feat: OIDC with PKCE flow (#491)

2025-08-04 13:05:24 +02:00 · 2023-09-04 10:06:59 -05:00 · 2023-09-04 10:06:59 -05:00 · 6941500c7b
commit 6941500c7b
parent e254443272
24 changed files with 805 additions and 22 deletions
--- a/client/src/components/Header/Header.jsx
+++ b/client/src/components/Header/Header.jsx
@ -3,6 +3,7 @@ import PropTypes from 'prop-types';
 import classNames from 'classnames';
 import { Link } from 'react-router-dom';
 import { Button, Icon, Menu } from 'semantic-ui-react';
+import { useAuth } from 'react-oidc-context';
 import { usePopup } from '../../lib/popup';

 import Paths from '../../constants/Paths';
@ -29,6 +30,7 @@ const Header = React.memo(
    onUserSettingsClick,
    onLogout,
  }) => {
+    const auth = useAuth();
    const handleProjectSettingsClick = useCallback(() => {
      if (canEditProject) {
        onProjectSettingsClick();
@ -38,6 +40,11 @@ const Header = React.memo(
    const NotificationsPopup = usePopup(NotificationsStep, POPUP_PROPS);
    const UserPopup = usePopup(UserStep, POPUP_PROPS);

+    const onFullLogout = () => {
+      auth.signoutSilent();
+      onLogout();
+    };
+
    return (
      <div className={styles.wrapper}>
        {!project && (
@ -88,7 +95,7 @@ const Header = React.memo(
            <UserPopup
              isLogouting={isLogouting}
              onSettingsClick={onUserSettingsClick}
-              onLogout={onLogout}
+              onLogout={onFullLogout}
            >
              <Menu.Item className={classNames(styles.item, styles.itemHoverable)}>
                {user.name}
--- a/client/src/components/Login/Login.jsx
+++ b/client/src/components/Login/Login.jsx
@ -1,5 +1,6 @@
 import isEmail from 'validator/lib/isEmail';
 import React, { useCallback, useEffect, useMemo, useRef } from 'react';
+import { useAuth } from 'react-oidc-context';
 import PropTypes from 'prop-types';
 import classNames from 'classnames';
 import { useTranslation } from 'react-i18next';
@ -48,6 +49,7 @@ const createMessage = (error) => {

 const Login = React.memo(
  ({ defaultData, isSubmitting, error, onAuthenticate, onMessageDismiss }) => {
+    const auth = useAuth();
    const [t] = useTranslation();
    const wasSubmitting = usePrevious(isSubmitting);

@ -171,6 +173,9 @@ const Login = React.memo(
                        disabled={isSubmitting}
                      />
                    </Form>
+                    <Form.Button type="button" onClick={() => auth.signinRedirect()}>
+                      Log in with SSO
+                    </Form.Button>
                  </div>
                </div>
              </Grid.Column>
--- a/client/src/components/OIDC/OidcLogin.jsx
+++ b/client/src/components/OIDC/OidcLogin.jsx
@ -0,0 +1,19 @@
+import { useAuth } from 'react-oidc-context';
+import PropTypes from 'prop-types';
+import React from 'react';
+
+let isLoggingIn = true;
+const OidcLogin = React.memo(({ onAuthenticate }) => {
+  const auth = useAuth();
+  if (isLoggingIn && auth.user) {
+    isLoggingIn = false;
+    const { user } = auth;
+    onAuthenticate(user);
+  }
+});
+
+OidcLogin.propTypes = {
+  onAuthenticate: PropTypes.func.isRequired,
+};
+
+export default OidcLogin;
--- a/client/src/components/OIDC/index.js
+++ b/client/src/components/OIDC/index.js
@ -0,0 +1,3 @@
+import OidcLogin from './OidcLogin';
+
+export default OidcLogin;
--- a/client/src/components/Root.jsx
+++ b/client/src/components/Root.jsx
@ -1,5 +1,6 @@
 import React from 'react';
 import PropTypes from 'prop-types';
+import { AuthProvider } from 'react-oidc-context';
 import { Provider } from 'react-redux';
 import { Route, Routes } from 'react-router-dom';
 import { ReduxRouter } from '../lib/redux-router';
@ -13,30 +14,41 @@ import 'react-datepicker/dist/react-datepicker.css';
 import 'photoswipe/dist/photoswipe.css';
 import 'easymde/dist/easymde.min.css';
 import '../lib/custom-ui/styles.css';
-
 import '../styles.module.scss';
+import OidcLoginContainer from '../containers/OidcLoginContainer';

-function Root({ store, history }) {
+function Root({ store, history, config }) {
  return (
-    <Provider store={store}>
-      <ReduxRouter history={history}>
-        <Routes>
-          <Route path={Paths.LOGIN} element={<LoginContainer />} />
-          <Route path={Paths.ROOT} element={<CoreContainer />} />
-          <Route path={Paths.PROJECTS} element={<CoreContainer />} />
-          <Route path={Paths.BOARDS} element={<CoreContainer />} />
-          <Route path={Paths.CARDS} element={<CoreContainer />} />
-          <Route path="*" element={<NotFound />} />
-        </Routes>
-      </ReduxRouter>
-    </Provider>
+    <AuthProvider
+      authority={config.authority}
+      client_id={config.clientId}
+      redirect_uri={config.redirectUri}
+      scope={config.scopes}
+      onSigninCallback={() => {
+        window.history.replaceState({}, document.title, window.location.pathname);
+      }}
+    >
+      <Provider store={store}>
+        <ReduxRouter history={history}>
+          <Routes>
+            <Route path={Paths.LOGIN} element={<LoginContainer />} />
+            <Route path={Paths.OIDC_LOGIN} element={<OidcLoginContainer />} />
+            <Route path={Paths.ROOT} element={<CoreContainer />} />
+            <Route path={Paths.PROJECTS} element={<CoreContainer />} />
+            <Route path={Paths.BOARDS} element={<CoreContainer />} />
+            <Route path={Paths.CARDS} element={<CoreContainer />} />
+            <Route path="*" element={<NotFound />} />
+          </Routes>
+        </ReduxRouter>
+      </Provider>
+    </AuthProvider>
  );
 }
-
 Root.propTypes = {
  /* eslint-disable react/forbid-prop-types */
  store: PropTypes.object.isRequired,
  history: PropTypes.object.isRequired,
+  config: PropTypes.object.isRequired,
  /* eslint-enable react/forbid-prop-types */
 };