-
Notifications
You must be signed in to change notification settings - Fork 9.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
SAML re-authorization dialog #8910
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Testing notes:
- Overall this works well and will hopefully help with some of the auth issues coming through 👍
- I can foresee some minor confusion with "authorize" and "continue" on the SSO page. We do not explicitly say you have to click "authorize", just "grant access". I think most will get it though. If the user clicks continue, we surface a similar warning but only in the console logs:
install.ts:27 fetchCommit: returned an error 'github/quality@de8bc7a12fc8208e9e21ff47777bee9e13905d26'
Error: Resource protected by organization SAML enforcement. You must grant your personal token access to this organization.
No strong feels on doing anything to change the current fix, just wanted to point it out.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Code looks great! Thanks @niik ✨. And thanks @tierninho for testing 🙏
Description
This introduces special case handling of a particular set of access denied errors related to SAML and SSO. When a user is signed in but their token hasn't yet been authorized for a particular SAML organization fetches, pushes, and pulls will fail with a specific error message from the server informing the user that they need to re-authorize (sign out and back in again).
Screenshots
Before
After
Flow
Testing notes (requires membership in a SAML org)
4. Attempt to fetch, push, or pull a private repository owned by your SAML org
Expected result is a dialog that allows you to sign in again using the Web flow where you have the ability to authorize the SAML org.
Release notes
Notes: