Skip to content

feat(clerk-js): Initiate enterprise SSO from ticket flows #6009

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 4 commits into from
Jun 4, 2025
Merged

feat(clerk-js): Initiate enterprise SSO from ticket flows #6009

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
bca151d
Pass redirect URL to SSO flow
LauraBeatris May 26, 2025
7dbe3a8
Initiate enterprise SSO on sign in with ticket
LauraBeatris May 26, 2025
dfd911b
Do not set card as IDLE when redirectiong to provider
LauraBeatris Jun 3, 2025
ef1ac0c
Add changeset
LauraBeatris Jun 3, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 5 additions & 0 deletions .changeset/nasty-items-jog.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
---
'@clerk/clerk-js': patch
---

Initiate enterprise SSO from ticket flows, such as organization invitations.
20 changes: 19 additions & 1 deletion packages/clerk-js/src/ui/components/SignIn/SignInStart.tsx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -222,6 +222,10 @@ function SignInStartInternal(): JSX.Element {
.then(res => {
switch (res.status) {
case 'needs_first_factor':
if (hasOnlyEnterpriseSSOFirstFactors(res)) {
return authenticateWithEnterpriseSSO();
}

return navigate('factor-one');
case 'needs_second_factor':
return navigate('factor-two');
Expand All @@ -241,6 +245,12 @@ function SignInStartInternal(): JSX.Element {
return attemptToRecoverFromSignInError(err);
})
.finally(() => {
// Keep the card in loading state during SSO redirect to prevent UI flicker
// This is necessary because there's a brief delay between initiating the SSO flow
// and the actual redirect to the external Identity Provider
const isRedirectingToSSOProvider = hasOnlyEnterpriseSSOFirstFactors(signIn);
if (isRedirectingToSSOProvider) return;

status.setIdle();
card.setIdle();
});
Expand Down Expand Up @@ -364,7 +374,7 @@ function SignInStartInternal(): JSX.Element {
}
break;
case 'needs_first_factor':
if (res.supportedFirstFactors?.every(ff => ff.strategy === 'enterprise_sso')) {
if (hasOnlyEnterpriseSSOFirstFactors(res)) {
await authenticateWithEnterpriseSSO();
break;
}
Expand Down Expand Up @@ -604,6 +614,14 @@ function SignInStartInternal(): JSX.Element {
);
}

const hasOnlyEnterpriseSSOFirstFactors = (signIn: SignInResource): boolean => {
if (!signIn.supportedFirstFactors?.length) {
return false;
}

return signIn.supportedFirstFactors.every(ff => ff.strategy === 'enterprise_sso');
};

const InstantPasswordRow = ({ field }: { field?: FormControlState<'password'> }) => {
const [autofilled, setAutofilled] = useState(false);
const ref = useRef<HTMLInputElement>(null);
Expand Down
15 changes: 14 additions & 1 deletion packages/clerk-js/src/ui/components/SignUp/SignUpStart.tsx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -119,6 +119,7 @@ function SignUpStartInternal(): JSX.Element {
const hasEmail = !!formState.emailAddress.value;
const isProgressiveSignUp = userSettings.signUp.progressive;
const isLegalConsentEnabled = userSettings.signUp.legal_consent_enabled;
const oidcPrompt = ctx.oidcPrompt;

const fields = determineActiveFields({
attributes,
Expand All @@ -145,8 +146,13 @@ function SignUpStartInternal(): JSX.Element {
setMissingRequirementsWithTicket(true);
}

const redirectUrl = ctx.ssoCallbackUrl;
const redirectUrlComplete = ctx.afterSignUpUrl || '/';

return completeSignUpFlow({
signUp,
redirectUrl,
redirectUrlComplete,
verifyEmailPath: 'verify-email-address',
verifyPhonePath: 'verify-phone-number',
handleComplete: () => {
Expand All @@ -155,6 +161,7 @@ function SignUpStartInternal(): JSX.Element {
return setActive({ session: signUp.createdSessionId, redirectUrl: afterSignUpUrl });
},
navigate,
oidcPrompt,
});
})
.catch(err => {
Expand All @@ -163,6 +170,12 @@ function SignUpStartInternal(): JSX.Element {
handleError(err, [], card.setError);
})
.finally(() => {
// Keep the card in loading state during SSO redirect to prevent UI flicker
// This is necessary because there's a brief delay between initiating the SSO flow
// and the actual redirect to the external Identity Provider
const isRedirectingToSSOProvider = signUp.missingFields.some(mf => mf === 'saml' || mf === 'enterprise_sso');
if (isRedirectingToSSOProvider) return;

status.setIdle();
card.setIdle();
});
Expand Down Expand Up @@ -302,7 +315,7 @@ function SignUpStartInternal(): JSX.Element {
navigate,
redirectUrl,
redirectUrlComplete,
oidcPrompt: ctx.oidcPrompt,
oidcPrompt,
}),
)
.catch(err => handleError(err, fieldsToSubmit, card.setError))
Expand Down