Skip to content
This repository has been archived by the owner on Feb 11, 2023. It is now read-only.

Externalise configuration and secrets #70

Open
wants to merge 68 commits into
base: master
Choose a base branch
from
Open

Externalise configuration and secrets #70

wants to merge 68 commits into from

Commits on May 28, 2020

  1. Merge pull request #2 from iress/fix-code-challenge-import 

    Fix codeChallenge import
    @apgrucza
    apgrucza committed May 28, 2020
    Configuration menu
    Copy the full SHA
    c7be318 View commit details
    Browse the repository at this point in the history

Commits on May 29, 2020

  1. Generic package (#3) 

    Support for generic packages
    @apgrucza
    apgrucza committed May 29, 2020
    Configuration menu
    Copy the full SHA
    ff883df View commit details
    Browse the repository at this point in the history

  2. Fixed release asset name (#4)

    @apgrucza
    apgrucza committed May 29, 2020
    Configuration menu
    Copy the full SHA
    dd7fd03 View commit details
    Browse the repository at this point in the history

Commits on May 31, 2020

  1. Release asset name (#5) 

    * Fixed release asset name
    @apgrucza
    apgrucza committed May 31, 2020
    Configuration menu
    Copy the full SHA
    a228ede View commit details
    Browse the repository at this point in the history

Commits on Jun 5, 2020

  1. Convert tabs to spaces (#6)

    @apgrucza
    apgrucza committed Jun 5, 2020
    Configuration menu
    Copy the full SHA
    655da6c View commit details
    Browse the repository at this point in the history

  2. Add reference to GitHub Releases (#7)

    @apgrucza
    apgrucza committed Jun 5, 2020
    Configuration menu
    Copy the full SHA
    fb89b40 View commit details
    Browse the repository at this point in the history

Commits on Jun 16, 2020

  1. Mocha (#8) 

    Added Mocha tests for config and key pair rotation
    @apgrucza
    apgrucza committed Jun 16, 2020
    Configuration menu
    Copy the full SHA
    36bec4c View commit details
    Browse the repository at this point in the history

Commits on Jul 16, 2020

  1. Pass expiresIn as seconds rather than milliseconds (#9)

    @apgrucza
    apgrucza committed Jul 16, 2020
    Configuration menu
    Copy the full SHA
    748a756 View commit details
    Browse the repository at this point in the history

Commits on Jul 17, 2020

  1. CI scripts to exclude devDependencies from Lambda (#10)

    @apgrucza
    apgrucza committed Jul 17, 2020
    Configuration menu
    Copy the full SHA
    280de0b View commit details
    Browse the repository at this point in the history

Commits on Jul 31, 2020

  1. Exclude devDependencies when using build.sh (#11)

    @apgrucza
    apgrucza committed Jul 31, 2020
    Configuration menu
    Copy the full SHA
    c1bade0 View commit details
    Browse the repository at this point in the history

Commits on Oct 5, 2020

  1. Use access token and dont re-sign using custom keys. (#13) 

    Verify the access_token instead of the id_token.
Set the TOKEN cookie with the signed access_token and make it secure http only
Removed logic to re-sign the token using custom signing key.
    @nbshetty
    nbshetty committed Oct 5, 2020
    Configuration menu
    Copy the full SHA
    1d83d49 View commit details
    Browse the repository at this point in the history

Commits on Oct 7, 2020

  1. Fix/nonce check (#16) 

    * Merge Latest fix from origin repo  (#15)

* Very basic XSS prevention

* Parse `%20` as spaces before printing them

Co-authored-by: Payton Garland <[email protected]>
Co-authored-by: Thomas <[email protected]>

* Use the id_token nonce to validate.

