diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 4453818..ec7ddd7 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -8,7 +8,7 @@ jobs: strategy: matrix: - node-version: [14.x, 16.x] + node-version: [14.x, 16.x, 18.x] steps: - uses: actions/checkout@v2 diff --git a/README.md b/README.md index c42a3bc..56f2ab0 100755 --- a/README.md +++ b/README.md @@ -163,7 +163,7 @@ Detailed instructions on testing your function can be found [in the Wiki](https: ## Build Requirements * [npm](https://www.npmjs.com/) ^7.20.0 -* [node](https://nodejs.org/en/) ^14.0 +* [node](https://nodejs.org/en/) ^18.0 * [openssl](https://www.openssl.org) ## Building Generic Packages @@ -179,7 +179,9 @@ The supported values of `package` are: * `okta_native` - builds a generic Lambda package for OKTA Native authentication * `rotate_key_pair` - builds a Lambda package for rotating the RSA keys in AWS Secrets Manager -GitHub Actions automatically creates a new GitHub release when the repository owner pushes a tag that begins with `v`: +GitHub Actions automatically creates a new GitHub release when the repository owner pushes a tag that begins with `v`. + +e.g. ```sh git tag -a -m "Target AWS Lambda Node.js 14.x runtime" v3.0.0 diff --git a/authn/pkce.index.js b/authn/pkce.index.js index dbd5440..241827b 100755 --- a/authn/pkce.index.js +++ b/authn/pkce.index.js @@ -330,7 +330,8 @@ function redirect(request, headers, callback) { "value" : cookie.serialize('NONCE', n[1], { path: '/', httpOnly: true, - sameSite: 'strict' + sameSite: 'strict', + secure: true }) }, { @@ -338,7 +339,8 @@ function redirect(request, headers, callback) { "value" : cookie.serialize('CV', challenge[0], { path: '/', httpOnly: true, - sameSite: 'strict' + sameSite: 'strict', + secure: true }) } ], diff --git a/infra/terraform/README.md b/infra/terraform/README.md index b99832d..606da90 100644 --- a/infra/terraform/README.md +++ b/infra/terraform/README.md @@ -13,7 +13,7 @@ The Terraform modules for each identity provider are in the [modules](./modules) source = "github.com/iress/cloudfront-auth//infra/terraform/modules/okta_native" # Lambda function version to deploy (see the Releases page of this GitHub repository) - release_version = "v3.0.0" + release_version = "v4.0.0" name = "my-website-auth" org_url = "https://my-org.okta.com/oauth2/default" diff --git a/infra/terraform/examples/okta-native/main.tf b/infra/terraform/examples/okta-native/main.tf index 929f14a..1dcdd2a 100644 --- a/infra/terraform/examples/okta-native/main.tf +++ b/infra/terraform/examples/okta-native/main.tf @@ -5,7 +5,7 @@ locals { module "auth" { source = "github.com/iress/cloudfront-auth//infra/terraform/modules/okta_native" - release_version = "v3.0.0" + release_version = "v4.0.0" name = local.name org_url = "https://my-org.okta.com/oauth2/default" client_id = "Nf2qSD9wXKU9ph8an22T" diff --git a/infra/terraform/modules/_lambda/main.tf b/infra/terraform/modules/_lambda/main.tf index b4b5823..2afa1bb 100644 --- a/infra/terraform/modules/_lambda/main.tf +++ b/infra/terraform/modules/_lambda/main.tf @@ -20,7 +20,7 @@ resource "aws_lambda_function" "main" { role = aws_iam_role.lambda.arn handler = "index.handler" source_code_hash = base64sha256(var.package_url) - runtime = "nodejs14.x" + runtime = "nodejs18.x" timeout = var.timeout publish = var.lambda_at_edge tags = var.tags diff --git a/template.yaml b/template.yaml index 4bef796..c500e25 100644 --- a/template.yaml +++ b/template.yaml @@ -8,7 +8,7 @@ Resources: Properties: CodeUri: distributions/{distribution_name}/{distribution_name}.zip Role: !GetAtt LambdaEdgeFunctionRole.Arn - Runtime: nodejs14.x + Runtime: nodejs18.x Handler: index.handler Timeout: 5 AutoPublishAlias: LIVE