@open-mercato/enterprise 0.4.6-develop-15c18897fc → 0.4.6-develop-34aa847ce6

package/dist/modules/sso/backend/sso/config/new/page.js.map

@@ -0,0 +1,7 @@
+{
+  "version": 3,
+  "sources": ["../../../../../../../src/modules/sso/backend/sso/config/new/page.tsx"],
+  "sourcesContent": ["'use client'\n\nimport React from 'react'\nimport { useRouter } from 'next/navigation'\nimport { Page, PageBody } from '@open-mercato/ui/backend/Page'\nimport { Button } from '@open-mercato/ui/primitives/button'\nimport { apiCall, apiCallOrThrow } from '@open-mercato/ui/backend/utils/apiCall'\nimport { flash } from '@open-mercato/ui/backend/FlashMessages'\nimport { useT } from '@open-mercato/shared/lib/i18n/context'\nimport { useGuardedMutation } from '@open-mercato/ui/backend/injection/useGuardedMutation'\n\ntype WizardStep = 'protocol' | 'credentials' | 'domains' | 'options' | 'review'\n\nconst STEPS: WizardStep[] = ['protocol', 'credentials', 'domains', 'options', 'review']\n\ninterface WizardState {\n  name: string\n  protocol: 'oidc'\n  issuer: string\n  clientId: string\n  clientSecret: string\n  domains: string[]\n  jitEnabled: boolean\n  autoLinkByEmail: boolean\n}\n\nconst initialState: WizardState = {\n  name: '',\n  protocol: 'oidc',\n  issuer: '',\n  clientId: '',\n  clientSecret: '',\n  domains: [],\n  jitEnabled: true,\n  autoLinkByEmail: true,\n}\n\nexport default function SsoConfigCreateWizard() {\n  const router = useRouter()\n  const t = useT()\n  const [step, setStep] = React.useState<WizardStep>('protocol')\n  const [state, setState] = React.useState<WizardState>(initialState)\n  const [domainInput, setDomainInput] = React.useState('')\n  const [domainError, setDomainError] = React.useState('')\n  const [isSubmitting, setIsSubmitting] = React.useState(false)\n  const [testResult, setTestResult] = React.useState<{ ok: boolean; error?: string } | null>(null)\n  const [isTesting, setIsTesting] = React.useState(false)\n\n  const { runMutation, retryLastMutation } = useGuardedMutation<Record<string, unknown>>({\n    contextId: 'sso-config-create',\n  })\n  const runMutationWithContext = React.useCallback(\n    async <T,>(operation: () => Promise<T>, mutationPayload?: Record<string, unknown>): Promise<T> => {\n      return runMutation({\n        operation,\n        mutationPayload,\n        context: { retryLastMutation },\n      })\n    },\n    [retryLastMutation, runMutation],\n  )\n\n  React.useEffect(() => {\n    const checkExisting = async () => {\n      const call = await apiCall<{ items: { id: string }[] }>('/api/sso/config?pageSize=1')\n      if (call.ok && call.result && call.result.items.length > 0) {\n        flash(t('sso.admin.error.alreadyExists', 'An SSO configuration already exists for this organization'), 'error')\n        router.replace(`/backend/sso/config/${call.result.items[0].id}`)\n      }\n    }\n    checkExisting()\n  }, [router, t])\n\n  const currentStepIndex = STEPS.indexOf(step)\n\n  const callbackUrl = typeof window !== 'undefined'\n    ? `${window.location.origin}/api/sso/callback/oidc`\n    : '/api/sso/callback/oidc'\n\n  const goNext = () => {\n    const nextIndex = currentStepIndex + 1\n    if (nextIndex < STEPS.length) setStep(STEPS[nextIndex])\n  }\n\n  const goBack = () => {\n    const prevIndex = currentStepIndex - 1\n    if (prevIndex >= 0) setStep(STEPS[prevIndex])\n  }\n\n  const handleAddDomain = () => {\n    const normalized = domainInput.trim().toLowerCase()\n    if (!normalized) return\n\n    const domainRegex = /^[a-z0-9]([a-z0-9-]{0,61}[a-z0-9])?(\\.[a-z0-9]([a-z0-9-]{0,61}[a-z0-9])?)*$/\n    if (!domainRegex.test(normalized) || !normalized.includes('.')) {\n      setDomainError(t('sso.admin.wizard.domain.invalid', 'Invalid domain format'))\n      return\n    }\n\n    if (state.domains.includes(normalized)) {\n      setDomainError(t('sso.admin.wizard.domain.duplicate', 'Domain already added'))\n      return\n    }\n\n    if (state.domains.length >= 20) {\n      setDomainError(t('sso.admin.wizard.domain.limit', 'Maximum 20 domains per configuration'))\n      return\n    }\n\n    setState((prev) => ({ ...prev, domains: [...prev.domains, normalized] }))\n    setDomainInput('')\n    setDomainError('')\n  }\n\n  const handleRemoveDomain = (domain: string) => {\n    setState((prev) => ({ ...prev, domains: prev.domains.filter((d) => d !== domain) }))\n  }\n\n  const handleSubmit = async () => {\n    setIsSubmitting(true)\n    try {\n      const payload = {\n        name: state.name,\n        protocol: state.protocol,\n        issuer: state.issuer,\n        clientId: state.clientId,\n        clientSecret: state.clientSecret,\n        allowedDomains: state.domains,\n        jitEnabled: state.jitEnabled,\n        autoLinkByEmail: state.autoLinkByEmail,\n      }\n      const call = await runMutationWithContext(\n        () => apiCallOrThrow<{ id: string }>(\n          '/api/sso/config',\n          {\n            method: 'POST',\n            headers: { 'content-type': 'application/json' },\n            body: JSON.stringify(payload),\n          },\n          { errorMessage: t('sso.admin.error.createFailed', 'Failed to create SSO configuration') },\n        ),\n        payload,\n      )\n      flash(t('sso.admin.created', 'SSO configuration created'), 'success')\n      router.push(`/backend/sso/config/${call.result?.id}?created=1`)\n    } catch {\n      // apiCallOrThrow handles the error\n    } finally {\n      setIsSubmitting(false)\n    }\n  }\n\n  const handleTestConnection = async () => {\n    setIsTesting(true)\n    setTestResult(null)\n    try {\n      // Raw fetch is intentional: this is a pre-save OIDC discovery probe against an\n      // external IdP URL, not an internal API call, so apiCall is not applicable here.\n      const response = await fetch(state.issuer + '/.well-known/openid-configuration')\n      if (response.ok) {\n        setTestResult({ ok: true })\n        flash(t('sso.admin.test.success', 'Discovery successful \u2014 issuer is reachable'), 'success')\n      } else {\n        setTestResult({ ok: false, error: `HTTP ${response.status}` })\n        flash(t('sso.admin.test.failed', 'Discovery failed'), 'error')\n      }\n    } catch (err) {\n      setTestResult({ ok: false, error: String(err) })\n      flash(t('sso.admin.test.failed', 'Discovery failed \u2014 issuer is not reachable'), 'error')\n    } finally {\n      setIsTesting(false)\n    }\n  }\n\n  const canProceed = (): boolean => {\n    switch (step) {\n      case 'protocol': return true\n      case 'credentials': return !!(state.name && state.issuer && state.clientId && state.clientSecret)\n      case 'domains': return true\n      case 'options': return true\n      case 'review': return !isSubmitting\n      default: return false\n    }\n  }\n\n  return (\n    <Page>\n      <PageBody>\n        <div className=\"max-w-2xl mx-auto\">\n          {/* Step indicator */}\n          <div className=\"flex items-center gap-2 mb-8\">\n            {STEPS.map((s, i) => (\n              <React.Fragment key={s}>\n                <div\n                  className={`flex items-center justify-center w-8 h-8 rounded-full text-sm font-medium ${\n                    i <= currentStepIndex\n                      ? 'bg-primary text-primary-foreground'\n                      : 'bg-muted text-muted-foreground'\n                  }`}\n                >\n                  {i + 1}\n                </div>\n                {i < STEPS.length - 1 && (\n                  <div className={`flex-1 h-0.5 ${i < currentStepIndex ? 'bg-primary' : 'bg-muted'}`} />\n                )}\n              </React.Fragment>\n            ))}\n          </div>\n\n          {/* Step content */}\n          {step === 'protocol' && (\n            <div>\n              <h2 className=\"text-lg font-semibold mb-4\">{t('sso.admin.wizard.protocol.title', 'Select Protocol')}</h2>\n              <div className=\"space-y-3\">\n                <label className=\"flex items-center gap-3 p-4 border rounded-lg cursor-pointer bg-accent/50 border-primary\">\n                  <input type=\"radio\" name=\"protocol\" value=\"oidc\" checked readOnly className=\"accent-primary\" />\n                  <div>\n                    <div className=\"font-medium\">OpenID Connect (OIDC)</div>\n                    <div className=\"text-sm text-muted-foreground\">\n                      {t('sso.admin.wizard.protocol.oidcDesc', 'Works with Zitadel, Microsoft Entra ID, Google Workspace, Okta, and more')}\n                    </div>\n                  </div>\n                </label>\n                <div className=\"flex items-center gap-3 p-4 border rounded-lg opacity-50 cursor-not-allowed bg-muted/30\">\n                  <input type=\"radio\" name=\"protocol\" value=\"saml\" disabled className=\"accent-primary\" />\n                  <div>\n                    <div className=\"font-medium\">SAML 2.0</div>\n                    <div className=\"text-sm text-muted-foreground\">\n                      {t('sso.admin.wizard.protocol.samlDesc', 'Coming soon')}\n                    </div>\n                  </div>\n                </div>\n              </div>\n            </div>\n          )}\n\n          {step === 'credentials' && (\n            <div>\n              <h2 className=\"text-lg font-semibold mb-4\">{t('sso.admin.wizard.credentials.title', 'OIDC Credentials')}</h2>\n              <div className=\"space-y-4\">\n                <div>\n                  <label className=\"block text-sm font-medium mb-1\">{t('sso.admin.field.name', 'Configuration Name')}</label>\n                  <input\n                    type=\"text\"\n                    className=\"w-full rounded-md border px-3 py-2 text-sm\"\n                    placeholder={t('sso.admin.wizard.credentials.namePlaceholder', 'e.g., Zitadel Production')}\n                    value={state.name}\n                    onChange={(e) => setState((prev) => ({ ...prev, name: e.target.value }))}\n                  />\n                </div>\n                <div>\n                  <label className=\"block text-sm font-medium mb-1\">{t('sso.admin.field.issuer', 'Issuer URL')}</label>\n                  <input\n                    type=\"url\"\n                    className=\"w-full rounded-md border px-3 py-2 text-sm\"\n                    placeholder=\"https://your-idp.example.com\"\n                    