<%# locals: (sso_provider:) %>
<% if sso_provider.errors.any? %>
<%= icon "alert-circle", class: "w-5 h-5 text-destructive mr-2 shrink-0" %>
<%= t("admin.sso_providers.form.errors_title", count: sso_provider.errors.count) %>
<% sso_provider.errors.full_messages.each do |message| %>
- <%= message %>
<% end %>
<% end %>
<%= styled_form_with model: [:admin, sso_provider], class: "space-y-6", data: { controller: "admin-sso-form" } do |form| %>
<%= t("admin.sso_providers.form.basic_information") %>
<%= form.select :strategy,
options_for_select([
[t("admin.sso_providers.form.strategy_openid_connect"), "openid_connect"],
[t("admin.sso_providers.form.strategy_saml"), "saml"],
[t("admin.sso_providers.form.strategy_google_oauth2"), "google_oauth2"],
[t("admin.sso_providers.form.strategy_github"), "github"]
], sso_provider.strategy),
{ label: t("admin.sso_providers.form.strategy_label") },
{ data: { action: "change->admin-sso-form#toggleFields" } } %>
<%= form.text_field :name,
label: t("admin.sso_providers.form.name_label"),
placeholder: t("admin.sso_providers.form.name_placeholder"),
required: true,
data: { action: "input->admin-sso-form#updateCallbackUrl" } %>
<%= t("admin.sso_providers.form.name_help") %>
<%= form.text_field :label,
label: t("admin.sso_providers.form.label_label"),
placeholder: t("admin.sso_providers.form.label_placeholder"),
required: true %>
<%= form.text_field :icon,
label: t("admin.sso_providers.form.icon_label"),
placeholder: t("admin.sso_providers.form.icon_placeholder") %>
<%= t("admin.sso_providers.form.icon_help") %>
<%= t("admin.sso_providers.form.enabled_label") %>
<%= t("admin.sso_providers.form.enabled_help") %>
<%= form.toggle :enabled %>
<%= t("admin.sso_providers.form.oauth_configuration") %>
">
<%= form.text_field :issuer,
label: t("admin.sso_providers.form.issuer_label"),
placeholder: t("admin.sso_providers.form.issuer_placeholder"),
data: { action: "blur->admin-sso-form#validateIssuer" } %>
<%= t("admin.sso_providers.form.issuer_help") %>
<%= form.text_field :client_id,
label: t("admin.sso_providers.form.client_id_label"),
placeholder: t("admin.sso_providers.form.client_id_placeholder"),
required: true %>
<%= form.password_field :client_secret,
label: t("admin.sso_providers.form.client_secret_label"),
placeholder: sso_provider.persisted? ? t("admin.sso_providers.form.client_secret_placeholder_existing") : t("admin.sso_providers.form.client_secret_placeholder_new"),
required: !sso_provider.persisted? %>
<% if sso_provider.persisted? %>
<%= t("admin.sso_providers.form.client_secret_help_existing") %>
<% end %>
">
<%= "#{request.base_url}/auth/#{sso_provider.name.presence || 'PROVIDER_NAME'}/callback" %>
<%= t("admin.sso_providers.form.redirect_uri_help") %>
">
<%= t("admin.sso_providers.form.saml_configuration") %>
<%= t("admin.sso_providers.form.manual_saml_config") %>
<%= "#{request.base_url}/auth/#{sso_provider.name.presence || 'PROVIDER_NAME'}/callback" %>
<%= t("admin.sso_providers.form.saml_sp_callback_url_help") %>
<%= t("admin.sso_providers.form.provisioning_title") %>
<%= form.select "settings[default_role]",
options_for_select([
[t("admin.sso_providers.form.role_guest", default: "Guest"), "guest"],
[t("admin.sso_providers.form.role_member"), "member"],
[t("admin.sso_providers.form.role_admin"), "admin"],
[t("admin.sso_providers.form.role_super_admin"), "super_admin"]
], sso_provider.settings&.dig("default_role").to_s.presence || "member"),
{ label: t("admin.sso_providers.form.default_role_label"), include_blank: false } %>
<%= t("admin.sso_providers.form.default_role_help") %>
<%= t("admin.sso_providers.form.role_mapping_title") %>
">
<%= t("admin.sso_providers.form.advanced_title") %>
<%= form.text_field "settings[scopes]",
label: t("admin.sso_providers.form.scopes_label"),
value: sso_provider.settings&.dig("scopes"),
placeholder: "openid email profile groups" %>
<%= t("admin.sso_providers.form.scopes_help") %>
<%= form.select "settings[prompt]",
options_for_select([
[t("admin.sso_providers.form.prompt_default"), ""],
[t("admin.sso_providers.form.prompt_login"), "login"],
[t("admin.sso_providers.form.prompt_consent"), "consent"],
[t("admin.sso_providers.form.prompt_select_account"), "select_account"],
[t("admin.sso_providers.form.prompt_none"), "none"]
], sso_provider.settings&.dig("prompt")),
{ label: t("admin.sso_providers.form.prompt_label"), include_blank: false } %>
<%= t("admin.sso_providers.form.prompt_help") %>
<% if sso_provider.persisted? %>
<% end %>
<%= link_to t("admin.sso_providers.form.cancel"), admin_sso_providers_path, class: "px-4 py-2 text-sm font-medium text-secondary hover:text-primary" %>
<%= form.submit sso_provider.persisted? ? t("admin.sso_providers.form.update_provider") : t("admin.sso_providers.form.create_provider"),
class: "px-4 py-2 button-bg-primary text-inverse rounded-lg text-sm font-medium hover:button-bg-primary-hover" %>
<% end %>