Merge pull request #616 from wri/azure-returns

Swap back to Azure SSO from Okta SSO
wri · Dec 18, 2024 · 6bb1d57 · 6bb1d57
2 parents e9981cf + c22b950
commit 6bb1d57
Show file tree

Hide file tree

Showing 7 changed files with 36 additions and 37 deletions.
diff --git a/ckan-backend-dev/.env.example b/ckan-backend-dev/.env.example
@@ -146,9 +146,9 @@ S3_BUCKET_NAME=ckan
 S3_BUCKET_REGION=us-east-1
 SYS_ADMIN_API_KEY=CKAN_API_TOKEN
 RW_API_KEY=ffffffff-ffff-ffff-ffff-ffffffffffff
-#AZURE_AD_CLIENT_ID=ffffffff-ffff-ffff-ffff-ffffffffffff
-#AZURE_AD_CLIENT_SECRET=ffffffff-ffff-ffff-ffff-ffffffffffff
-#AZURE_AD_TENANT_ID=ffffffff-ffff-ffff-ffff-ffffffffffff
+AZURE_AD_CLIENT_ID=ffffffff-ffff-ffff-ffff-ffffffffffff
+AZURE_AD_CLIENT_SECRET=ffffffff-ffff-ffff-ffff-ffffffffffff
+AZURE_AD_TENANT_ID=ffffffff-ffff-ffff-ffff-ffffffffffff
 SYS_ADMIN_API_KEY=CKAN_API_TOKEN
 SMTP_SERVER="smtp.ssss.com"
 SMTP_PORT="587"

diff --git a/ckan-backend-dev/docker-compose.test.yml b/ckan-backend-dev/docker-compose.test.yml
@@ -56,9 +56,9 @@ services:
       - S3_BUCKET_NAME=ckan
       - S3_BUCKET_REGION=us-east-1
       - RW_API_KEY=${RW_API_KEY}
-      #- AZURE_AD_TENANT_ID=${AZURE_AD_TENANT_ID}
-      #- AZURE_AD_CLIENT_ID=${AZURE_AD_CLIENT_ID}
-      #- AZURE_AD_CLIENT_SECRET=${AZURE_AD_CLIENT_SECRET}
+      - AZURE_AD_TENANT_ID=${AZURE_AD_TENANT_ID}
+      - AZURE_AD_CLIENT_ID=${AZURE_AD_CLIENT_ID}
+      - AZURE_AD_CLIENT_SECRET=${AZURE_AD_CLIENT_SECRET}
       - SYS_ADMIN_API_KEY=${SYS_ADMIN_API_KEY}
       - SMTP_SERVER=${SMTP_SERVER}
       - SMTP_PORT=${SMTP_PORT}

diff --git a/deployment/frontend/.env.example b/deployment/frontend/.env.example
@@ -31,9 +31,9 @@ S3_BUCKET_REGION="us-east-1"
 # LOCAL
 SYS_ADMIN_API_KEY="1111"
 
-#AZURE_AD_CLIENT_ID="ffffffff-ffff-ffff-ffff-ffffffffffff"
-#AZURE_AD_CLIENT_SECRET="ffffffff-ffff-ffff-ffff-ffffffffffff"
-#AZURE_AD_TENANT_ID="ffffffff-ffff-ffff-ffff-ffffffffffff"
+AZURE_AD_CLIENT_ID="ffffffff-ffff-ffff-ffff-ffffffffffff"
+AZURE_AD_CLIENT_SECRET="ffffffff-ffff-ffff-ffff-ffffffffffff"
+AZURE_AD_TENANT_ID="ffffffff-ffff-ffff-ffff-ffffffffffff"
 OKTA_CLIENT_ID="ffffffff-ffff-ffff-ffff-ffffffffffff"
 OKTA_CLIENT_SECRET="ffffffff-ffff-ffff-ffff-ffffffffffff"
 OKTA_ISSUER="https://example-123456.okta.com/oauth2/default"

diff --git a/deployment/frontend/Dockerfile b/deployment/frontend/Dockerfile
@@ -15,9 +15,9 @@ ARG CKAN_URL
 ARG NEXT_PUBLIC_CKAN_URL
 ARG NEXT_PUBLIC_NEXTAUTH_URL
 ARG NEXT_PUBLIC_GTM_ID
-#ARG AZURE_AD_CLIENT_ID
-#ARG AZURE_AD_CLIENT_SECRET
-#ARG AZURE_AD_TENANT_ID
+ARG AZURE_AD_CLIENT_ID
+ARG AZURE_AD_CLIENT_SECRET
+ARG AZURE_AD_TENANT_ID
 ARG RW_API_KEY
 ARG NEXT_PUBLIC_DISABLE_HOTJAR
 ARG NEXT_PUBLIC_HOTJAR_ID

