fix(api): redact SSO request logs

[Petoverflow]

Summary (AI generated)

• Add a metadata-only SSO log helper for sensitive auth context.
• Replace SSO check-domain, check-enforcement, and SP metadata logs that retained raw request identifiers with presence/count/error-code summaries.
• Add unit coverage that verifies SSO log metadata excludes raw emails, domains, IPs, user/org/provider identifiers, and error message text.

Motivation (AI generated)

Routine SSO logs should not retain raw user, organization, domain, provider, IP, or error-body details when metadata is enough for debugging.

Business Impact (AI generated)

This reduces log-retention risk for enterprise SSO flows without changing API responses, authorization decisions, or customer-facing behavior.

Test Plan (AI generated)

• npm exec --yes --package=bun -- bunx vitest run tests/sso-log-redaction.unit.test.ts
• npm exec --yes --package=bun -- bun lint:backend
• npm exec --yes --package=bun -- bun typecheck

Related to #1667

Generated with AI

Summary by CodeRabbit

• Refactor

  • Restructured single sign-on (SSO) authentication logging framework to provide improved consistency and better observability across all SSO operations.
  • Enhanced security measures for proper handling and redaction of sensitive information within authentication logs.

• Tests

  • Added comprehensive test coverage to verify proper redaction and secure handling of sensitive user and authentication information in SSO authentication logs.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 0eb3a0d3-9e0b-4dfb-b84a-c5284cdb53ac

📥 Commits

Reviewing files that changed from the base of the PR and between 3d184f8 and e7f9d83.

📒 Files selected for processing (5)

• supabase/functions/_backend/private/sso/check-domain.ts
• supabase/functions/_backend/private/sso/check-enforcement.ts
• supabase/functions/_backend/private/sso/logging.ts
• supabase/functions/_backend/private/sso/sp-metadata.ts
• tests/sso-log-redaction.unit.test.ts

---

📝 Walkthrough

Walkthrough

This PR centralizes SSO logging by introducing a getSsoLogMetadata utility that sanitizes and structures log metadata. SSO handlers (check-domain, check-enforcement, sp-metadata) are refactored to use this utility, replacing raw log field emission with safe, structured logging that omits sensitive information. Tests validate redaction behavior.

Changes

SSO Log Redaction Refactoring

Layer / File(s)	Summary
Logging Metadata Utility supabase/functions/_backend/private/sso/logging.ts	New module exports getSsoLogMetadata(input) function and SsoLogMetadataInput interface. Safely extracts presence flags, provider counts, and error metadata from unknown input while sanitizing token-like strings and omitting raw values.
Check Domain Handler Refactor supabase/functions/_backend/private/sso/check-domain.ts	Imports and uses getSsoLogMetadata for rate-limit, query-error, provider-found, no-provider, and unexpected-error logs. Logs structured metadata instead of raw ip, count, domain, or stringified errors.
Check Enforcement Handler Refactor supabase/functions/_backend/private/sso/check-enforcement.ts	Imports and uses getSsoLogMetadata across missing-email, SSO-allowed, provider/enforcement RPC error, role-query error, super-admin bypass, password-blocked, and unexpected-error branches. Routes context through metadata helper instead of logging raw fields.
SP Metadata Handler Logging supabase/functions/_backend/private/sso/sp-metadata.ts	Removes auth value from unauthorized-request log entry.
Log Redaction Tests tests/sso-log-redaction.unit.test.ts	Vitest suite validates that getSsoLogMetadata returns only counts/flags/presence indicators without raw sensitive values; confirms JSON serialization omits email, domain, provider IDs, IPs, org/user IDs, and error messages.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Possibly related PRs

• Cap-go/capgo#2019: Both PRs modify the same SSO check-domain handler; the main PR refactors logging with getSsoLogMetadata while the related PR removes provider_id/org_id from response and restricts RPC usage.

Poem

🐰 Logs once spoke freely of secrets held close,
Email and domain, an audit's worst ghost.
Now getSsoLogMetadata hides them away,
Keeping just counts—safe to log every day!
Redaction so clean, the rabbits rejoice, 🔐

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title 'fix(api): redact SSO request logs' accurately and specifically describes the main change—adding redaction to SSO logging to remove sensitive identifiers.
Description check	✅ Passed	The description includes a summary, motivation, business impact, and test plan. However, it lacks the standard repository template sections (code style checklist, documentation updates, E2E test coverage, and manual testing steps) that are specified in the template.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

Tip

💬 Introducing Slack Agent: The best way for teams to turn conversations into code.

Slack Agent is built on CodeRabbit's deep understanding of your code, so your team can collaborate across the entire SDLC without losing context.

• Generate code and open pull requests
• Plan features and break down work
• Investigate incidents and troubleshoot customer tickets together
• Automate recurring tasks and respond to alerts with triggers
• Summarize progress and report instantly

Built for teams:

• Shared memory across your entire org—no repeating context
• Per-thread sandboxes to safely plan and execute work
• Governance built-in—scoped access, auditability, and budget controls

One agent for your entire SDLC. Right inside Slack.

👉 Get started

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[codspeed-hq]

Merging this PR will not alter performance

✅ 43 untouched benchmarks
⏩ 2 skipped benchmarks¹

---

_{Comparing Petoverflow:codex/redact-sso-request-logs-1667 (e7f9d83) with main (38e5856)²}

Footnotes

1. 2 benchmarks were skipped, so the baseline results were used instead. If they were deleted from the codebase, click here and archive them to remove them from the performance reports. ↩

2. No successful run was found on main (3d184f8) during the generation of this report, so 38e5856 was used instead as the comparison base. There might be some changes unrelated to this pull request in this report. ↩

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[WcaleNieWolny]

Closing as AI-generated spam. Part of a 50+ PR wave of duplicate redact logs PRs from disposable accounts. If you're human, open an issue first.