support org mapping on org idp

2026-05-30 04:32:53 +00:00 · 2026-04-16 22:12:15 -07:00
parent 707cc4b275
commit 796d14a9e4
8 changed files with 189 additions and 116 deletions
--- a/server/private/routers/orgIdp/createOrgOidcIdp.ts
+++ b/server/private/routers/orgIdp/createOrgOidcIdp.ts
@@ -44,6 +44,7 @@ const bodySchema = z.strictObject({
    autoProvision: z.boolean().optional(),
    variant: z.enum(["oidc", "google", "azure"]).optional().default("oidc"),
    roleMapping: z.string().optional(),
+    orgMapping: z.string().nullish(),
    tags: z.string().optional()
 });

@@ -105,6 +106,7 @@ export async function createOrgOidcIdp(
            name,
            variant,
            roleMapping,
+            orgMapping: orgMappingBody,
            tags
        } = parsedBody.data;

@@ -152,11 +154,16 @@ export async function createOrgOidcIdp(
                variant
            });

+            const orgMapping =
+                orgMappingBody !== undefined
+                    ? orgMappingBody
+                    : `'${orgId}'`;
+
            await trx.insert(idpOrg).values({
                idpId: idpRes.idpId,
                orgId: orgId,
                roleMapping: roleMapping || null,
-                orgMapping: `'${orgId}'`
+                orgMapping
            });
        });

--- a/server/private/routers/orgIdp/updateOrgOidcIdp.ts
+++ b/server/private/routers/orgIdp/updateOrgOidcIdp.ts
@@ -47,6 +47,7 @@ const bodySchema = z.strictObject({
    scopes: z.string().optional(),
    autoProvision: z.boolean().optional(),
    roleMapping: z.string().optional(),
+    orgMapping: z.string().nullish(),
    tags: z.string().optional()
 });

@@ -110,6 +111,7 @@ export async function updateOrgOidcIdp(
            namePath,
            name,
            roleMapping,
+            orgMapping,
            tags
        } = parsedBody.data;

@@ -205,13 +207,20 @@ export async function updateOrgOidcIdp(
                    .where(eq(idpOidcConfig.idpId, idpId));
            }

+            const idpOrgPolicyPatch: {
+                roleMapping?: string;
+                orgMapping?: string | null;
+            } = {};
            if (roleMapping !== undefined) {
-                // Update IdP-org policy
+                idpOrgPolicyPatch.roleMapping = roleMapping;
+            }
+            if (orgMapping !== undefined) {
+                idpOrgPolicyPatch.orgMapping = orgMapping;
+            }
+            if (Object.keys(idpOrgPolicyPatch).length > 0) {
                await trx
                    .update(idpOrg)
-                    .set({
-                        roleMapping
-                    })
+                    .set(idpOrgPolicyPatch)
                    .where(
                        and(eq(idpOrg.idpId, idpId), eq(idpOrg.orgId, orgId))
                    );