[PM-1632] Redirect on SSO required response from connect/token (#17637)

* feat: add Identity Sso Required Response type as possible response from token endpoint. * feat: consume sso organization identifier to redirect user * feat: add get requiresSso to AuthResult for more ergonomic code. * feat: sso-redirect on sso-required for CLI and Desktop * chore: fixing type errors * test: fix and add tests for new sso method * docs: fix misspelling * fix: get email from AuthResult instead of the FormGroup * fix:claude: when email is not available for SSO login show error toast. * fix:claude: add null safety check
2026-02-24 08:33:29 +00:00 · 2025-12-10 10:31:28 -05:00
parent 852248d5fa
commit 0e277a411d
19 changed files with 308 additions and 48 deletions
--- a/apps/desktop/src/platform/preload.ts
+++ b/apps/desktop/src/platform/preload.ts
@@ -108,8 +108,13 @@ const ephemeralStore = {
 };

 const localhostCallbackService = {
-  openSsoPrompt: (codeChallenge: string, state: string, email: string): Promise<void> => {
-    return ipcRenderer.invoke("openSsoPrompt", { codeChallenge, state, email });
+  openSsoPrompt: (
+    codeChallenge: string,
+    state: string,
+    email: string,
+    orgSsoIdentifier?: string,
+  ): Promise<void> => {
+    return ipcRenderer.invoke("openSsoPrompt", { codeChallenge, state, email, orgSsoIdentifier });
  },
 };

--- a/apps/desktop/src/platform/services/sso-localhost-callback.service.ts
+++ b/apps/desktop/src/platform/services/sso-localhost-callback.service.ts
@@ -25,20 +25,25 @@ export class SSOLocalhostCallbackService {
    private messagingService: MessageSender,
    private ssoUrlService: SsoUrlService,
  ) {
-    ipcMain.handle("openSsoPrompt", async (event, { codeChallenge, state, email }) => {
-      // Close any existing server before starting new one
-      if (this.currentServer) {
-        await this.closeCurrentServer();
-      }
+    ipcMain.handle(
+      "openSsoPrompt",
+      async (event, { codeChallenge, state, email, orgSsoIdentifier }) => {
+        // Close any existing server before starting new one
+        if (this.currentServer) {
+          await this.closeCurrentServer();
+        }

-      return this.openSsoPrompt(codeChallenge, state, email).then(({ ssoCode, recvState }) => {
-        this.messagingService.send("ssoCallback", {
-          code: ssoCode,
-          state: recvState,
-          redirectUri: this.ssoRedirectUri,
-        });
-      });
-    });
+        return this.openSsoPrompt(codeChallenge, state, email, orgSsoIdentifier).then(
+          ({ ssoCode, recvState }) => {
+            this.messagingService.send("ssoCallback", {
+              code: ssoCode,
+              state: recvState,
+              redirectUri: this.ssoRedirectUri,
+            });
+          },
+        );
+      },
+    );
  }

  private async closeCurrentServer(): Promise<void> {
@@ -58,6 +63,7 @@ export class SSOLocalhostCallbackService {
    codeChallenge: string,
    state: string,
    email: string,
+    orgSsoIdentifier?: string,
  ): Promise<{ ssoCode: string; recvState: string }> {
    const env = await firstValueFrom(this.environmentService.environment$);

@@ -121,6 +127,7 @@ export class SSOLocalhostCallbackService {
          state,
          codeChallenge,
          email,
+          orgSsoIdentifier,
        );

        // Set up error handler before attempting to listen