Co-authored-by: Payton Garland <[email protected]>
Co-authored-by: Thomas <[email protected]>
    @nbshetty @payton @thomasdbock
    3 people committed Oct 7, 2020
    Configuration menu
    Copy the full SHA
    c0941d5 View commit details
    Browse the repository at this point in the history

Commits on Oct 8, 2020

  1. use the access token kid to pick up the signing key (#17)

    @nbshetty
    nbshetty committed Oct 8, 2020
    Configuration menu
    Copy the full SHA
    5eba0d3 View commit details
    Browse the repository at this point in the history

Commits on Apr 29, 2021

  1. PFS-1811 Add scope variable for AUTH_REQUEST

    @Iress-Kian
    Iress-Kian committed Apr 29, 2021
    Configuration menu
    Copy the full SHA
    ac736eb View commit details
    Browse the repository at this point in the history

Commits on May 3, 2021

  1. Merge pull request #18 from iress/PFS-1811 

    PFS-1811  Add scope variable for AUTH_REQUEST
    @Iress-Kian
    Iress-Kian committed May 3, 2021
    Configuration menu
    Copy the full SHA
    30d2dd8 View commit details
    Browse the repository at this point in the history

  2. PFS-1811 Update READ.ME (#19) 

    * PFS-1811 Update READ.ME

* Fix typo

Co-authored-by: Adrian Grucza <[email protected]>
    @Iress-Kian @apgrucza
    Iress-Kian and apgrucza committed May 3, 2021
    Configuration menu
    Copy the full SHA
    4785c61 View commit details
    Browse the repository at this point in the history

Commits on Jul 26, 2021

  1. Change example base URL for Okta Native [skip ci] (#20)

    @apgrucza
    apgrucza committed Jul 26, 2021
    Configuration menu
    Copy the full SHA
    30ef2cc View commit details
    Browse the repository at this point in the history

Commits on Jul 30, 2021

  1. Bump Node version to 14 and update packages (#21)

    @apgrucza
    apgrucza committed Jul 30, 2021
    Configuration menu
    Copy the full SHA
    18b00ac View commit details
    Browse the repository at this point in the history

Commits on Sep 8, 2021

  1. WTL-852 Add Terraform configuration (#22)

    @apgrucza
    apgrucza committed Sep 8, 2021
    Configuration menu
    Copy the full SHA
    912a036 View commit details
    Browse the repository at this point in the history

Commits on Sep 12, 2021

  1. Added Terraform example - CloudFront distribution (#23)

    @apgrucza
    apgrucza committed Sep 12, 2021
    Configuration menu
    Copy the full SHA
    16abdc5 View commit details
    Browse the repository at this point in the history

Commits on Sep 29, 2021

  1. allow secrets manager secrets to be encrypted with a CMK

    Chris Wilson committed Sep 29, 2021
    Configuration menu
    Copy the full SHA
    9bd02c2 View commit details
    Browse the repository at this point in the history

  2. updated variable description

    Chris Wilson committed Sep 29, 2021
    Configuration menu
    Copy the full SHA
    70bbe91 View commit details
    Browse the repository at this point in the history

Commits on Sep 30, 2021

  1. Merge pull request #25 from iress/encrypt-sec-manager-secret-cmk 

    Encrypt sec manager secret cmk
    @chris-wilbur-wilson
    chris-wilbur-wilson committed Sep 30, 2021
    Configuration menu
    Copy the full SHA
    57af25c View commit details
    Browse the repository at this point in the history

Commits on Nov 30, 2021

  1. Allow user to specify a customized IDP. (#26) 

    Signed-off-by: QiFanIress <[email protected]>
    Qi Fan committed Nov 30, 2021
    Configuration menu
    Copy the full SHA
    863ec52 View commit details
    Browse the repository at this point in the history

Commits on Dec 1, 2021

  1. Update fault value of IDP to be a space to avoid SSM parameter creati… 

    …on issue. (#27)
    Qi Fan committed Dec 1, 2021
    Configuration menu
    Copy the full SHA
    2b9e826 View commit details
    Browse the repository at this point in the history

