From 83417f58839e53f4ae9620fdb4d6f73449b22086 Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Thu, 12 Sep 2024 09:39:49 +0200
Subject: [PATCH] OAuth: Add a flag to the 'authenticate' hook arguments
 indicating SSO is in use

This way plugins can react to it, e.g. 2FA plugins can skip asking for the second factor
---
 CHANGELOG.md                     | 1 +
 program/include/rcmail_oauth.php | 3 +++
 2 files changed, 4 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 68c7cbf073..6710191089 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -40,6 +40,7 @@
 - OAuth: Fix Bearer authentication for Kinde (#9244)
 - OAuth: Refactor: move display to the rcmail_oauth class and use `loginform_content` hook (#9217)
 - OAuth: Support standard authentication with short-living password received with OIDC token (#9530)
+- OAuth: Add a flag to the 'authenticate' hook arguments indicating SSO is in use
 - Additional_Message_Headers: Added %u, %d and %l variables (#8746, #8732)
 - ACL: Set default of 'acl_specials' option to ['anyone'] (#8911)
 - Enigma: Support Kolab's Web Of Anti-Trust feature (#8626)
diff --git a/program/include/rcmail_oauth.php b/program/include/rcmail_oauth.php
index 8cf0c420aa..3bb3e8b34f 100644
--- a/program/include/rcmail_oauth.php
+++ b/program/include/rcmail_oauth.php
@@ -1074,6 +1074,9 @@ public function authenticate($options)
 
         $this->log_debug('calling authenticate for user %s', $options['user']);
 
+        // Make plugins aware that SSO is in use
+        $options['sso'] = true;
+
         return $options;
     }