From 31ff2e375dfbe5629965d78bf3de8b7c3fd1a56e Mon Sep 17 00:00:00 2001 From: Vivek Ratnavel Subramanian Date: Tue, 12 Apr 2022 13:24:06 -0700 Subject: [PATCH] Fix #4055: Support auto renewal of tokens for Okta SSO (#4081) --- .../src/main/resources/ui/package.json | 4 +- .../auth-provider/okta-auth-provider.tsx | 13 +-- .../authenticators/OktaAuthenticator.tsx | 12 ++- .../src/main/resources/ui/yarn.lock | 94 +++++++++++++++---- 4 files changed, 93 insertions(+), 30 deletions(-) diff --git a/openmetadata-ui/src/main/resources/ui/package.json b/openmetadata-ui/src/main/resources/ui/package.json index 8d03b924652..06423f4b3ee 100644 --- a/openmetadata-ui/src/main/resources/ui/package.json +++ b/openmetadata-ui/src/main/resources/ui/package.json @@ -21,8 +21,8 @@ "@fortawesome/fontawesome-svg-core": "^1.3.0", "@fortawesome/free-solid-svg-icons": "^6.0.0", "@fortawesome/react-fontawesome": "^0.1.17", - "@okta/okta-auth-js": "^6.1.0", - "@okta/okta-react": "^6.4.2", + "@okta/okta-auth-js": "^6.4.0", + "@okta/okta-react": "^6.4.3", "@toast-ui/react-editor": "^3.1.3", "autoprefixer": "^9.8.6", "axios": "^0.21.1", diff --git a/openmetadata-ui/src/main/resources/ui/src/authentication/auth-provider/okta-auth-provider.tsx b/openmetadata-ui/src/main/resources/ui/src/authentication/auth-provider/okta-auth-provider.tsx index e1e990bd93e..93de7bc9920 100644 --- a/openmetadata-ui/src/main/resources/ui/src/authentication/auth-provider/okta-auth-provider.tsx +++ b/openmetadata-ui/src/main/resources/ui/src/authentication/auth-provider/okta-auth-provider.tsx @@ -11,7 +11,7 @@ * limitations under the License. */ -import { IDToken, OktaAuth } from '@okta/okta-auth-js'; +import { OktaAuth } from '@okta/okta-auth-js'; import { Security } from '@okta/okta-react'; import React, { FunctionComponent, ReactNode } from 'react'; import { oidcTokenKey } from '../../constants/constants'; @@ -42,17 +42,18 @@ export const OktaAuthProvider: FunctionComponent = ({ }; const restoreOriginalUri = async (_oktaAuth: OktaAuth) => { - const idToken = - _oktaAuth?.authStateManager?._authState?.idToken || ({} as IDToken); - localStorage.setItem(oidcTokenKey, idToken?.idToken || ''); + const idToken = _oktaAuth.getIdToken() || ''; + const scopes = + _oktaAuth.authStateManager.getAuthState()?.idToken?.scopes.join() || ''; + localStorage.setItem(oidcTokenKey, idToken); _oktaAuth .getUser() .then((info) => { setIsAuthenticated(true); const user = { // eslint-disable-next-line @typescript-eslint/camelcase - id_token: idToken.idToken, - scope: idToken.scopes.join(), + id_token: idToken, + scope: scopes, profile: { email: info.email || '', name: info.name || '', diff --git