mirror of
https://github.com/ToolJet/ToolJet
synced 2026-04-21 21:47:17 +00:00
* feat(oidc): implement OIDC refresh token flow
- Update server/ee submodule with OIDC refresh token support
- Set isSSOLogin for workspace OIDC + decrypt client secret in refresh
* fix: register OidcRefreshService in SessionModule
The EE JwtStrategy depends on OidcRefreshService but SessionModule
never loaded or provided it. Add CE stub, load via getProviders,
and add OidcRefreshService + SSOConfigsRepository to providers.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* feat(oidc): add frontend sync for ssoUserInfo refresh
- Frontend now detects X-SSO-Info-Updated header when backend refreshes tokens
- Async session refresh updates globals.currentUser.ssoUserInfo without page reload
- Deduplicates concurrent refresh requests to prevent N+1 session fetches
- Add SsoInfoUpdatedInterceptor to set header when tokens refresh
- Update OidcRefreshService with docs explaining binding recommendations
- Return boolean from checkAndRefreshIfNeeded to signal when refresh occurs
Changes:
- Backend: Set X-SSO-Info-Updated header after successful token refresh
- Frontend: Detect header in http-client.js and handle-response.js
- Interception: Global interceptor manages header setting
- Documentation: JSDoc explains two binding patterns
* {{globals.currentUser.ssoUserInfo}} - stale but auto-syncs now
* {{globals.server.currentUser.ssoUserInfo}} - always fresh (recommended)
Closes: ToolJet/tj-ee#4245
* refactor(oidc): use Symbol for ssoInfoUpdated + export from CE interceptor
- SsoInfoUpdatedInterceptor now exports SSO_INFO_UPDATED Symbol as the
canonical flag. EE JwtStrategy imports and sets it on req instead of
using Express module augmentation.
- CE OidcRefreshService stub return type updated: void → boolean.
* fix: remove stale submodule from index
* chore: ignore .serena/ directory
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* wip: OIDC refresh token - token refresh interceptor and session handling
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix: correct sso_user_info property path in refreshSsoInfo
The /api/session endpoint returns sso_user_info at the top level of the
response, not nested under current_user. This caused refreshSsoInfo() to
always read undefined, so the Zustand store was never updated after OIDC
token refresh — leaving component bindings stale until a full page reload.
Also deduplicate refreshSsoInfo() from handle-response.js and http-client.js
into a shared module to prevent future drift.
* fix: address PR review feedback for OIDC refresh token flow
- Remove debug console.log statements from handle-response.js
- Add console.debug to empty catch in refreshSsoInfo.js for diagnostics
- Broaden JSDoc to reflect non-editor usage contexts
- Add cross-reference comments between duplicate SSO header checks
- Update CE stub with pointer to EE implementation
- Update server/ee submodule pointer
* chore: update submodule commits for frontend and server
---------
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
Co-authored-by: Souvik <psouvik260@gmail.com>
Co-authored-by: gsmithun4 <gsmithun4@gmail.com>
42 lines
845 B
Text
42 lines
845 B
Text
# See https://help.github.com/articles/ignoring-files for more about ignoring files.
|
|
#
|
|
# If you find yourself ignoring temporary files generated by your text editor
|
|
# or operating system, you probably want to add a global ignore instead:
|
|
# git config --global core.excludesfile '~/.gitignore_global'
|
|
|
|
# Ignore bundler config.
|
|
/.bundle
|
|
|
|
# Ignore all logfiles and tempfiles.
|
|
/log/*
|
|
/tmp/*
|
|
!/log/.keep
|
|
!/tmp/.keep
|
|
|
|
# Ignore pidfiles, but keep the directory.
|
|
/tmp/pids/*
|
|
!/tmp/pids/
|
|
!/tmp/pids/.keep
|
|
|
|
# Ignore uploaded files in development.
|
|
/storage/*
|
|
!/storage/.keep
|
|
.byebug_history
|
|
|
|
# Ignore master key for decrypting credentials and more.
|
|
/config/master.key
|
|
.DS_Store
|
|
/frontend/.firebaserc
|
|
/frontend/.firebase
|
|
/.env
|
|
/.env.test
|
|
/docs/.firebase
|
|
/docs/.firebaserc
|
|
/node_modules
|
|
/frontend/cypress/videos
|
|
|
|
.idea/*
|
|
ti-*
|
|
.claude/
|
|
.worktrees/
|
|
.serena/
|