From 7bb7837ec91e84ddf7b49edb7b0c0187f65e4dda Mon Sep 17 00:00:00 2001
From: Nawaz Dhandala <hello@nawazdhandala.com>
Date: Fri, 20 Feb 2026 00:23:29 +0000
Subject: [PATCH] feat: implement SSO authentication flow and project
 management features

---
 App/FeatureSet/Identity/API/SSO.ts | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/App/FeatureSet/Identity/API/SSO.ts b/App/FeatureSet/Identity/API/SSO.ts
index 449c71280f..24cb7bb512 100644
--- a/App/FeatureSet/Identity/API/SSO.ts
+++ b/App/FeatureSet/Identity/API/SSO.ts
@@ -580,6 +580,21 @@ const loginUserWithSso: LoginUserWithSsoFunction = async (
         expiresInSeconds: ACCESS_TOKEN_EXPIRY_SECONDS,
       });
 
+      // Generate SSO token for per-project authentication (same as setSSOCookie)
+      const ssoToken: string = JSONWebToken.sign({
+        data: {
+          userId: alreadySavedUser.id!,
+          projectId: projectId,
+          name: alreadySavedUser.name!,
+          email: alreadySavedUser.email,
+          isMasterAdmin: false,
+          isGeneralLogin: false,
+        },
+        expiresInSeconds: OneUptimeDate.getSecondsInDays(
+          new PositiveNumber(30),
+        ),
+      });
+
       const params: URLSearchParams = new URLSearchParams();
       params.set("accessToken", accessToken);
       params.set("refreshToken", sessionMetadata.refreshToken);
@@ -594,6 +609,8 @@ const loginUserWithSso: LoginUserWithSsoFunction = async (
         "isMasterAdmin",
         String(alreadySavedUser.isMasterAdmin || false),
       );
+      params.set("ssoToken", ssoToken);
+      params.set("projectId", projectId.toString());
 
       const deepLinkUrl: string = `oneuptime://sso-callback?${params.toString()}`;