From 653e04d8859c33451695463d0d30a1e869073dbd Mon Sep 17 00:00:00 2001 From: Nicolas Lopes Date: Tue, 24 Jun 2025 10:15:26 -0300 Subject: [PATCH 1/2] feat(backend): deprecate `domain` field in favor of `domains` on SAML connection and account This commit deprecates the existing `domain` field, and introduces a new field on both models: - SAML connection - SAML account It also updates the create and update params to support the new fields --- .changeset/lucky-spoons-wonder.md | 5 +++++ .../backend/src/api/endpoints/SamlConnectionApi.ts | 4 ++++ packages/backend/src/api/resources/JSON.ts | 2 ++ packages/backend/src/api/resources/SamlConnection.ts | 12 +++++++++++- 4 files changed, 22 insertions(+), 1 deletion(-) create mode 100644 .changeset/lucky-spoons-wonder.md diff --git a/.changeset/lucky-spoons-wonder.md b/.changeset/lucky-spoons-wonder.md new file mode 100644 index 00000000000..31416c7c5fc --- /dev/null +++ b/.changeset/lucky-spoons-wonder.md @@ -0,0 +1,5 @@ +--- +'@clerk/backend': minor +--- + +Deprecates `domain` field and introduce `domains`. Now, SAML connections support multiple domains, the `domain` field still supported but it's deprecated and will be removed on a future API version. diff --git a/packages/backend/src/api/endpoints/SamlConnectionApi.ts b/packages/backend/src/api/endpoints/SamlConnectionApi.ts index 9ac17c2cf2b..9ae9b3bf116 100644 --- a/packages/backend/src/api/endpoints/SamlConnectionApi.ts +++ b/packages/backend/src/api/endpoints/SamlConnectionApi.ts @@ -13,7 +13,9 @@ type SamlConnectionListParams = { type CreateSamlConnectionParams = { name: string; provider: SamlIdpSlug; + /** @deprecated Use `domains` array instead. This field will be removed in a future API version.. */ domain: string; + domains: string[]; organizationId?: string; idpEntityId?: string; idpSsoUrl?: string; @@ -31,7 +33,9 @@ type CreateSamlConnectionParams = { type UpdateSamlConnectionParams = { name?: string; provider?: SamlIdpSlug; + /** @deprecated Use `domains` array instead. This field will be removed in a future API version.. */ domain?: string; + domains?: string[]; organizationId?: string; idpEntityId?: string; idpSsoUrl?: string; diff --git a/packages/backend/src/api/resources/JSON.ts b/packages/backend/src/api/resources/JSON.ts index faea4ed7424..87a4fdb682f 100644 --- a/packages/backend/src/api/resources/JSON.ts +++ b/packages/backend/src/api/resources/JSON.ts @@ -631,6 +631,7 @@ export interface SamlConnectionJSON extends ClerkResourceJSON { object: typeof ObjectType.SamlConnection; name: string; domain: string; + domains: string[]; organization_id: string | null; idp_entity_id: string; idp_sso_url: string; @@ -688,6 +689,7 @@ export interface SamlAccountConnectionJSON extends ClerkResourceJSON { id: string; name: string; domain: string; + domains: string[]; active: boolean; provider: string; sync_user_attributes: boolean; diff --git a/packages/backend/src/api/resources/SamlConnection.ts b/packages/backend/src/api/resources/SamlConnection.ts index f4dbb38e7fc..82f8776e57a 100644 --- a/packages/backend/src/api/resources/SamlConnection.ts +++ b/packages/backend/src/api/resources/SamlConnection.ts @@ -14,9 +14,13 @@ export class SamlConnection { */ readonly name: string, /** - * The domain of your organization. Sign in flows using an email with this domain will use the connection. + * @deprecated The domain of your organization. Sign in flows using an email with this domain will use the connection. */ readonly domain: string, + /** + * The domains of your organization. Sign in flows using an email with one of these domains will use the connection. + */ + readonly domains: string[], /** * The organization ID of the organization. */ @@ -95,6 +99,7 @@ export class SamlConnection { data.id, data.name, data.domain, + data.domains, data.organization_id, data.idp_entity_id, data.idp_sso_url, @@ -121,7 +126,11 @@ export class SamlAccountConnection { constructor( readonly id: string, readonly name: string, + /** + * @deprecated Use `domains` array instead. This field will be removed in a future version. + */ readonly domain: string, + readonly domains: string[], readonly active: boolean, readonly provider: string, readonly syncUserAttributes: boolean, @@ -135,6 +144,7 @@ export class SamlAccountConnection { data.id, data.name, data.domain, + data.domains, data.active, data.provider, data.sync_user_attributes, From b0f8cc340b809403de708413e05ff8114d184dae Mon Sep 17 00:00:00 2001 From: nicolas lopes <57234795+NicolasLopes7@users.noreply.github.com> Date: Tue, 24 Jun 2025 10:20:59 -0300 Subject: [PATCH 2/2] Apply suggestions from code review --- packages/backend/src/api/endpoints/SamlConnectionApi.ts | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/packages/backend/src/api/endpoints/SamlConnectionApi.ts b/packages/backend/src/api/endpoints/SamlConnectionApi.ts index 9ae9b3bf116..45d8c74dcad 100644 --- a/packages/backend/src/api/endpoints/SamlConnectionApi.ts +++ b/packages/backend/src/api/endpoints/SamlConnectionApi.ts @@ -13,7 +13,7 @@ type SamlConnectionListParams = { type CreateSamlConnectionParams = { name: string; provider: SamlIdpSlug; - /** @deprecated Use `domains` array instead. This field will be removed in a future API version.. */ + /** @deprecated Use `domains` array instead. This field will be removed in a future API version. */ domain: string; domains: string[]; organizationId?: string; @@ -33,7 +33,7 @@ type CreateSamlConnectionParams = { type UpdateSamlConnectionParams = { name?: string; provider?: SamlIdpSlug; - /** @deprecated Use `domains` array instead. This field will be removed in a future API version.. */ + /** @deprecated Use `domains` array instead. This field will be removed in a future API version. */ domain?: string; domains?: string[]; organizationId?: string;