From 1d01a73a8f0345f87e6ce772a802c9a84da814b4 Mon Sep 17 00:00:00 2001
From: John Cowen <johncowen@users.noreply.github.com>
Date: Mon, 11 May 2020 16:37:11 +0100
Subject: [PATCH] UI: Improved Login/Logout flow inc SSO support (#7790)

* 6 new components for new login/logout flow, plus SSO support

UI Components:

1. AuthDialog: Wraps/orchestrates AuthForm and AuthProfile
2. AuthForm: Authorization form shown when logged out.
3. AuthProfile: Simple presentational component to show the users
'Profile'
4. OidcSelect: A 'select' component for selecting an OIDC provider,
dynamically uses either a single select menu or multiple buttons
depending on the amount of providers

Data Components:

1. JwtSource: Given an OIDC provider URL this component will request a
token from the provider and fire an donchange event when it has been
retrieved. Used by TokenSource.
2. TokenSource: Given a oidc provider name or a Consul SecretID,
TokenSource will use whichever method/API requests required to retrieve
Consul ACL Token, which is emitted to the onchange event handler.

Very basic README documentation included here, which is likely to be
refined somewhat.

* CSS required for new auth/SSO UI components

* Remaining app code required to tie the new auth/SSO work together

* CSS code required to help tie the auth/SSO work together

* Test code in order to get current tests passing with new auth/SSO flow

..plus extremely basics/skipped rendering tests for the new components

* Treat the secret received from the server as the truth

Previously we've always treated what the user typed as the truth, this
breaks down when using SSO as the user doesn't type anything to retrieve
a token. Therefore we change this so that we use the secret in the API
response as the truth.

* Make sure removing an dom tree from a buffer only removes its own tree
---
 ui-v2/app/adapters/oidc-provider.js           |   2 +-
 ui-v2/app/components/auth-dialog/README.mdx   |  56 +++++++++
 .../components/auth-dialog/chart.xstate.js    |  34 +++++
 ui-v2/app/components/auth-dialog/index.hbs    |  40 ++++++
 ui-v2/app/components/auth-dialog/index.js     |  42 +++++++
 ui-v2/app/components/auth-form/README.mdx     |  18 +++
 .../app/components/auth-form/chart.xstate.js  |  55 +++++++++
 ui-v2/app/components/auth-form/index.hbs      | 100 +++++++++++++++
 ui-v2/app/components/auth-form/index.js       |  21 ++++
 ui-v2/app/components/auth-profile/README.mdx  |  20 +++
 ui-v2/app/components/auth-profile/index.hbs   |   9 ++
 ui-v2/app/components/auth-profile/index.js    |   5 +
 ui-v2/app/components/child-selector/index.hbs |   4 +-
 ui-v2/app/components/child-selector/index.js  |   1 +
 ui-v2/app/components/dom-buffer/index.js      |   5 +-
 ui-v2/app/components/form-component/index.js  |   1 +
 .../app/components/hashicorp-consul/index.hbs |  88 +++++++------
 .../app/components/hashicorp-consul/index.js  | 116 ++----------------
 ui-v2/app/components/jwt-source/README.mdx    |  24 ++++
 ui-v2/app/components/jwt-source/index.js      |  31 +++++
 .../components/oidc-select/chart.xstate.js    |  16 +++
 ui-v2/app/components/oidc-select/index.hbs    |  46 +++++++
 ui-v2/app/components/oidc-select/index.js     |  20 +++
 .../app/components/policy-selector/index.hbs  |   2 +-
 ui-v2/app/components/role-form/index.hbs      |   2 +-
 ui-v2/app/components/token-source/README.mdx  |  32 +++++
 .../components/token-source/chart.xstate.js   |  30 +++++
 ui-v2/app/components/token-source/index.hbs   |  33 +++++
 ui-v2/app/components/token-source/index.js    |  36 ++++++
 ui-v2/app/controllers/application.js          |  62 +++++++++-
 ui-v2/app/routes/application.js               |  38 +-----
 .../services/data-source/protocols/http.js    |  17 +++
 ui-v2/app/services/data-source/service.js     |  16 ++-
 ui-v2/app/services/dom-buffer.js              |  38 ++++--
 .../base/components/form-elements/index.scss  |   1 +
 .../base/components/form-elements/layout.scss |   4 +
 .../base/components/form-elements/skin.scss   |  17 +--
 .../app/styles/base/icons/base-variables.scss |   4 +-
 .../styles/base/icons/icon-placeholders.scss  |  20 +++
 ui-v2/app/styles/components/app-view.scss     |  16 ++-
 .../styles/components/app-view/layout.scss    |   3 +
 ui-v2/app/styles/components/auth-form.scss    |   4 +
 .../styles/components/auth-form/index.scss    |   2 +
 .../styles/components/auth-form/layout.scss   |  34 +++++
 .../app/styles/components/auth-form/skin.scss |  12 ++
 ui-v2/app/styles/components/auth-modal.scss   |   4 +
 .../styles/components/auth-modal/index.scss   |   7 ++
 .../styles/components/auth-modal/layout.scss  |  12 ++
 .../styles/components/auth-modal/skin.scss    |   7 ++
 ui-v2/app/styles/components/buttons.scss      |   8 +-
 .../styles/components/empty-state/skin.scss   |   3 +
 .../app/styles/components/form-elements.scss  |  29 ++---
 ui-v2/app/styles/components/index.scss        |   3 +
 .../components/main-nav-horizontal/index.scss |  13 +-
 .../components/main-nav-horizontal/skin.scss  |   3 -
 ui-v2/app/styles/components/oidc-select.scss  |   4 +
 .../styles/components/oidc-select/index.scss  |   8 ++
 .../styles/components/oidc-select/layout.scss |   7 ++
 .../styles/components/oidc-select/skin.scss   |  30 +++++
 ui-v2/app/styles/core/typography.scss         |   3 +-
 ui-v2/app/styles/variables/index.scss         |   5 +
 ui-v2/app/templates/application.hbs           |  10 +-
 .../app/templates/dc/acls/-authorization.hbs  |  34 +++--
 ui-v2/app/templates/error.hbs                 |  65 ++++++++--
 ui-v2/app/utils/get-environment.js            |   3 +
 ui-v2/config/environment.js                   |  14 ++-
 ui-v2/lib/startup/index.js                    |   3 +
 ui-v2/lib/startup/templates/head.html.js      |   3 +-
 ui-v2/node-tests/config/environment.js        |  14 +++
 ui-v2/public/oidc/callback                    |  19 +++
 ui-v2/server/index.js                         |  26 ++++
 .../policies/as-many/add-existing.feature     |   4 +-
 .../acls/roles/as-many/add-existing.feature   |   4 +-
 ui-v2/tests/acceptance/dc/error.feature       |   2 +-
 .../acceptance/dc/services/error.feature      |   4 +-
 .../dc/services/instances/error.feature       |   2 +-
 .../{dc/acls/tokens => }/login-errors.feature |  14 +--
 .../{dc/acls/tokens => }/login.feature        |  11 +-
 .../acceptance/steps/login-errors-steps.js    |  10 ++
 ui-v2/tests/acceptance/steps/login-steps.js   |  10 ++
 ui-v2/tests/acceptance/token-header.feature   |   7 +-
 .../components/auth-dialog-test.js            |  26 ++++
 .../components/auth-profile-test.js           |  24 ++++
 .../integration/components/jwt-source-test.js |  17 +++
 .../components/oidc-select-test.js            |  26 ++++
 .../serializers/oidc-provider-test.js         |  75 +++++++++++
 ui-v2/tests/pages.js                          |  16 ++-
 ui-v2/tests/pages/components/auth-form.js     |   6 +
 ui-v2/tests/pages/components/page.js          |  77 +++++++-----
 ui-v2/tests/pages/dc/acls/edit.js             |   3 +-
 ui-v2/tests/pages/dc/acls/policies/edit.js    |   6 +-
 ui-v2/tests/pages/dc/acls/roles/edit.js       |   6 +-
 ui-v2/tests/pages/dc/acls/tokens/edit.js      |   6 +-
 ui-v2/tests/pages/dc/intentions/edit.js       |   3 +-
 ui-v2/tests/pages/dc/kv/edit.js               |   2 +-
 ui-v2/tests/pages/dc/nspaces/edit.js          |   6 +-
 ui-v2/tests/pages/dc/services/index.js        |   3 +-
 ui-v2/tests/unit/models/oidc-provider-test.js |  13 ++
 .../unit/serializers/oidc-provider-test.js    |  23 ++++
 99 files changed, 1576 insertions(+), 344 deletions(-)
 create mode 100644 ui-v2/app/components/auth-dialog/README.mdx
 create mode 100644 ui-v2/app/components/auth-dialog/chart.xstate.js
 create mode 100644 ui-v2/app/components/auth-dialog/index.hbs
 create mode 100644 ui-v2/app/components/auth-dialog/index.js
 create mode 100644 ui-v2/app/components/auth-form/README.mdx
 create mode 100644 ui-v2/app/components/auth-form/chart.xstate.js
 create mode 100644 ui-v2/app/components/auth-form/index.hbs
 create mode 100644 ui-v2/app/components/auth-form/index.js
 create mode 100644 ui-v2/app/components/auth-profile/README.mdx
 create mode 100644 ui-v2/app/components/auth-profile/index.hbs
 create mode 100644 ui-v2/app/components/auth-profile/index.js
 create mode 100644 ui-v2/app/components/jwt-source/README.mdx
 create mode 100644 ui-v2/app/components/jwt-source/index.js
 create mode 100644 ui-v2/app/components/oidc-select/chart.xstate.js
 create mode 100644 ui-v2/app/components/oidc-select/index.hbs
 create mode 100644 ui-v2/app/components/oidc-select/index.js
 create mode 100644 ui-v2/app/components/token-source/README.mdx
 create mode 100644 ui-v2/app/components/token-source/chart.xstate.js
 create mode 100644 ui-v2/app/components/token-source/index.hbs
 create mode 100644 ui-v2/app/components/token-source/index.js
 create mode 100644 ui-v2/app/styles/components/auth-form.scss
 create mode 100644 ui-v2/app/styles/components/auth-form/index.scss
 create mode 100644 ui-v2/app/styles/components/auth-form/layout.scss
 create mode 100644 ui-v2/app/styles/components/auth-form/skin.scss
 create mode 100644 ui-v2/app/styles/components/auth-modal.scss
 create mode 100644 ui-v2/app/styles/components/auth-modal/index.scss
 create mode 100644 ui-v2/app/styles/components/auth-modal/layout.scss
 create mode 100644 ui-v2/app/styles/components/auth-modal/skin.scss
 create mode 100644 ui-v2/app/styles/components/oidc-select.scss
 create mode 100644 ui-v2/app/styles/components/oidc-select/index.scss
 create mode 100644 ui-v2/app/styles/components/oidc-select/layout.scss
 create mode 100644 ui-v2/app/styles/components/oidc-select/skin.scss
 create mode 100644 ui-v2/public/oidc/callback
 create mode 100644 ui-v2/server/index.js
 rename ui-v2/tests/acceptance/{dc/acls/tokens => }/login-errors.feature (82%)
 rename ui-v2/tests/acceptance/{dc/acls/tokens => }/login.feature (64%)
 create mode 100644 ui-v2/tests/acceptance/steps/login-errors-steps.js
 create mode 100644 ui-v2/tests/acceptance/steps/login-steps.js
 create mode 100644 ui-v2/tests/integration/components/auth-dialog-test.js
 create mode 100644 ui-v2/tests/integration/components/auth-profile-test.js
 create mode 100644 ui-v2/tests/integration/components/jwt-source-test.js
 create mode 100644 ui-v2/tests/integration/components/oidc-select-test.js
 create mode 100644 ui-v2/tests/integration/serializers/oidc-provider-test.js
 create mode 100644 ui-v2/tests/pages/components/auth-form.js
 create mode 100644 ui-v2/tests/unit/models/oidc-provider-test.js
 create mode 100644 ui-v2/tests/unit/serializers/oidc-provider-test.js

diff --git a/ui-v2/app/adapters/oidc-provider.js b/ui-v2/app/adapters/oidc-provider.js
index 7d1da6df3c8a..f2b65da2e220 100644
--- a/ui-v2/app/adapters/oidc-provider.js
+++ b/ui-v2/app/adapters/oidc-provider.js
@@ -33,7 +33,7 @@ export default Adapter.extend({
       ${{
         ...Namespace(ns),
         AuthMethod: id,
-        RedirectURI: `${this.env.var('CONSUL_BASE_UI_URL')}/torii/redirect.html`,
+        RedirectURI: `${this.env.var('CONSUL_BASE_UI_URL')}/oidc/callback`,
       }}
     `;
   },
diff --git a/ui-v2/app/components/auth-dialog/README.mdx b/ui-v2/app/components/auth-dialog/README.mdx
new file mode 100644
index 000000000000..676d55379661
--- /dev/null
+++ b/ui-v2/app/components/auth-dialog/README.mdx
@@ -0,0 +1,56 @@
+## AuthDialog
+
+```handlebars
+<AuthDialog @dc={{dc}} @nspace={{}} @onchange={{action 'change'}} as |api components|>
+  {{#let components.AuthForm components.AuthProfile as |AuthForm AuthProfile|}}
+    <BlockSlot @name="unauthorized">
+      Here's the login form:
+      <AuthForm />
+    </BlockSlot>
+    <BlockSlot @name="authorized">
+      Here's your profile:
+      <AuthProfile />
+      <button onclick={{action api.logout}} />
+    </BlockSlot>
+  {{/let}}
+</AuthDialog>
+```
+
+### Arguments
+
+A component to help orchestrate a login/logout flow.
+
+| Argument | Type | Default | Description |
+| --- | --- | --- | --- |
+| `dc` | `String` | | The name of the current datacenter |
+| `nspace` | `String` | | The name of the current namespace |
+| `onchange` | `Function` | | An action to fire when the users token has changed (logged in/logged out/token changed) |
+
+### Methods/Actions/api
+
+| Method/Action |  Description |
+| --- | --- |
+| `login` | Login with a specified token |
+| `logout` | Logout (delete token) |
+| `token` | The current token itself (as a property not a method) |
+
+### Components
+
+| Name |  Description |
+| --- | --- |
+| [`AuthForm`](../auth-form/README.mdx) | Renders an Authorization form |
+| [`AuthProfile`](../auth-profile/README.mdx) | Renders a User Profile |
+
+### Slots
+
+| Name  | Description |
+| --- | --- |
+| `unauthorized` | This slot is only rendered when the user doesn't have a token |
+| `authorized`   | This slot is only rendered whtn the user has a token.|
+
+### See
+
+- [Component Source Code](./index.js)
+- [Template Source Code](./index.hbs)
+
+---
diff --git a/ui-v2/app/components/auth-dialog/chart.xstate.js b/ui-v2/app/components/auth-dialog/chart.xstate.js
new file mode 100644
index 000000000000..ce4730745393
--- /dev/null
+++ b/ui-v2/app/components/auth-dialog/chart.xstate.js
@@ -0,0 +1,34 @@
+export default {
+  id: 'auth-dialog',
+  initial: 'idle',
+  on: {
+    CHANGE: [
+      {
+        target: 'authorized',
+        cond: 'hasToken',
+        actions: ['login'],
+      },
+      {
+        target: 'unauthorized',
+        actions: ['logout'],
+      },
+    ],
+  },
+  states: {
+    idle: {
+      on: {
+        CHANGE: [
+          {
+            target: 'authorized',
+            cond: 'hasToken',
+          },
+          {
+            target: 'unauthorized',
+          },
+        ],
+      },
+    },
+    unauthorized: {},
+    authorized: {},
+  },
+};
diff --git a/ui-v2/app/components/auth-dialog/index.hbs b/ui-v2/app/components/auth-dialog/index.hbs
new file mode 100644
index 000000000000..e12a4d05d600
--- /dev/null
+++ b/ui-v2/app/components/auth-dialog/index.hbs
@@ -0,0 +1,40 @@
+<StateChart @src={{chart}} as |State Guard Action dispatch state|>
+
+  <Guard @name="hasToken" @cond={{action 'hasToken'}} />
+  <Action @name="login" @exec={{action 'login'}} />
+  <Action @name="logout" @exec={{action 'logout'}} />
+  {{! This DataSource just permanently listens to any changes to the users }}
+  {{! token, whether thats a new token, a changed token or a deleted token }}
+  <DataSource
+    @src="settings://consul:token"
+    @onchange={{queue (action (mut token) value="data") (action dispatch "CHANGE") (action (mut previousToken) value="data")}}
+  />
+  {{! This DataSink is just used for logging in from the form, }}
+  {{! or logging out via the exposed logout function }}
+  <DataSink
+    @sink="settings://consul:token"
+    as |sink|
+  >
+    {{yield}}
+    {{#let (hash
+      login=(action sink.open)
+      logout=(action sink.open null)
+      token=token
+    ) (hash
+      AuthProfile=(component 'auth-profile' item=token)
+      AuthForm=(component 'auth-form' dc=dc nspace=nspace onsubmit=(action sink.open value="data"))
+    ) as |api components|}}
+      <State @matches="authorized">
+        {{#yield-slot name="authorized"}}
+          {{yield api components}}
+        {{/yield-slot}}
+      </State>
+
+      <State @matches="unauthorized">
+      {{#yield-slot name="unauthorized"}}
+          {{yield api components}}
+        {{/yield-slot}}
+      </State>
+    {{/let}}
+  </DataSink>
+</StateChart>
diff --git a/ui-v2/app/components/auth-dialog/index.js b/ui-v2/app/components/auth-dialog/index.js
new file mode 100644
index 000000000000..041fee483b48
--- /dev/null
+++ b/ui-v2/app/components/auth-dialog/index.js
@@ -0,0 +1,42 @@
+import Component from '@ember/component';
+import Slotted from 'block-slots';
+import { inject as service } from '@ember/service';
+import { get } from '@ember/object';
+import chart from './chart.xstate';
+
+export default Component.extend(Slotted, {
+  tagName: '',
+  repo: service('repository/oidc-provider'),
+  init: function() {
+    this._super(...arguments);
+    this.chart = chart;
+  },
+  actions: {
+    hasToken: function() {
+      return typeof this.token.AccessorID !== 'undefined';
+    },
+    login: function() {
+      let prev = get(this, 'previousToken.AccessorID');
+      let current = get(this, 'token.AccessorID');
+      if (prev === null) {
+        prev = get(this, 'previousToken.SecretID');
+      }
+      if (current === null) {
+        current = get(this, 'token.SecretID');
+      }
+      let type = 'authorize';
+      if (typeof prev !== 'undefined' && prev !== current) {
+        type = 'use';
+      }
+      this.onchange({ data: get(this, 'token'), type: type });
+    },
+    logout: function() {
+      if (typeof get(this, 'previousToken.AuthMethod') !== 'undefined') {
+        // we are ok to fire and forget here
+        this.repo.logout(get(this, 'previousToken.SecretID'));
+      }
+      this.previousToken = null;
+      this.onchange({ data: null, type: 'logout' });
+    },
+  },
+});
diff --git a/ui-v2/app/components/auth-form/README.mdx b/ui-v2/app/components/auth-form/README.mdx
new file mode 100644
index 000000000000..942e9d813748
--- /dev/null
+++ b/ui-v2/app/components/auth-form/README.mdx
@@ -0,0 +1,18 @@
+## AuthForm
+
+```handlebars
+<AuthForm as |api|></AuthForm>
+```
+
+### Methods/Actions/api
+
+| Method/Action |  Description |
+| --- | --- |
+| `reset` | Reset the form back to its original empty/non-error state |
+
+### See
+
+- [Component Source Code](./index.js)
+- [Template Source Code](./index.hbs)
+
+---
diff --git a/ui-v2/app/components/auth-form/chart.xstate.js b/ui-v2/app/components/auth-form/chart.xstate.js
new file mode 100644
index 000000000000..dc4b281059a3
--- /dev/null
+++ b/ui-v2/app/components/auth-form/chart.xstate.js
@@ -0,0 +1,55 @@
+export default {
+  id: 'auth-form',
+  initial: 'idle',
+  on: {
+    RESET: [
+      {
+        target: 'idle',
+      },
+    ],
+  },
+  states: {
+    idle: {
+      entry: ['clearError'],
+      on: {
+        SUBMIT: [
+          {
+            target: 'loading',
+            cond: 'hasValue',
+          },
+          {
+            target: 'error',
+          },
+        ],
+      },
+    },
+    loading: {
+      on: {
+        ERROR: [
+          {
+            target: 'error',
+          },
+        ],
+      },
+    },
+    error: {
+      exit: ['clearError'],
+      on: {
+        TYPING: [
+          {
+            target: 'idle',
+          },
+        ],
+        SUBMIT: [
+          {
+            target: 'loading',
+            cond: 'hasValue',
+          },
+          {
+            target: 'error',
+          },
+        ],
+      },
+    },
+  },
+};
diff --git a/ui-v2/app/components/auth-form/index.hbs b/ui-v2/app/components/auth-form/index.hbs
new file mode 100644
index 000000000000..2b25ccdd6e20
--- /dev/null
+++ b/ui-v2/app/components/auth-form/index.hbs
@@ -0,0 +1,100 @@
+<StateChart @src={{chart}} as |State Guard Action dispatch state|>
+  {{yield (hash
+    reset=(action dispatch "RESET")
+    focus=(action 'focus')
+  )}}
+  <Guard @name="hasValue" @cond={{action 'hasValue'}} />
+  {{!FIXME: Call this reset or similar }}
+  <Action @name="clearError" @exec={{queue (action (mut error) undefined) (action (mut secret) undefined)}} />
+  <div class="auth-form" ...attributes>
+    <State @matches="error">
+      {{#if error.status}}
+        <p role="alert" class="notice error">
+          {{#if value.Name}}
+            {{#if (eq error.status '403')}}
+              <strong>Consul login failed</strong><br />
+              We received a token from your OIDC provider but could not log in to Consul with it.
+            {{else if (eq error.status '401')}}
+              <strong>Could not log in to provider</strong><br />
+              The OIDC provider has rejected this access token. Please have an administrator check your auth method configuration.
+            {{else if (eq error.status '499')}}
+              <strong>SSO log in window closed</strong><br />
+              The OIDC provider window was closed. Please try again.
+            {{else}}
+              <strong>Error</strong><br />
+              {{error.detail}}
+            {{/if}}
+          {{else}}
+            {{#if (eq error.status '403')}}
+              <strong>Invalid token</strong><br />
+              The token entered does not exist. Please enter a valid token to log in.
+            {{else}}
+              <strong>Error</strong><br />
+              {{error.detail}}
+            {{/if}}
+          {{/if}}
+        </p>
+      {{/if}}
+    </State>
+    <form onsubmit={{action dispatch "SUBMIT"}}>
+      <fieldset>
+        <label class={{concat "type-password" (if (and (state-matches state 'error') (not error.status)) ' has-error' '')}}>
+          <span>Log in with a token</span>
+          <input
+            {{ref this 'input'}}
+            disabled={{state-matches state "loading"}}
+            type="password"
+            name="auth[SecretID]"
+            placeholder="SecretID"
+            value={{secret}}
+            oninput={{queue
+              (action (mut secret) value="target.value")
+              (action (mut value) value="target.value")
+              (action dispatch "TYPING")
+            }}
+          />
+          <State @matches="error">
+            {{#if (not error.status)}}
+              <strong role="alert">
+                Please enter your secret
+              </strong>
+            {{/if}}
+          </State>
+        </label>
+      </fieldset>
+      <button type="submit" disabled={{state-matches state "loading"}}>
+        Log in
+      </button>
+      <em>Contact your administrator for login credentials.</em>
+    </form>
+{{#if (env 'CONSUL_SSO_ENABLED')}}
+    <DataSource
+      @src={{concat '/' (or nspace 'default') '/' dc '/oidc/providers'}}
+      @onchange={{queue (action (mut providers) value="data")}}
+      @onerror={{queue (action (mut error) value="error.errors.firstObject")}}
+      @loading="lazy"
+    />
+  {{#if (gt providers.length 0)}}
+    <p>
+      <span>or</span>
+    </p>
+  {{/if}}
+  <OidcSelect
+    @items={{providers}}
+    @disabled={{state-matches state "loading"}}
+    @onchange={{queue (action (mut value)) (action dispatch "SUBMIT") }}
+    @onerror={{queue (action (mut error) value="error.errors.firstObject") (action dispatch "ERROR")}}
+  />
+{{/if}}
+  </div>
+  <State @matches="loading">
+    <TokenSource
+      @dc={{dc}}
+      @nspace={{nspace}}
+      @type={{if value.Name 'oidc' 'secret'}}
+      @value={{if value.Name value.Name value}}
+      @onchange={{action onsubmit}}
+      @onerror={{queue (action (mut error) value="error.errors.firstObject") (action dispatch "ERROR")}}
+    />
+  </State>
+</StateChart>
\ No newline at end of file
diff --git a/ui-v2/app/components/auth-form/index.js b/ui-v2/app/components/auth-form/index.js
new file mode 100644
index 000000000000..c6a95e277591
--- /dev/null
+++ b/ui-v2/app/components/auth-form/index.js
@@ -0,0 +1,21 @@
+import Component from '@ember/component';
+
+import chart from './chart.xstate';
+
+export default Component.extend({
+  tagName: '',
+  onsubmit: function(e) {},
+  onchange: function(e) {},
+  init: function() {
+    this._super(...arguments);
+    this.chart = chart;
+  },
+  actions: {
+    hasValue: function(context, event, meta) {
+      return this.value !== '' && typeof this.value !== 'undefined';
+    },
+    focus: function() {
+      this.input.focus();
+    },
+  },
+});
diff --git a/ui-v2/app/components/auth-profile/README.mdx b/ui-v2/app/components/auth-profile/README.mdx
new file mode 100644
index 000000000000..f4fa59771d18
--- /dev/null
+++ b/ui-v2/app/components/auth-profile/README.mdx
@@ -0,0 +1,20 @@
+## AuthProfile
+
+```handlebars
+<AuthProfile @item={{token}} />
+```
+
+A straightforward partial-like component for rendering a user profile.
+
+### Arguments
+
+| Argument | Type | Default | Description |
+| --- | --- | --- | --- |
+| `item` | `Object` | | A Consul shaped token object (currently only requires an AccessorID property to be set |
+
+### See
+
+- [Component Source Code](./index.js)
+- [Template Source Code](./index.hbs)
+
+---
diff --git a/ui-v2/app/components/auth-profile/index.hbs b/ui-v2/app/components/auth-profile/index.hbs
new file mode 100644
index 000000000000..6f46fd37cbd9
--- /dev/null
+++ b/ui-v2/app/components/auth-profile/index.hbs
@@ -0,0 +1,9 @@
+<dl>
+    <dt>
+      <span>My ACL Token</span><br />
+      AccessorID
+    </dt>
+    <dd>
+      {{substr item.AccessorID -8}}
+    </dd>
+</dl>
\ No newline at end of file
diff --git a/ui-v2/app/components/auth-profile/index.js b/ui-v2/app/components/auth-profile/index.js
new file mode 100644
index 000000000000..4798652642ba
--- /dev/null
+++ b/ui-v2/app/components/auth-profile/index.js
@@ -0,0 +1,5 @@
+import Component from '@ember/component';
+
+export default Component.extend({
+  tagName: '',
+});
diff --git a/ui-v2/app/components/child-selector/index.hbs b/ui-v2/app/components/child-selector/index.hbs
index 51fd38ef93ab..1b13235f0e6b 100644
--- a/ui-v2/app/components/child-selector/index.hbs
+++ b/ui-v2/app/components/child-selector/index.hbs
@@ -1,3 +1,4 @@
+<div ...attributes>
 {{yield}}
   <YieldSlot @name="create">{{yield}}</YieldSlot>
   <label class="type-text">
@@ -24,4 +25,5 @@
   <YieldSlot @name="set">{{yield}}</YieldSlot>
 {{else}}
 
