-
Notifications
You must be signed in to change notification settings - Fork 271
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
feat(types,clerkjs,backend): Add support for enterprise_sso strategy (#…
- Loading branch information
Showing
25 changed files
with
194 additions
and
48 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,15 @@ | ||
--- | ||
'@clerk/clerk-js': minor | ||
--- | ||
|
||
- Update the supported API version to `2024-10-01` that includes the following changes | ||
- Notification for new sign ins to users' accounts feature becomes available. | ||
- The response for Sign Ins with an email address that matches a **SAML connection** is updated. Instead of responding with a status of `needs_identifier` the API will now return a status of `needs_first_factor` and the email address that matched will be returned in the identifier field. the only strategy that will be included in supported first factors is `enterprise_sso` | ||
|
||
Read more in the [API Version docs](https://clerk.com/docs/backend-requests/versioning/available-versions#2024-10-01) | ||
|
||
- Update components to use the new `enterprise_sso` strategy for sign ins / sign ups that match an enterprise connection and handle the new API response. | ||
|
||
This strategy supersedes SAML to provide a single strategy as the entry point for Enterprise SSO regardless of the underlying protocol used to authenticate the user. | ||
|
||
For now there are two new types of connections that are supported in addition to SAML, Custom OAuth and EASIE (multi-tenant OAuth). |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,13 @@ | ||
--- | ||
'@clerk/types': patch | ||
--- | ||
|
||
Add support for the new `enterprise_sso` strategy. | ||
|
||
This strategy supersedes SAML to provide a single strategy as the entry point for Enterprise Single Sign On regardless of the underlying protocol used to authenticate the user. | ||
For now there are two new types of connections that are supported in addition to SAML, Custom OAuth and EASIE (multi-tenant OAuth). | ||
|
||
- Add a new user setting `enterpriseSSO`, this gets enabled when there is an active enterprise connection for an instance. | ||
- Add support for signing in / signing up with the new `enterprise_sso` strategy. | ||
- Deprecated `userSettings.saml` in favor of `enterprise_sso`. | ||
- Deprecated `saml` sign in strategy in favor of `enterprise_sso`. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,9 @@ | ||
--- | ||
'@clerk/backend': patch | ||
--- | ||
|
||
Update the supported API version to `2024-10-01` that includes the following changes | ||
|
||
No changes affecting the Backend API have been made in this version. | ||
|
||
Read more in the [API Version docs](https://clerk.com/docs/backend-requests/versioning/available-versions#2024-10-01) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -286,7 +286,30 @@ describe('SignInStart', () => { | |
await userEvent.click(screen.getByText('Continue')); | ||
expect(fixtures.signIn.create).toHaveBeenCalled(); | ||
expect(fixtures.signIn.authenticateWithRedirect).toHaveBeenCalledWith({ | ||
strategy: 'saml', | ||
strategy: 'enterprise_sso', | ||
redirectUrl: 'http://localhost/#/sso-callback', | ||
redirectUrlComplete: '/', | ||
}); | ||
}); | ||
}); | ||
|
||
describe('Enterprise SSO', () => { | ||
it('initiates a Enterprise SSO flow if enterprise_sso is listed as the only supported first factor', async () => { | ||
const { wrapper, fixtures } = await createFixtures(f => { | ||
f.withEmailAddress(); | ||
}); | ||
fixtures.signIn.create.mockReturnValueOnce( | ||
Promise.resolve({ | ||
status: 'needs_first_factor', | ||
supportedFirstFactors: [{ strategy: 'enterprise_sso' }], | ||
} as unknown as SignInResource), | ||
); | ||
const { userEvent } = render(<SignInStart />, { wrapper }); | ||
await userEvent.type(screen.getByLabelText(/email address/i), '[email protected]'); | ||
await userEvent.click(screen.getByText('Continue')); | ||
expect(fixtures.signIn.create).toHaveBeenCalled(); | ||
expect(fixtures.signIn.authenticateWithRedirect).toHaveBeenCalledWith({ | ||
strategy: 'enterprise_sso', | ||
redirectUrl: 'http://localhost/#/sso-callback', | ||
redirectUrlComplete: '/', | ||
}); | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -106,13 +106,13 @@ describe('PasswordSection', () => { | |
}); | ||
}); | ||
|
||
describe('with SAML', () => { | ||
describe('with Enterprise SSO', () => { | ||
it('prevents setting a password if user has active enterprise connections', async () => { | ||
const emailAddress = '[email protected]'; | ||
|
||
const config = createFixtures.config(f => { | ||
f.withEmailAddress(); | ||
f.withSaml(); | ||
f.withEnterpriseSso(); | ||
f.withUser({ | ||
email_addresses: [emailAddress], | ||
enterprise_accounts: [ | ||
|
@@ -185,7 +185,7 @@ describe('PasswordSection', () => { | |
|
||
const config = createFixtures.config(f => { | ||
f.withEmailAddress(); | ||
f.withSaml(); | ||
f.withEnterpriseSso(); | ||
f.withUser({ | ||
email_addresses: [emailAddress], | ||
enterprise_accounts: [ | ||
|
@@ -315,13 +315,13 @@ describe('PasswordSection', () => { | |
expect(queryByRole('heading', { name: /update password/i })).not.toBeInTheDocument(); | ||
}); | ||
|
||
describe('with SAML', () => { | ||
describe('with Enterprise SSO', () => { | ||
it('prevents changing a password if user has active enterprise connections', async () => { | ||
const emailAddress = '[email protected]'; | ||
|
||
const config = createFixtures.config(f => { | ||
f.withEmailAddress(); | ||
f.withSaml(); | ||
f.withEnterpriseSso(); | ||
f.withUser({ | ||
password_enabled: true, | ||
email_addresses: [emailAddress], | ||
|
@@ -395,7 +395,7 @@ describe('PasswordSection', () => { | |
|
||
const config = createFixtures.config(f => { | ||
f.withEmailAddress(); | ||
f.withSaml(); | ||
f.withEnterpriseSso(); | ||
f.withUser({ | ||
password_enabled: true, | ||
email_addresses: [emailAddress], | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -51,15 +51,15 @@ describe('ProfileSection', () => { | |
}); | ||
}); | ||
|
||
describe('with SAML', () => { | ||
describe('with Enterprise SSO', () => { | ||
it('disables the first & last name inputs if user has active enterprise connections', async () => { | ||
const emailAddress = '[email protected]'; | ||
const firstName = 'George'; | ||
const lastName = 'Clerk'; | ||
|
||
const config = createFixtures.config(f => { | ||
f.withEmailAddress(); | ||
f.withSaml(); | ||
f.withEnterpriseSso(); | ||
f.withName(); | ||
f.withUser({ | ||
first_name: firstName, | ||
|
@@ -134,7 +134,7 @@ describe('ProfileSection', () => { | |
|
||
const config = createFixtures.config(f => { | ||
f.withEmailAddress(); | ||
f.withSaml(); | ||
f.withEnterpriseSso(); | ||
f.withName(); | ||
f.withUser({ | ||
first_name: firstName, | ||
|
Oops, something went wrong.