* Throw error if `entityID` is missing
* Use `JacksonError` instead of Error
* Type enhancements - use `SAMLSSORecord`
* Better typing with `OIDCSSORecord`
* Add types for response
* Update swagger
* Sync package lock
* Assert connection record type in tests
* Mark `@deprecated` for config methods
* Mark `openid` as optional
* Gaurd against nullish
* Fix test
* Add entityID check for update op, add tests
* Cleanup `t.end()`, not required for `async` tests
* Remove oidcPath check in defaultOpts
* Return error if `oidcPath` is empty in authorize for OIDC Connection
* Add missing `async`
* Fail connection add/update if `oidcPath` is not set
* Type alignment
* Update swagger spec
* Fix type for `oidcPath`
* Cleanup
* Add missing return types and fix type for `getConfig`
* Bump up version
* Update swagger spec
* Remove uffizzi from ignore file
Co-authored-by: Kiran <kiran@boxyhq.com>
* Support connection dynamic param in route
* Pass `connection`
* Fix tests
* Accept oidc params and validate the same
* Rename `connection` --> `strategy`
* Use saml for preLoadedConfig for now
* Rename `apiController` --> `apiConfigController`
* Flatten the params
* Validate passed config
* Backward compatibility for embed setup
* Impl for oidc config save
* index addition for oidc clientId
* Remove param, defaults to saml
* Validation will be done inside controller
* Zap secondary index on clientId, not required
* Rename `APIConfigController` --> `ConfigAPIController`
* Update swagger
* Fix name
* Fix name elsewhere
* Revert filter
* Split `saml` and `oidc` create/update logic
* Route `saml` and `oidc`
* Test update
* Update swagger
* Update swagger
* Use tenant/product from stored config
in lieu of params
* Validate passed OIDC clientId using hash
* Update swagger annotations
* Handlers for getting OIDC/SAML configs
* Validate tenant/product in update
* Typo fix
* Fix test
* Default to empty string, validation is done
to check if the params are not empty
* Extract provider name just like saml
* OIDC Connection support
*delta for authorize*
- Renamed samlConfig(s) → connection(s)
- Renamed resolvedSamlConfig -> resolvedConnection
- Detect connection is SAML or OIDC
- Perform Issuer discovery and oidc client init
- Tweak error responses
- Persist oidc client metadata in session
* Test type fix
* Test fix
* openid-client dependency
* Sync package locks
* Fix return type
- Remove `undefined` from return type
- Return `OAuthErrorResponse` for else case
* Handle OIDC Authorization response
* Persist OIDC code_verifier
* Remove scope check for OIDC connection
* Normalize scope before relaying
* Method name update
* Extract user profile from id token and userinfo
* Handle error response from OIDC Provider
* Update type
* Type update with OIDC specific error codes
* Bug fix : typo
* Cleanup
* OIDC callback route
* Bug fix: return profile and parameter fix
* Rename `config` -> `connection`
* Use `Link` and add oidc connection nav item
* Use `strategy` from query param
* Delta ↴
- Reorganised api routes
- Removed Admin controller filtering methods for saml/oidc
* Fix page link in e2e test
* Changes:
- Handle oidc connection fields
- Rename component file path
* Remove slug for save/update connection
* Fix keyname in update operation
* Import path update
* Radio select connection type for new connection
* Update lock file
* Sync lock file
* Sync package lock
* Fix connectionType detection for new connection
* Fix error message
* Add comment
* Tweak comment
* Use the correct state and directly from session
* Sync lock file
* Remove `provider` from OAuthReqBody
* Remove duplicate scopes
* Pass recent param additions to idpSelection page
* Add badge for Provider type
* Style tweak
* Style IdP type selection
* Add test for oidc provider
* Comment
* Check for empty state
* Add test for oidcAuthzResponse
* Add test for oidcAuthzResponse
* Add test for error response from OP
* Error message tweak
* Test the happy path
* Remove unused import
* Fix assertion
* - Fix types
- add createOIDCConfig` test for missing params
* Test happy path for `createOIDCConfig`
* Param validation tests for `createOIDCConfig`
* Test for `updateOIDCConfig`
* Tests for `updateOIDCConfig`
