@p0security/cli 0.22.5 → 0.22.6
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/build/dist/plugins/kubeconfig/index.js +1 -1
- package/build/dist/plugins/kubeconfig/index.js.map +1 -1
- package/build/dist/plugins/kubeconfig/types.d.ts +1 -1
- package/build/dist/plugins/okta/aws.js +1 -1
- package/build/dist/plugins/okta/aws.js.map +1 -1
- package/build/dist/plugins/okta/login.d.ts +1 -1
- package/build/dist/plugins/okta/login.js +20 -4
- package/build/dist/plugins/okta/login.js.map +1 -1
- package/build/dist/public/redirect-landing.html +3 -3
- package/build/tsconfig.build.tsbuildinfo +1 -1
- package/package.json +1 -1
|
@@ -83,7 +83,7 @@ const awsCloudAuth = (authn, awsAccountId, request, loginType, debug) => __await
|
|
|
83
83
|
const { name } = aws;
|
|
84
84
|
switch (loginType) {
|
|
85
85
|
case "idc": {
|
|
86
|
-
const { idcId, idcRegion } = (_b = permission.
|
|
86
|
+
const { idcId, idcRegion } = (_b = permission.aws) !== null && _b !== void 0 ? _b : {};
|
|
87
87
|
if (!idcId || !idcRegion) {
|
|
88
88
|
throw "AWS is configured to use Identity Center, but IDC information wasn't received in the request.";
|
|
89
89
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../src/plugins/kubeconfig/index.ts"],"names":[],"mappings":";;;;;;;;;;;;AAWA,kDAA8D;AAC9D,2DAAwD;AACxD,2CAA2D;AAG3D,qCAAqD;AACrD,0CAA6C;AAC7C,oCAA+C;AAE/C,wCAAwC;AACxC,qCAAqD;AAErD,mCAA8B;AAC9B,2CAAiC;AAGjC,MAAM,iBAAiB,GAAG,IAAI,CAAC;AAExB,MAAM,4BAA4B,GAAG,CAC1C,KAAY,EACZ,SAAiB,EACjB,KAAe,EAQd,EAAE;;IACH,MAAM,SAAS,GAAG,MAAM,IAAA,4BAAsB,EAC5C,KAAK,EACL,KAAK,EACL,KAAK,CACN,CAAC;IAEF,kHAAkH;IAClH,MAAM,MAAM,GAAG,MAAA,SAAS,CAAC,MAAM,CAAC,WAAW,CAAC,0CAAG,SAAS,CAAC,CAAC;IAC1D,IAAI,CAAC,MAAM,EAAE;QACX,MAAM,mBAAmB,SAAS,YAAY,CAAC;KAChD;IAED,IAAI,MAAM,CAAC,KAAK,KAAK,WAAW,EAAE;QAChC,MAAM,mBAAmB,SAAS,mBAAmB,CAAC;KACvD;IAED,MAAM,EAAE,OAAO,EAAE,GAAG,MAAM,CAAC;IAE3B,IAAI,OAAO,CAAC,IAAI,KAAK,KAAK,EAAE;QAC1B,MAAM,CACJ,8DAA8D,SAAS,8BAA8B;YACrG,qDAAqD,IAAA,iBAAU,GAAE,yBAAyB,CAC3F,CAAC;KACH;IAED,MAAM,EAAE,GAAG,EAAE,aAAa,EAAE,GAAG,OAAO,CAAC;IACvC,MAAM,EAAE,SAAS,EAAE,YAAY,EAAE,GAAG,IAAA,gBAAQ,EAAC,aAAa,CAAC,CAAC;IAC5D,MAAM,EAAE,MAAM,EAAE,SAAS,EAAE,GAAG,MAAM,IAAA,qBAAY,EAAC,KAAK,EAAE,YAAY,EAAE,KAAK,CAAC,CAAC;IAC7E,MAAM,EAAE,KAAK,EAAE,QAAQ,EAAE,GAAG,SAAS,CAAC;IAEtC,yEAAyE;IACzE,IAAI,CAAC,CAAA,QAAQ,aAAR,QAAQ,uBAAR,QAAQ,CAAE,IAAI,CAAA,IAAI,CAAA,QAAQ,aAAR,QAAQ,uBAAR,QAAQ,CAAE,IAAI,MAAK,KAAK,EAAE;QAC/C,MAAM,6GAA6G,IAAA,iBAAU,GAAE,yBAAyB,CAAC;KAC1J;IAED,OAAO;QACL,aAAa,EAAE,EAAE,SAAS,EAAE,YAAY,EAAE,aAAa,EAAE;QACzD,YAAY,EAAE,QAAQ,CAAC,IAAI;KAC5B,CAAC;AACJ,CAAC,CAAA,CAAC;AAnDW,QAAA,4BAA4B,gCAmDvC;AAEK,MAAM,sBAAsB,GAAG,CACpC,KAAY,EACZ,IAAqD,EACrD,SAAiB,EACjB,IAAY,EACmC,EAAE;IACjD,MAAM,QAAQ,GAAG,MAAM,IAAA,iBAAO,EAAC,SAAS,CAAC,iCAIlC,IAAA,aAAI,EAAC,IAAI,EAAE,IAAI,EAAE,GAAG,CAAC,KACxB,SAAS,EAAE;YACT,KAAK;YACL,UAAU;YACV,IAAI;YACJ,WAAW;YACX,SAAS;YACT,GAAG,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;YACtD,GAAG,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