Merge 8e53187 into 4578bd9

.proxyrc

@@ -1,5 +1,8 @@
 {
   "/v1": {
-    "target": "http://localhost:9000/",
-  }
+    "target": "http://localhost:9001/",
+  }, 
+  "/oauth2": {
+    "target": "http://localhost:9001/"
+  },
 }

api/applications/applications.proto

@@ -174,6 +174,15 @@ service Applications {
         };
     }
 
+    /**
+    * Config returns configuration information about the server
+    */
+    rpc GetFeatureFlags(GetFeatureFlagsRequest) returns (GetFeatureFlagsResponse) {
+        option (google.api.http) = {
+            get : "/v1/featureflags"
+        };
+    }
+
 }
 
 // This object represents a single condition for a Kubernetes object.
@@ -431,3 +440,9 @@ message ValidateProviderTokenRequest {
 message ValidateProviderTokenResponse {
     bool valid = 1;
 }
+
+message GetFeatureFlagsRequest {}
+
+message GetFeatureFlagsResponse {
+    map<string, string> flags = 1;
+}

api/applications/applications.swagger.json

@@ -570,6 +570,29 @@
           "Applications"
         ]
       }
+    },
+    "/v1/featureflags": {
+      "get": {
+        "summary": "Config returns configuration information about the server",
+        "operationId": "Applications_GetFeatureFlags",
+        "responses": {
+          "200": {
+            "description": "A successful response.",
+            "schema": {
+              "$ref": "#/definitions/v1GetFeatureFlagsResponse"
+            }
+          },
+          "default": {
+            "description": "An unexpected error response.",
+            "schema": {
+              "$ref": "#/definitions/rpcStatus"
+            }
+          }
+        },
+        "tags": [
+          "Applications"
+        ]
+      }
     }
   },
   "definitions": {
@@ -792,6 +815,17 @@
         }
       }
     },
+    "v1GetFeatureFlagsResponse": {
+      "type": "object",
+      "properties": {
+        "flags": {
+          "type": "object",
+          "additionalProperties": {
+            "type": "string"
+          }
+        }
+      }
+    },
     "v1GetGithubAuthStatusRequest": {
       "type": "object",
       "properties": {

cmd/gitops/ui/run/cmd.go

@@ -47,11 +47,11 @@ type Options struct {
 // OIDCAuthenticationOptions contains the OIDC authentication options for the
 // `ui run` command.
 type OIDCAuthenticationOptions struct {
-	IssuerURL      string
-	ClientID       string
-	ClientSecret   string
-	RedirectURL    string
-	CookieDuration time.Duration
+	IssuerURL     string
+	ClientID      string
+	ClientSecret  string
+	RedirectURL   string
+	TokenDuration time.Duration
 }
 
 var options Options
@@ -83,7 +83,7 @@ func NewCommand() *cobra.Command {
 		cmd.Flags().StringVar(&options.OIDC.ClientID, "oidc-client-id", "", "The client ID for the OpenID Connect client")
 		cmd.Flags().StringVar(&options.OIDC.ClientSecret, "oidc-client-secret", "", "The client secret to use with OpenID Connect issuer")
 		cmd.Flags().StringVar(&options.OIDC.RedirectURL, "oidc-redirect-url", "", "The OAuth2 redirect URL")
-		cmd.Flags().DurationVar(&options.OIDC.CookieDuration, "oidc-cookie-duration", time.Hour, "The duration of the ID token cookie. It should be set in the format: number + time unit (s,m,h) e.g., 20m")
+		cmd.Flags().DurationVar(&options.OIDC.TokenDuration, "oidc-token-duration", time.Hour, "The duration of the ID token. It should be set in the format: number + time unit (s,m,h) e.g., 20m")
 	}
 
 	return cmd
@@ -189,29 +189,26 @@ func runCmd(cmd *cobra.Command, args []string) error {
 			return fmt.Errorf("invalid issuer URL: %w", err)
 		}
 
-		redirectURL, err := url.Parse(options.OIDC.RedirectURL)
+		_, err = url.Parse(options.OIDC.RedirectURL)
 		if err != nil {
 			return fmt.Errorf("invalid redirect URL: %w", err)
 		}
 
-		var oidcIssueSecureCookies bool
-		if redirectURL.Scheme == "https" {
-			oidcIssueSecureCookies = true
+		tsv, err := auth.NewHMACTokenSignerVerifier(options.OIDC.TokenDuration)
+		if err != nil {
+			return fmt.Errorf("could not create HMAC token signer: %w", err)
 		}
 
 		srv, err := auth.NewAuthServer(cmd.Context(), appConfig.Logger, http.DefaultClient,
 			auth.AuthConfig{
 				OIDCConfig: auth.OIDCConfig{
-					IssuerURL:    options.OIDC.IssuerURL,
-					ClientID:     options.OIDC.ClientID,
-					ClientSecret: options.OIDC.ClientSecret,
-					RedirectURL:  options.OIDC.RedirectURL,
-				},
-				CookieConfig: auth.CookieConfig{
-					CookieDuration:     options.OIDC.CookieDuration,
-					IssueSecureCookies: oidcIssueSecureCookies,
+					IssuerURL:     options.OIDC.IssuerURL,
+					ClientID:      options.OIDC.ClientID,
+					ClientSecret:  options.OIDC.ClientSecret,
+					RedirectURL:   options.OIDC.RedirectURL,
+					TokenDuration: options.OIDC.TokenDuration,
 				},
-			},
+			}, rawClient, tsv,
 		)
 		if err != nil {
 			return fmt.Errorf("could not create auth server: %w", err)

go.mod

@@ -72,6 +72,7 @@ require (
 	github.com/gofrs/flock v0.8.1
 	github.com/google/uuid v1.3.0
 	github.com/oauth2-proxy/mockoidc v0.0.0-20210703044157-382d3faf2671
+	golang.org/x/crypto v0.0.0-20211215153901-e495a2d5b3d3
 	gopkg.in/square/go-jose.v2 v2.5.1
 	gopkg.in/yaml.v2 v2.4.0
 )
@@ -211,7 +212,6 @@ require (
 	go.starlark.net v0.0.0-20200306205701-8dd3e2ee1dd5 // indirect
 	go.uber.org/atomic v1.7.0 // indirect
 	go.uber.org/multierr v1.6.0 // indirect
-	golang.org/x/crypto v0.0.0-20211215153901-e495a2d5b3d3 // indirect
 	golang.org/x/mod v0.4.2 // indirect
 	golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2 // indirect
 	golang.org/x/sync v0.0.0-20210220032951-036812b2e83c // indirect

package.json

@@ -41,9 +41,9 @@
   "peerDependencies": {
     "lodash": "^4.17.21",
     "luxon": "^1.27.0",
+    "react": "^17.0.2",
     "react-dom": "^17.0.2",
     "react-toastify": "^7.0.4",
-    "react": "^17.0.2",
     "styled-components": "^5.3.0"
   },
   "dependencies": {