Implement an authentication adapter that allows clinics to connect their existing identity provider (Azure AD, Okta, Google Workspace) instead of managing local passwords.
Architecture: strategy pattern with a common interface:
interface AuthAdapter {
getRedirectUrl(state: string): Promise<string>
handleCallback(code: string, state: string): Promise<AuthResult>
}
// AuthResult: { userId: string, email: string, name: string, isNewUser: boolean }
Implement two strategies:
OAuth2Adapter — standard Authorization Code flow. Config: { clientId, clientSecret, authorizationUrl, tokenUrl, userInfoUrl, scopes }SamlAdapter — SP-initiated SSO. Config: { entityId, ssoUrl, certificate, attributeMapping }Common behavior for both:
handleCallback: exchange code/assertion for identity, upsert user record in DB (create on first login, update name/email on subsequent), return AuthResultstate param to prevent CSRFFactory function: createAuthAdapter(config: AdapterConfig): AuthAdapter
Write tests for the OAuth 2.0 path using a mock identity provider. Document the SAML config fields with examples.
No contributions yet.