fix: enable sign in using enterprise sso [#248] (#259)

* fix: enable sign in using enterprise sso [#248]

* fix: refactors [#248]

* fix: changes requested in code review [#248]

Author: shinyford

packages/clerk_auth/lib/src/clerk_api/api.dart

@@ -121,14 +121,19 @@ class Api with Logging {
     return Client.empty;
   }
 
+  /// Force-create a new [Client]
+  Future<Client> resetClient() async {
+    return await _fetchClient(method: HttpMethod.post);
+  }
+
   /// Creates a new [Client] object to manage sessions
   Future<Client> createClient() async {
     if (_tokenCache.hasClientToken) {
       final client = await currentClient();
       if (client.isNotEmpty) return client;
     }
 
-    return await _fetchClient(method: HttpMethod.post);
+    return await resetClient();
   }
 
   /// Gets a refreshed [Client] object from the back end

packages/clerk_auth/lib/src/clerk_auth/auth.dart

@@ -103,10 +103,10 @@ class Auth {
   bool get isSignedIn => user != null;
 
   /// Are we currently signing in?
-  bool get isSigningIn => signIn?.status.isActive == true;
+  bool get isSigningIn => signIn != null;
 
   /// Are we currently signing up?
-  bool get isSigningUp => signUp?.status.isActive == true;
+  bool get isSigningUp => signUp != null;
 
   /// A method to be overridden by extension classes to cope with
   /// updating their systems when things change (e.g. the clerk_flutter
@@ -236,6 +236,13 @@ class Auth {
     update();
   }
 
+  /// Reset the current [Client]: clear any [SignUp] or [SignIn] object
+  ///
+  Future<void> resetClient() async {
+    client = await _api.resetClient();
+    update();
+  }
+
   /// Refresh the current [Environment]
   ///
   Future<void> refreshEnvironment() async {
@@ -283,12 +290,17 @@ class Auth {
   Future<void> oauthSignIn({
     required Strategy strategy,
     required Uri? redirect,
+    String? identifier,
   }) async {
     final redirectUrl = redirect?.toString() ?? ClerkConstants.oauthRedirect;
     await _api
-        .createSignIn(strategy: strategy, redirectUrl: redirectUrl)
+        .createSignIn(
+          strategy: strategy,
+          identifier: identifier,
+          redirectUrl: redirectUrl,
+        )
         .then(_housekeeping);
-    if (client.signIn case SignIn signIn) {
+    if (client.signIn case SignIn signIn when signIn.hasVerification == false) {
       await _api
           .prepareSignIn(
             signIn,
@@ -363,8 +375,10 @@ class Auth {
       return;
     }
 
-    // Ensure we have a signIn object
-    if (client.signIn == null) {
+    // Ensure we have a signIn object for the current identifier
+    if (client.signIn == null ||
+        (identifier?.orNullIfEmpty is String &&
+            identifier != client.signIn!.identifier)) {
       // if password and identifier been presented, we can immediately attempt
       // a sign in;  if null they will be ignored
       await _api
@@ -377,22 +391,14 @@ class Auth {
         // We have signed in - possibly when creating the [SignIn] above
         break;
 
-      case SignIn signIn
-          when signIn.status == Status.needsIdentifier && identifier is String:
-        // if a password has been presented, we can immediately attempt a
-        // sign in; if `password` is null it will be ignored
-        await _api
-            .createSignIn(identifier: identifier, password: password)
-            .then(_housekeeping);
-
-      case SignIn signIn when strategy.isOauth && token is String:
+      case SignIn signIn when strategy.isSSO && token is String:
         await _api
             .sendOauthToken(signIn, strategy: strategy, token: token)
             .then(_housekeeping);
 
       case SignIn signIn
           when strategy.isPasswordResetter &&
-              code is String &&
+              code?.length == _codeLength &&
               password is String:
         await _api
             .attemptSignIn(
@@ -431,13 +437,13 @@ class Auth {
         return signInCompleter.future;
 