,UAAU,EAAE,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;YACjD,GAAG,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,YAAY,EAAE,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;SACxD,EACD,IAAI,EAAE,IAAI,KAEZ,KAAK,EACL,EAAE,OAAO,EAAE,mBAAmB,EAAE,CACjC,CAAC;IAEF,IAAI,CAAC,QAAQ,EAAE;QACb,MAAM,uCAAuC,CAAC;KAC/C;IAED,MAAM,IAAI,GAAG,MAAM,IAAA,8BAAqB,EAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;IAC3D,IAAI,CAAC,IAAI,EAAE;QACT,gBAAG,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;KACb;IACD,OAAO,QAAQ,CAAC,OAAO,CAAC;AAC1B,CAAC,CAAA,CAAC;AApCW,QAAA,sBAAsB,0BAoCjC;AAEK,MAAM,WAAW,GAAG,CAAC,aAAqB,EAAU,EAAE,CAC3D,GAAG,iBAAiB,IAAI,aAAa,EAAE,CAAC;AAD7B,QAAA,WAAW,eACkB;AAEnC,MAAM,UAAU,GAAG,CAAC,YAAoB,EAAU,EAAE,CACzD,GAAG,iBAAiB,IAAI,YAAY,EAAE,CAAC;AAD5B,QAAA,UAAU,cACkB;AAElC,MAAM,YAAY,GAAG,CAC1B,KAAY,EACZ,YAAoB,EACpB,OAA6C,EAC7C,SAA8B,EAC9B,KAAe,EACU,EAAE;;IAC3B,MAAM,EAAE,UAAU,EAAE,SAAS,EAAE,GAAG,OAAO,CAAC;IAC1C,MAAM,EAAE,GAAG,EAAE,GAAG,SAAS,CAAC;IAC1B,MAAM,EAAE,IAAI,EAAE,GAAG,GAAG,CAAC;IAErB,QAAQ,SAAS,EAAE;QACjB,KAAK,KAAK,CAAC,CAAC;YACV,MAAM,EAAE,KAAK,EAAE,SAAS,EAAE,GAAG,MAAA,UAAU,CAAC,
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../src/plugins/kubeconfig/index.ts"],"names":[],"mappings":";;;;;;;;;;;;AAWA,kDAA8D;AAC9D,2DAAwD;AACxD,2CAA2D;AAG3D,qCAAqD;AACrD,0CAA6C;AAC7C,oCAA+C;AAE/C,wCAAwC;AACxC,qCAAqD;AAErD,mCAA8B;AAC9B,2CAAiC;AAGjC,MAAM,iBAAiB,GAAG,IAAI,CAAC;AAExB,MAAM,4BAA4B,GAAG,CAC1C,KAAY,EACZ,SAAiB,EACjB,KAAe,EAQd,EAAE;;IACH,MAAM,SAAS,GAAG,MAAM,IAAA,4BAAsB,EAC5C,KAAK,EACL,KAAK,EACL,KAAK,CACN,CAAC;IAEF,kHAAkH;IAClH,MAAM,MAAM,GAAG,MAAA,SAAS,CAAC,MAAM,CAAC,WAAW,CAAC,0CAAG,SAAS,CAAC,CAAC;IAC1D,IAAI,CAAC,MAAM,EAAE;QACX,MAAM,mBAAmB,SAAS,YAAY,CAAC;KAChD;IAED,IAAI,MAAM,CAAC,KAAK,KAAK,WAAW,EAAE;QAChC,MAAM,mBAAmB,SAAS,mBAAmB,CAAC;KACvD;IAED,MAAM,EAAE,OAAO,EAAE,GAAG,MAAM,CAAC;IAE3B,IAAI,OAAO,CAAC,IAAI,KAAK,KAAK,EAAE;QAC1B,MAAM,CACJ,8DAA8D,SAAS,8BAA8B;YACrG,qDAAqD,IAAA,iBAAU,GAAE,yBAAyB,CAC3F,CAAC;KACH;IAED,MAAM,EAAE,GAAG,EAAE,aAAa,EAAE,GAAG,OAAO,CAAC;IACvC,MAAM,EAAE,SAAS,EAAE,YAAY,EAAE,GAAG,IAAA,gBAAQ,EAAC,aAAa,CAAC,CAAC;IAC5D,MAAM,EAAE,MAAM,EAAE,SAAS,EAAE,GAAG,MAAM,IAAA,qBAAY,EAAC,KAAK,EAAE,YAAY,EAAE,KAAK,CAAC,CAAC;IAC7E,MAAM,EAAE,KAAK,EAAE,QAAQ,EAAE,GAAG,SAAS,CAAC;IAEtC,yEAAyE;IACzE,IAAI,CAAC,CAAA,QAAQ,aAAR,QAAQ,uBAAR,QAAQ,CAAE,IAAI,CAAA,IAAI,CAAA,QAAQ,aAAR,QAAQ,uBAAR,QAAQ,CAAE,IAAI,MAAK,KAAK,EAAE;QAC/C,MAAM,6GAA6G,IAAA,iBAAU,GAAE,yBAAyB,CAAC;KAC1J;IAED,OAAO;QACL,aAAa,EAAE,EAAE,SAAS,EAAE,YAAY,EAAE,aAAa,EAAE;QACzD,YAAY,EAAE,QAAQ,CAAC,IAAI;KAC5B,CAAC;AACJ,CAAC,CAAA,CAAC;AAnDW,QAAA,4BAA4B,gCAmDvC;AAEK,MAAM,sBAAsB,GAAG,CACpC,KAAY,EACZ,IAAqD,EACrD,SAAiB,EACjB,IAAY,EACmC,EAAE;IACjD,MAAM,QAAQ,GAAG,MAAM,IAAA,iBAAO,EAAC,SAAS,CAAC,iCAIlC,IAAA,aAAI,EAAC,IAAI,EAAE,IAAI,EAAE,GAAG,CAAC,KACxB,SAAS,EAAE;YACT,KAAK;YACL,UAAU;YACV,IAAI;YACJ,WAAW;YACX,SAAS;YACT,GAAG,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;YACtD,GAAG,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,UAAU,EAAE,