SSO Sign In does not handle redirect to callbackUrl set in function
const handleSSOSignIn = async () => {
try {
await authClient.signIn.sso({
organizationSlug: orgSlug,
callbackURL: '/select-organization'
})
} catch (error) {
console.error('SSO sign-in error:', error)
form.setError('root', { message: 'Failed to sign in with SSO' })
}
}
const handleSSOSignIn = async () => {
try {
await authClient.signIn.sso({
organizationSlug: orgSlug,
callbackURL: '/select-organization'
})
} catch (error) {
console.error('SSO sign-in error:', error)
form.setError('root', { message: 'Failed to sign in with SSO' })
}
}
1 Reply
if (provider.samlConfig) {
const parsedSamlConfig = JSON.parse(
provider.samlConfig as unknown as string,
);
const sp = saml.ServiceProvider({
metadata: parsedSamlConfig.spMetadata.metadata,
allowCreate: true,
});
const idp = saml.IdentityProvider({
metadata: parsedSamlConfig.idpMetadata.metadata,
});
const loginRequest = sp.createLoginRequest(
idp,
"redirect",
) as BindingContext & { entityEndpoint: string; type: string };
if (!loginRequest) {
throw new APIError("BAD_REQUEST", {
message: "Invalid SAML request",
});
}
return ctx.json({
url: `${loginRequest.context}&RelayState=${encodeURIComponent(
body.callbackURL,
)}`,
redirect: true,
});
}
if (provider.samlConfig) {
const parsedSamlConfig = JSON.parse(
provider.samlConfig as unknown as string,
);
const sp = saml.ServiceProvider({
metadata: parsedSamlConfig.spMetadata.metadata,
allowCreate: true,
});
const idp = saml.IdentityProvider({
metadata: parsedSamlConfig.idpMetadata.metadata,
});
const loginRequest = sp.createLoginRequest(
idp,
"redirect",
) as BindingContext & { entityEndpoint: string; type: string };
if (!loginRequest) {
throw new APIError("BAD_REQUEST", {
message: "Invalid SAML request",
});
}
return ctx.json({
url: `${loginRequest.context}&RelayState=${encodeURIComponent(
body.callbackURL,
)}`,
redirect: true,
});
}
if (provider.oidcConfig && body.providerType !== "saml") {
const state = await generateState(ctx);
const redirectURI = `${ctx.context.baseURL}/sso/callback/${provider.providerId}`;
const authorizationURL = await createAuthorizationURL({
id: provider.issuer,
options: {
clientId: provider.oidcConfig.clientId,
clientSecret: provider.oidcConfig.clientSecret,
},
redirectURI,
state: state.state,
codeVerifier: provider.oidcConfig.pkce
? state.codeVerifier
: undefined,
scopes: ctx.body.scopes || [
"openid",
"email",
"profile",
"offline_access",
],
authorizationEndpoint: provider.oidcConfig.authorizationEndpoint,
});
return ctx.json({
url: authorizationURL.toString(),
redirect: true,
});
}
if (provider.oidcConfig && body.providerType !== "saml") {
const state = await generateState(ctx);
const redirectURI = `${ctx.context.baseURL}/sso/callback/${provider.providerId}`;
const authorizationURL = await createAuthorizationURL({
id: provider.issuer,
options: {
clientId: provider.oidcConfig.clientId,
clientSecret: provider.oidcConfig.clientSecret,
},
redirectURI,
state: state.state,
codeVerifier: provider.oidcConfig.pkce
? state.codeVerifier
: undefined,
scopes: ctx.body.scopes || [
"openid",
"email",
"profile",
"offline_access",
],
authorizationEndpoint: provider.oidcConfig.authorizationEndpoint,
});
return ctx.json({
url: authorizationURL.toString(),
redirect: true,
});
}