Skip to content

Commit 0397622

Browse files
committed
feat: add oidc provider
Signed-off-by: Rafael Silva (rafaelsi) <rafaelsi@cisco.com>
1 parent f70f186 commit 0397622

35 files changed

Lines changed: 1439 additions & 622 deletions

.github/workflows/reusable-test.yml

Lines changed: 0 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -18,8 +18,6 @@ jobs:
1818
- name: checkout
1919
uses: actions/checkout@v5.0.0
2020
- name: test
21-
env:
22-
NPM_TOKEN: ${{ secrets.GITHUB_TOKEN }}
2321
run: |
2422
echo "Running all tests..."
2523
./deployments/test/unit-test.sh

charts/identity-service-ui/values.yaml

Lines changed: 8 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -50,7 +50,14 @@ configmap:
5050
VITE_IAM_UI: ""
5151
VITE_IAM_API: ""
5252
VITE_IAM_OIDC_ISSUER: ""
53-
VITE_IAM_MULTI_TENANT: ""
53+
54+
# Secondary OIDC provider defaults
55+
VITE_OIDC_UI: ""
56+
VITE_OIDC_CLIENT_ID: ""
57+
VITE_OIDC_ISSUER: ""
58+
59+
# Multi-tenant and authentication mode
60+
VITE_MULTI_TENANT: ""
5461

5562
VITE_SEGMENT_ID: ""
5663
VITE_MAZE_ID: ""

deployments/docker-compose/frontend/docker-compose.yml

Lines changed: 0 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -9,8 +9,6 @@ services:
99
build:
1010
context: ../../../
1111
dockerfile: deployments/docker/frontend/Dockerfile
12-
args:
13-
- NPM_TOKEN=${NPM_TOKEN}
1412
restart: always
1513
ports:
1614
- ${VITE_APP_CLIENT_PORT}:${VITE_APP_CLIENT_PORT}

deployments/docker/frontend/Dockerfile

Lines changed: 1 addition & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -3,11 +3,6 @@
33

44
FROM node:22-alpine AS build
55

6-
# set NPM_TOKEN as an ENV var
7-
ARG NPM_TOKEN
8-
9-
ENV NPM_TOKEN=${NPM_TOKEN}
10-
116
# Install packages
127
RUN apk add --update \
138
libpng-dev \
@@ -22,8 +17,6 @@ WORKDIR /home/web
2217
# Copy src
2318
COPY ./frontend .
2419

25-
RUN touch .env && echo "NPM_TOKEN=${NPM_TOKEN}" >> .env
26-
2720
# Install libs
2821
RUN yarn install
2922
RUN yarn build
@@ -54,7 +47,7 @@ RUN mkdir ./nginx/logs && \
5447
RUN sed -i 's/<script id="vite-plugin-pwa:inline-sw">/<script id="vite-plugin-pwa:inline-sw" nonce="c28133ca-0587-459b-9d44-7015cde0ef83">/g' ./dist/index.html
5548

5649
# Add SSI vars
57-
RUN sed -i 's/<head>/<head>\<script nonce="111dd4a0-4c4e-43a9-8eb4-6446ad2e10c7" language="javascript"\>window.apiUrl=`\<!--#echo var="apiUrl"--\>`;window.logLevel=`\<!--#echo var="logLevel"--\>`;window.segmentId=`\<!--#echo var="segmentId"--\>`;window.iamProductId=`\<!--#echo var="iamProductId"--\>`;window.iamUi=`\<!--#echo var="iamUi"--\>`;window.iamApi=`\<!--#echo var="iamApi"--\>`;window.iamOidcClientId=`\<!--#echo var="iamOidcClientId"--\>`;window.iamOidcIssuer=`\<!--#echo var="iamOidcIssuer"--\>`;window.docsUrl=`\<!--#echo var="docsUrl"--\>`;window.mazeId=`\<!--#echo var="mazeId"--\>`;window.iamMultiTenant=`\<!--#echo var="iamMultiTenant"--\>`;window.appBaseName=`\<!--#echo var="appBaseName"--\>`;<\/script>/g' ./dist/index.html
50+
RUN sed -i 's/<head>/<head>\<script nonce="111dd4a0-4c4e-43a9-8eb4-6446ad2e10c7" language="javascript"\>window.apiUrl=`\<!--#echo var="apiUrl"--\>`;window.logLevel=`\<!--#echo var="logLevel"--\>`;window.segmentId=`\<!--#echo var="segmentId"--\>`;window.iamProductId=`\<!--#echo var="iamProductId"--\>`;window.iamUi=`\<!--#echo var="iamUi"--\>`;window.iamApi=`\<!--#echo var="iamApi"--\>`;window.iamOidcClientId=`\<!--#echo var="iamOidcClientId"--\>`;window.iamOidcIssuer=`\<!--#echo var="iamOidcIssuer"--\>`;window.oidcUi=`\<!--#echo var="oidcUi"--\>`;window.oidcClientId=`\<!--#echo var="oidcClientId"--\>`;window.oidcIssuer=`\<!--#echo var="oidcIssuer"--\>`;window.docsUrl=`\<!--#echo var="docsUrl"--\>`;window.mazeId=`\<!--#echo var="mazeId"--\>`;window.multiTenant=`\<!--#echo var="multiTenant"--\>`;window.appBaseName=`\<!--#echo var="appBaseName"--\>`;<\/script>/g' ./dist/index.html
5851