value={state.issuer}\n                    onChange={(e) => setState((prev) => ({ ...prev, issuer: e.target.value }))}\n                  />\n                </div>\n                <div>\n                  <label className=\"block text-sm font-medium mb-1\">{t('sso.admin.field.clientId', 'Client ID')}</label>\n                  <input\n                    type=\"text\"\n                    className=\"w-full rounded-md border px-3 py-2 text-sm\"\n                    value={state.clientId}\n                    onChange={(e) => setState((prev) => ({ ...prev, clientId: e.target.value }))}\n                  />\n                </div>\n                <div>\n                  <label className=\"block text-sm font-medium mb-1\">{t('sso.admin.field.clientSecret', 'Client Secret')}</label>\n                  <input\n                    type=\"password\"\n                    className=\"w-full rounded-md border px-3 py-2 text-sm\"\n                    value={state.clientSecret}\n                    onChange={(e) => setState((prev) => ({ ...prev, clientSecret: e.target.value }))}\n                  />\n                </div>\n                <div className=\"rounded-md bg-muted/50 p-3\">\n                  <label className=\"block text-sm font-medium mb-1\">{t('sso.admin.wizard.credentials.callbackUrl', 'Redirect URI (copy to your IdP)')}</label>\n                  <div className=\"flex items-center gap-2\">\n                    <code className=\"flex-1 text-sm bg-background p-2 rounded border font-mono break-all\">{callbackUrl}</code>\n                    <Button\n                      variant=\"outline\"\n                      size=\"sm\"\n                      onClick={() => {\n                        navigator.clipboard.writeText(callbackUrl)\n                        flash(t('common.copied', 'Copied to clipboard'), 'success')\n                      }}\n                    >\n                      {t('common.copy', 'Copy')}\n                    </Button>\n                  </div>\n                </div>\n              </div>\n            </div>\n          )}\n\n          {step === 'domains' && (\n            <div>\n              <h2 className=\"text-lg font-semibold mb-4\">{t('sso.admin.wizard.domains.title', 'Allowed Email Domains')}</h2>\n              <p className=\"text-sm text-muted-foreground mb-4\">\n                {t('sso.admin.wizard.domains.description', 'Users with email addresses matching these domains will be redirected to your SSO provider.')}\n              </p>\n              <div className=\"flex items-center gap-2 mb-4\">\n                <input\n                  type=\"text\"\n                  className=\"flex-1 rounded-md border px-3 py-2 text-sm\"\n                  placeholder={t('sso.admin.wizard.domains.placeholder', 'example.com')}\n                  value={domainInput}\n                  onChange={(e) => { setDomainInput(e.target.value); setDomainError('') }}\n                  onKeyDown={(e) => { if (e.key === 'Enter') { e.preventDefault(); handleAddDomain() } }}\n                />\n                <Button variant=\"outline\" onClick={handleAddDomain}>\n                  {t('common.add', 'Add')}\n                </Button>\n              </div>\n              {domainError && <p className=\"text-sm text-destructive mb-2\">{domainError}</p>}\n              {state.domains.length > 0 && (\n                <div className=\"space-y-2\">\n                  {state.domains.map((domain) => (\n                    <div key={domain} className=\"flex items-center justify-between p-2 border rounded-md\">\n                      <code className=\"text-sm font-mono\">{domain}</code>\n                      <Button variant=\"ghost\" size=\"sm\" onClick={() => handleRemoveDomain(domain)}>\n                        {t('common.remove', 'Remove')}\n                      </Button>\n                    </div>\n                  ))}\n                </div>\n              )}\n            </div>\n          )}\n\n          {step === 'options' && (\n            <div>\n              <h2 className=\"text-lg font-semibold mb-4\">{t('sso.admin.wizard.options.title', 'Options')}</h2>\n              <div className=\"space-y-4\">\n                <label className=\"flex items-center gap-3\">\n                  <input\n                    type=\"checkbox\"\n                    checked={state.jitEnabled}\n                    onChange={(e) => setState((prev) => ({ ...prev, jitEnabled: e.target.checked }))}\n                    className=\"accent-primary\"\n                  />\n                  <div>\n                    <div className=\"font-medium text-sm\">{t('sso.admin.field.jitEnabled', 'Just-in-Time Provisioning')}</div>\n                    <div className=\"text-xs text-muted-foreground\">\n                      {t('sso.admin.field.jitEnabledDesc', 'Automatically create user accounts on first SSO login')}\n                    </div>\n                  </div>\n                </label>\n                <label className=\"flex items-center gap-3\">\n                  <input\n                    type=\"checkbox\"\n                    checked={state.autoLinkByEmail}\n                    onChange={(e) => setState((prev) => ({ ...prev, autoLinkByEmail: e.target.checked }))}\n                    className=\"accent-primary\"\n                  />\n                  <div>\n                    <div className=\"font-medium text-sm\">{t('sso.admin.field.autoLinkByEmail', 'Auto-link by Email')}</div>\n                    <div className=\"text-xs text-muted-foreground\">\n                      {t('sso.admin.field.autoLinkByEmailDesc', 'Automatically link existing users by matching email address')}\n                    </div>\n                  </div>\n                </label>\n              </div>\n            </div>\n          )}\n\n          {step === 'review' && (\n            <div>\n              <h2 className=\"text-lg font-semibold mb-4\">{t('sso.admin.wizard.review.title', 'Review & Save')}</h2>\n              <div className=\"space-y-4\">\n                <div className=\"border rounded-lg divide-y\">\n                  <div className=\"flex justify-between p-3\">\n                    <span className=\"text-sm text-muted-foreground\">{t('sso.admin.field.name', 'Name')}</span>\n                    <span className=\"text-sm font-medium\">{state.name}</span>\n                  </div>\n                  <div className=\"flex justify-between p-3\">\n                    <span className=\"text-sm text-muted-foreground\">{t('sso.admin.field.protocol', 'Protocol')}</span>\n                    <span className=\"text-sm font-medium\">{state.protocol.toUpperCase()}</span>\n                  </div>\n                  <div className=\"flex justify-between p-3\">\n                    <span className=\"text-sm text-muted-foreground\">{t('sso.admin.field.issuer', 'Issuer')}</span>\n                    <span className=\"text-sm font-medium break-all\">{state.issuer}</span>\n                  </div>\n                  <div className=\"flex justify-between p-3\">\n                    <span className=\"text-sm text-muted-foreground\">{t('sso.admin.field.clientId', 'Client ID')}</span>\n                    <span className=\"text-sm font-medium\">{state.clientId}</span>\n                  </div>\n                  <div className=\"flex justify-between p-3\">\n                    <span className=\"text-sm text-muted-foreground\">{t('sso.admin.wizard.domains.title', 'Domains')}</span>\n                    <span className=\"text-sm font-medium\">{state.domains.join(', ') || '\u2014'}</span>\n                  </div>\n                  <div className=\"flex justify-between p-3\">\n                    <span className=\"text-sm text-muted-foreground\">{t('sso.admin.field.jitEnabled', 'JIT Provisioning')}</span>\n                    <span className=\"text-sm font-medium\">{state.jitEnabled ? t('common.enabled', 'Enabled') : t('common.disabled', 'Disabled')}</span>\n                  </div>\n                  <div className=\"flex justify-between p-3\">\n                    <span className=\"text-sm text-muted-foreground\">{t('sso.admin.field.autoLinkByEmail', 'Auto-link')}</span>\n                    <span className=\"text-sm font-medium\">{state.autoLinkByEmail ? t('common.enabled', 'Enabled') : t('common.disabled', 'Disabled')}</span>\n                  </div>\n                </div>\n\n                {/* Test connection before saving */}\n                <div className=\"flex items-center gap-3 p-4 border rounded-lg bg-muted/30\">\n                  <Button\n                    variant=\"outline\"\n                    onClick={handleTestConnection}\n                    disabled={isTesting}\n                  >\n                    {isTesting\n                      ? t('sso.admin.wizard.review.testing', 'Testing...')\n                      : t('sso.admin.action.test', 'Verify Discovery')}\n                  </Button>\n                  {testResult && (\n                    <span className={`text-sm ${testResult.ok ? 'text-green-600' : 'text-destructive'}`}>\n                      {testResult.ok\n                        ? t('sso.admin.test.success', 'Discovery successful')\n                        : testResult.error || t('sso.admin.test.failed', 'Discovery failed')}\n                    </span>\n                  )}\n                </div>\n\n                <p className=\"text-sm text-muted-foreground\">\n                  {t('sso.admin.wizard.review.note', 'The configuration will be created as inactive. You can activate it from the detail page after verifying everything is correct.')}\n                </p>\n              </div>\n            </div>\n          )}\n\n          {/* Navigation */}\n          <div className=\"flex justify-between mt-8 pt-4 border-t\">\n            <div>\n              {currentStepIndex > 0 ? (\n                <Button variant=\"outline\" onClick={goBack}>\n                  {t('common.back', 'Back')}\n                </Button>\n              ) : (\n                <Button variant=\"outline\" onClick={() => router.push('/backend/sso')}>\n                  {t('common.cancel', 'Cancel')}\n                </Button>\n              )}\n            </div>\n            <div>\n              {step === 'review' ? (\n                <Button onClick={handleSubmit} disabled={!canProceed()}>\n                  {isSubmitting\n                    ? t('common.saving', 'Saving...')\n                    : t('sso.admin.wizard.review.save', 'Create Configuration')}\n                </Button>\n              ) : (\n                <Button onClick={goNext} disabled={!canProceed()}>\n                  {t('common.next', 'Next')}\n                </Button>\n              )}\n            </div>\n          </div>\n        </div>\n      </PageBody>\n    </Page>\n  )\n}\n"],
