[SSO] New user provision flow (#173)

* Initial commit of new user sso flow * Adjusted stateSplit conditional per review
2025-12-18 17:23:37 +00:00 · 2020-10-13 15:21:03 -05:00
parent 595215a9da
commit d84d6da7f7
4 changed files with 63 additions and 11 deletions
--- a/src/angular/components/sso.component.ts
+++ b/src/angular/components/sso.component.ts
@@ -52,7 +52,7 @@ export class SsoComponent {
                await this.storageService.remove(ConstantsService.ssoCodeVerifierKey);
                await this.storageService.remove(ConstantsService.ssoStateKey);
                if (qParams.code != null && codeVerifier != null && state != null && state === qParams.state) {
-                    await this.logIn(qParams.code, codeVerifier);
+                    await this.logIn(qParams.code, codeVerifier, this.getOrgIdentiferFromState(state));
                }
            } else if (qParams.clientId != null && qParams.redirectUri != null && qParams.state != null &&
                qParams.codeChallenge != null) {
@@ -109,10 +109,14 @@ export class SsoComponent {
            if (returnUri) {
                state += `_returnUri='${returnUri}'`;
            }
-
-            await this.storageService.save(ConstantsService.ssoStateKey, state);
        }

+        // Add Organization Identifier to state
+        state += `_identifier=${this.identifier}`;
+
+        // Save state (regardless of new or existing)
+        await this.storageService.save(ConstantsService.ssoStateKey, state);
+
        let authorizeUrl = this.apiService.identityBaseUrl + '/connect/authorize?' +
            'client_id=' + this.clientId + '&redirect_uri=' + encodeURIComponent(this.redirectUri) + '&' +
            'response_type=code&scope=api offline_access&' +
@@ -128,7 +132,7 @@ export class SsoComponent {
        return authorizeUrl;
    }

-    private async logIn(code: string, codeVerifier: string) {
+    private async logIn(code: string, codeVerifier: string, orgIdFromState: string) {
        this.loggingIn = true;
        try {
            this.formPromise = this.authService.logInSso(code, codeVerifier, this.redirectUri);
@@ -140,7 +144,7 @@ export class SsoComponent {
                } else {
                    this.router.navigate([this.twoFactorRoute], {
                        queryParams: {
-                            resetMasterPassword: response.resetMasterPassword,
+                            identifier: orgIdFromState,
                        },
                    });
                }
@@ -149,7 +153,11 @@ export class SsoComponent {
                if (this.onSuccessfulLoginChangePasswordNavigate != null) {
                    this.onSuccessfulLoginChangePasswordNavigate();
                } else {
-                    this.router.navigate([this.changePasswordRoute]);
+                    this.router.navigate([this.changePasswordRoute], {
+                        queryParams: {
+                            identifier: orgIdFromState,
+                        },
+                    });
                }
            } else {
                const disableFavicon = await this.storageService.get<boolean>(ConstantsService.disableFaviconKey);
@@ -167,4 +175,13 @@ export class SsoComponent {
        } catch { }
        this.loggingIn = false;
    }
+
+    private getOrgIdentiferFromState(state: string): string {
+        if (!state) {
+            return null;
+        }
+
+        const stateSplit = state.split('_identifier=');
+        return stateSplit.length > 1 ? stateSplit[1] : null;
+    }
 }