element-hq
diff --git a/‎.gitignore‎
Lines changed: 8 additions & 0 deletions b/‎.gitignore‎
Lines changed: 8 additions & 0 deletions
diff --git a/‎crates/cli/src/sync.rs‎
Lines changed: 1 addition & 0 deletions b/‎crates/cli/src/sync.rs‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎crates/config/src/sections/upstream_oauth2.rs‎
Lines changed: 7 additions & 0 deletions b/‎crates/config/src/sections/upstream_oauth2.rs‎
Lines changed: 7 additions & 0 deletions
diff --git a/‎crates/data-model/src/upstream_oauth2/provider.rs‎
Lines changed: 1 addition & 0 deletions b/‎crates/data-model/src/upstream_oauth2/provider.rs‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎crates/handlers/src/admin/v1/upstream_oauth_links/mod.rs‎
Lines changed: 1 addition & 0 deletions b/‎crates/handlers/src/admin/v1/upstream_oauth_links/mod.rs‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎crates/handlers/src/upstream_oauth2/authorize.rs‎
Lines changed: 16 additions & 1 deletion b/‎crates/handlers/src/upstream_oauth2/authorize.rs‎
Lines changed: 16 additions & 1 deletion
diff --git a/‎crates/handlers/src/upstream_oauth2/cache.rs‎
Lines changed: 1 addition & 0 deletions b/‎crates/handlers/src/upstream_oauth2/cache.rs‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎crates/handlers/src/upstream_oauth2/link.rs‎
Lines changed: 1 addition & 0 deletions b/‎crates/handlers/src/upstream_oauth2/link.rs‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎crates/handlers/src/views/login.rs‎
Lines changed: 2 additions & 0 deletions b/‎crates/handlers/src/views/login.rs‎
Lines changed: 2 additions & 0 deletions
diff --git a/‎crates/storage-pg/.sqlx/query-585a1e78834c953c80a0af9215348b0f551b16f4cb57c022b50212cfc3d8431f.json‎
Lines changed: 45 additions & 0 deletions b/‎crates/storage-pg/.sqlx/query-585a1e78834c953c80a0af9215348b0f551b16f4cb57c022b50212cfc3d8431f.json‎
Lines changed: 45 additions & 0 deletions
@@ -1 +1,9 @@
+# Rust
 target/
+
+# Editors
+.idea
+.nova
+
+# OS garbage
+.DS_Store
@@ -304,6 +304,7 @@ pub async fn config_sync(
                             .additional_authorization_parameters
                             .into_iter()
                             .collect(),
+                        forward_login_hint: provider.forward_login_hint,
                         ui_order,
                     },
                 )
 
@@ -565,4 +565,11 @@ pub struct Provider {
     /// Orders of the keys are not preserved.
     #[serde(default, skip_serializing_if = "BTreeMap::is_empty")]
     pub additional_authorization_parameters: BTreeMap<String, String>,
+
+    /// Whether the `login_hint` should be forwarded to the provider in the
+    /// authorization request.
+    ///
+    /// Defaults to `false`.
+    #[serde(default)]
+    pub forward_login_hint: bool,
 }
@@ -241,6 +241,7 @@ pub struct UpstreamOAuthProvider {
     pub disabled_at: Option<DateTime<Utc>>,
     pub claims_imports: ClaimsImports,
     pub additional_authorization_parameters: Vec<(String, String)>,
+    pub forward_login_hint: bool,
 }
 
 impl PartialOrd for UpstreamOAuthProvider {
 
@@ -47,6 +47,7 @@ mod test_utils {
             userinfo_endpoint_override: None,
             jwks_uri_override: None,
             additional_authorization_parameters: Vec::new(),
+            forward_login_hint: false,
             ui_order: 0,
         }
     }
 
@@ -12,7 +12,7 @@ use hyper::StatusCode;
 use mas_axum_utils::{cookies::CookieJar, record_error};
 use mas_data_model::UpstreamOAuthProvider;
 use mas_oidc_client::requests::authorization_code::AuthorizationRequestData;
-use mas_router::UrlBuilder;
+use mas_router::{PostAuthAction, UrlBuilder};
 use mas_storage::{
     BoxClock, BoxRepository, BoxRng,
     upstream_oauth2::{UpstreamOAuthProviderRepository, UpstreamOAuthSessionRepository},
@@ -92,6 +92,21 @@ pub(crate) async fn get(
         data = data.with_response_mode(response_mode.into());
     }
 