5952
# Set non root user
6053
USER web

deployments/docker/frontend/Dockerfile.test

Lines changed: 0 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -3,11 +3,6 @@
33

44
FROM node:22-alpine AS build
55

6-
# set NPM_TOKEN as an ENV var
7-
ARG NPM_TOKEN
8-
9-
ENV NPM_TOKEN=${NPM_TOKEN}
10-
116
# Install packages
127
RUN apk add --update \
138
libpng-dev \
@@ -22,7 +17,5 @@ WORKDIR /home/web
2217
# Copy src
2318
COPY ./frontend .
2419

25-
RUN touch .env && echo "NPM_TOKEN=${NPM_TOKEN}" >> .env
26-
2720
# Install libs
2821
RUN yarn install

deployments/docker/frontend/nginx/entrypoint.sh

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -3,5 +3,5 @@
33
# SPDX-License-Identifier: Apache-2.0
44

55

6-
envsubst '$VITE_APP_CLIENT_PORT $VITE_API_URL $VITE_APP_LOG_LEVEL $VITE_SEGMENT_ID $VITE_NODE_ENV $VITE_IAM_PRODUCT_ID $VITE_IAM_UI $VITE_IAM_API $VITE_IAM_OIDC_CLIENT_ID $VITE_IAM_OIDC_ISSUER $VITE_IAM_MULTI_TENANT $VITE_DOCS_URL $VITE_MAZE_ID $VITE_APP_BASE_NAME' < /home/web/nginx/nginx.env.conf > /home/web/nginx/nginx.conf
6+
envsubst '$VITE_APP_CLIENT_PORT $VITE_API_URL $VITE_APP_LOG_LEVEL $VITE_SEGMENT_ID $VITE_NODE_ENV $VITE_IAM_PRODUCT_ID $VITE_IAM_UI $VITE_IAM_API $VITE_IAM_OIDC_CLIENT_ID $VITE_IAM_OIDC_ISSUER $VITE_OIDC_UI $VITE_OIDC_CLIENT_ID $VITE_OIDC_ISSUER $VITE_MULTI_TENANT $VITE_DOCS_URL $VITE_MAZE_ID $VITE_APP_BASE_NAME' < /home/web/nginx/nginx.env.conf > /home/web/nginx/nginx.conf
77
exec "$@"

deployments/docker/frontend/nginx/nginx.conf

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -110,7 +110,10 @@ http {
110110
set $iamApi "${VITE_IAM_API}";
111111
set $iamOidcClientId "${VITE_IAM_OIDC_CLIENT_ID}";
112112
set $iamOidcIssuer "${VITE_IAM_OIDC_ISSUER}";
113-
set $iamMultiTenant "${VITE_IAM_MULTI_TENANT}";
113+
set $oidcUi "${VITE_OIDC_UI}";
114+
set $oidcClientId "${VITE_OIDC_CLIENT_ID}";
115+
set $oidcIssuer "${VITE_OIDC_ISSUER}";
116+
set $multiTenant "${VITE_MULTI_TENANT}";
114117
set $docsUrl "${VITE_DOCS_URL}";
115118
set $mazeId "${VITE_MAZE_ID}";
116119
set $appBaseName "${VITE_APP_BASE_NAME}";

deployments/test/unit-test.sh

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -6,7 +6,7 @@ DOCKER_FILE=./deployments/docker/frontend/Dockerfile.test
66
TEST_COMMAND='yarn run test:coverage'
77

88
echo RUNNING FRONTEND TESTS
9-
docker run "$(docker build --no-cache --build-arg NPM_TOKEN=${NPM_TOKEN} -f ${DOCKER_FILE} -q .)" $TEST_COMMAND
9+
docker run "$(docker build --no-cache --build-arg -f ${DOCKER_FILE} -q .)" $TEST_COMMAND
1010

