Skip to content

SSO: custom claim support, fixing login stability issues, and ensuring correct redirection #982

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 16 commits into from
Aug 1, 2025
Merged

SSO: custom claim support, fixing login stability issues, and ensuring correct redirection #982

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
16 commits
Select commit Hold shift + click to select a range
6ef8c01
WIP: sso oidc metadata refresh
lovasoa Jul 31, 2025
061f540
Refresh OIDC client periodically
lovasoa Jul 31, 2025
df080ec
Increase OIDC client refresh interval to 1 hour
lovasoa Jul 31, 2025
5bd3ac8
feat: Add support for custom claims in OIDC JWT tokens
lovasoa Jul 31, 2025
5cf33e7
refactor: restructure OIDC middleware for better modularity and
lovasoa Jul 31, 2025
45540e7
Replace Mutex with RwLock for OIDC client
lovasoa Aug 1, 2025
b0ca79d
Remove state refresh on OIDC callback error
lovasoa Aug 1, 2025
4578719
OIDC client wrapper exposure
lovasoa Aug 1, 2025
1667de9
Refactor OIDC client refresh mechanism
lovasoa Aug 1, 2025
fd23358
Fix multiple OIDC client refresh
lovasoa Aug 1, 2025
7e0d067
Refactor OIDC authentication flow and error handling
lovasoa Aug 1, 2025
e8b604d
Change OIDC token verification to take ownership
lovasoa Aug 1, 2025
7189cc1
Improve ID token error message with details
lovasoa Aug 1, 2025
b96eb10
Add fast OIDC client refresh on auth errors
lovasoa Aug 1, 2025
630e007
Fix OIDC SSO redirect loop after provider key rotation
lovasoa Aug 1, 2025
78fa85f
Fix OIDC flow: Redirect to initial URL on error
lovasoa Aug 1, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions CHANGELOG.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -49,6 +49,8 @@
```
- The file-based routing system was improved. Now, requests to `/xxx` redirect to `/xxx/` only if `/xxx/index.sql` exists.
- fix: When single sign on is enabled, and an anonymous user visits a page with URL parameters, the user is correctly redirected to the page with the parameters after login.
- Added support for reading custom claims in JWT tokens generated by OIDC providers. This means that you can configure your Single-Sign-On provider to store custom pieces of information about your users, such as roles or permissions, and use them in your SQL queries in SQLPage.
- Implement OIDC provider metadata refresh. This fixes a bug where leaving a SQLPage instance running with SSO enabled would cause infinite redirect loops on login after some time. Since most providers rotate their signing keys regularly and sqlpage only fetched the metadata once at startup, the only way to fix the issue was to restart SQLPage manually.

## v0.35.2
- Fix a bug with zero values being displayed with a non-zero height in stacked bar charts.
Expand Down
Loading