Mirrors/unleash.unleash
1
0
Fork 0
mirror of https://github.com/Unleash/unleash.git synced 2025-01-11 00:08:30 +01:00
Code Issues Projects Releases Wiki Activity

feat: Added configurable signing algorithm to OIDC configuration (#3522)

Browse Source 
We've had requests from customers that use RS512 as the default signing
algorithm in their OIDC server deployment. This PR adds that as a config
variable to the OIDC form.
This commit is contained in:
Christopher Kolstad 2023-04-18 10:42:32 +02:00 committed by GitHub
parent 56f1fa330a
commit 867a514d1f
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
31 changed files with 271 additions and 28 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

42
frontend/src/component/admin/auth/OidcAuth/OidcAuth.tsx
View File

@ -1,8 +1,12 @@
import React, { useContext, useEffect, useState } from 'react';
import {
Button,
FormControl,
FormControlLabel,
Grid,
InputLabel,
MenuItem,
Select,
Switch,
TextField,
} from '@mui/material';
@ -30,6 +34,7 @@ const initialState = {
discoverUrl: '',
secret: '',
acrValues: '',
idTokenSigningAlgorithm: 'RS256',
};
export const OidcAuth = () => {
@ -244,7 +249,42 @@ export const OidcAuth = () => {
setValue={setValue}
/>
<AutoCreateForm data={data} setValue={setValue} />
<Grid container spacing={3} mb={2}>
<Grid item md={5}>
<strong>ID Signing algorithm</strong>
<p>
Which signing algorithm to use. <br /> Leave this
alone unless you see errors that look like
"unexpected JWT alg received, expected RS256, got:
RS512" in your logs.
</p>
</Grid>
<Grid item md={6}>
<FormControl style={{ minWidth: '200px' }}>
<InputLabel id="defaultRootRole-label">
Signing algorithm
</InputLabel>
<Select
label="Signing algorithm"
labelId="idTokenSigningAlgorithm-label"
id="idTokenSigningAlgorithm"
name="idTokenSigningAlgorithm"
value={data.idTokenSigningAlgorithm || 'RS256'}
onChange={e =>
setValue(
'idTokenSigningAlgorithm',
e.target.value
)
}
>
{/*consider these from API or constants. */}
<MenuItem value="RS256">RS256</MenuItem>
<MenuItem value="RS384">RS384</MenuItem>
<MenuItem value="RS512">RS512</MenuItem>
</Select>
</FormControl>
</Grid>
</Grid>
<Grid container spacing={3}>
<Grid item md={12}>
<Button

23
frontend/src/openapi/models/_exportParams.ts
View File

@ -6,11 +6,32 @@
import type { _ExportFormat } from './_exportFormat';
export type _ExportParams = {
/**
* Desired export format. Must be either `json` or `yaml`.
*/
format?: _ExportFormat;
download?: boolean | string | number;
/**
* Whether exported data should be downloaded as a file.
*/
download?: string;
/**
* Whether strategies should be included in the exported data.
*/
strategies?: boolean | string | number;
/**
* Whether feature toggles should be included in the exported data.
*/
featureToggles?: boolean | string | number;
/**
* Whether projects should be included in the exported data.
*/
projects?: boolean | string | number;
/**
* Whether tag types, tags, and feature_tags should be included in the exported data.
*/
tags?: boolean | string | number;
/**
* Whether environments should be included in the exported data.
*/
environments?: boolean | string | number;
};

7
frontend/src/openapi/models/bulkMetricsSchema.ts
View File

@ -6,7 +6,10 @@
import type { BulkRegistrationSchema } from './bulkRegistrationSchema';
import type { ClientMetricsEnvSchema } from './clientMetricsEnvSchema';
/**
* A batch of metrics accumulated by Edge (or other compatible applications). Includes both application registrations as well usage metrics from clients
*/
export interface BulkMetricsSchema {
applications?: BulkRegistrationSchema[];
metrics?: ClientMetricsEnvSchema[];
applications: BulkRegistrationSchema[];
metrics: ClientMetricsEnvSchema[];
}

