Skip to content

Commit 843f2b5

Browse files
authored
Merge branch 'main' into code_formatting
2 parents 8007c4f + cce23b7 commit 843f2b5

File tree

14 files changed

+2211
-1257
lines changed

14 files changed

+2211
-1257
lines changed

.github/CODEOWNERS

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1 +1 @@
1-
* @auth0/dx-sdks-engineer
1+
* @auth0/project-dx-sdks-engineer-codeowner

.github/actions/rl-scanner/action.yml

Lines changed: 71 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,71 @@
1+
name: 'Reversing Labs Scanner'
2+
description: 'Runs the Reversing Labs scanner on a specified artifact.'
3+
inputs:
4+
artifact-path:
5+
description: 'Path to the artifact to be scanned.'
6+
required: true
7+
version:
8+
description: 'Version of the artifact.'
9+
required: true
10+
11+
runs:
12+
using: 'composite'
13+
steps:
14+
- name: Set up Python
15+
uses: actions/setup-python@v4
16+
with:
17+
python-version: '3.10'
18+
19+
- name: Install Python dependencies
20+
shell: bash
21+
run: |
22+
pip install boto3 requests
23+
24+
- name: Configure AWS credentials
25+
uses: aws-actions/configure-aws-credentials@v1
26+
with:
27+
role-to-assume: ${{ env.PRODSEC_TOOLS_ARN }}
28+
aws-region: us-east-1
29+
mask-aws-account-id: true
30+
31+
- name: Install RL Wrapper
32+
shell: bash
33+
run: |
34+
pip install rl-wrapper>=1.0.0 --index-url "https://${{ env.PRODSEC_TOOLS_USER }}:${{ env.PRODSEC_TOOLS_TOKEN }}@a0us.jfrog.io/artifactory/api/pypi/python-local/simple"
35+
36+
- name: Run RL Scanner
37+
shell: bash
38+
env:
39+
RLSECURE_LICENSE: ${{ env.RLSECURE_LICENSE }}
40+
RLSECURE_SITE_KEY: ${{ env.RLSECURE_SITE_KEY }}
41+
SIGNAL_HANDLER_TOKEN: ${{ env.SIGNAL_HANDLER_TOKEN }}
42+
PYTHONUNBUFFERED: 1
43+
run: |
44+
if [ ! -f "${{ inputs.artifact-path }}" ]; then
45+
echo "Artifact not found: ${{ inputs.artifact-path }}"
46+
exit 1
47+
fi
48+
49+
rl-wrapper \
50+
--artifact "${{ inputs.artifact-path }}" \
51+
--name "${{ github.event.repository.name }}" \
52+
--version "${{ inputs.version }}" \
53+
--repository "${{ github.repository }}" \
54+
--commit "${{ github.sha }}" \
55+
--build-env "github_actions" \
56+
--suppress_output
57+
58+
# Check the outcome of the scanner
59+
if [ $? -ne 0 ]; then
60+
echo "RL Scanner failed."
61+
echo "scan-status=failed" >> $GITHUB_ENV
62+
exit 1
63+
else
64+
echo "RL Scanner passed."
65+
echo "scan-status=success" >> $GITHUB_ENV
66+
fi
67+
68+
outputs:
69+
scan-status:
70+
description: 'The outcome of the scan process.'
71+
value: ${{ env.scan-status }}

.github/workflows/browserstack.yml

Lines changed: 1 addition & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -3,7 +3,7 @@ name: Browserstack
33
on:
44
merge_group:
55
workflow_dispatch:
6-
pull_request_target:
6+
pull_request:
77
types:
88
- opened
99
- synchronize
@@ -23,15 +23,8 @@ env:
2323
CACHE_KEY: '${{ github.event.pull_request.head.sha || github.ref }}-${{ github.run_id }}-${{ github.run_attempt }}'
2424

2525
jobs:
26-
authorize:
27-
name: Authorize
28-
environment: ${{ github.actor != 'dependabot[bot]' && github.event_name == 'pull_request_target' && github.event.pull_request.head.repo.full_name != github.repository && 'external' || 'internal' }}
29-
runs-on: ubuntu-latest
30-
steps:
31-
- run: true
3226

3327
browserstack:
34-
needs: authorize # Require approval before running on forked pull requests
3528

