feat: Google and Slack SSO login for the operator console#74
Merged
Conversation
mslipper
force-pushed
the
feat/console-sso-login
branch
2 times, most recently
from
7339140 to
050c2af
Compare
Adds a console login flow (/auth/:provider/start + /callback) for Google and Slack alongside the existing email/password form, mirroring the broker OAuth flow's PKCE + signed-state + encrypted-cookie security but producing a signed-in User. New sign-ins land pending and require admin approval; emails in the IRON_CONTROL_BOOTSTRAP_ADMINS allowlist become active+admin on first login. Identities link by stable (provider, subject) via a new user_identities table; an unverified IdP email can never adopt an existing account. Adds a status enum and admin boolean to users (existing users backfilled to active+admin), an admin-only /console/users approval screen, and an IRON_CONTROL_-prefixed config reader for the login OAuth clients.
mslipper
force-pushed
the
feat/console-sso-login
branch
from
1fde825 to
020d143
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Adds a console SSO login flow for Google and Slack alongside the existing email/password form, mirroring the broker OAuth flow's PKCE, signed-state, and encrypted-cookie security but producing a signed-in console user. New sign-ins land
pendingand require admin approval; emails in theIRON_CONTROL_BOOTSTRAP_ADMINSallowlist become active+admin on first login so the first admin needs no approver.Identities link by stable
(provider, subject)via a newuser_identitiestable, and an unverified IdP email can never adopt an existing account. Adds astatusenum andadminboolean to users (existing users backfilled to active+admin), an admin-only/console/usersapproval screen, and anIRON_CONTROL_-prefixed config reader for the login OAuth clients. Password login is kept as a break-glass fallback and now respects account status.Google is covered end-to-end by an integration test that fakes the IdP; the Slack OIDC strategy is unit-covered but still needs a live smoke test.