+  "mappings": ";AAgMc,SACE,KADF;AA9Ld,OAAO,WAAW;AAClB,SAAS,iBAAiB;AAC1B,SAAS,MAAM,gBAAgB;AAC/B,SAAS,cAAc;AACvB,SAAS,SAAS,sBAAsB;AACxC,SAAS,aAAa;AACtB,SAAS,YAAY;AACrB,SAAS,0BAA0B;AAInC,MAAM,QAAsB,CAAC,YAAY,eAAe,WAAW,WAAW,QAAQ;AAatF,MAAM,eAA4B;AAAA,EAChC,MAAM;AAAA,EACN,UAAU;AAAA,EACV,QAAQ;AAAA,EACR,UAAU;AAAA,EACV,cAAc;AAAA,EACd,SAAS,CAAC;AAAA,EACV,YAAY;AAAA,EACZ,iBAAiB;AACnB;AAEe,SAAR,wBAAyC;AAC9C,QAAM,SAAS,UAAU;AACzB,QAAM,IAAI,KAAK;AACf,QAAM,CAAC,MAAM,OAAO,IAAI,MAAM,SAAqB,UAAU;AAC7D,QAAM,CAAC,OAAO,QAAQ,IAAI,MAAM,SAAsB,YAAY;AAClE,QAAM,CAAC,aAAa,cAAc,IAAI,MAAM,SAAS,EAAE;AACvD,QAAM,CAAC,aAAa,cAAc,IAAI,MAAM,SAAS,EAAE;AACvD,QAAM,CAAC,cAAc,eAAe,IAAI,MAAM,SAAS,KAAK;AAC5D,QAAM,CAAC,YAAY,aAAa,IAAI,MAAM,SAAiD,IAAI;AAC/F,QAAM,CAAC,WAAW,YAAY,IAAI,MAAM,SAAS,KAAK;AAEtD,QAAM,EAAE,aAAa,kBAAkB,IAAI,mBAA4C;AAAA,IACrF,WAAW;AAAA,EACb,CAAC;AACD,QAAM,yBAAyB,MAAM;AAAA,IACnC,OAAW,WAA6B,oBAA0D;AAChG,aAAO,YAAY;AAAA,QACjB;AAAA,QACA;AAAA,QACA,SAAS,EAAE,kBAAkB;AAAA,MAC/B,CAAC;AAAA,IACH;AAAA,IACA,CAAC,mBAAmB,WAAW;AAAA,EACjC;AAEA,QAAM,UAAU,MAAM;AACpB,UAAM,gBAAgB,YAAY;AAChC,YAAM,OAAO,MAAM,QAAqC,4BAA4B;AACpF,UAAI,KAAK,MAAM,KAAK,UAAU,KAAK,OAAO,MAAM,SAAS,GAAG;AAC1D,cAAM,EAAE,iCAAiC,2DAA2D,GAAG,OAAO;AAC9G,eAAO,QAAQ,uBAAuB,KAAK,OAAO,MAAM,CAAC,EAAE,EAAE,EAAE;AAAA,MACjE;AAAA,IACF;AACA,kBAAc;AAAA,EAChB,GAAG,CAAC,QAAQ,CAAC,CAAC;AAEd,QAAM,mBAAmB,MAAM,QAAQ,IAAI;AAE3C,QAAM,cAAc,OAAO,WAAW,cAClC,GAAG,OAAO,SAAS,MAAM,2BACzB;AAEJ,QAAM,SAAS,MAAM;AACnB,UAAM,YAAY,mBAAmB;AACrC,QAAI,YAAY,MAAM,OAAQ,SAAQ,MAAM,SAAS,CAAC;AAAA,EACxD;AAEA,QAAM,SAAS,MAAM;AACnB,UAAM,YAAY,mBAAmB;AACrC,QAAI,aAAa,EAAG,SAAQ,MAAM,SAAS,CAAC;AAAA,EAC9C;AAEA,QAAM,kBAAkB,MAAM;AAC5B,UAAM,aAAa,YAAY,KAAK,EAAE,YAAY;AAClD,QAAI,CAAC,WAAY;AAEjB,UAAM,cAAc;AACpB,QAAI,CAAC,YAAY,KAAK,UAAU,KAAK,CAAC,WAAW,SAAS,GAAG,GAAG;AAC9D,qBAAe,EAAE,mCAAmC,uBAAuB,CAAC;AAC5E;AAAA,IACF;AAEA,QAAI,MAAM,QAAQ,SAAS,UAAU,GAAG;AACtC,qBAAe,EAAE,qCAAqC,sBAAsB,CAAC;AAC7E;AAAA,IACF;AAEA,QAAI,MAAM,QAAQ,UAAU,IAAI;AAC9B,qBAAe,EAAE,iCAAiC,sCAAsC,CAAC;AACzF;AAAA,IACF;AAEA,aAAS,CAAC,UAAU,EAAE,GAAG,MAAM,SAAS,CAAC,GAAG,KAAK,SAAS,UAAU,EAAE,EAAE;AACxE,mBAAe,EAAE;AACjB,mBAAe,EAAE;AAAA,EACnB;AAEA,QAAM,qBAAqB,CAAC,WAAmB;AAC7C,aAAS,CAAC,UAAU,EAAE,GAAG,MAAM,SAAS,KAAK,QAAQ,OAAO,CAAC,MAAM,MAAM,MAAM,EAAE,EAAE;AAAA,EACrF;AAEA,QAAM,eAAe,YAAY;AAC/B,oBAAgB,IAAI;AACpB,QAAI;AACF,YAAM,UAAU;AAAA,QACd,MAAM,MAAM;AAAA,QACZ,UAAU,MAAM;AAAA,QAChB,QAAQ,MAAM;AAAA,QACd,UAAU,MAAM;AAAA,QAChB,cAAc,MAAM;AAAA,QACpB,gBAAgB,MAAM;AAAA,QACtB,YAAY,MAAM;AAAA,QAClB,iBAAiB,MAAM;AAAA,MACzB;AACA,YAAM,OAAO,MAAM;AAAA,QACjB,MAAM;AAAA,UACJ;AAAA,UACA;AAAA,YACE,QAAQ;AAAA,YACR,SAAS,EAAE,gBAAgB,mBAAmB;AAAA,YAC9C,MAAM,KAAK,UAAU,OAAO;AAAA,UAC9B;AAAA,UACA,EAAE,cAAc,EAAE,gCAAgC,oCAAoC,EAAE;AAAA,QAC1F;AAAA,QACA;AAAA,MACF;AACA,YAAM,EAAE,qBAAqB,2BAA2B,GAAG,SAAS;AACpE,aAAO,KAAK,uBAAuB,KAAK,QAAQ,EAAE,YAAY;AAAA,IAChE,QAAQ;AAAA,IAER,UAAE;AACA,sBAAgB,KAAK;AAAA,IACvB;AAAA,EACF;AAEA,QAAM,uBAAuB,YAAY;AACvC,iBAAa,IAAI;AACjB,kBAAc,IAAI;AAClB,QAAI;AAGF,YAAM,WAAW,MAAM,MAAM,MAAM,SAAS,mCAAmC;AAC/E,UAAI,SAAS,IAAI;AACf,sBAAc,EAAE,IAAI,KAAK,CAAC;AAC1B,cAAM,EAAE,0BAA0B,iDAA4C,GAAG,SAAS;AAAA,MAC5F,OAAO;AACL,sBAAc,EAAE,IAAI,OAAO,OAAO,QAAQ,SAAS,MAAM,GAAG,CAAC;AAC7D,cAAM,EAAE,yBAAyB,kBAAkB,GAAG,OAAO;AAAA,MAC/D;AAAA,IACF,SAAS,KAAK;AACZ,oBAAc,EAAE,IAAI,OAAO,OAAO,OAAO,GAAG,EAAE,CAAC;AAC/C,YAAM,EAAE,yBAAyB,iDAA4C,GAAG,OAAO;AAAA,IACzF,UAAE;AACA,mBAAa,KAAK;AAAA,IACpB;AAAA,EACF;AAEA,QAAM,aAAa,MAAe;AAChC,YAAQ,MAAM;AAAA,MACZ,KAAK;AAAY,eAAO;AAAA,MACxB,KAAK;AAAe,eAAO,CAAC,EAAE,MAAM,QAAQ,MAAM,UAAU,MAAM,YAAY,MAAM;AAAA,MACpF,KAAK;AAAW,eAAO;AAAA,MACvB,KAAK;AAAW,eAAO;AAAA,MACvB,KAAK;AAAU,eAAO,CAAC;AAAA,MACvB;AAAS,eAAO;AAAA,IAClB;AAAA,EACF;AAEA,SACE,oBAAC,QACC,8BAAC,YACC,+BAAC,SAAI,WAAU,qBAEb;AAAA,wBAAC,SAAI,WAAU,gCACZ,gBAAM,IAAI,CAAC,GAAG,MACb,qBAAC,MAAM,UAAN,EACC;AAAA;AAAA,QAAC;AAAA;AAAA,UACC,WAAW,6EACT,KAAK,mBACD,uCACA,gCACN;AAAA,UAEC,cAAI;AAAA;AAAA,MACP;AAAA,MACC,IAAI,MAAM,SAAS,KAClB,oBAAC,SAAI,WAAW,gBAAgB,IAAI,mBAAmB,eAAe,UAAU,IAAI;AAAA,SAXnE,CAarB,CACD,GACH;AAAA,IAGC,SAAS,cACR,qBAAC,SACC;AAAA,0BAAC,QAAG,WAAU,8BAA8B,YAAE,mCAAmC,iBAAiB,GAAE;AAAA,MACpG,qBAAC,SAAI,WAAU,aACb;AAAA,6BAAC,WAAM,WAAU,4FACf;AAAA,8BAAC,WAAM,MAAK,SAAQ,MAAK,YAAW,OAAM,QAAO,SAAO,MAAC,UAAQ,MAAC,WAAU,kBAAiB;AAAA,UAC7F,qBAAC,SACC;AAAA,gCAAC,SAAI,WAAU,eAAc,mCAAqB;AAAA,YAClD,oBAAC,SAAI,WAAU,iCACZ,YAAE,sCAAsC,0EAA0E,GACrH;AAAA,aACF;AAAA,WACF;AAAA,QACA,qBAAC,SAAI,WAAU,2FACb;AAAA,8BAAC,WAAM,MAAK,SAAQ,MAAK,YAAW,OAAM,QAAO,UAAQ,MAAC,WAAU,kBAAiB;AAAA,UACrF,qBAAC,SACC;AAAA,gCAAC,SAAI,WAAU,eAAc,sBAAQ;AAAA,YACrC,oBAAC,SAAI,WAAU,iCACZ,YAAE,sCAAsC,aAAa,GACxD;AAAA,aACF;AAAA,WACF;AAAA,SACF;AAAA,OACF;AAAA,IAGD,SAAS,iBACR,qBAAC,SACC;AAAA,0BAAC,QAAG,WAAU,8BAA8B,YAAE,sCAAsC,kBAAkB,GAAE;AAAA,MACxG,qBAAC,SAAI,WAAU,aACb;AAAA,6BAAC,SACC;AAAA,8BAAC,WAAM,WAAU,kCAAkC,YAAE,wBAAwB,oBAAoB,GAAE;AAAA,UACnG;AAAA,YAAC;AAAA;AAAA,cACC,MAAK;AAAA,cACL,WAAU;AAAA,cACV,aAAa,EAAE,gDAAgD,0BAA0B;AAAA,cACzF,OAAO,MAAM;AAAA,cACb,UAAU,CAAC,MAAM,SAAS,CAAC,UAAU,EAAE,GAAG,MAAM,MAAM,EAAE,OAAO,MAAM,EAAE;AAAA;AAAA,UACzE;AAAA,WACF;AAAA,QACA,qBAAC,SACC;AAAA,8BAAC,WAAM,WAAU,kCAAkC,YAAE,0BAA0B,YAAY,GAAE;AAAA,UAC7F;AAAA,YAAC;AAAA;AAAA,cACC,MAAK;AAAA,cACL,WAAU;AAAA,cACV,aAAY;AAAA,cACZ,OAAO,MAAM;AAAA,cACb,UAAU,CAAC,MAAM,SAAS,CAAC,UAAU,EAAE,GAAG,MAAM,QAAQ,EAAE,OAAO,MAAM,EAAE;AAAA;AAAA,UAC3E;AAAA,WACF;AAAA,QACA,qBAAC,SACC;AAAA,8BAAC,WAAM,WAAU,kCAAkC,YAAE,4BAA4B,WAAW,GAAE;AAAA,UAC9F;AAAA,YAAC;AAAA;AAAA,cACC,MAAK;AAAA,cACL,WAAU;AAAA,cACV,OAAO,MAAM;AAAA,cACb,UAAU,CAAC,MAAM,SAAS,CAAC,UAAU,EAAE,GAAG,MAAM,UAAU,EAAE,OAAO,MAAM,EAAE;AAAA;AAAA,UAC7E;AAAA,WACF;AAAA,QACA,qBAAC,SACC;AAAA,8BAAC,WAAM,WAAU,kCAAkC,YAAE,gCAAgC,eAAe,GAAE;AAAA,UACtG;AAAA,YAAC;AAAA;AAAA,cACC,MAAK;AAAA,cACL,WAAU;AAAA,cACV,OAAO,MAAM;AAAA,cACb,UAAU,CAAC,MAAM,SAAS,CAAC,UAAU,EAAE,GAAG,MAAM,cAAc,EAAE,OAAO,MAAM,EAAE;AAAA;AAAA,UACjF;AAAA,WACF;AAAA,QACA,qBAAC,SAAI,WAAU,8BACb;AAAA,8BAAC,WAAM,WAAU,kCAAkC,YAAE,4CAA4C,iCAAiC,GAAE;AAAA,UACpI,qBAAC,SAAI,WAAU,2BACb;AAAA,gCAAC,UAAK,WAAU,uEAAuE,uBAAY;AAAA,YACnG;AAAA,cAAC;AAAA;AAAA,gBACC,SAAQ;AAAA,gBACR,MAAK;AAAA,gBACL,SAAS,MAAM;AACb,4BAAU,UAAU,UAAU,WAAW;AACzC,wBAAM,EAAE,iBAAiB,qBAAqB,GAAG,SAAS;AAAA,gBAC5D;AAAA,gBAEC,YAAE,eAAe,MAAM;AAAA;AAAA,YAC1B;AAAA,aACF;AAAA,WACF;AAAA,SACF;AAAA,OACF;AAAA,IAGD,SAAS,aACR,qBAAC,SACC;AAAA,0BAAC,QAAG,WAAU,8BAA8B,YAAE,kCAAkC,uBAAuB,GAAE;AAAA,MACzG,oBAAC,OAAE,WAAU,sCACV,YAAE,wCAAwC,4FAA4F,GACzI;AAAA,MACA,qBAAC,SAAI,WAAU,gCACb;AAAA;AAAA,UAAC;AAAA;AAAA,YACC,MAAK;AAAA,YACL,WAAU;AAAA,YACV,aAAa,EAAE,wCAAwC,aAAa;AAAA,YACpE,OAAO;AAAA,YACP,UAAU,CAAC,MAAM;AAAE,6BAAe,EAAE,OAAO,KAAK;AAAG,6BAAe,EAAE;AAAA,YAAE;AAAA,YACtE,WAAW,CAAC,MAAM;AAAE,kBAAI,EAAE,QAAQ,SAAS;AAAE,kBAAE,eAAe;AAAG,gCAAgB;AAAA,cAAE;AAAA,YAAE;AAAA;AAAA,QACvF;AAAA,QACA,oBAAC,UAAO,SAAQ,WAAU,SAAS,iBAChC,YAAE,cAAc,KAAK,GACxB;AAAA,SACF;AAAA,MACC,eAAe,oBAAC,OAAE,WAAU,iCAAiC,uBAAY;AAAA,MACzE,MAAM,QAAQ,SAAS,KACtB,oBAAC,SAAI,WAAU,aACZ,gBAAM,QAAQ,IAAI,CAAC,WAClB,qBAAC,SAAiB,WAAU,2DAC1B;AAAA,4BAAC,UAAK,WAAU,qBAAqB,kBAAO;AAAA,QAC5C,oBAAC,UAAO,SAAQ,SAAQ,MAAK,MAAK,SAAS,MAAM,mBAAmB,MAAM,GACvE,YAAE,iBAAiB,QAAQ,GAC9B;AAAA,WAJQ,MAKV,CACD,GACH;AAAA,OAEJ;AAAA,IAGD,SAAS,aACR,qBAAC,SACC;AAAA,0BAAC,QAAG,WAAU,8BAA8B,YAAE,kCAAkC,SAAS,GAAE;AAAA,MAC3F,qBAAC,SAAI,WAAU,aACb;AAAA,6BAAC,WAAM,WAAU,2BACf;AAAA;AAAA,YAAC;AAAA;AAAA,cACC,MAAK;AAAA,cACL,SAAS,MAAM;AAAA,cACf,UAAU,CAAC,MAAM,SAAS,CAAC,UAAU,EAAE,GAAG,MAAM,YAAY,EAAE,OAAO,QAAQ,EAAE;AAAA,cAC/E,WAAU;AAAA;AAAA,UACZ;AAAA,UACA,qBAAC,SACC;AAAA,gCAAC,SAAI,WAAU,uBAAuB,YAAE,8BAA8B,2BAA2B,GAAE;AAAA,YACnG,oBAAC,SAAI,WAAU,iCACZ,YAAE,kCAAkC,uDAAuD,GAC9F;AAAA,aACF;AAAA,WACF;AAAA,QACA,qBAAC,WAAM,WAAU,2BACf;AAAA;AAAA,YAAC;AAAA;AAAA,cACC,MAAK;AAAA,cACL,SAAS,MAAM;AAAA,cACf,UAAU,CAAC,MAAM,SAAS,CAAC,UAAU,EAAE,GAAG,MAAM,iBAAiB,EAAE,OAAO,QAAQ,EAAE;AAAA,cACpF,WAAU;AAAA;AAAA,UACZ;AAAA,UACA,qBAAC,SACC;AAAA,gCAAC,SAAI,WAAU,uBAAuB,YAAE,mCAAmC,oBAAoB,GAAE;AAAA,YACjG,oBAAC,SAAI,WAAU,iCACZ,YAAE,uCAAuC,6DAA6D,GACzG;AAAA,aACF;AAAA,WACF;AAAA,SACF;AAAA,OACF;AAAA,IAGD,SAAS,YACR,qBAAC,SACC;AAAA,0BAAC,QAAG,WAAU,8BAA8B,YAAE,iCAAiC,eAAe,GAAE;AAAA,MAChG,qBAAC,SAAI,WAAU,aACb;AAAA,6BAAC,SAAI,WAAU,8BACb;AAAA,+BAAC,SAAI,WAAU,4BACb;AAAA,gCAAC,UAAK,WAAU,iCAAiC,YAAE,wBAAwB,MAAM,GAAE;AAAA,YACnF,oBAAC,UAAK,WAAU,uBAAuB,gBAAM,MAAK;AAAA,aACpD;AAAA,UACA,qBAAC,SAAI,WAAU,4BACb;AAAA,gCAAC,UAAK,WAAU,iCAAiC,YAAE,4BAA4B,UAAU,GAAE;AAAA,YAC3F,oBAAC,UAAK,WAAU,uBAAuB,gBAAM,SAAS,YAAY,GAAE;AAAA,aACtE;AAAA,UACA,qBAAC,SAAI,WAAU,4BACb;AAAA,gCAAC,UAAK,WAAU,iCAAiC,YAAE,0BAA0B,QAAQ,GAAE;AAAA,YACvF,oBAAC,UAAK,WAAU,iCAAiC,gBAAM,QAAO;AAAA,aAChE;AAAA,UACA,qBAAC,SAAI,WAAU,4BACb;AAAA,gCAAC,UAAK,WAAU,iCAAiC,YAAE,4BAA4B,WAAW,GAAE;AAAA,YAC5F,oBAAC,UAAK,WAAU,uBAAuB,gBAAM,UAAS;AAAA,aACxD;AAAA,UACA,qBAAC,SAAI,WAAU,4BACb;AAAA,gCAAC,UAAK,WAAU,iCAAiC,YAAE,kCAAkC,SAAS,GAAE;AAAA,YAChG,oBAAC,UAAK,WAAU,uBAAuB,gBAAM,QAAQ,KAAK,IAAI,KAAK,UAAI;AAAA,aACzE;AAAA,UACA,qBAAC,SAAI,WAAU,4BACb;AAAA,gCAAC,UAAK,WAAU,iCAAiC,YAAE,8BAA8B,kBAAkB,GAAE;AAAA,YACrG,oBAAC,UAAK,WAAU,uBAAuB,gBAAM,aAAa,EAAE,kBAAkB,SAAS,IAAI,EAAE,mBAAmB,UAAU,GAAE;AAAA,aAC9H;AAAA,UACA,qBAAC,SAAI,WAAU,4BACb;AAAA,gCAAC,UAAK,WAAU,iCAAiC,YAAE,mCAAmC,WAAW,GAAE;AAAA,YACnG,oBAAC,UAAK,WAAU,uBAAuB,gBAAM,kBAAkB,EAAE,kBAAkB,SAAS,IAAI,EAAE,mBAAmB,UAAU,GAAE;AAAA,aACnI;AAAA,WACF;AAAA,QAGA,qBAAC,SAAI,WAAU,6DACb;AAAA;AAAA,YAAC;AAAA;AAAA,cACC,SAAQ;AAAA,cACR,SAAS;AAAA,cACT,UAAU;AAAA,cAET,sBACG,EAAE,mCAAmC,YAAY,IACjD,EAAE,yBAAyB,kBAAkB;AAAA;AAAA,UACnD;AAAA,UACC,cACC,oBAAC,UAAK,WAAW,WAAW,WAAW,KAAK,mBAAmB,kBAAkB,IAC9E,qBAAW,KACR,EAAE,0BAA0B,sBAAsB,IAClD,WAAW,SAAS,EAAE,yBAAyB,kBAAkB,GACvE;AAAA,WAEJ;AAAA,QAEA,oBAAC,OAAE,WAAU,iCACV,YAAE,gCAAgC,gIAAgI,GACrK;AAAA,SACF;AAAA,OACF;AAAA,IAIF,qBAAC,SAAI,WAAU,2CACb;AAAA,0BAAC,SACE,6BAAmB,IAClB,oBAAC,UAAO,SAAQ,WAAU,SAAS,QAChC,YAAE,eAAe,MAAM,GAC1B,IAEA,oBAAC,UAAO,SAAQ,WAAU,SAAS,MAAM,OAAO,KAAK,cAAc,GAChE,YAAE,iBAAiB,QAAQ,GAC9B,GAEJ;AAAA,MACA,oBAAC,SACE,mBAAS,WACR,oBAAC,UAAO,SAAS,cAAc,UAAU,CAAC,WAAW,GAClD,yBACG,EAAE,iBAAiB,WAAW,IAC9B,EAAE,gCAAgC,sBAAsB,GAC9D,IAEA,oBAAC,UAAO,SAAS,QAAQ,UAAU,CAAC,WAAW,GAC5C,YAAE,eAAe,MAAM,GAC1B,GAEJ;AAAA,OACF;AAAA,KACF,GACF,GACF;AAEJ;",
+  "names": []
+}