14
frontend/src/openapi/models/bulkRegistrationSchema.ts
View File

@ -6,13 +6,25 @@
import type { BulkRegistrationSchemaConnectViaItem } from './bulkRegistrationSchemaConnectViaItem';
import type { DateSchema } from './dateSchema';
/**
* An application registration. Defines the format POSTed by our server-side SDKs when they're starting up
*/
export interface BulkRegistrationSchema {
/** A list of applications this app registration has been registered through. If connected directly to Unleash, this is an empty list.
This can be used in later visualizations to tell how many levels of proxy or Edge instances our SDKs have connected through */
connectVia?: BulkRegistrationSchemaConnectViaItem[];
/** The name of the application that is evaluating toggles */
appName: string;
environment?: string;
/** Which environment the application is running in */
environment: string;
/** A [(somewhat) unique identifier](https://docs.getunleash.io/reference/sdks/node#advanced-usage) for the application */
instanceId: string;
/** How often (in seconds) the application refreshes its features */
interval?: number;
/** The application started at */
started?: DateSchema;
/** Enabled [strategies](https://docs.getunleash.io/reference/activation-strategies) in the application */
strategies?: string[];
/** The version the sdk is running. Typically <client>:<version> */
sdkVersion?: string;
}

11
frontend/src/openapi/models/changeRequestDefaultEventSchema.ts Normal file
View File

@ -0,0 +1,11 @@
/**
* Generated by Orval
* Do not edit manually.
* See `gen:api` script in package.json
*/
import type { ChangeRequestDefaultEventSchemaPayload } from './changeRequestDefaultEventSchemaPayload';
export interface ChangeRequestDefaultEventSchema {
action: string;
payload: ChangeRequestDefaultEventSchemaPayload;
}

7
frontend/src/openapi/models/changeRequestDefaultEventSchemaPayload.ts Normal file
View File

@ -0,0 +1,7 @@
/**
* Generated by Orval
* Do not edit manually.
* See `gen:api` script in package.json
*/
export type ChangeRequestDefaultEventSchemaPayload = { [key: string]: any };

9
frontend/src/openapi/models/changeRequestEditTitleSchema.ts Normal file
View File

@ -0,0 +1,9 @@
/**
* Generated by Orval
* Do not edit manually.
* See `gen:api` script in package.json
*/
export interface ChangeRequestEditTitleSchema {
title: string;
}

2
frontend/src/openapi/models/changeRequestFeatureSchema.ts
View File

@ -4,9 +4,11 @@
* See `gen:api` script in package.json
*/
import type { ChangeRequestEventSchema } from './changeRequestEventSchema';
import type { ChangeRequestDefaultEventSchema } from './changeRequestDefaultEventSchema';
export interface ChangeRequestFeatureSchema {
name: string;
conflict?: string;
changes: ChangeRequestEventSchema[];
defaultChange?: ChangeRequestDefaultEventSchema;
}

1
frontend/src/openapi/models/changeRequestSchema.ts
View File

@ -11,6 +11,7 @@ import type { ChangeRequestSchemaCreatedBy } from './changeRequestSchemaCreatedB
export interface ChangeRequestSchema {
id: number;
title?: string;
environment: string;
state: ChangeRequestSchemaState;
minApprovals: number;

1
frontend/src/openapi/models/changeRequestStateSchema.ts
View File

@ -7,4 +7,5 @@ import type { ChangeRequestStateSchemaState } from './changeRequestStateSchemaSt
export interface ChangeRequestStateSchema {
state: ChangeRequestStateSchemaState;
comment?: string;
}

12
frontend/src/openapi/models/clientMetricsEnvSchema.ts
View File

@ -6,13 +6,23 @@
import type { DateSchema } from './dateSchema';
import type { ClientMetricsEnvSchemaVariants } from './clientMetricsEnvSchemaVariants';
/**
* Used for reporting feature evaluation results from SDKs
*/
export interface ClientMetricsEnvSchema {
/** Name of the feature checked by the SDK */
featureName: string;
/** The name of the application the SDK is being used in */
appName: string;
environment?: string;
/** Which environment the SDK is being used in */
environment: string;
/** The start of the time window these metrics are valid for. The window is 1 hour wide */
timestamp?: DateSchema;
/** How many times the toggle evaluated to true */
yes?: number;
/** How many times the toggle evaluated to false */
no?: number;
/** How many times each variant was returned */
variants?: ClientMetricsEnvSchemaVariants;
[key: string]: any;
}

3
frontend/src/openapi/models/clientMetricsEnvSchemaVariants.ts
View File

@ -4,4 +4,7 @@
* See `gen:api` script in package.json
*/
/**
* How many times each variant was returned
*/
export type ClientMetricsEnvSchemaVariants = { [key: string]: number };

