feat(sso): issue one-time tokens for iframe apps
CI / build (push) Has been skipped
CI / deploy (push) Successful in 1m24s

Generate short-lived SSO tokens in the site iframe route and add an exchange API to let child apps bootstrap their PocketBase session.
This commit is contained in:
eewing
2026-02-19 09:35:58 -06:00
parent 5c68a42703
commit 121a6b5844
5 changed files with 89 additions and 4 deletions
+17 -2
View File
@@ -1,7 +1,9 @@
import { sites, type SiteSlug } from '$lib/sites';
import { error } from '@sveltejs/kit';
import * as ssoStore from '$lib/sso-store';
import { randomUUID } from 'crypto';
export function load({ params }) {
export function load({ params, locals }) {
const slug = params.site?.toLowerCase() as SiteSlug | undefined;
const site = slug && slug in sites ? sites[slug as SiteSlug] : null;
@@ -9,9 +11,22 @@ export function load({ params }) {
throw error(404, `Unknown site: ${params.site}`);
}
let ssoToken: string | undefined;
if (locals.user && locals.pb?.authStore?.token) {
try {
const token = locals.pb.authStore.token;
const model = locals.pb.authStore.record as Record<string, unknown> | null;
ssoToken = randomUUID();
ssoStore.set(ssoToken, { token, model });
} catch {
// no sso if export fails
}
}
return {
slug: slug as SiteSlug,
url: site.url,
title: site.title
title: site.title,
ssoToken
};
}