[NAE-2118] Implement OpenID Connector Auth for Admin node

[Retoocs]

Description

Implemented SSO login button, that is configurable. Button redirects to configured OIDC provider login form and then sends received authorization_code to gateway for further processing

Implements NAE-2118

Dependencies

No new dependencies were introduced

Third party dependencies

• No new dependencies were introduced

Blocking Pull requests

There are no dependencies on other PR

How Has Been This Tested?

Manually

Test Configuration

Name	Tested on
OS	Ubuntu 24.04.1 LTS
Runtime	Node 23.6.1
Dependency Manager	NPM 11.0.0
Framework version	Angular 17.3.11
Run parameters
Other configuration

Checklist:

• My code follows the style guidelines of this project
• I have performed a self-review of my own code
• My changes have been checked, personally or remotely, with @...
• I have commented my code, particularly in hard-to-understand areas
• I have resolved all conflicts with the target branch of the PR
• I have updated and synced my code with the target branch
• I have added tests that prove my fix is effective or that my feature works
• New and existing tests pass locally with my changes:
  • Lint test
  • Unit tests
  • Integration tests
• I have checked my contribution with code analysis tools:
  • SonarCloud
  • Snyk
• I have made corresponding changes to the documentation:
  • Developer documentation
  • User Guides
  • Migration Guides

Summary by CodeRabbit

• New Features
  • Introduced Single Sign-On (SSO) login support, allowing users to authenticate using an external identity provider.
  • Added a dedicated SSO login button to the login form, visible when SSO is enabled in the configuration.
• Localization
  • Added translations for the SSO login button in English, German, and Slovak.
• Tests
  • Added initial test setup for the new SSO login component.

[coderabbitai]

Walkthrough

This update introduces Single Sign-On (SSO) functionality into the authentication flow. It adds SSO configuration options, updates interfaces, and implements new Angular components for SSO login. Localization files are extended with SSO button labels, and the login form is modified to conditionally display the SSO button based on configuration. Supporting unit tests and module declarations are included.

Changes

File(s)	Change Summary
nae.json	Added SSO configuration, updated authentication method, and corrected recover endpoint path.
projects/netgrif-components-core/src/assets/i18n/en.json .../de.json .../sk.json	Added "ssoButton" translation key in English, German, and Slovak localization files.
projects/netgrif-components-core/src/commons/schema.ts	Added Sso interface and optional sso property to Auth interface.
projects/netgrif-components-core/src/lib/forms/login/abstract-login-form.component.ts	Updated constructor to inject configuration and added showSsoButton property.
projects/netgrif-components-core/src/lib/forms/login/login-sso/abstract-login-sso.component.ts	Introduced abstract SSO login component handling SSO redirect and token exchange.
projects/netgrif-components-core/src/lib/forms/login/login-sso/abstract-login-sso.component.spec.ts	Added placeholder spec file for abstract SSO login component.
projects/netgrif-components-core/src/lib/forms/public-api.ts	Exported abstract SSO login component.
projects/netgrif-components/src/lib/forms/login/login-form.component.html	Added conditional rendering of SSO login button in the login form template.
projects/netgrif-components/src/lib/forms/login/login-form.component.ts	Updated constructor to inject configuration and pass it to the superclass.
projects/netgrif-components/src/lib/forms/login/login-form.module.ts	Declared and exported new LoginSsoComponent in the module.
projects/netgrif-components/src/lib/forms/login/login-sso/login-sso.component.ts	Added new concrete SSO login component extending abstract base.
projects/netgrif-components/src/lib/forms/login/login-sso/login-sso.component.html	Added template for SSO login button with loading state and translation.
projects/netgrif-components/src/lib/forms/login/login-sso/login-sso.component.spec.ts	Added unit test for SSO login component (currently disabled).
projects/netgrif-components/src/lib/forms/public-api.ts	Exported concrete SSO login component.

