Feat: OIDC PKCE flow (#14407)

* feat: Add client config interface * chore: update submodule hashes * refactor: Fix interface name chore: submodule hashes * chore: Add data migration for adding grant-type * fix: Change height & fontSize of dropdown * chore: update submodule hash * chore: update submodule hash * resolve conflicts * chore: update version to 3.20.29-lts across all components --------- Co-authored-by: gsmithun4 <gsmithun4@gmail.com>
2026-05-24 09:28:31 +00:00 · 2025-10-31 15:29:20 +05:30 · 2025-10-31 15:29:20 +05:30 · 346e26867f
commit 346e26867f
parent 0db3e2a72e
8 changed files with 110 additions and 5 deletions
--- a/.version
+++ b/.version
@ -1 +1 @@
-3.20.28-lts
+3.20.29-lts
--- a/frontend/.version
+++ b/frontend/.version
@ -1 +1 @@
-3.20.28-lts
+3.20.29-lts
--- a/frontend/ee
+++ b/frontend/ee
@ -1 +1 @@
-Subproject commit 5665f90bec58cca14138945852835db8e0bde9cd
+Subproject commit 7cfcb38fc16571927e5a1445c87b7ed59e83c8e2
--- a/frontend/src/_ui/Select/styles.js
+++ b/frontend/src/_ui/Select/styles.js
@ -61,6 +61,7 @@ export default function styles(darkMode, width = 224, height = 32, styles = {},
      padding: '10px 12px', // adjust padding to vertically center the text
      display: 'flex',
      alignItems: 'center',
+      fontSize: styles.fontSize ?? '12px',
    }),
    placeholder: (provided) => ({
      ...provided,
@ -69,6 +70,7 @@ export default function styles(darkMode, width = 224, height = 32, styles = {},
    singleValue: (provided) => ({
      ...provided,
      color: darkMode ? '#fff' : '#232e3c',
+      fontSize: styles.fontSize ?? '12px',
    }),
    menuPortal: (provided) => ({ ...provided, zIndex: 2000 }),
  };
--- a/server/.version
+++ b/server/.version
@ -1 +1 @@
-3.20.28-lts
+3.20.29-lts
--- a/server/data-migrations/1761556597329-AddGrantTypeKeyInSSOConfig.ts
+++ b/server/data-migrations/1761556597329-AddGrantTypeKeyInSSOConfig.ts
@ -0,0 +1,96 @@
+import { dbTransactionWrap } from '@helpers/database.helper';
+import { MigrationProgress, processDataInBatches } from '@helpers/migration.helper';
+import { EntityManager, MigrationInterface, QueryRunner } from 'typeorm';
+
+export class AddGrantTypeKeyInSSOConfig1761556597329 implements MigrationInterface {
+  private readonly SSO_TYPE = 'openid';
+  private readonly BATCH_SIZE = 100;
+
+  private async getTotalCount(entityManager: EntityManager): Promise<number> {
+    const totalRecords = await entityManager.query(
+      `
+      SELECT COUNT(*)
+      FROM sso_configs
+      WHERE sso = $1
+    `,
+      [this.SSO_TYPE]
+    );
+    return parseInt(totalRecords[0].count, 10);
+  }
+
+  private fetchSSOConfigsBatch = async (entityManager: EntityManager, skip: number, take: number): Promise<any[]> => {
+    return await entityManager.query(
+      `
+        SELECT id, configs
+        FROM sso_configs
+        WHERE sso = $1
+        ORDER BY id
+        LIMIT $2 OFFSET $3
+      `,
+      [this.SSO_TYPE, take, skip]
+    );
+  };
+
+  public async up(queryRunner: QueryRunner): Promise<void> {
+    const entityManager = queryRunner.manager;
+    const totalCount = await this.getTotalCount(entityManager);
+
+    if (totalCount === 0) return;
+
+    await dbTransactionWrap(async (entityManager: EntityManager) => {
+      const migrationProgress = new MigrationProgress('AddGrantTypeKeyInSSOConfig1761556597329', totalCount);
+
+      const processBatch = async (entityManager: EntityManager, ssoConfigs: any[]) => {
+        for (const ssoConfig of ssoConfigs) {
+          const configs = ssoConfig.configs;
+          if (configs && !configs.grant_type) {
+            configs.grant_type = 'authorization_code';
+
+            await entityManager.query(
+              `
+              UPDATE sso_configs
+              SET configs = $1
+              WHERE id = $2
+            `,
+              [configs, ssoConfig.id]
+            );
+          }
+          migrationProgress.show();
+        }
+      };
+      await processDataInBatches(entityManager, this.fetchSSOConfigsBatch, processBatch, this.BATCH_SIZE);
+    }, entityManager);
+  }
+
+  public async down(queryRunner: QueryRunner): Promise<void> {
+    const entityManager = queryRunner.manager;
+    const totalCount = await this.getTotalCount(entityManager);
+
+    if (totalCount === 0) return;
+
+    await dbTransactionWrap(async (entityManager: EntityManager) => {
+      const migrationProgress = new MigrationProgress('AddGrantTypeKeyInSSOConfig1761556597329', totalCount);
+
+      const processBatch = async (entityManager: EntityManager, ssoConfigs: any[]) => {
+        for (const ssoConfig of ssoConfigs) {
+          const configs = ssoConfig.configs;
+          if (configs && configs.grant_type) {
+            delete configs.grant_type;
+
+            await entityManager.query(
+              `
+              UPDATE sso_configs
+              SET configs = $1
+              WHERE id = $2
+            `,
+              [configs, ssoConfig.id]
+            );
+          }
+          migrationProgress.show();
+        }
+      };
+
+      await processDataInBatches(entityManager, this.fetchSSOConfigsBatch, processBatch, this.BATCH_SIZE);
+    });
+  }
+}
--- a/server/ee
+++ b/server/ee
@ -1 +1 @@
-Subproject commit 2e20b4b6b28a984c3fd09d64f00f606b56dd532f
+Subproject commit 6f507336a229c0542ca95d77d54e6e31cbf2a068
--- a/server/src/modules/auth/types/index.ts
+++ b/server/src/modules/auth/types/index.ts
@ -1,6 +1,7 @@
 import { FEATURE_KEY } from '../constants';
 import { FeatureConfig } from '@modules/app/types';
 import { MODULES } from '@modules/app/constants/modules';
+import { ClientMetadata } from 'openid-client';

 export interface Features {
  [FEATURE_KEY.LOGIN]: FeatureConfig;
@ -25,3 +26,9 @@ export interface Features {
 export interface FeaturesConfig {
  [MODULES.AUTH]: Features;
 }
+
+export interface OidcClientConfig extends Partial<ClientMetadata> {
+  client_id: string;
+  client_secret?: string;
+  redirect_uris: string[];
+}