chore(sailpoint): cleanup sailpoint page

nextauthjs · May 10, 2024 · 0f2cec5 · 0f2cec5
1 parent de586f6
commit 0f2cec5
Showing 1 changed file with 96 additions and 63 deletions.
diff --git a/docs/pages/getting-started/providers/sailpoint.mdx b/docs/pages/getting-started/providers/sailpoint.mdx
@@ -3,9 +3,19 @@ import { Code } from "@/components/Code"
 
 <img align="right" src="/img/providers/sailpoint.svg" height="64" width="64" />
 
-# SailPoint Identity Secure Cloud Provider
+# SailPoint ISC Provider
 
-SailPoint Identity Secure Cloud (ISC) is an enterprise SaaS platform for identity and security. In order to use this OAuth integration, you will need an ISC tenant. If you're a SailPoint customer or partner, please talk to your SailPoint account manager for more details. If you are a developer, you can check out the [SailPoint Developer Community](https://developer.sailpoint.com/discuss/). 
+SailPoint Identity Secure Cloud (ISC) is an enterprise SaaS platform for identity and security. In order to use this OAuth integration, you will need an ISC tenant. If you're a SailPoint customer or partner, please talk to your SailPoint account manager for more details. If you are a developer, check out the [SailPoint Developer Community](https://developer.sailpoint.com/discuss/).
+
+<Callout>
+  This provider is not shipped with any of the Auth.js packages because it is an
+  enterprise provider for which we cannot obtain a tenant to test and ensure
+  compatibility. That being said, we'd like to make providers like these
+  available to our users, so we will share a copy and paste version of the
+  provider on respective docs pages like this. The provider configuration below
+  is provided as-is and has been submitted by a community member with access to
+  a SailPoint tenant.
+</Callout>
 
 ## Resources
 
@@ -21,34 +31,48 @@ SailPoint Identity Secure Cloud (ISC) is an enterprise SaaS platform for identit
   <Code.Next>
 
 ```bash
-https://example.com/api/auth/callback/identitySecureCloud
+https://example.com/api/auth/callback/sailpoint
 ```
 
   </Code.Next>
   <Code.Svelte>
 
 ```bash
-https://example.com/auth/callback/identitySecureCloud
+https://example.com/auth/callback/sailpoint
 ```
 
   </Code.Svelte>
+  <Code.Express>
+
+```bash
+https://example.com/auth/callback/sailpoint
+```
+
+  </Code.Express>
 </Code>
 
 ### Create OAuth Client
 
-Find your Identity Secure Cloud Tenant OAuth Information which can be found at `https://{tenant}.api.identitynow.com/oauth/info`. Create an OAuth Client (following this [guide](https://documentation.sailpoint.com/saas/help/common/api_keys.html?h=oauth+client#creating-an-api-key)) with grant types: `AUTHORIZATION_TOKEN` and `REFRESH_TOKEN`. Redirect URL should match your version of the Callback URL above. Finally, select the scopes `sp:scope:all`. Note down the generated `clientId` and `clientSecret`.
+First, you'll need to create a client in your SailPoint admin console in order to get your `clientId` and `clientSecret`. You can follow this [guide](https://documentation.sailpoint.com/saas/help/common/api_keys.html?h=oauth+client#creating-an-api-key), or follow the main steps below.
+
+1. Create an OAuth Client () with grant types: `AUTHORIZATION_TOKEN` and `REFRESH_TOKEN`.
+2. Set the redirect URL to match your callback URL, based on the example above.
+3. Finally, select the scopes `sp:scope:all`.
+4. Click "**Create**" and note down the generated `clientId` and `clientSecret`.
 
