Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Hiding non session SSO providers from the app #21874

Merged
merged 9 commits into from Mar 25, 2024
Merged

Hiding non session SSO providers from the app #21874

merged 9 commits into from Mar 25, 2024

Conversation

br41nslug
Copy link
Member

Fixes #21836

Scope

What's changed:

  • The /auth list endpoint now filters out SSO providers not compatible with the App while keeping the /auth/login/[provider] flow working

Potential Risks / Drawbacks

  • Potential breaking change if someone is depending on the /auth endpoint

Review Notes / Questions

  • I would like to lorem ipsum

@changeset-bot changeset-bot
Copy link

changeset-bot bot commented Mar 15, 2024
edited

🦋 Changeset detected

Latest commit: 7cc5ffd

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 2 packages
Name Type
@directus/api Patch
directus Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

paescuj
paescuj reviewed Mar 15, 2024
View reviewed changes
Copy link
Member

@paescuj paescuj left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Would it be problematic from a security point of view, to expose the sessionOnly flag for the endpoint, and set it to true when fetching in Data Studio? Or maybe even expose the mode for each provider and filter by that on Data Studio side?
That way it wouldn't be a breaking change for the /auth endpoint, resp. still possible to see all providers.

@br41nslug
Copy link
Member Author

Good shout, i dont see a security issue with that.

@paescuj paescuj self-assigned this Mar 18, 2024
@paescuj paescuj mentioned this pull request Mar 20, 2024
Closed
paescuj
paescuj approved these changes Mar 25, 2024
View reviewed changes
Copy link
Member

@paescuj paescuj left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Works as expected 🚀

@paescuj paescuj merged commit 5650cdd into main Mar 25, 2024
4 checks passed
@paescuj paescuj deleted the hide-non-session-sso branch March 25, 2024 10:55
@github-actions github-actions bot added this to the Next Release milestone Mar 25, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@paescuj paescuj paescuj approved these changes

Assignees

@paescuj paescuj

Labels
🍰 Improvement 📁 Authentication ⚠️ Enterprise
Projects
Software Roadmap
Archived in project
Milestone
v10.10.5
Development

Successfully merging this pull request may close these issues.

Hide auth provider with cookie mode in provider selection of Data Studio
2 participants
@br41nslug @paescuj