disable global idp routes if idp mode is org

2026-03-11 05:06:39 +00:00 · 2026-02-13 15:46:13 -08:00
parent be89e5ca55
commit 1f8e89772d
4 changed files with 38 additions and 0 deletions
--- a/server/routers/idp/createOidcIdp.ts
+++ b/server/routers/idp/createOidcIdp.ts
@@ -80,6 +80,17 @@ export async function createOidcIdp(
            tags
        } = parsedBody.data;

+        if (
+            process.env.IDENTITY_PROVIDER_MODE === "org"
+        ) {
+            return next(
+                createHttpError(
+                    HttpCode.BAD_REQUEST,
+                    "Global IdP creation is not allowed in the current identity provider mode. Set app.identity_provider_mode to 'global' in the private configuration to enable this feature."
+                )
+            );
+        }
+
        const key = config.getRawConfig().server.secret!;

        const encryptedSecret = encrypt(clientSecret, key);