Files
arcadia-admin/app/lib/arcadia/sso.ts
jules ab116f8465 refactor: rename @crema/arcadia-client → @crema/arcadia-core-client
Disambiguates the Phoenix/auth client lib from lib-arcadia-agents-client.
Dir lib-arcadia-client → lib-arcadia-core-client; alias updated in
tsconfig paths, vite config, app.css @source, imports, CI and docs.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-11 13:31:56 +10:00

100 lines
2.6 KiB
TypeScript

// SSO / SAML helpers.
// Backend: /api/v1/sso/identity-providers (tenant CRUD) + /sessions.
// Note: certificates are large and write-only.
import type { ArcadiaClient } from "@crema/arcadia-core-client"
export interface IdentityProvider {
id: string
tenant_id: string
name: string
entity_id: string
sso_url: string
slo_url: string | null
name_id_format: string | null
attribute_mapping: Record<string, string>
sp_entity_id: string | null
sign_requests: boolean
metadata_url: string | null
callback_url: string | null
enabled: boolean
has_certificate: boolean
inserted_at: string
updated_at: string
}
export interface IdentityProviderInput {
name: string
entity_id: string
sso_url: string
slo_url?: string | null
name_id_format?: string | null
attribute_mapping?: Record<string, string>
sp_entity_id?: string | null
sign_requests?: boolean
metadata_url?: string | null
callback_url?: string | null
enabled?: boolean
/** PEM cert from the IdP. Write-only. */
certificate?: string
}
export interface SamlSession {
id: string
user_id: string
idp_id: string
name_id: string | null
session_index: string | null
expires_at: string | null
inserted_at: string
}
const BASE = "/api/v1/sso"
export async function listIdentityProviders(arcadia: ArcadiaClient): Promise<IdentityProvider[]> {
const res = await arcadia.GET<{ data: IdentityProvider[] }>(`${BASE}/identity-providers`)
return res.data
}
export async function createIdentityProvider(
arcadia: ArcadiaClient,
input: IdentityProviderInput,
): Promise<IdentityProvider> {
const res = await arcadia.POST<{ data: IdentityProvider }>(
`${BASE}/identity-providers`,
{ body: { identity_provider: input } },
)
return res.data
}
export async function updateIdentityProvider(
arcadia: ArcadiaClient,
id: string,
input: Partial<IdentityProviderInput>,
): Promise<IdentityProvider> {
const res = await arcadia.PATCH<{ data: IdentityProvider }>(
`${BASE}/identity-providers/${id}`,
{ body: { identity_provider: input } },
)
return res.data
}
export async function deleteIdentityProvider(
arcadia: ArcadiaClient,
id: string,
): Promise<void> {
await arcadia.DELETE(`${BASE}/identity-providers/${id}`)
}
export async function listSamlSessions(arcadia: ArcadiaClient): Promise<SamlSession[]> {
const res = await arcadia.GET<{ data: SamlSession[] }>(`${BASE}/sessions`)
return res.data
}
export async function destroySamlSession(
arcadia: ArcadiaClient,
sessionId: string,
): Promise<void> {
await arcadia.DELETE(`${BASE}/sessions/${sessionId}`)
}