6
frontend/src/openapi/models/edgeTokenSchema.ts
View File

@ -5,8 +5,14 @@
*/
import type { EdgeTokenSchemaType } from './edgeTokenSchemaType';
/**
* A representation of a client token, limiting access to [CLIENT](https://docs.getunleash.io/reference/api-tokens-and-client-keys#client-tokens) (used by serverside SDKs) or [FRONTEND](https://docs.getunleash.io/reference/api-tokens-and-client-keys#front-end-tokens) (used by proxy SDKs)
*/
export interface EdgeTokenSchema {
/** The list of projects this token has access to. If the token has access to specific projects they will be listed here. If the token has access to all projects it will be represented as [`*`] */
projects: string[];
/** The [API token](https://docs.getunleash.io/reference/api-tokens-and-client-keys#api-tokens)'s **type**. Unleash supports three different types of API tokens ([ADMIN](https://docs.getunleash.io/reference/api-tokens-and-client-keys#admin-tokens), [CLIENT](https://docs.getunleash.io/reference/api-tokens-and-client-keys#client-tokens), [FRONTEND](https://docs.getunleash.io/reference/api-tokens-and-client-keys#front-end-tokens)). They all have varying access, so when validating a token it's important to know what kind you're dealing with */
type: EdgeTokenSchemaType;
/** The actual token value. [Unleash API tokens](https://docs.getunleash.io/reference/api-tokens-and-client-keys) are comprised of three parts. <project(s)>:<environment>.randomcharacters */
token: string;
}

3
frontend/src/openapi/models/edgeTokenSchemaType.ts
View File

@ -4,6 +4,9 @@
* See `gen:api` script in package.json
*/
/**
* The [API token](https://docs.getunleash.io/reference/api-tokens-and-client-keys#api-tokens)'s **type**. Unleash supports three different types of API tokens ([ADMIN](https://docs.getunleash.io/reference/api-tokens-and-client-keys#admin-tokens), [CLIENT](https://docs.getunleash.io/reference/api-tokens-and-client-keys#client-tokens), [FRONTEND](https://docs.getunleash.io/reference/api-tokens-and-client-keys#front-end-tokens)). They all have varying access, so when validating a token it's important to know what kind you're dealing with
*/
export type EdgeTokenSchemaType =
typeof EdgeTokenSchemaType[keyof typeof EdgeTokenSchemaType];

2
frontend/src/openapi/models/featureSchema.ts
View File

@ -15,7 +15,7 @@ export interface FeatureSchema {
type?: string;
/** Detailed description of the feature */
description?: string | null;
/** `true` if the feature is archived, otherwise `false`. */
/** `true` if the feature is archived */
archived?: boolean;
/** Name of the project the feature belongs to */
project?: string;

14
frontend/src/openapi/models/featureTagSchema.ts
View File

@ -4,10 +4,24 @@
* See `gen:api` script in package.json
*/
/**
* Describes a tag applied to a feature
*/
export interface FeatureTagSchema {
/** The name of the feature this tag is applied to */
featureName: string;
/** The type of tag */
tagType?: string;
/** The value of the tag */
tagValue: string;
/**
* This field is deprecated and currently unused, use tagType instead
* @deprecated
*/
type?: string;
/**
* This field is deprecated and currently unused, use tagValue instead
* @deprecated
*/
value?: string;
}

7
frontend/src/openapi/models/getEventsParams.ts
View File

@ -4,4 +4,9 @@
* See `gen:api` script in package.json
*/
export type GetEventsParams = { project?: string };
export type GetEventsParams = {
/**
* The name of the project whose events you want to retrieve
*/
project?: string;
};

