Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support for Neo4j 4.4 SSO, including discovery and refresh tokens #1581

Merged
merged 30 commits into from
Nov 2, 2021
Merged

Support for Neo4j 4.4 SSO, including discovery and refresh tokens #1581

merged 30 commits into from
Nov 2, 2021

Conversation

OskarDamkjaer
Copy link
Contributor

No description provided.

jharris4
jharris4 reviewed Nov 1, 2021
View reviewed changes
src/shared/modules/connections/connectionsDuck.ts Outdated
if (SSOProviders) {
return Rx.Observable.fromPromise(
(async function() {
//TODO can throw?
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

yeah, if the handleRefreshingToken throws, we should bail out of the reconnection attempts, and go straight to the connection lost state. TBD is whether we should specifically report this back to the user somehow, possible with custom error text?

jharris4
jharris4 reviewed Nov 1, 2021
View reviewed changes
src/shared/modules/discovery/discoveryDuck.ts
requestedUseDb: action.requestedUseDb,
host: `${protocol ? `${protocol}//` : ''}${host}`,
supportsMultiDb: !!action.requestedUseDb,
encrypted: action.encrypted,
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm a bit fuzzy on while all these discovered properties are needed, and whether they're actually used anywhere, but I guess it's fine for now.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah this turned into a bit of a rabbit hole trying to understand where they're all used. I'm somewhat certain that the encrypted key is not used here and that the restApi is used for the :http command. But didn't have enough time to dig into it fully

jharris4
jharris4 reviewed Nov 1, 2021
View reviewed changes
src/shared/modules/discovery/discoveryHelpers.test.ts
expect(discoveryData?.urlMissing).toEqual(false)
})

test('finds and priotises sso providers from session storage/connect form when all discovery sources are present, but doesnt merge when hosts differ', async () => {
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

should probably add the new discoveryConnection source to this test?

@OskarDamkjaer OskarDamkjaer force-pushed the connect-discovery branch 2 times, most recently from a304c09 to 403e452 Compare November 2, 2021 15:15
jharris4 and others added 21 commits November 2, 2021 17:13
@jharris4 @OskarDamkjaer
initial commit, use sso lib to fetch discovery for bolt host
baf7cf8 
garbage

asdf
@OskarDamkjaer
Implement function fetching discovery data
ee68217
@jharris4 @OskarDamkjaer
add debounced fetch of discovery data on connect form host change
3316af8
@jharris4 @OskarDamkjaer
store host in sessionStorage on SSO provider click
37144d2 
also read/check for it on startup
@OskarDamkjaer
Add test for happypath
87fceb2
@OskarDamkjaer
Improve errorhandling
92dda9a
@jharris4 @OskarDamkjaer
fix case ssoProviders -> SSOProviders
c67528a
@jharris4 @OskarDamkjaer
refactor for new logic in fetchBrowserDiscoveryDataFromUrl
23da51d 
Also make discovery fetching more aware of auth method values & changes
@jharris4 @OskarDamkjaer
always use the bolt host as input for fetching discovery data
83e6905
@jharris4 @OskarDamkjaer
fix bug state leak bug for SSO when connect form host equals current …
681a8cf 
…connection host
@OskarDamkjaer
Add better tests
a3f056d
@OskarDamkjaer
Fix sso capitalization
f205ecf
@jharris4 @OskarDamkjaer
Set SSOError whenever no SSOProviders are found
f823b51
@jharris4 @OskarDamkjaer
first attempt at getting sso token refresh to work
3ed3b8b
@OskarDamkjaer
Remove unused code and fix bug where host got overridden
a8604c2
@jharris4 @OskarDamkjaer
load discovery connection discovery data on startup
2d2be65 
change discovery connection auth method to sso on provider click

misc other sso improvements
@jharris4 @OskarDamkjaer
fire onLostConnection when cypher query errors with TokenExpired
3daabe8
@OskarDamkjaer
Initial refresh token impl & Bump sso lib
838dc71
@OskarDamkjaer
Remove debug console logs
d4561ed
@OskarDamkjaer
Remove duplication of re-connect code
3674275
@OskarDamkjaer
Add better logging for when discovery data isn't found
af9ccab
jharris4
jharris4 approved these changes Nov 2, 2021
View reviewed changes
Copy link
Collaborator

@jharris4 jharris4 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is working really well in testing so far, so I'm going to merge it so we can have a release candidate.

We may want to address some of the minor remaining review comments later though...

@jharris4 jharris4 merged commit 3a50d72 into neo4j:master Nov 2, 2021
@OskarDamkjaer OskarDamkjaer changed the title Update SSO to use 4.4 discovery and refresh tokens Support for Neo4j 4.4 SSO, including discovery and refresh tokens Nov 30, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jharris4 jharris4 jharris4 approved these changes

Assignees
No one assigned
Labels
changelog
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@OskarDamkjaer @jharris4