fix(nile-js): add logout to oidc

niledatabase · Dec 13, 2022 · f1fd65e · f1fd65e · vercel · Dec 13, 2022
1 parent 1e3ef0e
commit f1fd65e
Show file tree

Hide file tree

Showing 5 changed files with 121 additions and 35 deletions.
diff --git a/lib/nile/spec/api.yaml b/lib/nile/spec/api.yaml
@@ -4,7 +4,7 @@ info:
   description: Making SaaS chill.
   contact:
     email: [email protected]
-  version: 0.1.0-29e6372
+  version: 0.1.0-1b01fa4
 servers:
   - url: localhost:8080
 tags:
@@ -966,6 +966,24 @@ paths:
             application/json:
               schema:
                 $ref: '#/components/schemas/Error'
+  /auth/oidc/managed:
+    get:
+      tags:
+        - auth
+      summary: Callback for Nile-managed OIDC
+      operationId: managedOidcCallback
+      parameters:
+        - name: code
+          in: query
+          schema:
+            type: string
+        - name: state
+          in: query
+          schema:
+            type: string
+      responses:
+        '302':
+          description: Redirect to the appropriate URL for the workspace
   /workspaces/{workspace}/orgs/{org}/users:
     get:
       tags:
@@ -1110,34 +1128,6 @@ paths:
       responses:
         '204':
           description: Successful org deletion
-  /workspaces/{workspace}/orgs/{org}/oidc/providers/{providerName}/login:
-    get:
-      tags:
-        - organizations
-      summary: Login to an organization with OIDC
-      description: Initiate the OIDC login flow with a redirect for this org and provider
-      operationId: oidcOrganizationLogin
-      parameters:
-        - name: workspace
-          in: path
-          required: false
-          schema:
-            type: string
-        - name: org
-          in: path
-          required: true
-          schema:
-            type: string
-        - name: providerName
-          in: path
-          required: true
-          schema:
-            type: string
-            enum:
-              - GOOGLE
-      responses:
-        '302':
-          description: Redirect to OIDC provider login page
   /workspaces/{workspace}/orgs/{org}/users/{user}:
     put:
       tags:
@@ -1189,6 +1179,35 @@ paths:
       responses:
         '204':
           description: Successful user removal
+  /workspaces/{workspace}/orgs/{org}/oidc/providers/{providerName}/login:
+    get:
+      tags:
+        - organizations
+      summary: Login to an organization with OIDC
+      description: Initiate the OIDC login flow with a redirect for this org and provider
+      operationId: oidcOrganizationLogin
+      parameters:
+        - name: workspace
+          in: path
+          required: false
+          schema:
+            type: string
+        - name: org
+          in: path
+          required: true
+          schema:
+            type: string
+        - name: providerName
+          in: path
+          required: true
+          schema:
+            type: string
+            enum:
+              - GOOGLE
+              - UNKNOWN
+      responses:
+        '302':
+          description: Redirect to OIDC provider login page
   /workspaces/{workspace}/access_tokens:
     get:
       tags:
@@ -1486,6 +1505,22 @@ paths:
       responses:
         '204':
           description: Successful user deletion
+  /workspaces/{workspace}/oidc/signout:
+    get:
+      tags:
+        - workspaces
+      summary: Sign out of workspace
+      description: Sign out of a workspace
+      operationId: oidcWorkspaceSignOut
+      parameters:
+        - name: workspace
+          in: path
+          required: false
+          schema:
+            type: string
+      responses:
+        '302':
+          description: Redirect to OIDC provider sign out page
   /workspaces/{workspace}/oidc/providers/{providerName}/login:
     get:
       tags:
@@ -1508,6 +1543,7 @@ paths:
             type: string
             enum:
               - GOOGLE
+              - UNKNOWN
       responses:
         '302':
           description: Redirect to OIDC provider login page
@@ -1963,6 +1999,25 @@ components:
             - conflict
             - access_token_not_found
             - precondition_failed
+            - provider_not_found
+            - provider_already_exists
+            - provider_config_error
+            - provider_mismatch
+            - provider_update_error
+            - party_not_found
+            - session_state_missing
+            - session_state_mismatch
+            - oidc_code_missing
+            - oidc_attempt_not_found
+            - oidc_unsupported_auth
+            - oidc_token_fetch_error
+            - oidc_client_invalid
+            - oidc_client_unauthorized
+            - oidc_grant_invalid
+            - oidc_grant_unsupported
+            - oidc_scope_invalid
+            - oidc_token_unidentifiable
+            - oidc_redirect_urls_undefined
         message:
           type: string
         status_code:
@@ -2740,6 +2795,7 @@ components:
           type: string
           enum:
             - GOOGLE
+            - UNKNOWN
         enabled:
           type: boolean
         integration_mode:

diff --git a/lib/nile/src/Nile.ts b/lib/nile/src/Nile.ts
@@ -15,7 +15,11 @@ import { Configuration, ConfigurationParameters } from './client/src/runtime';
 import EventsApi from './EventsApi';
 import { AuthToken, DeveloperCredentials } from './model/DeveloperCredentials';
 import { OrgProviders, organizationProviders } from './OrganizationsOidc';
-import { SpaceProviders, workspaceProviders } from './WorkspaceOidc';
+import {
+  SpaceProviders,
+  workspaceLogout,
+  workspaceProviders,
+} from './WorkspaceOidc';
 
 type OrganizationsApi = OrgApi & OrgProviders;
 type WorkspacesApi = WorkspaceApi & SpaceProviders;
@@ -50,7 +54,10 @@ export class NileApi {
       this.config?.workspace
     );
     this.workspaces = new WorkspaceApi(configuration) as WorkspacesApi;
-    this.workspaces.oidc = worksProviders;
+    this.workspaces.oidc = {
+      providers: worksProviders,
+      logout: workspaceLogout(this.config?.basePath, this.config?.workspace),
+    };
 
     this.users = new UsersApi(configuration);
     this.developers = new DevelopersApi(configuration);
@@ -75,7 +82,10 @@ export class NileApi {
         this.config?.basePath,
         workspace
       );
-      this.workspaces.oidc = worksProviders;
+      this.workspaces.oidc = {
+        providers: worksProviders,
+        logout: workspaceLogout(this.config?.basePath, this.config?.workspace),
+      };
 
       this.organizations.workspace = workspace;
       this.users.workspace = workspace;

diff --git a/lib/nile/src/WorkspaceOidc.ts b/lib/nile/src/WorkspaceOidc.ts
@@ -3,7 +3,10 @@ import { OidcWorkspaceLoginProviderNameEnum } from './client/src';
 type ProviderFn = () => string;
 
 export type SpaceProviders = {
-  oidc: WorkspaceIdentityProviders;
+  oidc: {
+    providers: WorkspaceIdentityProviders;
+    logout: string;
+  };
 };
 
 export type WorkspaceIdentityProviders = {
@@ -32,3 +35,13 @@ export const workspaceProviders = (basePath?: string, workspace?: string) =>
     },
     {} as WorkspaceIdentityProviders
   );
+
+/**
+ *
+ * @param basePath the FQDN from the config object
+ * @param workspace the nile workspace
+ * @returns a string to link to remove the session
+ */
+export const workspaceLogout = (basePath?: string, workspace?: string) => {
+  return [basePath, 'workspaces', workspace, 'oidc', 'signout'].join('/');
+};
diff --git a/lib/nile/src/test/index.test.ts b/lib/nile/src/test/index.test.ts
@@ -41,6 +41,7 @@ describe('index', () => {
             'listAccessTokens',
             'listWorkspaces',
             'oidcWorkspaceLogin',
+            'oidcWorkspaceSignOut',
             'updateAccessToken',
             'updateOIDCProviders',
             'updateOIDCRedirects',
@@ -250,10 +251,16 @@ describe('index', () => {
   describe('oidc', () => {
     it('sets the correct oidc workspace url', () => {
       const nile = Nile({ workspace: '123' });
-      expect(nile.workspaces.oidc.GOOGLE()).toEqual(
+      expect(nile.workspaces.oidc.providers.GOOGLE()).toEqual(
         'http://localhost:8080/workspaces/123/oidc/providers/GOOGLE/login'
       );
     });
+    it('has a logout url', () => {
+      const nile = Nile({ workspace: '123' });
+      expect(nile.workspaces.oidc.logout).toEqual(
+        'http://localhost:8080/workspaces/123/oidc/signout'
+      );
+    });
 
     it('sets the correct oidc organization url', () => {
       const nile = Nile({ workspace: '123' });

diff --git a/packages/react/src/components/GoogleLoginButton/index.tsx b/packages/react/src/components/GoogleLoginButton/index.tsx
@@ -20,7 +20,7 @@ export default function LogInGoogle(props: LogInGoogleProps) {
     if (org) {
       return nile.organizations.oidc.GOOGLE(org);
     }
-    return nile.workspaces.oidc.GOOGLE();
+    return nile.workspaces.oidc.providers.GOOGLE();
     // eslint-disable-next-line react-hooks/exhaustive-deps
   }, [org]);