a/openmetadata-ui/src/main/resources/ui/src/authentication/authenticators/OktaAuthenticator.tsx b/openmetadata-ui/src/main/resources/ui/src/authentication/authenticators/OktaAuthenticator.tsx index 1e5e9a1d94c..906c331a453 100644 --- a/openmetadata-ui/src/main/resources/ui/src/authentication/authenticators/OktaAuthenticator.tsx +++ b/openmetadata-ui/src/main/resources/ui/src/authentication/authenticators/OktaAuthenticator.tsx @@ -19,7 +19,7 @@ import React, { useImperativeHandle, } from 'react'; import { useHistory } from 'react-router-dom'; -import { ROUTES } from '../../constants/constants'; +import { oidcTokenKey, ROUTES } from '../../constants/constants'; import { useAuthContext } from '../auth-provider/AuthProvider'; import { AuthenticatorRef } from '../auth-provider/AuthProvider.interface'; @@ -28,8 +28,6 @@ interface Props { onLogoutSuccess: () => void; } -export type Ref = ReactNode | HTMLElement | string; - const OktaAuthenticator = forwardRef( ({ children, onLogoutSuccess }: Props, ref) => { const { oktaAuth } = useOktaAuth(); @@ -65,8 +63,12 @@ const OktaAuthenticator = forwardRef( invokeLogout() { logout(); }, - renewIdToken() { - return Promise.resolve(''); + async renewIdToken() { + await oktaAuth.token.renewTokens(); + const idToken = oktaAuth.getIdToken() || ''; + localStorage.setItem(oidcTokenKey, idToken); + + return Promise.resolve(idToken); }, })); diff --git a/openmetadata-ui/src/main/resources/ui/yarn.lock b/openmetadata-ui/src/main/resources/ui/yarn.lock index 531d4198863..ecec473c8e9 100644 --- a/openmetadata-ui/src/main/resources/ui/yarn.lock +++ b/openmetadata-ui/src/main/resources/ui/yarn.lock @@ -1003,7 +1003,7 @@ dependencies: regenerator-runtime "^0.13.4" -"@babel/runtime@^7.12.0", "@babel/runtime@^7.13.10": +"@babel/runtime@^7.12.0", "@babel/runtime@^7.13.10", "@babel/runtime@^7.16.0", "@babel/runtime@^7.6.2": version "7.17.9" resolved "https://registry.yarnpkg.com/@babel/runtime/-/runtime-7.17.9.tgz#d19fbf802d01a8cb6cf053a64e472d42c434ba72" integrity sha512-lSiBBvodq29uShpWGNbgFdKYNiFDo5/HIYsaCEY9ff4sb10x9jizo2+pRrSyF4jKZCXqgzuqBOQKbUm90gQwJg== @@ -1562,20 +1562,21 @@ "@nodelib/fs.scandir" "2.1.5" fastq "^1.6.0" -"@okta/okta-auth-js@^6.1.0": - version "6.1.0" - resolved "https://registry.yarnpkg.com/@okta/okta-auth-js/-/okta-auth-js-6.1.0.tgz#4944de4aaab56435cef36bc5ef80a61a8a3d79d4" - integrity sha512-q76rWaFOCDCKFu1Ncus9wbEDE29dzTbWwGUwfyk60ZeOw4jI04NjwvtUTp+CdlRtbR7SFaleDCqaPQOv64p2Wg== +"@okta/okta-auth-js@^6.4.0": + version "6.4.0" + resolved "https://registry.yarnpkg.com/@okta/okta-auth-js/-/okta-auth-js-6.4.0.tgz#96ffa804e299b5284ab128409249923b17e5a42c" + integrity sha512-Y9bPPwK/Ic8f5Yb0l97SIK/UeyACoOU4m3WkqnQ9RpG3beZkXDc5D5HRgMcB0vAvZjdiBEWvP6lCR3aiGwNJkg== dependencies: "@babel/runtime" "^7.12.5" "@babel/runtime-corejs3" "^7.17.0" "@peculiar/webcrypto" "1.1.6" Base64 "1.1.0" atob "^2.1.2" + broadcast-channel "^4.10.0" btoa "^1.2.1" core-js "^3.6.5" cross-fetch "^3.1.5" - js-cookie "2.2.1" + js-cookie "^3.0.1" jsonpath-plus "^6.0.1" node-cache "^5.1.2" p-cancelable "^2.0.0" @@ -1584,10 +1585,10 @@ webcrypto-shim "^0.1.5" xhr2 "0.1.3" -"@okta/okta-react@^6.4.2": - version "6.4.2" - resolved "https://registry.yarnpkg.com/@okta/okta-react/-/okta-react-6.4.2.tgz#c57110e46c68a0e96e54586a34fb16eb9d76c336" - integrity sha512-8gtITI5FbqeQcxZDxWgk9qthSQvG/lQOCX8cPu7vVhoAZ2Updia2IIvQrUTQDj9du3X2fMM66gJQVDRDs5b+Fw== +"@okta/okta-react@^6.4.3": + version "6.4.3" + resolved "https://registry.yarnpkg.com/@okta/okta-react/-/okta-react-6.4.3.tgz#bcb28dafbcdb46e27ef1f899a8e6d2ab57c4ab7c" + integrity sha512-fxMs74ICGq/C2GWAiIcTsO/MCEVgpaKnu6J11qzWHjiUIWbIABYTyM6RqECXJ5YdmmtzrliYLZ8xxSMvlZAg7A== dependencies: "@babel/runtime" "^7.11.2" compare-versions "^4.1.2" @@ -3479,6 +3480,11 @@ better-ajv-errors@^0.6.1, better-ajv-errors@^0.6.7: jsonpointer "^4.0.1" leven "^3.1.0" +big-integer@^1.6.16: + version "1.6.51" + resolved "https://registry.yarnpkg.com/big-integer/-/big-integer-1.6.51.tgz#0df92a5d9880560d3ff2d5fd20245c889d130686" + integrity sha512-GPEid2Y9QU1Exl1rpO9B2IPJGHPSupF5GnVIP0blYvNOMer2bTvSWs1jGOUg04hTmu67nmLsQ9TBo1puaotBHg== + big.js@^5.2.2: version "5.2.2" resolved "https://registry.yarnpkg.com/big.js/-/big.js-5.2.2.tgz#65f0af382f578bcdc742bd9c281e9cb2d7768328" @@ -3591,6 +3597,20 @@ braces@^3.0.1, braces@~3.0.2: dependencies: fill-range "^7.0.1" +broadcast-channel@^4.10.0: + version "4.10.0" + resolved "https://registry.yarnpkg.com/broadcast-channel/-/broadcast-channel-4.10.0.tgz#d19fb902df227df40b1b580351713d30c302d198" + integrity sha512-hOUh312XyHk6JTVyX9cyXaH1UYs+2gHVtnW16oQAu9FL7ALcXGXc/YoJWqlkV8vUn14URQPMmRi4A9q4UrwVEQ== + dependencies: + "@babel/runtime" "^7.16.0" + detect-node "^2.1.0" + microseconds "0.2.0" + nano-time "1.0.0" + oblivious-set "1.0.0" + p-queue "6.6.2" + rimraf "3.0.2" + unload "2.3.1" + browser-process-hrtime@^1.0.0: version "1.0.0" resolved "https://registry.yarnpkg.com/browser-process-hrtime/-/browser-process-hrtime-1.0.0.tgz#3c9b4b7d782c8121e56f10106d84c0d0ffc94626" @@ -4866,7 +4886,7 @@ detect-newline@^3.0.0: resolved "https://registry.yarnpkg.com/detect-newline/-/detect-newline-3.1.0.tgz#576f5dfc63ae1a192ff192d8ad3af6308991b651" integrity sha512-TLz+x/vEXm/Y7P7wn1EJFNLxYpUD4TgMosxY6fAVJUnJMbupHBOncxyWUG9OpTaH9EBD7uFI5LfEgmMOc54DsA== -detect-node@^2.0.4: +detect-node@2.1.0, detect-node@^2.0.4, detect-node@^2.1.0: version "2.1.0" resolved "https://registry.yarnpkg.com/detect-node/-/detect-node-2.1.0.tgz#c9c70775a49c3d03bc2c06d9a73be550f978f8b1" integrity sha512-T0NIuQpnTvFDATNuHN5roPwSBG83rFsuO+MXXH9/3N1eFbn4wcPjttvjMLEPWJ0RGUYgQE7cGgS3tNxbqCGM7g== @@ -5638,7 +5658,7 @@ eventemitter3@^2.0.3: resolved "https://registry.yarnpkg.com/eventemitter3/-/eventemitter3-2.0.3.tgz#b5e1079b59fb5e1ba2771c0a993be060a58c99ba" integrity sha1-teEHm1n7XhuidxwKmTvgYKWMmbo= -eventemitter3@^4.0.0: +eventemitter3@^4.0.0, eventemitter3@^4.0.4: version "4.0.7" resolved "https://registry.yarnpkg.com/eventemitter3/-/eventemitter3-4.0.7.tgz#2de9b68f6528d5644ef5c59526a1b4a07306169f" integrity sha512-8guHBZCwKnFhYdHr2ysuRWErTwhoN2X8XELRlrRwpmfeY2jjuUN4taQMsULKUVo1K4DvZl+0pgfyoysHxvmvEw== @@ -8003,10 +8023,10 @@ jquery@^3.5.0: resolved "https://registry.yarnpkg.com/jquery/-/jquery-3.6.0.tgz#c72a09f15c1bdce142f49dbf1170bdf8adac2470" integrity sha512-JVzAR/AjBvVt2BmYhxRCSYysDsPcssdmTFnzyLEts9qNwmjmu4JTAMYubEfwVOSwpQ1I1sKKFcxhZCI2buerfw== -js-cookie@2.2.1: - version "2.2.1" - resolved "https://registry.yarnpkg.com/js-cookie/-/js-cookie-2.2.1.tgz#69e106dc5d5806894562902aa5baec3744e9b2b8" - integrity sha512-HvdH2LzI/EAZcUwA8+0nKNtWHqS+ZmijLA30RwZA0bo7ToCckjK5MkGhjED9KoRcXO6BaGI3I9UIzSA1FKFPOQ== +js-cookie@^3.0.1: + version "3.0.1" + resolved "https://registry.yarnpkg.com/js-cookie/-/js-cookie-3.0.1.tgz#9e39b4c6c2f56563708d7d31f6f5f21873a92414" + integrity sha512-+0rgsUXZu4ncpPxRL+lNEptWMOWl9etvPHc/koSRp6MPwpRYAhmk0dUG00J4bxVV3r9uUzfo24wW0knS07SKSw== "js-tokens@^3.0.0 || ^4.0.0", js-tokens@^4.0.0: version "4.0.0" @@ -9289,6 +9309,11 @@ micromatch@^4.0.0, micromatch@^4.0.2, micromatch@^4.0.4: braces "^3.0.1" picomatch "^2.2.3" +microseconds@0.2.0: + version "0.2.0" + resolved "https://registry.yarnpkg.com/microseconds/-/microseconds-0.2.0.tgz#233b25f50c62a65d861f978a4a4f8ec18797dc39" + integrity sha512-n7DHHMjR1avBbSpsTBj6fmMGh2AGrifVV4e+WYc3Q9lO+xnSZ3NyhcBND3vzzatt05LFhoKFRxrIyklmLlUtyA== + mime-db@1.49.0, "mime-db@>= 1.43.0 < 2": version "1.49.0" resolved "https://registry.yarnpkg.com/mime-db/-/mime-db-1.49.0.tgz#f3dfde60c99e9cf3bc9701d687778f537001cbed" @@ -9496,6 +9521,13 @@ nan@^2.12.1: resolved "https://registry.yarnpkg.com/nan/-/nan-2.15.0.tgz#3f34a473ff18e15c1b5626b62903b5ad6e665fee" integrity sha512-8ZtvEnA2c5aYCZYd1cvgdnU6cqwixRoYg70xPLWUws5ORTa/lnw+u4amixRS/Ac5U5mQVgp9pnlSUnbNWFaWZQ== +nano-time@1.0.0: + version "1.0.0" + resolved "https://registry.yarnpkg.com/nano-time/-/nano-time-1.0.0.tgz#b0554f69ad89e22d0907f7a12b0993a5d96137ef" + integrity sha1-sFVPaa2J4i0JB/ehKwmTpdlhN+8= + dependencies: + big-integer "^1.6.16" + nanoid@^3.1.23: version "3.1.25" resolved "https://registry.yarnpkg.com/nanoid/-/nanoid-3.1.25.tgz#09ca32747c0e543f0e1814b7d3793477f9c8e152" @@ -9880,6 +9912,11 @@ object.values@^1.1.5: define-properties "^1.1.3" es-abstract "^1.19.1" +oblivious-set@1.0.0: + version "1.0.0" + resolved "https://registry.yarnpkg.com/oblivious-set/-/oblivious-set-1.0.0.tgz#c8316f2c2fb6ff7b11b6158db3234c49f733c566" + integrity sha512-z+pI07qxo4c2CulUHCDf9lcqDlMSo72N/4rLUpRXf6fu+q8vjt8y0xS+Tlf8NTJDdTXHbdeO1n3MlbctwEoXZw== + obuf@^1.0.0, obuf@^1.1.2: version "1.1.2" resolved "https://registry.yarnpkg.com/obuf/-/obuf-1.1.2.tgz#09bea3343d41859ebd446292d11c9d4db619084e" @@ -10075,6 +10112,14 @@ p-map@^4.0.0: dependencies: aggregate-error "^3.0.0" +p-queue@6.6.2: + version "6.6.2" + resolved "https://registry.yarnpkg.com/p-queue/-/p-queue-6.6.2.tgz#2068a9dcf8e67dd0ec3e7a2bcb76810faa85e426" + integrity sha512-RwFpb72c/BhQLEXIZ5K2e+AhgNVmIejGlTgiB9MzZ0e93GRvqZ7uSi0dvRF7/XIXDeNkra2fNHBxTyPDGySpjQ== + dependencies: + eventemitter3 "^4.0.4" + p-timeout "^3.2.0" + p-retry@^3.0.1: version "3.0.1" resolved "https://registry.yarnpkg.com/p-retry/-/p-retry-3.0.1.tgz#316b4c8893e2c8dc1cfa891f406c4b422bebf328" @@ -10082,6 +10127,13 @@ p-retry@^3.0.1: dependencies: retry "^0.12.0" +p-timeout@^3.2.0: + version "3.2.0" + resolved "https://registry.yarnpkg.com/p-timeout/-/p-timeout-3.2.0.tgz#c7e17abc971d2a7962ef83626b35d635acf23dfe" + integrity sha512-rhIwUycgwwKcP9yTOOFK/AKsAopjjCakVqLHePO3CC6Mir1Z99xT+R63jZxAT5lFZLa2inS5h+ZS2GvR99/FBg== + dependencies: + p-finally "^1.0.0" + p-try@^1.0.0: version "1.0.0" resolved "https://registry.yarnpkg.com/p-try/-/p-try-1.0.0.tgz#cbc79cdbaf8fd4228e13f621f2b1a237c1b207b3" @@ -11768,7 +11820,7 @@ rimraf@2.6.3, rimraf@^2.6.3: dependencies: glob "^7.1.3" -rimraf@^3.0.0: +rimraf@3.0.2, rimraf@^3.0.0: version "3.0.2" resolved "https://registry.yarnpkg.com/rimraf/-/rimraf-3.0.2.tgz#f1a5402ba6220ad52cc1282bac1ae3aa49fd061a" integrity sha512-JZkJMZkAGFFPP2YqXZXPbMlMBgsxzE8ILs4lMIX/2o0L9UBw9O/Y3o6wFw/i9YLapcUJWwqbi3kdxIPdC62TIA== @@ -13474,6 +13526,14 @@ universalify@^2.0.0: resolved "https://registry.yarnpkg.com/universalify/-/universalify-2.0.0.tgz#75a4984efedc4b08975c5aeb73f530d02df25717" integrity sha512-hAZsKq7Yy11Zu1DE0OzWjw7nnLZmJZYTDZZyEFHZdUhV8FkH5MCfoU1XMaxXovpyW5nq5scPqq0ZDP9Zyl04oQ== +unload@2.3.1: + version "2.3.1" + resolved "https://registry.yarnpkg.com/unload/-/unload-2.3.1.tgz#9d16862d372a5ce5cb630ad1309c2fd6e35dacfe" + integrity sha512-MUZEiDqvAN9AIDRbbBnVYVvfcR6DrjCqeU2YQMmliFZl9uaBUjTkhuDQkBiyAy8ad5bx1TXVbqZ3gg7namsWjA== + dependencies: + "@babel/runtime" "^7.6.2" + detect-node "2.1.0" + unpipe@1.0.0, unpipe@~1.0.0: version "1.0.0" resolved "https://registry.yarnpkg.com/unpipe/-/unpipe-1.0.0.tgz#b2bf4ee8514aae6165b4817829d21b2ef49904ec"