further wip

Author: brendan-kellam

packages/web/src/app/(app)/@sidebar/components/upgradeBadge.tsx

@@ -1,3 +1,5 @@
+"use client"
+
 import { Badge } from "@/components/ui/badge"
 import { Tooltip, TooltipContent, TooltipTrigger } from "@/components/ui/tooltip"
 import { OFFERINGS_DOCS_LINK } from "@/lib/constants"
@@ -9,7 +11,7 @@ export const UpgradeBadge = () => {
         <Tooltip>
             <TooltipTrigger asChild>
                 <Badge
-                    className="bg-purple-500/20 text-purple-400 border-purple-500/30 text-[10px] px-1.5 py-0 rounded-md leading-normal tracking-wide"
+                    className="bg-purple-500/20 text-purple-400 border-purple-500/30 text-[10px] px-1.5 py-0 rounded-md leading-normal tracking-wide select-none"
                 >
                     Pro
                 </Badge>

packages/web/src/app/(app)/settings/security/components/identityProviderSettingsCard.tsx

@@ -0,0 +1,39 @@
+import Image from "next/image";
+import { Badge } from "@/components/ui/badge";
+import { SettingsCard } from "@/app/(app)/settings/components/settingsCard";
+import { getAuthProviderInfo, cn } from "@/lib/utils";
+import { IdentityProvider } from "@/auth";
+
+interface IdentityProviderSettingsCardProps {
+    provider: IdentityProvider;
+}
+
+export function IdentityProviderSettingsCard({ provider }: IdentityProviderSettingsCardProps) {
+    const providerInfo = getAuthProviderInfo(provider.type);
+    const name = provider.displayName ?? providerInfo.displayName;
+
+    return (
+        <SettingsCard>
+            <div className="flex items-center justify-between gap-4">
+                <div className="flex items-center gap-4 min-w-0">
+                    <div className="flex h-10 w-10 items-center justify-center rounded-lg bg-muted flex-shrink-0">
+                        {providerInfo.icon && (
+                            <Image
+                                src={providerInfo.icon.src}
+                                alt={name}
+                                className={cn("w-5 h-5", providerInfo.icon.className)}
+                            />
+                        )}
+                    </div>
+                    <div className="min-w-0">
+                        <p className="font-medium text-sm truncate">{name}</p>
+                        {provider.issuerUrl && (
+                            <p className="text-xs text-muted-foreground truncate">{provider.issuerUrl}</p>
+                        )}
+                    </div>
+                </div>
+                <Badge className="flex-shrink-0">Configured</Badge>
+            </div>
+        </SettingsCard>
+    );
+}

packages/web/src/app/(app)/settings/security/components/identityProviderUpsellCard.tsx

@@ -0,0 +1,39 @@
+"use client"
+
+import { useState } from "react"
+import { Sparkles } from "lucide-react"
+import { Button } from "@/components/ui/button"
+import { SettingsCard } from "@/app/(app)/settings/components/settingsCard"
+import { UpsellDialog } from "@/features/billing/upsellDialog"
+
+export function IdentityProviderUpsellCard() {
+    const [isUpsellDialogOpen, setIsUpsellDialogOpen] = useState(false)
+
+    return (
+        <>
+            <SettingsCard>
+                <div className="flex items-center justify-between gap-4">
+                    <div className="flex items-center gap-4 min-w-0">
+                        <div className="flex h-10 w-10 items-center justify-center rounded-lg bg-muted flex-shrink-0">
+                            <Sparkles className="h-4 w-4 text-muted-foreground" />
+                        </div>
+                        <div className="min-w-0">
+                            <p className="font-medium text-sm">Single sign-on is a paid feature</p>
+                            <p className="text-xs text-muted-foreground">Upgrade to let users authenticate with providers like GitHub, Google, and Okta.</p>
+                        </div>
+                    </div>
+                    <Button className="flex-shrink-0" onClick={() => setIsUpsellDialogOpen(true)}>
+                        Upgrade
+                    </Button>
+                </div>
+            </SettingsCard>
+
+            <UpsellDialog
+                open={isUpsellDialogOpen}
+                onOpenChange={setIsUpsellDialogOpen}
+                source="sso_settings"
+                returnPath="/settings/security"
+            />
+        </>
+    )
+}

