feat: implement SSO support for Google Workspace (fixes #413)

[soulcloude00]

This pull request implements Single Sign-On (SSO) support for Google Workspace, allowing users to authenticate via their organization's Google credentials. It includes the necessary backend logic for initiating the SSO flow, handling the OAuth callback, and managing user provisioning and organization membership.

Key Changes:

• SSO Verification (CheckSSOUseCase):
  • Added a use case to verify if a provided email address belongs to a domain configured for SSO.
  • Generates the Google OAuth 2.0 authorization URL with the appropriate client ID, redirect URI, and state (containing the organization ID) if SSO is enabled.
• SSO Login & Callback Handling (SSOLoginUseCase):
  • Implemented the logic to handle the OAuth callback, exchanging the authorization code for access and ID tokens via Google's API.
  • Verifies the ID token to retrieve user details.
  • JIT Provisioning: Automatically creates a new user account if one does not exist for the authenticated email.
  • Organization Membership: Ensures the user is added as a member of the organization associated with the SSO configuration.
  • Auto-Join Logic: Automatically adds the user to other organizations that match their email domain.
  • Generates and returns application authentication tokens (access/refresh tokens) upon successful processing.
• API Endpoints:
  • POST /auth/sso/check: Endpoint to check SSO availability for an email and retrieve the redirect URL.
  • GET /auth/sso/callback: Endpoint to handle the Google OAuth redirect.
• Configuration:
  • Defined SSOConfig type (Client ID, Secret, Issuer, Domains, etc.).
  • Added SSO_CONFIG to OrganizationParametersKey enum to support storing SSO settings in organization parameters.
• Module Updates:
  • Updated AuthModule to register the new use cases and import OrganizationParametersModule.
  • Updated OrganizationModule to export GetOrganizationsByDomainUseCase for use in the SSO login flow.
  • Fixes Add basic SSO support for Google Workspace (OIDC) #413

[kody-ai]

Code Review Completed! 🔥

The code review was successfully completed based on your current configurations.

Kody Guide: Usage and Configuration

Interacting with Kody

• Request a Review: Ask Kody to review your PR manually by adding a comment with the `@kody start-review` command at the root of your PR.

• Provide Feedback: Help Kody learn and improve by reacting to its comments with a 👍 for helpful suggestions or a 👎 if improvements are needed.

Current Kody Configuration

Review Options

The following review options are enabled or disabled:

Options	Enabled
Bug	✅
Performance	✅
Security	✅
Breaking Changes	✅
Cross File	❌
Kody Rules	✅
Code Style	❌
Refactoring	✅
Error Handling	❌
Maintainability	✅
Potential Issues	✅
Documentation And Comments	❌
Performance And Optimization	✅

Access your configuration settings here.

[kody-ai]

The PR title indicates that this PR fixes issue #413, but the PR description (body) is empty. The rule requires the closing statement (e.g., "Fixes #413") to be present in the PR body, not just the title. Kody Rule violation: Ensure PR closes referenced issues

[kody-ai]

import {

The file check-sso.use-case.ts is named using kebab-case, which violates the rule requiring camelCase for new files. Please rename the file to follow the camelCase convention (e.g., checkSsoUseCase.ts).

Kody Rule violation: Seguir padrão de nomenclatura de arquivos

_{Talk to Kody by mentioning @kody}

_{Was this suggestion helpful? React with 👍 or 👎 to help Kody learn from this interaction.}

​

​

[kody-ai]

            this.logger.error({
                message: 'SSO Login failed',
                error,
                context: SSOLoginUseCase.name,
                metadata: {
                    organizationId,
                },
            });

The error log is missing the 'organizationId' in the metadata, which is crucial for traceability. Note that 'organizationId' is currently defined inside the 'try' block and needs to be moved to the function scope to be accessible in the 'catch' block.

Kody Rule violation: Tratamento adequado de exceções.

_{Talk to Kody by mentioning @kody}

_{Was this suggestion helpful? React with 👍 or 👎 to help Kody learn from this interaction.}

​

​

[kody-ai]

// Rename file to: ssoLoginUseCase.ts
import {

The file name 'sso-login.use-case.ts' uses kebab-case, which violates the rule requiring camelCase for new files. Please rename the file to 'ssoLoginUseCase.ts'.

Kody Rule violation: Seguir padrão de nomenclatura de arquivos

_{Talk to Kody by mentioning @kody}

_{Was this suggestion helpful? React with 👍 or 👎 to help Kody learn from this interaction.}

​

​

[kody-ai]

export interface SSOConfig {

The file name sso-config.type.ts violates the Kody Rule requiring camelCase for new files. Please rename the file to ssoConfig.type.ts.

Kody Rule violation: Seguir padrão de nomenclatura de arquivos

_{Talk to Kody by mentioning @kody}

_{Was this suggestion helpful? React with 👍 or 👎 to help Kody learn from this interaction.}

​

​

[kody-ai]

Found critical issues please review the requested changes

• Include organizationId in error log metadata for better traceability.

[kody-ai]

Code Review Completed! 🔥

The code review was successfully completed based on your current configurations.

Kody Guide: Usage and Configuration

Interacting with Kody

• Request a Review: Ask Kody to review your PR manually by adding a comment with the `@kody start-review` command at the root of your PR.

• Provide Feedback: Help Kody learn and improve by reacting to its comments with a 👍 for helpful suggestions or a 👎 if improvements are needed.

Current Kody Configuration

Review Options

The following review options are enabled or disabled:

Options	Enabled
Bug	✅
Performance	✅
Security	✅
Breaking Changes	✅
Cross File	❌
Kody Rules	✅
Code Style	❌
Refactoring	✅
Error Handling	❌
Maintainability	✅
Potential Issues	✅
Documentation And Comments	❌
Performance And Optimization	✅

Access your configuration settings here.

[kody-ai]

The pull request title mentions fixing issue #413, but the pull request description body does not contain a valid closing statement (e.g., "Fixes #413", "Closes #413"). Please update the description to explicitly reference the issue being closed. Kody Rule violation: Ensure PR closes referenced issues

[kody-ai]

Code Review Completed! 🔥

The code review was successfully completed based on your current configurations.

Kody Guide: Usage and Configuration

Interacting with Kody

• Request a Review: Ask Kody to review your PR manually by adding a comment with the `@kody start-review` command at the root of your PR.

• Provide Feedback: Help Kody learn and improve by reacting to its comments with a 👍 for helpful suggestions or a 👎 if improvements are needed.

Current Kody Configuration

Review Options

The following review options are enabled or disabled:

Options	Enabled
Bug	✅
Performance	✅
Security	✅
Breaking Changes	✅
Cross File	❌
Kody Rules	✅
Code Style	❌
Refactoring	✅
Error Handling	❌
Maintainability	✅
Potential Issues	✅
Documentation And Comments	❌
Performance And Optimization	✅

Access your configuration settings here.

[sonarqubecloud]

Quality Gate passed

Issues
2 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[kody-ai]

The PR title includes 'fixes #413', but the rule explicitly requires a closing statement (e.g., 'Closes #413', 'Fixes #413') to be present in the PR body (description). Please update the description to include this statement. Kody Rule violation: Ensure PR closes referenced issues