-
Notifications
You must be signed in to change notification settings - Fork 3
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat!: Replace bearer with cookie-based authentication #1587
Merged
Commits on Jul 29, 2024
-
feat: Rework authentication logic
This commit serves two main purposes. First, it merges the code for the two authentication providers, azure and oauth. To do this, we no longer rely on the azure-specific MSAL library, but use a more general library that we already use for non-azure providers. Second, we change our authentication scheme from a bearer token provided in the header and stored in a frontend service to secure cookies. This eliminates an XSS attack vector as the tokens are no longer accessible on the client side.
Configuration menu - View commit details
-
Copy full SHA for 5ef9357 - Browse repository at this point
Copy the full SHA 5ef9357View commit details -
refactor: Remove local storage service
Previously, we used a dedicated local storage service, with the only difference being that the get function returned an empty string instead of null if the key did not exist. Therefore, this commit removes the local storage service and uses the localstorage directly, with some explicit null checks.
Configuration menu - View commit details
-
Copy full SHA for f290d0a - Browse repository at this point
Copy the full SHA f290d0aView commit details -
docs: Document how to setup Keycloak as CCM IdP
This documents how to use Keycloak as an identity provider for the capella Collaboration Manager (CCM). This includes how to properly configure a CCM client in Keycloak and how to set up the configuration in CCM to use that client. However, it is important to note that the documentation does not cover how to properly configure and securely use Keycloak.
Configuration menu - View commit details
-
Copy full SHA for 9ed889b - Browse repository at this point
Copy the full SHA 9ed889bView commit details -
Configuration menu - View commit details
-
Copy full SHA for 8175f3f - Browse repository at this point
Copy the full SHA 8175f3fView commit details -
feat: Introduce idp identifier and email columns
This commit primarily adds two columns to the user table, the idp identifier and the email. The idp identifier is used to map the idp user to the local user. Therefore, it is critical that the idp claim used for this is unique per user. The following breaking changes are introduced to the values.yaml file: The `jwt.usernameClaim' is now moved to `claimMapping.username' and specifies the identity token claim used for the username column. The `claimMapping.idpIdentifier' is added, which specifies the identity token claim used for the new idp identifier column and must be unique within the idp. The `claimMapping.email` is added, which specifies the identity token claim used for the new email column. The breaking changes are detailed in the PR description and in the release notes.
Configuration menu - View commit details
-
Copy full SHA for 8e344e3 - Browse repository at this point
Copy the full SHA 8e344e3View commit details -
Configuration menu - View commit details
-
Copy full SHA for ee0535b - Browse repository at this point
Copy the full SHA ee0535bView commit details -
Configuration menu - View commit details
-
Copy full SHA for 4ca31f3 - Browse repository at this point
Copy the full SHA 4ca31f3View commit details
Commits on Jul 31, 2024
-
Configuration menu - View commit details
-
Copy full SHA for e773ef1 - Browse repository at this point
Copy the full SHA e773ef1View commit details
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.