mosaicstack/stack
1
0
Fork 0
Code Issues 13 Pull Requests Actions Packages Projects Releases 11 Wiki Activity

feat(auth): add WorkOS and Keycloak SSO providers (rebased) (#220)
Some checks failed
ci/woodpecker/push/ci Pipeline failed
Details

Browse Source 
Co-authored-by: Jason Woltje <jason@diversecanvas.com>
Co-committed-by: Jason Woltje <jason@diversecanvas.com>
This commit was merged in pull request #220.
This commit is contained in:
Jason Woltje
2026-03-21 12:57:07 +00:00
committed by jason.woltje
parent f3e90df2a0
commit dd108b9ab4
16 changed files with 724 additions and 176 deletions
Download Patch File Download Diff File Expand all files Collapse all files

40
apps/gateway/src/auth/sso.controller.spec.ts Normal file
View File

@@ -0,0 +1,40 @@
import { afterEach, describe, expect, it, vi } from 'vitest';
import { SsoController } from './sso.controller.js';
describe('SsoController', () => {
afterEach(() => {
vi.unstubAllEnvs();
});
it('lists configured OIDC providers', () => {
vi.stubEnv('WORKOS_CLIENT_ID', 'workos-client');
vi.stubEnv('WORKOS_CLIENT_SECRET', 'workos-secret');
vi.stubEnv('WORKOS_ISSUER', 'https://auth.workos.com/sso/client_123');
const controller = new SsoController();
const providers = controller.list();
expect(providers.find((provider) => provider.id === 'workos')).toMatchObject({
configured: true,
loginMode: 'oidc',
callbackPath: '/api/auth/oauth2/callback/workos',
teamSync: { enabled: true, claim: 'organization_id' },
});
});
it('prefers SAML fallback for Keycloak when only the SAML login URL is configured', () => {
vi.stubEnv('KEYCLOAK_SAML_LOGIN_URL', 'https://sso.example.com/realms/mosaic/protocol/saml');
const controller = new SsoController();
const providers = controller.list();
expect(providers.find((provider) => provider.id === 'keycloak')).toMatchObject({
configured: true,
loginMode: 'saml',
samlFallback: {
configured: true,
loginUrl: 'https://sso.example.com/realms/mosaic/protocol/saml',
},
});
});
});