1111
DOCKER_FILE=./deployments/docker/backend/Dockerfile.test
1212
TEST_COMMAND='go test -cover -v ./...'

frontend/.env.sample

Lines changed: 120 additions & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -1,25 +1,131 @@
1-
########################
2-
# APP CONF
3-
########################
4-
VITE_NODE_ENV=
5-
VITE_API_URL=
1+
# =============================================================================
2+
# Agent Identity Service Frontend - Environment Configuration
3+
# =============================================================================
4+
# This file contains all environment variables needed to configure the
5+
# Agent Identity Service frontend application. Copy this file to .env
6+
# and update the values according to your deployment environment.
7+
#
8+
# Usage: cp .env.sample .env
9+
#
10+
# Note: All variables prefixed with VITE_ are exposed to the client-side code.
11+
# Never include sensitive information in VITE_ variables.
12+
# =============================================================================
13+
14+
# =============================================================================
15+
# APPLICATION CONFIGURATION
16+
# =============================================================================
17+
18+
# Environment mode for the application
19+
# Values: development, staging, production
20+
# Default: development
21+
VITE_NODE_ENV=development
22+
23+
# Backend API base URL
24+
# The complete URL where your identity service backend is hosted
25+
# Example: https://api.identity-service.example.com
26+
# Required for API communication
27+
VITE_API_URL=http://localhost:8080
28+
29+
# Frontend application port
30+
# Port number where the Vite dev server will run
31+
# Default: 5500
632
VITE_APP_CLIENT_PORT=5500
7-
VITE_APP_LOG_LEVEL=
33+
34+
# Application logging level
35+
# Controls the verbosity of client-side logging
36+
# Values: error, warn, info, debug, trace
37+
# Default: info
38+
VITE_APP_LOG_LEVEL=info
39+
40+
# Documentation URL
41+
# URL pointing to the application documentation
42+
# Example: https://docs.identity-service.example.com
843
VITE_DOCS_URL=
9-
VITE_APP_BASE_NAME=
10-
VITE_IAM_MULTI_TENANT=
1144

12-
########################
13-
# IAM AUTH
14-
########################
45+
# Application base path
46+
# Base path for React Router (useful for subdirectory deployments)
47+
# Default: / (root path)
48+
# Example: /identity-service (for subdirectory deployment)
49+
VITE_APP_BASE_NAME=/
50+
51+
# =============================================================================
52+
# IDENTITY AND ACCESS MANAGEMENT (IAM) CONFIGURATION
53+
# =============================================================================
54+
55+
# IAM Product Identifier
56+
# Unique identifier for this application in the IAM system
57+
# Required for proper IAM integration
1558
VITE_IAM_PRODUCT_ID=
59+
60+
# IAM User Interface URL
61+
# URL for the IAM UI service
62+
# Example: https://iam-ui.example.com
1663
VITE_IAM_UI=
64+
65+
# IAM API URL
66+
# URL for the IAM API service
67+
# Example: https://iam-api.example.com
1768
VITE_IAM_API=
69+
70+
# OIDC Client ID
71+
# OAuth 2.0/OIDC client identifier for authentication
72+
# Obtained from your OIDC provider configuration
1873
VITE_IAM_OIDC_CLIENT_ID=
74+
75+
# OIDC Issuer URL
76+
# The OAuth 2.0/OIDC issuer URL (authorization server)
77+
# Example: https://auth.example.com/realms/identity-service
1978
VITE_IAM_OIDC_ISSUER=
2079

21-
########################
22-
# ANALYTICS
23-
########################
80+
# Multi-tenant support and authentication mode
81+
# This setting controls both multi-tenant functionality and authentication provider selection:
82+
# - true: Uses IAM authentication with multi-tenant support
83+
# - false: Uses secondary OIDC provider authentication
84+
# Values: true, false
85+
# Default: true
86+
VITE_MULTI_TENANT=true
87+
88+
# =============================================================================
89+
# SECONDARY OIDC PROVIDER CONFIGURATION (Optional)
90+
# =============================================================================
91+
# These variables are for additional OIDC provider integration.
92+
# They are prefixed with VITE_ to be available on the client-side.
93+
94+
# Secondary OIDC Provider UI URL
95+
# URL for the secondary OIDC provider user interface
96+
VITE_OIDC_UI=
97+
98+
# Secondary OIDC Client ID
99+
# OAuth 2.0/OIDC client identifier for secondary authentication provider
100+
VITE_OIDC_CLIENT_ID=
101+
102+
# Secondary OIDC Issuer URL
103+
# The OAuth 2.0/OIDC issuer URL for the secondary authentication provider
104+
VITE_OIDC_ISSUER=
105+
106+
# =============================================================================
107+
# ANALYTICS AND TRACKING
108+
# =============================================================================
109+
110+
# Segment Analytics ID
111+
# Tracking ID for Segment analytics integration
112+
# Example: abc123def456
113+
# Leave empty to disable Segment tracking
24114
VITE_SEGMENT_ID=
115+
116+
# Maze Analytics ID
117+
# Tracking ID for Maze user testing and analytics
118+
# Example: xyz789uvw012
119+
# Leave empty to disable Maze tracking
25120
VITE_MAZE_ID=
121+
122+
# =============================================================================
123+
# SECURITY NOTES
124+
# =============================================================================
125+
# 1. Never commit your actual .env file to version control
126+
# 2. All VITE_ prefixed variables are exposed to the client-side
127+
# 3. Use strong, unique values for client IDs and secrets
128+
# 4. Regularly rotate authentication credentials
129+
# 5. Use HTTPS URLs in production environments
130+
# 6. Validate all environment variables in your application code
131+
# =============================================================================