package/dist/modules/sso/backend/sso/config/new/page.meta.js

@@ -0,0 +1,19 @@
+const metadata = {
+  requireAuth: true,
+  requireFeatures: ["sso.config.manage"],
+  pageTitle: "Configure SSO",
+  pageTitleKey: "sso.admin.create.title",
+  pageGroup: "Auth",
+  pageGroupKey: "settings.sections.auth",
+  pageOrder: 521,
+  pageContext: "settings",
+  navHidden: true,
+  breadcrumb: [
+    { label: "Single Sign-On", labelKey: "sso.admin.title", href: "/backend/sso" },
+    { label: "Configure SSO", labelKey: "sso.admin.create.title" }
+  ]
+};
+export {
+  metadata
+};
+//# sourceMappingURL=page.meta.js.map

package/dist/modules/sso/backend/sso/config/new/page.meta.js.map

@@ -0,0 +1,7 @@
+{
+  "version": 3,
+  "sources": ["../../../../../../../src/modules/sso/backend/sso/config/new/page.meta.ts"],
+  "sourcesContent": ["export const metadata = {\n  requireAuth: true,\n  requireFeatures: ['sso.config.manage'],\n  pageTitle: 'Configure SSO',\n  pageTitleKey: 'sso.admin.create.title',\n  pageGroup: 'Auth',\n  pageGroupKey: 'settings.sections.auth',\n  pageOrder: 521,\n  pageContext: 'settings' as const,\n  navHidden: true,\n  breadcrumb: [\n    { label: 'Single Sign-On', labelKey: 'sso.admin.title', href: '/backend/sso' },\n    { label: 'Configure SSO', labelKey: 'sso.admin.create.title' },\n  ],\n}\n"],
+  "mappings": "AAAO,MAAM,WAAW;AAAA,EACtB,aAAa;AAAA,EACb,iBAAiB,CAAC,mBAAmB;AAAA,EACrC,WAAW;AAAA,EACX,cAAc;AAAA,EACd,WAAW;AAAA,EACX,cAAc;AAAA,EACd,WAAW;AAAA,EACX,aAAa;AAAA,EACb,WAAW;AAAA,EACX,YAAY;AAAA,IACV,EAAE,OAAO,kBAAkB,UAAU,mBAAmB,MAAM,eAAe;AAAA,IAC7E,EAAE,OAAO,iBAAiB,UAAU,yBAAyB;AAAA,EAC/D;AACF;",
+  "names": []
+}

package/dist/modules/sso/data/entities.js

@@ -0,0 +1,299 @@
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __decorateClass = (decorators, target, key, kind) => {
+  var result = kind > 1 ? void 0 : kind ? __getOwnPropDesc(target, key) : target;
+  for (var i = decorators.length - 1, decorator; i >= 0; i--)
+    if (decorator = decorators[i])
+      result = (kind ? decorator(target, key, result) : decorator(result)) || result;
+  if (kind && result) __defProp(target, key, result);
+  return result;
+};
+import { Entity, PrimaryKey, Property, Unique, Index } from "@mikro-orm/core";
+let SsoConfig = class {
+  constructor() {
+    this.allowedDomains = [];
+    this.jitEnabled = true;
+    this.autoLinkByEmail = true;
+    this.isActive = false;
+    this.ssoRequired = false;
+    this.appRoleMappings = {};
+    this.createdAt = /* @__PURE__ */ new Date();
+    this.updatedAt = /* @__PURE__ */ new Date();
+  }
+};
+__decorateClass([
+  PrimaryKey({ type: "uuid", defaultRaw: "gen_random_uuid()" })
+], SsoConfig.prototype, "id", 2);
+__decorateClass([
+  Property({ name: "tenant_id", type: "uuid", nullable: true })
+], SsoConfig.prototype, "tenantId", 2);
+__decorateClass([
+  Property({ name: "organization_id", type: "uuid" })
+], SsoConfig.prototype, "organizationId", 2);
+__decorateClass([
+  Property({ type: "text", nullable: true })
+], SsoConfig.prototype, "name", 2);
+__decorateClass([
+  Property({ type: "text" })
+], SsoConfig.prototype, "protocol", 2);
+__decorateClass([
+  Property({ type: "text", nullable: true })
+], SsoConfig.prototype, "issuer", 2);
+__decorateClass([
+  Property({ name: "client_id", type: "text", nullable: true })
+], SsoConfig.prototype, "clientId", 2);
+__decorateClass([
+  Property({ name: "client_secret_enc", type: "text", nullable: true })
+], SsoConfig.prototype, "clientSecretEnc", 2);
+__decorateClass([
+  Property({ name: "allowed_domains", type: "jsonb", default: "[]" })
+], SsoConfig.prototype, "allowedDomains", 2);
+__decorateClass([
+  Property({ name: "jit_enabled", type: "boolean", default: true })
+], SsoConfig.prototype, "jitEnabled", 2);
+__decorateClass([
+  Property({ name: "auto_link_by_email", type: "boolean", default: true })
+], SsoConfig.prototype, "autoLinkByEmail", 2);
+__decorateClass([
+  Property({ name: "is_active", type: "boolean", default: false })
+], SsoConfig.prototype, "isActive", 2);
+__decorateClass([
+  Property({ name: "sso_required", type: "boolean", default: false })
+], SsoConfig.prototype, "ssoRequired", 2);
+__decorateClass([
+  Property({ name: "app_role_mappings", type: "jsonb", default: "{}" })
+], SsoConfig.prototype, "appRoleMappings", 2);
+__decorateClass([
+  Property({ name: "created_at", type: Date, onCreate: () => /* @__PURE__ */ new Date() })
+], SsoConfig.prototype, "createdAt", 2);
+__decorateClass([
+  Property({ name: "updated_at", type: Date, onCreate: () => /* @__PURE__ */ new Date(), onUpdate: () => /* @__PURE__ */ new Date() })
+], SsoConfig.prototype, "updatedAt", 2);
+__decorateClass([
+  Property({ name: "deleted_at", type: Date, nullable: true })
+], SsoConfig.prototype, "deletedAt", 2);
+SsoConfig = __decorateClass([
+  Entity({ tableName: "sso_configs" })
+], SsoConfig);
+let SsoIdentity = class {
+  constructor() {
+    this.idpGroups = [];
+    this.createdAt = /* @__PURE__ */ new Date();
+    this.updatedAt = /* @__PURE__ */ new Date();
+  }
+};
+__decorateClass([
+  PrimaryKey({ type: "uuid", defaultRaw: "gen_random_uuid()" })
+], SsoIdentity.prototype, "id", 2);
+__decorateClass([
+  Property({ name: "tenant_id", type: "uuid", nullable: true })
+], SsoIdentity.prototype, "tenantId", 2);
+__decorateClass([
+  Property({ name: "organization_id", type: "uuid" })
+], SsoIdentity.prototype, "organizationId", 2);
+__decorateClass([
+  Property({ name: "sso_config_id", type: "uuid" }),
+  Index({ name: "sso_identities_config_id_idx" })
+], SsoIdentity.prototype, "ssoConfigId", 2);
+__decorateClass([
+  Property({ name: "user_id", type: "uuid" }),
+  Index({ name: "sso_identities_user_id_idx" })
+], SsoIdentity.prototype, "userId", 2);
+__decorateClass([
+  Property({ name: "idp_subject", type: "text" })
+], SsoIdentity.prototype, "idpSubject", 2);
+__decorateClass([
+  Property({ name: "idp_email", type: "text" })
+], SsoIdentity.prototype, "idpEmail", 2);
+__decorateClass([
+  Property({ name: "idp_name", type: "text", nullable: true })
+], SsoIdentity.prototype, "idpName", 2);
+__decorateClass([
+  Property({ name: "idp_groups", type: "jsonb", default: "[]" })
+], SsoIdentity.prototype, "idpGroups", 2);
+__decorateClass([
+  Property({ name: "external_id", type: "text", nullable: true })
+], SsoIdentity.prototype, "externalId", 2);
+__decorateClass([
+  Property({ name: "provisioning_method", type: "text" })
+], SsoIdentity.prototype, "provisioningMethod", 2);
+__decorateClass([
+  Property({ name: "first_login_at", type: Date, nullable: true })
+], SsoIdentity.prototype, "firstLoginAt", 2);
+__decorateClass([
+  Property({ name: "last_login_at", type: Date, nullable: true })
+], SsoIdentity.prototype, "lastLoginAt", 2);
+__decorateClass([
+  Property({ name: "created_at", type: Date, onCreate: () => /* @__PURE__ */ new Date() })
+], SsoIdentity.prototype, "createdAt", 2);
+__decorateClass([
+  Property({ name: "updated_at", type: Date, onCreate: () => /* @__PURE__ */ new Date(), onUpdate: () => /* @__PURE__ */ new Date() })
+], SsoIdentity.prototype, "updatedAt", 2);
+__decorateClass([
+  Property({ name: "deleted_at", type: Date, nullable: true })
+], SsoIdentity.prototype, "deletedAt", 2);
+SsoIdentity = __decorateClass([
+  Entity({ tableName: "sso_identities" })
+], SsoIdentity);
+let ScimToken = class {
+  constructor() {
+    this.isActive = true;
+    this.createdAt = /* @__PURE__ */ new Date();
+    this.updatedAt = /* @__PURE__ */ new Date();
+  }
+};
+__decorateClass([
+  PrimaryKey({ type: "uuid", defaultRaw: "gen_random_uuid()" })
+], ScimToken.prototype, "id", 2);
+__decorateClass([
+  Property({ name: "tenant_id", type: "uuid", nullable: true })
+], ScimToken.prototype, "tenantId", 2);
+__decorateClass([
+  Property({ name: "organization_id", type: "uuid" })
+], ScimToken.prototype, "organizationId", 2);
+__decorateClass([
+  Property({ name: "sso_config_id", type: "uuid" }),
+  Index({ name: "scim_tokens_sso_config_id_idx" })
+], ScimToken.prototype, "ssoConfigId", 2);
+__decorateClass([
+  Property({ type: "text" })
+], ScimToken.prototype, "name", 2);
+__decorateClass([
+  Property({ name: "token_hash", type: "text" })
+], ScimToken.prototype, "tokenHash", 2);
+__decorateClass([
+  Property({ name: "token_prefix", type: "text" })
+], ScimToken.prototype, "tokenPrefix", 2);
+__decorateClass([
+  Property({ name: "is_active", type: "boolean", default: true })
+], ScimToken.prototype, "isActive", 2);
+__decorateClass([
+  Property({ name: "created_by", type: "uuid", nullable: true })
+], ScimToken.prototype, "createdBy", 2);
+__decorateClass([
+  Property({ name: "created_at", type: Date, onCreate: () => /* @__PURE__ */ new Date() })
+], ScimToken.prototype, "createdAt", 2);
+__decorateClass([
+  Property({ name: "updated_at", type: Date, onCreate: () => /* @__PURE__ */ new Date(), onUpdate: () => /* @__PURE__ */ new Date() })
+], ScimToken.prototype, "updatedAt", 2);
+ScimToken = __decorateClass([
+  Entity({ tableName: "scim_tokens" }),
+  Index({ name: "scim_tokens_token_prefix_idx", properties: ["tokenPrefix"] })
+], ScimToken);
+let SsoUserDeactivation = class {
+  constructor() {
+    this.deactivatedAt = /* @__PURE__ */ new Date();
+    this.createdAt = /* @__PURE__ */ new Date();
+  }
+};
+__decorateClass([
+  PrimaryKey({ type: "uuid", defaultRaw: "gen_random_uuid()" })
+], SsoUserDeactivation.prototype, "id", 2);
+__decorateClass([
+  Property({ name: "tenant_id", type: "uuid", nullable: true })
+], SsoUserDeactivation.prototype, "tenantId", 2);
+__decorateClass([
+  Property({ name: "organization_id", type: "uuid" })
+], SsoUserDeactivation.prototype, "organizationId", 2);
+__decorateClass([
+  Property({ name: "user_id", type: "uuid" }),
+  Index({ name: "sso_user_deactivations_user_id_idx" })
+], SsoUserDeactivation.prototype, "userId", 2);
+__decorateClass([
+  Property({ name: "sso_config_id", type: "uuid" })
+], SsoUserDeactivation.prototype, "ssoConfigId", 2);
+__decorateClass([
+  Property({ name: "deactivated_at", type: Date })
+], SsoUserDeactivation.prototype, "deactivatedAt", 2);
+__decorateClass([
+  Property({ name: "reactivated_at", type: Date, nullable: true })
+], SsoUserDeactivation.prototype, "reactivatedAt", 2);
+__decorateClass([
+  Property({ name: "created_at", type: Date, onCreate: () => /* @__PURE__ */ new Date() })
+], SsoUserDeactivation.prototype, "createdAt", 2);
+SsoUserDeactivation = __decorateClass([
+  Entity({ tableName: "sso_user_deactivations" }),
+  Unique({ properties: ["userId", "ssoConfigId"], name: "sso_user_deactivations_user_config_unique" })
+], SsoUserDeactivation);
+let ScimProvisioningLog = class {
+  constructor() {
+    this.createdAt = /* @__PURE__ */ new Date();
+  }
+};
+__decorateClass([
+  PrimaryKey({ type: "uuid", defaultRaw: "gen_random_uuid()" })
+], ScimProvisioningLog.prototype, "id", 2);
+__decorateClass([
+  Property({ name: "tenant_id", type: "uuid", nullable: true })
+], ScimProvisioningLog.prototype, "tenantId", 2);
+__decorateClass([
+  Property({ name: "organization_id", type: "uuid" })
+], ScimProvisioningLog.prototype, "organizationId", 2);
+__decorateClass([
+  Property({ name: "sso_config_id", type: "uuid" })
+], ScimProvisioningLog.prototype, "ssoConfigId", 2);
+__decorateClass([
+  Property({ type: "text" })
+], ScimProvisioningLog.prototype, "operation", 2);
+__decorateClass([
+  Property({ name: "resource_type", type: "text" })
+], ScimProvisioningLog.prototype, "resourceType", 2);
+__decorateClass([
+  Property({ name: "resource_id", type: "uuid", nullable: true })
+], ScimProvisioningLog.prototype, "resourceId", 2);
+__decorateClass([
+  Property({ name: "scim_external_id", type: "text", nullable: true })
+], ScimProvisioningLog.prototype, "scimExternalId", 2);
+__decorateClass([
+  Property({ name: "response_status", type: "integer" })
+], ScimProvisioningLog.prototype, "responseStatus", 2);
+__decorateClass([
+  Property({ name: "error_message", type: "text", nullable: true })
+], ScimProvisioningLog.prototype, "errorMessage", 2);
+__decorateClass([
+  Property({ name: "created_at", type: Date, onCreate: () => /* @__PURE__ */ new Date() })
+], ScimProvisioningLog.prototype, "createdAt", 2);
+ScimProvisioningLog = __decorateClass([
+  Entity({ tableName: "scim_provisioning_log" }),
+  Index({ name: "scim_provisioning_log_config_created_idx", properties: ["ssoConfigId", "createdAt"] })
+], ScimProvisioningLog);
+let SsoRoleGrant = class {
+  constructor() {
+    this.createdAt = /* @__PURE__ */ new Date();
+  }
+};
+__decorateClass([
+  PrimaryKey({ type: "uuid", defaultRaw: "gen_random_uuid()" })
+], SsoRoleGrant.prototype, "id", 2);
+__decorateClass([
+  Property({ name: "tenant_id", type: "uuid", nullable: true })
+], SsoRoleGrant.prototype, "tenantId", 2);
+__decorateClass([
+  Property({ name: "organization_id", type: "uuid" })
+], SsoRoleGrant.prototype, "organizationId", 2);
+__decorateClass([
+  Property({ name: "user_id", type: "uuid" }),
+  Index({ name: "sso_role_grants_user_id_idx" })
+], SsoRoleGrant.prototype, "userId", 2);
+__decorateClass([
+  Property({ name: "role_id", type: "uuid" })
+], SsoRoleGrant.prototype, "roleId", 2);
+__decorateClass([
+  Property({ name: "sso_config_id", type: "uuid" })
+], SsoRoleGrant.prototype, "ssoConfigId", 2);
+__decorateClass([
+  Property({ name: "created_at", type: Date, onCreate: () => /* @__PURE__ */ new Date() })
+], SsoRoleGrant.prototype, "createdAt", 2);
+SsoRoleGrant = __decorateClass([
+  Entity({ tableName: "sso_role_grants" }),
+  Unique({ properties: ["userId", "roleId", "ssoConfigId"], name: "sso_role_grants_user_role_config_unique" })
+], SsoRoleGrant);
+export {
+  ScimProvisioningLog,
+  ScimToken,
+  SsoConfig,
+  SsoIdentity,
+  SsoRoleGrant,
+  SsoUserDeactivation
+};
+//# sourceMappingURL=entities.js.map

package/dist/modules/sso/data/entities.js.map

@@ -0,0 +1,7 @@
+{
+  "version": 3,
+  "sources": ["../../../../src/modules/sso/data/entities.ts"],
+  "sourcesContent": ["import { Entity, PrimaryKey, Property, Unique, Index } from '@mikro-orm/core'\n\n@Entity({ tableName: 'sso_configs' })\n// Unique index on organization_id (partial: WHERE deleted_at IS NULL) \u2014 managed by migration\nexport class SsoConfig {\n  @PrimaryKey({ type: 'uuid', defaultRaw: 'gen_random_uuid()' })\n  id!: string\n\n  @Property({ name: 'tenant_id', type: 'uuid', nullable: true })\n  tenantId?: string | null\n\n  @Property({ name: 'organization_id', type: 'uuid' })\n  organizationId!: string\n\n  @Property({ type: 'text', nullable: true })\n  name?: string | null\n\n  @Property({ type: 'text' })\n  protocol!: string\n\n  @Property({ type: 'text', nullable: true })\n  issuer?: string | null\n\n  @Property({ name: 'client_id', type: 'text', nullable: true })\n  clientId?: string | null\n\n  @Property({ name: 'client_secret_enc', type: 'text', nullable: true })\n  clientSecretEnc?: string | null\n\n  @Property({ name: 'allowed_domains', type: 'jsonb', default: '[]' })\n  allowedDomains: string[] = []\n\n  @Property({ name: 'jit_enabled', type: 'boolean', default: true })\n  jitEnabled: boolean = true\n\n  @Property({ name: 'auto_link_by_email', type: 'boolean', default: true })\n  autoLinkByEmail: boolean = true\n\n  @Property({ name: 'is_active', type: 'boolean', default: false })\n  isActive: boolean = false\n\n  @Property({ name: 'sso_required', type: 'boolean', default: false })\n  ssoRequired: boolean = false\n\n  @Property({ name: 'app_role_mappings', type: 'jsonb', default: '{}' })\n  appRoleMappings: Record<string, string> = {}\n\n  @Property({ name: 'created_at', type: Date, onCreate: () => new Date() })\n  createdAt: Date = new Date()\n\n  @Property({ name: 'updated_at', type: Date, onCreate: () => new Date(), onUpdate: () => new Date() })\n  updatedAt: Date = new Date()\n\n  @Property({ name: 'deleted_at', type: Date, nullable: true })\n  deletedAt?: Date | null\n}\n\n@Entity({ tableName: 'sso_identities' })\n// Unique indexes (partial: WHERE deleted_at IS NULL) \u2014 managed by migration\nexport class SsoIdentity {\n  @PrimaryKey({ type: 'uuid', defaultRaw: 'gen_random_uuid()' })\n  id!: string\n\n  @Property({ name: 'tenant_id', type: 'uuid', nullable: true })\n  tenantId?: string | null\n\n  @Property({ name: 'organization_id', type: 'uuid' })\n  organizationId!: string\n\n  @Property({ name: 'sso_config_id', type: 'uuid' })\n  @Index({ name: 'sso_identities_config_id_idx' })\n  ssoConfigId!: string\n\n  @Property({ name: 'user_id', type: 'uuid' })\n  @Index({ name: 'sso_identities_user_id_idx' })\n  userId!: string\n\n  @Property({ name: 'idp_subject', type: 'text' })\n  idpSubject!: string\n\n  @Property({ name: 'idp_email', type: 'text' })\n  idpEmail!: string\n\n  @Property({ name: 'idp_name', type: 'text', nullable: true })\n  idpName?: string | null\n\n  @Property({ name: 'idp_groups', type: 'jsonb', default: '[]' })\n  idpGroups: string[] = []\n\n  @Property({ name: 'external_id', type: 'text', nullable: true })\n  externalId?: string | null\n\n  @Property({ name: 'provisioning_method', type: 'text' })\n  provisioningMethod!: string\n\n  @Property({ name: 'first_login_at', type: Date, nullable: true })\n  firstLoginAt?: Date | null\n\n  @Property({ name: 'last_login_at', type: Date, nullable: true })\n  lastLoginAt?: Date | null\n\n  @Property({ name: 'created_at', type: Date, onCreate: () => new Date() })\n  createdAt: Date = new Date()\n\n  @Property({ name: 'updated_at', type: Date, onCreate: () => new Date(), onUpdate: () => new Date() })\n  updatedAt: Date = new Date()\n\n  @Property({ name: 'deleted_at', type: Date, nullable: true })\n  deletedAt?: Date | null\n}\n\n@Entity({ tableName: 'scim_tokens' })\n@Index({ name: 'scim_tokens_token_prefix_idx', properties: ['tokenPrefix'] })\nexport class ScimToken {\n  @PrimaryKey({ type: 'uuid', defaultRaw: 'gen_random_uuid()' })\n  id!: string\n\n  @Property({ name: 'tenant_id', type: 'uuid', nullable: true })\n  tenantId?: string | null\n\n  @Property({ name: 'organization_id', type: 'uuid' })\n  organizationId!: string\n\n  @Property({ name: 'sso_config_id', type: 'uuid' })\n  @Index({ name: 'scim_tokens_sso_config_id_idx' })\n  ssoConfigId!: string\n\n  @Property({ type: 'text' })\n  name!: string\n\n  @Property({ name: 'token_hash', type: 'text' })\n  tokenHash!: string\n\n  @Property({ name: 'token_prefix', type: 'text' })\n  tokenPrefix!: string\n\n  @Property({ name: 'is_active', type: 'boolean', default: true })\n  isActive: boolean = true\n\n  @Property({ name: 'created_by', type: 'uuid', nullable: true })\n  createdBy?: string | null\n\n  @Property({ name: 'created_at', type: Date, onCreate: () => new Date() })\n  createdAt: Date = new Date()\n\n  @Property({ name: 'updated_at', type: Date, onCreate: () => new Date(), onUpdate: () => new Date() })\n  updatedAt: Date = new Date()\n}\n\n@Entity({ tableName: 'sso_user_deactivations' })\n@Unique({ properties: ['userId', 'ssoConfigId'], name: 'sso_user_deactivations_user_config_unique' })\nexport class SsoUserDeactivation {\n  @PrimaryKey({ type: 'uuid', defaultRaw: 'gen_random_uuid()' })\n  id!: string\n\n  @Property({ name: 'tenant_id', type: 'uuid', nullable: true })\n  tenantId?: string | null\n\n  @Property({ name: 'organization_id', type: 'uuid' })\n  organizationId!: string\n\n  @Property({ name: 'user_id', type: 'uuid' })\n  @Index({ name: 'sso_user_deactivations_user_id_idx' })\n  userId!: string\n\n  @Property({ name: 'sso_config_id', type: 'uuid' })\n  ssoConfigId!: string\n\n  @Property({ name: 'deactivated_at', type: Date })\n  deactivatedAt: Date = new Date()\n\n  @Property({ name: 'reactivated_at', type: Date, nullable: true })\n  reactivatedAt?: Date | null\n\n  @Property({ name: 'created_at', type: Date, onCreate: () => new Date() })\n  createdAt: Date = new Date()\n}\n\n@Entity({ tableName: 'scim_provisioning_log' })\n@Index({ name: 'scim_provisioning_log_config_created_idx', properties: ['ssoConfigId', 'createdAt'] })\nexport class ScimProvisioningLog {\n  @PrimaryKey({ type: 'uuid', defaultRaw: 'gen_random_uuid()' })\n  id!: string\n\n  @Property({ name: 'tenant_id', type: 'uuid', nullable: true })\n  tenantId?: string | null\n\n  @Property({ name: 'organization_id', type: 'uuid' })\n  organizationId!: string\n\n  @Property({ name: 'sso_config_id', type: 'uuid' })\n  ssoConfigId!: string\n\n  @Property({ type: 'text' })\n  operation!: string\n\n  @Property({ name: 'resource_type', type: 'text' })\n  resourceType!: string\n\n  @Property({ name: 'resource_id', type: 'uuid', nullable: true })\n  resourceId?: string | null\n\n  @Property({ name: 'scim_external_id', type: 'text', nullable: true })\n  scimExternalId?: string | null\n\n  @Property({ name: 'response_status', type: 'integer' })\n  responseStatus!: number\n\n  @Property({ name: 'error_message', type: 'text', nullable: true })\n  errorMessage?: string | null\n\n  @Property({ name: 'created_at', type: Date, onCreate: () => new Date() })\n  createdAt: Date = new Date()\n}\n\n@Entity({ tableName: 'sso_role_grants' })\n@Unique({ properties: ['userId', 'roleId', 'ssoConfigId'], name: 'sso_role_grants_user_role_config_unique' })\nexport class SsoRoleGrant {\n  @PrimaryKey({ type: 'uuid', defaultRaw: 'gen_random_uuid()' })\n  id!: string\n\n  @Property({ name: 'tenant_id', type: 'uuid', nullable: true })\n  tenantId?: string | null\n\n  @Property({ name: 'organization_id', type: 'uuid' })\n  organizationId!: string\n\n  @Property({ name: 'user_id', type: 'uuid' })\n  @Index({ name: 'sso_role_grants_user_id_idx' })\n  userId!: string\n\n  @Property({ name: 'role_id', type: 'uuid' })\n  roleId!: string\n\n  @Property({ name: 'sso_config_id', type: 'uuid' })\n  ssoConfigId!: string\n\n  @Property({ name: 'created_at', type: Date, onCreate: () => new Date() })\n  createdAt: Date = new Date()\n}\n"],
