Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 5 additions & 0 deletions .changeset/plenty-shirts-tease.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
---
'@clerk/backend': patch
---

Add `last_authenticated_at` to `SAMLAccount` resource, which represents the date when the SAML account was last authenticated
7 changes: 7 additions & 0 deletions .changeset/thick-jokes-talk.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
---
'@clerk/clerk-js': patch
'@clerk/types': patch
---

- Add experimental property `last_authenticated_at` to `SamlAccount` resource, which represents the date when the SAML account was last authenticated
- Add experimental support for `enterprise_sso` as a `strategy` param for `session.prepareFirstFactorVerification`
1 change: 1 addition & 0 deletions packages/backend/src/api/resources/JSON.ts
Original file line number Diff line number Diff line change
Expand Up @@ -246,6 +246,7 @@ export interface SamlAccountJSON extends ClerkResourceJSON {
last_name: string;
verification: VerificationJSON | null;
saml_connection: SamlAccountConnectionJSON | null;
last_authenticated_at: number | null;
}

export interface IdentificationLinkJSON extends ClerkResourceJSON {
Expand Down
5 changes: 5 additions & 0 deletions packages/backend/src/api/resources/SamlAccount.ts
Original file line number Diff line number Diff line change
Expand Up @@ -43,6 +43,10 @@ export class SamlAccount {
* The SAML connection of the SAML account.
*/
readonly samlConnection: SamlAccountConnection | null,
/**
* The date when the SAML account was last authenticated.
*/
readonly lastAuthenticatedAt: number | null,
) {}

static fromJSON(data: SamlAccountJSON): SamlAccount {
Expand All @@ -56,6 +60,7 @@ export class SamlAccount {
data.last_name,
data.verification && Verification.fromJSON(data.verification),
data.saml_connection && SamlAccountConnection.fromJSON(data.saml_connection),
data.last_authenticated_at ?? null,
);
}
}
4 changes: 3 additions & 1 deletion packages/clerk-js/src/core/resources/EnterpriseAccount.ts
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,7 @@ export class EnterpriseAccount extends BaseResource implements EnterpriseAccount
publicMetadata = {};
verification: VerificationResource | null = null;
enterpriseConnection: EnterpriseAccountConnectionResource | null = null;
lastAuthenticatedAt: Date | null = null;

public constructor(data: Partial<EnterpriseAccountJSON | EnterpriseAccountJSONSnapshot>, pathRoot: string);
public constructor(data: EnterpriseAccountJSON | EnterpriseAccountJSONSnapshot, pathRoot: string) {
Expand All @@ -46,7 +47,7 @@ export class EnterpriseAccount extends BaseResource implements EnterpriseAccount
this.firstName = data.first_name;
this.lastName = data.last_name;
this.publicMetadata = data.public_metadata;

this.lastAuthenticatedAt = data.last_authenticated_at ? unixEpochToDate(data.last_authenticated_at) : null;
if (data.verification) {
this.verification = new Verification(data.verification);
}
Expand All @@ -72,6 +73,7 @@ export class EnterpriseAccount extends BaseResource implements EnterpriseAccount
public_metadata: this.publicMetadata,
verification: this.verification?.__internal_toSnapshot() || null,
enterprise_connection: this.enterpriseConnection?.__internal_toSnapshot() || null,
last_authenticated_at: this.lastAuthenticatedAt ? this.lastAuthenticatedAt.getTime() : null,
};
}
}
Expand Down
4 changes: 4 additions & 0 deletions packages/clerk-js/src/core/resources/SamlAccount.ts
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,7 @@ export class SamlAccount extends BaseResource implements SamlAccountResource {
lastName = '';
verification: VerificationResource | null = null;
samlConnection: SamlAccountConnectionResource | null = null;
lastAuthenticatedAt: Date | null = null;

public constructor(data: Partial<SamlAccountJSON | SamlAccountJSONSnapshot>, pathRoot: string);
public constructor(data: SamlAccountJSON | SamlAccountJSONSnapshot, pathRoot: string) {
Expand Down Expand Up @@ -52,6 +53,8 @@ export class SamlAccount extends BaseResource implements SamlAccountResource {
this.samlConnection = new SamlAccountConnection(data.saml_connection);
}

this.lastAuthenticatedAt = data.last_authenticated_at ? unixEpochToDate(data.last_authenticated_at) : null;

