Skip to content

feat(sso): move SSO settings into dynamic config#1519

Merged
Haz3-jolt merged 9 commits into
BlazeUp-AI:mainfrom
Haz3-jolt:feat/sso-dynamic-settings-ui
Jun 26, 2026
Merged

feat(sso): move SSO settings into dynamic config#1519
Haz3-jolt merged 9 commits into
BlazeUp-AI:mainfrom
Haz3-jolt:feat/sso-dynamic-settings-ui

Conversation

@Haz3-jolt

@Haz3-jolt Haz3-jolt commented Jun 26, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Purpose / Description

Move SSO configuration out of boot-time environment setup and into the admin SSO surface. This keeps OIDC, SAML, and SSO-only controls in one place and makes existing deployments migrate cleanly into dynamic settings.

Fixes

No linked issue.

Approach

  • Added dynamic settings for OIDC client ID, client secret, and discovery URL.
  • Imported legacy OAUTH_*, SSO_ONLY, and SAML_* environment values once when matching dynamic settings are absent.
  • Built the OIDC client from dynamic settings during API startup and marked OIDC changes as requiring an API restart.
  • Moved SSO-only, OIDC, and SAML controls into folded sections on the SSO tab with a single save action and status pill.
  • Kept sensitive values write-only in the UI and added dropdown selection for the SAML default role.
  • Updated SSO help mapping and self-hosting, enterprise, and reference docs.
  • Removed OIDC settings from .env.example.

How Has This Been Tested?

image

Learning (optional, can help others)

Reviewed the existing dynamic settings schema, admin settings UI, SAML admin routes, OIDC Authlib setup, and bundled docs loader to keep SSO configuration and help links consistent.

Checklist

Please, go through these checks before submitting the PR.

  • You have a descriptive commit message with a short title (first line, max 50 chars).
  • You have commented your code, particularly in hard-to-understand areas
  • You have performed a self-review of your own code
  • UI changes: include screenshots of all affected screens (in particular showing any new or changed strings)

AI Assistance

Was generative AI tooling used to co-author this PR?

  • Yes(Please Specify the tool): Pi coding agent
  • Was the generated code manually reviewed and tested?

@github-actions github-actions Bot added enterprise Enterprise-grade readiness server Pull request touches server code tests Pull request adds or modifies tests web Pull request touches web frontend code labels Jun 26, 2026
@github-actions github-actions Bot added the cli CLI changes label Jun 26, 2026
@codecov

codecov Bot commented Jun 26, 2026
edited
Loading

Copy link
Copy Markdown

Codecov Report

❌ Patch coverage is 13.66906% with 120 lines in your changes missing coverage. Please review.

Files with missing lines Patch % Lines
observal_cli/cmd_auth.py 2.08% 47 Missing ⚠️
observal-server/api/routes/device_auth.py 19.35% 25 Missing ⚠️
observal-server/services/dynamic_settings.py 14.81% 23 Missing ⚠️
observal-server/api/routes/auth.py 14.28% 12 Missing ⚠️
observal-server/startup.py 0.00% 8 Missing ⚠️
observal-server/api/routes/config.py 16.66% 5 Missing ⚠️

📢 Thoughts on this report? Let us know!

@Haz3-jolt Haz3-jolt force-pushed the feat/sso-dynamic-settings-ui branch from b3a20f8 to ad3731b Compare June 26, 2026 21:35
@Haz3-jolt Haz3-jolt merged commit fb12ee7 into BlazeUp-AI:main Jun 26, 2026
29 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

cli CLI changes enterprise Enterprise-grade readiness server Pull request touches server code tests Pull request adds or modifies tests web Pull request touches web frontend code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@Haz3-jolt