packages/web/src/app/(app)/settings/security/page.tsx

@@ -3,16 +3,25 @@ import { InviteLinkEnabledSettingsCard } from "./components/inviteLinkEnabledSet
 import { MemberApprovalRequiredSettingsCard } from "./components/memberApprovalRequiredSettingsCard";
 import { CredentialsLoginEnabledSettingsCard } from "./components/credentialsLoginEnabledSettingsCard";
 import { EmailCodeLoginEnabledSettingsCard } from "./components/emailCodeLoginEnabledSettingsCard";
-import { isAnonymousAccessEnabled } from "@/lib/entitlements";
+import { IdentityProviderSettingsCard } from "./components/identityProviderSettingsCard";
+import { IdentityProviderUpsellCard } from "./components/identityProviderUpsellCard";
+import { UpgradeBadge } from "@/app/(app)/@sidebar/components/upgradeBadge";
+import { getProviders, IdentityProvider } from "@/auth";
+import { hasEntitlement, isAnonymousAccessEnabled } from "@/lib/entitlements";
 import { createInviteLink } from "@/lib/utils";
 import { authenticatedPage } from "@/middleware/authenticatedPage";
 import { OrgRole } from "@sourcebot/db";
 import { env, getSMTPConnectionURL, isCredentialsLoginEnabled, isEmailCodeLoginEnabled, isMemberApprovalRequired } from "@sourcebot/shared";
 import { SettingsCardGroup } from "../components/settingsCard";
+import { Alert, AlertDescription } from "@/components/ui/alert";
+import { Info } from "lucide-react";
 
 export default authenticatedPage(async ({ org }) => {
     const anonymousAccessEnabled = await isAnonymousAccessEnabled();
     const inviteLink = createInviteLink(env.AUTH_URL, org.inviteLinkId);
+    const hasSSOEntitlement = await hasEntitlement("sso");
+    const identityProviders = await getConfiguredIdentityProviders();
+
 
     return (
         <div className="flex flex-col gap-6">
@@ -25,7 +34,7 @@ export default authenticatedPage(async ({ org }) => {
                             href="https://docs.sourcebot.dev/docs/configuration/auth/access-settings"
                             target="_blank"
                             rel="noopener"
-                            className="underline text-primary hover:text-primary/80 transition-colors"
+                            className="text-link hover:underline transition-colors"
                         >
                             Learn more
                         </a>
@@ -45,7 +54,7 @@ export default authenticatedPage(async ({ org }) => {
                     />
                 </SettingsCardGroup>
 
-                <p className="text-md font-medium">Authentication methods</p>
+                <p className="text-md font-medium">Email login</p>
 
                 <SettingsCardGroup>
                     <CredentialsLoginEnabledSettingsCard
@@ -56,10 +65,59 @@ export default authenticatedPage(async ({ org }) => {
                         isEmailServiceConfigured={!!getSMTPConnectionURL() && !!env.EMAIL_FROM_ADDRESS}
                     />
                 </SettingsCardGroup>
+
+                <div>
+                    <div className="flex items-center gap-2">
+                        <p className="text-md font-medium">Single Sign-On</p>
+                        {!hasSSOEntitlement && <UpgradeBadge />}
+                    </div>
+                    <p className="text-sm text-muted-foreground">Let users sign in with an external identity provider such as GitHub, Google, or Okta. Providers are managed in your config file.{" "}
+                        <a
+                            href="https://docs.sourcebot.dev/docs/configuration/idp"
+                            target="_blank"
+                            rel="noopener"
+                            className="text-link hover:underline transition-colors"
+                        >
+                            Learn more
+                        </a>
+                    </p>
+                </div>
+
+                {!hasSSOEntitlement ? (
+                    <IdentityProviderUpsellCard />
+                ) : identityProviders.length > 0 ? (
+                    <SettingsCardGroup>
+                        {identityProviders.map((provider) => (
+                            <IdentityProviderSettingsCard key={provider.id} provider={provider} />
+                        ))}
+                    </SettingsCardGroup>
+                ) : (
+                    <Alert className="items-center p-4">
+                        <Info className="w-4 h-4 text-muted-foreground" />
+                        <AlertDescription>
+                            No identity providers are configured. Add them in your config file.{" "}
+                            <a
+                                href="https://docs.sourcebot.dev/docs/configuration/idp"
+                                target="_blank"
+                                rel="noopener"
+                                className="!text-link !no-underline hover:!underline"
+                            >
+                                Learn more
+                            </a>
+                        </AlertDescription>
+                    </Alert>
+                )}
             </div>
         </div>
     )
 }, {
     minRole: OrgRole.OWNER,
     redirectTo: '/settings',
 });
+
+const getConfiguredIdentityProviders = async (): Promise<IdentityProvider[]> => {
+    const providers = await getProviders();
+    return providers.filter((provider) =>
+        provider.purpose === "sso" && !["credentials", "nodemailer"].includes(provider.type)
+    );
+}

packages/web/src/lib/posthogEvents.ts

@@ -9,6 +9,7 @@ export type UpsellSource =
     'onboard' |
     'license_settings' |
     'mcp_settings' |
+    'sso_settings' |
     'chat_connectors';
 
 export type SourcebotWebClientSource = 'sourcebot-web-client';