Skip to content

feat: add support for managing SSO providers by resource_id#2081

Merged
cstockton merged 4 commits into
masterfrom
cs/auth-sso-resource-id-support
Jul 21, 2025
Merged

feat: add support for managing SSO providers by resource_id#2081
cstockton merged 4 commits into
masterfrom
cs/auth-sso-resource-id-support

Conversation

@cstockton

@cstockton cstockton commented Jul 15, 2025

Copy link
Copy Markdown
Contributor

Some time ago a resource_id was added to the sso_providers table to support infrastructure as code use cases down the road. This change adds basic support for utilizing this field to manage SSO providers.

Key changes:

  • Updated API for SSO providers to allow get, put, delete by resource_id
    • Extended loadSSOProvider to accept resource_-prefixed idp_id values
  • Added optional resource_id field to SSOProvider model
  • Implemented FindSSOProviderByResourceID in model layer
  • Renamed FindAllSAMLProviders to FindAllSSOProviders
  • Added filtering to the /admin/sso/providers via ?resource_id{,_prefix}=
  • Included full E2E test coverage for SSO provider api

Chris Stockton added 2 commits July 15, 2025 16:49
- Updated API for SSO providers to allow get, put, delete by `resource_id`
- Extended `loadSSOProvider` to lookup by either `idp_id` or `resource_id`
- Added optional `resource_id` field to `SSOProvider` model
- Implemented `FindSSOProviderByResourceID` in model layer
- Renamed `FindAllSAMLProviders` to `FindAllSSOProviders`
- Included pagination & filtering support in and `FindSSOProviderByFilter`
  - Note: this is not currently being used, waiting to hear teams feedback
- Included full E2E test coverage for the new `/resources/{resource_id}` admin endpoints.
…efix

This change simplifies self-service SSO flows by enabling lookup of SSO providers via a `resource_id`, which maps to an infrastructure org ID. This removes the need for syncing external mappings.

Key changes:
- Extended `loadSSOProvider` to accept `resource_`-prefixed `idp_id` values
- Removed previously introduced `/resources` routes
- Added filtering to the `/admin/sso/providers` via `?resource_id{,_prefix}=`
- Reworked `FindAllSSOProvidersByFilter` to drop pagination/sorting
- Updated E2E test suite for full SSO coverage
@cstockton cstockton marked this pull request as ready for review July 16, 2025 15:51
@cstockton cstockton requested a review from a team as a code owner July 16, 2025 15:51
@coveralls

coveralls commented Jul 16, 2025

Copy link
Copy Markdown

Pull Request Test Coverage Report for Build 16380883473

Warning: This coverage report may be inaccurate.

This pull request's base commit is no longer the HEAD commit of its target branch. This means it includes changes from outside the original pull request, including, potentially, unrelated coverage changes.

Details

  • 63 of 97 (64.95%) changed or added relevant lines in 4 files are covered.
  • 44 unchanged lines in 2 files lost coverage.
  • Overall coverage increased (+0.02%) to 70.181%

Changes Missing Coverage Covered Lines Changed/Added Lines %
internal/models/sso.go 22 28 78.57%
internal/api/sso.go 12 20 60.0%
internal/api/samlacs.go 0 10 0.0%
internal/api/ssoadmin.go 29 39 74.36%
Files with Coverage Reduction New Missed Lines %
internal/models/sso.go 4 62.09%
internal/api/token_oidc.go 40 14.69%
Totals Coverage Status
Change from base Build 16138358707: 0.02%
Covered Lines: 11568
Relevant Lines: 16483

💛 - Coveralls

Chris Stockton added 2 commits July 18, 2025 09:27
The sso_providers.disabled column was added to the SSOProvider.
@cstockton cstockton merged commit 5ca4489 into master Jul 21, 2025
6 checks passed
@cstockton cstockton deleted the cs/auth-sso-resource-id-support branch July 21, 2025 15:29
cemalkilic pushed a commit that referenced this pull request Aug 6, 2025
🤖 I have created a release *beep* *boop*
---


##
[2.178.0](v2.177.0...v2.178.0)
(2025-08-05)


### Features

* add sign in with ethereum
([#2069](#2069))
([079b242](079b242))
* add support for managing SSO providers by resource_id
([#2081](#2081))
([5ca4489](5ca4489))
* log all audit events separately to prevent missing events
([#2086](#2086))
([3b666f5](3b666f5))
* skip nonce check for Facebook Limited Login auth
([#2082](#2082))
([f1b15ff](f1b15ff))
* support ledger solana offchain message signing
([#2093](#2093))
([4c94443](4c94443))

---
This PR was generated with [Release
Please](https://github.com/googleapis/release-please). See
[documentation](https://github.com/googleapis/release-please#release-please).

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
cemalkilic pushed a commit that referenced this pull request Aug 7, 2025
Some time ago a `resource_id` was added to the `sso_providers` table to
support infrastructure as code use cases down the road. This change adds
basic support for utilizing this field to manage SSO providers.

Key changes:
- Updated API for SSO providers to allow get, put, delete by
`resource_id`
- Extended `loadSSOProvider` to accept `resource_`-prefixed `idp_id`
values
- Added optional `resource_id` field to `SSOProvider` model
- Implemented `FindSSOProviderByResourceID` in model layer
- Renamed `FindAllSAMLProviders` to `FindAllSSOProviders`
- Added filtering to the `/admin/sso/providers` via
`?resource_id{,_prefix}=`
- Included full E2E test coverage for SSO provider api

---------

Co-authored-by: Chris Stockton <chris.stockton@supabase.io>
fadymak pushed a commit that referenced this pull request Sep 30, 2025
Some time ago a `resource_id` was added to the `sso_providers` table to
support infrastructure as code use cases down the road. This change adds
basic support for utilizing this field to manage SSO providers.

Key changes:
- Updated API for SSO providers to allow get, put, delete by
`resource_id`
- Extended `loadSSOProvider` to accept `resource_`-prefixed `idp_id`
values
- Added optional `resource_id` field to `SSOProvider` model
- Implemented `FindSSOProviderByResourceID` in model layer
- Renamed `FindAllSAMLProviders` to `FindAllSSOProviders`
- Added filtering to the `/admin/sso/providers` via
`?resource_id{,_prefix}=`
- Included full E2E test coverage for SSO provider api

---------

Co-authored-by: Chris Stockton <chris.stockton@supabase.io>
fadymak pushed a commit that referenced this pull request Sep 30, 2025
🤖 I have created a release *beep* *boop*
---


##
[2.178.0](v2.177.0...v2.178.0)
(2025-08-05)


### Features

* add sign in with ethereum
([#2069](#2069))
([079b242](079b242))
* add support for managing SSO providers by resource_id
([#2081](#2081))
([5ca4489](5ca4489))
* log all audit events separately to prevent missing events
([#2086](#2086))
([3b666f5](3b666f5))
* skip nonce check for Facebook Limited Login auth
([#2082](#2082))
([f1b15ff](f1b15ff))
* support ledger solana offchain message signing
([#2093](#2093))
([4c94443](4c94443))

---
This PR was generated with [Release
Please](https://github.com/googleapis/release-please). See
[documentation](https://github.com/googleapis/release-please#release-please).

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants