feat: Implement OIDC authentication with JWT token handling and dynamic auth configuration

2026-01-06 21:10:57 +01:00
parent a5f9e8ae9e
commit 3d9c72a7ef
17 changed files with 265 additions and 75 deletions
--- a/k-notes-frontend/src/pages/login.tsx
+++ b/k-notes-frontend/src/pages/login.tsx
@@ -1,11 +1,11 @@
 import { useState } from "react";
 import { useForm } from "react-hook-form";
-import { Settings } from "lucide-react";
+import { Settings, ExternalLink } from "lucide-react";
 import { SettingsDialog } from "@/components/settings-dialog";
 import { zodResolver } from "@hookform/resolvers/zod";
 import { z } from "zod";
 import { Link } from "react-router-dom";
-import { useLogin } from "@/hooks/use-auth";
+import { useLogin, useOidcLogin } from "@/hooks/use-auth";
 import { useConfig } from "@/hooks/useConfig";
 import { Button } from "@/components/ui/button";
 import { Input } from "@/components/ui/input";
@@ -26,6 +26,7 @@ export default function LoginPage() {
  const { mutate: login, isPending } = useLogin();
  const { data: config } = useConfig();
  const { t } = useTranslation();
+  const startOidcLogin = useOidcLogin();

  const form = useForm<LoginFormValues>({
    resolver: zodResolver(loginSchema),
@@ -63,40 +64,71 @@ export default function LoginPage() {
            {t("Enter your email to sign in to your account")}
          </CardDescription>
        </CardHeader>
-        <CardContent>
-          <Form {...form}>
-            <form onSubmit={form.handleSubmit(onSubmit)} className="space-y-4">
-              <FormField
-                control={form.control}
-                name="email"
-                render={({ field }) => (
-                  <FormItem>
-                    <FormLabel>{t("Email")}</FormLabel>
-                    <FormControl>
-                      <Input placeholder="name@example.com" {...field} />
-                    </FormControl>
-                    <FormMessage />
-                  </FormItem>
-                )}
-              />
-              <FormField
-                control={form.control}
-                name="password"
-                render={({ field }) => (
-                  <FormItem>
-                    <FormLabel>{t("Password")}</FormLabel>
-                    <FormControl>
-                      <Input type="password" {...field} />
-                    </FormControl>
-                    <FormMessage />
-                  </FormItem>
-                )}
-              />
-              <Button type="submit" className="w-full" disabled={isPending}>
-                {isPending ? t("Signing in...") : t("Sign in")}
+        <CardContent className="space-y-4">
+          {/* OIDC/SSO Login Button */}
+          {config?.oidc_enabled && (
+            <>
+              <Button
+                type="button"
+                variant="outline"
+                className="w-full"
+                onClick={startOidcLogin}
+              >
+                <ExternalLink className="mr-2 h-4 w-4" />
+                {t("Sign in with SSO")}
              </Button>
-            </form>
-          </Form>
+              {/* Divider only if both OIDC and password login are enabled */}
+              {config?.password_login_enabled && (
+                <div className="relative">
+                  <div className="absolute inset-0 flex items-center">
+                    <span className="w-full border-t" />
+                  </div>
+                  <div className="relative flex justify-center text-xs uppercase">
+                    <span className="bg-background px-2 text-muted-foreground">
+                      {t("Or continue with")}
+                    </span>
+                  </div>
+                </div>
+              )}
+            </>
+          )}
+
+          {/* Email/Password Form - only show if password login is enabled */}
+          {config?.password_login_enabled !== false && (
+            <Form {...form}>
+              <form onSubmit={form.handleSubmit(onSubmit)} className="space-y-4">
+                <FormField
+                  control={form.control}
+                  name="email"
+                  render={({ field }) => (
+                    <FormItem>
+                      <FormLabel>{t("Email")}</FormLabel>
+                      <FormControl>
+                        <Input placeholder="name@example.com" {...field} />
+                      </FormControl>
+                      <FormMessage />
+                    </FormItem>
+                  )}
+                />
+                <FormField
+                  control={form.control}
+                  name="password"
+                  render={({ field }) => (
+                    <FormItem>
+                      <FormLabel>{t("Password")}</FormLabel>
+                      <FormControl>
+                        <Input type="password" {...field} />
+                      </FormControl>
+                      <FormMessage />
+                    </FormItem>
+                  )}
+                />
+                <Button type="submit" className="w-full" disabled={isPending}>
+                  {isPending ? t("Signing in...") : t("Sign in")}
+                </Button>
+              </form>
+            </Form>
+          )}
        </CardContent>
        <CardFooter className="flex justify-center">
          {config?.allow_registration !== false && (
@@ -113,3 +145,4 @@ export default function LoginPage() {
    </div>
  );
 }
+