[PM-5364] Create SSO Login Service and add state ownership (#7485)

* create sso service * rename sso service to sso-login service * rename service * add references to sso login service and update state calls * fix browser * fix desktop * return promises * remove sso state from account and global objects * more descriptive org sso identifier method names * fix sso tests * fix tests
2025-12-18 01:03:35 +00:00 · 2024-02-08 12:44:35 -05:00
parent c2ed6383c6
commit 304c492f24
29 changed files with 259 additions and 177 deletions
--- a/libs/angular/src/auth/components/sso.component.ts
+++ b/libs/angular/src/auth/components/sso.component.ts
@@ -4,6 +4,7 @@ import { first } from "rxjs/operators";

 import { LoginStrategyServiceAbstraction, SsoLoginCredentials } from "@bitwarden/auth/common";
 import { ApiService } from "@bitwarden/common/abstractions/api.service";
+import { SsoLoginServiceAbstraction } from "@bitwarden/common/auth/abstractions/sso-login.service.abstraction";
 import { AuthResult } from "@bitwarden/common/auth/models/domain/auth-result";
 import { ForceSetPasswordReason } from "@bitwarden/common/auth/models/domain/force-set-password-reason";
 import { TrustedDeviceUserDecryptionOption } from "@bitwarden/common/auth/models/domain/user-decryption-options/trusted-device-user-decryption-option";
@@ -46,6 +47,7 @@ export class SsoComponent {
  protected codeChallenge: string;

  constructor(
+    protected ssoLoginService: SsoLoginServiceAbstraction,
    protected loginStrategyService: LoginStrategyServiceAbstraction,
    protected router: Router,
    protected i18nService: I18nService,
@@ -64,10 +66,10 @@ export class SsoComponent {
    // eslint-disable-next-line rxjs/no-async-subscribe
    this.route.queryParams.pipe(first()).subscribe(async (qParams) => {
      if (qParams.code != null && qParams.state != null) {
-        const codeVerifier = await this.stateService.getSsoCodeVerifier();
-        const state = await this.stateService.getSsoState();
-        await this.stateService.setSsoCodeVerifier(null);
-        await this.stateService.setSsoState(null);
+        const codeVerifier = await this.ssoLoginService.getCodeVerifier();
+        const state = await this.ssoLoginService.getSsoState();
+        await this.ssoLoginService.setCodeVerifier(null);
+        await this.ssoLoginService.setSsoState(null);
        if (
          qParams.code != null &&
          codeVerifier != null &&
@@ -133,7 +135,7 @@ export class SsoComponent {
      const codeVerifier = await this.passwordGenerationService.generatePassword(passwordOptions);
      const codeVerifierHash = await this.cryptoFunctionService.hash(codeVerifier, "sha256");
      codeChallenge = Utils.fromBufferToUrlB64(codeVerifierHash);
-      await this.stateService.setSsoCodeVerifier(codeVerifier);
+      await this.ssoLoginService.setCodeVerifier(codeVerifier);
    }

    if (state == null) {
@@ -147,7 +149,7 @@ export class SsoComponent {
    state += `_identifier=${this.identifier}`;

    // Save state (regardless of new or existing)
-    await this.stateService.setSsoState(state);
+    await this.ssoLoginService.setSsoState(state);

    let authorizeUrl =
      this.environmentService.getIdentityUrl() +
@@ -203,7 +205,7 @@ export class SsoComponent {
      // - TDE login decryption options component
      // - Browser SSO on extension open
      // Note: you cannot set this in state before 2FA b/c there won't be an account in state.
-      await this.stateService.setUserSsoOrganizationIdentifier(orgSsoIdentifier);
+      await this.ssoLoginService.setActiveUserOrganizationSsoIdentifier(orgSsoIdentifier);

      // Users enrolled in admin acct recovery can be forced to set a new password after
      // having the admin set a temp password for them (affects TDE & standard users)