* Male `oidcPath` required like `samlPath`
* Bump `openid-client` version
* Refactor
* Update test coverage map
* Tweak label
* Split openid/oauth tests
* call `t.end`
* Fix file name in comment
* Add test teardown
* Improve coverage and rename test files
* For backwards compatibility
* Minor formatting
* Add api paths for /connection
* Zap config path for admin ui
* Update swagger spec
* Rename `configAPIController`
→ `connectionAPIController`
* Rename `IdPConfig` → `IdPConnection`
* Rename `validateIdPConfig` → `validateIdPConnection`
* Rename `createSAMLConfig` → `createSAMLConnection`
* Rename `createOIDCConfig` → `createOIDCConnection`
* Update swagger spec
* Rename `updateSAMLConfig` → `updateSAMLConnection`,
`updateOIDCConfig` → `updateOIDCConnection`
* Make `clientID`/`clientSecret` readOnly
* Rename `configStore` → `connectionStore`
* Update swagger spec
* Add `getConnection` + `deleteConnection`
* Remove `/api/v1/oidc/config`
and keep `api/v1/saml/config`
* Rename `getAllConfig` → `getAllConnection`
* Rename `readConfig` → `loadConnection`
* Rename `deleteConfiguration` → `deleteConnection`
* Add `preLoadedConnection` env
* Update map and cli
* Refactor api tests and rename config to connection
* Rename `configList` → `connectionList`
* Rename `samlConfig` → `samlConnection`
* Rename config -> connection
* Rename `config` → `connection`
* Rename counters for otl
* Sync package lock
* Remove api key validation from api route
* Update Admin ui title
* Update swagger
* Update otl metric descriptions
* Update var naming to connection
* Add strategy validation
* Add tests for invalid strategy
* Sync package lock
* Upgrade and pin version
* Update saml config api with deprecated
* Updated swagger spec for deprecated config api
* Bump package version
* Fix label
* - removed strategy for `get` and `delete`
- Type update
* Type updates
* getConnection -> getConnections,
deleteConnection -> deleteConnections
* Update swagger spec
* Use only for saml connection
* Remove slug from api routes
* API path updates
* Type updates
* Helper util for api routes to check strategy
* Type updates and api changes
* `OAuthReq` typings enhancement
* Narrowed down types for `OAuthTokenReq` and
`OIDCAuthzResponsePayload`
* `IdPConnection` -> `SSOConnection`
* Update cookie name to avoid clash
* Handle the uncaught case to prevent req hanging
* Support ForceAuthn added
* forceAuthn override on the back of the OAuth 2.0
* added tests and minor fixes for forceAuthn
* Override ForceAuthn tests
* chnages in the override flag and using prompt
* using node forge for self signed certs
* Revert "using node forge for self signed certs"
This reverts commit c027b5b7ce.
* Support 'POST' at authorization endpoint
* handle additional scope params
* handle additional claims param
* Try with `legacy-peer-deps` true
* Fix logic
* Set legacy-peer-deps to `true`
* Remove `.npmrc` files and sync packages from main
* Resolve conflicts
* Load jwtSigningKeys into env
* Return id_token for OIDC flow
* Support `nonce`
* Add type for `nonce`
* Set `nonce` only if present in request
* Expose OpenId provider metadata
* Update metadata
* Tweak path remove dot, map jwks
* Add jwsAlg and source keys using base64
* Source jose from root package.json too
* JWS utils
* Serve jwks_uri
* Load private key for signing
* Fix authz endpoint
* Format example env
* Fix claims
* Format discovery and add missing metadata
* Include the basic profile in id_token
* Fix claims access
* Remove console log
* Sync package lock
* Cleanup
* Support for claims is optional
* cleanup type
* Set `Content-Type` header
* Remove default from env
* Handle jwt env
* oidc fixture
* Test for oidc flow, check id_token in response
* Add jwt envs
* Fix for undefined
* Remove keys check in controller init
* Runtime check for JWS keys
* check if id_token is absent
* Check for claims and verify signature
* Snapshot test oidc discovery page
* Add snapshot for linux to work in CI
* Test with a fontless screenshot
* test with this one
* add a debug step
* Get the entire dir for snapshot
* Test with this
* Comment out debug step
* snapshot test jwks
* Update env
* Upload screenshot for linux
* Add debug step
* Update snapshot
