feat(sso): issue one-time tokens for iframe apps
Generate short-lived SSO tokens in the site iframe route and add an exchange API to let child apps bootstrap their PocketBase session.
This commit is contained in:
@@ -2,8 +2,14 @@
|
||||
import { Button } from '$lib/components/ui/button';
|
||||
|
||||
let { data }: {
|
||||
data: { slug: string; url: string; title: string };
|
||||
data: { slug: string; url: string; title: string; ssoToken?: string };
|
||||
} = $props();
|
||||
|
||||
const iframeSrc = $derived(
|
||||
data.ssoToken
|
||||
? `${data.url}${data.url.includes('?') ? '&' : '?'}sso=${data.ssoToken}`
|
||||
: data.url
|
||||
);
|
||||
</script>
|
||||
|
||||
<svelte:head>
|
||||
@@ -14,7 +20,7 @@
|
||||
<iframe
|
||||
id="app-iframe"
|
||||
title={data.title}
|
||||
src={data.url}
|
||||
src={iframeSrc}
|
||||
class="absolute inset-0 w-full h-full border-0 rounded-none"
|
||||
/>
|
||||
<div
|
||||
|
||||
Reference in New Issue
Block a user