Configure webui login URLs and details dynamically #5093
Conversation
arielshaqed
changed the base branch from
master
to
chore/deprecate-oidc-login
arielshaqed
force-pushed
the
chore/deprecate-oidc-login
branch
from
8b620d7 to
794d435
Compare
arielshaqed
added
new-feature
arielshaqed
force-pushed
the
feature/5085-configurable-ui-login
branch
3 times, most recently
from
18c2fd9 to
cb70cca
Compare
|
Manual verifications performed:
|
Validation with OIDC configurationI used this configuration snippet: oidc:
enabled: true
url: https://XXX.YYY.IDP.com/ # elided
client_id: abcdefg
client_secret: hijklmnoprshhhhhh
callback_base_url: http://localhost:8000/and login still works. |
Validation of ui_config.login_failed_messageAdded this snippet: ui_config:
login_failed_message: That didn't work. Does a link to <a href="https://cnn.com">CNN</a> work?
# ...Failed to login, and got a text with a link to CNN. |
Validation of fallback configurationWith this configuration: ui_config:
fallback_login_url: https://login.example.com
fallback_login_label: |
Didn't work? Maybe try SSL Stone Souper Login, "just add water and login!"the fallback button has the desired label and tries to redirect to the |
Validation of login redirectionWith this configuration: ui_config:
login_url: https://another.example.com/go/login?secret=1234the URL localhost:8000/auth/login?redirected=true&next=%2Frepositories Note that it is only relevant when |
@arielshaqed, Yes, this is to avoid jumping to this URL when the user explicitly navigates to the "internal" login page. It may or may not still be relevant today. |
api/swagger.yml
Outdated
| description: label to place on fallback_login_url. | ||
| type: string | ||
| login_cookies: | ||
| description: cookies to store JWT |
There was a problem hiding this comment.
| description: cookies to store JWT | |
| description: cookie names used to store JWT |
There was a problem hiding this comment.
Possibly also change the property name to login_cookie_names. Not feeling too strongly about this one.
There was a problem hiding this comment.
Thanks! Done (60d1393bf9e319cdf6893ae6406a92cb7748be1f).
pkg/api/controller.go
Outdated
| // TODO(ariels): Configure by c.Auth.OIDC.Enabled if set, otherwise | ||
| // from C.Auth.UIConfig |
There was a problem hiding this comment.
Seems like this TODO is already done?
pkg/api/controller.go
Outdated
| defaultFallbackLoginURL = "/oidc/login?prompt=login" | ||
| defaultFallbackLoginLabel = "Sign in with SSO provider" |
There was a problem hiding this comment.
These are only used when OIDC is enabled, so they are not really default. Can hard-code them in the if below.
pkg/api/controller.go
Outdated
| cookies = c.Auth.UIConfig.LoginCookies | ||
| // []string{ | ||
| // "internal_auth_session", | ||
| // } | ||
| loginFailedMessage = c.Auth.UIConfig.LoginFailedMessage // "The credentials don't match." | ||
| fallbackLoginURL = c.Auth.UIConfig.FallbackLoginURL // nil | ||
| fallbackLoginLabel = c.Auth.UIConfig.FallbackLoginLabel // nil |
There was a problem hiding this comment.
Are the comments here the default values? Because I don't see them set anywhere.
There was a problem hiding this comment.
Thanks! Made these true defaults.
webui/src/pages/auth/login.tsx
Outdated
| @@ -10,9 +10,18 @@ import {Error} from "../../lib/components/controls" | |||
| import {useRouter} from "../../lib/hooks/router"; | |||
| import {useAPI} from "../../lib/hooks/api"; | |||
|
|
|||
| const OIDC_LOGIN_URL = "/oidc/login?prompt=login"; | |||
| //const OIDC_LOGIN_URL = "/oidc/login?prompt=login"; | |||
|
Thanks! PTAL... (Will rebase on trunk after, to keep ease of commenting on this PR) |
api/swagger.yml
Outdated
| description: label to place on fallback_login_url. | ||
| type: string | ||
| login_cookies: | ||
| description: cookies to store JWT |
There was a problem hiding this comment.
Thanks! Done (60d1393bf9e319cdf6893ae6406a92cb7748be1f).
pkg/api/controller.go
Outdated
| // TODO(ariels): Configure by c.Auth.OIDC.Enabled if set, otherwise | ||
| // from C.Auth.UIConfig |
pkg/api/controller.go
Outdated
| defaultFallbackLoginURL = "/oidc/login?prompt=login" | ||
| defaultFallbackLoginLabel = "Sign in with SSO provider" |
pkg/api/controller.go
Outdated
| cookies = c.Auth.UIConfig.LoginCookies | ||
| // []string{ | ||
| // "internal_auth_session", | ||
| // } | ||
| loginFailedMessage = c.Auth.UIConfig.LoginFailedMessage // "The credentials don't match." | ||
| fallbackLoginURL = c.Auth.UIConfig.FallbackLoginURL // nil | ||
| fallbackLoginLabel = c.Auth.UIConfig.FallbackLoginLabel // nil |
There was a problem hiding this comment.
Thanks! Made these true defaults.
arielshaqed
force-pushed
the
feature/5085-configurable-ui-login
branch
from
0ecec3a to
38dd55b
Compare
|
Reverify after all changes: unchecked above boxes, re-checking now before pulling.
|
Everything works except for logout_url. Opening a separate issue #5195 to support that, as requirements will be part of building a complete system. @Isan-Rivkin FYI, please add a comment there about actual requirements :-) |
|
Thanks! Pulling... Only required check not reported is license/cla. But it's me, guv, honest! So pulling by adminiforce.
|
Fixes #5085.