mirror of
https://github.com/Unleash/unleash.git
synced 2025-11-24 20:06:55 +01:00
feat: frontend for pkce (#11005)
This commit is contained in:
David Leek
GitHub
parent
4890b16b49
commit
93ea192f8c
@ -36,6 +36,7 @@ const initialState = {
|
|||||||
secret: '',
|
secret: '',
|
||||||
acrValues: '',
|
acrValues: '',
|
||||||
idTokenSigningAlgorithm: 'RS256',
|
idTokenSigningAlgorithm: 'RS256',
|
||||||
|
enablePkce: false,
|
||||||
};
|
};
|
||||||
|
|
||||||
type State = typeof initialState & {
|
type State = typeof initialState & {
|
||||||
@ -47,6 +48,7 @@ export const OidcAuth = () => {
|
|||||||
const { setToastData, setToastApiError } = useToast();
|
const { setToastData, setToastApiError } = useToast();
|
||||||
const { uiConfig } = useUiConfig();
|
const { uiConfig } = useUiConfig();
|
||||||
const { oidcConfiguredThroughEnv } = uiConfig;
|
const { oidcConfiguredThroughEnv } = uiConfig;
|
||||||
|
const oidcPkceSupport = Boolean(uiConfig.flags?.oidcPkceSupport);
|
||||||
const [data, setData] = useState<State>(initialState);
|
const [data, setData] = useState<State>(initialState);
|
||||||
const { config } = useAuthSettings('oidc');
|
const { config } = useAuthSettings('oidc');
|
||||||
const { updateSettings, errors, loading } = useAuthSettingsApi('oidc');
|
const { updateSettings, errors, loading } = useAuthSettingsApi('oidc');
|
||||||
@ -253,6 +255,44 @@ export const OidcAuth = () => {
|
|||||||
/>
|
/>
|
||||||
</Grid>
|
</Grid>
|
||||||
</Grid>
|
</Grid>
|
||||||
|
<ConditionallyRender
|
||||||
|
condition={oidcPkceSupport}
|
||||||
|
show={
|
||||||
|
<Grid container spacing={3} mb={2}>
|
||||||
|
<Grid item md={5}>
|
||||||
|
<strong>Enable PKCE</strong>
|
||||||
|
<p>
|
||||||
|
Require Proof Key for Code Exchange (PKCE)
|
||||||
|
to add an extra layer of security for the
|
||||||
|
authorization code flow.
|
||||||
|
</p>
|
||||||
|
</Grid>
|
||||||
|
<Grid item md={6} style={{ padding: '20px' }}>
|
||||||
|
<FormControlLabel
|
||||||
|
control={
|
||||||
|
<Switch
|
||||||
|
onChange={(event) =>
|
||||||
|
setValue(
|
||||||
|
'enablePkce',
|
||||||
|
event.target.checked,
|
||||||
|
)
|
||||||
|
}
|
||||||
|
name='enablePkce'
|
||||||
|
checked={Boolean(data.enablePkce)}
|
||||||
|
disabled={
|
||||||
|
!data.enabled ||
|
||||||
|
oidcConfiguredThroughEnv
|
||||||
|
}
|
||||||
|
/>
|
||||||
|
}
|
||||||
|
label={
|
||||||
|
data.enablePkce ? 'Enabled' : 'Disabled'
|
||||||
|
}
|
||||||
|
/>
|
||||||
|
</Grid>
|
||||||
|
</Grid>
|
||||||
|
}
|
||||||
|
/>
|
||||||
<Grid container spacing={3} mb={2}>
|
<Grid container spacing={3} mb={2}>
|
||||||
<Grid item md={5}>
|
<Grid item md={5}>
|
||||||
<strong>ACR Values</strong>
|
<strong>ACR Values</strong>
|
||||||
|
|||||||
@ -90,6 +90,7 @@ export type UiFlags = {
|
|||||||
milestoneProgression?: boolean;
|
milestoneProgression?: boolean;
|
||||||
featureReleasePlans?: boolean;
|
featureReleasePlans?: boolean;
|
||||||
safeguards?: boolean;
|
safeguards?: boolean;
|
||||||
|
oidcPkceSupport?: boolean;
|
||||||
extendedUsageMetrics?: boolean;
|
extendedUsageMetrics?: boolean;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|||||||
@ -34,6 +34,8 @@ export interface OidcSettingsResponseSchema {
|
|||||||
enableGroupSyncing?: boolean;
|
enableGroupSyncing?: boolean;
|
||||||
/** Support Single sign out when user clicks logout in Unleash. If `true` user is signed out of all OpenID Connect sessions against the clientId they may have active */
|
/** Support Single sign out when user clicks logout in Unleash. If `true` user is signed out of all OpenID Connect sessions against the clientId they may have active */
|
||||||
enableSingleSignOut?: boolean;
|
enableSingleSignOut?: boolean;
|
||||||
|
/** Enable Proof Key for Code Exchange (PKCE) when performing the OIDC authorization code flow. */
|
||||||
|
enablePkce?: boolean;
|
||||||
/** Specifies the path in the OIDC token response to read which groups the user belongs to from. */
|
/** Specifies the path in the OIDC token response to read which groups the user belongs to from. */
