How to surcharge OidcTrustedDomain in a Docker Image

AxaFrance / oidc-client

Light, Secure, Pure Javascript OIDC (Open ID Connect) Client. We provide also a REACT wrapper (compatible NextJS, etc.).

MIT License

597 stars 160 forks source link

How to surcharge OidcTrustedDomain in a Docker Image #706

Closed ddecrulle closed 2 years ago

ddecrulle commented 2 years ago

Be able to deals with OidcTrustedDomain throught environnement variable.

First thanks for this new version, we can know support private mode and safary with a better security ! I tested on Safary and it's running very good !

Versions

4.0.0

Expected

I would like to build a Docker Image that is independent of the trusted domains. Then I want to be able to deploy the image on the environment I want and simply add environment variables to indicate the trusted domains (in a values.yaml with helm or deployment.yaml with k8s contract).

Actual

Today we need to add trusted domains in the OidcTrustedDomains.jsfile located in the public folder.

Additional Details

I know that it's possible to make something with a shell script executed at the Docker Build but in my opinion it's not so clean.

Let me know if I'm wrong and if you have any other solution !

Best, Dylan.

guillaume-chervet commented 2 years ago

Hi @ddecrulle ,

Thank you for your message, i will increse the documentation about that part. You have to own your own version of OidcTrustedDomains.js. Edit that file for your need

For exemple with create-react app, you can apply the configuration bellow. Then edit the OidcTrustedDomains.js copied in your /public folders. It will never be erased. and when your will trigger : "npm run build", your will have the good file into the "build" directory.

#package.json
{
    "scripts": {
        "copy": "copyfiles -f ./node_modules/@axa-fr/react-oidc-context/dist/OidcServiceWorker.js ./public && copyfiles -f -s ./node_modules/@axa-fr/react-oidc-context/dist/OidcTrustedDomains.js ./public",
        "start:server": "react-scripts start",
        "build:server": "npm run copy && react-scripts build",
        "prepare": "npm run copy"
    }
}

ddecrulle commented 2 years ago

Thank you for the quick response.

The documentation on this point looks good to me. I think you have misunderstood my question, I probably misspoke. I have added the configuration in the package.json

I would like to be able to add trusted domains with environment variables that will be overridden. For example add a placeholder in OidcTrustedDomains.js.

First I don't want to commit on github these variables. I want to have a local configuration (in a .env.local for example). Then I want to create a Docker image in which I can then inject variables in OidcTrustedDomains.js, for my use case the url of my api.

With this possibility, my image is portable and can be deployed on any environment and the backend url can change without having to rebuild the image.

guillaume-chervet commented 2 years ago

Thank you very much, I think I will add a docker sample. You question is a very good sample.

if I were your, I would do something like this:

// Add here trusted domains, access tokens will be send to 
const trustedDomains = { default:["#{Oidc:ServiceWorkerTrustedDomain}#"]};

Ant my docker entrypoint will run a bash : start.sh

that bash will replace #{Oidc:ServiceWorkerTrustedDomain}# using my environment variable and then rename : OidcTrustedDomains.prodution.js to OidcTrustedDomains.js then start the SinglePageApplication

guillaume-chervet commented 2 years ago

May we close that issue too?