15
frontend/src/openapi/models/index.ts
View File

@ -1,3 +1,9 @@
/**
* Generated by Orval
* Do not edit manually.
* See `gen:api` script in package.json
*/
export * from './_exportFormat';
export * from './_exportParams';
export * from './addonParameterSchema';
@ -43,6 +49,9 @@ export * from './changeRequestCreateSchemaOneOfOneonePayload';
export * from './changeRequestCreateSchemaOneOfPayload';
export * from './changeRequestCreateSchemaOneOfSix';
export * from './changeRequestCreateSchemaOneOfSixAction';
export * from './changeRequestDefaultEventSchema';
export * from './changeRequestDefaultEventSchemaPayload';
export * from './changeRequestEditTitleSchema';
export * from './changeRequestEnvironmentConfigSchema';
export * from './changeRequestEventSchema';
export * from './changeRequestEventSchemaCreatedBy';
@ -146,6 +155,7 @@ export * from './notificationsSchemaItemCreatedBy';
export * from './notificationsSchemaItemNotificationType';
export * from './oidcSettingsSchema';
export * from './oidcSettingsSchemaDefaultRootRole';
export * from './oidcSettingsSchemaIdTokenSigningAlgorithm';
export * from './overrideSchema';
export * from './parametersSchema';
export * from './passwordAuthSchema';
@ -239,6 +249,8 @@ export * from './tagTypesSchema';
export * from './tagWithVersionSchema';
export * from './tagsBulkAddSchema';
export * from './tagsSchema';
export * from './toggleMaintenanceSchema';
export * from './tokenStringListSchema';
export * from './tokenUserSchema';
export * from './uiConfigSchema';
export * from './uiConfigSchemaAuthenticationType';
@ -264,11 +276,10 @@ export * from './userWithProjectRoleSchema';
export * from './usersGroupsBaseSchema';
export * from './usersSchema';
export * from './usersSearchSchema';
export * from './validateEdgeTokensSchema';
export * from './validateEdgeTokensSchemaTokensItem';
export * from './validatePasswordSchema';
export * from './validateProjectSchema';
export * from './validateTagTypeSchema';
export * from './validatedEdgeTokensSchema';
export * from './variantSchema';
export * from './variantSchemaPayload';
export * from './variantsSchema';

17
frontend/src/openapi/models/oidcSettingsSchema.ts
View File

@ -4,15 +4,32 @@
* See `gen:api` script in package.json
*/
import type { OidcSettingsSchemaDefaultRootRole } from './oidcSettingsSchemaDefaultRootRole';
import type { OidcSettingsSchemaIdTokenSigningAlgorithm } from './oidcSettingsSchemaIdTokenSigningAlgorithm';
/**
* Settings for configuring OpenID Connect as a login provider for Unleash
*/
export interface OidcSettingsSchema {
/** `true` if OpenID connect is turned on for this instance, otherwise `false` */
enabled?: boolean;
/** The [.well-known OpenID discover URL](https://swagger.io/docs/specification/authentication/openid-connect-discovery/) */
discoverUrl?: string;
/** The OIDC client ID of this application. */
clientId: string;
/** Shared secret from OpenID server. Used to authenticate login requests */
secret: string;
/** Auto create users based on email addresses from login tokens */
autoCreate?: boolean;
/** Support Single sign out when user clicks logout in Unleash. If `true` user is signed out of all OpenID Connect sessions against the clientId they may have active */
enableSingleSignOut?: boolean;
/** [Default role](https://docs.getunleash.io/reference/rbac#standard-roles) granted to users auto-created from email. Only relevant if autoCreate is `true` */
defaultRootRole?: OidcSettingsSchemaDefaultRootRole;
/** Comma separated list of email domains that are automatically approved for an account in the server. Only relevant if autoCreate is `true` */
emailDomains?: string;
/** Authentication Context Class Reference, used to request extra values in the acr claim returned from the server. If multiple values are required, they should be space separated.
Consult [the OIDC reference](https://openid.net/specs/openid-connect-core-1_0.html#AuthorizationEndpoint) for more information
*/
acrValues?: string;
/** The signing algorithm used to sign our token. Refer to the [JWT signatures](https://jwt.io/introduction) documentation for more information. */
idTokenSigningAlgorithm?: OidcSettingsSchemaIdTokenSigningAlgorithm;
}

3
frontend/src/openapi/models/oidcSettingsSchemaDefaultRootRole.ts
View File

@ -4,6 +4,9 @@
* See `gen:api` script in package.json
*/
/**
* [Default role](https://docs.getunleash.io/reference/rbac#standard-roles) granted to users auto-created from email. Only relevant if autoCreate is `true`
*/
export type OidcSettingsSchemaDefaultRootRole =
typeof OidcSettingsSchemaDefaultRootRole[keyof typeof OidcSettingsSchemaDefaultRootRole];

18
frontend/src/openapi/models/oidcSettingsSchemaIdTokenSigningAlgorithm.ts Normal file
View File