Commits on Oct 12, 2022

  1. remove max version constraint on provider

    @Tar-Elendil
    Tar-Elendil committed Oct 12, 2022
    Configuration menu
    Copy the full SHA
    89df7c3 View commit details
    Browse the repository at this point in the history

Commits on Oct 14, 2022

  1. secret rotation now depends on the permissions 

    This fixes a bug where if you deploy the components one by one with parallelism=1, deploying the secret rotation fails because of a lack of permission to call the rotation lambda.
    @iress-ac
    iress-ac committed Oct 14, 2022
    Configuration menu
    Copy the full SHA
    3946160 View commit details
    Browse the repository at this point in the history

Commits on Oct 17, 2022

  1. Ensure permissions are deployed before the secret rotation is applied

    @patrickherrera
    patrickherrera committed Oct 17, 2022
    Configuration menu
    Copy the full SHA
    5c9c396 View commit details
    Browse the repository at this point in the history

  2. Merge pull request #29 from Tar-Elendil/provider_constraint_update 

    remove max version constraint on provider
    @patrickherrera
    patrickherrera committed Oct 17, 2022
    Configuration menu
    Copy the full SHA
    699dcf8 View commit details
    Browse the repository at this point in the history

Commits on Nov 7, 2022

  1. fix: Migrate away from 'override_json' which is deprecated in AWS Pro… 

    …vider V4

- NOTE: 'override_policy_documents' is available since 3.28.0
    @patrickherrera
    patrickherrera committed Nov 7, 2022
    Configuration menu
    Copy the full SHA
    0fb3237 View commit details
    Browse the repository at this point in the history

Commits on Nov 9, 2022

  1. implement logout

    @iress-ac
    iress-ac committed Nov 9, 2022
    Configuration menu
    Copy the full SHA
    c6c30b5 View commit details
    Browse the repository at this point in the history

Commits on Nov 10, 2022

  1. add logout path to generic config

    @iress-ac
    iress-ac committed Nov 10, 2022
    Configuration menu
    Copy the full SHA
    51ee344 View commit details
    Browse the repository at this point in the history

  2. add logout path variable

    @iress-ac
    iress-ac committed Nov 10, 2022
    Configuration menu
    Copy the full SHA
    21b2496 View commit details
    Browse the repository at this point in the history

Commits on Nov 11, 2022

  1. change logout to redirect to auth provider

    @iress-ac
    iress-ac committed Nov 11, 2022
    Configuration menu
    Copy the full SHA
    cd16605 View commit details
    Browse the repository at this point in the history

  2. fix redirect path

    @iress-ac
    iress-ac committed Nov 11, 2022
    Configuration menu
    Copy the full SHA
    9ca91fb View commit details
    Browse the repository at this point in the history

Commits on Nov 14, 2022

  1. Merge pull request #36 from iress-ac/add-logout-route 

    implement logout
    @iress-ac
    iress-ac committed Nov 14, 2022
    Configuration menu
    Copy the full SHA
    505eebe View commit details
    Browse the repository at this point in the history

Commits on Nov 15, 2022

  1. Correct default logout path

    @iress-ac
    iress-ac committed Nov 15, 2022
    Configuration menu
    Copy the full SHA
    b1af407 View commit details
    Browse the repository at this point in the history

  2. Merge pull request #37 from iress/default-logout-path 

    Correct default logout path
    @iress-ac
    iress-ac committed Nov 15, 2022
    Configuration menu
    Copy the full SHA
    095c614 View commit details
    Browse the repository at this point in the history

Commits on Jul 12, 2023

  1. Merge pull request #32 from iress/deprecation_fix 

    fix: Migrate away from 'override_json' which is deprecated in AWS Pro…
    @anevis
    anevis committed Jul 12, 2023
    Configuration menu
    Copy the full SHA
    f4c0e44 View commit details
    Browse the repository at this point in the history

