Open
Conversation
️✅ There are no secrets present in this pull request anymore.If these secrets were true positive and are still valid, we highly recommend you to revoke them. 🦉 GitGuardian detects secrets in your source code to help developers and security teams secure the modern development process. You are seeing this because you or someone else with access to this repository has authorized GitGuardian to scan your pull request. |
Contributor
There was a problem hiding this comment.
Pull request overview
This PR adds SSO/OAuth-based login support and a backend logout API, plus scripts/config to set up an OAuth app and integrate bearer-token authentication across multiple API calls.
Changes:
- Add UI SSO login flow (app-config fetch + SSO status polling) and backend endpoints for app-config, OAuth callback, SSO status, and logout.
- Add setup tooling (build script + migration utility) and introduce app/manifest JSON artifacts for OAuth configuration.
- Update multiple backend services to support both Basic (authtoken) and SSO (Bearer access_token) authentication headers.
Reviewed changes
Copilot reviewed 28 out of 30 changed files in this pull request and generated 25 comments.
Show a summary per file
| File | Description |
|---|---|
| upload-api/src/config/index.ts | Updates default CMS type and local path defaults. |
| ui/src/services/api/login.service.ts | Adds API wrappers for app-config, SSO status, and logout. |
| ui/src/pages/Login/index.tsx | Implements SSO login UX and polling-based completion flow. |
| ui/src/pages/Login/index.scss | Adds SSO button styling and new utility-like classes. |
| ui/src/components/ProfileHeader/index.tsx | Calls backend logout before clearing local storage; adds “Logging out…” UI state. |
| build.sh | New interactive setup script for region selection, OAuth login, redirect_uri update, and migration run. |
| app.json | New OAuth/app configuration file (currently committed). |
| api/sso.utils.js | New migration utility to create/update app and generate app.json with OAuth/PKCE data. |
| api/src/utils/config-handler.util.ts | New helpers to write BASIC/OAUTH auth settings into CLI config. |
| api/src/utils/auth.utils.ts | Adds access-token getters and app.json-derived org/app config helpers. |
| api/src/services/user.service.ts | Adds SSO-aware user profile fetching and org membership checks. |
| api/src/services/taxonomy.service.ts | Switches request auth header to Bearer when access_token exists. |
| api/src/services/runCli.service.ts | Switches CLI auth setup between BASIC and OAUTH based on stored tokens. |
| api/src/services/projects.service.ts | Adds isSSO project flag and uses Bearer/authtoken accordingly in stack calls. |
| api/src/services/org.service.ts | Adds Bearer/authtoken header selection for org/stack/locale endpoints. |
| api/src/services/migration.service.ts | Adds Bearer/authtoken header selection for test stack create/delete. |
| api/src/services/marketplace.service.ts | Updates app manifest creation logic to support Bearer token. |
| api/src/services/globalField.service.ts | Updates global field requests to support Bearer token. |
| api/src/services/contentMapper.service.ts | Updates content type requests to support Bearer token. |
| api/src/services/auth.service.ts | Adds logout, OAuth callback token exchange, refresh token support, and SSO status logic. |
| api/src/routes/auth.routes.ts | Exposes new routes for save-token, app-config, sso-status, and logout. |
| api/src/models/types.ts | Extends JWT payload with is_sso and adds RefreshTokenResponse type. |
| api/src/models/authentication.ts | Extends auth DB schema typing to include access_token. |
| api/src/controllers/auth.controller.ts | Adds controllers for OAuth callback, app-config, SSO status, and logout. |
| api/src/constants/index.ts | Adds token endpoint + regional host mappings for OAuth flows. |
| api/package.json | Removes type: module; bumps axios; adds @types/express-session. |
| api/package-lock.json | Locks axios bump and adds express-session types; large dependency churn. |
| api/manifest.json | New app manifest containing OAuth client credentials (currently committed). |
| .talismanrc | Adds new ignore entries (currently duplicated blocks). |
| .gitignore | Adds app.json to ignores (but app.json is currently committed in this PR). |
Files not reviewed (1)
- api/package-lock.json: Language not supported
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
shobhitupadhyayy
force-pushed
the
feature/cmg-686
branch
from
89cddec to
fa2cd13
Compare
shobhitupadhyayy
force-pushed
the
feature/cmg-686
branch
from
c3e4bfd to
79c6fcf
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.