feat(auth): add WorkOS and Keycloak SSO providers (rebased) (#220)

Co-authored-by: Jason Woltje <jason@diversecanvas.com>
Co-committed-by: Jason Woltje <jason@diversecanvas.com>

apps/web/src/components/auth/sso-provider-buttons.spec.tsx

@@ -0,0 +1,45 @@
+import React from 'react';
+import { describe, expect, it, vi } from 'vitest';
+import { renderToStaticMarkup } from 'react-dom/server';
+import { SsoProviderButtons } from './sso-provider-buttons.js';
+
+describe('SsoProviderButtons', () => {
+  it('renders OIDC sign-in buttons and SAML fallback links', () => {
+    const html = renderToStaticMarkup(
+      <SsoProviderButtons
+        providers={[
+          {
+            id: 'workos',
+            name: 'WorkOS',
+            protocols: ['oidc'],
+            configured: true,
+            loginMode: 'oidc',
+            callbackPath: '/api/auth/oauth2/callback/workos',
+            teamSync: { enabled: true, claim: 'organization_id' },
+            samlFallback: { configured: false, loginUrl: null },
+            warnings: [],
+          },
+          {
+            id: 'keycloak',
+            name: 'Keycloak',
+            protocols: ['oidc', 'saml'],
+            configured: true,
+            loginMode: 'saml',
+            callbackPath: null,
+            teamSync: { enabled: true, claim: 'groups' },
+            samlFallback: {
+              configured: true,
+              loginUrl: 'https://sso.example.com/realms/mosaic/protocol/saml',
+            },
+            warnings: [],
+          },
+        ]}
+        onOidcSignIn={vi.fn()}
+      />,
+    );
+
+    expect(html).toContain('Continue with WorkOS');
+    expect(html).toContain('Continue with Keycloak (SAML)');
+    expect(html).toContain('https://sso.example.com/realms/mosaic/protocol/saml');
+  });
+});