diff --git a/apps/sim/lib/auth.ts b/apps/sim/lib/auth.ts index 236dba2d1d..46819bdb6d 100644 --- a/apps/sim/lib/auth.ts +++ b/apps/sim/lib/auth.ts @@ -159,6 +159,8 @@ export const auth = betterAuth({ // Common SSO provider patterns ...SSO_TRUSTED_PROVIDERS, + // Generic OAuth provider (if configured) + ...(env.OAUTH_PROVIDER_ID ? [env.OAUTH_PROVIDER_ID] : []), ], }, }, @@ -1584,6 +1586,28 @@ export const auth = betterAuth({ } }, }, + // Generic OAuth provider (Auth0, Okta, Keycloak, custom OIDC, etc.) + ...(env.OAUTH_CLIENT_ID && + env.OAUTH_CLIENT_SECRET && + env.OAUTH_AUTHORIZATION_URL && + env.OAUTH_TOKEN_URL && + env.OAUTH_USERINFO_URL && + env.OAUTH_PROVIDER_ID + ? [ + { + providerId: env.OAUTH_PROVIDER_ID, + clientId: env.OAUTH_CLIENT_ID, + clientSecret: env.OAUTH_CLIENT_SECRET, + authorizationUrl: env.OAUTH_AUTHORIZATION_URL, + tokenUrl: env.OAUTH_TOKEN_URL, + userInfoUrl: env.OAUTH_USERINFO_URL, + scopes: env.OAUTH_SCOPES + ? env.OAUTH_SCOPES.split(' ').filter(Boolean) + : ['openid', 'profile', 'email'], + redirectURI: `${getBaseUrl()}/api/auth/oauth2/callback/${env.OAUTH_PROVIDER_ID}`, + }, + ] + : []), ], }), // Include SSO plugin when enabled diff --git a/apps/sim/lib/env.ts b/apps/sim/lib/env.ts index 1f58a44ba6..f9b256d706 100644 --- a/apps/sim/lib/env.ts +++ b/apps/sim/lib/env.ts @@ -174,6 +174,13 @@ export const env = createEnv({ GOOGLE_CLIENT_SECRET: z.string().optional(), // Google OAuth client secret GITHUB_CLIENT_ID: z.string().optional(), // GitHub OAuth client ID for GitHub integration GITHUB_CLIENT_SECRET: z.string().optional(), // GitHub OAuth client secret + OAUTH_CLIENT_ID: z.string().optional(), // OAuth client ID + OAUTH_CLIENT_SECRET: z.string().optional(), // OAuth client secret + OAUTH_AUTHORIZATION_URL: z.string().optional(), // OAuth authorization URL + OAUTH_TOKEN_URL: z.string().optional(), // OAuth token URL + OAUTH_USERINFO_URL: z.string().optional(), // OAuth userinfo URL + OAUTH_SCOPES: z.string().optional(), // OAuth scopes + OAUTH_PROVIDER_ID: z.string().optional(), // OAuth provider ID GITHUB_REPO_CLIENT_ID: z.string().optional(), // GitHub OAuth client ID for repo access GITHUB_REPO_CLIENT_SECRET: z.string().optional(), // GitHub OAuth client secret for repo access X_CLIENT_ID: z.string().optional(), // X (Twitter) OAuth client ID diff --git a/helm/sim/values.schema.json b/helm/sim/values.schema.json index af2d6cc37f..2efd48c503 100644 --- a/helm/sim/values.schema.json +++ b/helm/sim/values.schema.json @@ -151,6 +151,34 @@ "type": "string", "description": "GitHub OAuth client secret" }, + "OAUTH_CLIENT_ID": { + "type": "string", + "description": "OAuth client ID" + }, + "OAUTH_CLIENT_SECRET": { + "type": "string", + "description": "OAuth client secret" + }, + "OAUTH_AUTHORIZATION_URL": { + "type": "string", + "description": "OAuth authorization URL" + }, + "OAUTH_TOKEN_URL": { + "type": "string", + "description": "OAuth token URL" + }, + "OAUTH_USERINFO_URL": { + "type": "string", + "description": "OAuth userinfo URL" + }, + "OAUTH_SCOPES": { + "type": "string", + "description": "OAuth scopes (default: openid profile email)" + }, + "OAUTH_PROVIDER_ID": { + "type": "string", + "description": "OAuth provider ID" + }, "OPENAI_API_KEY": { "type": "string", "description": "Primary OpenAI API key" diff --git a/helm/sim/values.yaml b/helm/sim/values.yaml index fe4bca8a4e..379ef53bc7 100644 --- a/helm/sim/values.yaml +++ b/helm/sim/values.yaml @@ -84,7 +84,16 @@ app: GOOGLE_CLIENT_SECRET: "" # Google OAuth client secret GITHUB_CLIENT_ID: "" # GitHub OAuth client ID GITHUB_CLIENT_SECRET: "" # GitHub OAuth client secret - + + # Generic OAuth Provider Configuration (for Auth0, Okta, Keycloak, custom OIDC providers, etc.) + OAUTH_CLIENT_ID: "" # OAuth client ID for generic OAuth provider + OAUTH_CLIENT_SECRET: "" # OAuth client secret for generic OAuth provider + OAUTH_AUTHORIZATION_URL: "" # Authorization endpoint URL (e.g., https://your-domain.auth0.com/authorize) + OAUTH_TOKEN_URL: "" # Token endpoint URL (e.g., https://your-domain.auth0.com/oauth/token) + OAUTH_USERINFO_URL: "" # User info endpoint URL (e.g., https://your-domain.auth0.com/userinfo) + OAUTH_SCOPES: "openid profile email" # OAuth scopes (default: openid profile email) + OAUTH_PROVIDER_ID: "" # Provider identifier for Better Auth's genericOAuth plugin (e.g., auth0, okta, custom) + # AI Provider API Keys (leave empty if not using) OPENAI_API_KEY: "" # Primary OpenAI API key OPENAI_API_KEY_1: "" # Additional OpenAI API key for load balancing