Sequence Diagram(s)

sequenceDiagram
    participant User
    participant LoginForm
    participant SSOButton
    participant SSOProvider
    participant AppBackend

    User->>LoginForm: Loads login page
    LoginForm->>SSOButton: Conditionally renders if SSO enabled
    User->>SSOButton: Clicks SSO login button
    SSOButton->>SSOProvider: Redirects to SSO provider's auth URL
    SSOProvider-->>User: Authenticates and redirects back with code
    User->>LoginForm: Returns with authorization code in URL
    LoginForm->>AppBackend: Exchanges code for access token (via refreshUrl)
    AppBackend-->>LoginForm: Returns access token
    LoginForm->>User: Navigates to post-login route

Loading

✨ Finishing Touches

• 📝 Generate Docstrings

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Explain this complex logic.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai explain this code block.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and explain its main purpose.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR.
• @coderabbitai generate sequence diagram to generate a sequence diagram of the changes in this PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 6

🧹 Nitpick comments (10)

projects/netgrif-components-core/src/lib/forms/login/login-sso/abstract-login-sso.component.spec.ts (1)

1-2: Placeholder spec without tests
The spec file currently contains only a TODO comment and no substantive tests for the AbstractLoginSsoComponent. Unit tests should cover redirect initiation, authorization code handling, token exchange, and error scenarios.

Would you like help scaffolding a baseline test suite for this component?

projects/netgrif-components/src/lib/forms/login/login-form.component.html (1)

43-45: SSO button rendering block
The <nc-login-sso> component is conditionally rendered via showSsoButton. For consistent UX, consider adding spacing (e.g., fxLayoutGap="8px") or margin classes to align it with existing buttons, and verify that the embedded button has an appropriate aria-label for accessibility.

projects/netgrif-components/src/lib/forms/login/login-form.module.ts (1)

7-7: Unify quotation style

Every other import in this file (and most of the repo) uses single quotes. Sticking to a single quoting convention avoids noisy diffs and keeps the tslint/prettier rules happy.

-import {LoginSsoComponent} from "./login-sso/login-sso.component";
+import {LoginSsoComponent} from './login-sso/login-sso.component';

projects/netgrif-components/src/lib/forms/login/login-sso/login-sso.component.html (1)

1-9: Add explicit aria-label to improve accessibility & E2E testability

Screen-reader users and automated test suites don’t have a stable, deterministic identifier for this button.
Consider adding an aria-label (or matTooltip) that matches the visible translation key.

-<button color="primary" (click)="redirectToSso()" [disabled]="(loading | async)" mat-raised-button fxLayout="row"
+<button color="primary"
+        aria-label="{{ 'forms.login.ssoButton' | translate }}"
+        (click)="redirectToSso()"
+        [disabled]="(loading | async)"
+        mat-raised-button fxLayout="row"

projects/netgrif-components/src/lib/forms/login/login-sso/login-sso.component.ts (2)

7-11: Enable OnPush change detection for a purely presentational component

The component has no mutable internal state – it only proxies observables from the abstract superclass.
Switching to ChangeDetectionStrategy.OnPush avoids unnecessary change-detection cycles and is consistent with Angular best practices for performance-sensitive pages.

 @Component({
     selector: 'nc-login-sso',
     templateUrl: './login-sso.component.html',
     styleUrls: ['./login-sso.component.scss'],
+    changeDetection: ChangeDetectionStrategy.OnPush
 })

Remember to add ChangeDetectionStrategy to the import list.

---

13-21: Minor naming & visibility nits in constructor parameters

1. _activeRouter is a typo – Angular convention is ActivatedRoute, often shortened to _activatedRoute.
2. None of the injected services are used directly in this concrete class; they are only forwarded to super. Marking them private readonly removes the instance fields and clarifies intent.