|
||||||
groupJsonPath?: string;
|
groupJsonPath?: string;
|
||||||
/** The signing algorithm used to sign our token. Refer to the [JWT signatures](https://jwt.io/introduction) documentation for more information. */
|
/** The signing algorithm used to sign our token. Refer to the [JWT signatures](https://jwt.io/introduction) documentation for more information. */
|
||||||
|
|||||||
@ -31,6 +31,8 @@ export type OidcSettingsSchemaOneOf = {
|
|||||||
enableGroupSyncing?: boolean;
|
enableGroupSyncing?: boolean;
|
||||||
/** Support Single sign out when user clicks logout in Unleash. If `true` user is signed out of all OpenID Connect sessions against the clientId they may have active */
|
/** Support Single sign out when user clicks logout in Unleash. If `true` user is signed out of all OpenID Connect sessions against the clientId they may have active */
|
||||||
enableSingleSignOut?: boolean;
|
enableSingleSignOut?: boolean;
|
||||||
|
/** Enable Proof Key for Code Exchange (PKCE) when performing the OIDC authorization code flow. */
|
||||||
|
enablePkce?: boolean;
|
||||||
/** Specifies the path in the OIDC token response to read which groups the user belongs to from. */
|
/** Specifies the path in the OIDC token response to read which groups the user belongs to from. */
|
||||||
groupJsonPath?: string;
|
groupJsonPath?: string;
|
||||||
/** The signing algorithm used to sign our token. Refer to the [JWT signatures](https://jwt.io/introduction) documentation for more information. */
|
/** The signing algorithm used to sign our token. Refer to the [JWT signatures](https://jwt.io/introduction) documentation for more information. */
|
||||||
|
|||||||
@ -31,6 +31,8 @@ export type OidcSettingsSchemaOneOfFour = {
|
|||||||
enableGroupSyncing?: boolean;
|
enableGroupSyncing?: boolean;
|
||||||
/** Support Single sign out when user clicks logout in Unleash. If `true` user is signed out of all OpenID Connect sessions against the clientId they may have active */
|
/** Support Single sign out when user clicks logout in Unleash. If `true` user is signed out of all OpenID Connect sessions against the clientId they may have active */
|
||||||
enableSingleSignOut?: boolean;
|
enableSingleSignOut?: boolean;
|
||||||
|
/** Enable Proof Key for Code Exchange (PKCE) when performing the OIDC authorization code flow. */
|
||||||
|
enablePkce?: boolean;
|
||||||
/** Specifies the path in the OIDC token response to read which groups the user belongs to from. */
|
/** Specifies the path in the OIDC token response to read which groups the user belongs to from. */
|
||||||
groupJsonPath?: string;
|
groupJsonPath?: string;
|
||||||
/** The signing algorithm used to sign our token. Refer to the [JWT signatures](https://jwt.io/introduction) documentation for more information. */
|
/** The signing algorithm used to sign our token. Refer to the [JWT signatures](https://jwt.io/introduction) documentation for more information. */
|
||||||
|
|||||||
@ -64,7 +64,8 @@ export type IFlagKey =
|
|||||||
| 'milestoneProgression'
|
| 'milestoneProgression'
|
||||||
| 'featureReleasePlans'
|
| 'featureReleasePlans'
|
||||||
| 'plausibleMetrics'
|
| 'plausibleMetrics'
|
||||||
| 'safeguards';
|
| 'safeguards'
|
||||||
|
| 'oidcPkceSupport';
|
||||||
|
|
||||||
export type IFlags = Partial<{ [key in IFlagKey]: boolean | Variant }>;
|
export type IFlags = Partial<{ [key in IFlagKey]: boolean | Variant }>;
|
||||||
|
|
||||||
@ -285,6 +286,10 @@ const flags: IFlags = {
|
|||||||
process.env.UNLEASH_EXPERIMENTAL_SAFEGUARDS,
|
process.env.UNLEASH_EXPERIMENTAL_SAFEGUARDS,
|
||||||
false,
|
false,
|
||||||
),
|
),
|
||||||
|
oidcPkceSupport: parseEnvVarBoolean(
|
||||||
|
process.env.UNLEASH_EXPERIMENTAL_OIDC_PKCE_SUPPORT,
|
||||||
|
false,
|
||||||
|
),
|
||||||
};
|
};
|
||||||
|
|
||||||
export const defaultExperimentalOptions: IExperimentalOptions = {
|
export const defaultExperimentalOptions: IExperimentalOptions = {
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user