Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat(gotrue, supabase_flutter): Add signInWithSSO method #798

Merged
merged 5 commits into from
Jan 18, 2024
+94 −0
Merged

feat(gotrue, supabase_flutter): Add signInWithSSO method #798

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
df3c522
feat: add signInWithSSO method
dshukertjr Dec 13, 2023
1996e9f
signInWithSSO returns sign in string
dshukertjr Jan 17, 2024
d365039
signInWithSSO opens the browser similar to signInWithOAuth
dshukertjr Jan 17, 2024
01d734b
pass the parameters
dshukertjr Jan 18, 2024
a7cf3cf
Fix typo
dshukertjr Jan 18, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
53 changes: 53 additions & 0 deletions packages/gotrue/lib/src/gotrue_client.dart
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -514,6 +514,59 @@ class GoTrueClient {
return authResponse;
}

/// Obtains a URL to perform a single-sign on using an enterprise Identity
/// Provider. The redirect URL is implementation and SSO protocol specific.
///
/// You can use it by providing a SSO domain. Typically you can extract this
/// domain by asking users for their email address. If this domain is
/// registered on the Auth instance the redirect will use that organization's
/// currently active SSO Identity Provider for the login.
///
/// If you have built an organization-specific login page, you can use the
/// organization's SSO Identity Provider UUID directly instead.
Future<String> getSSOSignInUrl({
String? providerId,
String? domain,
String? redirectTo,
String? captchaToken,
}) async {
assert(
providerId != null || domain != null,
'providerId or domain has to be provided.',
);

_removeSession();
String? codeChallenge;
String? codeChallengeMethod;
if (_flowType == AuthFlowType.pkce) {
assert(_asyncStorage != null,
'You need to provide asyncStorage to perform pkce flow.');
final codeVerifier = generatePKCEVerifier();
await _asyncStorage!.setItem(
key: '${Constants.defaultStorageKey}-code-verifier',
value: codeVerifier);
codeChallenge = generatePKCEChallenge(codeVerifier);
codeChallengeMethod = codeVerifier == codeChallenge ? 'plain' : 's256';
}

final res = await _fetch.request('$_url/sso', RequestMethodType.post,
options: GotrueRequestOptions(
body: {
if (providerId != null) 'provider_id': providerId,
if (domain != null) 'domain': domain,
if (redirectTo != null) 'redirect_to': redirectTo,
if (captchaToken != null)
'gotrue_meta_security': {'captcha_token': captchaToken},
'skip_http_redirect': true,
'code_challenge': codeChallenge,
'code_challenge_method': codeChallengeMethod,
},
headers: _headers,
));

return res['url'] as String;
}

/// Force refreshes the session including the user data in case it was updated
/// in a different session.
Future<AuthResponse> refreshSession() async {
Expand Down
41 changes: 41 additions & 0 deletions packages/supabase_flutter/lib/src/supabase_auth.dart
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -294,6 +294,47 @@ extension GoTrueClientSignInProvider on GoTrueClient {
return result;
}

/// Attempts a single-sign on using an enterprise Identity Provider. A
/// successful SSO attempt will redirect the current page to the identity
/// provider authorization page. The redirect URL is implementation and SSO
/// protocol specific.
///
/// You can use it by providing a SSO domain. Typically you can extract this
/// domain by asking users for their email address. If this domain is
/// registered on the Auth instance the redirect will use that organization's
/// currently active SSO Identity Provider for the login.
///
/// If you have built an organization-specific login page, you can use the
/// organization's SSO Identity Provider UUID directly instead.
///
/// Returns true if the URL was launched successfully, otherwise either returns
/// false or throws a [PlatformException] depending on the launchUrl failure.
///
/// ```dart
/// await supabase.auth.signInWithSSO(
/// domain: 'company.com',
/// );
/// ```
Future<bool> signInWithSSO({
String? providerId,
String? domain,
String? redirectTo,
String? captchaToken,
LaunchMode launchMode = LaunchMode.platformDefault,
}) async {
final ssoUrl = await getSSOSignInUrl(
providerId: providerId,
domain: domain,
redirectTo: redirectTo,
captchaToken: captchaToken,
);
return await launchUrl(
Uri.parse(ssoUrl),
mode: launchMode,
webOnlyWindowName: '_self',
);
}

String generateRawNonce() {
final random = Random.secure();
return base64Url.encode(List<int>.generate(16, (_) => random.nextInt(256)));
Expand Down
Loading