+  "mappings": ";;;;;;;;;;AAAA,SAAS,QAAQ,YAAY,UAAU,QAAQ,aAAa;AAIrD,IAAM,YAAN,MAAgB;AAAA,EAAhB;AA0BL,0BAA2B,CAAC;AAG5B,sBAAsB;AAGtB,2BAA2B;AAG3B,oBAAoB;AAGpB,uBAAuB;AAGvB,2BAA0C,CAAC;AAG3C,qBAAkB,oBAAI,KAAK;AAG3B,qBAAkB,oBAAI,KAAK;AAAA;AAI7B;AAjDE;AAAA,EADC,WAAW,EAAE,MAAM,QAAQ,YAAY,oBAAoB,CAAC;AAAA,GADlD,UAEX;AAGA;AAAA,EADC,SAAS,EAAE,MAAM,aAAa,MAAM,QAAQ,UAAU,KAAK,CAAC;AAAA,GAJlD,UAKX;AAGA;AAAA,EADC,SAAS,EAAE,MAAM,mBAAmB,MAAM,OAAO,CAAC;AAAA,GAPxC,UAQX;AAGA;AAAA,EADC,SAAS,EAAE,MAAM,QAAQ,UAAU,KAAK,CAAC;AAAA,GAV/B,UAWX;AAGA;AAAA,EADC,SAAS,EAAE,MAAM,OAAO,CAAC;AAAA,GAbf,UAcX;AAGA;AAAA,EADC,SAAS,EAAE,MAAM,QAAQ,UAAU,KAAK,CAAC;AAAA,GAhB/B,UAiBX;AAGA;AAAA,EADC,SAAS,EAAE,MAAM,aAAa,MAAM,QAAQ,UAAU,KAAK,CAAC;AAAA,GAnBlD,UAoBX;AAGA;AAAA,EADC,SAAS,EAAE,MAAM,qBAAqB,MAAM,QAAQ,UAAU,KAAK,CAAC;AAAA,GAtB1D,UAuBX;AAGA;AAAA,EADC,SAAS,EAAE,MAAM,mBAAmB,MAAM,SAAS,SAAS,KAAK,CAAC;AAAA,GAzBxD,UA0BX;AAGA;AAAA,EADC,SAAS,EAAE,MAAM,eAAe,MAAM,WAAW,SAAS,KAAK,CAAC;AAAA,GA5BtD,UA6BX;AAGA;AAAA,EADC,SAAS,EAAE,MAAM,sBAAsB,MAAM,WAAW,SAAS,KAAK,CAAC;AAAA,GA/B7D,UAgCX;AAGA;AAAA,EADC,SAAS,EAAE,MAAM,aAAa,MAAM,WAAW,SAAS,MAAM,CAAC;AAAA,GAlCrD,UAmCX;AAGA;AAAA,EADC,SAAS,EAAE,MAAM,gBAAgB,MAAM,WAAW,SAAS,MAAM,CAAC;AAAA,GArCxD,UAsCX;AAGA;AAAA,EADC,SAAS,EAAE,MAAM,qBAAqB,MAAM,SAAS,SAAS,KAAK,CAAC;AAAA,GAxC1D,UAyCX;AAGA;AAAA,EADC,SAAS,EAAE,MAAM,cAAc,MAAM,MAAM,UAAU,MAAM,oBAAI,KAAK,EAAE,CAAC;AAAA,GA3C7D,UA4CX;AAGA;AAAA,EADC,SAAS,EAAE,MAAM,cAAc,MAAM,MAAM,UAAU,MAAM,oBAAI,KAAK,GAAG,UAAU,MAAM,oBAAI,KAAK,EAAE,CAAC;AAAA,GA9CzF,UA+CX;AAGA;AAAA,EADC,SAAS,EAAE,MAAM,cAAc,MAAM,MAAM,UAAU,KAAK,CAAC;AAAA,GAjDjD,UAkDX;AAlDW,YAAN;AAAA,EAFN,OAAO,EAAE,WAAW,cAAc,CAAC;AAAA,GAEvB;AAuDN,IAAM,cAAN,MAAkB;AAAA,EAAlB;AA4BL,qBAAsB,CAAC;AAevB,qBAAkB,oBAAI,KAAK;AAG3B,qBAAkB,oBAAI,KAAK;AAAA;AAI7B;AAhDE;AAAA,EADC,WAAW,EAAE,MAAM,QAAQ,YAAY,oBAAoB,CAAC;AAAA,GADlD,YAEX;AAGA;AAAA,EADC,SAAS,EAAE,MAAM,aAAa,MAAM,QAAQ,UAAU,KAAK,CAAC;AAAA,GAJlD,YAKX;AAGA;AAAA,EADC,SAAS,EAAE,MAAM,mBAAmB,MAAM,OAAO,CAAC;AAAA,GAPxC,YAQX;AAIA;AAAA,EAFC,SAAS,EAAE,MAAM,iBAAiB,MAAM,OAAO,CAAC;AAAA,EAChD,MAAM,EAAE,MAAM,+BAA+B,CAAC;AAAA,GAXpC,YAYX;AAIA;AAAA,EAFC,SAAS,EAAE,MAAM,WAAW,MAAM,OAAO,CAAC;AAAA,EAC1C,MAAM,EAAE,MAAM,6BAA6B,CAAC;AAAA,GAflC,YAgBX;AAGA;AAAA,EADC,SAAS,EAAE,MAAM,eAAe,MAAM,OAAO,CAAC;AAAA,GAlBpC,YAmBX;AAGA;AAAA,EADC,SAAS,EAAE,MAAM,aAAa,MAAM,OAAO,CAAC;AAAA,GArBlC,YAsBX;AAGA;AAAA,EADC,SAAS,EAAE,MAAM,YAAY,MAAM,QAAQ,UAAU,KAAK,CAAC;AAAA,GAxBjD,YAyBX;AAGA;AAAA,EADC,SAAS,EAAE,MAAM,cAAc,MAAM,SAAS,SAAS,KAAK,CAAC;AAAA,GA3BnD,YA4BX;AAGA;AAAA,EADC,SAAS,EAAE,MAAM,eAAe,MAAM,QAAQ,UAAU,KAAK,CAAC;AAAA,GA9BpD,YA+BX;AAGA;AAAA,EADC,SAAS,EAAE,MAAM,uBAAuB,MAAM,OAAO,CAAC;AAAA,GAjC5C,YAkCX;AAGA;AAAA,EADC,SAAS,EAAE,MAAM,kBAAkB,MAAM,MAAM,UAAU,KAAK,CAAC;AAAA,GApCrD,YAqCX;AAGA;AAAA,EADC,SAAS,EAAE,MAAM,iBAAiB,MAAM,MAAM,UAAU,KAAK,CAAC;AAAA,GAvCpD,YAwCX;AAGA;AAAA,EADC,SAAS,EAAE,MAAM,cAAc,MAAM,MAAM,UAAU,MAAM,oBAAI,KAAK,EAAE,CAAC;AAAA,GA1C7D,YA2CX;AAGA;AAAA,EADC,SAAS,EAAE,MAAM,cAAc,MAAM,MAAM,UAAU,MAAM,oBAAI,KAAK,GAAG,UAAU,MAAM,oBAAI,KAAK,EAAE,CAAC;AAAA,GA7CzF,YA8CX;AAGA;AAAA,EADC,SAAS,EAAE,MAAM,cAAc,MAAM,MAAM,UAAU,KAAK,CAAC;AAAA,GAhDjD,YAiDX;AAjDW,cAAN;AAAA,EAFN,OAAO,EAAE,WAAW,iBAAiB,CAAC;AAAA,GAE1B;AAsDN,IAAM,YAAN,MAAgB;AAAA,EAAhB;AAwBL,oBAAoB;AAMpB,qBAAkB,oBAAI,KAAK;AAG3B,qBAAkB,oBAAI,KAAK;AAAA;AAC7B;AAhCE;AAAA,EADC,WAAW,EAAE,MAAM,QAAQ,YAAY,oBAAoB,CAAC;AAAA,GADlD,UAEX;AAGA;AAAA,EADC,SAAS,EAAE,MAAM,aAAa,MAAM,QAAQ,UAAU,KAAK,CAAC;AAAA,GAJlD,UAKX;AAGA;AAAA,EADC,SAAS,EAAE,MAAM,mBAAmB,MAAM,OAAO,CAAC;AAAA,GAPxC,UAQX;AAIA;AAAA,EAFC,SAAS,EAAE,MAAM,iBAAiB,MAAM,OAAO,CAAC;AAAA,EAChD,MAAM,EAAE,MAAM,gCAAgC,CAAC;AAAA,GAXrC,UAYX;AAGA;AAAA,EADC,SAAS,EAAE,MAAM,OAAO,CAAC;AAAA,GAdf,UAeX;AAGA;AAAA,EADC,SAAS,EAAE,MAAM,cAAc,MAAM,OAAO,CAAC;AAAA,GAjBnC,UAkBX;AAGA;AAAA,EADC,SAAS,EAAE,MAAM,gBAAgB,MAAM,OAAO,CAAC;AAAA,GApBrC,UAqBX;AAGA;AAAA,EADC,SAAS,EAAE,MAAM,aAAa,MAAM,WAAW,SAAS,KAAK,CAAC;AAAA,GAvBpD,UAwBX;AAGA;AAAA,EADC,SAAS,EAAE,MAAM,cAAc,MAAM,QAAQ,UAAU,KAAK,CAAC;AAAA,GA1BnD,UA2BX;AAGA;AAAA,EADC,SAAS,EAAE,MAAM,cAAc,MAAM,MAAM,UAAU,MAAM,oBAAI,KAAK,EAAE,CAAC;AAAA,GA7B7D,UA8BX;AAGA;AAAA,EADC,SAAS,EAAE,MAAM,cAAc,MAAM,MAAM,UAAU,MAAM,oBAAI,KAAK,GAAG,UAAU,MAAM,oBAAI,KAAK,EAAE,CAAC;AAAA,GAhCzF,UAiCX;AAjCW,YAAN;AAAA,EAFN,OAAO,EAAE,WAAW,cAAc,CAAC;AAAA,EACnC,MAAM,EAAE,MAAM,gCAAgC,YAAY,CAAC,aAAa,EAAE,CAAC;AAAA,GAC/D;AAsCN,IAAM,sBAAN,MAA0B;AAAA,EAA1B;AAkBL,yBAAsB,oBAAI,KAAK;AAM/B,qBAAkB,oBAAI,KAAK;AAAA;AAC7B;AAvBE;AAAA,EADC,WAAW,EAAE,MAAM,QAAQ,YAAY,oBAAoB,CAAC;AAAA,GADlD,oBAEX;AAGA;AAAA,EADC,SAAS,EAAE,MAAM,aAAa,MAAM,QAAQ,UAAU,KAAK,CAAC;AAAA,GAJlD,oBAKX;AAGA;AAAA,EADC,SAAS,EAAE,MAAM,mBAAmB,MAAM,OAAO,CAAC;AAAA,GAPxC,oBAQX;AAIA;AAAA,EAFC,SAAS,EAAE,MAAM,WAAW,MAAM,OAAO,CAAC;AAAA,EAC1C,MAAM,EAAE,MAAM,qCAAqC,CAAC;AAAA,GAX1C,oBAYX;AAGA;AAAA,EADC,SAAS,EAAE,MAAM,iBAAiB,MAAM,OAAO,CAAC;AAAA,GAdtC,oBAeX;AAGA;AAAA,EADC,SAAS,EAAE,MAAM,kBAAkB,MAAM,KAAK,CAAC;AAAA,GAjBrC,oBAkBX;AAGA;AAAA,EADC,SAAS,EAAE,MAAM,kBAAkB,MAAM,MAAM,UAAU,KAAK,CAAC;AAAA,GApBrD,oBAqBX;AAGA;AAAA,EADC,SAAS,EAAE,MAAM,cAAc,MAAM,MAAM,UAAU,MAAM,oBAAI,KAAK,EAAE,CAAC;AAAA,GAvB7D,oBAwBX;AAxBW,sBAAN;AAAA,EAFN,OAAO,EAAE,WAAW,yBAAyB,CAAC;AAAA,EAC9C,OAAO,EAAE,YAAY,CAAC,UAAU,aAAa,GAAG,MAAM,4CAA4C,CAAC;AAAA,GACvF;AA6BN,IAAM,sBAAN,MAA0B;AAAA,EAA1B;AAgCL,qBAAkB,oBAAI,KAAK;AAAA;AAC7B;AA/BE;AAAA,EADC,WAAW,EAAE,MAAM,QAAQ,YAAY,oBAAoB,CAAC;AAAA,GADlD,oBAEX;AAGA;AAAA,EADC,SAAS,EAAE,MAAM,aAAa,MAAM,QAAQ,UAAU,KAAK,CAAC;AAAA,GAJlD,oBAKX;AAGA;AAAA,EADC,SAAS,EAAE,MAAM,mBAAmB,MAAM,OAAO,CAAC;AAAA,GAPxC,oBAQX;AAGA;AAAA,EADC,SAAS,EAAE,MAAM,iBAAiB,MAAM,OAAO,CAAC;AAAA,GAVtC,oBAWX;AAGA;AAAA,EADC,SAAS,EAAE,MAAM,OAAO,CAAC;AAAA,GAbf,oBAcX;AAGA;AAAA,EADC,SAAS,EAAE,MAAM,iBAAiB,MAAM,OAAO,CAAC;AAAA,GAhBtC,oBAiBX;AAGA;AAAA,EADC,SAAS,EAAE,MAAM,eAAe,MAAM,QAAQ,UAAU,KAAK,CAAC;AAAA,GAnBpD,oBAoBX;AAGA;AAAA,EADC,SAAS,EAAE,MAAM,oBAAoB,MAAM,QAAQ,UAAU,KAAK,CAAC;AAAA,GAtBzD,oBAuBX;AAGA;AAAA,EADC,SAAS,EAAE,MAAM,mBAAmB,MAAM,UAAU,CAAC;AAAA,GAzB3C,oBA0BX;AAGA;AAAA,EADC,SAAS,EAAE,MAAM,iBAAiB,MAAM,QAAQ,UAAU,KAAK,CAAC;AAAA,GA5BtD,oBA6BX;AAGA;AAAA,EADC,SAAS,EAAE,MAAM,cAAc,MAAM,MAAM,UAAU,MAAM,oBAAI,KAAK,EAAE,CAAC;AAAA,GA/B7D,oBAgCX;AAhCW,sBAAN;AAAA,EAFN,OAAO,EAAE,WAAW,wBAAwB,CAAC;AAAA,EAC7C,MAAM,EAAE,MAAM,4CAA4C,YAAY,CAAC,eAAe,WAAW,EAAE,CAAC;AAAA,GACxF;AAqCN,IAAM,eAAN,MAAmB;AAAA,EAAnB;AAqBL,qBAAkB,oBAAI,KAAK;AAAA;AAC7B;AApBE;AAAA,EADC,WAAW,EAAE,MAAM,QAAQ,YAAY,oBAAoB,CAAC;AAAA,GADlD,aAEX;AAGA;AAAA,EADC,SAAS,EAAE,MAAM,aAAa,MAAM,QAAQ,UAAU,KAAK,CAAC;AAAA,GAJlD,aAKX;AAGA;AAAA,EADC,SAAS,EAAE,MAAM,mBAAmB,MAAM,OAAO,CAAC;AAAA,GAPxC,aAQX;AAIA;AAAA,EAFC,SAAS,EAAE,MAAM,WAAW,MAAM,OAAO,CAAC;AAAA,EAC1C,MAAM,EAAE,MAAM,8BAA8B,CAAC;AAAA,GAXnC,aAYX;AAGA;AAAA,EADC,SAAS,EAAE,MAAM,WAAW,MAAM,OAAO,CAAC;AAAA,GAdhC,aAeX;AAGA;AAAA,EADC,SAAS,EAAE,MAAM,iBAAiB,MAAM,OAAO,CAAC;AAAA,GAjBtC,aAkBX;AAGA;AAAA,EADC,SAAS,EAAE,MAAM,cAAc,MAAM,MAAM,UAAU,MAAM,oBAAI,KAAK,EAAE,CAAC;AAAA,GApB7D,aAqBX;AArBW,eAAN;AAAA,EAFN,OAAO,EAAE,WAAW,kBAAkB,CAAC;AAAA,EACvC,OAAO,EAAE,YAAY,CAAC,UAAU,UAAU,aAAa,GAAG,MAAM,0CAA0C,CAAC;AAAA,GAC/F;",
+  "names": []
+}

