refactor: move OIDC PKCE support from UI to backend

Signed-off-by: Yann Soubeyrand <[email protected]>
argoproj · Feb 3, 2025 · 1d605cd · 1d605cd
1 parent b4a63ae
commit 1d605cd
Show file tree

Hide file tree

Showing 14 changed files with 123 additions and 306 deletions.
diff --git a/server/server_test.go b/server/server_test.go
@@ -624,7 +624,7 @@ func getTestServer(t *testing.T, anonymousEnabled bool, withFakeSSO bool, useDex
 	})
 	oidcServer := ts
 	if !useDexForSSO {
-		oidcServer = testutil.GetOIDCTestServer(t)
+		oidcServer = testutil.GetOIDCTestServer(t, nil)
 	}
 	if withFakeSSO {
 		cm.Data["url"] = ts.URL

diff --git a/ui/package.json b/ui/package.json
@@ -31,7 +31,6 @@
     "minimatch": "^3.1.2",
     "moment": "^2.29.4",
     "monaco-editor": "^0.33.0",
-    "oauth4webapi": "^2.3.0",
     "path": "^0.12.7",
     "prop-types": "^15.8.1",
     "react": "^16.9.3",

diff --git a/ui/src/app/app.tsx b/ui/src/app/app.tsx
@@ -1,4 +1,4 @@
-import {DataLoader, NavigationManager, NotificationType, Notifications, NotificationsManager, PageContext, Popup, PopupManager, PopupProps} from 'argo-ui';
+import {DataLoader, NavigationManager, Notifications, NotificationsManager, PageContext, Popup, PopupManager, PopupProps} from 'argo-ui';
 import {createBrowserHistory} from 'history';
 import * as PropTypes from 'prop-types';
 import * as React from 'react';
@@ -19,8 +19,6 @@ import {hashCode} from './shared/utils';
 import {Banner} from './ui-banner/ui-banner';
 import userInfo from './user-info';
 import {AuthSettings} from './shared/models';
-import {PKCEVerification} from './login/components/pkce-verify';
-import {getPKCERedirectURI, pkceLogin} from './login/components/utils';
 import {SystemLevelExtension} from './shared/services/extensions-service';
 
 services.viewPreferences.init();
@@ -36,8 +34,7 @@ const routes: Routes = {
     '/applications': {component: applications.component},
     '/settings': {component: settings.component},
     '/user-info': {component: userInfo.component},
-    '/help': {component: help.component},
-    '/pkce/verify': {component: PKCEVerification, noLayout: true}
+    '/help': {component: help.component}
 };
 
 interface NavItem {
@@ -254,18 +251,7 @@ export class App extends React.Component<
                 // If basehref is the default `/` it will become an empty string.
                 const basehref = document.querySelector('head > base').getAttribute('href').replace(/\/$/, '');
                 if (isSSO) {
-                    const authSettings = await services.authService.settings();
-
-                    if (authSettings?.oidcConfig?.enablePKCEAuthentication) {
-                        pkceLogin(authSettings.oidcConfig, getPKCERedirectURI().toString()).catch(err => {
-                            this.getChildContext().apis.notifications.show({
-                                type: NotificationType.Error,
-                                content: err?.message || JSON.stringify(err)
-                            });
-                        });
-                    } else {
-                        window.location.href = `${basehref}/auth/login?return_url=${encodeURIComponent(location.href)}`;
-                    }
+                    window.location.href = `${basehref}/auth/login?return_url=${encodeURIComponent(location.href)}`;
                 } else {
                     history.push(`/login?return_url=${encodeURIComponent(location.href)}`);
                 }

diff --git a/ui/src/app/login/components/login.tsx b/ui/src/app/login/components/login.tsx
@@ -1,4 +1,4 @@
-import {FormField, NotificationType} from 'argo-ui';
+import {FormField} from 'argo-ui';
 import * as PropTypes from 'prop-types';
 import * as React from 'react';
 import {Form, Text} from 'react-form';
@@ -7,7 +7,6 @@ import {RouteComponentProps} from 'react-router';
 import {AppContext} from '../../shared/context';
 import {AuthSettings} from '../../shared/models';
 import {services} from '../../shared/services';
-import {getPKCERedirectURI, pkceLogin} from './utils';
 
 require('./login.scss');
 
@@ -62,18 +61,7 @@ export class Login extends React.Component<RouteComponentProps<{}>, State> {
                     </div>
                     {ssoConfigured && (
                         <div className='login__box_saml width-control'>
-                            <a
-                                {...(authSettings?.oidcConfig?.enablePKCEAuthentication
-                                    ? {
-                                          onClick: () =>
-                                              pkceLogin(authSettings.oidcConfig, getPKCERedirectURI().toString()).catch(err => {
-                                                  this.appContext.apis.notifications.show({
-                                                      type: NotificationType.Error,
-                                                      content: err?.message || JSON.stringify(err)
-                                                  });
-                                              })
-                                      }
-                                    : {href: `auth/login?return_url=${encodeURIComponent(this.state.returnUrl)}`})}>
+                            <a href={`auth/login?return_url=${encodeURIComponent(this.state.returnUrl)}`}>
                                 <button className='argo-button argo-button--base argo-button--full-width argo-button--xlg'>
                                     {(authSettings.oidcConfig && <span>Log in via {authSettings.oidcConfig.name}</span>) ||
                                         (authSettings.dexConfig.connectors.length === 1 && <span>Log in via {authSettings.dexConfig.connectors[0].name}</span>) || (

diff --git a/ui/src/app/login/components/pkce-verify.scss b/ui/src/app/login/components/pkce-verify.scss
diff --git a/ui/src/app/login/components/pkce-verify.tsx b/ui/src/app/login/components/pkce-verify.tsx
diff --git a/ui/src/app/login/components/utils.ts b/ui/src/app/login/components/utils.ts
diff --git a/ui/src/app/shared/models.ts b/ui/src/app/shared/models.ts
@@ -537,10 +537,6 @@ export interface AuthSettings {
     };
     oidcConfig: {
         name: string;
-        issuer: string;
-        clientID: string;
-        scopes: string[];
-        enablePKCEAuthentication: boolean;
     };
     help: {
         chatUrl: string;

diff --git a/ui/yarn.lock b/ui/yarn.lock
@@ -7206,11 +7206,6 @@ oas-validator@^5.0.8:
     should "^13.2.1"
     yaml "^1.10.0"
 
-oauth4webapi@^2.3.0:
-  version "2.3.0"
-  resolved "https://registry.yarnpkg.com/oauth4webapi/-/oauth4webapi-2.3.0.tgz#d01aeb83b60dbe3ff9ef1c6ec4a39e29c7be7ff6"
-  integrity sha512-JGkb5doGrwzVDuHwgrR4nHJayzN4h59VCed6EW8Tql6iHDfZIabCJvg6wtbn5q6pyB2hZruI3b77Nudvq7NmvA==
-
 object-assign@^4.0.1, object-assign@^4.1.1:
   version "4.1.1"
   resolved "https://registry.yarnpkg.com/object-assign/-/object-assign-4.1.1.tgz#2109adc7965887cfc05cbbd442cac8bfbb360863"