Skip to content

UI/OIDC provider#12800

Merged
hashishaw merged 21 commits intomainfrom
ui/oidc-provider
Oct 13, 2021
Merged

UI/OIDC provider#12800
hashishaw merged 21 commits intomainfrom
ui/oidc-provider

Conversation

@hashishaw
Copy link
Copy Markdown
Contributor

@hashishaw hashishaw commented Oct 11, 2021

Adds support for OIDC Authorization Code Flow with Vault as provider.

Assuming Vault as provider has already been set up under the name my-provider, the client can make a URL request to https://my-vault.com/ui/vault/identity/oidc/provider/my-provider with all required request parameters as query params. Example of valid url:

https://localhost:4200/ui/vault/identity/oidc/provider/my-provider?scope=openid&response_type=code&client_id=abcd1234&redirect_uri=https%3A%2F%2Fexample.com%2Fcallback

The UI will handle a couple specific errors (shown below) and the rest will be returned to the client (provided in the redirect_uri param) with the error query param.
Screen Shot 2021-10-11 at 12 54 28 PM
Screen Shot 2021-10-11 at 12 55 36 PM

If prompt param = consent, the following screen will be shown assuming no other errors:
Screen Shot 2021-10-11 at 12 57 10 PM

If the user denies consent, the screen will show this:
Screen Shot 2021-10-11 at 12 57 13 PM

@hashishaw hashishaw added the ui label Oct 11, 2021
@hashishaw hashishaw added this to the 1.9 milestone Oct 11, 2021
@vercel vercel bot temporarily deployed to Preview – vault October 11, 2021 18:09 Inactive
@vercel vercel bot temporarily deployed to Preview – vault-storybook October 11, 2021 18:09 Inactive
@vercel vercel bot temporarily deployed to Preview – vault October 11, 2021 20:06 Inactive
Monkeychip
Monkeychip reviewed Oct 11, 2021
View reviewed changes
changelog/12800.txt Outdated
@@ -0,0 +1,3 @@
```release-note:feature
ui: OIDC Authorization Code Flow Support
Copy link
Copy Markdown
Contributor

@Monkeychip Monkeychip Oct 11, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is this the new format that Meggie is requesting for features?

Monkeychip
Monkeychip reviewed Oct 11, 2021
View reviewed changes
ui/app/components/oidc-consent-block.js Outdated
@@ -0,0 +1,59 @@
/**
* @module OidcConsentBlock
* OidcConsentBlock components are used to...
Copy link
Copy Markdown
Contributor

@Monkeychip Monkeychip Oct 11, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

fill in?

Monkeychip
Monkeychip reviewed Oct 11, 2021
View reviewed changes
ui/tests/unit/controllers/vault/cluster/identity/oidc-provider-test.js Outdated
module('Unit | Controller | vault/cluster/identity/oidc-provider', function(hooks) {
setupTest(hooks);

// TODO: Replace this with your real tests.
Copy link
Copy Markdown
Contributor

@Monkeychip Monkeychip Oct 11, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

is this coming in a later PR?

Copy link
Copy Markdown
Contributor Author

@hashishaw hashishaw Oct 11, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ah good catch. This file was automatically generated but we don't use route or controller tests, but I'll be following on with acceptance tests on a later PR 👍

Monkeychip
Monkeychip requested changes Oct 11, 2021
View reviewed changes
Copy link
Copy Markdown
Contributor

@Monkeychip Monkeychip left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks like some failing UI tests and a couple of questions. But looks great!!!

@vercel vercel bot temporarily deployed to Preview – vault October 11, 2021 21:46 Inactive
@vercel vercel bot temporarily deployed to Preview – vault October 11, 2021 21:54 Inactive
@arnav28
Copy link
Copy Markdown
Contributor

arnav28 commented Oct 12, 2021

Nice work!! Just one question, we are showing navigation bar during the login flow, is that fine?

@vercel vercel bot temporarily deployed to Preview – vault October 13, 2021 17:20 Inactive
@vercel vercel bot temporarily deployed to Preview – vault October 13, 2021 19:37 Inactive
@hashishaw
Copy link
Copy Markdown
Contributor Author

hashishaw commented Oct 13, 2021

Nice work!! Just one question, we are showing navigation bar during the login flow, is that fine?

Good catch, we do want to hide the navigation links and I've handled that in the NavHeader component now 👍

@hashishaw hashishaw merged commit 9c6bd51 into main Oct 13, 2021
@hashishaw hashishaw deleted the ui/oidc-provider branch October 13, 2021 20:04
@hashishaw hashishaw mentioned this pull request Oct 19, 2021
Merged
2 tasks
@hashishaw hashishaw mentioned this pull request Oct 28, 2021
Merged
pull bot pushed a commit to NOUIY/vault that referenced this pull request Mar 13, 2026
@hc-github-team-secure-vault-core @kiannaquach
SECVULN-38932 update rollup override to latest patch (hashicorp#12774) (
9790b23 
hashicorp#12800)

Co-authored-by: Kianna <30884335+kiannaquach@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Monkeychip Monkeychip Monkeychip approved these changes

Assignees

No one assigned

Labels

ui

Projects

None yet

Milestone

1.9

Development

Successfully merging this pull request may close these issues.

3 participants

@hashishaw @arnav28 @Monkeychip