[PM-1632] Redirect on SSO required response from connect/token (#17637)

* feat: add Identity Sso Required Response type as possible response from token endpoint. * feat: consume sso organization identifier to redirect user * feat: add get requiresSso to AuthResult for more ergonomic code. * feat: sso-redirect on sso-required for CLI and Desktop * chore: fixing type errors * test: fix and add tests for new sso method * docs: fix misspelling * fix: get email from AuthResult instead of the FormGroup * fix:claude: when email is not available for SSO login show error toast. * fix:claude: add null safety check
2026-02-28 02:23:25 +00:00 · 2025-12-10 10:31:28 -05:00
parent 852248d5fa
commit 0e277a411d
19 changed files with 308 additions and 48 deletions
--- a/libs/auth/src/common/services/sso-redirect/sso-url.service.ts
+++ b/libs/auth/src/common/services/sso-redirect/sso-url.service.ts
@@ -8,9 +8,9 @@ export class SsoUrlService {
   * @param webAppUrl The URL of the web app
   * @param clientType The client type that is initiating SSO, which will drive how the response is handled
   * @param redirectUri The redirect URI or callback that will receive the SSO code after authentication
-   * @param state A state value that will be peristed through the SSO flow
+   * @param state A state value that will be persisted through the SSO flow
   * @param codeChallenge A challenge value that will be used to verify the SSO code after authentication
-   * @param email The optional email adddress of the user initiating SSO, which will be used to look up the org SSO identifier
+   * @param email The optional email address of the user initiating SSO, which will be used to look up the org SSO identifier
   * @param orgSsoIdentifier The optional SSO identifier of the org that is initiating SSO
   * @returns The URL for redirecting users to the web app SSO component
   */