()
| 160 | } |
| 161 | |
| 162 | function buildSSOConfigFromEnv(): SSOProviderConfig | null { |
| 163 | const enabled = process.env.SSO_ENABLED === 'true' |
| 164 | if (!enabled) return null |
| 165 | |
| 166 | const providerId = process.env.SSO_PROVIDER_ID |
| 167 | const issuer = process.env.SSO_ISSUER |
| 168 | const domain = process.env.SSO_DOMAIN |
| 169 | const providerType = process.env.SSO_PROVIDER_TYPE as 'oidc' | 'saml' |
| 170 | |
| 171 | if (!providerId || !issuer || !domain || !providerType) { |
| 172 | return null |
| 173 | } |
| 174 | |
| 175 | const config: SSOProviderConfig = { |
| 176 | providerId, |
| 177 | issuer, |
| 178 | domain, |
| 179 | providerType, |
| 180 | } |
| 181 | |
| 182 | config.mapping = { |
| 183 | id: |
| 184 | process.env.SSO_MAPPING_ID || |
| 185 | (providerType === 'oidc' |
| 186 | ? 'sub' |
| 187 | : 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier'), |
| 188 | email: |
| 189 | process.env.SSO_MAPPING_EMAIL || |
| 190 | (providerType === 'oidc' |
| 191 | ? 'email' |
| 192 | : 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress'), |
| 193 | name: |
| 194 | process.env.SSO_MAPPING_NAME || |
| 195 | (providerType === 'oidc' |
| 196 | ? 'name' |
| 197 | : 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name'), |
| 198 | image: process.env.SSO_MAPPING_IMAGE || (providerType === 'oidc' ? 'picture' : undefined), |
| 199 | } |
| 200 | |
| 201 | if (providerType === 'oidc') { |
| 202 | const clientId = process.env.SSO_OIDC_CLIENT_ID |
| 203 | const clientSecret = process.env.SSO_OIDC_CLIENT_SECRET |
| 204 | |
| 205 | if (!clientId || !clientSecret) { |
| 206 | return null |
| 207 | } |
| 208 | |
| 209 | config.oidcConfig = { |
| 210 | clientId, |
| 211 | clientSecret, |
| 212 | scopes: process.env.SSO_OIDC_SCOPES?.split(',').map((s) => s.trim()) || [ |
| 213 | 'openid', |
| 214 | 'profile', |
| 215 | 'email', |
| 216 | ], |
| 217 | pkce: process.env.SSO_OIDC_PKCE !== 'false', |
| 218 | authorizationEndpoint: process.env.SSO_OIDC_AUTHORIZATION_ENDPOINT, |
| 219 | tokenEndpoint: process.env.SSO_OIDC_TOKEN_ENDPOINT, |
no test coverage detected