credebl
feat: SSO support and clientcredentials based switchig for single sign on feature
What
- Support SSO
- Ability to switch between client based on clientAlias instead of
Quality Gate passed
Issues
7 New issues
0 Accepted issues
Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code
See analysis details on SonarQube Cloud
![sonarqubecloud[bot] avatar](https://avatars.githubusercontent.com/in/12526?v=4 "Published by a pub.dev verified publisher"){kind=small}
Walkthrough
This update introduces Single Sign-On (SSO) client alias support across the system. It adds new environment variable templates and database schema for managing client aliases and URLs, implements backend endpoints for retrieving and validating client aliases, and refactors the user verification email flow to use client aliases instead of direct credentials. Additional formatting, import organization, and error handling improvements are included.
Changes
| File(s) / Group | Change Summary |
|---|---|
.env.demo, .env.sample |
Added SSO client configuration section and template variables for supported client aliases and credentials. |
.github/ISSUE_TEMPLATE/FEATURE-REQUEST.yml, .github/ISSUE_TEMPLATE/bug_report.yml |
Removed trailing newlines for formatting consistency. |
docker-compose.yml |
Added redis as a dependency for issuance service. |
apps/agent-service/src/repositories/agent-service.repository.ts, apps/api-gateway/src/main.ts |
Reordered and grouped import statements for clarity. |
apps/api-gateway/src/authz/authz.controller.ts |
Added /clientAliases GET endpoint, updated verification email endpoint to accept clientAlias, improved Swagger docs, and refactored formatting. |
apps/api-gateway/src/authz/authz.service.ts |
Added getClientAlias method, updated sendVerificationMail return type, consolidated imports. |
apps/api-gateway/src/authz/decorators/user-auth-client.ts |
Introduced ClientAliasValidationPipe for validating client aliases from environment. |
apps/api-gateway/src/user/dto/create-user.dto.ts |
Removed clientId and clientSecret fields; added optional clientAlias property. |
apps/api-gateway/src/user/utils/index.ts |
Added utilities for fetching and encrypting SSO client credentials by alias. |
apps/issuance/src/issuance.repository.ts, apps/issuance/src/issuance.service.ts, apps/ledger/src/schema/schema.service.ts, apps/verification/src/verification.service.ts, libs/logger/src/logger.service.ts |
Formatting and whitespace adjustments for improved readability. |
apps/organization/repositories/organization.repository.ts |
Expanded Prisma query to select tenantId in addition to orgDid. |
apps/user/repositories/user.repository.ts |
Added fetchClientAliases method, improved import organization and formatting. |
apps/user/src/user.controller.ts |
Added getClientAliases method, updated method signatures and formatting, changed sendVerificationMail return type. |
apps/user/src/user.service.ts |
Added getClientAliases method, refactored verification email flow to use clientAlias, improved formatting and parameter passing. |
apps/user/templates/user-email-template.ts |
Updated URL template method to accept redirectTo and clientAlias, improved error handling. |
libs/common/src/cast.helper.ts |
Added encryptClientCredential async function for AES encryption of credentials. |
libs/common/src/common.module.ts |
Imported and provided LoggerModule and Logger service. |
libs/common/src/interfaces/user.interface.ts |
Extended and added interfaces for SSO client details and aliases, updated ISendVerificationEmail. |
libs/common/src/response-messages/index.ts |
Added new success message for fetching client aliases. |
libs/prisma-service/prisma/migrations/20250603101813_added_client_alias/migration.sql, libs/prisma-service/prisma/schema.prisma |
Added client_aliases table/model with fields for alias metadata and URLs. |
libs/prisma-service/prisma/seed.ts |
Refactored for formatting and modularized encryption logic using external helper. |
Sequence Diagram(s)
sequenceDiagram
participant Client
participant API-Gateway
participant AuthzService
participant UserService
participant Utils
participant DB
Client->>API-Gateway: POST /authz/verification-email?clientAlias=ALIAS
API-Gateway->>AuthzService: sendVerificationMail(userEmailVerification, clientAlias)
AuthzService->>UserService: sendVerificationMail(userEmailVerification, clientAlias)
UserService->>Utils: getCredentialsByAlias(clientAlias)
Utils->>DB: Fetch client credentials for alias
DB-->>Utils: Return clientId, clientSecret, domain
Utils-->>UserService: Return encrypted credentials
UserService->>UserService: Compose verification email with clientAlias
UserService->>DB: Store verification email request
UserService-->>AuthzService: Return user entity
AuthzService-->>API-Gateway: Return user entity
API-Gateway-->>Client: Respond with status/message
sequenceDiagram
participant Client
participant API-Gateway
participant AuthzService
participant DB
Client->>API-Gateway: GET /authz/clientAliases
API-Gateway->>AuthzService: getClientAlias()
AuthzService->>DB: Fetch all client aliases and URLs
DB-->>AuthzService: Return alias list
AuthzService-->>API-Gateway: Return alias list
API-Gateway-->>Client: Respond with aliases and URLs
Suggested reviewers
- shitrerohit
Poem
In the warren of code, a new path appears,
SSO clients gather—aliases, cheers!