 ### Environment Variables
 
-```
-ISC_BASE_API_URL=https://{tenant}.api.identitynow.com
-ISC_BASE_URL=https://{tenant}.identitynow.com
-ISC_CLIENT_ID=
-ISC_CLIENT_SECRET=
+```sh
+AUTH_SAILPOINT_ID=
+AUTH_SAILPOINT_SECRET=
+AUTH_SAILPOINT_BASE_URL=https://{tenant}.identitynow.com
+AUTH_SAILPOINT_BASE_API_URL=https://{tenant}.api.identitynow.com
 ```
 
 ### Configuration
 
+Unlike other Auth.js providers, this cannot be imported from the package (see the note at the top of this page for more details). However, you can copy and paste the following object into your `providers` array to enable this provider.
+
 <Code>
   <Code.Next>
 
@@ -58,26 +82,26 @@ import NextAuth from "next-auth"
 export const { handlers, auth, signIn, signOut } = NextAuth({
   providers: [
     {
-      id: "identitySecureCloud",
-      name: "Identity Secure Cloud",
+      id: "sailpoint",
+      name: "SailPoint",
       type: "oauth",
-      clientId: process.env.ISC_CLIENT_ID!,
-      clientSecret: process.env.ISC_CLIENT_SECRET!,
+      clientId: process.env.AUTH_SAILPOINT_ID!,
+      clientSecret: process.env.AUTH_SAILPOINT_SECRET!,
       authorization: {
-        url: `${process.env.ISC_BASE_URL!}/oauth/authorize`,
-        params: { scope: 'sp:scopes:all' },
+        url: `${process.env.AUTH_SAILPOINT_BASE_URL!}/oauth/authorize`,
+        params: { scope: "sp:scopes:all" },
       },
-      token: `${process.env.ISC_BASE_API_URL!}/oauth/token`,
-      userinfo: `${process.env.ISC_BASE_API_URL!}/oauth/userinfo`,
+      token: `${process.env.AUTH_SAILPOINT_BASE_API_URL!}/oauth/token`,
+      userinfo: `${process.env.AUTH_SAILPOINT_BASE_API_URL!}/oauth/userinfo`,
       profile(profile) {
         return {
-            id: profile.id,
-            email: profile.email,
-            name: profile.uid,
-            image: null
+          id: profile.id,
+          email: profile.email,
+          name: profile.uid,
+          image: null,
         }
       },
-      style: { text: "#011E69", bg: "#fff", logo: "sailpoint.svg" },
+      style: { brandColor: "#011E69", logo: "sailpoint.svg" },
     },
   ],
 })
@@ -100,19 +124,19 @@ export const { handle, signIn, signOut } = SvelteKitAuth({
       clientSecret: env.ISC_CLIENT_SECRET!,
       authorization: {
         url: `${env.ISC_BASE_URL!}/oauth/authorize`,
-        params: { scope: 'sp:scopes:all' },
+        params: { scope: "sp:scopes:all" },
       },
       token: `${env.ISC_BASE_API_URL!}/oauth/token`,
       userinfo: `${env.ISC_BASE_API_URL!}/oauth/userinfo`,
       profile(profile) {
         return {
-            id: profile.id,
-            email: profile.email,
-            name: profile.uid,
-            image: null
+          id: profile.id,
+          email: profile.email,
+          name: profile.uid,
+          image: null,
         }
       },
-      style: { text: "#011E69", bg: "#fff", logo: "sailpoint.svg" },
+      style: { brandColor: "#011E69", logo: "sailpoint.svg" },
     },
   ],
 })
@@ -124,49 +148,58 @@ export const { handle, signIn, signOut } = SvelteKitAuth({
 ```ts filename="/src/app.ts"
 import { ExpressAuth } from "@auth/express"
 
-app.use("/auth/*", ExpressAuth({ providers: [
-  {
-      id: "identitySecureCloud",
-      name: "Identity Secure Cloud",
-      type: "oauth",
-      clientId: process.env.ISC_CLIENT_ID!,
-      clientSecret: process.env.ISC_CLIENT_SECRET!,
-      authorization: {
-        url: `${process.env.ISC_BASE_URL!}/oauth/authorize`,
-        params: { scope: 'sp:scopes:all' },
-      },
-      token: `${process.env.ISC_BASE_API_URL!}/oauth/token`,
-      userinfo: `${process.env.ISC_BASE_API_URL!}/oauth/userinfo`,
-      profile(profile) {
-        return {
+app.use(
+  "/auth/*",
+  ExpressAuth({
+    providers: [
+      {
+        id: "identitySecureCloud",
+        name: "Identity Secure Cloud",
+        type: "oauth",
+        clientId: process.env.ISC_CLIENT_ID!,
+        clientSecret: process.env.ISC_CLIENT_SECRET!,
+        authorization: {
+          url: `${process.env.ISC_BASE_URL!}/oauth/authorize`,
+          params: { scope: "sp:scopes:all" },
+        },
+        token: `${process.env.ISC_BASE_API_URL!}/oauth/token`,
+        userinfo: `${process.env.ISC_BASE_API_URL!}/oauth/userinfo`,
+        profile(profile) {
+          return {
             id: profile.id,
             email: profile.email,
             name: profile.uid,
-            image: null
-        }
+            image: null,
+          }
+        },
+        style: { brandColor: "#011E69", logo: "sailpoint.svg" },
       },
-      style: { text: "#011E69", bg: "#fff", logo: "sailpoint.svg" },
-    },
-] }))
+    ],
+  })
+)
 ```
 
   </Code.Express>
 </Code>
 
-Your `userprofile` endpoint will return more fields, but by default the [User table](https://authjs.dev/getting-started/database#models) only supports `id`, `name`, `email`, and `image`. Therefore, if you'd like to use any of the following fields, make sure you modify the `User` table schema in whichever adapter / database you're using.
+### Profile
+
+The SailPoint `userprofile` endpoint will return more fields, but by default the [User table](/getting-started/database#models) only supports `id`, `name`, `email`, and `image`. Therefore, if you'd like to use any of the following fields and you're using a database adapter with Auth.js, make sure you modify the `User` table schema in whichever adapter and database you're using. Then you can additionally return any of these fields from the `profile` callback above.
+
+The available fields from the SailPoint `userprofile` endpoint response include the following.
 
 ```ts
-tenant: profile.tenant,
-id: profile.id,
-uid: profile.uid,
-email: profile.email,
-phone: profile.phone,
-workPhone: profile.workPhone,
-firstname: profile.firstname,
-lastname: profile.lastname,
-capabilities: profile.capabilities,
-displayName: profile.displayName,
-name: profile.uid
+type SailPointProfile = {
+  tenant: string
+  id: string
+  uid: string
+  email: string
+  phone: string
+  workPhone: string
+  firstname: string
+  lastname: string
+  capabilities: string
+  displayName: string
+  name: string
+}
 ```
-
-The above fields will all be available in the `profile` callback.