Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add VA Okta Integration #368

Merged
merged 10 commits into from
Feb 7, 2024
Merged

Add VA Okta Integration #368

Show file tree
Hide file tree
Changes from 7 commits
Commits
Show all changes
10 commits
Select commit Hold shift + click to select a range
0fa25e0
Add Okta VA Integration
vibhanshub Jan 21, 2024
2bcbb5d
Update package name
vibhanshub Jan 21, 2024
8717631
Add logo and update summary
vibhanshub Jan 22, 2024
1a65967
Make requested changes
vibhanshub Jan 24, 2024
ead9b3d
Merge remote-tracking branch 'origin' into okta-va-integration
vibhanshub Jan 24, 2024
115ae78
Add package lock
vibhanshub Jan 24, 2024
08aa3b2
Update lint script
vibhanshub Jan 24, 2024
d2cce62
Use latest assets and update manifest
vibhanshub Jan 30, 2024
f687a5c
Use URL package
vibhanshub Feb 7, 2024
6ea521a
Merge main
vibhanshub Feb 7, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 3 additions & 0 deletions integrations/va-okta/.eslintrc.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
{
"extends": ["@gitbook/eslint-config/integration"]
}
Binary file added integrations/va-okta/assets/icon.png
View file
Open in desktop
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
27 changes: 27 additions & 0 deletions integrations/va-okta/gitbook-manifest.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,27 @@
name: VA-Okta
title: VA Okta
icon: ./assets/icon.png
description: Visitor Authentication with Okta
visibility: public #unlisted
script: ./src/index.tsx
scopes:
- space:metadata:read
- space:visitor:auth
- space:content:read
organization: w45sBUBc1JWE1ktYkQfI #d8f63b60-89ae-11e7-8574-5927d48c4877
summary: |
# Overview
Visitor Authentication allows you to publish content behind an authentication wall, so your content is only accessible to people you choose.

This integration lets you control access to your published content as determined by Okta.

# Configure
Install this integration on a space and then populate the configuration screen with the details of your Okta application and Okta instance.
You can then open the Share menu, publish the space with Visitor Authentication, choose this integration as the authentication backend, and hit Save.

Your space is now published with Visitor Authentication using Okta.
categories:
- other
configurations:
space:
componentId: config
20 changes: 20 additions & 0 deletions integrations/va-okta/package.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
{
"name": "@gitbook/integration-va-okta",
"version": "0.0.1",
"private": true,
"dependencies": {
"@gitbook/api": "*",
"@gitbook/runtime": "*",
"itty-router": "^4.0.14",
"@tsndr/cloudflare-worker-jwt": "2.3.2"
},
"devDependencies": {
"@gitbook/cli": "*"
},
"scripts": {
"lint": "eslint ./**/*.ts*",
"typecheck": "tsc --noEmit",
"publish-integrations-staging": "gitbook publish .",
"publish-integrations": "gitbook publish ."
}
}
284 changes: 284 additions & 0 deletions integrations/va-okta/src/index.tsx
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,284 @@
import { sign } from '@tsndr/cloudflare-worker-jwt';
import { Router } from 'itty-router';

import { IntegrationInstallationConfiguration } from '@gitbook/api';
import {
createIntegration,
FetchEventCallback,
Logger,
RuntimeContext,
RuntimeEnvironment,
createComponent,
} from '@gitbook/runtime';

const logger = Logger('okta.visitor-auth');

type OktaRuntimeEnvironment = RuntimeEnvironment<{}, OktaSpaceInstallationConfiguration>;

type OktaRuntimeContext = RuntimeContext<OktaRuntimeEnvironment>;

type OktaSpaceInstallationConfiguration = {
client_id?: string;
okta_domain?: string;
client_secret?: string;
};

type OktaState = OktaSpaceInstallationConfiguration;

type OktaProps = {
installation: {
configuration?: IntegrationInstallationConfiguration;
};
spaceInstallation: {
configuration?: OktaSpaceInstallationConfiguration;
};
};

export type OktaAction = { action: 'save.config' };

const configBlock = createComponent<OktaProps, OktaState, OktaAction, OktaRuntimeContext>({
componentId: 'config',
initialState: (props) => {
return {
client_id: props.spaceInstallation.configuration?.client_id?.toString() || '',
okta_domain: props.spaceInstallation.configuration?.okta_domain?.toString() || '',
client_secret: props.spaceInstallation.configuration?.client_secret?.toString() || '',
};
},
action: async (element, action, context) => {
switch (action.action) {
case 'save.config':
const { api, environment } = context;
const spaceInstallation = environment.spaceInstallation;

const configurationBody = {
...spaceInstallation.configuration,
client_id: element.state.client_id,
client_secret: element.state.client_secret,
okta_domain: element.state.okta_domain,
};
await api.integrations.updateIntegrationSpaceInstallation(
spaceInstallation.integration,
spaceInstallation.installation,
spaceInstallation.space,
{
configuration: {
...configurationBody,
},
}
);
return element;
}
},
render: async (element, context) => {
const VACallbackURL = `${context.environment.spaceInstallation?.urls?.publicEndpoint}/visitor-auth/response`;
return (
<block>
<input
label="Client ID"
hint={
<text>
The Client ID of your Okta application.
<link
target={{
url: 'https://developer.okta.com/docs/guides/find-your-app-credentials/main/#find-your-app-integration-credentials',
}}
>
{' '}
More Details
</link>
</text>
}
element={<textinput state="client_id" placeholder="Client ID" />}
/>