Commits on Sep 22, 2023

  1. fix: uri encode template replacement to ovoid XSS

    @SiCoe
    SiCoe committed Sep 22, 2023
    Configuration menu
    Copy the full SHA
    8455c15 View commit details
    Browse the repository at this point in the history

  2. NONCE and CV cookies as secure for pkce

    @SiCoe
    SiCoe committed Sep 22, 2023
    Configuration menu
    Copy the full SHA
    d9e32aa View commit details
    Browse the repository at this point in the history

Commits on Sep 25, 2023

  1. all cookies sameSite as Strict for pkce

    @SiCoe
    SiCoe committed Sep 25, 2023
    Configuration menu
    Copy the full SHA
    6fc36a2 View commit details
    Browse the repository at this point in the history

  2. HTML instead of URI encoding for unauthorized body

    @SiCoe
    SiCoe committed Sep 25, 2023
    Configuration menu
    Copy the full SHA
    c5fc6c4 View commit details
    Browse the repository at this point in the history

  3. include nodejs18.x in build targets

    @SiCoe
    SiCoe committed Sep 25, 2023
    Configuration menu
    Copy the full SHA
    801f50d View commit details
    Browse the repository at this point in the history

  4. reference version 4 in docs and examples

    @SiCoe
    SiCoe committed Sep 25, 2023
    Configuration menu
    Copy the full SHA
    7d0c091 View commit details
    Browse the repository at this point in the history

Commits on Sep 26, 2023

  1. Merge pull request #41 from iress/node-18 

    include nodejs18.x in build targets
    @SiCoe
    SiCoe committed Sep 26, 2023
    Configuration menu
    Copy the full SHA
    35b12be View commit details
    Browse the repository at this point in the history

  2. Merge pull request #39 from iress/DP-481 

    Configure NONCE and CV cookies as `secure` for pkce
    @SiCoe
    SiCoe committed Sep 26, 2023
    Configuration menu
    Copy the full SHA
    bf49023 View commit details
    Browse the repository at this point in the history

  3. Merge branch 'v4' into DP-479

    @SiCoe
    SiCoe committed Sep 26, 2023
    Configuration menu
    Copy the full SHA
    d1a2225 View commit details
    Browse the repository at this point in the history

  4. Merge pull request #40 from iress/DP-479 

    All cookies sameSite as `Strict` for pkce
    @SiCoe
    SiCoe committed Sep 26, 2023
    Configuration menu
    Copy the full SHA
    fee9836 View commit details
    Browse the repository at this point in the history

  5. use sameSite: strict and secure for openid

    @SiCoe
    SiCoe committed Sep 26, 2023
    Configuration menu
    Copy the full SHA
    ac267da View commit details
    Browse the repository at this point in the history

  6. use sameSite: strict and secure for github

    @SiCoe
    SiCoe committed Sep 26, 2023
    Configuration menu
    Copy the full SHA
    360ada9 View commit details
    Browse the repository at this point in the history

  7. Merge pull request #42 from iress/openid-secure-samesite 

    Set cookies as `secure` and `samesite: strict`in open github and openid
    @SiCoe
    SiCoe committed Sep 26, 2023
    Configuration menu
    Copy the full SHA
    c84be23 View commit details
    Browse the repository at this point in the history

  8. include node 14 in "engines" of package 

    allows tooling to identify engine version
    @SiCoe
    SiCoe committed Sep 26, 2023
    Configuration menu
    Copy the full SHA
    888a212 View commit details
    Browse the repository at this point in the history

Commits on Sep 27, 2023

  1. correct footers to correct repository url

    @SiCoe
    SiCoe committed Sep 27, 2023
    Configuration menu
    Copy the full SHA
    abc09fa View commit details
    Browse the repository at this point in the history

  2. include Content-Type header in responses

    @SiCoe
    SiCoe committed Sep 27, 2023
    Configuration menu
    Copy the full SHA
    d34734d View commit details
    Browse the repository at this point in the history