-        protected _activeRouter: ActivatedRoute,
+        private readonly _activatedRoute: ActivatedRoute,

…and change the super call accordingly.
Purely cosmetic, but keeps the code-base consistent.

projects/netgrif-components/src/lib/forms/login/login-form.component.ts (1)

11-13: _config property seems unused inside this class

ConfigurationService is forwarded to super but never referenced afterwards.
If no additional logic is planned, mark the parameter private to avoid an extra instance field:

-    constructor(formBuilder: FormBuilder, protected _userService: UserService, protected _config: ConfigurationService) {
+    constructor(formBuilder: FormBuilder, protected _userService: UserService, private _config: ConfigurationService) {

projects/netgrif-components-core/src/lib/forms/login/abstract-login-form.component.ts (1)

8-10: Inconsistent import quote style

Most imports in this file use single quotes; these lines use double quotes. Aligning the style prevents noisy diffs.

-import {ConfigurationService} from "../../configuration/configuration.service";
-import {Sso} from "../../../commons/schema";
+import {ConfigurationService} from '../../configuration/configuration.service';
+import {Sso} from '../../../commons/schema';

projects/netgrif-components-core/src/lib/forms/login/login-sso/abstract-login-sso.component.ts (2)

35-35: Redundant double negation
if (params.code) is sufficient; !!params.code adds no value.
Same applies to !!token on line 67.

---

95-101: Error message misleads users
Displaying forms.login.wrongCredentials when an SSO token exchange fails conflates two different error conditions. Consider adding a dedicated translation key, e.g. forms.login.ssoError.

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between e4b1097 and 8e3c165.

📒 Files selected for processing (16)

• nae.json (2 hunks)
• projects/netgrif-components-core/src/assets/i18n/de.json (1 hunks)
• projects/netgrif-components-core/src/assets/i18n/en.json (1 hunks)
• projects/netgrif-components-core/src/assets/i18n/sk.json (1 hunks)
• projects/netgrif-components-core/src/commons/schema.ts (1 hunks)
• projects/netgrif-components-core/src/lib/forms/login/abstract-login-form.component.ts (4 hunks)
• projects/netgrif-components-core/src/lib/forms/login/login-sso/abstract-login-sso.component.spec.ts (1 hunks)
• projects/netgrif-components-core/src/lib/forms/login/login-sso/abstract-login-sso.component.ts (1 hunks)
• projects/netgrif-components-core/src/lib/forms/public-api.ts (1 hunks)
• projects/netgrif-components/src/lib/forms/login/login-form.component.html (1 hunks)
• projects/netgrif-components/src/lib/forms/login/login-form.component.ts (1 hunks)
• projects/netgrif-components/src/lib/forms/login/login-form.module.ts (1 hunks)
• projects/netgrif-components/src/lib/forms/login/login-sso/login-sso.component.html (1 hunks)
• projects/netgrif-components/src/lib/forms/login/login-sso/login-sso.component.spec.ts (1 hunks)
• projects/netgrif-components/src/lib/forms/login/login-sso/login-sso.component.ts (1 hunks)
• projects/netgrif-components/src/lib/forms/public-api.ts (1 hunks)

🧰 Additional context used

🧬 Code Graph Analysis (3)

projects/netgrif-components/src/lib/forms/login/login-sso/login-sso.component.ts (1)

projects/netgrif-components/src/lib/forms/login/login-form.component.ts (1)

• Component (5-14)

projects/netgrif-components/src/lib/forms/login/login-form.component.ts (1)

projects/netgrif-components/src/lib/forms/login/login-sso/login-sso.component.ts (1)

• Component (7-24)

projects/netgrif-components-core/src/lib/forms/login/abstract-login-form.component.ts (1)

projects/netgrif-components-core/src/commons/schema.ts (1)

• Sso (54-60)

🪛 HTMLHint (1.5.0)

projects/netgrif-components/src/lib/forms/login/login-sso/login-sso.component.html

[error] 1-1: Doctype must be declared before any non-comment content.

(doctype-first)

🪛 Biome (1.9.4)

projects/netgrif-components-core/src/lib/forms/login/login-sso/abstract-login-sso.component.ts

[error] 35-35: Avoid redundant double-negation.

