feat: Enable UGA SSO with Microsoft Entra

2026-01-13 13:47:33 -05:00
parent 0b2c698ea5
commit f625a3e9e1
6 changed files with 295 additions and 3 deletions
--- a/supabase/config.toml
+++ b/supabase/config.toml
@@ -284,9 +284,9 @@ client_id = "env(AZURE_CLIENT_ID)"
 # DO NOT commit your OAuth provider secret to git. Use environment variable substitution instead:
 secret = "env(AZURE_CLIENT_SECRET)"
 # Overrides the default auth redirectUrl.
-redirect_uri = ""
+redirect_uri = "env(AZURE_REDIRECT_URI)"
 # Azure tenant ID or 'common' for multi-tenant. Use 'common', 'organizations', 'consumers', or your specific tenant ID.
-url = "https://login.microsoftonline.com/env(AZURE_TENANT_ID)/v2.0"
+url = "env(AZURE_TENANT_URL)"
 # If enabled, the nonce check will be skipped.
 skip_nonce_check = false

--- a/supabase/migrations/00003_oauth_user_sync.sql
+++ b/supabase/migrations/00003_oauth_user_sync.sql
@@ -0,0 +1,46 @@
+-- OAuth User Synchronization
+-- This migration adds functionality to automatically create user profiles when users sign up via OAuth
+
+-- =============================================
+-- 1. CREATE FUNCTION FOR OAUTH USER AUTO-PROFILE CREATION
+-- =============================================
+
+CREATE OR REPLACE FUNCTION public.handle_new_oauth_user()
+RETURNS TRIGGER AS $$
+BEGIN
+  -- Check if user profile already exists
+  IF NOT EXISTS (
+    SELECT 1 FROM public.user_profiles WHERE id = NEW.id
+  ) THEN
+    -- Create user profile with default active status
+    INSERT INTO public.user_profiles (id, email, status)
+    VALUES (
+      NEW.id,
+      NEW.email,
+      'active'
+    )
+    ON CONFLICT (id) DO NOTHING;
+  END IF;
+  
+  RETURN NEW;
+END;
+$$ LANGUAGE plpgsql SECURITY DEFINER;
+
+-- =============================================
+-- 2. CREATE TRIGGER FOR NEW AUTH USERS
+-- =============================================
+
+-- Drop the trigger if it exists to avoid conflicts
+DROP TRIGGER IF EXISTS on_auth_user_created ON auth.users;
+
+-- Create trigger that fires after a new user is created in auth.users
+CREATE TRIGGER on_auth_user_created
+  AFTER INSERT ON auth.users
+  FOR EACH ROW EXECUTE FUNCTION public.handle_new_oauth_user();
+
+-- =============================================
+-- 3. COMMENT FOR DOCUMENTATION
+-- =============================================
+
+COMMENT ON FUNCTION public.handle_new_oauth_user() IS 
+'Automatically creates a user profile in public.user_profiles when a new user is created via OAuth in auth.users. This ensures OAuth users are immediately accessible in the application without manual provisioning.';