* [papi] Add `verified` flag to config and `ActivateClientConfig` to OIDC service
* [papi] implement `ActivateClientConfig`
* [gitpod-db/go] add `setClientConfigVerifiedFlag`
* [gitpod-db/migration] add `d_b_oidc_client_config.verified` field
* [papi] Don't deactive on UpdateClientConfig
* [gitpod-db/go] add missing `Verified` field
* On "activate" request also mark as verified.
* [gitpod-db/go] fix mapping of `Verified` field
* [papi] ensure only verified OIDC client configs can be activated
* [papi] Skip the sign-in on verify-only requests.
* [papi] fix skipped tests
* [papi] fix mapping of OIDC configs
* rename RPC method
* fix tests after adding validation of claims
* fix: activation of record should deactivate others
* fix: update should unverify the entry
* remove Debug()
* [db-migration] fix: mark active entries as verified
* [SSO] find organizational accounts by email
First try to look up accounts by `[subjectID, audience]` as composite key, then try to lookup by email address. The scope of this lookup is limited to the Org owning the SSO configuration.
* fix tests for /session endpoint handler
* rename to findOrganizationalUser
* fix test case
* added logging for "find by email" path
* check onboaring state for dedicated setup flow
* track dedicated setup completed w/ state
* use ff for loading check too
* remove caching of onboarding state
* wip
* checking for deleted oidc configs too
* trying to drive off onboarding state more
* more wip to handle state of dedicated setup
* reset queries
* set active org id in local storage
* clear query client cache
* removing ff check
* move updateUser from step to flow
---------
Co-authored-by: Alex Tugarev <alex@gitpod.io>
* [gitpod-db] Add `d_b_oidc_client_config.active` field
* [papi] Add OIDCClientConfig.active to proto def
* [gitpod-db] Add OIDCClientConfig.active
* [papi] Add `activate` param to `/oidc/start` endpoint handler
If provided it should mark the OIDC client config as `active` in the DB.
* Fix propagation of state params and add tests.
* fix import of deprecated ioutil
* refactor GetStartParams
* consider `activate` from create request
* [preview] Disable stripe secrets on GITPOD_WITH_DEDICATED_EMU
* [preview] Disable linkedin secrets on GITPOD_WITH_DEDICATED_EMU
* [dashboard, db] Don't show onboarding dialogues for "admin-user"
* [preview] Configure stripe/linkedin in the same code block
* [yarn] Fix dirty yarn.lock
* [db] Remove models for Subscription, AccountEntry, TeamSubscription/2 and PendingGithubEvent
* [db] Adjust DB model for TeamMembership
* Implement user account verification with LinkedIn during onboarding
* updating connect with linked-in banner
* removing unused imports
* Store token, fix binding
* Refactor LinkedInToken to LinkedInProfile
* Actually write the LinkedIn secret to the server config
* Fetch LinkedIn user profile and email address
* Add creationTime column to d_b_linked_in_profile
* Add more debug logging
* Fix LinkedIn API calls, mount LinkedInProfileDB
* Also bind LinkedInProfileDB
* Add LinkedIn scope r_liteprofile
* Enhance LinkedIn profile retrieval, store the profile, ensure uniqueness
* Align with UX spec and complete onboarding flow
* Prevent the LinkedIn button from auto-submitting the onboarding form
* Address nits (LinkedInService to /src and minor spacing)
---------
Co-authored-by: Brad Harris <bmharris@gmail.com>
* Update go dependencies
Signed-off-by: Manuel de Brito Fontes <aledbf@gmail.com>
* Update runc to v1.1.5
* Update docker cli to v23.0.2+incompatible
---------
Signed-off-by: Manuel de Brito Fontes <aledbf@gmail.com>
