Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

#1591 add SSO via OIDC to Ditto UI #2032

Merged
merged 8 commits into from
Oct 4, 2024
Merged

#1591 add SSO via OIDC to Ditto UI #2032

merged 8 commits into from
Oct 4, 2024

Conversation

thjaeckle
Copy link
Member

  • make it configurable which OIDC issuers to use
  • re-did a lot of the existing configuration of the Ditto UI
  • added typing for Environment

Resolves: #1591

@thjaeckle thjaeckle added the UI Issues related to the Ditto explorer UI label Sep 25, 2024
@thjaeckle thjaeckle added this to the 3.6.0 milestone Sep 25, 2024
@thjaeckle thjaeckle self-assigned this Sep 25, 2024
@thjaeckle
eclipse-ditto#1591 add SSO via OIDC to Ditto UI
71066ff 
* make it configurable which OIDC issuers to use
* re-did a lot of the existing configuration of the Ditto UI
* added typing for Environment
@thfries
Copy link
Contributor

thfries commented Sep 26, 2024

Highly appreciated! Thank you for introducing that lot of typing improvements.

@thjaeckle
Copy link
Member Author

@thfries sure, my pleasure :)

Could you have a look on the PR as a reviewer?

@thfries
Copy link
Contributor

thfries commented Sep 26, 2024

Sure, I already looked at the code changes, but I can check it out and take a look.
I fear that I will not be able to set up the OICD infrastructure. We don't have any authorization server in place. Would this work with Google authentication (but I still need a ditto instance that can be reached in the internet, I assume)? I will do my best...

@thjaeckle
Copy link
Member Author

@thfries I added a subfolder in the ui folder containing a docker-compose.yml in order to start a mock SSO (OAuth2) server.
I also developed the SSO feature testing this ..

With the updated environmentTemplates.json there is already an environment named oidc_example - choosing that should connect to the started OAuth2 mock server.

@thjaeckle thjaeckle force-pushed the feature/ditto-ui-sso branch 2 times, most recently from 63b6aa2 to 5601fc5 Compare September 27, 2024 09:04
@thjaeckle
eclipse-ditto#1591 fixed issue in DefaultJwtValidator using "parseCla…
1ab694d 
…imsJws" instead of "parse"
@thjaeckle
eclipse-ditto#1591 fixed showing/hiding possible authentication metho…
8386ff9 
…ds in "Auth" modal
@thjaeckle
eclipse-ditto#1591 added oidc provider configuration field "extractBe…
a165a43 
…arerTokenFrom" to define from where to extract the Bearer token

* also used "state" to propagate back to client after redirect if main or oauth SSO was done, or both
@thjaeckle
eclipse-ditto#1591 added current search "filter" to URL params in ord…
ce0f1e4 
…er to make search bookmarkable and survive SSO redirects

* base64 encoded url_state
@thjaeckle
Copy link
Member Author

I did now my last commit for this PR .. reflecting the searchFilter's current search also via a query param filter - so that this "survives" the SSO redirect as well.

@thjaeckle thjaeckle merged commit 5ebe68d into eclipse-ditto:master Oct 4, 2024
4 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@thjaeckle thjaeckle

Labels
UI Issues related to the Ditto explorer UI
Projects
Ditto Planning
Status: Done
Milestone
3.6.0
Development

Successfully merging this pull request may close these issues.

UI: Authenticate with OAuth2 client ID / secret
2 participants
@thjaeckle @thfries