diff --git a/deployment/frontend/src/components/_shared/Login.tsx b/deployment/frontend/src/components/_shared/Login.tsx
@@ -198,7 +198,7 @@ function SignInForm({
                 <div className="text-wri-black ">or</div>
                 <div className="font-light text-[0.875rem] border border-1 border-wri-gray w-20 h-0" />
             </div>
-            {/*<button
+            <button
                 type="button"
                 className="flex  mt-8 outline outline-1 outline-wri-gold rounded-sm justify-center py-4 cursor-pointer"
                 onClick={handleAzureSignIn}
@@ -212,8 +212,8 @@ function SignInForm({
                         ? 'Sign In with your WRI Credentials'
                         : 'Signing in...'}
                 </div>
-            </button>*/}
-            <button
+            </button>
+            {/*<button
                 type="button"
                 className="flex  mt-8 outline outline-1 outline-wri-gold rounded-sm justify-center py-4 cursor-pointer"
                 onClick={handleOktaSignIn}
@@ -227,7 +227,7 @@ function SignInForm({
                         ? 'Sign In with your WRI Credentials'
                         : 'Signing in...'}
                 </div>
-            </button>
+            </button>*/}
         </>
     )
 }

diff --git a/deployment/frontend/src/env.mjs b/deployment/frontend/src/env.mjs
@@ -31,9 +31,9 @@ export const env = createEnv({
             (str) => process.env.SYS_ADMIN_API_KEY ?? str,
             z.string()
         ),
-        //AZURE_AD_TENANT_ID: z.string(),
-        //AZURE_AD_CLIENT_ID: z.string(),
-        //AZURE_AD_CLIENT_SECRET: z.string(),
+        AZURE_AD_TENANT_ID: z.string(),
+        AZURE_AD_CLIENT_ID: z.string(),
+        AZURE_AD_CLIENT_SECRET: z.string(),
         OKTA_CLIENT_ID: z.string(),
         OKTA_CLIENT_SECRET: z.string(),
         OKTA_ISSUER: z.string(),
@@ -79,9 +79,9 @@ export const env = createEnv({
         S3_BUCKET_NAME: process.env.S3_BUCKET_NAME,
         S3_BUCKET_REGION: process.env.S3_BUCKET_REGION,
         SYS_ADMIN_API_KEY: process.env.SYS_ADMIN_API_KEY,
-        //AZURE_AD_TENANT_ID: process.env.AZURE_AD_TENANT_ID,
-        //AZURE_AD_CLIENT_ID: process.env.AZURE_AD_CLIENT_ID,
-        //AZURE_AD_CLIENT_SECRET: process.env.AZURE_AD_CLIENT_SECRET,
+        AZURE_AD_TENANT_ID: process.env.AZURE_AD_TENANT_ID,
+        AZURE_AD_CLIENT_ID: process.env.AZURE_AD_CLIENT_ID,
+        AZURE_AD_CLIENT_SECRET: process.env.AZURE_AD_CLIENT_SECRET,
         OKTA_CLIENT_ID: process.env.OKTA_CLIENT_ID,
         OKTA_CLIENT_SECRET: process.env.OKTA_CLIENT_SECRET,
         OKTA_ISSUER: process.env.OKTA_ISSUER,

diff --git a/deployment/frontend/src/server/auth.ts b/deployment/frontend/src/server/auth.ts
@@ -65,18 +65,17 @@ export const authOptions: NextAuthOptions = {
                 // token.teams = user.teams
                 token.sysadmin = user.sysadmin
             }
-            //let isAzureAd = account?.provider === 'azure-ad'
+            let isAzureAd = account?.provider === 'azure-ad'
             let isOkta = account?.provider === 'okta'
-            //if (isAzureAd || isOkta) {
-            if (isOkta) {
+            if (isAzureAd || isOkta) {
                 const reqBody: any = {
                     email: user?.email,
                     name: user?.name,
                     id_token: account?.id_token,
                 }
-                //if (isAzureAd) {
-                //    reqBody.from_azure = true
-                //}
+                if (isAzureAd) {
+                    reqBody.from_azure = true
+                }
                 if (isOkta) {
                     reqBody.from_okta = true
                 }
@@ -194,16 +193,16 @@ export const authOptions: NextAuthOptions = {
                 }
             },
         }),
-        //AzureAdProvider({
-        //    clientId: env.AZURE_AD_CLIENT_ID ?? '',
-        //    clientSecret: env.AZURE_AD_CLIENT_SECRET?.toString() ?? '',
-        //    tenantId: env.AZURE_AD_TENANT_ID ?? '',
-        //}),
-        OktaProvider({
-            clientId: env.OKTA_CLIENT_ID ?? '',
-            clientSecret: env.OKTA_CLIENT_SECRET?.toString() ?? '',
-            issuer: env.OKTA_ISSUER ?? '',
+        AzureAdProvider({
+            clientId: env.AZURE_AD_CLIENT_ID ?? '',
+            clientSecret: env.AZURE_AD_CLIENT_SECRET?.toString() ?? '',
+            tenantId: env.AZURE_AD_TENANT_ID ?? '',
         }),
+        //OktaProvider({
+        //    clientId: env.OKTA_CLIENT_ID ?? '',
+        //    clientSecret: env.OKTA_CLIENT_SECRET?.toString() ?? '',
+        //    issuer: env.OKTA_ISSUER ?? '',
+        //}),
     ],
 }