diff --git a/packages/backend/src/server/sso/JWTIdentifyProviderService.ts b/packages/backend/src/server/sso/JWTIdentifyProviderService.ts index bb21a8e98..63e412ff1 100644 --- a/packages/backend/src/server/sso/JWTIdentifyProviderService.ts +++ b/packages/backend/src/server/sso/JWTIdentifyProviderService.ts @@ -64,11 +64,12 @@ export class JWTIdentifyProviderService { fastify.all<{ Params: { serviceId: string }; - Querystring?: { serviceurl?: string, return_to?: string }; - Body?: { serviceurl?: string, return_to?: string }; + Querystring?: { serviceurl?: string, return_to?: string, prompt?: string }; + Body?: { serviceurl?: string, return_to?: string, prompt?: string }; }>('/:serviceId', async (request, reply) => { const serviceId = request.params.serviceId; const returnTo = request.query?.return_to ?? request.query?.serviceurl ?? request.body?.return_to ?? request.body?.serviceurl; + const prompt = request.query?.prompt ?? request.body?.prompt ?? 'consent'; const ssoServiceProvider = await this.singleSignOnServiceProviderRepository.findOneBy({ id: serviceId, type: 'jwt' }); if (!ssoServiceProvider) { @@ -101,6 +102,7 @@ export class JWTIdentifyProviderService { transactionId: transactionId, serviceName: ssoServiceProvider.name ?? ssoServiceProvider.issuer, kind: 'jwt', + prompt: prompt, }); }); diff --git a/packages/backend/src/server/sso/SAMLIdentifyProviderService.ts b/packages/backend/src/server/sso/SAMLIdentifyProviderService.ts index 2412f0357..60ce37d8e 100644 --- a/packages/backend/src/server/sso/SAMLIdentifyProviderService.ts +++ b/packages/backend/src/server/sso/SAMLIdentifyProviderService.ts @@ -201,13 +201,14 @@ export class SAMLIdentifyProviderService { fastify.all<{ Params: { serviceId: string }; - Querystring?: { SAMLRequest?: string; RelayState?: string }; - Body?: { SAMLRequest?: string; RelayState?: string }; + Querystring?: { SAMLRequest?: string; RelayState?: string, prompt?: string }; + Body?: { SAMLRequest?: string; RelayState?: string, prompt?: string }; }>('/:serviceId', async (request, reply) => { const serviceId = request.params.serviceId; const binding = request.query?.SAMLRequest ? 'redirect' : 'post'; const samlRequest = request.query?.SAMLRequest ?? request.body?.SAMLRequest; const relayState = request.query?.RelayState ?? request.body?.RelayState; + const prompt = request.query?.prompt ?? request.body?.prompt ?? 'consent'; const ssoServiceProvider = await this.singleSignOnServiceProviderRepository.findOneBy({ id: serviceId, type: 'saml', privateKey: Not(IsNull()) }); if (!ssoServiceProvider) { @@ -268,6 +269,7 @@ export class SAMLIdentifyProviderService { transactionId: transactionId, serviceName: ssoServiceProvider.name ?? ssoServiceProvider.issuer, kind: 'saml', + prompt: prompt, }); } catch (err) { this.#logger.error('Failed to parse SAML request', { error: err }); diff --git a/packages/backend/src/server/web/views/sso.pug b/packages/backend/src/server/web/views/sso.pug index bc1248127..d929c9721 100644 --- a/packages/backend/src/server/web/views/sso.pug +++ b/packages/backend/src/server/web/views/sso.pug @@ -4,3 +4,4 @@ block meta meta(name='misskey:sso:transaction-id' content=transactionId) meta(name='misskey:sso:service-name' content=serviceName) meta(name='misskey:sso:kind' content=kind) + meta(name='misskey:sso:prompt' content=prompt) diff --git a/packages/frontend/src/pages/sso.vue b/packages/frontend/src/pages/sso.vue index d47688bd9..d113f0712 100644 --- a/packages/frontend/src/pages/sso.vue +++ b/packages/frontend/src/pages/sso.vue @@ -33,7 +33,7 @@ SPDX-License-Identifier: AGPL-3.0-only