package/dist/modules/sso/data/validators.js

@@ -0,0 +1,114 @@
+import { z } from "zod";
+import { validateDomain } from "../lib/domains.js";
+const uuid = () => z.string().uuid();
+const domainString = () => z.string().trim().min(1).max(253).refine(
+  (val) => validateDomain(val).valid,
+  { message: "Invalid domain format \u2014 only valid DNS hostnames with at least one dot are accepted" }
+);
+const ssoConfigCreateSchema = z.object({
+  organizationId: uuid(),
+  tenantId: uuid().optional(),
+  protocol: z.enum(["oidc", "saml"]),
+  issuer: z.string().url().optional(),
+  clientId: z.string().min(1).optional(),
+  clientSecret: z.string().min(1).optional(),
+  allowedDomains: z.array(domainString()).default([]),
+  jitEnabled: z.boolean().default(true),
+  autoLinkByEmail: z.boolean().default(true),
+  isActive: z.boolean().default(false),
+  ssoRequired: z.boolean().default(false),
+  appRoleMappings: z.record(z.string().min(1).max(255), z.string().min(1).max(255)).default({})
+});
+const ssoConfigUpdateSchema = z.object({
+  id: uuid()
+}).merge(ssoConfigCreateSchema.partial().omit({ organizationId: true, tenantId: true }));
+const hrdRequestSchema = z.object({
+  email: z.string().email()
+});
+const ssoInitiateSchema = z.object({
+  configId: uuid(),
+  returnUrl: z.string().max(2048).refine(
+    (val) => val.startsWith("/") && !val.startsWith("//"),
+    { message: "returnUrl must be a relative path starting with / and must not start with //" }
+  ).optional()
+});
+const oidcCallbackSchema = z.object({
+  code: z.string().min(1),
+  state: z.string().min(1)
+});
+const ssoConfigAdminCreateSchema = z.object({
+  name: z.string().min(1).max(255),
+  organizationId: uuid().optional(),
+  tenantId: uuid().optional(),
+  protocol: z.enum(["oidc", "saml"]),
+  issuer: z.string().url(),
+  clientId: z.string().min(1),
+  clientSecret: z.string().min(1),
+  allowedDomains: z.array(domainString()).default([]),
+  jitEnabled: z.boolean().default(true),
+  autoLinkByEmail: z.boolean().default(true),
+  appRoleMappings: z.record(z.string().min(1).max(255), z.string().min(1).max(255)).default({})
+});
+const ssoConfigAdminUpdateSchema = z.object({
+  name: z.string().min(1).max(255).optional(),
+  protocol: z.enum(["oidc", "saml"]).optional(),
+  issuer: z.string().url().optional(),
+  clientId: z.string().min(1).optional(),
+  clientSecret: z.string().min(1).optional(),
+  jitEnabled: z.boolean().optional(),
+  autoLinkByEmail: z.boolean().optional(),
+  appRoleMappings: z.record(z.string().min(1).max(255), z.string().min(1).max(255)).optional()
+});
+const ssoConfigListQuerySchema = z.object({
+  page: z.coerce.number().min(1).default(1),
+  pageSize: z.coerce.number().min(1).max(100).default(50),
+  search: z.string().optional(),
+  organizationId: uuid().optional(),
+  tenantId: uuid().optional()
+});
+const ssoDomainAddSchema = z.object({
+  domain: domainString()
+});
+const ssoActivateSchema = z.object({
+  active: z.boolean()
+});
+const scimUserPayloadSchema = z.object({
+  schemas: z.array(z.string()).optional(),
+  userName: z.string().min(1).max(255),
+  externalId: z.string().max(255).optional(),
+  displayName: z.string().max(255).optional(),
+  active: z.union([z.boolean(), z.string()]).optional(),
+  name: z.object({
+    givenName: z.string().max(255).optional(),
+    familyName: z.string().max(255).optional(),
+    formatted: z.string().max(512).optional()
+  }).optional(),
+  emails: z.array(z.object({
+    value: z.string().email(),
+    primary: z.boolean().optional(),
+    type: z.string().optional()
+  })).optional()
+}).passthrough();
+const createScimTokenSchema = z.object({
+  ssoConfigId: uuid(),
+  name: z.string().min(1).max(100)
+});
+const scimTokenListSchema = z.object({
+  ssoConfigId: uuid()
+});
+export {
+  createScimTokenSchema,
+  hrdRequestSchema,
+  oidcCallbackSchema,
+  scimTokenListSchema,
+  scimUserPayloadSchema,
+  ssoActivateSchema,
+  ssoConfigAdminCreateSchema,
+  ssoConfigAdminUpdateSchema,
+  ssoConfigCreateSchema,
+  ssoConfigListQuerySchema,
+  ssoConfigUpdateSchema,
+  ssoDomainAddSchema,
+  ssoInitiateSchema
+};
+//# sourceMappingURL=validators.js.map

