[PM-1632] Redirect on SSO required response from connect/token (#17637)

* feat: add Identity Sso Required Response type as possible response from token endpoint.

* feat: consume sso organization identifier to redirect user

* feat: add get requiresSso to AuthResult for more ergonomic code.

* feat: sso-redirect on sso-required for CLI and Desktop

* chore: fixing type errors

* test: fix and add tests for new sso method

* docs: fix misspelling

* fix: get email from AuthResult instead of the FormGroup

* fix:claude: when email is not available for SSO login show error toast.

* fix:claude: add null safety check

libs/common/src/auth/models/domain/auth-result.ts

@@ -1,5 +1,7 @@
 // FIXME: Update this file to be type safe and remove this and next line
 // @ts-strict-ignore
+import { Utils } from "@bitwarden/common/platform/misc/utils";
+
 import { UserId } from "../../../types/guid";
 import { TwoFactorProviderType } from "../../enums/two-factor-provider-type";
 
@@ -18,10 +20,16 @@ export class AuthResult {
   email: string;
   requiresEncryptionKeyMigration: boolean;
   requiresDeviceVerification: boolean;
+  ssoOrganizationIdentifier?: string | null;
   // The master-password used in the authentication process
   masterPassword: string | null;
 
   get requiresTwoFactor() {
     return this.twoFactorProviders != null;
   }
+
+  // This is not as extensible as an object-based approach. In the future we may need to adjust to an object based approach.
+  get requiresSso() {
+    return !Utils.isNullOrWhitespace(this.ssoOrganizationIdentifier);
+  }
 }

libs/common/src/auth/models/response/identity-sso-required.response.ts

@@ -0,0 +1,10 @@
+import { BaseResponse } from "@bitwarden/common/models/response/base.response";
+
+export class IdentitySsoRequiredResponse extends BaseResponse {
+  ssoOrganizationIdentifier: string | null;
+
+  constructor(response: any) {
+    super(response);
+    this.ssoOrganizationIdentifier = this.getResponseProperty("SsoOrganizationIdentifier");
+  }
+}