feat(oidc-server): implement mock OIDC provider #2687
Draft
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
The latest updates on your projects. Learn more about Vercel for Git ↗︎
|
rossnelson
changed the title
- Added a new Vite plugin `vite-plugin-oidc-server` to manage the lifecycle of the OIDC server during development. - Replaced the old OIDC server implementation with a modularized version under `utilities/oidc-server`. - Updated `vite.config.ts` to include the new OIDC server plugin. - Enhanced `vite-plugin-temporal-server` and `vite-plugin-ui-server` to support the `with-auth` mode. - Added new dependencies: `desm`, `helmet`, `lodash`, and `nanoid`. - Removed deprecated OIDC server scripts and tests. - Updated `development.yaml` to use the new OIDC server configuration.
- Introduced `getConfig` function for dynamic OIDC server configuration. - Added `ValidEnv` type and updated `createUIServer` to support `with-auth`. - Updated `development.yaml` and added `with-auth.yaml` for auth configs. - Removed redundant URL validation in `auth.go`. - Added `ejs` dependency and updated `pnpm-lock.yaml`. - Refactored OIDC server initialization and removed unused code. - Introduced `start-oidc-server.ts` script for standalone OIDC server. These changes improve modularity, simplify configuration, and enhance auth-related functionality.
rossnelson
commented
Apr 25, 2025
| } | ||
| // if u.Host != "" && u.Host != c.Request().Host { | ||
| // return "", fmt.Errorf("invalid returnUrl: does not match expected host %s", c.Request().Host) | ||
| // } |
There was a problem hiding this comment.
This is probably a controversial change. But we need to be able to redirect from port 3000 (UI) -> 8081 (ui-server) -> 8889 (oidc-server) -> 3000 (UI).
It's probably best to wrap this in a config option and allow this to be bypassed rather than simply remove it.
- Refactored OIDC server plugin to use a centralized `log` function with colored output for better readability. - Updated UI server plugin to display Temporal UI server port logs. - Enhanced OIDC server views with Tailwind CSS and Google Fonts for modern styling. - Improved interaction and login views with responsive and accessible design. - Removed unnecessary `form-action` directive in OIDC server's CSP configuration to allow form submissions. - Made `ui-server` process quiet during startup for cleaner logs.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description & motivation 💭
Currently, developers working on temporal/ui cannot test the SSO flow locally
without connecting to an external identity provider. This limits the ability to
iterate quickly on authentication-related UI features and introduces unnecessary
friction in development and QA.
Screenshots (if applicable) 📸
TBD
Design Considerations 🎨
TBD
Testing 🧪
TBD
How was this tested 👻
Steps for others to test: 🚶🏽♂️🚶🏽♀️
TBD
Checklists
Draft Checklist
Merge Checklist
Issue(s) closed
Docs
Any docs updates needed?