Merge pull request #3 from Creoox/develop

Bugfix: Implicit Flow

Author: and-ratajski

README.md

@@ -31,11 +31,12 @@ At the current state of implementation, two authentication flows are possible:
 
 Currently tested providers:
 
-| Provideer                                              | Version | Result | Comment       |
+| Provider                                               | Version | Result | Comment       |
 | ------------------------------------------------------ | ------- | ------ | ------------- |
 | [Keycloak](https://www.keycloak.org/)                  | 17.1    | ✅     |               |
 | [SAP Commerce](https://help.sap.com/docs/SAP_COMMERCE) | ?       | ⏳     | Running tests |
 | Google                                                 | ?       | ➡️     | Planned       |
+| GitHub                                                 | ?       | ➡️     | Planned       |
 
 <br/>
 
@@ -44,6 +45,7 @@ Currently tested providers:
 ## Prerequisites
 
 1. Prepared traefik-based infrastructure
+2. [OPTIONAL] [ModHeader](https://modheader.com/) to include authorization header in browser request
 
 ## Variables
 
@@ -103,7 +105,6 @@ traefik:
     labels:
       - "traefik.enable=true"
       - "traefik.http.middlewares.traefik-https-redirect.redirectscheme.scheme=https"
-      # - "traefik.http.middlewares.traefik-auth.basicauth.users=dummy:$$apr1$$iHNcpXTy$$cSNZ9EJt3fChWLn3s.v2L1"
 
       - "traefik.http.routers.traefik.entrypoints=web"
       - "traefik.http.routers.traefik.rule=Host(`localhost`)"
@@ -114,7 +115,6 @@ traefik:
       - "traefik.http.routers.traefik-secure.tls=true"
       - "traefik.http.routers.traefik-secure.tls.certresolver=hypercpq"
       - "traefik.http.routers.traefik-secure.service=api@internal"
-      # - "traefik.http.routers.traefik-secure.middlewares=traefik-auth"
       - "traefik.http.routers.traefik-secure.middlewares=traefik-forward-auth"
 
   # https://doc.traefik.io/traefik/providers/docker/#docker-api-access
@@ -130,7 +130,7 @@ traefik:
         - cx-example-net
 
   traefik-forward-auth:
-    image: creoox/cx-traefik-forward-auth:1.0.0
+    image: creoox/cx-traefik-forward-auth:1.0.1
     container_name: cx-example-traefik-forward-auth
     env_file:
       - ./cx-traefik-forward-auth.env

app/.env.example

@@ -1,6 +1,6 @@
 ## Application settings
 APP_NAME=cx-traefik-forward-auth
-APP_VERSION=1.0.0
+APP_VERSION=1.0.1
 APP_PORT=4181
 
 ## Environment settings

app/src/services/auth.ts

@@ -25,7 +25,8 @@ const JWT_STRICT_AUDIENCE = ["true", "True", "1"].includes(
  * - Authorization Code Flow (default)
  * - Implicit Flow
  *
- * @param headers containing information with original request.
+ * @param headers containing information with original request
+ * @param [loginAuthFlow=LOGIN_AUTH_FLOW] optional parameter to set auth flow
  * @returns authorization url
  * @todo add Hybrid Flow
  */
@@ -53,7 +54,6 @@ export const genAuthorizationUrl = (
     authorizationUrl = getOidcClient().authorizationUrl({
       scope: LOGIN_SCOPE,
       nonce: nonce,
-      response_mode: "form_post",
       state: random_state,
     });
   } else {

app/src/states/clients.ts

@@ -16,7 +16,7 @@ export const initOidcClient = async (): Promise<void> => {
   if (LOGIN_AUTH_FLOW === "id_token") {
     oidcClient = new issuer.Client({
       client_id: process.env.OIDC_CLIENT_ID as string,
-      redirect_uris: [`${process.env.HOST_URI}/_oauth`],
+      redirect_uris: [`${process.env.HOST_URI}${AUTH_ENDPOINT}`],
       response_types: [LOGIN_AUTH_FLOW],
     });
   } else {
@@ -25,7 +25,7 @@ export const initOidcClient = async (): Promise<void> => {
       client_secret: process.env.OIDC_CLIENT_SECRET
         ? process.env.OIDC_CLIENT_SECRET
         : undefined,
-      redirect_uris: [`${process.env.HOST_URI}/_oauth`],
+      redirect_uris: [`${process.env.HOST_URI}${AUTH_ENDPOINT}`],
       response_types: [LOGIN_AUTH_FLOW],
       token_endpoint_auth_method: process.env.OIDC_CLIENT_SECRET
         ? "client_secret_post"