Giter Site home page Giter Site logo

netlify-okta-auth's Introduction

netlify-okta-auth

This package allows you to use Okta as your identity provider for use with Netlify's Role-based access control with JWT.

Who is this for?

You have a static website, hosted on Netlify that doesn't have an identity backend, and you want to use Okta as the identity provider to gate access to all (or some) of the static resources hosted on the Netlify site.

Other options

If Okta or Netlify aren't requirements for you, then this is probably not the package for you. This package was built for the (admittedly narrow) use case for using specifically Netlify and Okta together.

What does this do?

This package handles marshalling the different types of JWT tokens that are used by Netlify and Okta. Netlify uses one flavor, and Okta another. You can learn more in our architecture doc.

When properly installed, you can require an end-user to authenticate using your Okta identity provider before they can access any of your content.

What value should I expect from this?

  1. Reduced complexity. You don't need to maintain your own Netlify functions to integrate with Okta.
  2. Helpful docs. This tool was originally built for an internal docs site by folks who love great technical docs.
  3. Netlify preview site support. In addition to the primary site, this package provides security for Netlify's preview deployment sites.
  4. Production tested. This package is used actively at Twilio for protecting internal documentation sites.

Installation and getting started

Read our installation guide »

Documentation

Code of conduct

Before contributing issues, pull requests, comments, etc., please refer to our code of conduct.

Contributing

Contributions are welcome. Be sure to read our code of conduct before opening a pull request.

License

MIT Copyright 2022 Twilio Inc.

netlify-okta-auth's People

Contributors

dprothero avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar

netlify-okta-auth's Issues

Login stuck on loop

I have configured everything like it is in the production file. When I try to login I get stuck on an infinite loop.

GET call to https://my-website.dev/
200

GET call to the OIDC Okta embed link -
https://my-okta.okta.com/home/oidc_client/0o112222dummy
302 Found

GET call to oidc_client_link - https://my-okta.okta.com/app/oidc_client/0oa12dummy7/oidc_client_link
200

POST call to auth - https://my-website.dev/.netlify/functions/auth
302
cookie is set w JWT nf_jwt

and then it starts all over again with calling my website

Could you help debug please? @dprothero

Security issue in dependency `jsonwebtoken`

Security thrown warning when installing.

# npm audit report

jsonwebtoken  <=8.5.1
Severity: high
jsonwebtoken vulnerable to signature validation bypass due to insecure default algorithm in jwt.verify() - https://github.com/advisories/GHSA-qwph-4952-7xr6
jsonwebtoken unrestricted key type could lead to legacy keys usage  - https://github.com/advisories/GHSA-8cf7-32gw-wr33
jsonwebtoken's insecure implementation of key retrieval function could lead to Forgeable Public/Private Tokens from RSA to HMAC - https://github.com/advisories/GHSA-hjrf-2m68-5959
No fix available
node_modules/jsonwebtoken
  node-jsonwebtoken  *
  Depends on vulnerable versions of jsonwebtoken
  node_modules/node-jsonwebtoken
    @twilio-labs/netlify-okta-auth  *
    Depends on vulnerable versions of node-jsonwebtoken
    node_modules/@twilio-labs/netlify-okta-auth

Temporary fix by adding this to package.json

"overrides": {
    "@twilio-labs/netlify-okta-auth": {
        "node-jsonwebtoken": {
            "jsonwebtoken": "^9.0.0"
        }
    }
}

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.