728790e38f
* chore: Store expiresAt on UserAuthentications. This represents the time that the accessToken is no longer valid and should be exchanged using the refreshToken * feat: Check and expire Google SSO * fix: Better handling of multiple auth methods Added more docs * fix: Retry access validation with network errors * Small refactor, add Azure token validation support * doc * test * lint * OIDC refresh support * CheckSSOAccessTask -> ValidateSSOAccessTask Added lastValidatedAt column Skip checks if validated within 5min Some edge cases around encrypted columns
Authentication Providers
A new auth provider can be added with the addition of a single file in this
folder, and (optionally) a matching logo in /app/components/AuthLogo/index.js
that will appear on the signin button.
Auth providers generally use Passport strategies,
although they can use any custom logic if needed. See the google auth provider for the cleanest example of what is required – some rules:
- The strategy name must be lowercase
- The strategy must call the
accountProvisionercommand in the verify callback - The auth file must export a
configobject withnameandenabledkeys - The auth file must have a default export with a koa-router