@base44-preview/cli 0.0.50-pr.484.1c556f7 → 0.0.50-pr.484.2156b3d

package/dist/cli/index.js

@@ -242018,9 +242018,10 @@ var SSOSecretKey;
   SSOSecretKey2["JwksUri"] = "sso_jwks_uri";
 })(SSOSecretKey ||= {});
 var ALL_SSO_SECRET_KEYS = Object.values(SSOSecretKey);
+var DEFAULT_OIDC_SCOPE = "openid email profile";
+var DEFAULT_GITHUB_SCOPE = "user:email";
 
 // src/core/resources/auth-config/sso/providers/custom.ts
-var DEFAULT_SCOPE = "openid email profile";
 var customProvider = {
   requiredKeys: [
     "sso_auth_endpoint" /* AuthEndpoint */,
@@ -242029,7 +242030,7 @@ var customProvider = {
     "sso_jwks_uri" /* JwksUri */
   ],
   defaults: {
-    ["sso_scope" /* Scope */]: DEFAULT_SCOPE
+    ["sso_scope" /* Scope */]: DEFAULT_OIDC_SCOPE
   }
 };
 
@@ -242037,7 +242038,7 @@ var customProvider = {
 var githubProvider = {
   requiredKeys: [],
   defaults: {
-    ["sso_scope" /* Scope */]: "user:email",
+    ["sso_scope" /* Scope */]: DEFAULT_GITHUB_SCOPE,
     ["sso_auth_endpoint" /* AuthEndpoint */]: "https://github.com/login/oauth/authorize",
     ["sso_token_endpoint" /* TokenEndpoint */]: "https://github.com/login/oauth/access_token",
     ["sso_userinfo_endpoint" /* UserinfoEndpoint */]: "https://api.github.com/user"
@@ -242045,21 +242046,19 @@ var githubProvider = {
 };
 
 // src/core/resources/auth-config/sso/providers/google.ts
-var DEFAULT_SCOPE2 = "openid email profile";
 var googleProvider = {
   requiredKeys: [],
   defaults: {
-    ["sso_scope" /* Scope */]: DEFAULT_SCOPE2,
+    ["sso_scope" /* Scope */]: DEFAULT_OIDC_SCOPE,
     ["sso_discovery_url" /* DiscoveryUrl */]: "https://accounts.google.com/.well-known/openid-configuration"
   }
 };
 
 // src/core/resources/auth-config/sso/providers/microsoft.ts
-var DEFAULT_SCOPE3 = "openid email profile";
 var microsoftProvider = {
   requiredKeys: ["sso_tenant_id" /* TenantId */],
   defaults: {
-    ["sso_scope" /* Scope */]: DEFAULT_SCOPE3
+    ["sso_scope" /* Scope */]: DEFAULT_OIDC_SCOPE
   },
   deriveDefaults: (secrets) => {
     const tenantId = secrets["sso_tenant_id" /* TenantId */];
@@ -242073,11 +242072,10 @@ var microsoftProvider = {
 };
 
