-
Notifications
You must be signed in to change notification settings - Fork 369
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
feat: Integrate OneAuth library (#4677)
* Integrated OneAuth library for Windows * Auth updates * chore: remove orchestrator (#4602) * Added CSRF protection to getAccessToken route. * Build changes to support OneAuth * Shared types and did some renaming. * Consolidated types * Fixed naming issue on babel localization config * Separated out auth service code. * Removed TODO * Updated shim to be at the oneauth service level * Added interactive retry when failing to get token silently * Added documentation for using OneAuth locally * sign mac assets with correct entitlements add mac signing script add signing and verifying steps fix path to bundles copy provision profile into each app bundle copy the provision profile in contents directory sign each dylib and framework version fix logging string sign frameworks before bundles * Made temporary mac auth flow dev-env-only * Fixed bad import * Removed manual oneauth installation steps from AUTH.md * Linting fixes * Setup tests * Added more tests * Added test for token caching. * Added cross-platform testing for oneauth service Co-authored-by: Andy Brown <asbrown002@gmail.com> Co-authored-by: Chris Whitten <christopher.whitten@microsoft.com>
- Loading branch information
1 parent
7a9bfc5
commit 8881e98
Showing
54 changed files
with
2,162 additions
and
450 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,13 @@ | ||
// Copyright (c) Microsoft Corporation. | ||
// Licensed under the MIT License. | ||
|
||
module.exports = { | ||
presets: ['@babel/react', ['@babel/typescript', { allowNamespaces: true }]], | ||
plugins: ['@babel/plugin-proposal-class-properties'], | ||
ignore: [ | ||
'packages/electron-server', | ||
'packages/**/__tests__', | ||
'packages/**/node_modules', | ||
'packages/**/build/**/*.js', | ||
], | ||
}; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,36 @@ | ||
// Copyright (c) Microsoft Corporation. | ||
// Licensed under the MIT License. | ||
|
||
import { AuthParameters } from '@botframework-composer/types'; | ||
|
||
async function getAccessToken(options: AuthParameters): Promise<string> { | ||
try { | ||
const { clientId = '', targetResource = '', scopes = [] } = options; | ||
const { __csrf__ = '' } = window; | ||
|
||
let url = '/api/auth/getAccessToken?'; | ||
const params = new URLSearchParams(); | ||
if (clientId) { | ||
params.append('clientId', clientId); | ||
} | ||
if (scopes.length) { | ||
params.append('scopes', JSON.stringify(scopes)); | ||
} | ||
if (targetResource) { | ||
params.append('targetResource', targetResource); | ||
} | ||
url += params.toString(); | ||
|
||
const result = await fetch(url, { method: 'GET', headers: { 'X-CSRF-Token': __csrf__ } }); | ||
const { accessToken = '' } = await result.json(); | ||
return accessToken; | ||
} catch (e) { | ||
// error handling | ||
console.error('Did not receive an access token back from the server: ', e); | ||
return ''; | ||
} | ||
} | ||
|
||
export const AuthClient = { | ||
getAccessToken, | ||
}; |
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -2,3 +2,4 @@ build/ | |
dist/ | ||
locales/en-US-pseudo.json | ||
l10ntemp/ | ||
oneauth-temp |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,31 @@ | ||
# Enabling Authentication via OneAuth | ||
|
||
## Summary | ||
|
||
Authentication in Composer is done using the OneAuth native node library. | ||
|
||
This library leverages APIs within the user's OS to store and retrieve credentials in a compliant fashion, and allows Composer to get access tokens on behalf of the user once the user signs in. | ||
|
||
We disable this authentication flow by default in the development environment. To use the flow in a dev environment, please follow the steps below to leverage the OneAuth library. | ||
|
||
## Requirements | ||
|
||
**NOTE:** Authentication on Linux is not (yet) supported. We plan to support this in the future. | ||
|
||
When building Composer from source, in order to leverage the OneAuth library you will need to: | ||
|
||
- Set the `COMPOSER_ENABLE_ONEAUTH` environment variable to `true` in whatever process you use to start the `electron-server` package | ||
- Install the `oneauth-win64` or `oneauth-mac` NodeJS module either manually from the private registry, or by downloading it via script | ||
|
||
## Installing the OneAuth module | ||
|
||
Depending on your OS (Mac vs. Windows), you will need to install the `oneauth-mac` or `oneauth-win64` modules respectively. | ||
|
||
### Using the `installOneAuth.js` script | ||
|
||
1. Set `npm_config_registry` to `https://office.pkgs.visualstudio.com/_packaging/OneAuth/npm/registry/` | ||
1. Set `npm_config_username` to anything other than an empty string | ||
1. Set `npm_config__password` (note the double "_") to a base64-encoded [Personal Access Token you created in Azure DevOps](https://office.visualstudio.com/_usersSettings/tokens) for the Office org that has the Packaging (read) scope enabled | ||
1. Run `node scripts/installOneAuth.js` from `/electron-server/` | ||
|
||
There should now be a `/electron-server/oneauth-temp/` directory containing the contents of the OneAuth module which will be called by Composer assuming you set the `COMPOSER_ENABLE_ONEAUTH` environment variable. |
Oops, something went wrong.