SSO for browser (#1478)

* Initial implementation

* Remove dep on querystring

* Restore search params properly

* Remove unneeded changes

* Touch up connect frame and update licenses

* Cleanup discovery duck

* Add helper fns to discovery duck

* cleanup

* Touch up connect frame

* Respect discoveryURL param

* Borrow bloom auth debugger fn

* Updated auth code from bloom

* Fix keycloak implicit flow

* cleanup

* Add bloom updates

* Fix crashes

* mellan

* Update tests

* fix styling

* Add better logging

* mel

* Show error messages from SSO

* Self review

* Fix normal discovery

* Downloadable logs

* Update naming as per review comments

* comments

* Fix comment around logging

* Add rejections per review comments

* Fix comment about history.replace

* More throws

* List missing keys on invalid sso provider

* Update log message about principal and secure context

* Use constant for url param

* Stop log and throwing

* Improve error handling

* Add better types

* Helper fn for getting valid sso providers

* Handle connectURL and multiple discovery endpoints properly

* Update from jons review comments

* Add discovery logs to :debug frame

* Update styling as per lizas comments

* Fix typo

* Rename provider id

* remove extra newline in :debug logs

* Move code to styled comp

* Cleanup comment

* Fix unit tests

LICENSES.txt

@@ -5805,6 +5805,32 @@ ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEAL
 
 -----
 
+The following software may be included in this product: jwt-decode. A copy of the source code may be downloaded from git://github.com/auth0/jwt-decode. This software contains the following license and notice below:
+
+The MIT License (MIT)
+
+Copyright (c) 2015 Auth0, Inc. <support@auth0.com> (http://auth0.com)
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
+
+-----
+
 The following software may be included in this product: keyboard-key. A copy of the source code may be downloaded from git+ssh://github.com/levithomason/keyboard-key.git. This software contains the following license and notice below:
 
 MIT License

NOTICE.txt

@@ -1275,6 +1275,10 @@ Third-party licenses
 │  ├─ jws@4.0.0
 │  │  ├─ URL: git://github.com/brianloveswords/node-jws.git
 │  │  └─ VendorName: Brian J Brennan
+│  ├─ jwt-decode@3.1.2
+│  │  ├─ URL: git://github.com/auth0/jwt-decode
+│  │  ├─ VendorName: Jose F. Romaniello
+│  │  └─ VendorUrl: https://github.com/auth0/jwt-decode#readme
 │  ├─ keyboard-key@1.1.0
 │  │  ├─ URL: git+ssh://github.com/levithomason/keyboard-key.git
 │  │  └─ VendorName: Levi Thomason

package.json

@@ -181,6 +181,7 @@
     "isomorphic-fetch": "^2.2.1",
     "jsonic": "^0.3.0",
     "jszip": "^3.2.2",
+    "jwt-decode": "^3.1.2",
     "lodash-es": "^4.17.15",
     "memoize-one": "^5.2.1",
     "monaco-editor": "0.23.0",

src/browser/AppInit.tsx

@@ -53,6 +53,10 @@ import { shouldAllowOutgoingConnections } from 'shared/modules/dbMeta/dbMetaDuck
 import { getUuid } from 'shared/modules/udc/udcDuck'
 import { DndProvider } from 'react-dnd'
 import { HTML5Backend } from 'react-dnd-html5-backend'
+import {
+  restoreSearchAndHashParams,
+  wasRedirectedBackFromSSOServer
+} from 'shared/modules/auth/common'
 
 // Configure localstorage sync
 applyKeys(
@@ -199,6 +203,14 @@ export function setupSentry(): void {
 // Introduce environment to be able to fork functionality
 const env = detectRuntimeEnv(window, NEO4J_CLOUD_DOMAINS)
 
+// SSO requires a redirect that removes our search parameters
+// To work around this they are stored in sessionStorage before
+// we redirect to the server, and then restore them when we get
+// redirected back
+if (wasRedirectedBackFromSSOServer()) {
+  restoreSearchAndHashParams()
+}
+
 // URL we're on
 const url = window.location.href
 

src/browser/components/buttons/index.tsx

@@ -115,8 +115,8 @@ export const NavigationButtonContainer = styled.li<{ isOpen: boolean }>`
 
 const StyledFormButton = styled.button`
   color: ${props => props.theme.primaryButtonText};
-  background-color: ${props => props.theme.primaryButtonBackground};
-  border: 1px solid ${props => props.theme.primaryButtonBackground};
+  background-color: ${props => props.theme.primary};
+  border: 1px solid ${props => props.theme.primary};
   font-family: ${props => props.theme.primaryFontFamily};
   padding: 6px 18px;
   margin-right: 10px;
@@ -129,9 +129,9 @@ const StyledFormButton = styled.button`
   border-radius: 4px;
   line-height: 20px;
   &:hover {
-    background-color: ${props => props.theme.secondaryButtonBackgroundHover};
+    background-color: ${props => props.theme.primary50};
     color: ${props => props.theme.secondaryButtonTextHover};
-    border: 1px solid ${props => props.theme.secondaryButtonBackgroundHover};
+    border: 1px solid ${props => props.theme.primary50};
   }
 `
 

src/browser/components/headers/Headers.tsx

@@ -26,3 +26,10 @@ export const H3 = styled.h3`
   font-family: ${props => props.theme.primaryFontFamily};
   color: ${props => props.theme.headerText};
 `
+export const H4 = styled.h3`
+  font-weight: 500;
+  font-size: 18px;
+  font-family: ${props => props.theme.primaryFontFamily};
+  color: ${props => props.theme.headerText};
+  margin-bottom: 32px;
+`