* Sync package lock
* Remove local testing snapshots
* Assert using api request
* Update to use api test for jwks endpoint
* Set `JWS_ALG` env
* Prefix openid vars
* Fix env access
* Fix e2e test
* Fix options in tests
* Fix env var access
* Use ttl from env
* Simplify exp value setting
* oidc discovery controller
* Fix typing
* Handle case where signing keys are not set
* return `oidcDiscoveryController`
* Throw a JacksonError like object
* Use controllers and cleanup
* throw JacksonError like object
* Minor formatting
* Fix typing and add check for undefined
* Keep order of packages same as in main
* Update key generation comment
* Initialise `openid` correctly in npm
* Cleanup
* Set `sub` claim
* Set 'sub' only for oidc flow
* saml20 updates parseIssuer,validate and privatekey
* update test case for validte
* remove v in dependency version
* updated package.json
Co-authored-by: Deepak Prabhakara <deepak@boxyhq.com>
* helper utils for OAuthErrorResponse
* Return back to redirect_uri with error and desc
* return OAuthError inside samlResponse for SP flow
* Fix test
* Remove punctuation
* Add new tests
* Add test for absent binding in config
* Add test for samlResponse OAuth error
* Test for OAuth error in saml request
creation failure
* Rename mock metadata to fixture
* Refactor
* Refactor fixture
* Update comment
* Update type for `Profile`
* Add fixture for token_req
* Assert for requested in userinfo
* Refactor body for tokenReq to fixture
* Sync package lock
* Return error response for SP/IdP flow - IdP flow
can use the defaultRedirectUrl
* fixed issue where the same entityID matches different tenant and product combination. Very common with providers (example Auth0)
* bumped up version
* only filter if there are more than 1 saml config
* check client_secret if client_id is dummy
* Add test for client_secret validation
* Also allow the secret linked to the config
* Use && instead of ||
* Add test for actual clientId/Secret
* Add test for clientId/secret happy path
* SLO flow
* Add request sign
* Validate the RelayState
* Response validate - Need fix
* Methods reorder
* Add Next.js route
* Remove the default value for samlAudience
* Add Next.js routes
* Add routes for Next.js and fixed the redirect issues
* Remove the old slo.ts
* Support HTTP-POST binding
* Add method to validate signature
* Revert - Make the samlAudience optional
* Fix the type issue, add a few unit tests
* Add unit tests
* Update the sample logout response XML
* Code cleanup
Co-authored-by: Deepak Prabhakara <deepak@boxyhq.com>
* Add support for http-post
* send authorize_form as html
* package lock update
* fixed POST for Azure
* tweak
* Fix the unit test
* This seems like a better fix
* redirectUrl/authorizeForm can be undefined
Co-authored-by: Deepak Prabhakara <deepak@boxyhq.com>
* Opentelemetry metrics API
* Rename the counter
* Add metrics API
* Add Otl to Nextjs
* Add otel protocol
* Fix the port
* Fix the port
* Fix
* Fix
* Fix
* fixed default postgres url
* tweaks to metrics name and attributes
Co-authored-by: Kiran K <kiran@Kirans-MacBook-Pro.local>
Co-authored-by: Deepak Prabhakara <deepak@boxyhq.com>
* added CLIENT_SECRET_VERIFIER for enhancing OAuth 2.0 security when not using PKCE flow
* added CLIENT_SECRET_VERIFIER to env.example
* fixed unit test
* Add Swagger - wip
* Add OpenAPI Spec
* Add OpenAPI Spec
* APi Doc
* Add the api paths
* Add auth block
* Moved into swagger 2.0
* Fix the Swagger spec
* Revert the changes to middleware
* Remove the sample files
* Add jsdoc
* Add swagger spec
* Remove the package pako
* Pin the version
* Pin the version
Co-authored-by: Deepak Prabhakara <deepak@boxyhq.com>
* moved jackson-next to this repo
* fixed working-directory
* updated package-lock
* fixed docker build
* fixed dockerfile
* cleanup
* save npm version for use in the build step
* switching the order
* fixed env secret
* update saml-jackson to the current version before building the next.js service
* build from typescript and change main and types before publishing npm
* copy README.md from root before publishing npm
* update README only for prod versions
* read version from root package.json file
* fixed artifact
* updated package-lock