return this;
}

Expand All @@ -67,6 +70,7 @@ export class SamlAccount extends BaseResource implements SamlAccountResource {
last_name: this.lastName,
verification: this.verification?.__internal_toSnapshot() || null,
saml_connection: this.samlConnection?.__internal_toSnapshot(),
last_authenticated_at: this.lastAuthenticatedAt ? this.lastAuthenticatedAt.getTime() : null,
};
}
}
Expand Down
8 changes: 8 additions & 0 deletions packages/clerk-js/src/core/resources/Session.ts
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@ import type {
ActClaim,
CheckAuthorization,
EmailCodeConfig,
EnterpriseSSOConfig,
GetToken,
GetTokenOptions,
PhoneCodeConfig,
Expand Down Expand Up @@ -179,6 +180,13 @@ export class Session extends BaseResource implements SessionResource {
case 'passkey':
config = {};
break;
case 'enterprise_sso':
config = {
emailAddressId: factor.emailAddressId,
enterpriseConnectionId: factor.enterpriseConnectionId,
redirectUrl: factor.redirectUrl,
} as EnterpriseSSOConfig;
break;
default:
clerkInvalidStrategy('Session.prepareFirstFactorVerification', (factor as any).strategy);
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ import { formatSafeIdentifier } from '@/ui/utils/formatSafeIdentifier';
import type { LocalizationKey } from '../../customizables';
import { Col, descriptors, Flex, Flow, localizationKeys } from '../../customizables';
import { useCardState } from '../../elements/contexts';
import { ChatAltIcon, Email, Fingerprint, LockClosedIcon } from '../../icons';
import { ChatAltIcon, Email, Fingerprint, LockClosedIcon, Organization } from '../../icons';
import { useReverificationAlternativeStrategies } from './useReverificationAlternativeStrategies';
import { useUserVerificationSession } from './useUserVerificationSession';
import { withHavingTrouble } from './withHavingTrouble';
Expand Down Expand Up @@ -128,6 +128,7 @@ export function getButtonIcon(factor: SessionVerificationFirstFactor) {
phone_code: ChatAltIcon,
password: LockClosedIcon,
passkey: Fingerprint,
enterprise_sso: Organization,
} as const;

return icons[factor.strategy];
Expand Down
4 changes: 4 additions & 0 deletions packages/types/src/factors.ts
Original file line number Diff line number Diff line change
Expand Up @@ -124,6 +124,10 @@ export type EnterpriseSSOConfig = EnterpriseSSOFactor & {
redirectUrl: string;
actionCompleteRedirectUrl: string;
oidcPrompt?: string;
/**
* @experimental
*/
emailAddressId?: string;
/**
* @experimental
*/
Expand Down
2 changes: 2 additions & 0 deletions packages/types/src/json.ts
Original file line number Diff line number Diff line change
Expand Up @@ -252,6 +252,7 @@ export interface EnterpriseAccountJSON extends ClerkResourceJSON {
provider_user_id: string | null;
public_metadata: Record<string, unknown>;
verification: VerificationJSON | null;
last_authenticated_at: number | null;
}

export interface EnterpriseAccountConnectionJSON extends ClerkResourceJSON {
Expand Down Expand Up @@ -279,6 +280,7 @@ export interface SamlAccountJSON extends ClerkResourceJSON {
last_name: string;
verification?: VerificationJSON;
saml_connection?: SamlAccountConnectionJSON;
last_authenticated_at: number | null;
}

export interface UserJSON extends ClerkResourceJSON {
Expand Down
10 changes: 9 additions & 1 deletion packages/types/src/session.ts
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@ import type {
BackupCodeAttempt,
EmailCodeAttempt,
EmailCodeConfig,
EnterpriseSSOConfig,
PasskeyAttempt,
PassKeyConfig,
PasswordAttempt,
Expand Down Expand Up @@ -351,7 +352,14 @@ export type SessionVerifyCreateParams = {
level: SessionVerificationLevel;
};

export type SessionVerifyPrepareFirstFactorParams = EmailCodeConfig | PhoneCodeConfig | PassKeyConfig;
export type SessionVerifyPrepareFirstFactorParams =
| EmailCodeConfig
| PhoneCodeConfig
| PassKeyConfig
/**
* @experimental
*/
| Omit<EnterpriseSSOConfig, 'actionCompleteRedirectUrl'>;
export type SessionVerifyAttemptFirstFactorParams =
| EmailCodeAttempt
| PhoneCodeAttempt
Expand Down
11 changes: 10 additions & 1 deletion packages/types/src/sessionVerification.ts
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
import type {
BackupCodeFactor,
EmailCodeFactor,
EnterpriseSSOFactor,
PasskeyFactor,
PasswordFactor,
PhoneCodeFactor,
Expand Down Expand Up @@ -49,5 +50,13 @@ export type ReverificationConfig =
export type SessionVerificationLevel = 'first_factor' | 'second_factor' | 'multi_factor';
export type SessionVerificationAfterMinutes = number;

export type SessionVerificationFirstFactor = EmailCodeFactor | PhoneCodeFactor | PasswordFactor | PasskeyFactor;
export type SessionVerificationFirstFactor =
| EmailCodeFactor
| PhoneCodeFactor
| PasswordFactor
| PasskeyFactor
/**
* @experimental
*/
| EnterpriseSSOFactor;
export type SessionVerificationSecondFactor = PhoneCodeFactor | TOTPFactor | BackupCodeFactor;
Loading