nextauthjs · balazsorban44 · Mar 5, 2022 · Jan 29, 2022 · Feb 2, 2022 · Feb 2, 2022
@@ -30,6 +30,7 @@ import AppleProvider from "next-auth/providers/apple"
 import PatreonProvider from "next-auth/providers/patreon"
 import TraktProvider from "next-auth/providers/trakt"
 import WorkOSProvider from "next-auth/providers/workos"
+import BoxyHQSAMLProvider from "next-auth/providers/boxyhq-saml"
 
 // import { PrismaAdapter } from "@next-auth/prisma-adapter"
 // import { PrismaClient } from "@prisma/client"
@@ -200,6 +201,11 @@ export const authOptions: NextAuthOptions = {
       clientId: process.env.WORKOS_ID,
       clientSecret: process.env.WORKOS_SECRET,
     }),
+    BoxyHQSAMLProvider({
+      issuer: process.env.BOXYHQSAML_ISSUER || "https://jackson-demo.boxyhq.com",
+      clientId: process.env.BOXYHQSAML_ID || "tenant=boxyhq.com&product=saml-demo.boxyhq.com",
+      clientSecret: process.env.BOXYHQSAML_SECRET || "dummy",
+    }),
   ],
   debug: true,
   theme: {

@@ -0,0 +1,58 @@
+---
+id: boxyhq-saml
+title: BoxyHQ SAML Jackson
+---
+
+## Documentation
+
+BoxyHQ SAML Jackson is an open source service that handles the SAML login flow as an OAuth 2.0 flow, abstracting away all the complexities of the SAML protocol.
+
+You can deploy SAML Jackson as a separate service or embed it into your app using our NPM library. [Check out the documentation for more details](https://boxyhq.com/docs/jackson/deploy)
+
+## Configuration
+
+SAML login requires a configuration for every tenant of yours. One common method is to use the domain for an email address to figure out which tenant they belong to. You can also use a unique tenant ID (string) from your backend for this, typically some kind of account or organization ID.
+
+Check out the [documentation](https://boxyhq.com/docs/jackson/saml-flow#2-saml-config-api) for more details.
+
+## Options
+
+The **BoxyHQ SAML Provider** comes with a set of default options:
+
+- [BoxyHQ Provider options](https://github.com/nextauthjs/next-auth/tree/main/packages/next-auth/src/providers/boxyhq-saml.ts)
+
+You can override any of the options to suit your own use case.
+
+## Example
+
+```ts
+import BoxyHQSAMLProvider from "next-auth/providers/boxyhq-saml"
+...
+providers: [
+  BoxyHQSAMLProvider({
+    issuer: "http://localhost:5000",
+    clientId: "dummy", // The dummy here is necessary since we'll pass tenant and product custom attributes in the client code
+    clientSecret: "dummy", // The dummy here is necessary since we'll pass tenant and product custom attributes in the client code
+  })
+}
+...
+```
+
+On the client side you'll need to pass additional parameters `tenant` and `product` to the `signIn` function. This will allow SAML Jackson to figure out the right SAML configuration and take your user to the right SAML Identity Provider to sign them in.
+
+```tsx
+import { signIn } from "next-auth/react";
+...
+
+  // Map your users's email to a tenant and product
+  const tenant = email.split("@")[1];
+  const product = 'my_awesome_product';
+...
+  <Button
+    onClick={async (event) => {
+      event.preventDefault();
+
+      signIn("saml", {}, { tenant, product });
+    }}>
+...
+```
@@ -0,0 +1,37 @@
+import type { OAuthConfig, OAuthUserConfig } from "."
+
+export interface SAMLJacksonProfile {
+  id: string;
+  email?: string;
+  firstName?: string | null;
+  lastName?: string | null;
+}
+
+export default function SAMLJackson<
+  P extends Record<string, any> = SAMLJacksonProfile
+>(options: OAuthUserConfig<P>): OAuthConfig<P> {
+  return {
+    id: "boxyhq-saml",
+    name: "BoxyHQ SAML Jackson",
+    type: "oauth",
+    version: "2.0",
+    checks: ["pkce", "state"],
+    authorization: {
+      url: `${options.issuer}/api/oauth/authorize`,
+      params: {
+        provider: "saml",
+      },
+    },
+    token: `${options.issuer}/api/oauth/token`,
+    userinfo: `${options.issuer}/api/oauth/userinfo`,
+    profile(profile) {
+      return {
+        id: profile.id,
+        email: profile.email || "",
+        name: [profile.firstName, profile.lastName].filter(Boolean).join(" "),
+        image: null,
+      }
+    },
+    options,
+  }
+}