Vatsal Trivedi
10/26/2021, 10:43 AMJiri Zajic
10/26/2021, 4:06 PMVatsal Trivedi
10/27/2021, 4:07 AMJiri Zajic
10/27/2021, 6:16 AMJiri Zajic
10/27/2021, 6:16 AMingress:
...
# Custom annotations that will be added to every Ingress object created by this chart, e.g.
# <http://cert-manager.io/cluster-issuer|cert-manager.io/cluster-issuer>: letsencrypt-production
# If you plan to do local development of GoodData.UI applications, you should also add
# CORS-related annotations like:
# <http://nginx.ingress.kubernetes.io/enable-cors|nginx.ingress.kubernetes.io/enable-cors>: "true"
# <http://nginx.ingress.kubernetes.io/cors-allow-headers|nginx.ingress.kubernetes.io/cors-allow-headers>: "X-GDC-JS-SDK-COMP, X-GDC-JS-SDK-COMP-PROPS, X-GDC-JS-PACKAGE, X-GDC-JS-PACKAGE-VERSION, x-requested-with, X-GDC-VALIDATE-RELATIONS, DNT, X-CustomHeader, Keep-Alive, User-Agent, X-Requested-With, If-Modified-Since, Cache-Control, Content-Type, Authorization"
# <http://nginx.ingress.kubernetes.io/cors-allow-origin|nginx.ingress.kubernetes.io/cors-allow-origin>: <http://localhost:3000>
annotations: {}
Jiri Zajic
10/27/2021, 6:16 AMJiri Zajic
10/28/2021, 8:33 PMVatsal Trivedi
10/29/2021, 4:16 AMAshok
10/29/2021, 4:30 AMGuruprasad
10/29/2021, 5:23 AMAshok
10/29/2021, 7:46 AMVatsal Trivedi
10/29/2021, 11:01 AMJiri Zajic
10/30/2021, 7:50 PM--backend tiger
parameter?Jiri Zajic
10/30/2021, 7:51 PMnpx --ignore-existing @gooddata/create-gooddata-react-app --backend=tiger
.Vatsal Trivedi
11/01/2021, 6:27 AMJiri Zajic
11/01/2021, 6:09 PMVatsal Trivedi
11/02/2021, 11:33 AM{
"title": "Not Found",
"status": 404,
"detail": "No API path found that matches request '/appLogin'.",
"traceId": "7c88e78afa940ec8"
}
Dan Homola
11/02/2021, 2:15 PMGuruprasad
11/02/2021, 4:47 PMDan Homola
11/03/2021, 10:45 AMJan Soubusta
11/03/2021, 10:50 AMRobert Moucha
11/03/2021, 12:09 PM/appLogin
ends with 404. You need to pass mandatory query param redirectTo
pointing to uri-encoded path where the you want to be redirected after authentication. E.g /appLogin?redirectTo=%2F
performs authentication and redirects you to /
.Robert Moucha
11/03/2021, 12:10 PM400
instead of 404
.Robert Moucha
11/03/2021, 12:20 PMredirectTo
to contain external URLs, e.g.:
authService:
allowRedirect: "<https://localhost:8443>"
It allows auth. service to redirect to other hosts where your frontend app is running. I believe this could be the reason why it fails on your side, as I can see you don't have this variable set in your customized-values yaml file.Ashok
11/03/2021, 2:17 PMRobert Moucha
11/03/2021, 2:31 PMRobert Moucha
11/03/2021, 2:31 PMAshok
11/03/2021, 2:37 PMdex:
authService:
allowRedirect: '<https://gdcn-test.herokuapp.com|https://gdcn-test.herokuapp.com>'
ingress:
authHost: '<http://auth-fc.factoreal.com|auth-fc.factoreal.com>'
annotations:
<http://kubernetes.io/ingress.class|kubernetes.io/ingress.class>: nginx
Ashok
11/03/2021, 2:43 PMRobert Moucha
11/03/2021, 2:44 PMauthService:
allowRedirect: "<https://localhost:8443>"
dex:
ingress:
...etc
Robert Moucha
11/03/2021, 2:45 PMAshok
11/03/2021, 2:47 PMVatsal Trivedi
11/03/2021, 3:36 PMRobert Moucha
11/03/2021, 4:32 PMAuthorization: Bearer *thisisyoursecrettoken*
Guruprasad
11/04/2021, 8:04 AMRobert Moucha
11/04/2021, 2:32 PMDan Homola
11/04/2021, 2:49 PMGuruprasad
11/04/2021, 2:52 PMAshok
11/04/2021, 2:53 PMDan Homola
11/04/2021, 2:56 PMVatsal Trivedi
11/04/2021, 2:59 PMconst createBackendForDevelopment = () => {
if (!process.env.REACT_APP_SET_HOSTNAME && process.env.REACT_APP_DEV_TIGER_API_TOKEN) {
<http://console.info|console.info>(
"The application will use Tiger API Token for authentication and will use the proxy to send requests to the backend.",
);
return tigerFactory().withAuthentication(
new TigerTokenAuthProvider(process.env.REACT_APP_DEV_TIGER_API_TOKEN),
);
}
<http://console.info|console.info>(
"The application will use Tiger OIDC authentication flow for authentication and will send requests directly to the backend. Please make sure your installation has correct CORS setup.",
);
return tigerFactory({ hostname: backend }).withAuthentication(
new ContextDeferredAuthProvider(throttledHandler),
);
};
const createBackendForProduction = () => {
if (!process.env.REACT_APP_SET_HOSTNAME) {
return tigerFactory().withAuthentication(new ContextDeferredAuthProvider(throttledHandler));
}
return tigerFactory({ hostname: backend }).withAuthentication(
new ContextDeferredAuthProvider(throttledHandler),
);
};
Vatsal Trivedi
11/04/2021, 3:00 PMTigerTokenAuthProvider
Dan Homola
11/04/2021, 3:02 PMcreateBackendForProduction
function is used. You will need to adapt the parts around TigerTokenAuthProvider and put them in the createBackendForProduction
function.