-{{/if}}
\ No newline at end of file
+{{/if}}
+</div>
\ No newline at end of file
diff --git a/ui-v2/app/components/child-selector/index.js b/ui-v2/app/components/child-selector/index.js
index cf01b8138a8e..c1f58ef5b8ac 100644
--- a/ui-v2/app/components/child-selector/index.js
+++ b/ui-v2/app/components/child-selector/index.js
@@ -8,6 +8,7 @@ import WithListeners from 'consul-ui/mixins/with-listeners';
 
 export default Component.extend(SlotsMixin, WithListeners, {
   onchange: function() {},
+  tagName: '',
 
   error: function() {},
   type: '',
diff --git a/ui-v2/app/components/dom-buffer/index.js b/ui-v2/app/components/dom-buffer/index.js
index 63c4d62f8339..eb2706e88164 100644
--- a/ui-v2/app/components/dom-buffer/index.js
+++ b/ui-v2/app/components/dom-buffer/index.js
@@ -9,10 +9,11 @@ export default Component.extend({
   },
   didInsertElement: function() {
     this._super(...arguments);
-    this.buffer.add(this.getBufferName(), this.element);
+    this._element = this.buffer.add(this.getBufferName(), this.element);
   },
   didDestroyElement: function() {
     this._super(...arguments);
-    this.buffer.remove(this.getBufferName());
+    this.buffer.remove(this.getBufferName(), this._element);
+    this._element = null;
   },
 });
diff --git a/ui-v2/app/components/form-component/index.js b/ui-v2/app/components/form-component/index.js
index 0be3328b03f0..520cb2148e09 100644
--- a/ui-v2/app/components/form-component/index.js
+++ b/ui-v2/app/components/form-component/index.js
@@ -6,6 +6,7 @@ import WithListeners from 'consul-ui/mixins/with-listeners';
 // match anything that isn't a [ or ] into multiple groups
 const propRe = /([^[\]])+/g;
 export default Component.extend(WithListeners, SlotsMixin, {
+  tagName: '',
   onreset: function() {},
   onchange: function() {},
   onerror: function() {},
diff --git a/ui-v2/app/components/hashicorp-consul/index.hbs b/ui-v2/app/components/hashicorp-consul/index.hbs
index cbf153e0cd34..2ca5f255ed59 100644
--- a/ui-v2/app/components/hashicorp-consul/index.hbs
+++ b/ui-v2/app/components/hashicorp-consul/index.hbs
@@ -1,4 +1,4 @@
-
+    <ModalLayer />
     <header role="banner" data-test-navigation>
       <a data-test-main-nav-logo href={{href-to 'index'}}><svg width="28" height="27" xmlns="http://www.w3.org/2000/svg"><title>Consul</title><path d="M13.284 16.178a2.876 2.876 0 1 1-.008-5.751 2.876 2.876 0 0 1 .008 5.75zm5.596-1.547a1.333 1.333 0 1 1 0-2.667 1.333 1.333 0 0 1 0 2.667zm4.853 1.249a1.271 1.271 0 1 1 .027-.107c0 .031 0 .067-.027.107zm-.937-3.436a1.333 1.333 0 1 1 .986-1.595c.033.172.033.348 0 .52-.07.53-.465.96-.986 1.075zm4.72 3.29a1.333 1.333 0 1 1-1.076-1.538 1.333 1.333 0 0 1 1.116 1.417.342.342 0 0 0-.027.12h-.013zm-1.08-3.33a1.333 1.333 0 1 1 1.088-1.524c.014.114.014.229 0 .342a1.333 1.333 0 0 1-1.102 1.182h.014zm-.925 7.925a1.333 1.333 0 1 1 .165-.547c-.01.193-.067.38-.165.547zm-.48-12.191a1.333 1.333 0 1 1 .507-1.814c.14.237.198.514.164.787-.038.438-.289.828-.67 1.045v-.018zM13.333 26.667C5.97 26.667 0 20.697 0 13.333 0 5.97 5.97 0 13.333 0c2.929-.01 5.778.955 8.098 2.742L19.8 4.89a10.667 10.667 0 0 0-17.133 8.444 10.667 10.667 0 0 0 17.137 8.471l1.627 2.13a13.218 13.218 0 0 1-8.098 2.733z" fill="#FFF"/></svg></a>
         <input type="checkbox" name="menu" id="main-nav-toggle" onchange={{action 'change'}} />
@@ -100,7 +100,7 @@
             </nav>
             <nav>
                 <ul>
-                    <li data-test-main-nav-docs>
+                    <li data-test-main-nav-help>
                       <PopoverMenu @position="right">
                         <BlockSlot @name="trigger">
                           Help
@@ -123,42 +123,55 @@
                         <a href={{href-to 'settings'}}>Settings</a>
                     </li>
 {{#if (env 'CONSUL_ACLS_ENABLED')}}
-                    <DataSource
-                      @src="settings://consul:token"
-                      @onchange={{action "changeToken" value="data"}}
-                    />
-                    <DataSink
-                      @sink="settings://consul:token"
-                    as |tokenSink|>
-  {{#if (not-eq token.AccessorID undefined)}}
-                      <li data-test-main-nav-auth>
-                        <PopoverMenu @position="right">
-                          <BlockSlot @name="trigger">
-                            Logout
+                    <li data-test-main-nav-auth>
+                      <AuthDialog
+                        @dc={{dc.Name}}
+                        @nspace={{nspace.Name}}
+                        @onchange={{action onchange}} as |authDialog components|
+                      >
+                        {{#let components.AuthForm components.AuthProfile as |AuthForm AuthProfile|}}
+                          <BlockSlot @name="unauthorized">
+                            <label tabindex="0" for="login-toggle" onkeypress={{action 'keypressClick'}}>
+                              <span>Log in</span>
+                            </label>
+                            <ModalDialog @name="login-toggle" @onclose={{action 'close'}} @onopen={{action 'open'}}>
+                              <BlockSlot @name="header">
+                                <h2>Log in to Consul</h2>
+                              </BlockSlot>
+                              <BlockSlot @name="body">
+                                <AuthForm as |api|>
+                                  <Ref @target={{this}} @name="authForm" @value={{api}} />
+                                </AuthForm>
+                              </BlockSlot>
+                              <BlockSlot @name="actions" as |close|>
+                                <button type="button" onclick={{action close}}>
+                                  Continue without logging in
+                                </button>
+                              </BlockSlot>
+                            </ModalDialog>
                           </BlockSlot>
-                          <BlockSlot @name="menu">
-                      {{#if token.AccessorID}}
-                            <li role="none">
-                              <dl>
-                                <dt>
-                                  <span>My ACL Token</span><br />
-                                  AccessorID
-                                </dt>
-                                <dd>
-                                  {{substr token.AccessorID -8}}
-                                </dd>
-                              </dl>
-                            </li>
-                            <li role="separator"></li>
-                      {{/if}}
-                            <li class="dangerous" role="none">
-                                <button type="button" tabindex="-1" role="menuitem" onclick={{action tokenSink.open null}}>Logout</button>
-                            </li>
+                          <BlockSlot @name="authorized">
+                            <PopoverMenu @position="right">
+                              <BlockSlot @name="trigger">
+                                Logout
+                              </BlockSlot>
+                              <BlockSlot @name="menu">
+    {{!TODO: It might be nice to use one of our recursive components here}}
+    {{#if authDialog.token.AccessorID}}
+                                <li role="none">
+                                  <AuthProfile />
+                                </li>
+                                <li role="separator"></li>
+    {{/if}}
+                                <li class="dangerous" role="none">
+                                  <button type="button" tabindex="-1" role="menuitem" onclick={{action authDialog.logout}}>Logout</button>
+                                </li>
+                              </BlockSlot>
+                            </PopoverMenu>
                           </BlockSlot>
-                        </PopoverMenu>
-                      </li>
-  {{/if}}
-                    </DataSink>
+                        {{/let}}
+                      </AuthDialog>
+                    </li>
 {{/if}}
                 </ul>
             </nav>
@@ -172,5 +185,4 @@
         <p data-test-footer-version>Consul {{env 'CONSUL_VERSION'}}</p>
         <a data-test-footer-docs href="{{env 'CONSUL_DOCS_URL'}}" rel="help noopener noreferrer" target="_blank">Documentation</a>
         {{{concat '<!-- ' (env 'CONSUL_GIT_SHA') '-->'}}}
-    </footer>
-    <ModalLayer />
\ No newline at end of file
+    </footer>
\ No newline at end of file
diff --git a/ui-v2/app/components/hashicorp-consul/index.js b/ui-v2/app/components/hashicorp-consul/index.js
index 6a6767a673ba..72f5f9f90e14 100644
--- a/ui-v2/app/components/hashicorp-consul/index.js
+++ b/ui-v2/app/components/hashicorp-consul/index.js
@@ -1,19 +1,12 @@
 import Component from '@ember/component';
 import { inject as service } from '@ember/service';
-import { get, set, computed } from '@ember/object';
-import { getOwner } from '@ember/application';
+import { computed } from '@ember/object';
 
 export default Component.extend({
   dom: service('dom'),
-  env: service('env'),
-  feedback: service('feedback'),
-  router: service('router'),
-  http: service('repository/type/event-source'),
-  client: service('client/http'),
-  store: service('store'),
-  settings: service('settings'),
 
   didInsertElement: function() {
+    this._super(...arguments);
     this.dom.root().classList.remove('template-with-vertical-menu');
   },
   // TODO: Right now this is the only place where we need permissions
@@ -25,108 +18,15 @@ export default Component.extend({
       }) !== 'undefined'
     );
   }),
-  forwardForACL: function(token) {
-    let routeName = this.router.currentRouteName;
-    const route = getOwner(this).lookup(`route:${routeName}`);
-    // a null AccessorID means we are in legacy mode
-    // take the user to the legacy acls
-    // otherwise just refresh the page
-    if (get(token, 'AccessorID') === null) {
-      // returning false for a feedback action means even though
-      // its successful, please skip this notification and don't display it
-      return route.transitionTo('dc.acls');
-    } else {
-      // TODO: Ideally we wouldn't need to use env() at a component level
-      // transitionTo should probably remove it instead if NSPACES aren't enabled
-      if (this.env.var('CONSUL_NSPACES_ENABLED') && get(token, 'Namespace') !== this.nspace.Name) {
-        if (!routeName.startsWith('nspace')) {
-          routeName = `nspace.${routeName}`;
-        }
-        const nspace = get(token, 'Namespace');
-        // you potentially have a new namespace
-        if (typeof nspace !== 'undefined') {
-          return route.transitionTo(`${routeName}`, `~${nspace}`, this.dc.Name);
-        }
-        // you are logging out, just refresh
-        return route.refresh();
-      } else {
-        if (route.routeName === 'dc.acls.index') {
-          return route.transitionTo('dc.acls.tokens.index');
-        }
-        return route.refresh();
-      }
-    }
-  },
   actions: {
-    send: function(el, method, ...rest) {
-      const component = this.dom.component(el);
-      component.actions[method].apply(component, rest || []);
+    keypressClick: function(e) {
+      e.target.dispatchEvent(new MouseEvent('click'));
     },
-    changeToken: function(token = {}) {
-      const prev = this.token;
-      if (token === '') {
-        token = {};
-      }
-      set(this, 'token', token);
-      // if this is just the initial 'find out what the current token is'
-      // then don't do anything
-      if (typeof prev === 'undefined') {
-        return;
-      }
-      let notification;
-      let action = () => this.forwardForACL(token);
-      switch (true) {
-        case get(this, 'token.AccessorID') === null && get(this, 'token.SecretID') === null:
-          // 'everything is null, 403 this needs deleting' token
-          this.settings.delete('token');
-          return;
-        case get(prev, 'AccessorID') === null && get(prev, 'SecretID') === null:
-          // we just had an 'everything is null, this needs deleting' token
-          // reject and break so this acts differently to just logging out
-          action = () => Promise.reject({});
-          notification = 'authorize';
-          break;
-        case typeof get(prev, 'AccessorID') !== 'undefined' &&
-          typeof get(this, 'token.AccessorID') !== 'undefined':
-          // change of both Accessor and Secret, means use
-          notification = 'use';
-          break;
-        case get(this, 'token.AccessorID') === null &&
-          typeof get(this, 'token.SecretID') !== 'undefined':
-          // legacy login, don't do anything as we don't use self for auth here but the endpoint itself
-          // self is successful, but skip this notification and don't display it
-          return this.forwardForACL(token);
-        case typeof get(prev, 'AccessorID') === 'undefined' &&
-          typeof get(this, 'token.AccessorID') !== 'undefined':
-          // normal login
-          notification = 'authorize';
-          break;
-        case (typeof get(prev, 'AccessorID') !== 'undefined' || get(prev, 'AccessorID') === null) &&
-          typeof get(this, 'token.AccessorID') === 'undefined':
-          //normal logout
-          notification = 'logout';
-          break;
-      }
-      this.actions.reauthorize.apply(this, [
-        {
-          type: notification,
-          action: action,
-        },
-      ]);
+    open: function() {
+      this.authForm.focus();
     },
-    reauthorize: function(e) {
-      this.client.abort();
-      this.http.resetCache();
-      this.store.init();
-      const type = get(e, 'type');
-      this.feedback.execute(
-        e.action,
-        type,
-        function(type, e) {
-          return type;
-        },
-        {}
-      );
+    close: function() {
+      this.authForm.reset();
     },
     change: function(e) {
       const win = this.dom.viewport();
diff --git a/ui-v2/app/components/jwt-source/README.mdx b/ui-v2/app/components/jwt-source/README.mdx
new file mode 100644
index 000000000000..51b1a12f2293
--- /dev/null
+++ b/ui-v2/app/components/jwt-source/README.mdx
@@ -0,0 +1,24 @@
+## JwtSource
+
+```handlebars
+<JwtSource @src={{url}} @onchange={{action 'change'}} @onerror={{action 'error'}} />
+```
+
+### Arguments
+
+| Argument | Type | Default | Description |
+| --- | --- | --- | --- |
+| `src` | `String` | | The source to subscribe to updates to, this should map to a string based URI |
+| `onchange` | `Function` |  | The action to fire when the data changes. Emits an Event-like object with a `data` property containing the jwt data, in this case the autorizationCode and the status |
+| `onerror` | `Function` |  | The action to fire when an error occurs. Emits ErrorEvent object with an `error` property containing the Error. |
+
+This component will go through the steps of requesting a JWT token from a third party oauth provider. `src` should contain the full URL of the authorization URL for the 3rd party provider. Once the user has logged into the 3rd party provider the `onchange` event will be fired containing an event-like object whose data contains the JWT information.
+
+The component need only be place into the DOM in order to begin the OAuth dance.
+
+### See
+
+- [Component Source Code](./index.js)
+- [Template Source Code](./index.hbs)
+
+---
diff --git a/ui-v2/app/components/jwt-source/index.js b/ui-v2/app/components/jwt-source/index.js
new file mode 100644
index 000000000000..da84dc672caa
--- /dev/null
+++ b/ui-v2/app/components/jwt-source/index.js
@@ -0,0 +1,31 @@
+import Component from '@ember/component';
+import { inject as service } from '@ember/service';
+import { fromPromise } from 'consul-ui/utils/dom/event-source';
+
+export default Component.extend({
+  repo: service('repository/oidc-provider'),
+  dom: service('dom'),
+  tagName: '',
+  onchange: function(e) {},
+  onerror: function(e) {},
+  init: function() {
+    this._super(...arguments);
+    this._listeners = this.dom.listeners();
+  },
+  willDestroy: function() {
+    this._super(...arguments);
+    this.repo.close();
+    this._listeners.remove();
+  },
+  didInsertElement: function() {
+    if (this.source) {
+      this.source.close();
+    }
+    // TODO: Could this use once? Double check but I don't think it can
+    this.source = fromPromise(this.repo.findCodeByURL(this.src));
+    this._listeners.add(this.source, {
+      message: e => this.onchange(e),
+      error: e => this.onerror(e),
+    });
+  },
+});
diff --git a/ui-v2/app/components/oidc-select/chart.xstate.js b/ui-v2/app/components/oidc-select/chart.xstate.js
new file mode 100644
index 000000000000..08e65961d8b8
--- /dev/null
+++ b/ui-v2/app/components/oidc-select/chart.xstate.js
@@ -0,0 +1,16 @@
+export default {
+  id: 'oidc-select',
+  initial: 'loading',
+  states: {
+    loaded: {},
+    loading: {
+      on: {
+        SUCCESS: [
+          {
+            target: 'loaded',
+          },
+        ],
+      },
+    },
+  },
+};
diff --git a/ui-v2/app/components/oidc-select/index.hbs b/ui-v2/app/components/oidc-select/index.hbs
new file mode 100644
index 000000000000..99b173be5fba
--- /dev/null
+++ b/ui-v2/app/components/oidc-select/index.hbs
@@ -0,0 +1,46 @@
+<StateChart @src={{chart}} as |State Guard Action dispatch state|>
+  <Ref @target={{this}} @name="dispatch" @value={{dispatch}} />
+  <State @matches="loaded">
+    <div class="oidc-select" ...attributes>
+        {{#if (lt items.length 3)}}
+            <ul>
+            {{#each items as |item|}}
+              <li>
+                <button
+                  disabled={{disabled}}
+                  type="button" class={{concat item.Kind '-oidc-provider'}}
+                  onclick={{action onchange item}}
+                >
+                  Continue with {{or item.DisplayName item.Name}}
+                </button>
+              </li>
+            {{/each}}
+            </ul>
+        {{else}}
+          {{#let (or provider (object-at 0 items)) as |item|}}
+            <label>
+              <span>SSO Provider</span>
+              <PowerSelect
+                @disabled={{disabled}}
+                @onChange={{action (mut provider)}}
+                @selected={{item}}
+                @searchEnabled={{false}}
+                @options={{items}} as |item|>
+                <span class={{concat item.Kind '-oidc-provider'}}>{{or item.DisplayName item.Name}}</span>
+              </PowerSelect>
+            </label>
+            <button
+              disabled={{disabled}}
+              type="button"
+              onclick={{action onchange item}}
+            >
+              Log in
+            </button>
+          {{/let}}
+        {{/if}}
+    </div>
+  </State>
+  <State @matches="loading">
+    <div class="progress indeterminate"></div>
+  </State>
+</StateChart>
\ No newline at end of file
diff --git a/ui-v2/app/components/oidc-select/index.js b/ui-v2/app/components/oidc-select/index.js
new file mode 100644
index 000000000000..a0b5b164d9ae
--- /dev/null
+++ b/ui-v2/app/components/oidc-select/index.js
@@ -0,0 +1,20 @@
+import Component from '@ember/component';
+import chart from './chart.xstate';
+
+export default Component.extend({
+  tagName: '',
+  onchange: function() {},
+  onerror: function() {},
+  init: function() {
+    this._super(...arguments);
+    this.chart = chart;
+  },
+  didReceiveAttrs: function() {
+    // This gets called no matter which attr has changed
+    // such as disabled, thing is once we are in loaded state
+    // it doesn't do anything anymore
+    if (typeof this.items !== 'undefined') {
+      this.dispatch('SUCCESS');
+    }
+  },
+});
diff --git a/ui-v2/app/components/policy-selector/index.hbs b/ui-v2/app/components/policy-selector/index.hbs
index 8b702a2b86f6..6e2b7198acc2 100644
--- a/ui-v2/app/components/policy-selector/index.hbs
+++ b/ui-v2/app/components/policy-selector/index.hbs
@@ -1,4 +1,4 @@
-<ChildSelector @repo={{repo}} @dc={{dc}} @nspace={{nspace}} @type="policy" @placeholder="Search for policy" @items={{items}}>
+<ChildSelector ...attributes @repo={{repo}} @dc={{dc}} @nspace={{nspace}} @type="policy" @placeholder="Search for policy" @items={{items}}>
   {{yield}}
   <BlockSlot @name="label">
     Apply an existing policy
diff --git a/ui-v2/app/components/role-form/index.hbs b/ui-v2/app/components/role-form/index.hbs
index c5a7ecaa1298..460c6d6904a1 100644
--- a/ui-v2/app/components/role-form/index.hbs
+++ b/ui-v2/app/components/role-form/index.hbs
@@ -1,5 +1,5 @@
 {{yield}}
-<fieldset>
+<fieldset class="role-form" data-test-role-form>
     <label class="type-text{{if item.error.Name ' has-error'}}">
         <span>Name</span>
         <input type="text" value={{item.Name}} name="role[Name]" autofocus="autofocus" oninput={{action 'change'}} />
diff --git a/ui-v2/app/components/token-source/README.mdx b/ui-v2/app/components/token-source/README.mdx
new file mode 100644
index 000000000000..80aaab3b797f
--- /dev/null
+++ b/ui-v2/app/components/token-source/README.mdx
@@ -0,0 +1,32 @@
+## TokenSource
+
+```handlebars
+  <TokenSource
+    @dc={{dc}}
+    @nspace={{nspace}}
+    @type={{or 'oidc' 'secret'}}
+    @value={{or identifierForProvider secret}}
+    @onchange={{action 'change'}}
+    @onerror={{action 'error'}}
+  />
+```
+
+### Arguments
+
+| Argument | Type | Default | Description |
+| --- | --- | --- | --- |
+| `dc` | `String` | | The name of the current datacenter |
+| `nspace` | `String` | | The name of the current namespace |
+| `onchange` | `Function` |  | The action to fire when the data changes. Emits an Event-like object with a `data` property containing the jwt data, in this case the autorizationCode and the status |
+| `onerror` | `Function` |  | The action to fire when an error occurs. Emits ErrorEvent object with an `error` property containing the Error. |
+
+This component will go through the steps of requesting a JWT token from a third party oauth provider. `src` should contain the full URL of the authorization URL for the 3rd party provider. Once the user has logged into the 3rd party provider the `onchange` event will be fired containing an event-like object whose data contains the JWT information.
+
+The component need only be place into the DOM in order to begin the OAuth dance.
+
+### See
+
+- [Component Source Code](./index.js)
+- [Template Source Code](./index.hbs)
+
+---
diff --git a/ui-v2/app/components/token-source/chart.xstate.js b/ui-v2/app/components/token-source/chart.xstate.js
new file mode 100644
index 000000000000..6629a68befc9
--- /dev/null
+++ b/ui-v2/app/components/token-source/chart.xstate.js
@@ -0,0 +1,30 @@
+export default {
+  id: 'token-source',
+  initial: 'idle',
+  on: {
+    RESTART: [
+      {
+        target: 'secret',
+        cond: 'isSecret',
+      },
+      {
+        target: 'provider',
+      },
+    ],
+  },
+  states: {
+    idle: {},
+    secret: {},
+    provider: {
+      on: {
+        SUCCESS: 'jwt',
+      },
+    },
+    jwt: {
+      on: {
+        SUCCESS: 'token',
+      },
+    },
+    token: {},
+  },
+};
diff --git a/ui-v2/app/components/token-source/index.hbs b/ui-v2/app/components/token-source/index.hbs
new file mode 100644
index 000000000000..711f6704c349
--- /dev/null
+++ b/ui-v2/app/components/token-source/index.hbs
@@ -0,0 +1,33 @@
+<StateChart @src={{chart}} @initial={{if (eq type 'oidc') 'provider' 'secret'}} as |State Guard Action dispatch state|>
+  <Guard @name="isSecret" @cond={{action 'isSecret'}} />
+  {{#let (concat '/' (or nspace 'default') '/' dc) as |path|}}
+    <State @matches="secret">
+      <DataSource
+        @src={{concat path '/token/self/' value}}
+        @onchange={{action 'change'}}
+        @onerror={{action onerror}}
+      />
+    </State>
+    <State @matches="provider">
+      <DataSource
+        @src={{concat path '/oidc/provider/' value}}
+        @onchange={{queue (action (mut provider) value="data") (action dispatch "SUCCESS")}}
+        @onerror={{action onerror}}
+      />
+    </State>
+    <State @matches="jwt">
+      <JwtSource
+        @src={{provider.AuthURL}}
+        @onchange={{queue (action (mut jwt) value="data") (action dispatch "SUCCESS")}}
+        @onerror={{action onerror}}
+      />
+    </State>
+    <State @matches="token">
+      <DataSource
+        @src={{concat path '/oidc/authorize/' provider.Name '/' jwt.authorizationCode '/' jwt.authorizationState}}
+        @onchange={{action 'change'}}
+        @onerror={{action onerror}}
+      />
+    </State>
+  {{/let}}
+</StateChart>
\ No newline at end of file
diff --git a/ui-v2/app/components/token-source/index.js b/ui-v2/app/components/token-source/index.js
new file mode 100644
index 000000000000..0c0dee250775
--- /dev/null
+++ b/ui-v2/app/components/token-source/index.js
@@ -0,0 +1,36 @@
+import Component from '@ember/component';
+
+import chart from './chart.xstate';
+export default Component.extend({
+  onchange: function() {},
+  init: function() {
+    this._super(...arguments);
+    this.chart = chart;
+  },
+  actions: {
+    isSecret: function() {
+      return this.type === 'secret';
+    },
+    change: function(e) {
+      e.data.toJSON = function() {
+        return {
+          AccessorID: this.AccessorID,
+          // TODO: In the past we've always ignored the SecretID returned
+          // from the server and used what the user typed in instead, now
+          // as we don't know the SecretID when we use SSO we use the SecretID
+          // in the response
+          SecretID: this.SecretID,
+          Namespace: this.Namespace,
+          ...{
+            AuthMethod: typeof this.AuthMethod !== 'undefined' ? this.AuthMethod : undefined,
+            // TODO: We should be able to only set namespaces if they are enabled
+            // but we might be testing for nspaces everywhere
+            // Namespace: typeof this.Namespace !== 'undefined' ? this.Namespace : undefined
+          },
+        };
+      };
+      // FIXME: We should probably put the component into idle state
+      this.onchange(e);
+    },
+  },
+});
diff --git a/ui-v2/app/controllers/application.js b/ui-v2/app/controllers/application.js
index 75ceaaec3c18..0ad991e3f500 100644
--- a/ui-v2/app/controllers/application.js
+++ b/ui-v2/app/controllers/application.js
@@ -1,3 +1,63 @@
 import Controller from '@ember/controller';
+import { inject as service } from '@ember/service';
+import { getOwner } from '@ember/application';
+import { get } from '@ember/object';
+import transitionable from 'consul-ui/utils/routing/transitionable';
 