@ -0,0 +1,18 @@
/**
* Generated by Orval
* Do not edit manually.
* See `gen:api` script in package.json
*/
/**
* The signing algorithm used to sign our token. Refer to the [JWT signatures](https://jwt.io/introduction) documentation for more information.
*/
export type OidcSettingsSchemaIdTokenSigningAlgorithm =
typeof OidcSettingsSchemaIdTokenSigningAlgorithm[keyof typeof OidcSettingsSchemaIdTokenSigningAlgorithm];
// eslint-disable-next-line @typescript-eslint/no-redeclare
export const OidcSettingsSchemaIdTokenSigningAlgorithm = {
RS256: 'RS256',
RS384: 'RS384',
RS512: 'RS512',
} as const;

7
frontend/src/openapi/models/segmentSchema.ts
View File

@ -5,9 +5,16 @@
*/
import type { ConstraintSchema } from './constraintSchema';
/**
* Represents a segment of users defined by a set of constraints.
*/
export interface SegmentSchema {
/** The segment's id. */
id: number;
/** The name of the segment. */
name?: string;
/** The description of the segment. */
description?: string | null;
/** List of constraints that determine which users are part of the segment */
constraints: ConstraintSchema[];
}

5
frontend/src/openapi/models/tagSchema.ts
View File

@ -4,7 +4,12 @@
* See `gen:api` script in package.json
*/
/**
* Representation of a tag
*/
export interface TagSchema {
/** The value of the tag */
value: string;
/** The type of the tag */
type: string;
}

5
frontend/src/openapi/models/tagsBulkAddSchema.ts
View File

@ -5,7 +5,12 @@
*/
import type { UpdateTagsSchema } from './updateTagsSchema';
/**
* Represents tag changes to be applied to a list of features.
*/
export interface TagsBulkAddSchema {
/** The list of features that will be affected by the tag changes. */
features: string[];
/** The tag changes to be applied to the features. */
tags: UpdateTagsSchema;
}

5
frontend/src/openapi/models/tagsSchema.ts
View File

@ -5,7 +5,12 @@
*/
import type { TagSchema } from './tagSchema';
/**
* A list of tags with a version number
*/
export interface TagsSchema {
/** The version of the schema used to model the tags. */
version: number;
/** A list of tags. */
tags: TagSchema[];
}

9
frontend/src/openapi/models/toggleMaintenanceSchema.ts Normal file
View File

@ -0,0 +1,9 @@
/**
* Generated by Orval
* Do not edit manually.
* See `gen:api` script in package.json
*/
export interface ToggleMaintenanceSchema {
enabled: boolean;
}

14
frontend/src/openapi/models/tokenStringListSchema.ts Normal file
View File

@ -0,0 +1,14 @@
/**
* Generated by Orval
* Do not edit manually.
* See `gen:api` script in package.json
*/
/**
* A list of unleash tokens to validate against known tokens
*/
export interface TokenStringListSchema {
/** Tokens that we want to get access information about */
tokens: string[];
[key: string]: any;
}

5
frontend/src/openapi/models/updateTagsSchema.ts
View File

@ -5,7 +5,12 @@
*/
import type { TagSchema } from './tagSchema';
/**
* Represents a set of changes to tags of a feature.
*/
export interface UpdateTagsSchema {
/** Tags to add to the feature. */
addedTags: TagSchema[];
/** Tags to remove from the feature. */
removedTags: TagSchema[];
}

10
frontend/src/openapi/models/validateEdgeTokensSchema.ts
View File

@ -1,10 +0,0 @@
/**
* Generated by Orval
* Do not edit manually.
* See `gen:api` script in package.json
*/
import type { ValidateEdgeTokensSchemaTokensItem } from './validateEdgeTokensSchemaTokensItem';
export interface ValidateEdgeTokensSchema {
tokens: ValidateEdgeTokensSchemaTokensItem[];
}

8
frontend/src/openapi/models/validateEdgeTokensSchemaTokensItem.ts
View File

@ -1,8 +0,0 @@
/**
* Generated by Orval
* Do not edit manually.
* See `gen:api` script in package.json
*/
import type { EdgeTokenSchema } from './edgeTokenSchema';
export type ValidateEdgeTokensSchemaTokensItem = EdgeTokenSchema | string;

14
frontend/src/openapi/models/validatedEdgeTokensSchema.ts Normal file
View File

@ -0,0 +1,14 @@
/**
* Generated by Orval
* Do not edit manually.
* See `gen:api` script in package.json
*/
import type { EdgeTokenSchema } from './edgeTokenSchema';
/**
* A object containing a list of valid Unleash tokens.
*/
export interface ValidatedEdgeTokensSchema {
/** The list of Unleash token objects. Each object contains the token itself and some additional metadata. */
tokens: EdgeTokenSchema[];
}