1
0
Files
breadcrumb-the-shire/lib/Repository/Tenant/TenantLdapAuthRepositoryInterface.php
fs 1c784efd5c feat(auth): add domain-based SSO discovery for unprovisioned users
Users who exist in Microsoft Entra ID or LDAP but have no local account
were blocked at the email-first login step because the system required a
local user record before showing SSO options. This adds a domain-based
fallback: when the email is unknown locally, the system checks tenant SSO
configurations for matching allowed_domains and presents SSO-only login
options, enabling the existing JIT provisioning to trigger on callback.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-07 14:35:57 +02:00

17 lines
568 B
PHP

<?php
namespace MintyPHP\Repository\Tenant;
/** Contract for storing and retrieving LDAP authentication configuration per tenant. */
interface TenantLdapAuthRepositoryInterface
{
public function findByTenantId(int $tenantId): ?array;
public function listByTenantIds(array $tenantIds): array;
public function upsertByTenantId(int $tenantId, array $data): bool;
/** @return list<array{tenant_id: int, allowed_domains: string}> Enabled configs with explicit domain match */
public function findEnabledWithExplicitDomain(string $domain): array;
}