(core) revive saml support and test against Auth0

Summary: SAML support had broken due to SameSite changes in browsers. This makes it work again, and tests it against Auth0 (now owned by Okta). Logging in and out works. The logged out state is confusing, and may not be complete. The "Add Account" menu item doesn't work. But with this, an important part of self-hosting becomes easier. SAML support works also in grist-core, for site pages, but there is a glitch on document pages that I'll look into separately. Test Plan: tested manually Reviewers: dsagal Reviewed By: dsagal Differential Revision: https://phab.getgrist.com/D2976
2026-03-02 04:09:24 +00:00 · 2021-08-16 11:11:17 -04:00
parent 800731e771
commit 54beaede84
13 changed files with 488 additions and 91 deletions
--- a/app/server/lib/BrowserSession.ts
+++ b/app/server/lib/BrowserSession.ts
@@ -22,6 +22,10 @@ export interface SessionUserObj {

  // [UNUSED] Login refresh token used to retrieve new ID and access tokens.
  refreshToken?: string;
+
+  // State for SAML-mediated logins.
+  samlNameId?: string;
+  samlSessionIndex?: string;
 }

 // Session state maintained for a particular browser. It is identified by a cookie. There may be