auto-resolve sso provider icons via simple icons

[masnwilliams]

Summary

Replaces the hardcoded provider switch in getSSOProviderInfo with a generic resolver, so any provider key works out of the box — no more per-provider PRs.

• provider is slugified (google, github, okta, auth0, discord, slack, etc.).
• Icon comes from the Simple Icons CDN (https://cdn.simpleicons.org/<slug>) via a regular <img> — 3000+ brands, MIT, no API key, no bundle cost.
• On <img> error, falls back to a circular letter avatar with the provider's first letter — so unknown providers still render something.
• Labels are title-cased from the provider string.
• Non-brand keys (passkey, sso, saml) keep their existing built-in icons.
• Removed the inline GoogleMark/GitHubMark/GitLabMark/MicrosoftMark/FacebookMark/AppleMark SVGs from icons.tsx — net -22 lines and a smaller bundle.

Trade-offs

• Adds a CDN request per icon (cacheable). If that's not acceptable, the same shape could load icons from the simple-icons npm package with dynamic import.
• Label loses brand-specific casing (e.g. "Github" not "GitHub"). Could be restored with a small override map, or by fetching Simple Icons' JSON metadata.

Test plan

• bun run typecheck passes
• Library builds (bundle shrinks ~4 KB)
• Demo renders google/github/gitlab/facebook/okta/auth0/discord/slack via CDN, and a fake provider falls back to a letter avatar
• Decide on the label-casing trade-off

---

Note

Medium Risk
Changes SSO provider icon rendering to fetch icons from an external CDN at runtime, which could impact UI reliability/performance if the CDN fails or is blocked. Logic changes are localized to provider display but alter labels and icon selection behavior for all SSO buttons.

Overview
SSO provider display is generalized: getSSOProviderInfo now slugifies provider strings, uses a small built-in map for common/non-brand providers, and otherwise loads brand icons from https://cdn.simpleicons.org/<slug>.

When the CDN icon fails (or the provider can’t be slugified), the UI falls back to a circular letter avatar and provider labels are derived via titleCase(). Styling adds kma-sso-icon--letter, and GitLabMark is added to icons.tsx to support the built-in provider set.

^{Reviewed by Cursor Bugbot for commit f04a26f. Bugbot is set up for automated code reviews on this repo. Configure here.}

[firetiger-agent]

Firetiger deploy monitoring skipped

This PR didn't match the auto-monitor filter configured on your GitHub connection:

Any PR that changes the kernel API. Monitor changes to API endpoints (packages/api/cmd/api/) and Temporal workflows (packages/api/lib/temporal) in the kernel repo

Reason: PR modifies SSO provider icon handling in the UI layer, not kernel API endpoints or Temporal workflows as specified in the filter.

To monitor this PR anyway, reply with @firetiger monitor this.

[cursor]

Cursor Bugbot has reviewed your changes and found 1 potential issue.

^{❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.}

^{Reviewed by Cursor Bugbot for commit 65cc025. Configure here.}

[dcruzeneil2]

LGTB (looks good to bufo)

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
managed-auth-react-demo	Ready	Preview, Comment	May 15, 2026 7:06pm