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;YACjD,GAAG,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,YAAY,EAAE,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;SACxD,EACD,IAAI,EAAE,IAAI,KAEZ,KAAK,EACL,EAAE,OAAO,EAAE,mBAAmB,EAAE,CACjC,CAAC;IAEF,IAAI,CAAC,QAAQ,EAAE;QACb,MAAM,uCAAuC,CAAC;KAC/C;IAED,MAAM,IAAI,GAAG,MAAM,IAAA,8BAAqB,EAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;IAC3D,IAAI,CAAC,IAAI,EAAE;QACT,gBAAG,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;KACb;IACD,OAAO,QAAQ,CAAC,OAAO,CAAC;AAC1B,CAAC,CAAA,CAAC;AApCW,QAAA,sBAAsB,0BAoCjC;AAEK,MAAM,WAAW,GAAG,CAAC,aAAqB,EAAU,EAAE,CAC3D,GAAG,iBAAiB,IAAI,aAAa,EAAE,CAAC;AAD7B,QAAA,WAAW,eACkB;AAEnC,MAAM,UAAU,GAAG,CAAC,YAAoB,EAAU,EAAE,CACzD,GAAG,iBAAiB,IAAI,YAAY,EAAE,CAAC;AAD5B,QAAA,UAAU,cACkB;AAElC,MAAM,YAAY,GAAG,CAC1B,KAAY,EACZ,YAAoB,EACpB,OAA6C,EAC7C,SAA8B,EAC9B,KAAe,EACU,EAAE;;IAC3B,MAAM,EAAE,UAAU,EAAE,SAAS,EAAE,GAAG,OAAO,CAAC;IAC1C,MAAM,EAAE,GAAG,EAAE,GAAG,SAAS,CAAC;IAC1B,MAAM,EAAE,IAAI,EAAE,GAAG,GAAG,CAAC;IAErB,QAAQ,SAAS,EAAE;QACjB,KAAK,KAAK,CAAC,CAAC;YACV,MAAM,EAAE,KAAK,EAAE,SAAS,EAAE,GAAG,MAAA,UAAU,CAAC,GAAG,mCAAI,EAAE,CAAC;YAElD,IAAI,CAAC,KAAK,IAAI,CAAC,SAAS,EAAE;gBACxB,MAAM,+FAA+F,CAAC;aACvG;YAED,OAAO,MAAM,IAAA,uBAAiB,EAAC;gBAC7B,SAAS,EAAE,YAAY;gBACvB,aAAa,EAAE,IAAI;gBACnB,GAAG,EAAE,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,SAAS,EAAE;aACtC,CAAC,CAAC;SACJ;QACD,KAAK,WAAW;YACd,OAAO,MAAM,IAAA,4BAAsB,EACjC,KAAK,EACL;gBACE,SAAS,EAAE,YAAY;gBACvB,IAAI,EAAE,IAAI;aACX,EACD,KAAK,CACN,CAAC;QACJ;YACE,MAAM,IAAA,kBAAW,EAAC,SAAS,CAAC,CAAC;KAChC;AACH,CAAC,CAAA,CAAC;AArCW,QAAA,YAAY,gBAqCvB"}
|
|
@@ -60,7 +60,7 @@ const initOktaSaml = (authn, account, debug) => __awaiter(void 0, void 0, void 0
|
|
|
60
60
|
const { identity, config } = yield (0, config_1.getAwsConfig)(authn, account, debug);
|
|
61
61
|
if (!isFederatedLogin(config))
|
|
62
62
|
throw `Account ${(_a = config.label) !== null && _a !== void 0 ? _a : config.id} is not configured for Okta SAML login.`;
|
|
63
|
-
const samlResponse = yield (0, login_1.fetchSamlAssertionForAws)(identity, config.login);
|
|
63
|
+
const samlResponse = yield (0, login_1.fetchSamlAssertionForAws)(identity, config.login, debug);
|
|
64
64
|
return {
|
|
65
65
|
samlResponse,
|
|
66
66
|
config,
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"aws.js","sourceRoot":"","sources":["../../../../src/plugins/okta/aws.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA;;;;;;;;;GASG;AACH,8CAAoD;AACpD,0CAA4C;AAC5C,6CAA4C;AAE5C,kDAAuD;AACvD,0CAA6C;AAE7C,mCAAmD;AACnD,mCAAiC;AAEjC,6DAA6D;AAC7D,oFAAoF;AACpF,MAAM,0BAA0B,GAAG,0BAA0B,CAAC;AAC9D,MAAM,cAAc,GAAG,EAAE,CAAC;AAC1B,MAAM,sBAAsB,GAAG,IAAI,CAAC;AACpC,MAAM,gBAAgB,GAAG,GAAG,CAAC;AAC7B,MAAM,kBAAkB,GAAG,KAAK,CAAC;AAEjC,+CAA+C;AAC/C,MAAM,aAAa,GAAG,CAAC,OAAe,EAAE,IAAY,EAAE,EAAE;;IACtD,MAAM,QAAQ,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;IAC/D,MAAM,UAAU,GAAG,IAAA,cAAQ,EAAC,QAAQ,CAAC,CAAC;IACtC,MAAM,cAAc,GAClB,UAAU,CAAC,iBAAiB,CAAC,CAAC,iBAAiB,CAAC,CAC9C,0BAA0B,CAC3B,CAAC,iBAAiB,CAAC,CAAC;IACvB,MAAM,aAAa,GAAG,cAAc,CAAC,IAAI,CACvC,CAAC,CAAM,EAAE,EAAE,CACT,CAAC,CAAC,WAAW,CAAC,IAAI,KAAK,6CAA6C,CACvE,CAAC;IACF,UAAU;IACV,mIAAmI;IACnI,MAAM,IAAI,GAAG,MACX,IAAA,gBAAO,EAAC,CAAC,aAAa,aAAb,aAAa,uBAAb,aAAa,CAAG,sBAAsB,CAAC,CAAC,CAClD,0CAAE,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAE,CAAC,CAAC;IAChC,MAAM,KAAK,GAAG,IAAI;SACf,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,UAAU,CAAC,gBAAgB,OAAO,QAAQ,CAAC,CAAC;SAC5D,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;IAC/C,OAAO,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC;AACzB,CAAC,CAAC;AAEF,MAAM,gBAAgB,GAAG,CACvB,MAAe,EACmC,EAAE,WACpD,OAAA,CAAA,MAAA,MAAM,CAAC,KAAK,0CAAE,IAAI,MAAK,WAAW,CAAA,EAAA,CAAC;AAErC;;;;GAIG;AACH,MAAM,YAAY,GAAG,CACnB,KAAY,EACZ,OAA2B,EAC3B,KAAe,EACf,EAAE;;IACF,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,GAAG,MAAM,IAAA,qBAAY,EAAC,KAAK,EAAE,OAAO,EAAE,KAAK,CAAC,CAAC;IACvE,IAAI,CAAC,gBAAgB,CAAC,MAAM,CAAC;QAC3B,MAAM,WAAW,MAAA,MAAM,CAAC,KAAK,mCAAI,MAAM,CAAC,EAAE,yCAAyC,CAAC;IACtF,MAAM,YAAY,GAAG,MAAM,IAAA,gCAAwB,
|
|
1
|
+
{"version":3,"file":"aws.js","sourceRoot":"","sources":["../../../../src/plugins/okta/aws.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA;;;;;;;;;GASG;AACH,8CAAoD;AACpD,0CAA4C;AAC5C,6CAA4C;AAE5C,kDAAuD;AACvD,0CAA6C;AAE7C,mCAAmD;AACnD,mCAAiC;AAEjC,6DAA6D;AAC7D,oFAAoF;AACpF,MAAM,0BAA0B,GAAG,0BAA0B,CAAC;AAC9D,MAAM,cAAc,GAAG,EAAE,CAAC;AAC1B,MAAM,sBAAsB,GAAG,IAAI,CAAC;AACpC,MAAM,gBAAgB,GAAG,GAAG,CAAC;AAC7B,MAAM,kBAAkB,GAAG,KAAK,CAAC;AAEjC,+CAA+C;AAC/C,MAAM,aAAa,GAAG,CAAC,OAAe,EAAE,IAAY,EAAE,EAAE;;IACtD,MAAM,QAAQ,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;IAC/D,MAAM,UAAU,GAAG,IAAA,cAAQ,EAAC,QAAQ,CAAC,CAAC;IACtC,MAAM,cAAc,GAClB,UAAU,CAAC,iBAAiB,CAAC,CAAC,iBAAiB,CAAC,CAC9C,0BAA0B,CAC3B,CAAC,iBAAiB,CAAC,CAAC;IACvB,MAAM,aAAa,GAAG,cAAc,CAAC,IAAI,CACvC,CAAC,CAAM,EAAE,EAAE,CACT,CAAC,CAAC,WAAW,CAAC,IAAI,KAAK,6CAA6C,CACvE,CAAC;IACF,UAAU;IACV,mIAAmI;IACnI,MAAM,IAAI,GAAG,MACX,IAAA,gBAAO,EAAC,CAAC,aAAa,aAAb,aAAa,uBAAb,aAAa,CAAG,sBAAsB,CAAC,CAAC,CAClD,0CAAE,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAE,CAAC,CAAC;IAChC,MAAM,KAAK,GAAG,IAAI;SACf,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,UAAU,CAAC,gBAAgB,OAAO,QAAQ,CAAC,CAAC;SAC5D,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;IAC/C,OAAO,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC;AACzB,CAAC,CAAC;AAEF,MAAM,gBAAgB,GAAG,CACvB,MAAe,EACmC,EAAE,WACpD,OAAA,CAAA,MAAA,MAAM,CAAC,KAAK,0CAAE,IAAI,MAAK,WAAW,CAAA,EAAA,CAAC;AAErC;;;;GAIG;AACH,MAAM,YAAY,GAAG,CACnB,KAAY,EACZ,OAA2B,EAC3B,KAAe,EACf,EAAE;;IACF,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,GAAG,MAAM,IAAA,qBAAY,EAAC,KAAK,EAAE,OAAO,EAAE,KAAK,CAAC,CAAC;IACvE,IAAI,CAAC,gBAAgB,CAAC,MAAM,CAAC;QAC3B,MAAM,WAAW,MAAA,MAAM,CAAC,KAAK,mCAAI,MAAM,CAAC,EAAE,yCAAyC,CAAC;IACtF,MAAM,YAAY,GAAG,MAAM,IAAA,gCAAwB,EACjD,QAAQ,EACR,MAAM,CAAC,KAAK,EACZ,KAAK,CACN,CAAC;IACF,OAAO;QACL,YAAY;QACZ,MAAM;QACN,OAAO,EAAE,MAAM,CAAC,EAAE;KACnB,CAAC;AACJ,CAAC,CAAA,CAAC;AAEK,MAAM,sBAAsB,GAAG,CACpC,KAAY,EACZ,IAA0C,EAC1C,KAAe,EACf,EAAE;IACF,OAAA,MAAM,IAAA,aAAM,EACV,YAAY,IAAI,CAAC,SAAS,IAAI,IAAI,CAAC,IAAI,EAAE,EACzC,GAAS,EAAE;QACT,+FAA+F;QAC/F,2FAA2F;QAC3F,iDAAiD;QACjD,OAAO,MAAM,IAAA,sBAAc,EACzB,GAAS,EAAE;YACT,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,YAAY,EAAE,GAAG,MAAM,YAAY,CAC1D,KAAK,EACL,IAAI,CAAC,SAAS,EACd,KAAK,CACN,CAAC;YACF,MAAM,EAAE,KAAK,EAAE,GAAG,aAAa,CAAC,OAAO,EAAE,YAAY,CAAC,CAAC;YACvD,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE;gBAC9B,MAAM,QAAQ,IAAI,CAAC,IAAI,qCAAqC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;aACrG;YACD,OAAO,MAAM,IAAA,+BAAkB,EAAC;gBAC9B,OAAO;gBACP,IAAI,EAAE,IAAI,CAAC,IAAI;gBACf,IAAI,EAAE;oBACJ,YAAY,EAAE,MAAM,CAAC,KAAK,CAAC,QAAQ,CAAC,gBAAgB;oBACpD,QAAQ,EAAE,YAAY;iBACvB;aACF,CAAC,CAAC;QACL,CAAC,CAAA,EACD;YACE,WAAW,EAAE,CAAC,KAAc,EAAE,EAAE;gBAC9B,0EAA0E;gBAC1E,OAAO,CACL,OAAO,KAAK,KAAK,QAAQ;oBACzB,0BAA0B,CAAC,IAAI,CAAC,KAAK,CAAC,CACvC,CAAC;YACJ,CAAC;YACD,OAAO,EAAE,cAAc;YACvB,OAAO,EAAE,sBAAsB;YAC/B,UAAU,EAAE,gBAAgB;YAC5B,UAAU,EAAE,kBAAkB;YAC9B,KAAK;SACN,CACF,CAAC;IACJ,CAAC,CAAA,EACD,EAAE,QAAQ,EAAE,MAAM,EAAE,CACrB,CAAA;EAAA,CAAC;AAhDS,QAAA,sBAAsB,0BAgD/B"}
|
|
@@ -23,4 +23,4 @@ export declare const oktaLogin: (org: OrgData) => Promise<TokenResponse>;
|
|
|
23
23
|
* @returns Base64-encoded SAML assertion for AWS authentication
|
|
24
24
|
* @throws Error if Okta session has expired or been terminated
|
|
25
25
|
*/
|
|
26
|
-
export declare const fetchSamlAssertionForAws: (identity: Identity, config: AwsFederatedLogin) => Promise<string>;
|
|
26
|
+
export declare const fetchSamlAssertionForAws: (identity: Identity, config: AwsFederatedLogin, debug?: boolean) => Promise<string>;
|
|
@@ -46,6 +46,7 @@ You should have received a copy of the GNU General Public License along with @p0
|
|
|
46
46
|
const oidc_1 = require("../../common/auth/oidc");
|
|
47
47
|
const fetch_1 = require("../../common/fetch");
|
|
48
48
|
const auth_1 = require("../../drivers/auth");
|
|
49
|
+
const stdio_1 = require("../../drivers/stdio");
|
|
49
50
|
const authUtils_1 = require("../../types/authUtils");
|
|
50
51
|
const login_1 = require("../oidc/login");
|
|
51
52
|
const cheerio = __importStar(require("cheerio"));
|
|
@@ -54,6 +55,10 @@ const ACCESS_TOKEN_TYPE = "urn:ietf:params:oauth:token-type:access_token";
|
|
|
54
55
|
const ID_TOKEN_TYPE = "urn:ietf:params:oauth:token-type:id_token";
|
|
55
56
|
const TOKEN_EXCHANGE_TYPE = "urn:ietf:params:oauth:grant-type:token-exchange";
|
|
56
57
|
const WEB_SSO_TOKEN_TYPE = "urn:okta:oauth:token-type:web_sso_token";
|
|
58
|
+
const oktaConfigurationErrors = [
|
|
59
|
+
"The application's assurance requirements are not met by the 'subject_token'.",
|
|
60
|
+
"The target audience app must be configured to allow the client to request a 'web_sso_token'.",
|
|
61
|
+
];
|
|
57
62
|
/**
|
|
58
63
|
* Exchanges an Okta OIDC SSO token for an Okta app SSO token.