       case SignIn signIn
-          when signIn.status == Status.needsFirstFactor &&
-              strategy == Strategy.password &&
+          when signIn.status.needsFactor &&
+              strategy.isPassword &&
               password is String:
         await _api
             .attemptSignIn(
               signIn,
-              stage: Stage.first,
+              stage: Stage.forStatus(signIn.status),
               strategy: Strategy.password,
               password: password,
             )
@@ -459,26 +465,6 @@ class Auth {
                   stage: stage, strategy: strategy, code: code)
               .then(_housekeeping);
         }
-
-      case SignIn signIn when signIn.status.needsFactor:
-        final stage = Stage.forStatus(signIn.status);
-        await _api
-            .prepareSignIn(signIn, stage: stage, strategy: strategy)
-            .then(_housekeeping);
-        await _api
-            .attemptSignIn(signIn, stage: stage, strategy: strategy, code: code)
-            .then(_housekeeping);
-
-      // No matching sign-in sequence, reset loading state
-      default:
-        final status = signIn?.status ?? Status.unknown;
-        addError(
-          AuthError(
-            code: AuthErrorCode.signInError,
-            message: 'Unsupported sign in attempt: {arg}',
-            argument: status.name,
-          ),
-        );
     }
 
     update();

packages/clerk_auth/lib/src/models/client/sign_in.dart

@@ -6,6 +6,7 @@ import 'package:clerk_auth/src/models/client/verification.dart';
 import 'package:clerk_auth/src/models/enums.dart';
 import 'package:clerk_auth/src/models/informative_to_string_mixin.dart';
 import 'package:clerk_auth/src/models/status.dart';
+import 'package:clerk_auth/src/utils/extensions.dart';
 import 'package:clerk_auth/src/utils/json_serialization_helpers.dart';
 import 'package:json_annotation/json_annotation.dart';
 import 'package:meta/meta.dart';
@@ -20,15 +21,15 @@ class SignIn with InformativeToStringMixin {
   const SignIn({
     required this.id,
     required this.status,
-    required this.supportedIdentifiers,
-    required this.identifier,
-    required this.userData,
-    required this.supportedFirstFactors,
-    required this.firstFactorVerification,
-    required this.supportedSecondFactors,
-    required this.secondFactorVerification,
-    required this.createdSessionId,
-    required this.abandonAt,
+    this.identifier,
+    this.userData,
+    this.supportedIdentifiers = const [],
+    this.supportedFirstFactors = const [],
+    this.firstFactorVerification,
+    this.supportedSecondFactors = const [],
+    this.secondFactorVerification,
+    this.createdSessionId,
+    this.abandonAt = DateTimeExt.epoch,
   });
 
   /// id
@@ -67,6 +68,16 @@ class SignIn with InformativeToStringMixin {
   @JsonKey(defaultValue: [])
   final List<Factor> supportedSecondFactors;
 
+  /// Empty [SignIn]
+  static const empty = SignIn(id: '~empty~', status: Status.unknown);
+
+  /// The currently most important verification
+  Verification? get verification =>
+      firstFactorVerification ?? secondFactorVerification;
+
+  /// Do we have a verification in operation>?
+  bool get hasVerification => verification is Verification;
+
   /// fromJson
   static SignIn fromJson(Map<String, dynamic> json) => _$SignInFromJson(json);
 
@@ -84,17 +95,33 @@ class SignIn with InformativeToStringMixin {
     };
   }
 
+  /// Find the [Factor]s for this [SignIn] that match
+  /// the [stage]
+  ///
+  List<Factor> factorsFor(Stage stage) {
+    return switch (stage) {
+      Stage.first => supportedFirstFactors,
+      Stage.second => supportedSecondFactors,
+    };
+  }
+
+  /// The factors for
+  List<Factor> get factors => switch (status) {
+        Status.needsFirstFactor => supportedFirstFactors,
+        Status.needsSecondFactor => supportedSecondFactors,
+        _ => const [],
+      };
+
+  /// can we handle the password strategy?
+  bool get canUsePassword => factors.any((f) => f.strategy.isPassword);
+
   /// Find the [Factor] for this [SignIn] that matches
   /// the [strategy] and [stage]
   ///
   /// Throw an error on failure
   ///
   Factor factorFor(Strategy strategy, Stage stage) {
-    final factors = switch (stage) {
-      Stage.first => supportedFirstFactors,
-      Stage.second => supportedSecondFactors,
-    };
-    for (final factor in factors) {
+    for (final factor in factorsFor(stage)) {
       if (factor.strategy == strategy) return factor;
     }
     switch (stage) {

packages/clerk_auth/lib/src/models/client/sign_in.g.dart

@@ -92,6 +92,9 @@ class Strategy {
   /// saml strategy
   static const saml = Strategy(name: 'saml');
 
+  /// enterprise sso strategy
+  static const enterpriseSSO = Strategy(name: 'enterprise_sso');
+
   /// ticket strategy
   static const ticket = Strategy(name: 'ticket');
 
@@ -121,6 +124,7 @@ class Strategy {
     ticket.name: ticket,
     web3MetamaskSignature.name: web3MetamaskSignature,
     web3CoinbaseSignature.name: web3CoinbaseSignature,
+    enterpriseSSO.name: enterpriseSSO,
   };
 
