/google', sValidator('json', ZOAuthAuthorizeSchema), async (c) => {
|
|
const { redirectPath } = c.req.valid('json');
|
|
|
|
return handleOAuthAuthorizeUrl({
|
|
c,
|
|
clientOptions: GoogleAuthOptions,
|
|
redirectPath,
|
|
});
|
|
})
|
|
/**
|
|
* OIDC authorize endpoint.
|
|
*/
|
|
.post('/authorize/oidc', sValidator('json', ZOAuthAuthorizeSchema), async (c) => {
|
|
const { redirectPath } = c.req.valid('json');
|
|
|
|
return handleOAuthAuthorizeUrl({
|
|
c,
|
|
clientOptions: OidcAuthOptions,
|
|
redirectPath,
|
|
});
|
|
})
|
|
/**
|
|
* Organisation OIDC authorize endpoint.
|
|
*/
|
|
.post('/authorize/oidc/org/:orgUrl', async (c) => {
|
|
const orgUrl = c.req.param('orgUrl');
|
|
|
|
const { clientOptions } = await getOrganisationAuthenticationPortalOptions({
|
|
type: 'url',
|
|
organisationUrl: orgUrl,
|
|
});
|
|
|
|
return await handleOAuthAuthorizeUrl({
|
|
c,
|
|
clientOptions,
|
|
prompt: 'select_account',
|
|
});
|
|
});
|