 // src/core/resources/auth-config/sso/providers/okta.ts
-var DEFAULT_SCOPE4 = "openid email profile";
 var oktaProvider = {
   requiredKeys: ["sso_okta_domain" /* OktaDomain */],
   defaults: {
-    ["sso_scope" /* Scope */]: DEFAULT_SCOPE4
+    ["sso_scope" /* Scope */]: DEFAULT_OIDC_SCOPE
   },
   deriveDefaults: (secrets) => {
     const domain2 = secrets["sso_okta_domain" /* OktaDomain */];
@@ -251264,6 +251262,19 @@ function mergeFileWithFlags(fileConfig, options) {
   };
 }
 var providerNames = Object.keys(KNOWN_SSO_PROVIDERS);
+function secretKeyToFlag(key) {
+  return `--${key.replace(/^sso_/, "").replace(/_/g, "-")}`;
+}
+function exampleCommand(provider) {
+  let cmd = `base44 auth sso enable --provider ${provider} --client-id <id> --client-secret <secret>`;
+  if (provider === KNOWN_SSO_PROVIDERS.microsoft)
+    cmd += " --tenant-id <id>";
+  if (provider === KNOWN_SSO_PROVIDERS.okta)
+    cmd += " --okta-domain <domain>";
+  if (provider === KNOWN_SSO_PROVIDERS.custom)
+    cmd += " --sso-name <name> --auth-endpoint <url> --token-endpoint <url> --userinfo-endpoint <url> --jwks-uri <url>";
+  return cmd;
+}
 function validateProvider(provider) {
   if (!provider) {
     throw new InvalidInputError("Missing --provider.", {
@@ -251275,12 +251286,9 @@ function validateProvider(provider) {
       ]
     });
   }
-  if (!(provider in KNOWN_SSO_PROVIDERS)) {
-    throw new InvalidInputError(`Unknown provider "${provider}". Valid providers: ${providerNames.join(", ")}`);
-  }
   return provider;
 }
-async function ssoEnableAction({ isNonInteractive, log, runTask: runTask2 }, options) {
+async function ssoEnableAction({ isNonInteractive, runTask: runTask2 }, options) {
   let merged = options;
   if (options.file) {
     const fileConfig = await loadSSOConfigFile(options.file);
@@ -251340,7 +251348,23 @@ async function ssoEnableAction({ isNonInteractive, log, runTask: runTask2 }, opt
     jwksUri: merged.jwksUri,
     ssoName: merged.ssoName
   };
-  const secrets = buildSSOSecrets(provider, secretOptions);
+  let secrets;
+  try {
+    secrets = buildSSOSecrets(provider, secretOptions);
+  } catch (error48) {
+    if (error48 instanceof InvalidInputError) {
+      const flagMessage = error48.message.replace(/sso_[a-z_]+/g, (key) => secretKeyToFlag(key));
+      throw new InvalidInputError(flagMessage, {
+        hints: [
+          {
+            message: `Example: ${exampleCommand(provider)}`,
+            command: exampleCommand(provider)
+          }
+        ]
+      });
+    }
+    throw error48;
+  }
   const { project: project2 } = await readProjectConfig();
   const configDir = dirname11(project2.configPath);
   const authDir = join16(configDir, project2.authDir);
@@ -251351,7 +251375,6 @@ async function ssoEnableAction({ isNonInteractive, log, runTask: runTask2 }, opt
   };
 }
 async function ssoDisableAction({
-  log,
   runTask: runTask2
 }) {
   const { project: project2 } = await readProjectConfig();
@@ -251373,7 +251396,7 @@ function getSSOCommand() {
   return new Base44Command("sso").description("Configure SSO identity provider (google, microsoft, github, okta, custom)").addArgument(new Argument("<action>", "enable or disable SSO").choices([
     "enable",
     "disable"
-  ])).option("--provider <provider>", "SSO provider: google, microsoft, github, okta, custom").option("--client-id <id>", "OAuth client ID").option("--client-secret <secret>", "OAuth client secret").option("--client-secret-stdin", "Read client secret from stdin").option("--env-file <path>", "Read client secret from a .env file (key: sso_client_secret)").option("--file <path>", "JSON config file with all SSO settings").option("--scope <scope>", "OAuth scope (defaults per provider)").option("--discovery-url <url>", "OIDC discovery URL").option("--tenant-id <id>", "Microsoft tenant ID (required for microsoft)").option("--okta-domain <domain>", "Okta domain (required for okta)").option("--auth-endpoint <url>", "Authorization endpoint (required for custom)").option("--token-endpoint <url>", "Token endpoint (required for custom)").option("--userinfo-endpoint <url>", "Userinfo endpoint (required for custom)").option("--jwks-uri <url>", "JWKS URI (required for custom)").option("--sso-name <name>", "Provider display name (required for custom)").action(ssoAction);
+  ])).addOption(new Option("--provider <provider>", "SSO provider").choices(Object.values(KNOWN_SSO_PROVIDERS))).option("--client-id <id>", "OAuth client ID").option("--client-secret <secret>", "OAuth client secret").option("--client-secret-stdin", "Read client secret from stdin").option("--env-file <path>", "Read client secret from a .env file (key: sso_client_secret)").option("--file <path>", "JSON config file with all SSO settings").option("--scope <scope>", "OAuth scope (defaults per provider)").option("--discovery-url <url>", "OIDC discovery URL").option("--tenant-id <id>", "Microsoft tenant ID (required for microsoft)").option("--okta-domain <domain>", "Okta domain (required for okta)").option("--auth-endpoint <url>", "Authorization endpoint (required for custom)").option("--token-endpoint <url>", "Token endpoint (required for custom)").option("--userinfo-endpoint <url>", "Userinfo endpoint (required for custom)").option("--jwks-uri <url>", "JWKS URI (required for custom)").option("--sso-name <name>", "Provider display name (required for custom)").action(ssoAction);
 }
 
 // src/cli/commands/auth/index.ts
@@ -261008,4 +261031,4 @@ export {
   CLIExitError
 };
 
-//# debugId=939FB46B90B442D864756E2164756E21
+//# debugId=CDE136D996499A7364756E2164756E21