|
|
59
64
|
*
|
|
@@ -62,7 +67,7 @@ const WEB_SSO_TOKEN_TYPE = "urn:okta:oauth:token-type:web_sso_token";
|
|
|
62
67
|
*
|
|
63
68
|
* @throws Error if Okta session has expired or been terminated
|
|
64
69
|
*/
|
|
65
|
-
const fetchSsoWebToken = (appId, { org, credential }) => __awaiter(void 0, void 0, void 0, function* () {
|
|
70
|
+
const fetchSsoWebToken = (appId, { org, credential }, debug) => __awaiter(void 0, void 0, void 0, function* () {
|
|
66
71
|
const providerType = (0, authUtils_1.getProviderType)(org);
|
|
67
72
|
const providerDomain = (0, authUtils_1.getProviderDomain)(org);
|
|
68
73
|
const clientId = (0, authUtils_1.getClientId)(org);
|
|
@@ -90,7 +95,18 @@ const fetchSsoWebToken = (appId, { org, credential }) => __awaiter(void 0, void
|
|
|
90
95
|
const data = yield response.json();
|
|
91
96
|
if (data.error === "invalid_grant") {
|
|
92
97
|
yield (0, auth_1.deleteIdentity)();
|
|
93
|
-
|
|
98
|
+
// Check for specific configuration errors so that they aren't conflated with session/token expiry errors.
|
|
99
|
+
if (oktaConfigurationErrors.includes(data.error_description)) {
|
|
100
|
+
(0, stdio_1.print2)("Invalid provider configuration - unable to perform token exchange; please fix your configuration, \
|
|
101
|
+
then log out of Okta in your browser and re-execute the p0 command again to reauthenticate.");
|
|
102
|
+
if (debug) {
|
|
103
|
+
(0, stdio_1.print2)("Fetch SSO Web Token Error Information: " + data);
|
|
104
|
+
}
|
|
105
|
+
throw data.error_description;
|
|
106
|
+
}
|
|
107
|
+
else {
|
|
108
|
+
throw "Your Okta session has expired. Please log out of Okta in your browser, and re-execute your p0 command to reauthenticate.";
|
|
109
|
+
}
|
|
94
110
|
}
|
|
95
111
|
}
|
|
96
112
|
// Throw a friendly error message if response is invalid
|
|
@@ -153,8 +169,8 @@ exports.oktaLogin = oktaLogin;
|
|
|
153
169
|
* @throws Error if Okta session has expired or been terminated
|
|
154
170
|
*/
|
|
155
171
|
// TODO: Inject Okta app
|
|
156
|
-
const fetchSamlAssertionForAws = (identity, config) => __awaiter(void 0, void 0, void 0, function* () {
|
|
157
|
-
const webTokenResponse = yield fetchSsoWebToken(config.provider.appId, identity);
|
|
172
|
+
const fetchSamlAssertionForAws = (identity, config, debug) => __awaiter(void 0, void 0, void 0, function* () {
|
|
173
|
+
const webTokenResponse = yield fetchSsoWebToken(config.provider.appId, identity, debug);
|
|
158
174
|
const samlResponse = yield fetchSamlResponse(identity.org, webTokenResponse);
|
|
159
175
|
if (!samlResponse) {
|
|
160
176
|
throw "No SAML assertion obtained from Okta.";