package/dist/modules/sso/data/validators.js.map

@@ -0,0 +1,7 @@
+{
+  "version": 3,
+  "sources": ["../../../../src/modules/sso/data/validators.ts"],
+  "sourcesContent": ["import { z } from 'zod'\nimport { validateDomain } from '../lib/domains'\n\nconst uuid = () => z.string().uuid()\n\nconst domainString = () =>\n  z.string().trim().min(1).max(253).refine(\n    (val) => validateDomain(val).valid,\n    { message: 'Invalid domain format \u2014 only valid DNS hostnames with at least one dot are accepted' },\n  )\n\n// --- SSO Config schema (for internal use / seeding) ---\n\nexport const ssoConfigCreateSchema = z.object({\n  organizationId: uuid(),\n  tenantId: uuid().optional(),\n  protocol: z.enum(['oidc', 'saml']),\n  issuer: z.string().url().optional(),\n  clientId: z.string().min(1).optional(),\n  clientSecret: z.string().min(1).optional(),\n  allowedDomains: z.array(domainString()).default([]),\n  jitEnabled: z.boolean().default(true),\n  autoLinkByEmail: z.boolean().default(true),\n  isActive: z.boolean().default(false),\n  ssoRequired: z.boolean().default(false),\n  appRoleMappings: z.record(z.string().min(1).max(255), z.string().min(1).max(255)).default({}),\n})\n\nexport const ssoConfigUpdateSchema = z\n  .object({\n    id: uuid(),\n  })\n  .merge(ssoConfigCreateSchema.partial().omit({ organizationId: true, tenantId: true }))\n\n// --- API request schemas ---\n\nexport const hrdRequestSchema = z.object({\n  email: z.string().email(),\n})\n\nexport const ssoInitiateSchema = z.object({\n  configId: uuid(),\n  returnUrl: z.string().max(2048).refine(\n    (val) => val.startsWith('/') && !val.startsWith('//'),\n    { message: 'returnUrl must be a relative path starting with / and must not start with //' },\n  ).optional(),\n})\n\nexport const oidcCallbackSchema = z.object({\n  code: z.string().min(1),\n  state: z.string().min(1),\n})\n\n// --- Admin API schemas ---\n\nexport const ssoConfigAdminCreateSchema = z.object({\n  name: z.string().min(1).max(255),\n  organizationId: uuid().optional(),\n  tenantId: uuid().optional(),\n  protocol: z.enum(['oidc', 'saml']),\n  issuer: z.string().url(),\n  clientId: z.string().min(1),\n  clientSecret: z.string().min(1),\n  allowedDomains: z.array(domainString()).default([]),\n  jitEnabled: z.boolean().default(true),\n  autoLinkByEmail: z.boolean().default(true),\n  appRoleMappings: z.record(z.string().min(1).max(255), z.string().min(1).max(255)).default({}),\n})\n\nexport const ssoConfigAdminUpdateSchema = z.object({\n  name: z.string().min(1).max(255).optional(),\n  protocol: z.enum(['oidc', 'saml']).optional(),\n  issuer: z.string().url().optional(),\n  clientId: z.string().min(1).optional(),\n  clientSecret: z.string().min(1).optional(),\n  jitEnabled: z.boolean().optional(),\n  autoLinkByEmail: z.boolean().optional(),\n  appRoleMappings: z.record(z.string().min(1).max(255), z.string().min(1).max(255)).optional(),\n})\n\nexport const ssoConfigListQuerySchema = z.object({\n  page: z.coerce.number().min(1).default(1),\n  pageSize: z.coerce.number().min(1).max(100).default(50),\n  search: z.string().optional(),\n  organizationId: uuid().optional(),\n  tenantId: uuid().optional(),\n})\n\nexport const ssoDomainAddSchema = z.object({\n  domain: domainString(),\n})\n\nexport const ssoActivateSchema = z.object({\n  active: z.boolean(),\n})\n\n// --- SCIM User payload schema ---\n\nexport const scimUserPayloadSchema = z.object({\n  schemas: z.array(z.string()).optional(),\n  userName: z.string().min(1).max(255),\n  externalId: z.string().max(255).optional(),\n  displayName: z.string().max(255).optional(),\n  active: z.union([z.boolean(), z.string()]).optional(),\n  name: z.object({\n    givenName: z.string().max(255).optional(),\n    familyName: z.string().max(255).optional(),\n    formatted: z.string().max(512).optional(),\n  }).optional(),\n  emails: z.array(z.object({\n    value: z.string().email(),\n    primary: z.boolean().optional(),\n    type: z.string().optional(),\n  })).optional(),\n}).passthrough()\n\n// --- SCIM Token schemas ---\n\nexport const createScimTokenSchema = z.object({\n  ssoConfigId: uuid(),\n  name: z.string().min(1).max(100),\n})\n\nexport const scimTokenListSchema = z.object({\n  ssoConfigId: uuid(),\n})\n\n// --- Type exports ---\n\nexport type SsoConfigCreateInput = z.infer<typeof ssoConfigCreateSchema>\nexport type SsoConfigUpdateInput = z.infer<typeof ssoConfigUpdateSchema>\nexport type SsoConfigAdminCreateInput = z.infer<typeof ssoConfigAdminCreateSchema>\nexport type SsoConfigAdminUpdateInput = z.infer<typeof ssoConfigAdminUpdateSchema>\nexport type SsoConfigListQuery = z.infer<typeof ssoConfigListQuerySchema>\nexport type HrdRequestInput = z.infer<typeof hrdRequestSchema>\nexport type SsoInitiateInput = z.infer<typeof ssoInitiateSchema>\nexport type OidcCallbackInput = z.infer<typeof oidcCallbackSchema>\nexport type ScimUserPayloadInput = z.infer<typeof scimUserPayloadSchema>\nexport type CreateScimTokenInput = z.infer<typeof createScimTokenSchema>\nexport type ScimTokenListInput = z.infer<typeof scimTokenListSchema>\n"],
+  "mappings": "AAAA,SAAS,SAAS;AAClB,SAAS,sBAAsB;AAE/B,MAAM,OAAO,MAAM,EAAE,OAAO,EAAE,KAAK;AAEnC,MAAM,eAAe,MACnB,EAAE,OAAO,EAAE,KAAK,EAAE,IAAI,CAAC,EAAE,IAAI,GAAG,EAAE;AAAA,EAChC,CAAC,QAAQ,eAAe,GAAG,EAAE;AAAA,EAC7B,EAAE,SAAS,2FAAsF;AACnG;AAIK,MAAM,wBAAwB,EAAE,OAAO;AAAA,EAC5C,gBAAgB,KAAK;AAAA,EACrB,UAAU,KAAK,EAAE,SAAS;AAAA,EAC1B,UAAU,EAAE,KAAK,CAAC,QAAQ,MAAM,CAAC;AAAA,EACjC,QAAQ,EAAE,OAAO,EAAE,IAAI,EAAE,SAAS;AAAA,EAClC,UAAU,EAAE,OAAO,EAAE,IAAI,CAAC,EAAE,SAAS;AAAA,EACrC,cAAc,EAAE,OAAO,EAAE,IAAI,CAAC,EAAE,SAAS;AAAA,EACzC,gBAAgB,EAAE,MAAM,aAAa,CAAC,EAAE,QAAQ,CAAC,CAAC;AAAA,EAClD,YAAY,EAAE,QAAQ,EAAE,QAAQ,IAAI;AAAA,EACpC,iBAAiB,EAAE,QAAQ,EAAE,QAAQ,IAAI;AAAA,EACzC,UAAU,EAAE,QAAQ,EAAE,QAAQ,KAAK;AAAA,EACnC,aAAa,EAAE,QAAQ,EAAE,QAAQ,KAAK;AAAA,EACtC,iBAAiB,EAAE,OAAO,EAAE,OAAO,EAAE,IAAI,CAAC,EAAE,IAAI,GAAG,GAAG,EAAE,OAAO,EAAE,IAAI,CAAC,EAAE,IAAI,GAAG,CAAC,EAAE,QAAQ,CAAC,CAAC;AAC9F,CAAC;AAEM,MAAM,wBAAwB,EAClC,OAAO;AAAA,EACN,IAAI,KAAK;AACX,CAAC,EACA,MAAM,sBAAsB,QAAQ,EAAE,KAAK,EAAE,gBAAgB,MAAM,UAAU,KAAK,CAAC,CAAC;AAIhF,MAAM,mBAAmB,EAAE,OAAO;AAAA,EACvC,OAAO,EAAE,OAAO,EAAE,MAAM;AAC1B,CAAC;AAEM,MAAM,oBAAoB,EAAE,OAAO;AAAA,EACxC,UAAU,KAAK;AAAA,EACf,WAAW,EAAE,OAAO,EAAE,IAAI,IAAI,EAAE;AAAA,IAC9B,CAAC,QAAQ,IAAI,WAAW,GAAG,KAAK,CAAC,IAAI,WAAW,IAAI;AAAA,IACpD,EAAE,SAAS,+EAA+E;AAAA,EAC5F,EAAE,SAAS;AACb,CAAC;AAEM,MAAM,qBAAqB,EAAE,OAAO;AAAA,EACzC,MAAM,EAAE,OAAO,EAAE,IAAI,CAAC;AAAA,EACtB,OAAO,EAAE,OAAO,EAAE,IAAI,CAAC;AACzB,CAAC;AAIM,MAAM,6BAA6B,EAAE,OAAO;AAAA,EACjD,MAAM,EAAE,OAAO,EAAE,IAAI,CAAC,EAAE,IAAI,GAAG;AAAA,EAC/B,gBAAgB,KAAK,EAAE,SAAS;AAAA,EAChC,UAAU,KAAK,EAAE,SAAS;AAAA,EAC1B,UAAU,EAAE,KAAK,CAAC,QAAQ,MAAM,CAAC;AAAA,EACjC,QAAQ,EAAE,OAAO,EAAE,IAAI;AAAA,EACvB,UAAU,EAAE,OAAO,EAAE,IAAI,CAAC;AAAA,EAC1B,cAAc,EAAE,OAAO,EAAE,IAAI,CAAC;AAAA,EAC9B,gBAAgB,EAAE,MAAM,aAAa,CAAC,EAAE,QAAQ,CAAC,CAAC;AAAA,EAClD,YAAY,EAAE,QAAQ,EAAE,QAAQ,IAAI;AAAA,EACpC,iBAAiB,EAAE,QAAQ,EAAE,QAAQ,IAAI;AAAA,EACzC,iBAAiB,EAAE,OAAO,EAAE,OAAO,EAAE,IAAI,CAAC,EAAE,IAAI,GAAG,GAAG,EAAE,OAAO,EAAE,IAAI,CAAC,EAAE,IAAI,GAAG,CAAC,EAAE,QAAQ,CAAC,CAAC;AAC9F,CAAC;AAEM,MAAM,6BAA6B,EAAE,OAAO;AAAA,EACjD,MAAM,EAAE,OAAO,EAAE,IAAI,CAAC,EAAE,IAAI,GAAG,EAAE,SAAS;AAAA,EAC1C,UAAU,EAAE,KAAK,CAAC,QAAQ,MAAM,CAAC,EAAE,SAAS;AAAA,EAC5C,QAAQ,EAAE,OAAO,EAAE,IAAI,EAAE,SAAS;AAAA,EAClC,UAAU,EAAE,OAAO,EAAE,IAAI,CAAC,EAAE,SAAS;AAAA,EACrC,cAAc,EAAE,OAAO,EAAE,IAAI,CAAC,EAAE,SAAS;AAAA,EACzC,YAAY,EAAE,QAAQ,EAAE,SAAS;AAAA,EACjC,iBAAiB,EAAE,QAAQ,EAAE,SAAS;AAAA,EACtC,iBAAiB,EAAE,OAAO,EAAE,OAAO,EAAE,IAAI,CAAC,EAAE,IAAI,GAAG,GAAG,EAAE,OAAO,EAAE,IAAI,CAAC,EAAE,IAAI,GAAG,CAAC,EAAE,SAAS;AAC7F,CAAC;AAEM,MAAM,2BAA2B,EAAE,OAAO;AAAA,EAC/C,MAAM,EAAE,OAAO,OAAO,EAAE,IAAI,CAAC,EAAE,QAAQ,CAAC;AAAA,EACxC,UAAU,EAAE,OAAO,OAAO,EAAE,IAAI,CAAC,EAAE,IAAI,GAAG,EAAE,QAAQ,EAAE;AAAA,EACtD,QAAQ,EAAE,OAAO,EAAE,SAAS;AAAA,EAC5B,gBAAgB,KAAK,EAAE,SAAS;AAAA,EAChC,UAAU,KAAK,EAAE,SAAS;AAC5B,CAAC;AAEM,MAAM,qBAAqB,EAAE,OAAO;AAAA,EACzC,QAAQ,aAAa;AACvB,CAAC;AAEM,MAAM,oBAAoB,EAAE,OAAO;AAAA,EACxC,QAAQ,EAAE,QAAQ;AACpB,CAAC;AAIM,MAAM,wBAAwB,EAAE,OAAO;AAAA,EAC5C,SAAS,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,SAAS;AAAA,EACtC,UAAU,EAAE,OAAO,EAAE,IAAI,CAAC,EAAE,IAAI,GAAG;AAAA,EACnC,YAAY,EAAE,OAAO,EAAE,IAAI,GAAG,EAAE,SAAS;AAAA,EACzC,aAAa,EAAE,OAAO,EAAE,IAAI,GAAG,EAAE,SAAS;AAAA,EAC1C,QAAQ,EAAE,MAAM,CAAC,EAAE,QAAQ,GAAG,EAAE,OAAO,CAAC,CAAC,EAAE,SAAS;AAAA,EACpD,MAAM,EAAE,OAAO;AAAA,IACb,WAAW,EAAE,OAAO,EAAE,IAAI,GAAG,EAAE,SAAS;AAAA,IACxC,YAAY,EAAE,OAAO,EAAE,IAAI,GAAG,EAAE,SAAS;AAAA,IACzC,WAAW,EAAE,OAAO,EAAE,IAAI,GAAG,EAAE,SAAS;AAAA,EAC1C,CAAC,EAAE,SAAS;AAAA,EACZ,QAAQ,EAAE,MAAM,EAAE,OAAO;AAAA,IACvB,OAAO,EAAE,OAAO,EAAE,MAAM;AAAA,IACxB,SAAS,EAAE,QAAQ,EAAE,SAAS;AAAA,IAC9B,MAAM,EAAE,OAAO,EAAE,SAAS;AAAA,EAC5B,CAAC,CAAC,EAAE,SAAS;AACf,CAAC,EAAE,YAAY;AAIR,MAAM,wBAAwB,EAAE,OAAO;AAAA,EAC5C,aAAa,KAAK;AAAA,EAClB,MAAM,EAAE,OAAO,EAAE,IAAI,CAAC,EAAE,IAAI,GAAG;AACjC,CAAC;AAEM,MAAM,sBAAsB,EAAE,OAAO;AAAA,EAC1C,aAAa,KAAK;AACpB,CAAC;",
+  "names": []
+}

package/dist/modules/sso/di.js

@@ -0,0 +1,26 @@
+import { asClass, asValue } from "awilix";
+import { SsoProviderRegistry } from "./lib/registry.js";
+import { OidcProvider } from "./lib/oidc-provider.js";
+import { SsoService } from "./services/ssoService.js";
+import { AccountLinkingService } from "./services/accountLinkingService.js";
+import { SsoConfigService } from "./services/ssoConfigService.js";
+import { HrdService } from "./services/hrdService.js";
+import { ScimTokenService } from "./services/scimTokenService.js";
+import { ScimService } from "./services/scimService.js";
+function register(container) {
+  const registry = new SsoProviderRegistry();
+  registry.register(new OidcProvider());
+  container.register({
+    ssoProviderRegistry: asValue(registry),
+    ssoService: asClass(SsoService).scoped(),
+    accountLinkingService: asClass(AccountLinkingService).scoped(),
+    ssoConfigService: asClass(SsoConfigService).scoped(),
+    hrdService: asClass(HrdService).scoped(),
+    scimTokenService: asClass(ScimTokenService).scoped(),
+    scimService: asClass(ScimService).scoped()
+  });
+}
+export {
+  register
+};
+//# sourceMappingURL=di.js.map

package/dist/modules/sso/di.js.map

@@ -0,0 +1,7 @@
+{
+  "version": 3,
+  "sources": ["../../../src/modules/sso/di.ts"],
+  "sourcesContent": ["import { asClass, asValue } from 'awilix'\nimport type { AppContainer } from '@open-mercato/shared/lib/di/container'\nimport { SsoProviderRegistry } from './lib/registry'\nimport { OidcProvider } from './lib/oidc-provider'\nimport { SsoService } from './services/ssoService'\nimport { AccountLinkingService } from './services/accountLinkingService'\nimport { SsoConfigService } from './services/ssoConfigService'\nimport { HrdService } from './services/hrdService'\nimport { ScimTokenService } from './services/scimTokenService'\nimport { ScimService } from './services/scimService'\n\nexport function register(container: AppContainer) {\n  const registry = new SsoProviderRegistry()\n  registry.register(new OidcProvider())\n\n  container.register({\n    ssoProviderRegistry: asValue(registry),\n    ssoService: asClass(SsoService).scoped(),\n    accountLinkingService: asClass(AccountLinkingService).scoped(),\n    ssoConfigService: asClass(SsoConfigService).scoped(),\n    hrdService: asClass(HrdService).scoped(),\n    scimTokenService: asClass(ScimTokenService).scoped(),\n    scimService: asClass(ScimService).scoped(),\n  })\n}\n"],
+  "mappings": "AAAA,SAAS,SAAS,eAAe;AAEjC,SAAS,2BAA2B;AACpC,SAAS,oBAAoB;AAC7B,SAAS,kBAAkB;AAC3B,SAAS,6BAA6B;AACtC,SAAS,wBAAwB;AACjC,SAAS,kBAAkB;AAC3B,SAAS,wBAAwB;AACjC,SAAS,mBAAmB;AAErB,SAAS,SAAS,WAAyB;AAChD,QAAM,WAAW,IAAI,oBAAoB;AACzC,WAAS,SAAS,IAAI,aAAa,CAAC;AAEpC,YAAU,SAAS;AAAA,IACjB,qBAAqB,QAAQ,QAAQ;AAAA,IACrC,YAAY,QAAQ,UAAU,EAAE,OAAO;AAAA,IACvC,uBAAuB,QAAQ,qBAAqB,EAAE,OAAO;AAAA,IAC7D,kBAAkB,QAAQ,gBAAgB,EAAE,OAAO;AAAA,IACnD,YAAY,QAAQ,UAAU,EAAE,OAAO;AAAA,IACvC,kBAAkB,QAAQ,gBAAgB,EAAE,OAAO;AAAA,IACnD,aAAa,QAAQ,WAAW,EAAE,OAAO;AAAA,EAC3C,CAAC;AACH;",
+  "names": []
+}