frontend/README.md

Lines changed: 13 additions & 23 deletions
Original file line numberDiff line numberDiff line change
@@ -7,7 +7,7 @@ This repository contains all components of the Agent Identity Service UI - a Rea
77
- **Framework**: React 18 with TypeScript
88
- **Build Tool**: Vite
99
- **UI Libraries**:
10-
- Outshift Spark Design
10+
- Open UI Kit Core
1111
- Material-UI (MUI)
1212
- Radix UI components
1313
- Tailwind CSS
@@ -31,32 +31,18 @@ This repository contains all components of the Agent Identity Service UI - a Rea
3131
- Node.js >= 20
3232
- Yarn (configured as package manager)
3333
- NVM (Node Version Manager)
34-
- Access to GitHub Packages Registry for Spark Design library
3534

36-
## 🔐 Authentication Setup for Spark Design Library
35+
## � UI Component Library
3736

38-
**Note**: This package is hosted on GitHub Packages Registry and requires authentication.
37+
This project uses [Open UI Kit Core](https://www.npmjs.com/package/@open-ui-kit/core) - a modern, accessible component library available on npm.
3938

40-
To install this library, you'll need to authenticate with GitHub Packages using a Personal Access Token (PAT):
41-
42-
### Step 1: Create a Personal Access Token
43-
44-
1. Go to [GitHub Settings > Developer settings > Personal access tokens](https://github.com/settings/tokens)
45-
2. Create a new token with **packages:read** permission
46-
3. Copy and securely store the generated token
47-
48-
### Step 2: Configure NPM Authentication
39+
**Installation**: The Open UI Kit Core package is publicly available and will be installed automatically with the project dependencies.
4940

5041
```bash
51-
npm login --registry=https://npm.pkg.github.com --scope=@cisco-eti
42+
# Installed automatically with project dependencies
43+
yarn install
5244
```
5345

54-
When prompted, enter:
55-
56-
- **Username**: Your GitHub username
57-
- **Password**: The Personal Access Token you created above
58-
- **Email**: Your GitHub email address
59-
6046
## 🛠 Development Setup
6147

6248
### 1. Setup Node.js Version
@@ -102,6 +88,9 @@ Configure the following environment variables in your `.env` file:
10288
- `VITE_APP_LOG_LEVEL` - Logging level for the application
10389
- `VITE_DOCS_URL` - URL for application documentation
10490
- `VITE_APP_BASE_NAME` - Base name/path for the application routing
91+
- `VITE_MULTI_TENANT` - Enable multi-tenant support (true/false). This setting also determines the authentication mode:
92+
- `true` - Uses IAM authentication with multi-tenant support
93+
- `false` - Uses secondary OIDC provider authentication
10594

10695
#### IAM Authentication
10796

@@ -110,11 +99,12 @@ Configure the following environment variables in your `.env` file:
11099
- `VITE_IAM_API` - IAM API service URL
111100
- `VITE_IAM_OIDC_CLIENT_ID` - OIDC client ID for authentication
112101
- `VITE_IAM_OIDC_ISSUER` - OIDC issuer URL
113-
- `VITE_IAM_MULTI_TENANT` - Enable multi-tenant support (true/false)
114102

115-
#### GitHub NPM
103+
#### Secondary OIDC Provider
116104

117-
- `NPM_TOKEN` - Your GitHub Personal Access Token for package registry access
105+
- `VITE_OIDC_UI` - Secondary OIDC provider user interface URL
106+
- `VITE_OIDC_CLIENT_ID` - OAuth 2.0/OIDC client identifier for secondary authentication provider
107+
- `VITE_OIDC_ISSUER` - OAuth 2.0/OIDC issuer URL for secondary authentication provider
118108

119109
#### Analytics
120110

0 commit comments

Comments
 (0)