-
-
Notifications
You must be signed in to change notification settings - Fork 3k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
feat(providers): add BoxyHQ SAML provider (#3782)
* added saml-jackson provider * incorporated code review changes * fixed SAMLJacksonProfile type * trying to adjust code for monorepo * cleanup from merge with main * updated docs link * added example * consistent naming * Incorporated code review changes: - env var default values moved to env.local.example - consistent naming and use of id * email is guaranteed to be present
- Loading branch information
1 parent
b0935c7
commit 001354e
Showing
4 changed files
with
105 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,58 @@ | ||
| --- | ||
| id: boxyhq-saml | ||
| title: BoxyHQ SAML | ||
| --- | ||
|
|
||
| ## Documentation | ||
|
|
||
| BoxyHQ SAML is an open source service that handles the SAML login flow as an OAuth 2.0 flow, abstracting away all the complexities of the SAML protocol. | ||
|
|
||
| You can deploy BoxyHQ SAML as a separate service or embed it into your app using our NPM library. [Check out the documentation for more details](https://boxyhq.com/docs/jackson/deploy) | ||
|
|
||
| ## Configuration | ||
|
|
||
| SAML login requires a configuration for every tenant of yours. One common method is to use the domain for an email address to figure out which tenant they belong to. You can also use a unique tenant ID (string) from your backend for this, typically some kind of account or organization ID. | ||
|
|
||
| Check out the [documentation](https://boxyhq.com/docs/jackson/saml-flow#2-saml-config-api) for more details. | ||
|
|
||
| ## Options | ||
|
|
||
| The **BoxyHQ SAML Provider** comes with a set of default options: | ||
|
|
||
| - [BoxyHQ Provider options](https://github.com/nextauthjs/next-auth/tree/main/packages/next-auth/src/providers/boxyhq-saml.ts) | ||
|
|
||
| You can override any of the options to suit your own use case. | ||
|
|
||
| ## Example | ||
|
|
||
| ```ts | ||
| import BoxyHQSAMLProvider from "next-auth/providers/boxyhq-saml" | ||
| ... | ||
| providers: [ | ||
| BoxyHQSAMLProvider({ | ||
| issuer: "http://localhost:5000", | ||
| clientId: "dummy", // The dummy here is necessary since we'll pass tenant and product custom attributes in the client code | ||
| clientSecret: "dummy", // The dummy here is necessary since we'll pass tenant and product custom attributes in the client code | ||
| }) | ||
| } | ||
| ... | ||
| ``` | ||
| On the client side you'll need to pass additional parameters `tenant` and `product` to the `signIn` function. This will allow BoxyHQL SAML to figure out the right SAML configuration and take your user to the right SAML Identity Provider to sign them in. | ||
| ```tsx | ||
| import { signIn } from "next-auth/react"; | ||
| ... | ||
|
|
||
| // Map your users's email to a tenant and product | ||
| const tenant = email.split("@")[1]; | ||
| const product = 'my_awesome_product'; | ||
| ... | ||
| <Button | ||
| onClick={async (event) => { | ||
| event.preventDefault(); | ||
|
|
||
| signIn("boxyhq-saml", {}, { tenant, product }); | ||
| }}> | ||
| ... | ||
| ``` |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,37 @@ | ||
| import type { OAuthConfig, OAuthUserConfig } from "." | ||
|
|
||
| export interface BoxyHQSAMLProfile { | ||
| id: string | ||
| email: string | ||
| firstName?: string | ||
| lastName?: string | ||
| } | ||
|
|
||
| export default function SAMLJackson< | ||
| P extends Record<string, any> = BoxyHQSAMLProfile | ||
| >(options: OAuthUserConfig<P>): OAuthConfig<P> { | ||
| return { | ||
| id: "boxyhq-saml", | ||
| name: "BoxyHQ SAML", | ||
| type: "oauth", | ||
| version: "2.0", | ||
| checks: ["pkce", "state"], | ||
| authorization: { | ||
| url: `${options.issuer}/api/oauth/authorize`, | ||
| params: { | ||
| provider: "saml", | ||
| }, | ||
| }, | ||
| token: `${options.issuer}/api/oauth/token`, | ||
| userinfo: `${options.issuer}/api/oauth/userinfo`, | ||
| profile(profile) { | ||
| return { | ||
| id: profile.id, | ||
| email: profile.email, | ||
| name: [profile.firstName, profile.lastName].filter(Boolean).join(" "), | ||
| image: null, | ||
| } | ||
| }, | ||
| options, | ||
| } | ||
| } |
001354eThere was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Successfully deployed to the following URLs: