feat: enableSingleSignOnSignUp support

This commit is contained in:
Piotr Łoboda 2026-02-25 17:06:20 +01:00
parent 917649b97a
commit 52fa2fcb50
3 changed files with 6 additions and 4 deletions

View file

@ -16,6 +16,7 @@ export class AppConfig {
allowedCookieDomains: [],
skipCookieDomainSecurity: false,
enableSingleSignOn: false,
enableSingleSignOnSignUp: false,
singleSignOnUrl: '',
singleSignOnEmailAttribute: 'email',
singleSignOnScopes: ['openid', 'email'],
@ -117,11 +118,10 @@ export class AppConfig {
return this.config;
}
static async isSignupAllowed(): Promise<boolean> {
static async isSignupAllowed(sso: boolean=false): Promise<boolean> {
await this.loadConfig();
const areSignupsAllowed = this.config.auth.allowSignups;
const areSignupsAllowed = (sso) ? this.config.auth.enableSingleSignOnSignUp : this.config.auth.allowSignups;
const areThereAdmins = await UserModel.isThereAnAdmin();
if (areSignupsAllowed || !areThereAdmins) {

View file

@ -169,7 +169,7 @@ export class OidcModel {
throw new Error(`Missing user/${emailAttribute}`);
}
const isSignupAllowed = await AppConfig.isSignupAllowed();
const isSignupAllowed = await AppConfig.isSignupAllowed(true);
const isThereAnAdmin = await UserModel.isThereAnAdmin();
// Confirm the user exists (or signup if allowed)

View file

@ -159,6 +159,8 @@ export interface Config {
skipCookieDomainSecurity: boolean;
/** If true, single sign-on will be enabled */
enableSingleSignOn: boolean;
/** If true, single sign-on signups will be enabled overriding allowSignups */
enableSingleSignOnSignUp: boolean;
/** The Discovery URL (AKA Issuer) of the identity/single sign-on provider */
singleSignOnUrl: string;
/** The attribute to prefer as email of the identity/single sign-on provider */