Skip to content

fix(sso): removed provider specific OIDC logic from SSO registration & deregistration scripts #2896

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
waleedlatif1 merged 6 commits into from
Jan 20, 2026
Merged

fix(sso): removed provider specific OIDC logic from SSO registration & deregistration scripts #2896

waleedlatif1 merged 6 commits into from
Jan 20, 2026

Conversation

@waleedlatif1
Copy link
Collaborator

@waleedlatif1 waleedlatif1 commented Jan 20, 2026

Summary

  • updated registration & deregistration script for explicit support for Entra ID
  • removed provider-specific logic

Type of Change

  • Bug fix

Testing

Tested manually, ran tests with 10 of the most common OIDC providers to validate the method works

Checklist

  • Code follows project style guidelines
  • Self-reviewed my changes
  • Tests added/updated and passing
  • No new warnings introduced
  • I confirm that I have read and agree to the terms outlined in the Contributor License Agreement (CLA)

@vercel
Copy link

vercel bot commented Jan 20, 2026
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Review Updated (UTC)
docs Ready Ready Preview, Comment Jan 20, 2026 3:17am

Request Review

@greptile-apps
Copy link
Contributor

greptile-apps bot commented Jan 20, 2026
edited
Loading

Greptile Summary

This PR successfully removes provider-specific hardcoded OIDC logic (Okta, Auth0, IdentityServer patterns) and replaces it with a more flexible approach that supports both explicit endpoint configuration and standard OIDC discovery.

Key Changes:

  • Added optional endpoint fields to registration schema (authorizationEndpoint, tokenEndpoint, userInfoEndpoint, jwksEndpoint)
  • Implemented OIDC discovery fallback when explicit endpoints aren't fully provided
  • Removed brittle URL pattern matching for specific providers
  • Applied consistent changes across both the API route and database registration script
  • Cleaned up unrelated code (removed unused shouldUseProxy, updated logger names, refactored getBaseUrl usage)

Issues Found:

  • Partial endpoint configuration is not preserved: if any required endpoint is missing, discovery overwrites ALL endpoints including explicitly provided ones (see inline comments on route.ts:200 and register-sso-provider.ts:433)

Confidence Score: 4/5

  • This PR is safe to merge with minor improvements recommended
  • The refactoring successfully removes provider-specific logic and implements a more maintainable OIDC discovery approach. The logic issue with partial endpoint configuration is non-critical since the all-or-nothing approach is acceptable, though a fallback pattern would be better. The PR was manually tested with 10 OIDC providers according to the description.
  • Pay attention to apps/sim/app/api/auth/sso/register/route.ts and packages/db/scripts/register-sso-provider.ts for the endpoint configuration logic

Important Files Changed

Filename Overview
apps/sim/app/api/auth/sso/register/route.ts Replaced provider-specific endpoint logic with OIDC discovery and optional explicit endpoint configuration
packages/db/scripts/register-sso-provider.ts Added OIDC discovery support with proper endpoint resolution when explicit endpoints not provided

greptile-apps[bot]
greptile-apps bot reviewed Jan 20, 2026
View reviewed changes
Copy link
Contributor

@greptile-apps greptile-apps bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

6 files reviewed, 1 comment

Edit Code Review Agent Settings | Greptile

cursor[bot]

This comment was marked as outdated.

Sign in to view

@waleedlatif1
Copy link
Collaborator Author

waleedlatif1 commented Jan 20, 2026

@greptile

greptile-apps[bot]
greptile-apps bot reviewed Jan 20, 2026
View reviewed changes
Copy link
Contributor

@greptile-apps greptile-apps bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

6 files reviewed, 2 comments

Edit Code Review Agent Settings | Greptile

cursor[bot]
cursor bot reviewed Jan 20, 2026
View reviewed changes
Copy link

@cursor cursor bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Cursor Bugbot has reviewed your changes and found 1 potential issue.

Bugbot Autofix is OFF. To automatically fix reported issues with Cloud Agents, enable Autofix in the Cursor dashboard.

@waleedlatif1 waleedlatif1 merged commit ac991d4 into staging Jan 20, 2026
11 checks passed
@waleedlatif1 waleedlatif1 deleted the fix/app-url branch January 20, 2026 03:23
@waleedlatif1 waleedlatif1 mentioned this pull request Jan 20, 2026
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cursor cursor[bot] cursor[bot] left review comments

+1 more reviewer

@greptile-apps greptile-apps[bot] greptile-apps[bot] left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@waleedlatif1