Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Move OIDC .well-known/* routes outside apiRouter #1399

Merged
merged 3 commits into from
Jan 13, 2021
Merged

Move OIDC .well-known/* routes outside apiRouter #1399

merged 3 commits into from
Jan 13, 2021

Conversation

OtterleyW
Copy link
Contributor

@OtterleyW OtterleyW commented Jan 12, 2021
edited
Loading

Move well-known/* endpoints related to OIDC proxy setup from apiRouterto new wellKnownRouter so that they can be enabled outside the basic auth setup (e.g. ins staging environment). It also makes it simpler to set the identity provider URL, because we can drop the /api part of the path.

We need to add the new wellKnownRouter to both server/index.js and server/apiServer.js because these routes are no longer handled in apiRouter but we want to be able to use them with both yarn run dev and yarn run dev-server commands.

This PR also renames the environment variable RSA_SECRET_KEY to RSA_PRIVATE_KEY for consistency.

@OtterleyW OtterleyW changed the title Move OIDC .well-known/* routes outside basic auth Move OIDC .well-known/* routes outside apiRouter Jan 12, 2021
@OtterleyW OtterleyW requested a review from lyyder January 12, 2021 11:44
@lyyder
Copy link
Contributor

lyyder commented Jan 12, 2021
edited
Loading

Also remember to update issuer and jwks_uri location to the root in the discovery document in api-util/idToken.js

@OtterleyW OtterleyW force-pushed the move-oidc-routes-outside-basic-auth branch 2 times, most recently from 606b0d6 to 2b8517f Compare January 12, 2021 13:29
lyyder
lyyder reviewed Jan 13, 2021
View reviewed changes
server/index.js Outdated
Comment on lines 141 to 143
// Use basic authentication when not in dev mode. This is
// intentionally after the static middleware to skip basic auth for
// static resources.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This could now mention that this is after static middleware and /.well-known endpoints as those will bypass basic auth.

@OtterleyW OtterleyW force-pushed the move-oidc-routes-outside-basic-auth branch from 2b8517f to a73dca3 Compare January 13, 2021 07:45
@OtterleyW OtterleyW merged commit 1d5a1e9 into master Jan 13, 2021
@OtterleyW OtterleyW deleted the move-oidc-routes-outside-basic-auth branch January 13, 2021 08:37
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@lyyder lyyder lyyder approved these changes

Assignees
No one assigned
Labels
review wanted
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@OtterleyW @lyyder