It is not necessary to use double-negation when a value will already be coerced to a boolean.
Unsafe fix: Remove redundant double-negation

(lint/complexity/noExtraBooleanCast)

---

[error] 67-67: Avoid redundant double-negation.

It is not necessary to use double-negation when a value will already be coerced to a boolean.
Unsafe fix: Remove redundant double-negation

(lint/complexity/noExtraBooleanCast)

⏰ Context from checks skipped due to timeout of 90000ms (8)

• GitHub Check: task-list-completed
• GitHub Check: task-list-completed
• GitHub Check: task-list-completed
• GitHub Check: task-list-completed
• GitHub Check: task-list-completed
• GitHub Check: Matrix Test (20)
• GitHub Check: Matrix Test (18)
• GitHub Check: Test with SonarCloud

🔇 Additional comments (8)

projects/netgrif-components-core/src/assets/i18n/en.json (1)

314-314: Translation key added correctly
The ssoButton entry under forms.login is well-formed and reads "Log with SSO". No syntax issues detected.

projects/netgrif-components-core/src/assets/i18n/de.json (1)

314-314: German SSO translation added
The new "ssoButton": "SSO-Anmeldung" entry under forms.login is correctly inserted and valid JSON.

projects/netgrif-components-core/src/assets/i18n/sk.json (1)

314-314: Slovak SSO translation added
The "ssoButton": "Prihlásiť sa pomocou SSO" key is properly placed in the forms.login section with valid JSON syntax.

projects/netgrif-components/src/lib/forms/login/login-form.module.ts (1)

11-12: Declaration/export looks good

LoginSsoComponent is properly declared and exported, so consumers of the module will see it without extra plumbing.
No issues spotted.

projects/netgrif-components/src/lib/forms/public-api.ts (1)

4-4: Public API updated correctly

The new component is exposed to library consumers – exactly what we need. 👍

projects/netgrif-components-core/src/lib/forms/public-api.ts (1)

3-3: Abstract SSO component export added

Makes the base class reusable for external extensions. Looks good.

projects/netgrif-components-core/src/commons/schema.ts (1)

49-60: Schema extension LGTM – but check naming consistency

The interface covers the minimum needed fields. Make sure the runtime config uses the same property names (redirectUrl, refreshUrl, …) – mismatches will surface only at runtime because this is a .d.ts file.

No blocking issues.

projects/netgrif-components-core/src/lib/forms/login/login-sso/abstract-login-sso.component.ts (1)

75-82: Possible NPE & unsafe join on scopes
If scopes is undefined (mis-configured environment) join will crash. Either default to an empty array or throw a clear error earlier.

- scope: this._ssoConfig.scopes.join(' '),
+ scope: (this._ssoConfig.scopes ?? []).join(' '),

[coderabbitai]

🛠️ Refactor suggestion

Disabled test suite hides compilation/runtime issues

The whole spec is wrapped in xdescribe, so it never runs.

1. Potential template-compilation errors inside LoginSsoComponent will stay undetected.
2. Test coverage tools will ignore the component entirely.

Unless there is a strong, short-term reason to skip, turn it into an active suite (or delete it until ready).

-xdescribe('LoginSsoComponent', () => {
+describe('LoginSsoComponent', () => {

If the component depends on external modules (Material, TranslateLib, etc.) add them to the testing module to prevent runtime failures.