Credentials encrypted, secrets held tight,
Verification flows now feel just right.
Tables and endpoints, all freshly aligned,
This rabbit approves—new features combined!
🐇✨
✨ Finishing Touches
- [ ] 📝 Generate Docstrings
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.
🪧 Tips
Chat
There are 3 ways to chat with CodeRabbit:
- Review comments: Directly reply to a review comment made by CodeRabbit. Example:
I pushed a fix in commit <commit_id>, please review it.Explain this complex logic.Open a follow-up GitHub issue for this discussion.
- Files and specific lines of code (under the "Files changed" tab): Tag
@coderabbitaiin a new review comment at the desired location with your query. Examples:@coderabbitai explain this code block.@coderabbitai modularize this function.
- PR comments: Tag
@coderabbitaiin a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:@coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.@coderabbitai read src/utils.ts and explain its main purpose.@coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.@coderabbitai help me debug CodeRabbit configuration file.
Support
Need help? Create a ticket on our support page for assistance with any issues or questions.
Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.
CodeRabbit Commands (Invoked using PR comments)
@coderabbitai pauseto pause the reviews on a PR.@coderabbitai resumeto resume the paused reviews.@coderabbitai reviewto trigger an incremental review. This is useful when automatic reviews are disabled for the repository.@coderabbitai full reviewto do a full review from scratch and review all the files again.@coderabbitai summaryto regenerate the summary of the PR.@coderabbitai generate docstringsto generate docstrings for this PR.@coderabbitai generate sequence diagramto generate a sequence diagram of the changes in this PR.@coderabbitai resolveresolve all the CodeRabbit review comments.@coderabbitai configurationto show the current CodeRabbit configuration for the repository.@coderabbitai helpto get help.
Other keywords and placeholders
- Add
@coderabbitai ignoreanywhere in the PR description to prevent this PR from being reviewed. - Add
@coderabbitai summaryto generate the high-level summary at a specific location in the PR description. - Add
@coderabbitaianywhere in the PR title to generate the title automatically.
CodeRabbit Configuration File (.coderabbit.yaml)
- You can programmatically configure CodeRabbit by adding a
.coderabbit.yamlfile to the root of your repository. - Please see the configuration documentation for more information.
- If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation:
# yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json
Documentation and Community
- Visit our Documentation for detailed information on how to use CodeRabbit.
- Join our Discord Community to get help, request features, and share feedback.
- Follow us on X/Twitter for updates and announcements.
![coderabbitai[bot] avatar](https://avatars.githubusercontent.com/in/347564?v=4 "Published by a pub.dev verified publisher"){kind=small}
Quality Gate passed
Issues
10 New issues
0 Accepted issues
Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code
See analysis details on SonarQube Cloud
✅ Actions performed
Review triggered.
Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.
[!NOTE] Generated docstrings for this pull request at https://github.com/credebl/platform/pull/1304