-export default Controller.extend({});
+export default Controller.extend({
+  router: service('router'),
+  http: service('repository/type/event-source'),
+  dataSource: service('data-source/service'),
+  client: service('client/http'),
+  store: service('store'),
+  feedback: service('feedback'),
+  actions: {
+    // TODO: We currently do this in the controller instead of the router
+    // as the nspace and dc variables aren't available directly on the Route
+    // look to see if we can move this up there so we can empty the Controller
+    // out again
+    reauthorize: function(e) {
+      // TODO: For the moment e isn't a real event
+      // it has data which is potentially the token
+      // and type which is the logout/authorize/use action
+      // used for the feedback service.
+      this.feedback.execute(
+        () => {
+          // TODO: Centralize this elsewhere
+          this.client.abort();
+          this.http.resetCache();
+          this.dataSource.resetCache();
+          this.store.init();
+
+          const params = {};
+          if (e.data) {
+            const token = e.data;
+            // TODO: Do I actually need to check to see if nspaces are enabled here?
+            if (typeof this.nspace !== 'undefined') {
+              const nspace = get(token, 'Namespace') || this.nspace.Name;
+              // you potentially have a new namespace
+              // if you do redirect to it
+              if (nspace !== this.nspace.Name) {
+                params.nspace = `~${nspace}`;
+              }
+            }
+          }
+          const routeName = this.router.currentRoute.name;
+          const route = getOwner(this).lookup(`route:${routeName}`);
+          // We use transitionable here as refresh doesn't work if you are on an error page
+          // which is highly likely to happen here (403s)
+          if (routeName !== this.router.currentRouteName) {
+            return route.transitionTo(...transitionable(this.router, params, getOwner(this)));
+          } else {
+            return route.refresh();
+          }
+        },
+        e.type,
+        function(type, e) {
+          return type;
+        },
+        {}
+      );
+    },
+  },
+});
diff --git a/ui-v2/app/routes/application.js b/ui-v2/app/routes/application.js
index ad7f5b9361ca..a00aca74419d 100644
--- a/ui-v2/app/routes/application.js
+++ b/ui-v2/app/routes/application.js
@@ -18,7 +18,9 @@ export default Route.extend(WithBlockingActions, {
     return hash({
       router: this.router,
       dcs: this.repo.findAll(),
-      nspaces: this.nspacesRepo.findAll(),
+      nspaces: this.nspacesRepo.findAll().catch(function() {
+        return [];
+      }),
 
       // these properties are added to the controller from route/dc
       // as we don't have access to the dc and nspace params in the URL
@@ -72,30 +74,6 @@ export default Route.extend(WithBlockingActions, {
         error = e.errors[0];
         error.message = error.title || error.detail || 'Error';
       }
-      // TODO: Unfortunately ember will not maintain the correct URL
-      // for you i.e. when this happens the URL in your browser location bar
-      // will be the URL where you clicked on the link to come here
-      // not the URL where you got the 403 response
-      // Currently this is dealt with a lot better with the new ACLs system, in that
-      // if you get a 403 in the ACLs area, the URL is correct
-      // Moving that app wide right now wouldn't be ideal, therefore simply redirect
-      // to the ACLs URL instead of maintaining the actual URL, which is better than the old
-      // 403 page
-      // To note: Consul only gives you back a 403 if a non-existent token has been sent in the header
-      // if a token has not been sent at all, it just gives you a 200 with an empty dataset
-      // We set a completely null token here, which is different to just deleting a token
-      // in that deleting a token means 'logout' whereas setting it to completely null means
-      // there was a 403. This is only required to get around the legacy tokens
-      // a lot of this can go once we don't support legacy tokens
-      if (error.status === '403') {
-        return this.settings.persist({
-          token: {
-            AccessorID: null,
-            SecretID: null,
-            Namespace: null,
-          },
-        });
-      }
       if (error.status === '') {
         error.message = 'Error';
       }
@@ -136,16 +114,12 @@ export default Route.extend(WithBlockingActions, {
           removeLoading($root);
           // we can't use setupController as we received an error
           // so we do it manually instead
-          next(() => {
-            this.controllerFor('application').setProperties(model);
-            this.controllerFor('error').setProperties({ error: error });
-          });
+          this.controllerFor('application').setProperties(model);
+          this.controllerFor('error').setProperties({ error: error });
         })
         .catch(e => {
           removeLoading($root);
-          next(() => {
-            this.controllerFor('error').setProperties({ error: error });
-          });
+          this.controllerFor('error').setProperties({ error: error });
         });
       return true;
     },
diff --git a/ui-v2/app/services/data-source/protocols/http.js b/ui-v2/app/services/data-source/protocols/http.js
index 6a90796b08ac..a0bbabca6b2b 100644
--- a/ui-v2/app/services/data-source/protocols/http.js
+++ b/ui-v2/app/services/data-source/protocols/http.js
@@ -8,6 +8,7 @@ export default Service.extend({
   policies: service('repository/policy'),
   policy: service('repository/policy'),
   roles: service('repository/role'),
+  oidc: service('repository/oidc-provider'),
   type: service('data-source/protocols/http/blocking'),
   source: function(src, configuration) {
     // TODO: Consider adding/requiring nspace, dc, model, action, ...rest
@@ -29,6 +30,7 @@ export default Service.extend({
         return event;
       };
     }
+    let method, slug;
     switch (model) {
       case 'datacenters':
         find = configuration => repo.findAll(configuration);
@@ -46,6 +48,21 @@ export default Service.extend({
       case 'policy':
         find = configuration => repo.findBySlug(rest[0], dc, nspace, configuration);
         break;
+      case 'oidc':
+        [method, ...slug] = rest;
+        switch (method) {
+          case 'providers':
+            find = configuration => repo.findAllByDatacenter(dc, nspace, configuration);
+            break;
+          case 'provider':
+            find = configuration => repo.findBySlug(slug[0], dc, nspace);
+            break;
+          case 'authorize':
+            find = configuration =>
+              repo.authorize(slug[0], slug[1], slug[2], dc, nspace, configuration);
+            break;
+        }
+        break;
     }
     return this.type.source(find, configuration);
   },
diff --git a/ui-v2/app/services/data-source/service.js b/ui-v2/app/services/data-source/service.js
index ab4b0a481ed2..3cff3fa75b57 100644
--- a/ui-v2/app/services/data-source/service.js
+++ b/ui-v2/app/services/data-source/service.js
@@ -5,11 +5,11 @@ import MultiMap from 'mnemonist/multi-map';
 // TODO: Expose sizes of things via env vars
 
 // caches cursors and previous events when the EventSources are destroyed
-let cache;
+let cache = null;
 // keeps a record of currently in use EventSources
-let sources;
+let sources = null;
 // keeps a count of currently in use EventSources
-let usage;
+let usage = null;
 
 export default Service.extend({
   dom: service('dom'),
@@ -18,10 +18,18 @@ export default Service.extend({
 
