Disambiguates the Phoenix/auth client lib from lib-arcadia-agents-client. Dir lib-arcadia-client → lib-arcadia-core-client; alias updated in tsconfig paths, vite config, app.css @source, imports, CI and docs. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
100 lines
2.6 KiB
TypeScript
100 lines
2.6 KiB
TypeScript
// SSO / SAML helpers.
|
|
// Backend: /api/v1/sso/identity-providers (tenant CRUD) + /sessions.
|
|
// Note: certificates are large and write-only.
|
|
|
|
import type { ArcadiaClient } from "@crema/arcadia-core-client"
|
|
|
|
export interface IdentityProvider {
|
|
id: string
|
|
tenant_id: string
|
|
name: string
|
|
entity_id: string
|
|
sso_url: string
|
|
slo_url: string | null
|
|
name_id_format: string | null
|
|
attribute_mapping: Record<string, string>
|
|
sp_entity_id: string | null
|
|
sign_requests: boolean
|
|
metadata_url: string | null
|
|
callback_url: string | null
|
|
enabled: boolean
|
|
has_certificate: boolean
|
|
inserted_at: string
|
|
updated_at: string
|
|
}
|
|
|
|
export interface IdentityProviderInput {
|
|
name: string
|
|
entity_id: string
|
|
sso_url: string
|
|
slo_url?: string | null
|
|
name_id_format?: string | null
|
|
attribute_mapping?: Record<string, string>
|
|
sp_entity_id?: string | null
|
|
sign_requests?: boolean
|
|
metadata_url?: string | null
|
|
callback_url?: string | null
|
|
enabled?: boolean
|
|
/** PEM cert from the IdP. Write-only. */
|
|
certificate?: string
|
|
}
|
|
|
|
export interface SamlSession {
|
|
id: string
|
|
user_id: string
|
|
idp_id: string
|
|
name_id: string | null
|
|
session_index: string | null
|
|
expires_at: string | null
|
|
inserted_at: string
|
|
}
|
|
|
|
const BASE = "/api/v1/sso"
|
|
|
|
export async function listIdentityProviders(arcadia: ArcadiaClient): Promise<IdentityProvider[]> {
|
|
const res = await arcadia.GET<{ data: IdentityProvider[] }>(`${BASE}/identity-providers`)
|
|
return res.data
|
|
}
|
|
|
|
export async function createIdentityProvider(
|
|
arcadia: ArcadiaClient,
|
|
input: IdentityProviderInput,
|
|
): Promise<IdentityProvider> {
|
|
const res = await arcadia.POST<{ data: IdentityProvider }>(
|
|
`${BASE}/identity-providers`,
|
|
{ body: { identity_provider: input } },
|
|
)
|
|
return res.data
|
|
}
|
|
|
|
export async function updateIdentityProvider(
|
|
arcadia: ArcadiaClient,
|
|
id: string,
|
|
input: Partial<IdentityProviderInput>,
|
|
): Promise<IdentityProvider> {
|
|
const res = await arcadia.PATCH<{ data: IdentityProvider }>(
|
|
`${BASE}/identity-providers/${id}`,
|
|
{ body: { identity_provider: input } },
|
|
)
|
|
return res.data
|
|
}
|
|
|
|
export async function deleteIdentityProvider(
|
|
arcadia: ArcadiaClient,
|
|
id: string,
|
|
): Promise<void> {
|
|
await arcadia.DELETE(`${BASE}/identity-providers/${id}`)
|
|
}
|
|
|
|
export async function listSamlSessions(arcadia: ArcadiaClient): Promise<SamlSession[]> {
|
|
const res = await arcadia.GET<{ data: SamlSession[] }>(`${BASE}/sessions`)
|
|
return res.data
|
|
}
|
|
|
|
export async function destroySamlSession(
|
|
arcadia: ArcadiaClient,
|
|
sessionId: string,
|
|
): Promise<void> {
|
|
await arcadia.DELETE(`${BASE}/sessions/${sessionId}`)
|
|
}
|