   // identification strategies
@@ -153,6 +157,9 @@ class Strategy {
   /// is known?
   bool get isKnown => isUnknown == false;
 
+  /// is password?
+  bool get isPassword => this == password;
+
   /// is some variety of oauth?
   bool get isOauth => name == _oauth || isOauthCustom || isOauthToken;
 
@@ -199,9 +206,12 @@ class Strategy {
   /// required verification?
   bool get requiresVerification => requiresCode || requiresSignature;
 
+  /// is SSO?
+  bool get isSSO => name == _oauth || this == enterpriseSSO;
+
   /// requires redirect?
   bool get requiresRedirect =>
-      name == _oauth || const [emailLink, saml].contains(this);
+      name == _oauth || const [emailLink, enterpriseSSO].contains(this);
 
   /// For a given [name] return the [Strategy] it identifies.
   /// Create one if necessary and possible

packages/clerk_auth/lib/src/models/client/strategy.dart

@@ -1,3 +1,4 @@
+import 'package:clerk_auth/src/models/enums.dart';
 import 'package:json_annotation/json_annotation.dart';
 import 'package:meta/meta.dart';
 
@@ -93,9 +94,18 @@ class Status {
   /// is expired?
   bool get isExpired => this == expired;
 
+  /// is unknown?
+  bool get isUnknown => this == unknown;
+
   /// needs factor?
   bool get needsFactor => this == needsFirstFactor || this == needsSecondFactor;
 
+  /// Do we need factors for this stage?
+  bool needsFactorFor(Stage stage) => switch (stage) {
+        Stage.first => this == needsFirstFactor,
+        Stage.second => this == needsSecondFactor,
+      };
+
   /// toString
   @override
   String toString() => name;

packages/clerk_auth/lib/src/models/status.dart

@@ -44,11 +44,12 @@
   "authenticatorApp": "authenticator app",
   "automaticInvitation": "Automatic invitation",
   "automaticSuggestion": "Automatic suggestion",
+  "back": "Back",
   "backupCode": "backup code",
   "cancel": "Cancel",
   "cannotDeleteSelf": "You are not authorized to delete your user",
-  "clickOnTheLinkThatSBeenSentToAndThenCheckBackHere": "Click on the link that‘s been sent to {identifier} and then check back here",
-  "@clickOnTheLinkThatSBeenSentToAndThenCheckBackHere": {
+  "clickOnTheLinkThatsBeenSentTo": "Click on the link that‘s been sent to {identifier} and then check back here",
+  "@clickOnTheLinkThatsBeenSentTo": {
     "placeholders": {
       "identifier": {
         "type": "String"
@@ -228,6 +229,7 @@
       }
     }
   },
+  "signInUsingEnterpriseSSO": "Sign in using Enterprise SSO",
   "signOut": "Sign out",
   "signOutIdentifier": "Sign out {identifier}",
   "@signOutIdentifier": {

packages/clerk_flutter/l10n/en.arb

@@ -216,6 +216,12 @@ abstract class ClerkSdkLocalizations {
   /// **'Automatic suggestion'**
   String get automaticSuggestion;
 
+  /// No description provided for @back.
+  ///
+  /// In en, this message translates to:
+  /// **'Back'**
+  String get back;
+
   /// No description provided for @backupCode.
   ///
   /// In en, this message translates to:
@@ -234,11 +240,11 @@ abstract class ClerkSdkLocalizations {
   /// **'You are not authorized to delete your user'**
   String get cannotDeleteSelf;
 
-  /// No description provided for @clickOnTheLinkThatSBeenSentToAndThenCheckBackHere.
+  /// No description provided for @clickOnTheLinkThatsBeenSentTo.
   ///
   /// In en, this message translates to:
   /// **'Click on the link that‘s been sent to {identifier} and then check back here'**
-  String clickOnTheLinkThatSBeenSentToAndThenCheckBackHere(String identifier);
+  String clickOnTheLinkThatsBeenSentTo(String identifier);
 
   /// No description provided for @complete.
   ///
@@ -732,6 +738,12 @@ abstract class ClerkSdkLocalizations {
   /// **'Sign in to {name}'**
   String signInTo(String name);
 
+  /// No description provided for @signInUsingEnterpriseSSO.
+  ///
+  /// In en, this message translates to:
+  /// **'Sign in using Enterprise SSO'**
+  String get signInUsingEnterpriseSSO;
+
   /// No description provided for @signOut.
   ///
   /// In en, this message translates to: