Add Twake and custom SSO #359
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
OIDC url is different that base url we use for usual bitwarden compatible routes so we need to be able to save this OIDC url in environment service.
This login success page will be used as redirect_uri for SSO login. It asks to open the extension to finish the login because it cannot be done automatically.
This home view now display UI for : - login with Twake SSO (implementation starting in this PR) - login directly to the stack by asking Cozy URL (already implemented) - login with external SSO by asking a company email (to be implemented)
Forward instance and OIDC code returned by OIDC login success page
If on login view we have instance and OIDC code : - Forward code argument from login view to login request method - If code argument is present, do a different login request method
zatteo
commented
Aug 28, 2025
| const redirectUri = getLoginSuccessPageUri(extensionUri); | ||
|
|
||
| BrowserApi.createNewTab( | ||
| `https://oauthcallback.cozy.works/oidc/bitwarden/twake?redirect_uri=${redirectUri}`, // TODO: update URL with production environment |
There was a problem hiding this comment.
Maybe I should find a simple way to switch between environment here 🤔 like clicking multiple times on the logo or something like this
There was a problem hiding this comment.
I propose something here 74683dd
4 tasks
For external SSO, we need to fetch the OIDC login uri at a fixed location that can be infered from the email address of the user. We implement a first way with .well-known. We may implement a DoH way later.
In production, we need oauthcallback.mycozy.cloud. To test, we may need other stack environment. So here I implement a simple way to change this environment by clicking on a logo.
rezk2ll
reviewed
Sep 19, 2025
Comment on lines
+302
to
+314
| this.logoClickCount++; | ||
|
|
||
| if (this.logoClickCount >= 6) { | ||
| const rest = this.logoClickCount % 3; | ||
|
|
||
| if (rest === 0) { | ||
| this.baseUri = DEV_STACK_OAUTHCALLBACK_URI; | ||
| } else if (rest === 1) { | ||
| this.baseUri = INT_STACK_OAUTHCALLBACK_URI; | ||
| } else if (rest === 2) { | ||
| this.baseUri = PROD_STACK_OAUTHCALLBACK_URI; | ||
| } | ||
|
|
There was a problem hiding this comment.
i'm not sure about this part, we change the environment based on the number of clicks we do on the application logo?
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Login button
Open Twake SSO for Twake SaaS users.
Company login by email
Asks for email and start an autodiscovery mechanism fetching a .well-known file at a known URL to load the SSO of the company.
Company login by url
Good old direct login using instance URL kept for self hosted users and as last resort.
Todo :