  3. Merge pull request #44 from iress/content-type 

    include Content-Type header in responses
    @SiCoe
    SiCoe committed Sep 27, 2023
    Configuration menu
    Copy the full SHA
    60915a5 View commit details
    Browse the repository at this point in the history

  4. Merge branch 'v4' into footer

    @SiCoe
    SiCoe committed Sep 27, 2023
    Configuration menu
    Copy the full SHA
    d46dbbe View commit details
    Browse the repository at this point in the history

  5. Merge pull request #43 from iress/footer 

    Correct footers to correct repository url
    @SiCoe
    SiCoe committed Sep 27, 2023
    Configuration menu
    Copy the full SHA
    0d6d923 View commit details
    Browse the repository at this point in the history

Commits on Oct 2, 2023

  1. replace dependancy 'entities' with 'html-entities' 

    This is due to licensing consern. 'html-entities' is distributed with the MIT license .
    @SiCoe
    SiCoe committed Oct 2, 2023
    Configuration menu
    Copy the full SHA
    185bfdb View commit details
    Browse the repository at this point in the history

  2. Merge pull request #38 from iress/DP-803 

    URI encode template replacement to avoid XSS
    @SiCoe
    SiCoe committed Oct 2, 2023
    Configuration menu
    Copy the full SHA
    1d9f87a View commit details
    Browse the repository at this point in the history

  3. update npm dependancies to remove vulnerabilities 

    all `npm audit` vulnerability severities removed by updating referenced versions

note: some are breaking change updates
    @SiCoe
    SiCoe committed Oct 2, 2023
    Configuration menu
    Copy the full SHA
    4454871 View commit details
    Browse the repository at this point in the history

  4. Merge pull request #45 from iress/v4 

    Version 4: Resolution of security (pen test) findings, dependancy vulnerabilities and other small updates
    @SiCoe
    SiCoe committed Oct 2, 2023
    Configuration menu
    Copy the full SHA
    183bf6b View commit details
    Browse the repository at this point in the history

  5. default runtime to nodejs16.x 

    Whilst the app runs on nodejs18.x, the AWS SKD supplied is version 3.x and this app references version 2.x. A lambda layer can be supplied for this to work.
nodejs16.x comes bundled with v2.x of the AWS SDK, so no futher intervention is required.
    @SiCoe
    SiCoe committed Oct 2, 2023
    Configuration menu
    Copy the full SHA
    483f7e1 View commit details
    Browse the repository at this point in the history

  6. Merge pull request #46 from iress/fix-aws-sdk 

    default runtime to nodejs16.x
    @SiCoe
    SiCoe committed Oct 2, 2023
    Configuration menu
    Copy the full SHA
    59cdf41 View commit details
    Browse the repository at this point in the history

Commits on Oct 3, 2023

  1. set SameSite cookie attribute to lax for CV and NONCE 

    This enables authentication that isn't embeded into the same site.
e.g. changing host to Okta to log in, then back to site once authenticated.
    @SiCoe
    SiCoe committed Oct 3, 2023
    Configuration menu
    Copy the full SHA
    5824dc9 View commit details
    Browse the repository at this point in the history

  2. Merge pull request #47 from iress/SameSite-lax 

    Set SameSite cookie attribute to Lax for CV and NONCE
    @SiCoe
    SiCoe committed Oct 3, 2023
    Configuration menu
    Copy the full SHA
    f051484 View commit details
    Browse the repository at this point in the history

  3. fix: stop redirect loop caused by TOKEN cookie not sent

    @SiCoe
    SiCoe committed Oct 3, 2023
    Configuration menu
    Copy the full SHA
    03efeef View commit details
    Browse the repository at this point in the history

  4. Merge pull request #48 from iress/fix-same-site 

    fix: stop redirect loop caused by TOKEN cookie not sent
    @SiCoe
    SiCoe committed Oct 3, 2023
    Configuration menu
    Copy the full SHA
    bdd68f0 View commit details
    Browse the repository at this point in the history