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	// todo 2118
	xdescribe('LoginSsoComponent', () => {
	let component: LoginSsoComponent;
	let fixture: ComponentFixture<LoginSsoComponent>;
	beforeEach(async () => {
	await TestBed.configureTestingModule({
	declarations: [ LoginSsoComponent ]
	})
	.compileComponents();
	});
	beforeEach(() => {
	fixture = TestBed.createComponent(LoginSsoComponent);
	component = fixture.componentInstance;
	fixture.detectChanges();
	});
	it('should create', () => {
	expect(component).toBeTruthy();
	});
	});
	// todo 2118
	describe('LoginSsoComponent', () => {
	let component: LoginSsoComponent;
	let fixture: ComponentFixture<LoginSsoComponent>;
	beforeEach(async () => {
	await TestBed.configureTestingModule({
	declarations: [ LoginSsoComponent ]
	})
	.compileComponents();
	});
	beforeEach(() => {
	fixture = TestBed.createComponent(LoginSsoComponent);
	component = fixture.componentInstance;
	fixture.detectChanges();
	});
	it('should create', () => {
	expect(component).toBeTruthy();
	});
	});

🤖 Prompt for AI Agents

In
projects/netgrif-components/src/lib/forms/login/login-sso/login-sso.component.spec.ts
between lines 5 and 27, the test suite is disabled using xdescribe, which
prevents the tests from running and hides potential compilation or runtime
errors. To fix this, remove the 'x' prefix to activate the describe block so the
tests execute. Additionally, ensure that any external modules required by
LoginSsoComponent, such as Material or TranslateLib, are imported and included
in the TestBed configuration to avoid runtime failures during testing.

[coderabbitai]

🛠️ Refactor suggestion

❓ Verification inconclusive

Mixed-content risk: refreshUrl uses HTTP while the app is likely served over HTTPS

Browsers will block XMLHttpRequests from an HTTPS origin to an HTTP endpoint, breaking the token refresh flow in production.

Please verify that the service is reachable via HTTPS or proxy the call through the same origin.

---

Mixed-content risk: refreshUrl uses HTTP while the app is likely served over HTTPS

Browsers will block XMLHttpRequests from an HTTPS origin to an HTTP endpoint, breaking the token refresh flow in production.

Please verify that the service is reachable via HTTPS or proxy the call through the same origin.

🤖 Prompt for AI Agents

In nae.json around lines 23 to 29, the refreshUrl is set to use HTTP which can
cause mixed-content issues when the app is served over HTTPS. Update the
refreshUrl to use HTTPS if the service supports it, or configure a proxy on the
same HTTPS origin to forward requests to the HTTP endpoint, ensuring secure and
unblocked token refresh requests.

[coderabbitai]

⚠️ Potential issue

Defensive defaults & const instead of let

showSsoButton is declared boolean but can currently be undefined.
Also, ssoConfig isn’t reassigned – mark it const.

-        let ssoConfig: Sso = this._config.getConfigurationSubtree(['providers', 'auth', 'sso'])
-        this.showSsoButton = ssoConfig?.enable
+        const ssoConfig: Sso | undefined =
+            this._config.getConfigurationSubtree(['providers', 'auth', 'sso']);
+        this.showSsoButton = !!ssoConfig?.enable;

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	let ssoConfig: Sso = this._config.getConfigurationSubtree(['providers', 'auth', 'sso'])
	this.showSsoButton = ssoConfig?.enable
	}
	const ssoConfig: Sso | undefined =
	this._config.getConfigurationSubtree(['providers', 'auth', 'sso']);
	this.showSsoButton = !!ssoConfig?.enable;
	}

🤖 Prompt for AI Agents

In
projects/netgrif-components-core/src/lib/forms/login/abstract-login-form.component.ts
around lines 39 to 41, change the declaration of ssoConfig from let to const
since it is not reassigned. Also, ensure showSsoButton is assigned a boolean
value by providing a defensive default (e.g., false) when ssoConfig or
ssoConfig.enable is undefined, so showSsoButton never becomes undefined.

[coderabbitai]

🛠️ Refactor suggestion

Guard against missing SSO configuration
_config.getConfigurationSubtree() can legally return undefined if the subtree is not present. Directly dereferencing the resulting object (this._ssoConfig.clientId, this._ssoConfig.scopes, …) will then throw at run time.