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"login.js","sourceRoot":"","sources":["../../../../src/plugins/okta/login.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA;;;;;;;;;GASG;AACH,iDAAsD;AACtD,8CAAiE;AACjE,6CAAoD;AACpD,qDAI+B;AAK/B,yCAIuB;AACvB,iDAAmC;AACnC,mCAA8B;AAE9B,MAAM,iBAAiB,GAAG,+CAA+C,CAAC;AAC1E,MAAM,aAAa,GAAG,2CAA2C,CAAC;AAClE,MAAM,mBAAmB,GAAG,iDAAiD,CAAC;AAC9E,MAAM,kBAAkB,GAAG,yCAAyC,CAAC;AAErE;;;;;;;GAOG;AACH,MAAM,gBAAgB,GAAG,CACvB,KAAa,EACb,EAAE,GAAG,EAAE,UAAU,EAAY,EAC7B,EAAE;IACF,MAAM,YAAY,GAAG,IAAA,2BAAe,EAAC,GAAG,CAAC,CAAC;IAC1C,MAAM,cAAc,GAAG,IAAA,6BAAiB,EAAC,GAAG,CAAC,CAAC;IAC9C,MAAM,QAAQ,GAAG,IAAA,uBAAW,EAAC,GAAG,CAAC,CAAC;IAElC,IAAI,YAAY,KAAK,MAAM,IAAI,CAAC,cAAc,IAAI,CAAC,QAAQ,EAAE;QAC3D,MAAM,wDAAwD,CAAC;KAChE;IAED,MAAM,IAAI,GAAG;QACX,MAAM,EAAE,MAAM;QACd,OAAO,EAAE,mBAAY;QACrB,IAAI,EAAE,IAAA,iBAAS,EAAC;YACd,QAAQ,EAAE,iBAAiB,KAAK,EAAE;YAClC,SAAS,EAAE,QAAQ;YACnB,WAAW,EAAE,UAAU,CAAC,YAAY;YACpC,gBAAgB,EAAE,iBAAiB;YACnC,aAAa,EAAE,UAAU,CAAC,QAAQ;YAClC,kBAAkB,EAAE,aAAa;YACjC,UAAU,EAAE,mBAAmB;YAC/B,oBAAoB,EAAE,kBAAkB;SACzC,CAAC;KACH,CAAC;IACF,IAAA,8BAAsB,EAAC,GAAG,CAAC,CAAC;IAC5B,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,SAAS,cAAc,kBAAkB,EAAE,IAAI,CAAC,CAAC;IAE9E,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE;QAChB,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,EAAE;YAC3B,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;YACnC,IAAI,IAAI,CAAC,KAAK,KAAK,eAAe,EAAE;gBAClC,MAAM,IAAA,qBAAc,GAAE,CAAC;gBACvB,MAAM,
|
|
1
|
+
{"version":3,"file":"login.js","sourceRoot":"","sources":["../../../../src/plugins/okta/login.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA;;;;;;;;;GASG;AACH,iDAAsD;AACtD,8CAAiE;AACjE,6CAAoD;AACpD,+CAA6C;AAC7C,qDAI+B;AAK/B,yCAIuB;AACvB,iDAAmC;AACnC,mCAA8B;AAE9B,MAAM,iBAAiB,GAAG,+CAA+C,CAAC;AAC1E,MAAM,aAAa,GAAG,2CAA2C,CAAC;AAClE,MAAM,mBAAmB,GAAG,iDAAiD,CAAC;AAC9E,MAAM,kBAAkB,GAAG,yCAAyC,CAAC;AAErE,MAAM,uBAAuB,GAAG;IAC9B,8EAA8E;IAC9E,8FAA8F;CAC/F,CAAC;AAEF;;;;;;;GAOG;AACH,MAAM,gBAAgB,GAAG,CACvB,KAAa,EACb,EAAE,GAAG,EAAE,UAAU,EAAY,EAC7B,KAAe,EACf,EAAE;IACF,MAAM,YAAY,GAAG,IAAA,2BAAe,EAAC,GAAG,CAAC,CAAC;IAC1C,MAAM,cAAc,GAAG,IAAA,6BAAiB,EAAC,GAAG,CAAC,CAAC;IAC9C,MAAM,QAAQ,GAAG,IAAA,uBAAW,EAAC,GAAG,CAAC,CAAC;IAElC,IAAI,YAAY,KAAK,MAAM,IAAI,CAAC,cAAc,IAAI,CAAC,QAAQ,EAAE;QAC3D,MAAM,wDAAwD,CAAC;KAChE;IAED,MAAM,IAAI,GAAG;QACX,MAAM,EAAE,MAAM;QACd,OAAO,EAAE,mBAAY;QACrB,IAAI,EAAE,IAAA,iBAAS,EAAC;YACd,QAAQ,EAAE,iBAAiB,KAAK,EAAE;YAClC,SAAS,EAAE,QAAQ;YACnB,WAAW,EAAE,UAAU,CAAC,YAAY;YACpC,gBAAgB,EAAE,iBAAiB;YACnC,aAAa,EAAE,UAAU,CAAC,QAAQ;YAClC,kBAAkB,EAAE,aAAa;YACjC,UAAU,EAAE,mBAAmB;YAC/B,oBAAoB,EAAE,kBAAkB;SACzC,CAAC;KACH,CAAC;IACF,IAAA,8BAAsB,EAAC,GAAG,CAAC,CAAC;IAC5B,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,SAAS,cAAc,kBAAkB,EAAE,IAAI,CAAC,CAAC;IAE9E,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE;QAChB,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,EAAE;YAC3B,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