// SSO / SAML helpers. // Backend: /api/v1/sso/identity-providers (tenant CRUD) + /sessions. // Note: certificates are large and write-only. import type { ArcadiaClient } from "@crema/arcadia-core-client" export interface IdentityProvider { id: string tenant_id: string name: string entity_id: string sso_url: string slo_url: string | null name_id_format: string | null attribute_mapping: Record sp_entity_id: string | null sign_requests: boolean metadata_url: string | null callback_url: string | null enabled: boolean has_certificate: boolean inserted_at: string updated_at: string } export interface IdentityProviderInput { name: string entity_id: string sso_url: string slo_url?: string | null name_id_format?: string | null attribute_mapping?: Record sp_entity_id?: string | null sign_requests?: boolean metadata_url?: string | null callback_url?: string | null enabled?: boolean /** PEM cert from the IdP. Write-only. */ certificate?: string } export interface SamlSession { id: string user_id: string idp_id: string name_id: string | null session_index: string | null expires_at: string | null inserted_at: string } const BASE = "/api/v1/sso" export async function listIdentityProviders(arcadia: ArcadiaClient): Promise { const res = await arcadia.GET<{ data: IdentityProvider[] }>(`${BASE}/identity-providers`) return res.data } export async function createIdentityProvider( arcadia: ArcadiaClient, input: IdentityProviderInput, ): Promise { const res = await arcadia.POST<{ data: IdentityProvider }>( `${BASE}/identity-providers`, { body: { identity_provider: input } }, ) return res.data } export async function updateIdentityProvider( arcadia: ArcadiaClient, id: string, input: Partial, ): Promise { const res = await arcadia.PATCH<{ data: IdentityProvider }>( `${BASE}/identity-providers/${id}`, { body: { identity_provider: input } }, ) return res.data } export async function deleteIdentityProvider( arcadia: ArcadiaClient, id: string, ): Promise { await arcadia.DELETE(`${BASE}/identity-providers/${id}`) } export async function listSamlSessions(arcadia: ArcadiaClient): Promise { const res = await arcadia.GET<{ data: SamlSession[] }>(`${BASE}/sessions`) return res.data } export async function destroySamlSession( arcadia: ArcadiaClient, sessionId: string, ): Promise { await arcadia.DELETE(`${BASE}/sessions/${sessionId}`) }