3629
name: BrowserStack Tests
3730
runs-on: ubuntu-latest

.github/workflows/publish.yml

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -52,8 +52,9 @@ jobs:
5252
# Build the tag string from package.json version and release suffix. Produces something like `1.0.0-beta.1` for a beta, or `1.0.0` for a stable release.
5353
- name: Build tag
5454
id: vtag
55-
run: |
55+
env:
5656
PACKAGE_VERSION="${{ github.event.inputs.version }}"
57+
run: |
5758
echo "vtag=${PACKAGE_VERSION}" >> $GITHUB_ENV
5859
echo "vtag=${PACKAGE_VERSION}" >> $GITHUB_OUTPUT
5960

.github/workflows/release.yml

Lines changed: 14 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -15,8 +15,22 @@ permissions:
1515
### TODO: Also remove `npm-release` workflow from this repo's .github/workflows folder once the repo is public.
1616

1717
jobs:
18+
rl-scanner:
19+
uses: ./.github/workflows/rl-secure.yml
20+
with:
21+
node-version: 18 ## depends if build requires node else we can remove this.
22+
artifact-name: 'auth0-angular.tgz' ## Will change respective to Repository
23+
secrets:
24+
RLSECURE_LICENSE: ${{ secrets.RLSECURE_LICENSE }}
25+
RLSECURE_SITE_KEY: ${{ secrets.RLSECURE_SITE_KEY }}
26+
SIGNAL_HANDLER_TOKEN: ${{ secrets.SIGNAL_HANDLER_TOKEN }}
27+
PRODSEC_TOOLS_USER: ${{ secrets.PRODSEC_TOOLS_USER }}
28+
PRODSEC_TOOLS_TOKEN: ${{ secrets.PRODSEC_TOOLS_TOKEN }}
29+
PRODSEC_TOOLS_ARN: ${{ secrets.PRODSEC_TOOLS_ARN }}
30+
1831
release:
1932
uses: ./.github/workflows/npm-release.yml
33+
needs: rl-scanner ## this is important as this will not let release job to run until rl-scanner is done
2034
with:
2135
node-version: 18
2236
require-build: true

.github/workflows/rl-secure.yml

Lines changed: 67 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,67 @@
1+
name: RL-Secure Workflow
2+
3+
on:
4+
workflow_call:
5+
inputs:
6+
node-version: ## depends if build requires node else we can remove this.
7+
required: true
8+
type: string
9+
artifact-name:
10+
required: true
11+
type: string
12+
secrets:
13+
RLSECURE_LICENSE:
14+
required: true
15+
RLSECURE_SITE_KEY:
16+
required: true
17+
SIGNAL_HANDLER_TOKEN:
18+
required: true
19+
PRODSEC_TOOLS_USER:
20+
required: true
21+
PRODSEC_TOOLS_TOKEN:
22+
required: true
23+
PRODSEC_TOOLS_ARN:
24+
required: true
25+
26+
jobs:
27+
rl-scanner:
28+
name: Run Reversing Labs Scanner
29+
if: github.event_name == 'workflow_dispatch' || (github.event_name == 'pull_request' && github.event.pull_request.merged && startsWith(github.event.pull_request.head.ref, 'release/'))
30+
runs-on: ubuntu-latest
31+
outputs:
32+
scan-status: ${{ steps.rl-scan-conclusion.outcome }}
33+
34+
steps:
35+
- name: Checkout code
36+
uses: actions/checkout@v4
37+
with:
38+
fetch-depth: 0
39+
40+
- name: Build package
41+
uses: ./.github/actions/build
42+
with:
43+
node: ${{ inputs.node-version }}
44+
45+
- name: Create tgz build artifact
46+
run: |
47+
tar -czvf ${{ inputs.artifact-name }} *
48+
49+
- id: get_version
50+
uses: ./.github/actions/get-version
51+
52+
- name: Run RL Scanner
53+
id: rl-scan-conclusion
54+
uses: ./.github/actions/rl-scanner
55+
with:
56+
artifact-path: "$(pwd)/${{ inputs.artifact-name }}"
57+
version: "${{ steps.get_version.outputs.version }}"
58+
env:
59+
RLSECURE_LICENSE: ${{ secrets.RLSECURE_LICENSE }}
60+
RLSECURE_SITE_KEY: ${{ secrets.RLSECURE_SITE_KEY }}
61+
SIGNAL_HANDLER_TOKEN: ${{ secrets.SIGNAL_HANDLER_TOKEN }}
62+
PRODSEC_TOOLS_USER: ${{ secrets.PRODSEC_TOOLS_USER }}
63+
PRODSEC_TOOLS_TOKEN: ${{ secrets.PRODSEC_TOOLS_TOKEN }}
64+
PRODSEC_TOOLS_ARN: ${{ secrets.PRODSEC_TOOLS_ARN }}
65+
66+
- name: Output scan result
67+
run: echo "scan-status=${{ steps.rl-scan-conclusion.outcome }}" >> $GITHUB_ENV