+    // Forward the raw login hint upstream for the provider to handle however it
+    // sees fit
+    if provider.forward_login_hint {
+        if let Some(PostAuthAction::ContinueAuthorizationGrant { id }) = &query.post_auth_action {
+            if let Some(login_hint) = repo
+                .oauth2_authorization_grant()
+                .lookup(*id)
+                .await?
+                .and_then(|grant| grant.login_hint)
+            {
+                data = data.with_login_hint(login_hint);
+            }
+        }
+    }
+
     let data = if let Some(methods) = lazy_metadata.pkce_methods().await? {
         data.with_code_challenge_methods_supported(methods)
     } else {
 
@@ -426,6 +426,7 @@ mod tests {
             disabled_at: None,
             claims_imports: UpstreamOAuthProviderClaimsImports::default(),
             additional_authorization_parameters: Vec::new(),
+            forward_login_hint: false,
         };
 
         // Without any override, it should just use discovery
 
@@ -983,6 +983,7 @@ mod tests {
                     pkce_mode: mas_data_model::UpstreamOAuthProviderPkceMode::Auto,
                     response_mode: None,
                     additional_authorization_parameters: Vec::new(),
+                    forward_login_hint: false,
                     ui_order: 0,
                 },
             )
 
@@ -498,6 +498,7 @@ mod test {
                     pkce_mode: mas_data_model::UpstreamOAuthProviderPkceMode::Auto,
                     response_mode: None,
                     additional_authorization_parameters: Vec::new(),
+                    forward_login_hint: false,
                     ui_order: 0,
                 },
             )
@@ -539,6 +540,7 @@ mod test {
                     pkce_mode: mas_data_model::UpstreamOAuthProviderPkceMode::Auto,
                     response_mode: None,
                     additional_authorization_parameters: Vec::new(),
+                    forward_login_hint: false,
                     ui_order: 1,
                 },
             )
Original file line number	Diff line number	Diff line change
`@@ -304,6 +304,7 @@ pub async fn config_sync(`
`304`	`304`	`.additional_authorization_parameters`
`305`	`305`	`.into_iter()`
`306`	`306`	`.collect(),`
	`307`	`+ forward_login_hint: provider.forward_login_hint,`
`307`	`308`	`ui_order,`
`308`	`309`	`},`
`309`	`310`	`)`
Original file line number	Diff line number	Diff line change
`@@ -241,6 +241,7 @@ pub struct UpstreamOAuthProvider {`
`241`	`241`	`pub disabled_at: Option<DateTime<Utc>>,`
`242`	`242`	`pub claims_imports: ClaimsImports,`
`243`	`243`	`pub additional_authorization_parameters: Vec<(String, String)>,`
	`244`	`+ pub forward_login_hint: bool,`
`244`	`245`	`}`
`245`	`246`
`246`	`247`	`impl PartialOrd for UpstreamOAuthProvider {`
Original file line number	Diff line number	Diff line change
`@@ -47,6 +47,7 @@ mod test_utils {`
`47`	`47`	`userinfo_endpoint_override: None,`
`48`	`48`	`jwks_uri_override: None,`
`49`	`49`	`additional_authorization_parameters: Vec::new(),`
	`50`	`+ forward_login_hint: false,`
`50`	`51`	`ui_order: 0,`
`51`	`52`	`}`
`52`	`53`	`}`
Original file line number	Diff line number	Diff line change
`@@ -983,6 +983,7 @@ mod tests {`
`983`	`983`	`pkce_mode: mas_data_model::UpstreamOAuthProviderPkceMode::Auto,`
`984`	`984`	`response_mode: None,`
`985`	`985`	`additional_authorization_parameters: Vec::new(),`
	`986`	`+ forward_login_hint: false,`
`986`	`987`	`ui_order: 0,`
`987`	`988`	`},`
`988`	`989`	`)`