   init: function() {
     this._super(...arguments);
+    if (cache === null) {
+      this.resetCache();
+    }
+    this._listeners = this.dom.listeners();
+  },
+  resetCache: function() {
+    Object.entries(sources || {}).forEach(function([key, item]) {
+      item.close();
+    });
     cache = new Map();
     sources = new Map();
     usage = new MultiMap(Set);
-    this._listeners = this.dom.listeners();
   },
   willDestroy: function() {
     this._listeners.remove();
diff --git a/ui-v2/app/services/dom-buffer.js b/ui-v2/app/services/dom-buffer.js
index 9c06b5b4ca16..88f66bffe033 100644
--- a/ui-v2/app/services/dom-buffer.js
+++ b/ui-v2/app/services/dom-buffer.js
@@ -1,28 +1,46 @@
 import Service from '@ember/service';
 import Evented from '@ember/object/evented';
-const buffer = {};
+let buffers;
+// TODO: This all should be replaced with {{#in-element}} if possible
 export default Service.extend(Evented, {
+  init: function() {
+    this._super(...arguments);
+    buffers = {};
+  },
+  willDestroy: function() {
+    Object.entries(buffers).forEach(function([key, items]) {
+      items.forEach(function(item) {
+        item.remove();
+      });
+    });
+    buffers = null;
+  },
   // TODO: Consider renaming this and/or
   // `delete`ing the buffer (but not the DOM element)
   // flush should flush, but maybe being able to re-flush
   // after you've flushed could be handy
   flush: function(name) {
-    return buffer[name];
+    return buffers[name];
   },
   add: function(name, dom) {
     this.trigger('add', dom);
-    if (typeof buffer[name] === 'undefined') {
-      buffer[name] = [];
+    if (typeof buffers[name] === 'undefined') {
+      buffers[name] = [];
     }
-    buffer[name].push(dom);
+    buffers[name].push(dom);
     return dom;
   },
-  remove: function(name) {
-    if (typeof buffer[name] !== 'undefined') {
-      buffer[name].forEach(function(item) {
+  remove: function(name, dom) {
+    if (typeof buffers[name] !== 'undefined') {
+      const buffer = buffers[name];
+      const i = buffer.findIndex(item => item === dom);
+      if (i !== -1) {
+        const item = buffer.splice(i, 1)[0];
         item.remove();
-      });
-      delete buffer[name];
+      }
+      if (buffer.length === 0) {
+        delete buffers[name];
+      }
     }
   },
 });
diff --git a/ui-v2/app/styles/base/components/form-elements/index.scss b/ui-v2/app/styles/base/components/form-elements/index.scss
index d2da88cf10a0..b09c43046485 100644
--- a/ui-v2/app/styles/base/components/form-elements/index.scss
+++ b/ui-v2/app/styles/base/components/form-elements/index.scss
@@ -8,6 +8,7 @@
 %form-element > span {
   @extend %form-element-label;
 }
+%form button + em,
 %form-element > em {
   @extend %form-element-note;
 }
diff --git a/ui-v2/app/styles/base/components/form-elements/layout.scss b/ui-v2/app/styles/base/components/form-elements/layout.scss
index 20ae6d73f325..cb5252d03d00 100644
--- a/ui-v2/app/styles/base/components/form-elements/layout.scss
+++ b/ui-v2/app/styles/base/components/form-elements/layout.scss
@@ -38,6 +38,10 @@
   min-height: 70px;
   padding: 6px 13px;
 }
+/* TODO: notes after buttons need less space, ideally they'd be the same */
+%form button + em {
+  margin-top: 0.5em;
+}
 %form-element-note {
   margin-top: 2px;
 }
diff --git a/ui-v2/app/styles/base/components/form-elements/skin.scss b/ui-v2/app/styles/base/components/form-elements/skin.scss
index ada9552333d5..13cb9cdaa818 100644
--- a/ui-v2/app/styles/base/components/form-elements/skin.scss
+++ b/ui-v2/app/styles/base/components/form-elements/skin.scss
@@ -1,9 +1,3 @@
-%form-element-note {
-  font-style: normal;
-}
-%form-element-label {
-  font-weight: $typo-weight-semibold;
-}
 %form-element-text-input {
   -moz-appearance: none;
   -webkit-appearance: none;
@@ -12,6 +6,8 @@
   border: $decor-border-100;
   outline: none;
 }
+%form fieldset > p,
+%form-element-note,
 %form-element-text-input::placeholder {
   color: $gray-400;
 }
@@ -20,7 +16,7 @@
 }
 %form-element-error > input,
 %form-element-error > textarea {
-  border-color: $color-failure !important;
+  border-color: var(--decor-error-500, $red-500) !important;
 }
 %form-element-text-input {
   color: $gray-500;
@@ -30,13 +26,10 @@
   border-color: $gray-500;
 }
 %form-element-text-input-focus {
-  border-color: $blue-500;
+  border-color: var(--typo-action-500, $blue-500);
 }
 %form-element-label {
-  color: $black;
-}
-%form-element-note {
-  color: $gray-400;
+  color: var(--typo-contrast-999, inherit);
 }
 %form-element-note > code {
   background-color: $gray-200;
diff --git a/ui-v2/app/styles/base/icons/base-variables.scss b/ui-v2/app/styles/base/icons/base-variables.scss
index e0d58c8689e3..885dbbadb8ba 100644
--- a/ui-v2/app/styles/base/icons/base-variables.scss
+++ b/ui-v2/app/styles/base/icons/base-variables.scss
@@ -7,7 +7,7 @@ $arrow-left-svg: url('data:image/svg+xml;charset=UTF-8,<svg viewBox="0 0 24 24"
 $arrow-right-color-svg: url('data:image/svg+xml;charset=UTF-8,<svg viewBox="0 0 24 24" xmlns="http://www.w3.org/2000/svg"><path d="M3 13h14.2l-3.6 3.6L15 18l6-6-6-6-1.4 1.4 3.6 3.6H3v2z" fill="%232eb039"/></svg>');
 $arrow-right-svg: url('data:image/svg+xml;charset=UTF-8,<svg viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg"><path fill-rule="evenodd" clip-rule="evenodd" d="M3 13h14.17l-3.58 3.59L15 18l6-6-6-6-1.41 1.41L17.17 11H3v2z" fill="%23000"/></svg>');
 $arrow-up-svg: url('data:image/svg+xml;charset=UTF-8,<svg viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg"><path fill-rule="evenodd" clip-rule="evenodd" d="M13 21V6.83l3.59 3.58L18 9l-6-6-6 6 1.41 1.41L11 6.83V21h2z" fill="%23000"/></svg>');
-$aws-logo-color-svg: url('data:image/svg+xml;charset=UTF-8,<svg width="48" height="48" viewBox="0 0 48 48" xmlns="http://www.w3.org/2000/svg"><g fill="none" fill-rule="evenodd"><path d="M13.574 22.395c0 .588.063 1.065.174 1.414.127.35.286.731.509 1.145.08.127.111.254.111.365 0 .16-.095.318-.302.477l-1.001.668a.762.762 0 0 1-.413.143c-.16 0-.318-.08-.477-.223a4.917 4.917 0 0 1-.572-.747c-.16-.27-.318-.572-.493-.938-1.24 1.463-2.797 2.194-4.673 2.194-1.335 0-2.4-.382-3.179-1.145-.779-.763-1.176-1.78-1.176-3.051 0-1.351.477-2.448 1.446-3.274.97-.827 2.257-1.24 3.895-1.24.54 0 1.096.047 1.684.127.588.08 1.192.207 1.828.35V17.5c0-1.209-.254-2.051-.747-2.544-.509-.492-1.367-.73-2.59-.73-.557 0-1.13.063-1.717.206-.588.143-1.16.318-1.717.54a4.56 4.56 0 0 1-.556.207.975.975 0 0 1-.254.047c-.223 0-.334-.158-.334-.492v-.779c0-.254.032-.445.111-.556.08-.112.223-.223.445-.334.556-.286 1.224-.525 2.003-.715a9.636 9.636 0 0 1 2.48-.302c1.89 0 3.273.429 4.164 1.287.874.858 1.319 2.162 1.319 3.91v5.15h.032zM7.12 24.81c.524 0 1.064-.096 1.637-.286.572-.191 1.08-.54 1.51-1.018.254-.302.445-.635.54-1.017.095-.381.159-.842.159-1.383v-.667c-.461-.112-.954-.207-1.462-.27a11.976 11.976 0 0 0-1.494-.096c-1.065 0-1.844.207-2.369.636-.524.43-.778 1.033-.778 1.828 0 .747.19 1.303.588 1.685.381.397.937.588 1.669.588zm12.762 1.716c-.286 0-.476-.048-.604-.159-.127-.095-.238-.318-.333-.62L15.21 13.462c-.096-.318-.143-.524-.143-.636 0-.254.127-.397.381-.397h1.558c.302 0 .508.048.62.16.127.094.222.317.317.619l2.67 10.522 2.48-10.522c.08-.318.175-.525.302-.62.127-.095.35-.159.636-.159h1.271c.302 0 .509.048.636.16.127.094.238.317.302.619l2.511 10.649 2.75-10.65c.095-.317.207-.524.318-.619.127-.095.334-.159.62-.159h1.478c.254 0 .397.127.397.397 0 .08-.016.16-.032.255a2.261 2.261 0 0 1-.11.397l-3.831 12.286c-.096.318-.207.525-.334.62-.127.095-.334.159-.604.159h-1.367c-.302 0-.509-.048-.636-.159s-.238-.318-.302-.636l-2.463-10.251-2.448 10.235c-.08.318-.175.525-.302.636-.127.111-.35.16-.636.16h-1.367zm20.424.43c-.826 0-1.653-.096-2.447-.287-.795-.19-1.415-.397-1.828-.636-.255-.143-.43-.302-.493-.445a1.122 1.122 0 0 1-.095-.445v-.81c0-.334.127-.493.365-.493a.9.9 0 0 1 .286.048c.096.032.239.095.398.159.54.238 1.128.429 1.748.556.636.127 1.256.19 1.891.19 1.002 0 1.78-.174 2.321-.524.54-.35.826-.858.826-1.51 0-.445-.143-.81-.429-1.112-.286-.302-.826-.573-1.605-.827l-2.305-.715c-1.16-.366-2.018-.906-2.543-1.621-.524-.7-.794-1.478-.794-2.305 0-.667.143-1.255.429-1.764a4.087 4.087 0 0 1 1.144-1.303 5.045 5.045 0 0 1 1.653-.827 6.927 6.927 0 0 1 2.003-.27c.35 0 .715.016 1.065.063.365.048.699.112 1.033.175.318.08.62.16.906.255.286.095.508.19.667.286.223.127.382.254.477.397.095.127.143.302.143.525v.747c0 .333-.127.508-.365.508-.128 0-.334-.063-.604-.19-.906-.414-1.924-.62-3.052-.62-.906 0-1.621.143-2.114.445-.493.302-.747.763-.747 1.414 0 .445.159.827.477 1.129.318.302.906.604 1.748.874l2.257.715c1.145.366 1.971.874 2.464 1.526.492.652.73 1.399.73 2.225 0 .684-.142 1.303-.412 1.844a4.275 4.275 0 0 1-1.16 1.398c-.493.398-1.081.684-1.765.89a7.558 7.558 0 0 1-2.273.334z" fill="%23252F3E" fill-rule="nonzero"/><path d="M43.311 34.68c-5.229 3.863-12.826 5.913-19.359 5.913-9.155 0-17.404-3.385-23.634-9.012-.493-.445-.048-1.049.54-.699 6.74 3.91 15.052 6.278 23.65 6.278 5.802 0 12.175-1.208 18.04-3.687.875-.398 1.622.572.763 1.208zm2.178-2.479c-.668-.858-4.419-.413-6.12-.206-.508.063-.588-.382-.127-.716 2.988-2.098 7.9-1.494 8.472-.794.572.715-.159 5.626-2.956 7.979-.43.365-.843.174-.652-.302.636-1.574 2.05-5.118 1.383-5.96z" fill="%23F90"/></g></svg>');
+$aws-logo-color-svg: url('data:image/svg+xml;charset=UTF-8,<svg viewBox="0 0 24 24" xmlns="http://www.w3.org/2000/svg"><g fill="none" fill-rule="evenodd"><path d="M13.574 22.395c0 .588.063 1.065.174 1.414.127.35.286.731.509 1.145.08.127.111.254.111.365 0 .16-.095.318-.302.477l-1.001.668a.762.762 0 0 1-.413.143c-.16 0-.318-.08-.477-.223a4.917 4.917 0 0 1-.572-.747c-.16-.27-.318-.572-.493-.938-1.24 1.463-2.797 2.194-4.673 2.194-1.335 0-2.4-.382-3.179-1.145-.779-.763-1.176-1.78-1.176-3.051 0-1.351.477-2.448 1.446-3.274.97-.827 2.257-1.24 3.895-1.24.54 0 1.096.047 1.684.127.588.08 1.192.207 1.828.35V17.5c0-1.209-.254-2.051-.747-2.544-.509-.492-1.367-.73-2.59-.73-.557 0-1.13.063-1.717.206-.588.143-1.16.318-1.717.54a4.56 4.56 0 0 1-.556.207.975.975 0 0 1-.254.047c-.223 0-.334-.158-.334-.492v-.779c0-.254.032-.445.111-.556.08-.112.223-.223.445-.334.556-.286 1.224-.525 2.003-.715a9.636 9.636 0 0 1 2.48-.302c1.89 0 3.273.429 4.164 1.287.874.858 1.319 2.162 1.319 3.91v5.15h.032zM7.12 24.81c.524 0 1.064-.096 1.637-.286.572-.191 1.08-.54 1.51-1.018.254-.302.445-.635.54-1.017.095-.381.159-.842.159-1.383v-.667c-.461-.112-.954-.207-1.462-.27a11.976 11.976 0 0 0-1.494-.096c-1.065 0-1.844.207-2.369.636-.524.43-.778 1.033-.778 1.828 0 .747.19 1.303.588 1.685.381.397.937.588 1.669.588zm12.762 1.716c-.286 0-.476-.048-.604-.159-.127-.095-.238-.318-.333-.62L15.21 13.462c-.096-.318-.143-.524-.143-.636 0-.254.127-.397.381-.397h1.558c.302 0 .508.048.62.16.127.094.222.317.317.619l2.67 10.522 2.48-10.522c.08-.318.175-.525.302-.62.127-.095.35-.159.636-.159h1.271c.302 0 .509.048.636.16.127.094.238.317.302.619l2.511 10.649 2.75-10.65c.095-.317.207-.524.318-.619.127-.095.334-.159.62-.159h1.478c.254 0 .397.127.397.397 0 .08-.016.16-.032.255a2.261 2.261 0 0 1-.11.397l-3.831 12.286c-.096.318-.207.525-.334.62-.127.095-.334.159-.604.159h-1.367c-.302 0-.509-.048-.636-.159s-.238-.318-.302-.636l-2.463-10.251-2.448 10.235c-.08.318-.175.525-.302.636-.127.111-.35.16-.636.16h-1.367zm20.424.43c-.826 0-1.653-.096-2.447-.287-.795-.19-1.415-.397-1.828-.636-.255-.143-.43-.302-.493-.445a1.122 1.122 0 0 1-.095-.445v-.81c0-.334.127-.493.365-.493a.9.9 0 0 1 .286.048c.096.032.239.095.398.159.54.238 1.128.429 1.748.556.636.127 1.256.19 1.891.19 1.002 0 1.78-.174 2.321-.524.54-.35.826-.858.826-1.51 0-.445-.143-.81-.429-1.112-.286-.302-.826-.573-1.605-.827l-2.305-.715c-1.16-.366-2.018-.906-2.543-1.621-.524-.7-.794-1.478-.794-2.305 0-.667.143-1.255.429-1.764a4.087 4.087 0 0 1 1.144-1.303 5.045 5.045 0 0 1 1.653-.827 6.927 6.927 0 0 1 2.003-.27c.35 0 .715.016 1.065.063.365.048.699.112 1.033.175.318.08.62.16.906.255.286.095.508.19.667.286.223.127.382.254.477.397.095.127.143.302.143.525v.747c0 .333-.127.508-.365.508-.128 0-.334-.063-.604-.19-.906-.414-1.924-.62-3.052-.62-.906 0-1.621.143-2.114.445-.493.302-.747.763-.747 1.414 0 .445.159.827.477 1.129.318.302.906.604 1.748.874l2.257.715c1.145.366 1.971.874 2.464 1.526.492.652.73 1.399.73 2.225 0 .684-.142 1.303-.412 1.844a4.275 4.275 0 0 1-1.16 1.398c-.493.398-1.081.684-1.765.89a7.558 7.558 0 0 1-2.273.334z" fill="%23252F3E" fill-rule="nonzero"/><path d="M43.311 34.68c-5.229 3.863-12.826 5.913-19.359 5.913-9.155 0-17.404-3.385-23.634-9.012-.493-.445-.048-1.049.54-.699 6.74 3.91 15.052 6.278 23.65 6.278 5.802 0 12.175-1.208 18.04-3.687.875-.398 1.622.572.763 1.208zm2.178-2.479c-.668-.858-4.419-.413-6.12-.206-.508.063-.588-.382-.127-.716 2.988-2.098 7.9-1.494 8.472-.794.572.715-.159 5.626-2.956 7.979-.43.365-.843.174-.652-.302.636-1.574 2.05-5.118 1.383-5.96z" fill="%23F90"/></g></svg>');
 $bolt-svg: url('data:image/svg+xml;charset=UTF-8,<svg viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M13 2L6 14h5v8l7-12h-5V2z" fill="%23000"/></svg>');
 $box-check-fill-svg: url('data:image/svg+xml;charset=UTF-8,<svg viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg"><path fill-rule="evenodd" clip-rule="evenodd" d="M19 3H5a2 2 0 0 0-2 2v14a2 2 0 0 0 2 2h14a2 2 0 0 0 2-2V5a2 2 0 0 0-2-2zm-9 14l-5-5 1.41-1.41L10 14.17l7.59-7.59L19 8l-9 9z" fill="%23000"/></svg>');
 $box-outline-svg: url('data:image/svg+xml;charset=UTF-8,<svg viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg"><path fill-rule="evenodd" clip-rule="evenodd" d="M19 5v14H5V5h14zm0-2H5c-1.1 0-2 .9-2 2v14c0 1.1.9 2 2 2h14c1.1 0 2-.9 2-2V5c0-1.1-.9-2-2-2z" fill="%23000"/></svg>');
@@ -86,6 +86,7 @@ $lock-disabled-svg: url('data:image/svg+xml;charset=UTF-8,<svg viewBox="0 0 24 2
 $lock-open-svg: url('data:image/svg+xml;charset=UTF-8,<svg viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg"><path fill-rule="evenodd" clip-rule="evenodd" d="M18 8h-1V6c0-2.76-2.24-5-5-5S7 3.24 7 6h1.9c0-1.71 1.39-3.1 3.1-3.1 1.71 0 3.1 1.39 3.1 3.1v2H6c-1.1 0-2 .9-2 2v10c0 1.1.9 2 2 2h12c1.1 0 2-.9 2-2V10c0-1.1-.9-2-2-2zm0 12H6V10h12v10zm-3.876-6.233H9.473l2.318 3.938 2.333-3.938z" fill="%23000"/></svg>');
 $logo-alicloud-color-svg: url('data:image/svg+xml;charset=UTF-8,<svg viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M13.488 6.072c0 .131.426 1.745.473 1.783.014.021 1.044.248 2.271.504 1.227.256 2.326.517 2.423.57.132.074.243.18.322.307.12.203.136.423.136 2.774 0 2.352-.015 2.572-.136 2.777a.96.96 0 0 1-.322.306c-.097.051-1.185.307-2.423.57-1.237.263-2.249.487-2.271.51-.047.044-.466 1.65-.473 1.781 0 .082.54.096 2.91.074 3.27-.029 3.307-.036 4.139-.581a3.356 3.356 0 0 0 1.29-1.644c.172-.49.172-.534.172-3.78 0-3.245 0-3.293-.171-3.779a3.339 3.339 0 0 0-1.291-1.642c-.832-.548-.869-.556-4.14-.582-2.37-.036-2.91-.026-2.91.052zM10.512 17.965c0-.13-.427-1.744-.473-1.782-.015-.022-1.045-.249-2.272-.505-1.227-.255-2.325-.517-2.422-.57a.885.885 0 0 1-.323-.306c-.12-.204-.135-.423-.135-2.775s.015-2.571.135-2.776a.96.96 0 0 1 .323-.307c.097-.05 1.185-.307 2.422-.57 1.237-.263 2.25-.487 2.272-.509.046-.045.466-1.65.473-1.782 0-.081-.54-.096-2.91-.074-3.27.03-3.308.036-4.14.582a3.356 3.356 0 0 0-1.29 1.644C2 8.725 2 8.768 2 12.014s0 3.294.172 3.78a3.34 3.34 0 0 0 1.29 1.642c.832.548.87.555 4.14.581 2.37.037 2.91.027 2.91-.052z" fill="%23373C41"/><path fill="%23373C41" d="M9.917 11.681h4.167v.812H9.917z"/></svg>');
 $logo-alicloud-monochrome-svg: url('data:image/svg+xml;charset=UTF-8,<svg viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg"><path fill-rule="evenodd" clip-rule="evenodd" d="M10.512 17.965c0-.13-.427-1.744-.473-1.782-.015-.022-1.045-.249-2.272-.505-1.227-.255-2.325-.517-2.422-.57a.884.884 0 0 1-.323-.306c-.12-.204-.135-.423-.135-2.775s.014-2.571.135-2.776a.96.96 0 0 1 .323-.307c.097-.051 1.185-.307 2.422-.57 1.237-.263 2.25-.487 2.272-.509.046-.045.466-1.65.473-1.782 0-.081-.54-.096-2.91-.074-3.27.03-3.308.036-4.14.582a3.355 3.355 0 0 0-1.29 1.644C2 8.725 2 8.768 2 12.014s0 3.294.172 3.78a3.34 3.34 0 0 0 1.29 1.642c.832.548.87.555 4.14.581 2.37.037 2.91.027 2.91-.052zm2.976-11.893c0 .131.426 1.745.473 1.783.014.021 1.044.248 2.271.504 1.227.256 2.326.517 2.423.57.132.074.243.18.322.307.12.203.136.422.136 2.774s-.015 2.572-.136 2.777a.96.96 0 0 1-.322.306c-.097.051-1.185.307-2.423.57-1.237.263-2.249.487-2.271.51-.047.044-.466 1.65-.473 1.781 0 .082.54.096 2.91.074 3.27-.029 3.307-.036 4.139-.581a3.356 3.356 0 0 0 1.29-1.644c.172-.49.172-.534.172-3.78 0-3.245 0-3.293-.171-3.779a3.34 3.34 0 0 0-1.291-1.642c-.832-.548-.869-.556-4.14-.582-2.37-.036-2.91-.026-2.91.052zm.595 5.61H9.917v.81h4.166v-.81z" fill="%23000"/></svg>');
+$logo-auth0-color-svg: url('data:image/svg+xml;charset=UTF-8,<svg viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M19.805 8.562L17.983 3h-5.885l1.82 5.562h5.887zM12.098 3H6.214L4.396 8.562h5.885L12.098 3zM4.396 8.562a8.003 8.003 0 000 4.975 8.053 8.053 0 002.942 4.025L9.157 12l-4.76-3.438zm15.406 0L15.038 12l1.818 5.562a8.053 8.053 0 002.946-4.024c.53-1.616.53-3.358.003-4.976h-.003zm-12.464 9L12.1 21l4.76-3.438-4.76-3.438-4.76 3.438z" fill="%23EB5424"/></svg>');
 $logo-aws-color-svg: url('data:image/svg+xml;charset=UTF-8,<svg viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg"><path fill-rule="evenodd" clip-rule="evenodd" d="M17.775 12.113c.331.08.675.119 1.02.119.337 0 .649-.047.947-.14.284-.085.53-.205.735-.37.205-.16.364-.358.483-.583.113-.225.172-.483.172-.768 0-.345-.099-.656-.304-.927-.206-.272-.55-.484-1.027-.636l-.94-.298c-.351-.113-.596-.238-.729-.364a.625.625 0 0 1-.198-.47c0-.272.106-.464.311-.59.205-.126.503-.185.88-.185.471 0 .895.086 1.272.258.113.053.199.08.252.08.1 0 .152-.073.152-.213v-.31a.356.356 0 0 0-.06-.22.572.572 0 0 0-.198-.165 1.448 1.448 0 0 0-.278-.12 5.14 5.14 0 0 0-.378-.105c-.139-.027-.278-.053-.43-.073a3.325 3.325 0 0 0-.444-.026c-.291 0-.57.033-.834.112a2.1 2.1 0 0 0-.689.345 1.704 1.704 0 0 0-.477.543c-.119.212-.179.457-.179.735 0 .344.113.669.332.96.218.298.576.523 1.06.675l.96.298c.324.106.55.219.668.345.12.126.18.278.18.463 0 .272-.12.484-.345.63-.225.145-.55.218-.967.218-.265 0-.523-.026-.788-.08a3.606 3.606 0 0 1-.729-.231l-.067-.028c-.039-.016-.073-.03-.098-.038a.376.376 0 0 0-.12-.02c-.099 0-.152.066-.152.205v.338c0 .06.014.126.04.185.026.06.1.126.205.186.172.099.43.185.762.265zM7.728 10.92a2.003 2.003 0 0 1-.072-.59h-.014V8.185c0-.728-.185-1.271-.55-1.629-.37-.357-.946-.536-1.734-.536-.365 0-.709.04-1.033.126-.325.08-.603.178-.835.298a.496.496 0 0 0-.185.139c-.033.046-.047.126-.047.232v.324c0 .14.047.205.14.205.026 0 .059-.006.105-.02a1.9 1.9 0 0 0 .232-.086c.232-.092.47-.165.715-.225s.484-.086.716-.086c.51 0 .867.1 1.079.305.205.205.311.556.311 1.06v.483a8.993 8.993 0 0 0-.761-.146 5.244 5.244 0 0 0-.702-.053c-.682 0-1.219.172-1.623.517-.404.344-.602.801-.602 1.364 0 .53.165.954.49 1.271.324.318.768.477 1.324.477.782 0 1.43-.304 1.947-.914.073.153.14.278.205.391.067.106.146.212.239.311.066.06.132.093.199.093.053 0 .112-.02.172-.06l.417-.278c.086-.066.126-.132.126-.198 0-.047-.013-.1-.047-.153a3.547 3.547 0 0 1-.212-.476zm-2.079.298c-.238.079-.464.119-.682.119-.305 0-.537-.08-.695-.245-.166-.16-.246-.391-.246-.702 0-.331.106-.583.325-.762.219-.179.543-.265.987-.265.205 0 .41.013.622.04.212.026.417.066.61.113v.278c0 .225-.027.417-.067.576-.04.159-.119.298-.225.424-.179.198-.39.344-.629.424zm4.636.834c-.12 0-.199-.02-.252-.066-.053-.04-.1-.133-.139-.258l-1.556-5.12a1.16 1.16 0 0 1-.06-.265c0-.106.053-.165.16-.165h.648c.126 0 .212.02.258.066.053.04.093.132.133.258l1.112 4.384 1.034-4.384c.033-.132.072-.218.125-.258a.456.456 0 0 1 .265-.066h.53c.126 0 .212.02.265.066.053.04.1.132.126.258l1.046 4.437 1.146-4.437c.04-.132.086-.218.132-.258a.432.432 0 0 1 .259-.066h.616c.105 0 .165.053.165.165a.536.536 0 0 1-.01.09l-.003.016a.949.949 0 0 1-.047.166l-1.596 5.12c-.04.131-.086.218-.139.257a.424.424 0 0 1-.251.067h-.57c-.126 0-.212-.02-.265-.067-.053-.046-.1-.132-.126-.264l-1.026-4.272-1.02 4.265c-.033.132-.073.218-.126.265-.053.046-.146.066-.265.066h-.57z" fill="%23252F3E"/><path fill-rule="evenodd" clip-rule="evenodd" d="M18.404 14.331c.709-.086 2.271-.271 2.55.086.278.351-.312 1.828-.576 2.484-.08.198.092.278.271.125 1.166-.98 1.47-3.026 1.232-3.324-.239-.291-2.285-.543-3.53.331-.192.14-.159.325.053.298zm-6.424 3.583c2.722 0 5.888-.854 8.066-2.464.358-.265.047-.668-.317-.503a19.665 19.665 0 0 1-7.517 1.536c-3.583 0-7.046-.986-9.854-2.615-.245-.146-.43.105-.226.29 2.596 2.345 6.034 3.756 9.848 3.756z" fill="%23F90"/></svg>');
 $logo-aws-monochrome-svg: url('data:image/svg+xml;charset=UTF-8,<svg viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg"><path fill-rule="evenodd" clip-rule="evenodd" d="M18.825 12.535c-.346 0-.692-.042-1.025-.125-.332-.084-.592-.174-.765-.278a.488.488 0 0 1-.206-.195.51.51 0 0 1-.04-.194v-.355c0-.146.053-.216.153-.216.04 0 .08.007.12.021l.098.04.068.03c.226.104.472.188.732.243.266.056.525.083.791.083.42 0 .745-.076.971-.229a.757.757 0 0 0 .346-.66.694.694 0 0 0-.18-.487c-.119-.132-.345-.25-.671-.361l-.964-.313c-.486-.16-.845-.397-1.065-.71a1.705 1.705 0 0 1-.332-1.008c0-.292.06-.549.18-.771.119-.223.279-.417.478-.57.2-.16.426-.278.692-.362.266-.083.545-.118.838-.118.146 0 .3.007.446.028.153.02.292.048.432.076.133.035.26.07.38.112.119.041.212.083.279.125.093.055.16.11.2.173.039.056.059.133.059.23v.327c0 .146-.053.222-.153.222a.67.67 0 0 1-.253-.083 2.93 2.93 0 0 0-1.277-.271c-.38 0-.678.062-.885.194-.206.132-.312.334-.312.619 0 .195.066.361.2.494.132.132.378.264.731.382l.945.313c.479.16.824.382 1.03.667.207.285.307.612.307.973 0 .3-.06.57-.173.807-.12.236-.28.445-.486.612a2.11 2.11 0 0 1-.738.389c-.3.097-.612.146-.951.146zM7.636 10.54c0 .257.027.466.073.619.054.152.12.32.213.5a.312.312 0 0 1 .047.16c0 .07-.04.139-.127.208l-.419.293a.31.31 0 0 1-.173.062c-.066 0-.133-.035-.2-.097a2.146 2.146 0 0 1-.239-.327 5.477 5.477 0 0 1-.206-.41c-.519.64-1.17.96-1.955.96-.56 0-1.005-.168-1.33-.501-.327-.334-.493-.779-.493-1.335 0-.591.2-1.07.605-1.432.406-.362.945-.543 1.63-.543.226 0 .459.021.705.056.246.035.499.09.765.153v-.508c0-.528-.106-.896-.313-1.112-.212-.215-.572-.32-1.084-.32-.233 0-.472.028-.718.09a5.135 5.135 0 0 0-.719.237 1.855 1.855 0 0 1-.232.09.392.392 0 0 1-.107.021c-.093 0-.14-.07-.14-.215v-.34c0-.112.014-.196.047-.244a.501.501 0 0 1 .186-.146c.233-.125.512-.23.838-.313.326-.09.672-.132 1.038-.132.792 0 1.37.188 1.743.563.366.375.552.946.552 1.71v2.253h.013zm-2.7 1.057c.22 0 .445-.042.685-.126a1.48 1.48 0 0 0 .632-.445 1.12 1.12 0 0 0 .226-.444c.04-.167.066-.369.066-.605v-.292a5.34 5.34 0 0 0-.612-.119 4.799 4.799 0 0 0-.625-.041c-.446 0-.772.09-.991.278-.22.188-.326.452-.326.8 0 .326.08.57.246.736.16.174.393.258.699.258zm5.088.68c.053.05.133.07.253.07h.572c.12 0 .213-.02.266-.07.053-.048.093-.138.127-.277l1.024-4.477 1.03 4.484c.027.139.074.23.127.278.053.048.14.07.266.07h.572c.114 0 .2-.029.253-.07.053-.042.1-.132.14-.271l1.603-5.374a1.03 1.03 0 0 0 .046-.174l.003-.018c.006-.034.01-.064.01-.093 0-.119-.06-.174-.165-.174h-.62a.42.42 0 0 0-.258.07c-.047.041-.094.131-.134.27l-1.15 4.658-1.051-4.658c-.027-.132-.074-.229-.127-.27-.053-.05-.14-.07-.266-.07h-.532a.443.443 0 0 0-.266.07c-.053.041-.093.131-.126.27l-1.038 4.603L9.465 6.52c-.04-.132-.08-.229-.133-.27-.046-.05-.133-.07-.259-.07h-.652c-.106 0-.16.062-.16.174 0 .048.02.139.06.278l1.563 5.374c.04.132.087.23.14.27zm10.969 2.552c-.28-.375-1.85-.18-2.561-.09-.213.028-.246-.167-.053-.313 1.25-.918 3.306-.653 3.545-.348.24.313-.066 2.462-1.237 3.49-.18.16-.353.077-.273-.132.266-.688.858-2.238.579-2.607zm-.911 1.085c-2.189 1.69-5.368 2.586-8.102 2.586-3.832 0-7.284-1.48-9.891-3.942-.207-.194-.02-.459.226-.306 2.82 1.71 6.299 2.746 9.898 2.746 2.428 0 5.095-.528 7.55-1.613.365-.173.678.25.319.529z" fill="%23000"/></svg>');