;YACnC,IAAI,IAAI,CAAC,KAAK,KAAK,eAAe,EAAE;gBAClC,MAAM,IAAA,qBAAc,GAAE,CAAC;gBACvB,0GAA0G;gBAC1G,IAAI,uBAAuB,CAAC,QAAQ,CAAC,IAAI,CAAC,iBAAiB,CAAC,EAAE;oBAC5D,IAAA,cAAM,EACJ;wGAC4F,CAC7F,CAAC;oBACF,IAAI,KAAK,EAAE;wBACT,IAAA,cAAM,EAAC,yCAAyC,GAAG,IAAI,CAAC,CAAC;qBAC1D;oBACD,MAAM,IAAI,CAAC,iBAAiB,CAAC;iBAC9B;qBAAM;oBACL,MAAM,0HAA0H,CAAC;iBAClI;aACF;SACF;QAED,wDAAwD;QACxD,MAAM,IAAA,wBAAgB,EAAC,QAAQ,CAAC,CAAC;KAClC;IAED,OAAO,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAkB,CAAC;AAClD,CAAC,CAAA,CAAC;AAEF,4CAA4C;AAC5C,MAAM,iBAAiB,GAAG,CACxB,GAAY,EACZ,EAAE,YAAY,EAAiB,EAC/B,EAAE;IACF,MAAM,YAAY,GAAG,IAAA,2BAAe,EAAC,GAAG,CAAC,CAAC;IAC1C,MAAM,cAAc,GAAG,IAAA,6BAAiB,EAAC,GAAG,CAAC,CAAC;IAE9C,IAAI,YAAY,KAAK,MAAM,IAAI,CAAC,cAAc,EAAE;QAC9C,MAAM,uDAAuD,CAAC;KAC/D;IAED,MAAM,IAAI,GAAG;QACX,MAAM,EAAE,KAAK;QACb,OAAO,EAAE,IAAA,aAAI,EAAC,mBAAY,EAAE,cAAc,CAAC;KAC5C,CAAC;IACF,IAAA,8BAAsB,EAAC,GAAG,CAAC,CAAC;IAC5B,MAAM,GAAG,GAAG,WAAW,cAAc,0BAA0B,kBAAkB,CAAC,YAAY,CAAC,EAAE,CAAC;IAClG,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC;IACxC,MAAM,IAAA,wBAAgB,EAAC,QAAQ,CAAC,CAAC;IACjC,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;IACnC,MAAM,CAAC,GAAG,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAC7B,MAAM,cAAc,GAAG,CAAC,CAAC,4BAA4B,CAAC,CAAC,GAAG,EAAE,CAAC;IAC7D,OAAO,OAAO,cAAc,KAAK,QAAQ,CAAC,CAAC,CAAC,cAAc,CAAC,CAAC,CAAC,SAAS,CAAC;AACzE,CAAC,CAAA,CAAC;AAEF,+BAA+B;AACxB,MAAM,SAAS,GAAG,CAAO,GAAY,EAAE,EAAE;IAC9C,OAAA,IAAA,iBAAS,EACP,IAAA,sBAAc,EAAC,GAAG,EAAE,oCAAoC,EAAE,GAAG,EAAE;QAC7D,MAAM,YAAY,GAAG,IAAA,2BAAe,EAAC,GAAG,CAAC,CAAC;QAC1C,MAAM,cAAc,GAAG,IAAA,6BAAiB,EAAC,GAAG,CAAC,CAAC;QAE9C,IAAI,YAAY,KAAK,MAAM,IAAI,CAAC,cAAc,EAAE;YAC9C,MAAM,8DAA8D,CAAC;SACtE;QACD,OAAO;YACL,sBAAsB,EAAE,WAAW,cAAc,6BAA6B;YAC9E,QAAQ,EAAE,WAAW,cAAc,kBAAkB;SACtD,CAAC;IACJ,CAAC,CAAC,CACH,CAAA;EAAA,CAAC;AAdS,QAAA,SAAS,aAclB;AAEJ;;;;;;;;;;;;;;;;;;GAkBG;AACH,wBAAwB;AACjB,MAAM,wBAAwB,GAAG,CACtC,QAAkB,EAClB,MAAyB,EACzB,KAAe,EACE,EAAE;IACnB,MAAM,gBAAgB,GAAG,MAAM,gBAAgB,CAC7C,MAAM,CAAC,QAAQ,CAAC,KAAK,EACrB,QAAQ,EACR,KAAK,CACN,CAAC;IACF,MAAM,YAAY,GAAG,MAAM,iBAAiB,CAAC,QAAQ,CAAC,GAAG,EAAE,gBAAgB,CAAC,CAAC;IAC7E,IAAI,CAAC,YAAY,EAAE;QACjB,MAAM,uCAAuC,CAAC;KAC/C;IACD,OAAO,YAAY,CAAC;AACtB,CAAC,CAAA,CAAC;AAfW,QAAA,wBAAwB,4BAenC"}
|
|
@@ -27,13 +27,13 @@
|
|
|
27
27
|
padding: 0.3em 1em 0.3em 1em;
|
|
28
28
|
}
|
|
29
29
|
</style>
|
|
30
|
-
<title>P0 login
|
|
30
|
+
<title>P0 login flow</title>
|
|
31
31
|
<link rel="icon" type="image/x-icon" href="/favicon.ico" />
|
|
32
32
|
</head>
|
|
33
33
|
<body>
|
|
34
34
|
<div class="splash">
|
|
35
|
-
<h2>
|
|
36
|
-
<p>
|
|
35
|
+
<h2>Continue in your terminal</h2>
|
|
36
|
+
<p>Please return to the P0 CLI to complete your login.</p>
|
|
37
37
|
<p>You can safely close this browser tab.</p>
|
|
38
38
|
</div>
|
|
39
39
|
</body>
|