<input
label="Okta Domain"
hint={
<text>
The Domain of your Okta instance.
<link
target={{
url: 'https://developer.okta.com/docs/guides/find-your-domain/main/',
}}
>
{' '}
More Details
</link>
</text>
}
element={<textinput state="okta_domain" placeholder="Okta Domain" />}
/>

<input
label="Client Secret"
hint={
<text>
The Client Secret of your Okta application.
<link
target={{
url: 'https://developer.okta.com/docs/guides/find-your-app-credentials/main/#find-your-app-integration-credentials',
}}
>
{' '}
More Details
</link>
</text>
}
element={<textinput state="client_secret" placeholder="Client Secret" />}
/>

<input
label=""
hint=""
element={
<button
style="primary"
disabled={false}
label="Save"
tooltip="Save configuration"
onPress={{
action: 'save.config',
}}
/>
}
/>
<divider size="medium" />
<text>The following URL needs to be saved as a Sign-In Redirect URI in Okta:</text>
<codeblock content={VACallbackURL} />
</block>
);
},
});

const handleFetchEvent: FetchEventCallback<OktaRuntimeContext> = async (request, context) => {
const { environment } = context;
const installationURL = environment.spaceInstallation?.urls?.publicEndpoint;
if (installationURL) {
const router = Router({
base: new URL(installationURL).pathname,
});

router.get('/visitor-auth/response', async (request) => {
if (context.environment.spaceInstallation?.space) {
const space = await context.api.spaces.getSpaceById(
context.environment.spaceInstallation?.space
);
const spaceData = space.data;
const privateKey = context.environment.signingSecrets.spaceInstallation;
let token;
try {
token = await sign(
{ exp: Math.floor(Date.now() / 1000) + 1 * (60 * 60) },
privateKey
);
} catch (e) {
return new Response('Error: Could not sign JWT token', {
status: 500,
});
}

const oktaDomain = environment.spaceInstallation?.configuration.okta_domain;
const clientId = environment.spaceInstallation?.configuration.client_id;
const clientSecret = environment.spaceInstallation?.configuration.client_secret;

if (clientId && clientSecret) {
const searchParams = new URLSearchParams({
grant_type: 'authorization_code',
client_id: clientId,
client_secret: clientSecret,
code: `${request.query.code}`,
scope: 'openid',
redirect_uri: `${installationURL}/visitor-auth/response`,
});
const url = `https://${oktaDomain}/oauth2/default/v1/token/`;
const resp: any = await fetch(url, {
method: 'POST',
headers: { 'content-type': 'application/x-www-form-urlencoded' },
body: searchParams,
})
.then((response) => response.json())
.catch((err) => {
return new Response('Error: Could not fetch access token from Okta', {
status: 401,
});
});
if ('access_token' in resp) {
let url;
const state = request.query.state.toString();
const location = state.substring(state.indexOf('-') + 1);
if (location) {
url = `${spaceData.urls?.published}${location}/?jwt_token=${token}`;
} else {
url = `${spaceData.urls?.published}/?jwt_token=${token}`;
}
if (token && spaceData.urls?.published) {
return Response.redirect(url);
} else {
return new Response(
"Error: Either JWT token or space's published URL is missing",
{
status: 500,
}
);
}
} else {
return new Response('Error: No Access Token found in response from Okta', {
status: 401,
});
}
} else {
return new Response('Error: Either ClientId or Client Secret is missing', {
status: 400,
});
}
}
});

let response;
try {
response = await router.handle(request, context);
} catch (error: any) {
logger.error('error handling request', error);
return new Response(error.message, {
status: error.status || 500,
});
}

if (!response) {
return new Response(`No route matching ${request.method} ${request.url}`, {
status: 404,
});
}

return response;
}
};

export default createIntegration({
fetch: handleFetchEvent,
components: [configBlock],
fetch_visitor_authentication: async (event, context) => {
const { environment } = context;
const installationURL = environment.spaceInstallation?.urls?.publicEndpoint;
const oktaDomain = environment.spaceInstallation?.configuration.okta_domain;
const clientId = environment.spaceInstallation?.configuration.client_id;
const location = event.location ? event.location : '';

const url = new URL(`https://${oktaDomain}/oauth2/default/v1/authorize`);
url.searchParams.append('client_id', clientId);
url.searchParams.append('response_type', 'code');
url.searchParams.append('redirect_uri', `${installationURL}/visitor-auth/response`);
url.searchParams.append('response_mode', 'query');
url.searchParams.append('scope', 'openid');
url.searchParams.append('state', `state-${location}`);

try {
return Response.redirect(url.toString());
} catch (e) {
return new Response(e.message, {
status: e.status || 500,
});
}
},
});
3 changes: 3 additions & 0 deletions integrations/va-okta/tsconfig.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
{
"extends": "@gitbook/tsconfig/integration.json"
}
Loading