This is because out of the box we only support the token for development because using it for production can pose security problems. But I guess for your usecase it might be fine.Vatsal Trivedi
11/04/2021, 3:03 PMDan Homola
11/04/2021, 3:03 PMI am trying to use out of the solutioncan you please elaborate?
Vatsal Trivedi
11/04/2021, 3:04 PMDan Homola
11/04/2021, 3:05 PMVatsal Trivedi
11/04/2021, 3:05 PMDan Homola
11/04/2021, 3:06 PMVatsal Trivedi
11/04/2021, 3:08 PMDan Homola
11/04/2021, 3:09 PMVatsal Trivedi
11/04/2021, 3:11 PMAshok
11/04/2021, 3:13 PMDan Homola
11/04/2021, 3:15 PMbuild-with-explicit-hostname
script?Ashok
11/04/2021, 3:22 PMauthService:
allowRedirect: '<https://gdcn-test.herokuapp.com|https://gdcn-test.herokuapp.com>'
dex:
ingress:
authHost: '<http://auth-fc.factoreal.com|auth-fc.factoreal.com>'
annotations:
<http://kubernetes.io/ingress.class|kubernetes.io/ingress.class>: nginx
ingress:
annotations:
<http://kubernetes.io/ingress.class|kubernetes.io/ingress.class>: nginx
<http://nginx.ingress.kubernetes.io/cors-allow-credentials|nginx.ingress.kubernetes.io/cors-allow-credentials>: "true"
<http://nginx.ingress.kubernetes.io/cors-allow-methods|nginx.ingress.kubernetes.io/cors-allow-methods>: PUT, GET, POST, OPTIONS, DELETE, PATCH
<http://nginx.ingress.kubernetes.io/enable-cors|nginx.ingress.kubernetes.io/enable-cors>: "true"
<http://nginx.ingress.kubernetes.io/cors-allow-origin|nginx.ingress.kubernetes.io/cors-allow-origin>: <https://gdcn-test.herokuapp.com|https://gdcn-test.herokuapp.com>
<http://nginx.ingress.kubernetes.io/cors-allow-headers|nginx.ingress.kubernetes.io/cors-allow-headers>: "X-GDC-JS-SDK-COMP, X-GDC-JS-SDK-COMP-PROPS, X-GDC-JS-PACKAGE, X-GDC-JS-PACKAGE-VERSION, x-requested-with, X-GDC-VALIDATE-RELATIONS, DNT, X-CustomHeader, Keep-Alive, User-Agent, X-Requested-With, If-Modified-Since, Cache-Control, Content-Type, Authorization"
#### gdcn robert asked to remove to fix issue
Dan Homola
11/04/2021, 3:26 PMconst createBackendForProduction = () => {
return tigerFactory().withAuthentication(
new TigerTokenAuthProvider(process.env.REACT_APP_DEV_TIGER_API_TOKEN),
);
};
Note though that this is not secure as your token will get hardcoded into the application.
Scenario 2: if you want to try your app with proper login, then from what you are describing it seems there is either some problem with the settings on the backend or your app is not built properly (what command do you use to build the app?)Robert Moucha
11/04/2021, 4:10 PMRobert Moucha
11/04/2021, 4:11 PMSameSite
attribute of cookies set None
?Robert Moucha
11/04/2021, 4:12 PMLax
and it might cause issue with cross-domain access. But maybe I'm completely wrong.Ashok
11/04/2021, 4:15 PMRobert Moucha
11/04/2021, 4:17 PMcookiePolicy: None
And update helm release on your cluster with this settingAshok
11/04/2021, 4:21 PMRobert Moucha
11/04/2021, 4:27 PMAshok
11/04/2021, 4:38 PMGuruprasad
11/09/2021, 4:13 AMGuruprasad
11/09/2021, 11:03 AMRobert Moucha
11/09/2021, 4:51 PMRobert Moucha
11/09/2021, 5:53 PM<RedirectIfNotLoggedIn />
otherwise I was redirected to https://localhost:8443/login right after finishing the Oauth2 flow. But I was logged in successfully and when I went to home page, dashboard appeared on my page:Dan Homola
11/10/2021, 8:17 AMAshok
11/18/2021, 5:06 AMRobert Moucha
11/18/2021, 8:16 AMAshok
11/18/2021, 8:22 AMRobert Moucha
11/18/2021, 8:30 AMAccess-Control-Allow-Origin
can contain only one URL.Ashok
11/18/2021, 8:31 AMRobert Moucha
11/18/2021, 8:31 AMAshok
11/18/2021, 8:33 AMAshok
11/18/2021, 8:40 AMRobert Moucha
11/18/2021, 8:49 AM*
could work for regular oauth2 authentication, but you could not use token auth (Authorization: Bearer xxxx). This should not be an issue, however. We need to check this option. If it works, it would resolve the cors issue, but the problem with allowRedirect would still remain and we need to resolve this internally.