 $logo-azure-color-svg: url('data:image/svg+xml;charset=UTF-8,<svg viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M11.105 18.43l4.642-.82.043-.01-2.387-2.84a402.878 402.878 0 0 1-2.387-2.853c0-.014 2.465-6.802 2.479-6.826.004-.008 1.682 2.888 4.066 7.02l4.09 7.09.031.054-7.587-.001-7.587-.001 4.597-.812zM2 17.565c0-.004 1.125-1.957 2.5-4.34L7 8.893l2.913-2.445C11.515 5.104 12.83 4.002 12.836 4a.515.515 0 0 1-.047.118l-3.164 6.785-3.107 6.663-2.259.003c-1.242.002-2.259 0-2.259-.004z" fill="%230089D6"/></svg>');
@@ -100,6 +101,7 @@ $logo-gitlab-color-svg: url('data:image/svg+xml;charset=UTF-8,<svg viewBox="0 0
 $logo-gitlab-monochrome-svg: url('data:image/svg+xml;charset=UTF-8,<svg viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M21.937 13.292l-1.12-3.364-2.213-6.672A.382.382 0 0 0 18.24 3a.382.382 0 0 0-.363.256l-2.215 6.668H8.307L6.092 3.256A.382.382 0 0 0 5.73 3a.382.382 0 0 0-.363.256l-2.21 6.668-1.12 3.368a.736.736 0 0 0 .276.833L11.986 21l9.67-6.875a.738.738 0 0 0 .28-.833z" fill="%23000"/></svg>');
 $logo-kubernetes-color-svg: url('data:image/svg+xml;charset=UTF-8,<svg viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg"><path fill-rule="evenodd" clip-rule="evenodd" d="M7.011 21.384c.306.397.759.616 1.238.616l7.508-.014c.479 0 .932-.233 1.238-.616l4.659-5.959a1.69 1.69 0 0 0 .306-1.397l-1.664-7.439a1.612 1.612 0 0 0-.865-1.11l-6.736-3.3A1.517 1.517 0 0 0 12.003 2c-.24 0-.48.055-.692.164L4.575 5.48c-.44.22-.759.617-.865 1.11l-1.664 7.438c-.12.494 0 1 .306 1.398l4.659 5.959zm12.154-8.145h.014c.253.07.408.295.408.464a.474.474 0 0 1-.45.324c-.043 0-.07 0-.113-.014-.014-.014-.028-.014-.042-.014-.014 0-.028-.004-.042-.007-.015-.004-.029-.007-.043-.007a1.357 1.357 0 0 1-.253-.099c-.021-.007-.042-.017-.063-.028-.021-.01-.043-.021-.064-.028h-.014c-.267-.099-.506-.183-.732-.211h-.028a.254.254 0 0 0-.142.047l-.04.023c-.008 0-.011.004-.015.007-.003.004-.007.007-.014.007l-.169-.028c-.14.436-.338.873-.591 1.267a5.453 5.453 0 0 1-1.858 1.816l.07.169c0 .007-.003.01-.007.014-.003.003-.007.007-.007.014l-.01.043a.31.31 0 0 0-.004.182c.067.2.196.399.34.622l.026.04v.014a.786.786 0 0 0 .042.056c.014.018.028.035.042.056.057.07.113.141.155.226.014.014.028.042.043.07 0 .007.003.01.007.014.003.004.007.007.007.014.056.113.056.24.028.352a.42.42 0 0 1-.211.253.375.375 0 0 1-.17.043.478.478 0 0 1-.422-.268s-.014-.014-.014-.028l-.02-.035c-.008-.01-.015-.021-.022-.035a.9.9 0 0 1-.06-.17l-.024-.084-.043-.127v-.014l-.023-.062a4.334 4.334 0 0 0-.272-.641.26.26 0 0 0-.183-.127c-.008-.008-.012-.012-.016-.013l-.012-.001-.085-.155c-.24.085-.478.155-.732.211a5.11 5.11 0 0 1-1.224.141 5.5 5.5 0 0 1-1.971-.366l-.099.183c-.008.008-.011.011-.015.013l-.013.001a.628.628 0 0 1-.036.017.29.29 0 0 0-.147.11c-.112.174-.18.37-.262.608l-.033.096-.043.126-.025.081c-.015.054-.03.107-.059.173a.307.307 0 0 0-.042.07s-.014.014-.014.028a.506.506 0 0 1-.423.268.375.375 0 0 1-.169-.043c-.21-.098-.295-.366-.183-.605 0 0 .015-.014.015-.028.014-.028.028-.056.042-.07l.041-.063c.038-.058.072-.11.114-.163l.042-.056a.783.783 0 0 0 .042-.056v-.014c.155-.24.282-.45.366-.662a.29.29 0 0 0-.028-.225c0-.007-.004-.01-.007-.014-.004-.004-.007-.007-.007-.014l.084-.183a5.706 5.706 0 0 1-.605-.409 5.567 5.567 0 0 1-1.844-2.646l-.197.028c-.007 0-.01-.003-.014-.007-.004-.003-.007-.007-.014-.007l-.01-.006c-.04-.028-.095-.064-.173-.064h-.028c-.226.028-.465.113-.732.211h-.014c-.022.007-.043.018-.064.028-.02.01-.042.021-.063.028-.085.043-.155.07-.253.099a.173.173 0 0 0-.043.007c-.014.003-.028.007-.042.007 0 .014-.014.014-.028.014-.042.014-.07.014-.113.014-.225 0-.408-.127-.45-.324a.462.462 0 0 1 .366-.52c.014-.015.028-.015.042-.015a.177.177 0 0 0 .042-.007.173.173 0 0 1 .043-.007l.036-.005a1.61 1.61 0 0 1 .231-.023c.042-.014.099-.014.14-.014h.015c.295-.028.549-.056.76-.127a.327.327 0 0 0 .155-.154c0-.008.003-.011.007-.014.003-.004.007-.008.007-.015l.183-.056a5.482 5.482 0 0 1 .788-3.716.277.277 0 0 1 .046-.078.836.836 0 0 0 .025-.035l-.141-.126v-.028c0-.07 0-.141-.07-.212-.162-.148-.363-.27-.602-.417l-.032-.019c-.042-.028-.085-.056-.127-.07a2.12 2.12 0 0 1-.239-.141c-.014-.007-.025-.018-.035-.028a.138.138 0 0 0-.035-.028c-.007 0-.011-.004-.014-.007-.004-.004-.008-.007-.015-.007-.197-.17-.239-.45-.098-.634a.4.4 0 0 1 .324-.155c.112 0 .225.042.31.113 0 .009.005.012.012.016l.015.012c.017.016.033.028.047.038.01.007.018.012.024.018.07.07.127.127.183.197.029.02.051.045.071.069a3.733 3.733 0 0 0 .59.55.227.227 0 0 0 .127.043.177.177 0 0 0 .042-.007c.014-.004.029-.007.043-.007h.028l.14.098a5.426 5.426 0 0 1 3.548-1.689l.014-.183.028-.028.016-.016c.04-.037.084-.08.097-.167.022-.18 0-.376-.024-.591a14.75 14.75 0 0 1-.019-.169v-.014c-.006-.026-.01-.049-.013-.07a.418.418 0 0 0-.015-.07.818.818 0 0 1-.042-.268V4.82c0-.127.042-.24.127-.324a.452.452 0 0 1 .31-.14c.239 0 .436.21.436.464v.127c-.014.098-.029.183-.043.267a.503.503 0 0 0-.028.141v.014l-.005.056c-.027.26-.05.494-.037.704.012.087.057.13.097.168l.016.015.028.028.014.183a5.621 5.621 0 0 1 2.942 1.169c.197.169.394.338.577.535l.169-.113h.028c.028.014.056.014.084.014a.227.227 0 0 0 .127-.042c.183-.127.366-.296.563-.507a.363.363 0 0 0 .072-.068.511.511 0 0 1 .027-.03c.056-.07.112-.127.183-.198a.136.136 0 0 0 .035-.028c.01-.01.021-.02.035-.028l.028-.028a.523.523 0 0 1 .31-.113.4.4 0 0 1 .324.155c.14.183.098.465-.099.634 0 .008-.005.012-.013.016-.004.003-.01.006-.015.012-.017.016-.033.028-.047.038a2.111 2.111 0 0 1-.263.16c-.02.013-.042.024-.063.034-.021.01-.042.021-.063.035l-.032.02c-.24.146-.44.268-.602.417a.318.318 0 0 0-.07.21v.029l-.14.127c.365.563.633 1.182.787 1.844a5.57 5.57 0 0 1 .099 1.984l.183.057c0 .007.003.01.007.014.003.003.007.007.007.014a.274.274 0 0 0 .155.155c.225.07.464.098.76.126h.014c.056.014.099.014.14.014.075 0 .148.011.231.023l.037.006c.014 0 .028.003.042.007a.178.178 0 0 0 .043.007c0 .014.014.014.028.014zm-7.123-.394l.62-.296.14-.662-.422-.535h-.69l-.422.535.155.662.62.296zm4.293-1.76c.113.479.141.957.099 1.422l-2.154-.62a.382.382 0 0 1-.267-.45.335.335 0 0 1 .084-.155l1.704-1.534c.239.394.422.844.534 1.337zm-3.054-.873l1.844-1.309A4.272 4.272 0 0 0 12.59 7.68l.127 2.294c.014.056.028.113.07.155a.375.375 0 0 0 .493.084zM11.043 7.75l.225-.042.225-.042-.126 2.252a.385.385 0 0 1-.38.366.335.335 0 0 1-.17-.042L8.946 8.902a4.294 4.294 0 0 1 2.098-1.154zm-1.098 3.49L8.27 9.749a4.532 4.532 0 0 0-.634 2.759l2.182-.634a.28.28 0 0 0 .17-.112.375.375 0 0 0-.043-.521zM7.89 13.563l2.238-.38a.38.38 0 0 1 .394.296.401.401 0 0 1-.014.225l-.859 2.07a4.437 4.437 0 0 1-1.76-2.21zm4.152 2.914c.338 0 .662-.042.986-.112.062-.02.124-.035.185-.05.077-.02.152-.04.223-.063l-1.084-1.957a.599.599 0 0 0-.169-.154c-.155-.085-.338-.029-.45.098l-1.113 2.013c.451.14.93.225 1.422.225zm3.73-2.069a4.467 4.467 0 0 1-1.35 1.365l-.888-2.125a.379.379 0 0 1 .197-.436.449.449 0 0 1 .197-.043l2.253.38a2.83 2.83 0 0 1-.409.859z" fill="%23326DE6"/><mask id="a" maskUnits="userSpaceOnUse" x="2" y="2" width="20" height="20"><path fill-rule="evenodd" clip-rule="evenodd" d="M7.011 21.384c.306.397.759.616 1.238.616l7.508-.014c.479 0 .932-.233 1.238-.616l4.659-5.959a1.69 1.69 0 0 0 .306-1.397l-1.664-7.439a1.612 1.612 0 0 0-.865-1.11l-6.736-3.3A1.517 1.517 0 0 0 12.003 2c-.24 0-.48.055-.692.164L4.575 5.48c-.44.22-.759.617-.865 1.11l-1.664 7.438c-.12.494 0 1 .306 1.398l4.659 5.959zm12.154-8.145h.014c.253.07.408.295.408.464a.474.474 0 0 1-.45.324c-.043 0-.07 0-.113-.014-.014-.014-.028-.014-.042-.014-.014 0-.028-.004-.042-.007-.015-.004-.029-.007-.043-.007a1.357 1.357 0 0 1-.253-.099c-.021-.007-.042-.017-.063-.028-.021-.01-.043-.021-.064-.028h-.014c-.267-.099-.506-.183-.732-.211h-.028a.254.254 0 0 0-.142.047l-.04.023c-.008 0-.011.004-.015.007-.003.004-.007.007-.014.007l-.169-.028c-.14.436-.338.873-.591 1.267a5.453 5.453 0 0 1-1.858 1.816l.07.169c0 .007-.003.01-.007.014-.003.003-.007.007-.007.014l-.01.043a.31.31 0 0 0-.004.182c.067.2.196.399.34.622l.026.04v.014a.786.786 0 0 0 .042.056c.014.018.028.035.042.056.057.07.113.141.155.226.014.014.028.042.043.07 0 .007.003.01.007.014.003.004.007.007.007.014.056.113.056.24.028.352a.42.42 0 0 1-.211.253.375.375 0 0 1-.17.043.478.478 0 0 1-.422-.268s-.014-.014-.014-.028l-.02-.035c-.008-.01-.015-.021-.022-.035a.9.9 0 0 1-.06-.17l-.024-.084-.043-.127v-.014l-.023-.062a4.334 4.334 0 0 0-.272-.641.26.26 0 0 0-.183-.127c-.008-.008-.012-.012-.016-.013l-.012-.001-.085-.155c-.24.085-.478.155-.732.211a5.11 5.11 0 0 1-1.224.141 5.5 5.5 0 0 1-1.971-.366l-.099.183c-.008.008-.011.011-.015.013l-.013.001a.628.628 0 0 1-.036.017.29.29 0 0 0-.147.11c-.112.174-.18.37-.262.608l-.033.096-.043.126-.025.081c-.015.054-.03.107-.059.173a.307.307 0 0 0-.042.07s-.014.014-.014.028a.506.506 0 0 1-.423.268.375.375 0 0 1-.169-.043c-.21-.098-.295-.366-.183-.605 0 0 .015-.014.015-.028.014-.028.028-.056.042-.07l.041-.063c.038-.058.072-.11.114-.163l.042-.056a.783.783 0 0 0 .042-.056v-.014c.155-.24.282-.45.366-.662a.29.29 0 0 0-.028-.225c0-.007-.004-.01-.007-.014-.004-.004-.007-.007-.007-.014l.084-.183a5.706 5.706 0 0 1-.605-.409 5.567 5.567 0 0 1-1.844-2.646l-.197.028c-.007 0-.01-.003-.014-.007-.004-.003-.007-.007-.014-.007l-.01-.006c-.04-.028-.095-.064-.173-.064h-.028c-.226.028-.465.113-.732.211h-.014c-.022.007-.043.018-.064.028-.02.01-.042.021-.063.028-.085.043-.155.07-.253.099a.173.173 0 0 0-.043.007c-.014.003-.028.007-.042.007 0 .014-.014.014-.028.014-.042.014-.07.014-.113.014-.225 0-.408-.127-.45-.324a.462.462 0 0 1 .366-.52c.014-.015.028-.015.042-.015a.177.177 0 0 0 .042-.007.173.173 0 0 1 .043-.007l.036-.005a1.61 1.61 0 0 1 .231-.023c.042-.014.099-.014.14-.014h.015c.295-.028.549-.056.76-.127a.327.327 0 0 0 .155-.154c0-.008.003-.011.007-.014.003-.004.007-.008.007-.015l.183-.056a5.482 5.482 0 0 1 .788-3.716.277.277 0 0 1 .046-.078.836.836 0 0 0 .025-.035l-.141-.126v-.028c0-.07 0-.141-.07-.212-.162-.148-.363-.27-.602-.417l-.032-.019c-.042-.028-.085-.056-.127-.07a2.12 2.12 0 0 1-.239-.141c-.014-.007-.025-.018-.035-.028a.138.138 0 0 0-.035-.028c-.007 0-.011-.004-.014-.007-.004-.004-.008-.007-.015-.007-.197-.17-.239-.45-.098-.634a.4.4 0 0 1 .324-.155c.112 0 .225.042.31.113 0 .009.005.012.012.016l.015.012c.017.016.033.028.047.038.01.007.018.012.024.018.07.07.127.127.183.197.029.02.051.045.071.069a3.733 3.733 0 0 0 .59.55.227.227 0 0 0 .127.043.177.177 0 0 0 .042-.007c.014-.004.029-.007.043-.007h.028l.14.098a5.426 5.426 0 0 1 3.548-1.689l.014-.183.028-.028.016-.016c.04-.037.084-.08.097-.167.022-.18 0-.376-.024-.591a14.75 14.75 0 0 1-.019-.169v-.014c-.006-.026-.01-.049-.013-.07a.418.418 0 0 0-.015-.07.818.818 0 0 1-.042-.268V4.82c0-.127.042-.24.127-.324a.452.452 0 0 1 .31-.14c.239 0 .436.21.436.464v.127c-.014.098-.029.183-.043.267a.503.503 0 0 0-.028.141v.014l-.005.056c-.027.26-.05.494-.037.704.012.087.057.13.097.168l.016.015.028.028.014.183a5.621 5.621 0 0 1 2.942 1.169c.197.169.394.338.577.535l.169-.113h.028c.028.014.056.014.084.014a.227.227 0 0 0 .127-.042c.183-.127.366-.296.563-.507a.363.363 0 0 0 .072-.068.511.511 0 0 1 .027-.03c.056-.07.112-.127.183-.198a.136.136 0 0 0 .035-.028c.01-.01.021-.02.035-.028l.028-.028a.523.523 0 0 1 .31-.113.4.4 0 0 1 .324.155c.14.183.098.465-.099.634 0 .008-.005.012-.013.016-.004.003-.01.006-.015.012-.017.016-.033.028-.047.038a2.111 2.111 0 0 1-.263.16c-.02.013-.042.024-.063.034-.021.01-.042.021-.063.035l-.032.02c-.24.146-.44.268-.602.417a.318.318 0 0 0-.07.21v.029l-.14.127c.365.563.633 1.182.787 1.844a5.57 5.57 0 0 1 .099 1.984l.183.057c0 .007.003.01.007.014.003.003.007.007.007.014a.274.274 0 0 0 .155.155c.225.07.464.098.76.126h.014c.056.014.099.014.14.014.075 0 .148.011.231.023l.037.006c.014 0 .028.003.042.007a.178.178 0 0 0 .043.007c0 .014.014.014.028.014zm-7.123-.394l.62-.296.14-.662-.422-.535h-.69l-.422.535.155.662.62.296zm4.293-1.76c.113.479.141.957.099 1.422l-2.154-.62a.382.382 0 0 1-.267-.45.335.335 0 0 1 .084-.155l1.704-1.534c.239.394.422.844.534 1.337zm-3.054-.873l1.844-1.309A4.272 4.272 0 0 0 12.59 7.68l.127 2.294c.014.056.028.113.07.155a.375.375 0 0 0 .493.084zM11.043 7.75l.225-.042.225-.042-.126 2.252a.385.385 0 0 1-.38.366.335.335 0 0 1-.17-.042L8.946 8.902a4.294 4.294 0 0 1 2.098-1.154zm-1.098 3.49L8.27 9.749a4.532 4.532 0 0 0-.634 2.759l2.182-.634a.28.28 0 0 0 .17-.112.375.375 0 0 0-.043-.521zM7.89 13.563l2.238-.38a.38.38 0 0 1 .394.296.401.401 0 0 1-.014.225l-.859 2.07a4.437 4.437 0 0 1-1.76-2.21zm4.152 2.914c.338 0 .662-.042.986-.112.062-.02.124-.035.185-.05.077-.02.152-.04.223-.063l-1.084-1.957a.599.599 0 0 0-.169-.154c-.155-.085-.338-.029-.45.098l-1.113 2.013c.451.14.93.225 1.422.225zm3.73-2.069a4.467 4.467 0 0 1-1.35 1.365l-.888-2.125a.379.379 0 0 1 .197-.436.449.449 0 0 1 .197-.043l2.253.38a2.83 2.83 0 0 1-.409.859z" fill="%23fff"/></mask></svg>');
 $logo-kubernetes-monochrome-svg: url('data:image/svg+xml;charset=UTF-8,<svg viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg"><path fill-rule="evenodd" clip-rule="evenodd" d="M7.011 21.384c.306.397.759.616 1.238.616l7.508-.014c.479 0 .932-.233 1.238-.616l4.659-5.959a1.69 1.69 0 0 0 .306-1.397l-1.664-7.439a1.612 1.612 0 0 0-.865-1.11l-6.736-3.3A1.517 1.517 0 0 0 12.003 2c-.24 0-.48.055-.692.164L4.575 5.48c-.44.22-.759.617-.865 1.11l-1.664 7.438c-.12.494 0 1 .306 1.398l4.659 5.959zm12.154-8.145h.014c.253.07.408.295.408.464a.474.474 0 0 1-.45.324c-.043 0-.07 0-.113-.014-.014-.014-.028-.014-.042-.014-.014 0-.028-.004-.042-.007-.015-.004-.029-.007-.043-.007a1.357 1.357 0 0 1-.253-.099c-.021-.007-.042-.017-.063-.028-.021-.01-.043-.021-.064-.028h-.014c-.267-.099-.506-.183-.732-.211h-.028a.254.254 0 0 0-.142.047l-.04.023c-.008 0-.011.004-.015.007-.003.004-.007.007-.014.007l-.169-.028c-.14.436-.338.873-.591 1.267a5.453 5.453 0 0 1-1.858 1.816l.07.169c0 .007-.003.01-.007.014-.003.003-.007.007-.007.014l-.01.043a.31.31 0 0 0-.004.182c.067.2.196.399.34.622l.026.04v.014a.786.786 0 0 0 .042.056c.014.018.028.035.042.056.057.07.113.141.155.226.014.014.028.042.043.07 0 .007.003.01.007.014.003.004.007.007.007.014.056.113.056.24.028.352a.42.42 0 0 1-.211.253.375.375 0 0 1-.17.043.478.478 0 0 1-.422-.268s-.014-.014-.014-.028l-.02-.035c-.008-.01-.015-.021-.022-.035a.9.9 0 0 1-.06-.17l-.024-.084-.043-.127v-.014l-.023-.062a4.334 4.334 0 0 0-.272-.641.26.26 0 0 0-.183-.127c-.008-.008-.012-.012-.016-.013l-.012-.001-.085-.155c-.24.085-.478.155-.732.211a5.11 5.11 0 0 1-1.224.141 5.5 5.5 0 0 1-1.971-.366l-.099.183c-.008.008-.011.011-.015.013l-.013.001a.628.628 0 0 1-.036.017.29.29 0 0 0-.147.11c-.112.174-.18.37-.262.608l-.033.096-.043.126-.025.081c-.015.054-.03.107-.059.173a.307.307 0 0 0-.042.07s-.014.014-.014.028a.506.506 0 0 1-.423.268.375.375 0 0 1-.169-.043c-.21-.098-.295-.366-.183-.605 0 0 .015-.014.015-.028.014-.028.028-.056.042-.07l.041-.063c.038-.058.072-.11.114-.163l.042-.056a.783.783 0 0 0 .042-.056v-.014c.155-.24.282-.45.366-.662a.29.29 0 0 0-.028-.225c0-.007-.004-.01-.007-.014-.004-.004-.007-.007-.007-.014l.084-.183a5.706 5.706 0 0 1-.605-.409 5.567 5.567 0 0 1-1.844-2.646l-.197.028c-.007 0-.01-.003-.014-.007-.004-.003-.007-.007-.014-.007l-.01-.006c-.04-.028-.095-.064-.173-.064h-.028c-.226.028-.465.113-.732.211h-.014c-.022.007-.043.018-.064.028-.02.01-.042.021-.063.028-.085.043-.155.07-.253.099a.173.173 0 0 0-.043.007c-.014.003-.028.007-.042.007 0 .014-.014.014-.028.014-.042.014-.07.014-.113.014-.225 0-.408-.127-.45-.324a.462.462 0 0 1 .366-.52c.014-.015.028-.015.042-.015a.177.177 0 0 0 .042-.007.173.173 0 0 1 .043-.007l.036-.005a1.61 1.61 0 0 1 .231-.023c.042-.014.099-.014.14-.014h.015c.295-.028.549-.056.76-.127a.327.327 0 0 0 .155-.154c0-.008.003-.011.007-.014.003-.004.007-.008.007-.015l.183-.056a5.482 5.482 0 0 1 .788-3.716.277.277 0 0 1 .046-.078.836.836 0 0 0 .025-.035l-.141-.126v-.028c0-.07 0-.141-.07-.212-.162-.148-.363-.27-.602-.417l-.032-.019c-.042-.028-.085-.056-.127-.07a2.12 2.12 0 0 1-.239-.141c-.014-.007-.025-.018-.035-.028a.138.138 0 0 0-.035-.028c-.007 0-.011-.004-.014-.007-.004-.004-.008-.007-.015-.007-.197-.17-.239-.45-.098-.634a.4.4 0 0 1 .324-.155c.112 0 .225.042.31.113 0 .009.005.012.012.016l.015.012c.017.016.033.028.047.038.01.007.018.012.024.018.07.07.127.127.183.197.029.02.051.045.071.069a3.733 3.733 0 0 0 .59.55.227.227 0 0 0 .127.043.177.177 0 0 0 .042-.007c.014-.004.029-.007.043-.007h.028l.14.098a5.426 5.426 0 0 1 3.548-1.689l.014-.183.028-.028.016-.016c.04-.037.084-.08.097-.167.022-.18 0-.376-.024-.591a14.75 14.75 0 0 1-.019-.169v-.014c-.006-.026-.01-.049-.013-.07a.418.418 0 0 0-.015-.07.818.818 0 0 1-.042-.268V4.82c0-.127.042-.24.127-.324a.452.452 0 0 1 .31-.14c.239 0 .436.21.436.464v.127c-.014.098-.029.183-.043.267a.503.503 0 0 0-.028.141v.014l-.005.056c-.027.26-.05.494-.037.704.012.087.057.13.097.168l.016.015.028.028.014.183a5.621 5.621 0 0 1 2.942 1.169c.197.169.394.338.577.535l.169-.113h.028c.028.014.056.014.084.014a.227.227 0 0 0 .127-.042c.183-.127.366-.296.563-.507a.363.363 0 0 0 .072-.068.511.511 0 0 1 .027-.03c.056-.07.112-.127.183-.198a.136.136 0 0 0 .035-.028c.01-.01.021-.02.035-.028l.028-.028a.523.523 0 0 1 .31-.113.4.4 0 0 1 .324.155c.14.183.098.465-.099.634 0 .008-.005.012-.013.016-.004.003-.01.006-.015.012-.017.016-.033.028-.047.038a2.111 2.111 0 0 1-.263.16c-.02.013-.042.024-.063.034-.021.01-.042.021-.063.035l-.032.02c-.24.146-.44.268-.602.417a.318.318 0 0 0-.07.21v.029l-.14.127c.365.563.633 1.182.787 1.844a5.57 5.57 0 0 1 .099 1.984l.183.057c0 .007.003.01.007.014.003.003.007.007.007.014a.274.274 0 0 0 .155.155c.225.07.464.098.76.126h.014c.056.014.099.014.14.014.075 0 .148.011.231.023l.037.006c.014 0 .028.003.042.007a.178.178 0 0 0 .043.007c0 .014.014.014.028.014zm-7.123-.394l.62-.296.14-.662-.422-.535h-.69l-.422.535.155.662.62.296zm4.293-1.76c.113.479.141.957.099 1.422l-2.154-.62a.382.382 0 0 1-.267-.45.335.335 0 0 1 .084-.155l1.704-1.534c.239.394.422.844.534 1.337zm-3.054-.873l1.844-1.309A4.272 4.272 0 0 0 12.59 7.68l.127 2.294c.014.056.028.113.07.155a.375.375 0 0 0 .493.084zM11.043 7.75l.225-.042.225-.042-.126 2.252a.385.385 0 0 1-.38.366.335.335 0 0 1-.17-.042L8.946 8.902a4.294 4.294 0 0 1 2.098-1.154zm-1.098 3.49L8.27 9.749a4.532 4.532 0 0 0-.634 2.759l2.182-.634a.28.28 0 0 0 .17-.112.375.375 0 0 0-.043-.521zM7.89 13.563l2.238-.38a.38.38 0 0 1 .394.296.401.401 0 0 1-.014.225l-.859 2.07a4.437 4.437 0 0 1-1.76-2.21zm4.152 2.914c.338 0 .662-.042.986-.112.062-.02.124-.035.185-.05.077-.02.152-.04.223-.063l-1.084-1.957a.599.599 0 0 0-.169-.154c-.155-.085-.338-.029-.45.098l-1.113 2.013c.451.14.93.225 1.422.225zm3.73-2.069a4.467 4.467 0 0 1-1.35 1.365l-.888-2.125a.379.379 0 0 1 .197-.436.449.449 0 0 1 .197-.043l2.253.38a2.83 2.83 0 0 1-.409.859z" fill="%23000"/></svg>');
+$logo-okta-color-svg: url('data:image/svg+xml;charset=UTF-8,<svg viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M3.019 9.528a3.019 3.019 0 100 6.037 3.019 3.019 0 000-6.037zM14.166 7.5c.192 0 .261.144.261.238l.003 1.527c0 .158.128.273.285.273h1.36c.107 0 .226.102.226.285v.956c0 .18-.138.261-.237.261h-1.35c-.162 0-.28.13-.28.29v1.233c0 .027-.004.054-.003.081a1.506 1.506 0 001.737 1.41.242.242 0 01.28.212l.108 1.011a.254.254 0 01-.22.278 3.02 3.02 0 01-3.422-2.909V7.733c0-.155.12-.232.248-.232h1.004zm5.654 2.028c.541 0 1.049.144 1.488.394v-.128c0-.155.135-.256.262-.256h1.006c.192 0 .262.162.262.256l.002 2.752v.01c.002 1.15.13 1.455.985 1.455.1 0 .175.1.175.2v1.074c0 .301-.645.28-.767.28-.712-.006-1.168-.293-1.452-.725a3.019 3.019 0 11-1.96-5.312zM8.062 7.5c.115 0 .258.065.258.24l.001 3.423c0 .245.3.363.467.183l1.606-1.73c.019-.018.046-.047.12-.068a.428.428 0 01.117-.01h1.233c.252 0 .326.279.21.422l-1.793 1.99c-.293.311-.32.43-.064.737l.117.123 2.256 2.312c.117.143.041.426-.204.426h-1.361a.502.502 0 01-.13-.012c-.073-.022-.089-.051-.108-.07-.007-.007-1.258-1.324-2.01-2.094a.266.266 0 00-.457.186v1.751c0 .117-.102.23-.258.23h-1.01c-.115 0-.26-.048-.26-.223V7.719c0-.103.085-.219.26-.219h1.01zm-5.043 3.537a1.51 1.51 0 110 3.02 1.51 1.51 0 010-3.02zm16.802 0a1.51 1.51 0 100 3.019 1.51 1.51 0 000-3.02z" fill="%23007DC1"/></svg>');
 $logo-oracle-color-svg: url('data:image/svg+xml;charset=UTF-8,<svg viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg"><path fill-rule="evenodd" clip-rule="evenodd" d="M2 12.316a6.32 6.32 0 0 0 6.326 6.316h7.348A6.32 6.32 0 0 0 22 12.316 6.32 6.32 0 0 0 15.674 6H8.326A6.32 6.32 0 0 0 2 12.316zm17.61 0a4.09 4.09 0 0 1-4.095 4.088H8.488a4.09 4.09 0 0 1-4.094-4.087A4.09 4.09 0 0 1 8.49 8.229h7.026a4.09 4.09 0 0 1 4.094 4.088z" fill="%23EA1B22"/></svg>');
 $logo-oracle-monochrome-svg: url('data:image/svg+xml;charset=UTF-8,<svg viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg"><path fill-rule="evenodd" clip-rule="evenodd" d="M2 12.316a6.32 6.32 0 0 0 6.326 6.316h7.348A6.32 6.32 0 0 0 22 12.316 6.32 6.32 0 0 0 15.674 6H8.326A6.32 6.32 0 0 0 2 12.316zm17.61 0a4.09 4.09 0 0 1-4.095 4.088H8.488a4.09 4.09 0 0 1-4.094-4.087A4.09 4.09 0 0 1 8.49 8.229h7.026a4.09 4.09 0 0 1 4.094 4.088z" fill="%23000"/></svg>');
 $logo-slack-color-svg: url('data:image/svg+xml;charset=UTF-8,<svg viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg"><path fill-rule="evenodd" clip-rule="evenodd" d="M4.177 16.694a2.085 2.085 0 0 0 2.081-2.081v-2.08H4.177a2.085 2.085 0 0 0-2.08 2.08 2.085 2.085 0 0 0 2.08 2.08zm5.21-4.161a2.085 2.085 0 0 0-2.08 2.08v5.21a2.086 2.086 0 0 0 2.08 2.08 2.086 2.086 0 0 0 2.08-2.08v-5.21a2.085 2.085 0 0 0-2.08-2.08z" fill="%23E01E5A"/><path fill-rule="evenodd" clip-rule="evenodd" d="M7.306 4.178a2.085 2.085 0 0 0 2.081 2.08h2.08V4.177a2.085 2.085 0 0 0-2.08-2.08 2.085 2.085 0 0 0-2.08 2.08zm4.161 5.209a2.086 2.086 0 0 0-2.08-2.08h-5.21a2.085 2.085 0 0 0-2.08 2.08 2.085 2.085 0 0 0 2.08 2.08h5.21a2.086 2.086 0 0 0 2.08-2.08z" fill="%2336C5F0"/><path fill-rule="evenodd" clip-rule="evenodd" d="M14.613 11.467a2.085 2.085 0 0 0 2.08-2.08v-5.21a2.086 2.086 0 0 0-2.08-2.08 2.085 2.085 0 0 0-2.08 2.08v5.21a2.085 2.085 0 0 0 2.08 2.08zm5.21-4.16a2.085 2.085 0 0 0-2.081 2.08v2.08h2.081a2.086 2.086 0 0 0 2.08-2.08 2.086 2.086 0 0 0-2.08-2.08z" fill="%232EB67D"/><path fill-rule="evenodd" clip-rule="evenodd" d="M12.533 14.613a2.085 2.085 0 0 0 2.08 2.08h5.21a2.085 2.085 0 0 0 2.08-2.08 2.086 2.086 0 0 0-2.08-2.08h-5.21a2.085 2.085 0 0 0-2.08 2.08zm4.16 5.21a2.085 2.085 0 0 0-2.08-2.081h-2.08v2.081a2.085 2.085 0 0 0 2.08 2.08 2.085 2.085 0 0 0 2.08-2.08z" fill="%23ECB22E"/></svg>');
diff --git a/ui-v2/app/styles/base/icons/icon-placeholders.scss b/ui-v2/app/styles/base/icons/icon-placeholders.scss
index 4c2525a7e33d..cea679dd0cae 100644
--- a/ui-v2/app/styles/base/icons/icon-placeholders.scss
+++ b/ui-v2/app/styles/base/icons/icon-placeholders.scss
@@ -868,6 +868,16 @@
   mask-image: $logo-alicloud-monochrome-svg;
 }
 
