-
Notifications
You must be signed in to change notification settings - Fork 8
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: add aurora entra id login #839
base: master
Are you sure you want to change the base?
Conversation
system: { | ||
loggerOptions: { | ||
loggerCallback(logLevel, message, containsPii) { | ||
if (!containsPii) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Such a cool trick. I wonder if AWS has a similar feature.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yeah, I was really happy to see this too. 😊
const globalPrefix = 'api' | ||
app.setGlobalPrefix(globalPrefix) | ||
app.use(json({ limit: '1mb' })) | ||
app.use(urlencoded({ extended: true, limit: '1mb' })) | ||
app.use(cookieParser()) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
👍
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Awesome progress, @stuartmclean! Great prototyping. I like your prototyping approach with feature flags so we can gradually roll this out.
I've left a few inline comments.
import { VerificationData } from './verification-data.interface' | ||
|
||
@Injectable() | ||
export class EntraIdLoginMiddleware implements NestMiddleware { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nice work here!
I've never used NestJS middleware. Is there a reason we're using it instead of a simple controller?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It seemed like the easiest way to protect this route and make it reusable for other routes.
Co-authored-by: Anıl Akarsu <anil@redi-school.org> Signed-off-by: Stuart McLean <stuart.mclean@soundcloud.com>
Important Auto Review SkippedAuto reviews are disabled on this repository. Please check the settings in the CodeRabbit UI or the To trigger a single review, invoke the Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media? TipsChatThere are 3 ways to chat with CodeRabbit:
Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments. CodeRabbit Commands (invoked as PR comments)
Additionally, you can add CodeRabbit Configration File (
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
❤️
😊 Thanks @ericbolikowski - I ran another manual test and discovered a flaw in my last commits - should be fixed by the most recent commit. |
@@ -84,7 +84,7 @@ export const routes__loggedOut: RouteDefinition[] = [ | |||
{ | |||
path: '/front/login/entra-redirect', | |||
component: () => { | |||
window.location.href = `${NEST_API_URL}/auth/entra-id` | |||
window.location.href = `${NEST_API_URL}/api/auth/entra-id` |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@stuartmclean What's the reason for this change? Is it a common practice to set a URL on the browser to what seems to be an API URL?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hi @helloanil This is a bit of a hack, I agree, but it doesn't actually display anything to the user and it's the only way I could make this work without setting up a whole different root url just for this one endpoint. Happy to hear other suggestions though. 😎
Important notes:
This is not a complete reimplementation of the talent-connect auth process - it's merely a first step in that direction, presenting a working demonstration of several interactions with the Azure backend.
It should be safe to merge with the following feature flag:
NX_ENTRA_ID_ENABLED=false
although the other flags mentioned below should also be set in the production with at least empty string values to avoid issues during deployment.Further steps required (should be done in separate tickets):
connect
talent-pool
How to test:
This feature requires the following new env params:
entra-id-login-screen-recording.mov
Implementation summary:
When a customer clicks the "Log in with Microsoft" button:
nestjs backend
, which queriesazure
to...nestjs backend
redirects the userazure
using their own detailsazure
redirects the user to thenestjs backend
nestjs backend
callsazure
to verify that the login was successful