mirror of
https://github.com/stack-auth/stack.git
synced 2026-06-13 21:01:21 +08:00
8f6ad97e40
Discover is the entry point for the SDK's signInWithSso({ email }) flow.
Previously it returned every connection whose domain matched, including
ones the project admin had disabled (`allowSignIn: false`). The SDK
would then send the user through /auth/saml/login, which intentionally
403s for disabled connections — so disabling a connection was a sharp
UX cliff: domain match → branded "Sign in with Acme SSO" CTA → 403.
Treat disabled connections as if they didn't exist for discovery
purposes. Direct sign-in via signInWithSaml({ connectionId }) is still
gated separately in the login route, which is the right place for
"intentional, explicit access by ID."
|
||
|---|---|---|
| .. | ||
| app | ||
| auto-migrations | ||
| lib | ||
| oauth | ||
| private | ||
| route-handlers | ||
| saml | ||
| utils | ||
| analytics.tsx | ||
| globals.d.ts | ||
| instrumentation.ts | ||
| polyfills.tsx | ||
| prisma-client.tsx | ||
| proxy.tsx | ||
| s3.tsx | ||
| smart-router.tsx | ||
| stack.tsx | ||