+%with-logo-auth0-color-icon {
+  @extend %with-icon;
+  background-image: $logo-auth0-color-svg;
+}
+%with-logo-auth0-color-mask {
+  @extend %with-mask;
+  -webkit-mask-image: $logo-auth0-color-svg;
+  mask-image: $logo-auth0-color-svg;
+}
+
 %with-logo-aws-color-icon {
   @extend %with-icon;
   background-image: $logo-aws-color-svg;
@@ -1008,6 +1018,16 @@
   mask-image: $logo-kubernetes-monochrome-svg;
 }
 
+%with-logo-okta-color-icon {
+  @extend %with-icon;
+  background-image: $logo-okta-color-svg;
+}
+%with-logo-okta-color-mask {
+  @extend %with-mask;
+  -webkit-mask-image: $logo-okta-color-svg;
+  mask-image: $logo-okta-color-svg;
+}
+
 %with-logo-oracle-color-icon {
   @extend %with-icon;
   background-image: $logo-oracle-color-svg;
diff --git a/ui-v2/app/styles/components/app-view.scss b/ui-v2/app/styles/components/app-view.scss
index 5be681a7e1e7..dff8408a820b 100644
--- a/ui-v2/app/styles/components/app-view.scss
+++ b/ui-v2/app/styles/components/app-view.scss
@@ -12,7 +12,17 @@
 main {
   @extend %app-view;
 }
-%app-view-header form {
+%app-view > div > header {
+  @extend %app-view-header;
+}
+%app-view > div > div {
+  @extend %app-view-content;
+}
+%app-view > div.unauthorized,
+%app-view > div.error {
+  @extend %app-view-error;
+}
+%app-view header form {
   @extend %filter-bar;
 }
 %app-view-actions a,
@@ -23,9 +33,7 @@ main {
   @extend %form-row;
 }
 [role='tabpanel'] > p:only-child,
-.template-error > div,
-%app-view-content > p:only-child,
-%app-view.empty > div {
+%app-view-content > p:only-child {
   @extend %app-view-content-empty;
 }
 [role='tabpanel'] > *:first-child {
diff --git a/ui-v2/app/styles/components/app-view/layout.scss b/ui-v2/app/styles/components/app-view/layout.scss
index 2029960a0c30..12d2f11b62de 100644
--- a/ui-v2/app/styles/components/app-view/layout.scss
+++ b/ui-v2/app/styles/components/app-view/layout.scss
@@ -46,6 +46,9 @@
   padding-bottom: 0.2em;
   margin-bottom: 0.5em;
 }
+%app-view-error > div {
+  padding: 1px 0 30px 0;
+}
 %app-view-content-empty {
   margin-top: 0;
   padding: 50px;
diff --git a/ui-v2/app/styles/components/auth-form.scss b/ui-v2/app/styles/components/auth-form.scss
new file mode 100644
index 000000000000..6bc84b786531
--- /dev/null
+++ b/ui-v2/app/styles/components/auth-form.scss
@@ -0,0 +1,4 @@
+@import './auth-form/index';
+.auth-form {
+  @extend %auth-form;
+}
diff --git a/ui-v2/app/styles/components/auth-form/index.scss b/ui-v2/app/styles/components/auth-form/index.scss
new file mode 100644
index 000000000000..bc182521964a
--- /dev/null
+++ b/ui-v2/app/styles/components/auth-form/index.scss
@@ -0,0 +1,2 @@
+@import './skin';
+@import './layout';
diff --git a/ui-v2/app/styles/components/auth-form/layout.scss b/ui-v2/app/styles/components/auth-form/layout.scss
new file mode 100644
index 000000000000..32b057dca5cc
--- /dev/null
+++ b/ui-v2/app/styles/components/auth-form/layout.scss
@@ -0,0 +1,34 @@
+%auth-form {
+  width: 320px;
+  margin: 10px 25px;
+}
+%auth-form form {
+  margin-bottom: 0.5em !important;
+}
+%auth-form .ember-basic-dropdown-trigger,
+%auth-form button {
+  width: 100%;
+}
+%auth-form .progress {
+  margin: 0 auto;
+}
+%auth-form > p:not(.error) {
+  @extend %auth-form-hr;
+}
+%auth-form-hr {
+  text-align: center;
+  position: relative;
+}
+%auth-form-hr span {
+  display: inline-block;
+  padding: 5px;
+}
+
+%auth-form-hr::before {
+  @extend %as-pseudo;
+  width: 100%;
+  position: absolute;
+  left: 0;
+  top: 50%;
+  z-index: -1;
+}
diff --git a/ui-v2/app/styles/components/auth-form/skin.scss b/ui-v2/app/styles/components/auth-form/skin.scss
new file mode 100644
index 000000000000..dd2f24df50e9
--- /dev/null
+++ b/ui-v2/app/styles/components/auth-form/skin.scss
@@ -0,0 +1,12 @@
+%auth-form-hr {
+  text-transform: uppercase;
+}
+%auth-form-hr::before {
+  border-top: 1px solid $gray-200;
+}
+/* This is to mask off the hr so it has a space */
+/* in the center so if the background color of what the */
+/* line is on is different, then this should be different */
+%auth-form-hr span {
+  background-color: $white;
+}
diff --git a/ui-v2/app/styles/components/auth-modal.scss b/ui-v2/app/styles/components/auth-modal.scss
new file mode 100644
index 000000000000..2586957d7e02
--- /dev/null
+++ b/ui-v2/app/styles/components/auth-modal.scss
@@ -0,0 +1,4 @@
+@import './auth-modal/index';
+#login-toggle + div {
+  @extend %auth-modal;
+}
diff --git a/ui-v2/app/styles/components/auth-modal/index.scss b/ui-v2/app/styles/components/auth-modal/index.scss
new file mode 100644
index 000000000000..7c75b3f504b0
--- /dev/null
+++ b/ui-v2/app/styles/components/auth-modal/index.scss
@@ -0,0 +1,7 @@
+/*TODO: This is a different style of modal dialog */
+/* and should probably be part of that, offering different styles*/
+@import './skin';
+@import './layout';
+%auth-modal footer button {
+  @extend %anchor;
+}
diff --git a/ui-v2/app/styles/components/auth-modal/layout.scss b/ui-v2/app/styles/components/auth-modal/layout.scss
new file mode 100644
index 000000000000..f2c1669d4d0e
--- /dev/null
+++ b/ui-v2/app/styles/components/auth-modal/layout.scss
@@ -0,0 +1,12 @@
+%auth-modal footer {
+  border: 0;
+  padding-top: 10px;
+  padding-bottom: 20px;
+  margin: 0px 26px;
+}
+%auth-modal footer {
+  background-color: $transparent;
+}
+%auth-modal > div > div > div {
+  padding-bottom: 0;
+}
diff --git a/ui-v2/app/styles/components/auth-modal/skin.scss b/ui-v2/app/styles/components/auth-modal/skin.scss
new file mode 100644
index 000000000000..8db4bb91b107
--- /dev/null
+++ b/ui-v2/app/styles/components/auth-modal/skin.scss
@@ -0,0 +1,7 @@
+%auth-modal footer button::after {
+  @extend %with-chevron-right-mask, %as-pseudo;
+  font-size: 120%;
+  position: relative;
+  top: -1px;
+  left: -3px;
+}
diff --git a/ui-v2/app/styles/components/buttons.scss b/ui-v2/app/styles/components/buttons.scss
index 5d95ff1aa680..69d004b61be0 100644
--- a/ui-v2/app/styles/components/buttons.scss
+++ b/ui-v2/app/styles/components/buttons.scss
@@ -3,15 +3,17 @@ button[type='submit'],
 a.type-create {
   @extend %primary-button;
 }
-// the :not(li)'s here avoid styling action-group buttons
 // TODO: Once we move action-groups to use aria menu we can get rid of
 // some of this and just use not(aria-haspopup)
 button[type='reset'],
-:not(li) > button[type='button']:not(.copy-btn):not(.type-delete):not([aria-haspopup='menu']),
+form button[type='button']:not([aria-haspopup='menu']),
+header .actions button[type='button']:not(.copy-btn),
+button.type-cancel,
 html.template-error div > a {
   @extend %secondary-button;
 }
-:not(li) > button.type-delete {
+.with-confirmation .type-delete,
+form button[type='button'].type-delete {
   @extend %dangerous-button;
 }
 button.copy-btn {
diff --git a/ui-v2/app/styles/components/empty-state/skin.scss b/ui-v2/app/styles/components/empty-state/skin.scss
index d573f2c0fd43..c3c64a3c66a8 100644
--- a/ui-v2/app/styles/components/empty-state/skin.scss
+++ b/ui-v2/app/styles/components/empty-state/skin.scss
@@ -31,6 +31,9 @@
 %empty-state.status-403 header::before {
   @extend %with-disabled-mask;
 }
+%empty-state[class*='status-5'] header::before {
+  @extend %with-alert-circle-outline-mask;
+}
 %empty-state .docs-link > *::before {
   @extend %with-docs-mask, %as-pseudo;
 }
diff --git a/ui-v2/app/styles/components/form-elements.scss b/ui-v2/app/styles/components/form-elements.scss
index 4d04ceda2f88..6a2d70b2ee4e 100644
--- a/ui-v2/app/styles/components/form-elements.scss
+++ b/ui-v2/app/styles/components/form-elements.scss
@@ -11,33 +11,30 @@ label span {
 .has-error {
   @extend %form-element-error;
 }
-%main-content .type-password,
-%main-content .type-text {
-  @extend %form-element;
-}
 .type-toggle {
   @extend %form-element, %sliding-toggle;
 }
-%form-element,
+.checkbox-group {
+  @extend %checkbox-group;
+}
+%main-content form {
+  @extend %form;
+}
+%form table,
 %radio-group,
 %checkbox-group,
-form table,
-%app-view-content form dl {
+%main-content form dl {
   @extend %form-row;
 }
+%radio-group label,
+%main-content .type-password,
+%main-content .type-text {
+  @extend %form-element;
+}
 %app-view-content form:not(.filter-bar) [role='radiogroup'],
 %modal-window [role='radiogroup'] {
   @extend %radio-group;
 }
-%radio-group label {
-  @extend %form-element;
-}
-.checkbox-group {
-  @extend %checkbox-group;
-}
-fieldset > p {
-  color: $gray-400;
-}
 %sliding-toggle + .checkbox-group {
   margin-top: -1em;
 }
diff --git a/ui-v2/app/styles/components/index.scss b/ui-v2/app/styles/components/index.scss
index 3d19d0c33a22..9905e17c5596 100644
--- a/ui-v2/app/styles/components/index.scss
+++ b/ui-v2/app/styles/components/index.scss
@@ -23,8 +23,11 @@
 @import './confirmation-dialog';
 @import './feedback-dialog';
 @import './modal-dialog';
+@import './auth-form';
+@import './auth-modal';
 @import './notice';
 @import './sort-control';
+@import './oidc-select';
 @import './discovery-chain';
 @import './consul-intention-list';
 @import './empty-state';
diff --git a/ui-v2/app/styles/components/main-nav-horizontal/index.scss b/ui-v2/app/styles/components/main-nav-horizontal/index.scss
index 333e6885766a..e3e73012d34f 100644
--- a/ui-v2/app/styles/components/main-nav-horizontal/index.scss
+++ b/ui-v2/app/styles/components/main-nav-horizontal/index.scss
@@ -5,13 +5,20 @@
 %main-nav-horizontal > ul > li > label > * {
   @extend %main-nav-horizontal-action;
 }
-%main-nav-horizontal > ul > li > label {
-  display: block;
-}
 %main-nav-horizontal-action:not(span):hover,
 %main-nav-horizontal-action:not(span):focus {
   @extend %main-nav-horizontal-action-intent;
 }
+/* Whilst we want spans to look the same as actions */
+/* we don't want them to act the same */
+%main-nav-horizontal > ul > li > span {
+  cursor: default;
+}
+%main-nav-horizontal > ul > li > label {
+  display: block;
+}
+/* ^ why not in layout? because we want these */
+/* overwrites to be close to where we extend? */
 %main-nav-horizontal [type='checkbox']:checked + label > *,
 %main-nav-horizontal > ul > li > a:active,
 %main-nav-horizontal > ul > li.is-active > a,
diff --git a/ui-v2/app/styles/components/main-nav-horizontal/skin.scss b/ui-v2/app/styles/components/main-nav-horizontal/skin.scss
index acdf5d158edd..858175dd14c4 100644
--- a/ui-v2/app/styles/components/main-nav-horizontal/skin.scss
+++ b/ui-v2/app/styles/components/main-nav-horizontal/skin.scss
@@ -18,9 +18,6 @@
   border-radius: $decor-radius-200;
 }
 %main-nav-horizontal-action {
-  cursor: default;
-}
-%main-nav-horizontal-action:not(span) {
   cursor: pointer;
 }
 %main-nav-horizontal-action,
diff --git a/ui-v2/app/styles/components/oidc-select.scss b/ui-v2/app/styles/components/oidc-select.scss
new file mode 100644
index 000000000000..3d4fec8dc92b
--- /dev/null
+++ b/ui-v2/app/styles/components/oidc-select.scss
@@ -0,0 +1,4 @@
+@import './oidc-select/index';
+.oidc-select {
+  @extend %oidc-select;
+}
diff --git a/ui-v2/app/styles/components/oidc-select/index.scss b/ui-v2/app/styles/components/oidc-select/index.scss
new file mode 100644
index 000000000000..3262aaa36c4b
--- /dev/null
+++ b/ui-v2/app/styles/components/oidc-select/index.scss
@@ -0,0 +1,8 @@
+@import './skin';
+@import './layout';
+%oidc-select label {
+  @extend %form-element;
+}
+%oidc-select button {
+  @extend %secondary-button;
+}
diff --git a/ui-v2/app/styles/components/oidc-select/layout.scss b/ui-v2/app/styles/components/oidc-select/layout.scss
new file mode 100644
index 000000000000..97219c512c3a
--- /dev/null
+++ b/ui-v2/app/styles/components/oidc-select/layout.scss
@@ -0,0 +1,7 @@
+%oidc-select li,
+%oidc-select .ember-power-select-trigger {
+  margin-bottom: 1em;
+}
+%oidc-select .ember-power-select-trigger {
+  width: 100%;
+}
diff --git a/ui-v2/app/styles/components/oidc-select/skin.scss b/ui-v2/app/styles/components/oidc-select/skin.scss
new file mode 100644
index 000000000000..194cafc44921
--- /dev/null
+++ b/ui-v2/app/styles/components/oidc-select/skin.scss
@@ -0,0 +1,30 @@
+%oidc-select [class$='-oidc-provider']::before {
+  @extend %as-pseudo;
+  width: 22px;
+  height: 22px;
+  /* this is to prevent resizing in an inline-flex context */
+  /* and should probably be moved to the parent*/
+  flex: 0 0 auto;
+  margin-right: 10px;
+}
+%oidc-select .auth0-oidc-provider::before {
+  @extend %with-logo-auth0-color-icon;
+}
+%oidc-select .okta-oidc-provider::before {
+  @extend %with-logo-okta-color-icon;
+}
+%oidc-select .gitlab-oidc-provider::before {
+  @extend %with-logo-gitlab-color-icon;
+}
+%oidc-select .aws-oidc-provider::before {
+  @extend %with-logo-aws-color-icon;
+}
+%oidc-select .azure-oidc-provider::before {
+  @extend %with-logo-azure-color-icon;
+}
+%oidc-select .bitbucket-oidc-provider::before {
+  @extend %with-logo-bitbucket-color-icon;
+}
+%oidc-select .gcp-oidc-provider::before {
+  @extend %with-logo-gcp-color-icon;
+}
diff --git a/ui-v2/app/styles/core/typography.scss b/ui-v2/app/styles/core/typography.scss
index 3d59f21009fc..bdce4fbd5ce0 100644
--- a/ui-v2/app/styles/core/typography.scss
+++ b/ui-v2/app/styles/core/typography.scss
@@ -77,6 +77,7 @@ pre code,
 
 /*TODO: See if we can collapse these into a */
 /* strong %p3 */
+%form-element-label,
 %button {
   font-weight: $typo-weight-semibold;
 }
@@ -104,7 +105,7 @@ pre code,
   font-weight: $typo-weight-normal;
 }
 
-%form-element > em,
+%form-element-note,
 %tbody-th em,
 %app-view h1 em {
   font-style: normal;
diff --git a/ui-v2/app/styles/variables/index.scss b/ui-v2/app/styles/variables/index.scss
index 85b058cd7019..88d989ad5faf 100644
--- a/ui-v2/app/styles/variables/index.scss
+++ b/ui-v2/app/styles/variables/index.scss
@@ -22,6 +22,11 @@
   --brand-800: #{$magenta-800};
   // --brand-900: #{$magenta-900};
 
+  /* themeable ui colors */
+  --typo-action-500: #{$blue-500};
+  --decor-error-500: #{$red-500};
+  --typo-contrast-999: #{$black};
+
   /* themeable brand colors */
   --typo-brand-050: var(--brand-050);
   --typo-brand-600: var(--brand-600);
diff --git a/ui-v2/app/templates/application.hbs b/ui-v2/app/templates/application.hbs
index 763ccd8bc407..3ed45988c906 100644
--- a/ui-v2/app/templates/application.hbs
+++ b/ui-v2/app/templates/application.hbs
@@ -1,7 +1,15 @@
 <HeadLayout />
 {{title 'Consul' separator=' - '}}
 {{#if (not-eq router.currentRouteName 'application')}}
-  <HashicorpConsul @id="wrapper" @permissions={{permissions}} @dcs={{dcs}} @dc={{or dc dcs.firstObject}} @nspaces={{nspaces}} @nspace={{or nspace nspaces.firstObject}}>
+  <HashicorpConsul
+    id="wrapper"
+    @permissions={{permissions}}
+    @dcs={{dcs}}
+    @dc={{or dc dcs.firstObject}}
+    @nspaces={{nspaces}}
+    @nspace={{or nspace nspaces.firstObject}}
+    @onchange={{action "reauthorize"}}
+  >
 {{#if (not loading)}}
   {{outlet}}
 {{else}}
diff --git a/ui-v2/app/templates/dc/acls/-authorization.hbs b/ui-v2/app/templates/dc/acls/-authorization.hbs
index 1f08a99fd0f4..8617be5769c6 100644
--- a/ui-v2/app/templates/dc/acls/-authorization.hbs
+++ b/ui-v2/app/templates/dc/acls/-authorization.hbs
@@ -1,13 +1,21 @@
-<p>
-  The Access Control List (ACL) system, which controls permissions for this UI, is enabled for this cluster. Your token ID will be saved locally and persist through visits.
-</p>
-<form>
-    <fieldset>
-        <label class="type-text">
-            <span>SecretID or Token</span>
-            <input type="password" name="secret" placeholder="SecretID or Token" oninput={{action (mut secret) value="target.value"}} />
-        </label>
-    </fieldset>
-    {{! authorize is in the routes/dc/acls.js route }}
-    <button type="submit" {{action 'authorize' secret nspace}}>Login</button>
-</form>
+<EmptyState class="status-403">
+  <BlockSlot @name="header">
+    <h2>You are not authorized</h2>
+  </BlockSlot>
+  <BlockSlot @name="subheader">
+    <h3>Error 403</h3>
+  </BlockSlot>
+  <BlockSlot @name="body">
+    <p>
+      You must be granted permissions to view this data. Login or ask your administrator if you think you should have access.
+    </p>
+  </BlockSlot>
+  <BlockSlot @name="actions">
+    <li class="docs-link">
+      <a href="{{env 'CONSUL_DOCS_URL'}}/acl/index.html" rel="noopener noreferrer" target="_blank">Read the documentation</a>
+    </li>
+    <li class="learn-link">
+      <a href="{{env 'CONSUL_DOCS_LEARN_URL'}}/consul/security-networking/production-acls" rel="noopener noreferrer" target="_blank">Follow the guide</a>
+    </li>
+  </BlockSlot>
+</EmptyState>
diff --git a/ui-v2/app/templates/error.hbs b/ui-v2/app/templates/error.hbs
index 429724e96925..408b00af257b 100644
--- a/ui-v2/app/templates/error.hbs
+++ b/ui-v2/app/templates/error.hbs
@@ -1,19 +1,58 @@
+{{#if error}}
 <AppView @class="error show">
     <BlockSlot @name="header">
-        <h1 data-test-error>
-{{#if error.status }}
-            {{error.status}} ({{error.message}})
-{{else}}
-            {{error.message}}
-{{/if}}
-        </h1>
+      <h1>
+        Error {{error.status}}
+      </h1>
     </BlockSlot>
     <BlockSlot @name="content">
-        <p>
-            Consul returned an error.
-            You may have visited a URL that is loading an unknown resource, so you can try going back to the root or try re-submitting your ACL Token/SecretID by going back to ACLs.<br />
-            Try looking in our <a href="{{env 'CONSUL_DOCS_URL'}}" target="_blank">documentation</a>
-        </p>
-        <a data-test-home rel="home" href={{href-to 'index'}}>Go back to root</a>
+      {{#if (not-eq error.status "403")}}
+          <EmptyState class={{concat "status-" error.status}}>
+            <BlockSlot @name="header">
+              <h2>{{or error.message "Consul returned an error"}}</h2>
+            </BlockSlot>
+{{#if error.status }}
+            <BlockSlot @name="subheader">
+              <h3 data-test-status={{error.status}}>Error {{error.status}}</h3>
+            </BlockSlot>
+{{/if}}
+            <BlockSlot @name="body">
+              <p>
+                You may have visited a URL that is loading an unknown resource, so you can try going back to the root or try re-submitting your ACL Token/SecretID by going back to ACLs.
+              </p>
+            </BlockSlot>
+            <BlockSlot @name="actions">
+              <li class="back-link">
+                <a data-test-home rel="home" href={{href-to 'index'}}>Go back to root</a>
+              </li>
+              <li class="docs-link">
+                <a href="{{env 'CONSUL_DOCS_URL'}}" rel="noopener noreferrer" target="_blank">Read the documentation</a>
+              </li>
+            </BlockSlot>
+          </EmptyState>
+        {{else}}
+          <EmptyState class="status-403">
+            <BlockSlot @name="header">
+              <h2 data-test-status={{error.status}}>You are not authorized</h2>
+            </BlockSlot>
+            <BlockSlot @name="subheader">
+              <h3>Error 403</h3>
+            </BlockSlot>
+            <BlockSlot @name="body">
+              <p>
+                You must be granted permissions to view this data. Ask your administrator if you think you should have access.
+              </p>
+            </BlockSlot>
+            <BlockSlot @name="actions">
+              <li class="docs-link">
+                <a href="{{env 'CONSUL_DOCS_URL'}}/acl/index.html" rel="noopener noreferrer" target="_blank">Read the documentation</a>
+              </li>
+              <li class="learn-link">
+                <a href="{{env 'CONSUL_DOCS_LEARN_URL'}}/consul/security-networking/production-acls" rel="noopener noreferrer" target="_blank">Follow the guide</a>
+              </li>
+            </BlockSlot>
+          </EmptyState>
+        {{/if}}
     </BlockSlot>
 </AppView>
+{{/if}}
diff --git a/ui-v2/app/utils/get-environment.js b/ui-v2/app/utils/get-environment.js
index 22bf93c08e22..bfe93a2ea163 100644
--- a/ui-v2/app/utils/get-environment.js
+++ b/ui-v2/app/utils/get-environment.js
@@ -82,6 +82,9 @@ export default function(config = {}, win = window, doc = document) {
             case 'CONSUL_NSPACES_ENABLE':
               prev['CONSUL_NSPACES_ENABLED'] = !!JSON.parse(String(value).toLowerCase());
               break;
+            case 'CONSUL_SSO_ENABLE':
+              prev['CONSUL_SSO_ENABLED'] = !!JSON.parse(String(value).toLowerCase());
+              break;
             default:
               prev[key] = value;
           }
diff --git a/ui-v2/config/environment.js b/ui-v2/config/environment.js
index c4891b5fdb0f..f74e2bdfd949 100644
--- a/ui-v2/config/environment.js
+++ b/ui-v2/config/environment.js
@@ -7,6 +7,10 @@ module.exports = function(environment, $ = process.env) {
     environment,
     rootURL: '/ui/',
     locationType: 'auto',
+    // We use a complete dynamically (from Consul) configured
+    // torii provider. We provide this object here to
+    // prevent ember from giving a log message when starting ember up
+    torii: {},
     EmberENV: {
       FEATURES: {
         // Here you can enable experimental features on an ember canary build
@@ -69,6 +73,7 @@ module.exports = function(environment, $ = process.env) {
     CONSUL_BINARY_TYPE: process.env.CONSUL_BINARY_TYPE ? process.env.CONSUL_BINARY_TYPE : 'oss',
     CONSUL_ACLS_ENABLED: false,
     CONSUL_NSPACES_ENABLED: false,
+    CONSUL_SSO_ENABLED: false,
 
     CONSUL_HOME_URL: 'https://www.consul.io',
     CONSUL_REPO_ISSUES_URL: 'https://github.com/hashicorp/consul/issues/new/choose',
@@ -77,6 +82,7 @@ module.exports = function(environment, $ = process.env) {
     CONSUL_DOCS_API_URL: 'https://www.consul.io/api',
     CONSUL_COPYRIGHT_URL: 'https://www.hashicorp.com',
   });
+  const isTestLike = ['staging', 'test'].indexOf(environment) > -1;
   const isDevLike = ['development', 'staging', 'test'].indexOf(environment) > -1;
   const isProdLike = ['production', 'staging'].indexOf(environment) > -1;
   switch (true) {
@@ -88,6 +94,10 @@ module.exports = function(environment, $ = process.env) {
           typeof $['CONSUL_NSPACES_ENABLED'] !== 'undefined'
             ? !!JSON.parse(String($['CONSUL_NSPACES_ENABLED']).toLowerCase())
             : true,
+        CONSUL_SSO_ENABLED:
+          typeof $['CONSUL_SSO_ENABLED'] !== 'undefined'
+            ? !!JSON.parse(String($['CONSUL_SSO_ENABLED']).toLowerCase())
+            : false,
         '@hashicorp/ember-cli-api-double': {
           'auto-import': false,
           enabled: true,
@@ -107,6 +117,7 @@ module.exports = function(environment, $ = process.env) {
     case environment === 'staging':
       ENV = Object.assign({}, ENV, {
         CONSUL_NSPACES_ENABLED: true,
+        CONSUL_SSO_ENABLED: true,
         '@hashicorp/ember-cli-api-double': {
           enabled: true,
           endpoints: {
@@ -118,13 +129,14 @@ module.exports = function(environment, $ = process.env) {
     case environment === 'production':
       ENV = Object.assign({}, ENV, {
         CONSUL_ACLS_ENABLED: '{{.ACLsEnabled}}',
+        CONSUL_SSO_ENABLED: '{{.SSOEnabled}}',
         CONSUL_NSPACES_ENABLED:
           '{{ if .NamespacesEnabled }}{{.NamespacesEnabled}}{{ else }}false{{ end }}',
       });
       break;
   }
   switch (true) {
-    case isDevLike:
+    case isTestLike:
       ENV = Object.assign({}, ENV, {
         CONSUL_ACLS_ENABLED: true,
         // 'APP': Object.assign({}, ENV.APP, {
diff --git a/ui-v2/lib/startup/index.js b/ui-v2/lib/startup/index.js
index 2247f1f06b32..dcc03fc5e6e7 100644
--- a/ui-v2/lib/startup/index.js
+++ b/ui-v2/lib/startup/index.js
@@ -17,6 +17,9 @@ const express = require('express');
 module.exports = {
   name: 'startup',
   serverMiddleware: function(server) {
+    // TODO: see if we can move these into the project specific `/server` directory
+    // instead of inside an addon
+
     // Serve the coverage folder for easy viewing during development
     server.app.use('/coverage', express.static('coverage'));
 
diff --git a/ui-v2/lib/startup/templates/head.html.js b/ui-v2/lib/startup/templates/head.html.js
index 5b10fbe53258..db2ffa864b7b 100644
--- a/ui-v2/lib/startup/templates/head.html.js
+++ b/ui-v2/lib/startup/templates/head.html.js
@@ -25,7 +25,8 @@ module.exports = ({ appName, environment, rootURL, config }) => `
       {
         rootURL: '${rootURL}',
         CONSUL_ACLS_ENABLED: ${config.CONSUL_ACLS_ENABLED},
-        CONSUL_NSPACES_ENABLED: ${config.CONSUL_NSPACES_ENABLED}
+        CONSUL_NSPACES_ENABLED: ${config.CONSUL_NSPACES_ENABLED},
+        CONSUL_SSO_ENABLED: ${config.CONSUL_SSO_ENABLED}
       }
     );
   </script>
diff --git a/ui-v2/node-tests/config/environment.js b/ui-v2/node-tests/config/environment.js
index 0efc70e33651..8caac5262a07 100644
--- a/ui-v2/node-tests/config/environment.js
+++ b/ui-v2/node-tests/config/environment.js
@@ -10,6 +10,7 @@ test(
         environment: 'production',
         CONSUL_BINARY_TYPE: 'oss',
         CONSUL_ACLS_ENABLED: '{{.ACLsEnabled}}',
+        CONSUL_SSO_ENABLED: '{{.SSOEnabled}}',
         CONSUL_NSPACES_ENABLED: '{{ if .NamespacesEnabled }}{{.NamespacesEnabled}}{{ else }}false{{ end }}',
       },
       {
@@ -17,6 +18,7 @@ test(
         CONSUL_BINARY_TYPE: 'oss',
         CONSUL_ACLS_ENABLED: true,
         CONSUL_NSPACES_ENABLED: true,
+        CONSUL_SSO_ENABLED: false,
       },
       {
         $: {
@@ -26,12 +28,24 @@ test(
         CONSUL_BINARY_TYPE: 'oss',
         CONSUL_ACLS_ENABLED: true,
         CONSUL_NSPACES_ENABLED: false,
+        CONSUL_SSO_ENABLED: false,
+      },
+      {
+        $: {
+          CONSUL_SSO_ENABLED: 0
+        },
+        environment: 'test',
+        CONSUL_BINARY_TYPE: 'oss',
+        CONSUL_ACLS_ENABLED: true,
+        CONSUL_NSPACES_ENABLED: true,
+        CONSUL_SSO_ENABLED: false,
       },
       {
         environment: 'staging',
         CONSUL_BINARY_TYPE: 'oss',
         CONSUL_ACLS_ENABLED: true,
         CONSUL_NSPACES_ENABLED: true,
+        CONSUL_SSO_ENABLED: true,
       }
     ].forEach(
       function(item) {
diff --git a/ui-v2/public/oidc/callback b/ui-v2/public/oidc/callback
new file mode 100644
index 000000000000..ad9923478c78
--- /dev/null
+++ b/ui-v2/public/oidc/callback
@@ -0,0 +1,19 @@
+<!DOCTYPE html>
+<html>
+  <head>
+    <meta charset="UTF-8">
+    <title>Consul</title>
+    <script>
+      var CURRENT_REQUEST_KEY = '__torii_request';
+      var pendingRequestKey = window.localStorage.getItem(CURRENT_REQUEST_KEY);
+
+      if (pendingRequestKey) {
+        window.localStorage.removeItem(CURRENT_REQUEST_KEY);
+        var url = window.location.toString();
+        window.localStorage.setItem(pendingRequestKey, url);
+      }
+
+      window.close();
+    </script>
+  </head>
+</html>
diff --git a/ui-v2/server/index.js b/ui-v2/server/index.js
new file mode 100644
index 000000000000..a38cb9d893b4
--- /dev/null
+++ b/ui-v2/server/index.js
@@ -0,0 +1,26 @@
+'use strict';
+const fs = require('fs');
+const promisify = require('util').promisify;
+const read = promisify(fs.readFile);
+
+module.exports = function(app, options) {
+  // During development the proxy server has no way of
+  // knowing the content/mime type of our `oidc/callback` file
+  // as it has no extension.
+  // This shims the default server to set the correct headers
+  // just for this file
+
+  const file = `/oidc/callback`;
+  const rootURL = options.rootURL;
+  const url = `${rootURL.substr(0, rootURL.length - 1)}${file}`;
+  app.use(function(req, resp, next) {
+    if (req.url.split('?')[0] === url) {
+      return read(`${process.cwd()}/public${file}`).then(function(buffer) {
+        resp.header('Content-Type', 'text/html');
+        resp.write(buffer.toString());
+        resp.end();
+      });
+    }
+    next();
+  });
+};
diff --git a/ui-v2/tests/acceptance/dc/acls/policies/as-many/add-existing.feature b/ui-v2/tests/acceptance/dc/acls/policies/as-many/add-existing.feature
index a45329adb9e4..99e4a3afd669 100644
--- a/ui-v2/tests/acceptance/dc/acls/policies/as-many/add-existing.feature
+++ b/ui-v2/tests/acceptance/dc/acls/policies/as-many/add-existing.feature
@@ -20,10 +20,10 @@ Feature: dc / acls / policies / as many / add existing: Add existing policy
       [Model]: key
     ---
     Then the url should be /datacenter/acls/[Model]s/key
-    And I click "#policies .ember-power-select-trigger"
+    And I click "form > #policies .ember-power-select-trigger"
     And I click ".ember-power-select-option:first-child"
     And I see 1 policy model on the policies component
-    And I click "#policies .ember-power-select-trigger"
+    And I click "form > #policies .ember-power-select-trigger"
     And I click ".ember-power-select-option:nth-child(1)"
     And I see 2 policy models on the policies component
     And I submit
diff --git a/ui-v2/tests/acceptance/dc/acls/roles/as-many/add-existing.feature b/ui-v2/tests/acceptance/dc/acls/roles/as-many/add-existing.feature
index 370c9e9c64f1..21b3bed6c322 100644
--- a/ui-v2/tests/acceptance/dc/acls/roles/as-many/add-existing.feature
+++ b/ui-v2/tests/acceptance/dc/acls/roles/as-many/add-existing.feature
@@ -21,10 +21,10 @@ Feature: dc / acls / roles / as many / add existing: Add existing
       token: key
     ---
     Then the url should be /datacenter/acls/tokens/key
-    And I click "#roles .ember-power-select-trigger"
+    And I click "form > #roles .ember-power-select-trigger"
     And I click ".ember-power-select-option:first-child"
     And I see 1 role model on the roles component
-    And I click "#roles .ember-power-select-trigger"
+    And I click "form > #roles .ember-power-select-trigger"
     And I click ".ember-power-select-option:nth-child(1)"
     And I see 2 role models on the roles component
     Then I fill in with yaml
diff --git a/ui-v2/tests/acceptance/dc/error.feature b/ui-v2/tests/acceptance/dc/error.feature
index c4b03eaa6f0f..bd6a80c17c29 100644
--- a/ui-v2/tests/acceptance/dc/error.feature
+++ b/ui-v2/tests/acceptance/dc/error.feature
@@ -22,7 +22,7 @@ Feature: dc / error: Recovering from a dc 500 error
     ---
     Then the url should be /dc-500/services
     And the title should be "Consul"
-    Then I see the text "500 (The backend responded with an error)" in "[data-test-error]"
+    Then I see status on the error like "500"
   Scenario: Clicking the back to root button
     Given the url "/v1/internal/ui/services" responds with a 200 status
     When I click home
diff --git a/ui-v2/tests/acceptance/dc/services/error.feature b/ui-v2/tests/acceptance/dc/services/error.feature
index f519f5de586b..1ee48f4af53d 100644
--- a/ui-v2/tests/acceptance/dc/services/error.feature
+++ b/ui-v2/tests/acceptance/dc/services/error.feature
@@ -10,7 +10,7 @@ Feature: dc / services / error
     ---
       dc: 404-datacenter
     ---
-    Then I see the text "404 (Page not found)" in "[data-test-error]"
+    Then I see status on the error like "404"
   @notNamespaceable
   Scenario: Arriving at the service page
     Given 2 datacenter models from yaml
@@ -23,7 +23,7 @@ Feature: dc / services / error
     ---
       dc: dc-1
     ---
-    Then I see the text "500 (The backend responded with an error)" in "[data-test-error]"
+    Then I see status on the error like "500"
     # This is the actual step that works slightly differently
     # When running through namespaces as the dc menu says 'Error'
     # which is still kind of ok
diff --git a/ui-v2/tests/acceptance/dc/services/instances/error.feature b/ui-v2/tests/acceptance/dc/services/instances/error.feature
index 0a12d2b35137..6f55bd55942d 100644
--- a/ui-v2/tests/acceptance/dc/services/instances/error.feature
+++ b/ui-v2/tests/acceptance/dc/services/instances/error.feature
@@ -11,6 +11,6 @@ Feature: dc / services / instances / error: Visit Service Instance what doesn't
       id: id-that-doesnt-exist
     ---
     Then the url should be /dc1/services/service-0/instances/node-0/id-that-doesnt-exist
-    And I see the text "404 (Unable to find instance)" in "[data-test-error]"
+    Then I see status on the error like "404"
 
 
diff --git a/ui-v2/tests/acceptance/dc/acls/tokens/login-errors.feature b/ui-v2/tests/acceptance/login-errors.feature
similarity index 82%
rename from ui-v2/tests/acceptance/dc/acls/tokens/login-errors.feature
rename to ui-v2/tests/acceptance/login-errors.feature
index b225d7b859d9..f045d4f4cce9 100644
--- a/ui-v2/tests/acceptance/dc/acls/tokens/login-errors.feature
+++ b/ui-v2/tests/acceptance/login-errors.feature
@@ -1,5 +1,5 @@
 @setupApplicationTest
-Feature: dc / acls / tokens / login-errors: ACL Login Errors
+Feature: login-errors: Login Errors
 
   Scenario: I get any 500 error that is not the specific legacy token cluster one
     Given 1 datacenter model with the value "dc-1"
@@ -9,7 +9,7 @@ Feature: dc / acls / tokens / login-errors: ACL Login Errors
       dc: dc-1
     ---
     Then the url should be /dc-1/acls/tokens
-    Then I see the text "500 (The backend responded with an error)" in "[data-test-error]"
+    Then I see status on the error like "500"
   Scenario: I get a 500 error from acl/tokens that is the specific legacy one
     Given 1 datacenter model with the value "dc-1"
     And the url "/v1/acl/tokens?ns=@namespace" responds with from yaml
@@ -43,11 +43,11 @@ Feature: dc / acls / tokens / login-errors: ACL Login Errors
     ---
     Then the url should be /dc-1/acls/tokens
     Then ".app-view" has the "unauthorized" class
-    Then I fill in with yaml
+    And I click login on the navigation
+    And I fill in the auth form with yaml
     ---
-    secret: something
+    SecretID: something
     ---
-    And I submit
-    Then ".app-view" has the "unauthorized" class
-    And "[data-notification]" has the "error" class
+    And I click submit on the authdialog.form
+    Then I see status on the error like "403"
 
diff --git a/ui-v2/tests/acceptance/dc/acls/tokens/login.feature b/ui-v2/tests/acceptance/login.feature
similarity index 64%
rename from ui-v2/tests/acceptance/dc/acls/tokens/login.feature
rename to ui-v2/tests/acceptance/login.feature
index 76c1cf3a6104..42aff3a1fe60 100644
--- a/ui-v2/tests/acceptance/dc/acls/tokens/login.feature
+++ b/ui-v2/tests/acceptance/login.feature
@@ -1,6 +1,6 @@
 @setupApplicationTest
-Feature: dc / acls / tokens / login
-  Scenario: Logging into the ACLs login page
+Feature: login
+  Scenario: Logging into the login page from ACLs tokens
     Given 1 datacenter model with the value "dc-1"
     And the url "/v1/acl/tokens" responds with a 403 status
     When I visit the tokens page for yaml
@@ -8,11 +8,12 @@ Feature: dc / acls / tokens / login
     dc: dc-1
     ---
     Then the url should be /dc-1/acls/tokens
-    And I fill in with yaml
+    And I click login on the navigation
+    And I fill in the auth form with yaml
     ---
-    secret: something
+    SecretID: something
     ---
-    And I submit
+    And I click submit on the authdialog.form
     Then a GET request was made to "/v1/acl/token/self?dc=dc-1" from yaml
     ---
     headers:
diff --git a/ui-v2/tests/acceptance/steps/login-errors-steps.js b/ui-v2/tests/acceptance/steps/login-errors-steps.js
new file mode 100644
index 000000000000..c900334997cb
--- /dev/null
+++ b/ui-v2/tests/acceptance/steps/login-errors-steps.js
@@ -0,0 +1,10 @@
+import steps from './steps';
+
+// step definitions that are shared between features should be moved to the
+// tests/acceptance/steps/steps.js file
+
+export default function(assert) {
+  return steps(assert).then('I should find a file', function() {
+    assert.ok(true, this.step);
+  });
+}
diff --git a/ui-v2/tests/acceptance/steps/login-steps.js b/ui-v2/tests/acceptance/steps/login-steps.js
new file mode 100644
index 000000000000..c900334997cb
--- /dev/null
+++ b/ui-v2/tests/acceptance/steps/login-steps.js
@@ -0,0 +1,10 @@
+import steps from './steps';
+
+// step definitions that are shared between features should be moved to the
+// tests/acceptance/steps/steps.js file
+
+export default function(assert) {
+  return steps(assert).then('I should find a file', function() {
+    assert.ok(true, this.step);
+  });
+}
diff --git a/ui-v2/tests/acceptance/token-header.feature b/ui-v2/tests/acceptance/token-header.feature
index 00c40679aab0..8c016fd2cece 100644
--- a/ui-v2/tests/acceptance/token-header.feature
+++ b/ui-v2/tests/acceptance/token-header.feature
@@ -21,11 +21,12 @@ Feature: token-header
       dc: datacenter
     ---
     Then the url should be /datacenter/acls/tokens
-    Then I fill in with yaml
+    And I click login on the navigation
+    And I fill in the auth form with yaml
     ---
-      secret: [Token]
+    SecretID: [Token]
     ---
-    And I submit
+    And I click submit on the authdialog.form
     When I visit the index page
     Then the url should be /datacenter/services
     And a GET request was made to "/v1/internal/ui/services?dc=datacenter&ns=@namespace" from yaml
diff --git a/ui-v2/tests/integration/components/auth-dialog-test.js b/ui-v2/tests/integration/components/auth-dialog-test.js
new file mode 100644
index 000000000000..32b6594032f6
--- /dev/null
+++ b/ui-v2/tests/integration/components/auth-dialog-test.js
@@ -0,0 +1,26 @@
+import { module, test } from 'qunit';
+import { setupRenderingTest } from 'ember-qunit';
+import { render } from '@ember/test-helpers';
+import { hbs } from 'ember-cli-htmlbars';
+
+module('Integration | Component | auth-dialog', function(hooks) {
+  setupRenderingTest(hooks);
+
+  test('it renders', async function(assert) {
+    // Set any properties with this.set('myProperty', 'value');
+    // Handle any actions with this.set('myAction', function(val) { ... });
+
+    await render(hbs`<AuthDialog />`);
+
+    assert.equal(this.element.textContent.trim(), '');
+
+    // Template block usage:
+    await render(hbs`
+      <AuthDialog>
+        template block text
+      </AuthDialog>
+    `);
+
+    assert.equal(this.element.textContent.trim(), 'template block text');
+  });
+});
diff --git a/ui-v2/tests/integration/components/auth-profile-test.js b/ui-v2/tests/integration/components/auth-profile-test.js
new file mode 100644
index 000000000000..fcd24d331ae6
--- /dev/null
+++ b/ui-v2/tests/integration/components/auth-profile-test.js
@@ -0,0 +1,24 @@
+import { module, test } from 'qunit';
+import { setupRenderingTest } from 'ember-qunit';
+import { render } from '@ember/test-helpers';
+import { hbs } from 'ember-cli-htmlbars';
+
+module('Integration | Component | auth-profile', function(hooks) {
+  setupRenderingTest(hooks);
+
+  test('it renders', async function(assert) {
+    // Set any properties with this.set('myProperty', 'value');
+    // Handle any actions with this.set('myAction', function(val) { ... });
+
+    await render(hbs`<AuthProfile />`);
+
+    assert.ok(this.element.textContent.indexOf('AccessorID') !== -1);
+
+    // Template block usage:
+    await render(hbs`
+      <AuthProfile></AuthProfile>
+    `);
+
+    assert.ok(this.element.textContent.indexOf('AccessorID') !== -1);
+  });
+});
diff --git a/ui-v2/tests/integration/components/jwt-source-test.js b/ui-v2/tests/integration/components/jwt-source-test.js
new file mode 100644
index 000000000000..1464858d680b
--- /dev/null
+++ b/ui-v2/tests/integration/components/jwt-source-test.js
@@ -0,0 +1,17 @@
+import { module, skip } from 'qunit';
+import { setupRenderingTest } from 'ember-qunit';
+import { render } from '@ember/test-helpers';
+import hbs from 'htmlbars-inline-precompile';
+
+module('Integration | Component | jwt-source', function(hooks) {
+  setupRenderingTest(hooks);
+
+  skip('it renders', async function(assert) {
+    // Set any properties with this.set('myProperty', 'value');
+    // Handle any actions with this.set('myAction', function(val) { ... });
+
+    await render(hbs`<JwtSource />`);
+
+    assert.equal(this.element.textContent.trim(), '');
+  });
+});
diff --git a/ui-v2/tests/integration/components/oidc-select-test.js b/ui-v2/tests/integration/components/oidc-select-test.js
new file mode 100644
index 000000000000..16df66580b82
--- /dev/null
+++ b/ui-v2/tests/integration/components/oidc-select-test.js
@@ -0,0 +1,26 @@
+import { module, skip } from 'qunit';
+import { setupRenderingTest } from 'ember-qunit';
+import { render } from '@ember/test-helpers';
+import { hbs } from 'ember-cli-htmlbars';
+
+module('Integration | Component | oidc-select', function(hooks) {
+  setupRenderingTest(hooks);
+
+  skip('it renders', async function(assert) {
+    // Set any properties with this.set('myProperty', 'value');
+    // Handle any actions with this.set('myAction', function(val) { ... });
+
+    await render(hbs`<OidcSelect />`);
+
+    assert.equal(this.element.textContent.trim(), '');
+
+    // Template block usage:
+    await render(hbs`
+      <OidcSelect>
+        template block text
+      </OidcSelect>
+    `);
+
+    assert.equal(this.element.textContent.trim(), 'template block text');
+  });
+});
diff --git a/ui-v2/tests/integration/serializers/oidc-provider-test.js b/ui-v2/tests/integration/serializers/oidc-provider-test.js
new file mode 100644
index 000000000000..6a4925e13336
--- /dev/null
+++ b/ui-v2/tests/integration/serializers/oidc-provider-test.js
@@ -0,0 +1,75 @@
+import { module, test } from 'qunit';
+import { setupTest } from 'ember-qunit';
+
+import { get } from 'consul-ui/tests/helpers/api';
+import {
+  HEADERS_SYMBOL as META,
+  HEADERS_DATACENTER as DC,
+  HEADERS_NAMESPACE as NSPACE,
+} from 'consul-ui/utils/http/consul';
+
+module('Integration | Serializer | oidc-provider', function(hooks) {
+  setupTest(hooks);
+  const dc = 'dc-1';
+  const undefinedNspace = 'default';
+  [undefinedNspace, 'team-1', undefined].forEach(nspace => {
+    test(`respondForQuery returns the correct data for list endpoint when the nspace is ${nspace}`, function(assert) {
+      const serializer = this.owner.lookup('serializer:oidc-provider');
+      const request = {
+        url: `/v1/internal/ui/oidc-auth-methods?dc=${dc}`,
+      };
+      return get(request.url).then(function(payload) {
+        const expected = payload.map(item =>
+          Object.assign({}, item, {
+            Datacenter: dc,
+            Namespace: item.Namespace || undefinedNspace,
+            uid: `["${item.Namespace || undefinedNspace}","${dc}","${item.Name}"]`,
+          })
+        );
+        const actual = serializer.respondForQuery(
+          function(cb) {
+            const headers = {};
+            const body = payload;
+            return cb(headers, body);
+          },
+          {
+            dc: dc,
+          }
+        );
+        assert.deepEqual(actual, expected);
+      });
+    });
+    test(`respondForQueryRecord returns the correct data for item endpoint when the nspace is ${nspace}`, function(assert) {
+      const serializer = this.owner.lookup('serializer:oidc-provider');
+      const dc = 'dc-1';
+      const id = 'slug';
+      const request = {
+        url: `/v1/acl/oidc/auth-url?dc=${dc}`,
+      };
+      return get(request.url).then(function(payload) {
+        const expected = Object.assign({}, payload, {
+          Name: id,
+          Datacenter: dc,
+          [META]: {
+            [DC.toLowerCase()]: dc,
+            [NSPACE.toLowerCase()]: payload.Namespace || undefinedNspace,
+          },
+          Namespace: payload.Namespace || undefinedNspace,
+          uid: `["${payload.Namespace || undefinedNspace}","${dc}","${id}"]`,
+        });
+        const actual = serializer.respondForQueryRecord(
+          function(cb) {
+            const headers = {};
+            const body = payload;
+            return cb(headers, body);
+          },
+          {
+            dc: dc,
+            id: id,
+          }
+        );
+        assert.deepEqual(actual, expected);
+      });
+    });
+  });
+});
diff --git a/ui-v2/tests/pages.js b/ui-v2/tests/pages.js
index 65af4f154f24..a925ae7e0d04 100644
--- a/ui-v2/tests/pages.js
+++ b/ui-v2/tests/pages.js
@@ -1,5 +1,5 @@
 import {
-  create,
+  create as createPage,
   clickable,
   is,
   attribute,
@@ -16,7 +16,6 @@ import createCancelable from 'consul-ui/tests/lib/page-object/createCancelable';
 
 // TODO: All component-like page objects should be moved into the component folder
 // along with all of its other dependencies once we can mae ember-cli ignore them
-import page from 'consul-ui/tests/pages/components/page';
 import radiogroup from 'consul-ui/tests/lib/page-object/radiogroup';
 import tabgroup from 'consul-ui/tests/lib/page-object/tabgroup';
 import freetextFilter from 'consul-ui/tests/pages/components/freetext-filter';
@@ -30,7 +29,9 @@ import policyFormFactory from 'consul-ui/tests/pages/components/policy-form';
 import policySelectorFactory from 'consul-ui/tests/pages/components/policy-selector';
 import roleFormFactory from 'consul-ui/tests/pages/components/role-form';
 import roleSelectorFactory from 'consul-ui/tests/pages/components/role-selector';
+import pageFactory from 'consul-ui/tests/pages/components/page';
 import consulIntentionListFactory from 'consul-ui/tests/pages/components/consul-intention-list';
+import authFormFactory from 'consul-ui/tests/pages/components/auth-form';
 
 // TODO: should this specifically be modal or form?
 // should all forms be forms?
@@ -72,12 +73,21 @@ const roleForm = roleFormFactory(submitable, cancelable, policySelector);
 const roleSelector = roleSelectorFactory(clickable, deletable, collection, alias, roleForm);
 
 const consulIntentionList = consulIntentionListFactory(collection, clickable, attribute, deletable);
+const authForm = authFormFactory(submitable, clickable, attribute);
+const page = pageFactory(clickable, attribute, is, authForm);
 
+const create = function(appView) {
+  appView = {
+    ...page(),
+    ...appView,
+  };
+  return createPage(appView);
+};
 export default {
   index: create(index(visitable, collection)),
   dcs: create(dcs(visitable, clickable, attribute, collection)),
   services: create(
-    services(visitable, clickable, text, attribute, collection, page, popoverSort, radiogroup)
+    services(visitable, clickable, text, attribute, collection, popoverSort, radiogroup)
   ),
   service: create(
     service(visitable, attribute, collection, text, consulIntentionList, catalogToolbar, tabgroup)
diff --git a/ui-v2/tests/pages/components/auth-form.js b/ui-v2/tests/pages/components/auth-form.js
new file mode 100644
index 000000000000..040474961fb8
--- /dev/null
+++ b/ui-v2/tests/pages/components/auth-form.js
@@ -0,0 +1,6 @@
+export default (submitable, clickable, attribute) => (scope = '.auth-form') => {
+  return {
+    scope: scope,
+    ...submitable(),
+  };
+};
diff --git a/ui-v2/tests/pages/components/page.js b/ui-v2/tests/pages/components/page.js
index 14742a504f08..6bac5b0b7a28 100644
--- a/ui-v2/tests/pages/components/page.js
+++ b/ui-v2/tests/pages/components/page.js
@@ -1,33 +1,50 @@
-import { clickable, is } from 'ember-cli-page-object';
-const page = {
-  navigation: ['services', 'nodes', 'kvs', 'acls', 'intentions', 'docs', 'settings'].reduce(
-    function(prev, item, i, arr) {
-      const key = item;
-      return Object.assign({}, prev, {
-        [key]: clickable(`[data-test-main-nav-${item}] a`),
-      });
+export default (clickable, attribute, is, authForm) => scope => {
+  const page = {
+    navigation: [
+      'services',
+      'nodes',
+      'kvs',
+      'acls',
+      'intentions',
+      'help',
+      'settings',
+      'auth',
+    ].reduce(
+      function(prev, item, i, arr) {
+        const key = item;
+        return Object.assign({}, prev, {
+          [key]: clickable(`[data-test-main-nav-${item}] > *`),
+        });
+      },
+      {
+        scope: '[data-test-navigation]',
+      }
+    ),
+    footer: ['copyright', 'docs'].reduce(
+      function(prev, item, i, arr) {
+        const key = item;
+        return Object.assign({}, prev, {
+          [key]: clickable(`[data-test-main-nav-${item}`),
+        });
+      },
+      {
+        scope: '[data-test-footer]',
+      }
+    ),
+    authdialog: {
+      form: authForm(),
     },
-    {
-      scope: '[data-test-navigation]',
-    }
-  ),
-  footer: ['copyright', 'docs'].reduce(
-    function(prev, item, i, arr) {
-      const key = item;
-      return Object.assign({}, prev, {
-        [key]: clickable(`[data-test-main-nav-${item}`),
-      });
+    error: {
+      status: attribute('data-test-status', '[data-test-status]'),
     },
-    {
-      scope: '[data-test-footer]',
-    }
-  ),
+  };
+  page.navigation.login = clickable('[data-test-main-nav-auth] label');
+  page.navigation.dc = clickable('[data-test-datacenter-menu] button');
+  page.navigation.nspace = clickable('[data-test-nspace-menu] button');
+  page.navigation.manageNspaces = clickable('[data-test-main-nav-nspaces] a');
+  page.navigation.manageNspacesIsVisible = is(
+    ':checked',
+    '[data-test-nspace-menu] > input[type="checkbox"]'
+  );
+  return page;
 };
-page.navigation.dc = clickable('[data-test-datacenter-menu] button');
-page.navigation.nspace = clickable('[data-test-nspace-menu] button');
-page.navigation.manageNspaces = clickable('[data-test-main-nav-nspaces] a');
-page.navigation.manageNspacesIsVisible = is(
-  ':checked',
-  '[data-test-nspace-menu] > input[type="checkbox"]'
-);
-export default page;
diff --git a/ui-v2/tests/pages/dc/acls/edit.js b/ui-v2/tests/pages/dc/acls/edit.js
index 71c0620717a9..a1648fb87f7b 100644
--- a/ui-v2/tests/pages/dc/acls/edit.js
+++ b/ui-v2/tests/pages/dc/acls/edit.js
@@ -6,6 +6,7 @@ export default function(visitable, submitable, deletable, cancelable, clickable)
         use: clickable('[data-test-use]'),
         confirmUse: clickable('button.type-delete'),
       })
-    )
+    ),
+    'main'
   );
 }
diff --git a/ui-v2/tests/pages/dc/acls/policies/edit.js b/ui-v2/tests/pages/dc/acls/policies/edit.js
index 57e80a0cb347..d3123ce2f452 100644
--- a/ui-v2/tests/pages/dc/acls/policies/edit.js
+++ b/ui-v2/tests/pages/dc/acls/policies/edit.js
@@ -1,9 +1,9 @@
 export default function(visitable, submitable, deletable, cancelable, clickable, tokenList) {
   return {
     visit: visitable(['/:dc/acls/policies/:policy', '/:dc/acls/policies/create']),
-    ...submitable({}, 'form > div'),
-    ...cancelable({}, 'form > div'),
-    ...deletable({}, 'form > div'),
+    ...submitable({}, 'main form > div'),
+    ...cancelable({}, 'main form > div'),
+    ...deletable({}, 'main form > div'),
     tokens: tokenList(),
     validDatacenters: clickable('[name="policy[isScoped]"]'),
     datacenter: clickable('[name="policy[Datacenters]"]'),
diff --git a/ui-v2/tests/pages/dc/acls/roles/edit.js b/ui-v2/tests/pages/dc/acls/roles/edit.js
index 85a794801f4b..bc1f95864f6c 100644
--- a/ui-v2/tests/pages/dc/acls/roles/edit.js
+++ b/ui-v2/tests/pages/dc/acls/roles/edit.js
@@ -1,9 +1,9 @@
 export default function(visitable, submitable, deletable, cancelable, policySelector, tokenList) {
   return {
     visit: visitable(['/:dc/acls/roles/:role', '/:dc/acls/roles/create']),
-    ...submitable({}, 'form > div'),
-    ...cancelable({}, 'form > div'),
-    ...deletable({}, 'form > div'),
+    ...submitable({}, 'main form > div'),
+    ...cancelable({}, 'main form > div'),
+    ...deletable({}, 'main form > div'),
     policies: policySelector(''),
     tokens: tokenList(),
   };
diff --git a/ui-v2/tests/pages/dc/acls/tokens/edit.js b/ui-v2/tests/pages/dc/acls/tokens/edit.js
index 4a5c533e5fc1..817ba1d7afe2 100644
--- a/ui-v2/tests/pages/dc/acls/tokens/edit.js
+++ b/ui-v2/tests/pages/dc/acls/tokens/edit.js
@@ -9,9 +9,9 @@ export default function(
 ) {
   return {
     visit: visitable(['/:dc/acls/tokens/:token', '/:dc/acls/tokens/create']),
-    ...submitable({}, 'form > div'),
-    ...cancelable({}, 'form > div'),
-    ...deletable({}, 'form > div'),
+    ...submitable({}, 'main form > div'),
+    ...cancelable({}, 'main form > div'),
+    ...deletable({}, 'main form > div'),
     use: clickable('[data-test-use]'),
     confirmUse: clickable('button.type-delete'),
     clone: clickable('[data-test-clone]'),
diff --git a/ui-v2/tests/pages/dc/intentions/edit.js b/ui-v2/tests/pages/dc/intentions/edit.js
index a9cdff3866b1..a59d3ea19432 100644
--- a/ui-v2/tests/pages/dc/intentions/edit.js
+++ b/ui-v2/tests/pages/dc/intentions/edit.js
@@ -4,6 +4,7 @@ export default function(visitable, submitable, deletable, cancelable) {
       deletable({
         visit: visitable(['/:dc/intentions/:intention', '/:dc/intentions/create']),
       })
-    )
+    ),
+    'main'
   );
 }
diff --git a/ui-v2/tests/pages/dc/kv/edit.js b/ui-v2/tests/pages/dc/kv/edit.js
index 872579e71b5d..96af4d72db78 100644
--- a/ui-v2/tests/pages/dc/kv/edit.js
+++ b/ui-v2/tests/pages/dc/kv/edit.js
@@ -8,7 +8,7 @@ export default function(visitable, attribute, submitable, deletable, cancelable)
         .map(encodeURIComponent)
         .join('/');
     }),
-    ...submitable(),
+    ...submitable({}, 'main'),
     ...cancelable(),
     ...deletable(),
     session: {
diff --git a/ui-v2/tests/pages/dc/nspaces/edit.js b/ui-v2/tests/pages/dc/nspaces/edit.js
index df15b4498ed4..1fa0c5832543 100644
--- a/ui-v2/tests/pages/dc/nspaces/edit.js
+++ b/ui-v2/tests/pages/dc/nspaces/edit.js
@@ -8,9 +8,9 @@ export default function(
 ) {
   return {
     visit: visitable(['/:dc/namespaces/:namespace', '/:dc/namespaces/create']),
-    ...submitable({}, 'form > div'),
-    ...cancelable({}, 'form > div'),
-    ...deletable({}, 'form > div'),
+    ...submitable({}, 'main form > div'),
+    ...cancelable({}, 'main form > div'),
+    ...deletable({}, 'main form > div'),
     policies: policySelector(),
     roles: roleSelector(),
   };
diff --git a/ui-v2/tests/pages/dc/services/index.js b/ui-v2/tests/pages/dc/services/index.js
index 0d3ea9e4319d..54b796cf3db1 100644
--- a/ui-v2/tests/pages/dc/services/index.js
+++ b/ui-v2/tests/pages/dc/services/index.js
@@ -1,4 +1,4 @@
-export default function(visitable, clickable, text, attribute, collection, page, popoverSort) {
+export default function(visitable, clickable, text, attribute, collection, popoverSort) {
   const service = {
     name: text('[data-test-service-name]'),
     service: clickable('a'),
@@ -11,7 +11,6 @@ export default function(visitable, clickable, text, attribute, collection, page,
     dcs: collection('[data-test-datacenter-picker]', {
       name: clickable('a'),
     }),
-    navigation: page.navigation,
     home: clickable('[data-test-home]'),
     sort: popoverSort,
   };
diff --git a/ui-v2/tests/unit/models/oidc-provider-test.js b/ui-v2/tests/unit/models/oidc-provider-test.js
new file mode 100644
index 000000000000..4fd0358ddb04
--- /dev/null
+++ b/ui-v2/tests/unit/models/oidc-provider-test.js
@@ -0,0 +1,13 @@
+import { module, test } from 'qunit';
+import { setupTest } from 'ember-qunit';
+
+module('Unit | Model | oidc-provider', function(hooks) {
+  setupTest(hooks);
+
+  // Replace this with your real tests.
+  test('it exists', function(assert) {
+    let store = this.owner.lookup('service:store');
+    let model = store.createRecord('oidc-provider', {});
+    assert.ok(model);
+  });
+});
diff --git a/ui-v2/tests/unit/serializers/oidc-provider-test.js b/ui-v2/tests/unit/serializers/oidc-provider-test.js
new file mode 100644
index 000000000000..daae4531f802
--- /dev/null
+++ b/ui-v2/tests/unit/serializers/oidc-provider-test.js
@@ -0,0 +1,23 @@
+import { module, test } from 'qunit';
+import { setupTest } from 'ember-qunit';
+
+module('Unit | Serializer | oidc-provider', function(hooks) {
+  setupTest(hooks);
+
+  // Replace this with your real tests.
+  test('it exists', function(assert) {
+    let store = this.owner.lookup('service:store');
+    let serializer = store.serializerFor('oidc-provider');
+
+    assert.ok(serializer);
+  });
+
+  test('it serializes records', function(assert) {
+    let store = this.owner.lookup('service:store');
+    let record = store.createRecord('oidc-provider', {});
+
+    let serializedRecord = record.serialize();
+
+    assert.ok(serializedRecord);
+  });
+});