Skip to content

Sign in with SSO #17055

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 13 commits into from
Mar 29, 2023
Merged

Sign in with SSO #17055

merged 13 commits into from
Mar 29, 2023

Conversation

AlexTugarev
Copy link
Member

@AlexTugarev AlexTugarev commented Mar 28, 2023
edited
Loading

Description

Adds a Sign in with SSO option to the Login screen.

This feature is guarded by a hidden flag, as it's hard to use feature flags for that. One can enable it by

Related Issue(s)

Fixes #15967
Fixes WEB-37

How to test

  1. Enable this feature by adding some magic experimental flag to local storage:
    localStorage.setItem("gitpod-ui-experiments", `{"ssoLogin": true}`)
  2. Create OIDC SSO integration for a team
  3. Log out and find the Sign in with SSO button

Release Notes

NONE

Documentation

Build Options:

  • /werft with-werft
    Run the build with werft instead of GHA
  • leeway-no-cache
  • /werft no-test
    Run Leeway with --dont-test
Publish Options
  • /werft publish-to-npm
  • /werft publish-to-jb-marketplace
Installer Options
  • with-dedicated-emulation
  • with-ws-manager-mk2
  • workspace-feature-flags
    Add desired feature flags to the end of the line above, space separated

Preview Environment Options:

  • /werft with-local-preview
    If enabled this will build install/preview
  • /werft with-preview
  • /werft with-large-vm
  • /werft with-gce-vm
    If enabled this will create the environment on GCE infra
  • with-integration-tests=all
    Valid options are all, workspace, webapp, ide, jetbrains, vscode, ssh

@werft-gitpod-dev-com
Copy link

started the job as gitpod-build-at-next-sso-login.4 because the annotations in the pull request description changed
(with .werft/ from main)

@AlexTugarev AlexTugarev force-pushed the at/next-sso-login branch 3 times, most recently from 014b7cc to 65767e9 Compare March 28, 2023 08:48
@AlexTugarev AlexTugarev changed the title WIP Login with SSO Sign in with SSO Mar 28, 2023
@AlexTugarev
Copy link
Member Author

/hold because of competition in #17052

@AlexTugarev AlexTugarev marked this pull request as ready for review March 28, 2023 09:52
@AlexTugarev AlexTugarev requested a review from a team March 28, 2023 09:52
@AlexTugarev AlexTugarev requested a review from gtsiolis as a code owner March 28, 2023 09:52
@github-actions github-actions bot added the team: webapp Issue belongs to the WebApp team label Mar 28, 2023
@roboquat roboquat added size/XXL and removed size/XL labels Mar 28, 2023
selfcontained
selfcontained approved these changes Mar 28, 2023
View reviewed changes
Copy link
Contributor

@selfcontained selfcontained left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good and works as expected.

/hold in case there's more you wanted to do here.

@selfcontained selfcontained mentioned this pull request Mar 29, 2023
Closed
13 tasks
@geropl
Copy link
Member

geropl commented Mar 29, 2023
edited
Loading

Really looking forward to this! 😍

One question: How do we guard the login endpoints/APIs on gitpod.io? Is it worth having a feature flag? Or do we already lock those, maybe transitively, by controlling settings SSO config via API?
Just want to make sure. 🙂

@AlexTugarev
Copy link
Member Author

I think we're good to go here. Let's iterate on it based on this state. Just made another round of testing to have a good answer for Gero's ask:

  • the Login screen addition isn't visible by default, one would need to know which bits to add.
  • the UI for creating OIDC client configs is behind a feature flag
  • the endpoints of the OIDC flows require to have client configs identifiable, i.e. there is not much to find there

@AlexTugarev
Copy link
Member Author

/hold cancel

@roboquat roboquat merged commit 7ecc196 into main Mar 29, 2023
@roboquat roboquat deleted the at/next-sso-login branch March 29, 2023 13:49
@roboquat roboquat added deployed: webapp Meta team change is running in production deployed Change is completely running in production labels Mar 30, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@selfcontained selfcontained selfcontained approved these changes

@gtsiolis gtsiolis Awaiting requested review from gtsiolis

Assignees
No one assigned
Labels
deployed: webapp Meta team change is running in production deployed Change is completely running in production release-note-none size/XXL team: webapp Issue belongs to the WebApp team
Projects
🍎 WebApp Team
Status: In Validation
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[SSO] Integrate with Login form
4 participants
@AlexTugarev @geropl @selfcontained @roboquat