v0.4.24: google scopes, sso for chat deployment, chat deploy ux, clay tools #1731
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
* added google forms scope and google drive scope * added back file scope --------- Co-authored-by: Adam Gough <[email protected]> Co-authored-by: Adam Gough <[email protected]>
…1729) * feat(sso-chat-deployment): added sso auth option for chat deployment * ack PR comments
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
![greptile-apps[bot]](https://avatars.githubusercontent.com/in/867647?s=60&v=4){kind=small}
Contributor
There was a problem hiding this comment.
Greptile Overview
Greptile Summary
This PR adds two main features:
1. SSO Authentication for Chat Deployments
- Added new
ssoauth type for chat deployments alongside existingpublic,password, andemailoptions - Implemented complete SSO flow: email validation → SSO provider redirect → session verification → chat access
- SSO option is conditionally shown based on
NEXT_PUBLIC_SSO_ENABLEDenvironment variable - Email/domain allowlist validation happens both before SSO redirect (for better UX) and after authentication (for security)
- Properly integrates with existing Better Auth SSO infrastructure
2. Google OAuth Scope Updates
- Added
drive.readonlyscope to Google Drive, Docs, and Sheets OAuth providers - Re-added
drive.filescope (maintains write capabilities) - Added Google Forms integration with
forms.responses.readonlyscope - Updated all Google Drive/Docs blocks to request both read and write scopes
Both features are well-integrated with minimal changes to existing code. The SSO implementation follows secure patterns by validating authorization at multiple checkpoints. The Google scope changes ensure proper OAuth verification and enable new functionality.
Confidence Score: 4/5
- This PR is safe to merge with low risk - the changes are well-structured and follow existing patterns
- Score reflects solid implementation with proper validation and security checks. Minor deduction because: (1) the SSO feature is behind a feature flag but lacks documentation for the
NEXT_PUBLIC_SSO_ENABLEDvariable, (2) theonAuthSuccessprop inSSOAuthcomponent is unused since the flow relies on redirect behavior, and (3) no database migration file is included for the schema changes (though the changes are backward-compatible comments only) - No files require special attention - the implementation is consistent and follows secure patterns throughout
Important Files Changed
File Analysis
| Filename | Score | Overview |
|---|---|---|
| apps/sim/app/chat/components/auth/sso/sso-auth.tsx | 4/5 | New SSO authentication component that validates email access before redirecting to SSO provider, handles error states properly |
| apps/sim/app/api/chat/utils.ts | 4/5 | Added SSO authentication validation logic with checkSSOAccess flag and session verification, properly validates email/domain access |
| apps/sim/app/api/chat/route.ts | 5/5 | Added SSO auth type to schema, added validation for required emails when SSO is selected |
| apps/sim/lib/auth.ts | 4/5 | Added drive.readonly scope to Google OAuth providers, maintains existing drive.file scope for write operations |
| apps/sim/lib/oauth/oauth.ts | 5/5 | Updated Google Drive/Docs/Sheets scopes to include drive.readonly alongside drive.file, added Google Forms with forms.responses.readonly scope |
| apps/sim/blocks/blocks/google_docs.ts | 5/5 | Added drive.readonly to required scopes for Google Docs block operations |
| apps/sim/blocks/blocks/google_drive.ts | 5/5 | Added drive.readonly to required scopes across all Google Drive block operations (folder selector, list, upload) |
Sequence Diagram
sequenceDiagram
participant User
participant ChatUI as Chat UI
participant ChatAPI as Chat API
participant SSOAuth as SSO Auth Component
participant SSOProvider as SSO Provider
User->>ChatUI: Access chat deployment
ChatUI->>ChatAPI: GET chat configuration
ChatAPI->>ChatAPI: Verify authType is sso
ChatAPI-->>ChatUI: Authentication required
ChatUI->>SSOAuth: Render SSO form
User->>SSOAuth: Enter work email
SSOAuth->>ChatAPI: Validate email access
ChatAPI->>ChatAPI: Check allowedEmails list
alt Email authorized
ChatAPI-->>SSOAuth: Access permitted
SSOAuth->>SSOProvider: Redirect for authentication
SSOProvider->>User: Complete authentication
User->>ChatUI: Return to chat
ChatUI->>ChatAPI: Send message with session
ChatAPI->>ChatAPI: Verify session email
ChatAPI-->>ChatUI: Return chat response
else Email not authorized
ChatAPI-->>SSOAuth: Access denied
SSOAuth->>User: Show error
end
24 files reviewed, no comments
…active version (#1730) * improvement(deployment-ux): deployment should indicate and make details configurable when activating previous version * fix activation UI * remove redundant code * revert pulsing dot * fix redeploy bug * bill workspace owner for deployed chat * deployed chat * fix bugs * fix tests, address greptile * fix * ui bug to load api key * fix qdrant fetch tool
icecrasher321
changed the title
* fix(elevenlabs): added internal auth helper for proxy routes * remove concurrent tests * build fix
* fixed clay tool * added metadata * added metadata to types * fix(clay): remove (optional) from subblock name * regen docs
waleedlatif1
changed the title
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
fix(google-scopes): added Forms and updated Drive scope; re-added file scope (#1532)
feat(sso-chat-deployment): added SSO auth option for chat deployment (#1533)
Type of Change