Merge branch 'main' into conditional-login-page

janus-idp · Nov 7, 2023 · 80d6a79 · 80d6a79
2 parents 1c6f9f7 + a61d88b
commit 80d6a79
Show file tree

Hide file tree

Showing 2 changed files with 141 additions and 0 deletions.
diff --git a/.changeset/swift-peas-act.md b/.changeset/swift-peas-act.md
@@ -0,0 +1,17 @@
+---
+'backend': minor
+---
+
+Add the remaining Auth Providers to the showcase
+
+- Atlassian
+- Azure Easy Auth
+- Bitbucket
+- Bitbucket Server
+- Cloudflare Access
+- GitLab
+- Google IAP
+- OIDC
+- Okta
+- OneLogin
+- SAML
diff --git a/packages/backend/src/plugins/auth.ts b/packages/backend/src/plugins/auth.ts
@@ -53,6 +53,20 @@ async function signInWithCatalogUserOptional(
 
 function getAuthProviderFactory(providerId: string): AuthProviderFactory {
   switch (providerId) {
+    case 'atlassian':
+      return providers.atlassian.create({
+        signIn: {
+          async resolver({ result: { fullProfile } }, ctx) {
+            const userId = fullProfile.username;
+            if (!userId) {
+              throw new Error(
+                'Atlassian user profile does not contain a username',
+              );
+            }
+            return await signInWithCatalogUserOptional(userId, ctx);
+          },
+        },
+      });
     case `auth0`:
       return providers.auth0.create({
         signIn: {
@@ -65,6 +79,48 @@ function getAuthProviderFactory(providerId: string): AuthProviderFactory {
           },
         },
       });
+    case 'azure-easyauth':
+      return providers.easyAuth.create({
+        signIn: {
+          async resolver({ result: { fullProfile } }, ctx) {
+            const userId = fullProfile.id;
+            if (!userId) {
+              throw new Error(
+                'Azure Easy Auth user profile does not contain an id',
+              );
+            }
+            return await ctx.signInWithCatalogUser({
+              annotations: {
+                'graph.microsoft.com/user-id': userId,
+              },
+            });
+          },
+        },
+      });
+    case 'bitbucket':
+      return providers.bitbucket.create({
+        signIn: {
+          resolver:
+            providers.bitbucket.resolvers.usernameMatchingUserEntityAnnotation(),
+        },
+      });
+    case 'bitbucketServer':
+      return providers.bitbucketServer.create({
+        signIn: {
+          resolver:
+            providers.bitbucketServer.resolvers.emailMatchingUserEntityProfileEmail(),
+        },
+      });
+    case 'cfaccess':
+      return providers.cfAccess.create({
+        async authHandler({ claims }) {
+          return { profile: { email: claims.email } };
+        },
+        signIn: {
+          resolver:
+            providers.cfAccess.resolvers.emailMatchingUserEntityProfileEmail(),
+        },
+      });
     case 'github':
       return providers.github.create({
         signIn: {
@@ -79,13 +135,42 @@ function getAuthProviderFactory(providerId: string): AuthProviderFactory {
           },
         },
       });
+    case 'gitlab':
+      return providers.gitlab.create({
+        signIn: {
+          async resolver({ result: { fullProfile } }, ctx) {
+            const userId = fullProfile.id;
+            if (!userId) {
+              throw new Error(`GitLab user profile does not contain an id`);
+            }
+            return await signInWithCatalogUserOptional(userId, ctx);
+          },
+        },
+      });
     case 'google':
       return providers.google.create({
         signIn: {
           resolver:
             providers.google.resolvers.emailLocalPartMatchingUserEntityName(),
         },
       });
+    case 'gcp-iap':
+      return providers.gcpIap.create({
+        async authHandler({ iapToken }) {
+          return { profile: { email: iapToken.email } };
+        },
+        signIn: {
+          async resolver({ result: { iapToken } }, ctx) {
+            const userId = iapToken.email.split('@')[0];
+            if (!userId) {
+              throw new Error(
+                'Google IAP user profile does not contain an email',
+              );
+            }
+            return await signInWithCatalogUserOptional(userId, ctx);
+          },
+        },
+      });
     case `oauth2Proxy`:
       return providers.oauth2Proxy.create({
         signIn: {
@@ -98,6 +183,39 @@ function getAuthProviderFactory(providerId: string): AuthProviderFactory {
           },
         },
       });
+    case 'oidc':
+      return providers.oidc.create({
+        signIn: {
+          async resolver({ result: { userinfo } }, ctx) {
+            const userId = userinfo.sub;
+            if (!userId) {
+              throw new Error('OIDC user does not contain a subject');
+            }
+            return await signInWithCatalogUserOptional(userId, ctx);
+          },
+        },
+      });
+    case 'okta':
+      return providers.okta.create({
+        signIn: {
+          resolver:
+            providers.okta.resolvers.emailMatchingUserEntityAnnotation(),
+        },
+      });
+    case 'onelogin':
+      return providers.onelogin.create({
+        signIn: {
+          async resolver({ result: { fullProfile } }, ctx) {
+            const userId = fullProfile.id;
+            if (!userId) {
+              throw new Error(
+                `OneLogin user profile does not contain a user id`,
+              );
+            }
+            return await signInWithCatalogUserOptional(userId, ctx);
+          },
+        },
+      });
     case `microsoft`:
       return providers.microsoft.create({
         signIn: {
@@ -110,6 +228,12 @@ function getAuthProviderFactory(providerId: string): AuthProviderFactory {
           },
         },
       });
+    case 'saml':
+      return providers.saml.create({
+        signIn: {
+          resolver: providers.saml.resolvers.nameIdMatchingUserEntityName(),
+        },
+      });
     default:
       throw new Error(`No auth provider found for ${providerId}`);
   }