Merge branch 'v4' into DP-479

iress · Sep 26, 2023 · d1a2225 · d1a2225
2 parents 6fc36a2 + bf49023
commit d1a2225
Show file tree

Hide file tree

Showing 7 changed files with 13 additions and 9 deletions.
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -8,7 +8,7 @@ jobs:
 
     strategy:
       matrix:
-        node-version: [14.x, 16.x]
+        node-version: [14.x, 16.x, 18.x]
 
     steps:
     - uses: actions/checkout@v2

diff --git a/README.md b/README.md
@@ -163,7 +163,7 @@ Detailed instructions on testing your function can be found [in the Wiki](https:
 ## Build Requirements
 
 * [npm](https://www.npmjs.com/) ^7.20.0
-* [node](https://nodejs.org/en/) ^14.0
+* [node](https://nodejs.org/en/) ^18.0
 * [openssl](https://www.openssl.org)
 
 ## Building Generic Packages
@@ -179,7 +179,9 @@ The supported values of `package` are:
 * `okta_native` - builds a generic Lambda package for OKTA Native authentication
 * `rotate_key_pair` - builds a Lambda package for rotating the RSA keys in AWS Secrets Manager
 
-GitHub Actions automatically creates a new GitHub release when the repository owner pushes a tag that begins with `v`:
+GitHub Actions automatically creates a new GitHub release when the repository owner pushes a tag that begins with `v`.
+
+e.g.
 
 ```sh
 git tag -a -m "Target AWS Lambda Node.js 14.x runtime" v3.0.0

diff --git a/authn/pkce.index.js b/authn/pkce.index.js
@@ -330,15 +330,17 @@ function redirect(request, headers, callback) {
           "value" : cookie.serialize('NONCE', n[1], {
             path: '/',
             httpOnly: true,
-            sameSite: 'strict'
+            sameSite: 'strict',
+            secure: true
           })
         },
         {
           "key": "Set-Cookie",
           "value" : cookie.serialize('CV', challenge[0], {
             path: '/',
             httpOnly: true,
-            sameSite: 'strict'
+            sameSite: 'strict',
+            secure: true
           })
         }
       ],

diff --git a/infra/terraform/README.md b/infra/terraform/README.md
@@ -13,7 +13,7 @@ The Terraform modules for each identity provider are in the [modules](./modules)
       source = "github.com/iress/cloudfront-auth//infra/terraform/modules/okta_native"
 
       # Lambda function version to deploy (see the Releases page of this GitHub repository)
-      release_version = "v3.0.0"
+      release_version = "v4.0.0"
 
       name        = "my-website-auth"
       org_url     = "https://my-org.okta.com/oauth2/default"

diff --git a/infra/terraform/examples/okta-native/main.tf b/infra/terraform/examples/okta-native/main.tf
@@ -5,7 +5,7 @@ locals {
 module "auth" {
   source = "github.com/iress/cloudfront-auth//infra/terraform/modules/okta_native"
 
-  release_version = "v3.0.0"
+  release_version = "v4.0.0"
   name            = local.name
   org_url         = "https://my-org.okta.com/oauth2/default"
   client_id       = "Nf2qSD9wXKU9ph8an22T"

diff --git a/infra/terraform/modules/_lambda/main.tf b/infra/terraform/modules/_lambda/main.tf
@@ -20,7 +20,7 @@ resource "aws_lambda_function" "main" {
   role             = aws_iam_role.lambda.arn
   handler          = "index.handler"
   source_code_hash = base64sha256(var.package_url)
-  runtime          = "nodejs14.x"
+  runtime          = "nodejs18.x"
   timeout          = var.timeout
   publish          = var.lambda_at_edge
   tags             = var.tags

diff --git a/template.yaml b/template.yaml
@@ -8,7 +8,7 @@ Resources:
         Properties:
           CodeUri: distributions/{distribution_name}/{distribution_name}.zip
           Role: !GetAtt LambdaEdgeFunctionRole.Arn
-          Runtime: nodejs14.x
+          Runtime: nodejs18.x
           Handler: index.handler
           Timeout: 5
           AutoPublishAlias: LIVE