- this._ssoConfig = this._config.getConfigurationSubtree(['providers', 'auth', 'sso']);
+ const subtree = this._config.getConfigurationSubtree(['providers', 'auth', 'sso']);
+ if (!subtree) {
+     this._log.error('SSO configuration subtree is missing – SSO button will not work');
+     return;
+ }
+ this._ssoConfig = subtree;

Committable suggestion skipped: line range outside the PR's diff.

🤖 Prompt for AI Agents

In
projects/netgrif-components-core/src/lib/forms/login/login-sso/abstract-login-sso.component.ts
around lines 20 to 33, the assignment of this._ssoConfig directly from
_config.getConfigurationSubtree() can result in undefined if the configuration
subtree is missing. To fix this, add a guard to check if the returned value is
undefined and handle that case appropriately, such as initializing
this._ssoConfig with a default object or adding null checks before accessing its
properties to prevent runtime errors.

[coderabbitai]

⚠️ Potential issue

Authorization code is sensitive – do not log it
this._log.debug('Handling access token: ' + params.code) exposes the OAuth 2.0 authorization-code in logs, creating an unnecessary attack surface. Remove the value or mask it.

- this._log.debug('Handling access token: ' + params.code)
+ this._log.debug('Handling authorization-code callback')

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	this._log.debug('Handling access token: ' + params.code)
	const token$ = this.getToken({
	this._log.debug('Handling authorization-code callback')
	const token$ = this.getToken({

🤖 Prompt for AI Agents

In
projects/netgrif-components-core/src/lib/forms/login/login-sso/abstract-login-sso.component.ts
at lines 57-58, the code logs the OAuth 2.0 authorization code in plain text,
which is sensitive information. Modify the debug log to either remove the
authorization code entirely or replace it with a masked or generic placeholder
to avoid exposing sensitive data in logs.

[coderabbitai]

🛠️ Refactor suggestion

Subscription is never disposed – memory-leak risk
The component subscribes to queryParams in the constructor but does not retain nor unsubscribe from the resulting Subscription. When the component is destroyed, the stream will keep the component instance alive.

+import {Subscription} from 'rxjs';
 …
- this._activeRouter.queryParams.subscribe((params) => {
+ this._paramsSub = this._activeRouter.queryParams.subscribe(params => {
     if (params.code) {
         this.loginFromCode(params);
     }
 });

and in the class body / ngOnDestroy:

- ngOnDestroy(): void {
-     this.loading.complete();
- }
+ private _paramsSub?: Subscription;
+
+ ngOnDestroy(): void {
+     this._paramsSub?.unsubscribe();
+     this.loading.complete();
+ }

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	this._activeRouter.queryParams.subscribe((params) => {
	if (!!params.code) {
	this.loginFromCode(params);
	}
	});
	}
	// at the top of the file
	import { Subscription } from 'rxjs';
	…
	export class AbstractLoginSsoComponent implements OnDestroy {
	// add a field to hold the subscription
	private _paramsSub?: Subscription;
	constructor(
	private _activeRouter: ActivatedRoute,
	// …
	) {
	// capture the subscription so we can unsubscribe later
	this._paramsSub = this._activeRouter.queryParams.subscribe(params => {
	if (params.code) {
	this.loginFromCode(params);
	}
	});
	}
	// …
	ngOnDestroy(): void {
	// tear down the router subscription
	this._paramsSub?.unsubscribe();
	this.loading.complete();
	}
	}

🧰 Tools

🪛 Biome (1.9.4)

[error] 35-35: Avoid redundant double-negation.

It is not necessary to use double-negation when a value will already be coerced to a boolean.
Unsafe fix: Remove redundant double-negation

(lint/complexity/noExtraBooleanCast)

🤖 Prompt for AI Agents

In
projects/netgrif-components-core/src/lib/forms/login/login-sso/abstract-login-sso.component.ts
around lines 34 to 39, the subscription to this._activeRouter.queryParams is
created but never stored or unsubscribed, causing a potential memory leak. Fix
this by storing the subscription in a class property and then unsubscribing from
it in the ngOnDestroy lifecycle method to properly clean up when the component
is destroyed.