.github/workflows/semgrep.yml

Lines changed: 1 addition & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -2,7 +2,7 @@ name: Semgrep
22

33
on:
44
merge_group:
5-
pull_request_target:
5+
pull_request:
66
types:
77
- opened
88
- synchronize
@@ -20,15 +20,8 @@ concurrency:
2020
cancel-in-progress: ${{ github.ref != 'refs/heads/main' }}
2121

2222
jobs:
23-
authorize:
24-
name: Authorize
25-
environment: ${{ github.actor != 'dependabot[bot]' && github.event_name == 'pull_request_target' && github.event.pull_request.head.repo.full_name != github.repository && 'external' || 'internal' }}
26-
runs-on: ubuntu-latest
27-
steps:
28-
- run: true
2923

3024
run:
31-
needs: authorize # Require approval before running on forked pull requests
3225

3326
name: Check for Vulnerabilities
3427
runs-on: ubuntu-latest

.github/workflows/snyk.yml

Lines changed: 1 addition & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -3,7 +3,7 @@ name: Snyk
33
on:
44
merge_group:
55
workflow_dispatch:
6-
pull_request_target:
6+
pull_request:
77
types:
88
- opened
99
- synchronize
@@ -21,15 +21,8 @@ concurrency:
2121
cancel-in-progress: ${{ github.ref != 'refs/heads/main' }}
2222

2323
jobs:
24-
authorize:
25-
name: Authorize
26-
environment: ${{ github.actor != 'dependabot[bot]' && github.event_name == 'pull_request_target' && github.event.pull_request.head.repo.full_name != github.repository && 'external' || 'internal' }}
27-
runs-on: ubuntu-latest
28-
steps:
29-
- run: true
3024

3125
check:
32-
needs: authorize
3326

3427
name: Check for Vulnerabilities
3528
runs-on: ubuntu-latest

.github/workflows/test.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -67,7 +67,7 @@ jobs:
6767
run: npm run test:ci
6868

6969
- name: Upload coverage
70-
uses: codecov/codecov-action@eaaf4bedf32dbdc6b720b63067d99c4d77d6047d # pin@3.1.4
70+
uses: codecov/codecov-action@18283e04ce6e62d37312384ff67231eb8fd56d24 # pin@5.4.3
7171

7272
lint:
7373
needs: build # Require build to complete before running tests

FAQ.md

Lines changed: 33 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -11,6 +11,7 @@
1111
7. [Using the SDK with Angular Universal](#7-using-the-sdk-with-angular-universal)
1212
8. [Retrieving and refreshing a token](#8-retrieving-and-refreshing-a-token)
1313
9. [When using localOnly logout, the user is getting logged in again](#9-when-using-localonly-logout-the-user-is-getting-logged-in-again)
14+
9. [Skip the Auth0 login page?](#10-skip-the-auth0-login-page)
1415

1516
## 1. User is not logged in after page refresh
1617

@@ -288,3 +289,35 @@ providers: [
288289
}
289290
],
290291
```
292+
293+
## 10. Skip the Auth0 login page
294+
295+
When integrating with third party providers such as Google or Microsoft, being redirected to Auth0 before being redirected to the corresponding provider can be sub-optimal in terms of user-experience.
296+
If you only have a single connection enabled, or you know up front how the user wants to authenticate, you can set the `connection` parameter when calling `loginWithRedirect()` or `loginWithPopup()`:
297+
298+
```
299+
this.auth.loginWithRedirect({
300+
// ...
301+
authorizationParams: {
302+
connection: 'connection_logical_identifier'
303+
}
304+
})
305+
```
306+
307+
Doing so for connections such as Google or Microsoft, would automatically redirect you to them instead of showing the Auth0 login page first.
308+
309+
Additionally, if you are using our AuthGuard, you may want it to pick up the same connection when it would redirect for login. To do so, you should provide the `connection` property when configuring Auth0:
310+
311+
```
312+
bootstrapApplication(AppComponent, {
313+
providers: [
314+
provideAuth0({
315+
authorizationParams: {
316+
connection: 'connection_logical_identifier'
317+
}
318+
}),
319+
]
320+
});
321+
```
322+
323+
ℹ️ You can find the connection's logical identifier as the **connection name** in the connection settings in the Auth0 dashboard for your tenant.

0 commit comments

Comments
 (0)