Add a new Okta JWT SSO example

okta-jwt-sso/.dockerignore

@@ -0,0 +1 @@
+node_modules

okta-jwt-sso/.gitignore

@@ -0,0 +1,24 @@
+# See https://help.github.com/articles/ignoring-files/ for more about ignoring files.
+
+# dependencies
+/node_modules
+/.pnp
+.pnp.js
+
+# testing
+/coverage
+
+# production
+/build
+
+# misc
+.DS_Store
+.env.local
+.env.development.local
+.env.test.local
+.env.production.local
+
+npm-debug.log*
+yarn-debug.log*
+yarn-error.log*
+.env

okta-jwt-sso/Dockerfile

@@ -0,0 +1,13 @@
+FROM node:lts-alpine as builder
+
+WORKDIR /app
+
+COPY server.js package.json /app/
+COPY src /app/src
+COPY public /app/public
+ENV NODE_OPTIONS=--openssl-legacy-provider
+RUN npm install
+
+EXPOSE 3001
+
+CMD [ "npm", "start" ]

okta-jwt-sso/README

@@ -0,0 +1,32 @@
+# Metabase SSO with Okta + JWT
+
+An extremely basic demo of JWT SSO authentication
+
+## How does this work
+
+It's a web application that connects to Okta to authenticate, get user properties and then authenticate to Metabase via JWT with those properties
+
+## Structure of the project
+
+- server.js: the backend, here you'll see the routes and the structure to make the connection to Okta
+- public, src: the frontend, this is a basic react application that has a button to initiate the flow
+
+# How to run this project
+
+First of all you need to create a tenant in Okta, if you don't have one, please create a tenant
+
+In Okta:
+1) create a web application (OIDC - OpenID Connect)
+2) leave everything by default but the "Sign-in redirect URIs" (you need to enter localhost:3001/* there)
+3) once you confirm the project, you'll get a cliend id and a secret, please complete those in the server.js file
+
+In Metabase:
+1) you need a pro/enterprise token, so initialize Metabase and complete that in the settings->admin settings-license and billing section
+2) get the JWT signing key on settings->admin->authentication->jwt and complete that in the server.js
+3) complete the JWT URI to localhost:3001/auth
+
+Now go to localhost:3001 and click on sign in, you should be taken to your okta tenant where you need to authenticate and then you should be taken to Metabase
+
+## Containers
+
+There's a docker-compose.yaml file in the root folder that you can simply raise with "docker compose up" command if you have docker installed. Please remember to complete all the environment variables before starting it

okta-jwt-sso/docker-compose.yaml

@@ -0,0 +1,47 @@
+services:
+  metabase:
+    build: metabase/.
+    container_name: metabase_full_app_embedding_demo
+    hostname: metabase
+    ports:
+      - 3000:3000
+    environment: 
+      - "MB_SITE_URL=http://localhost:3000"
+      - "MB_EMBEDDING_APP_ORIGIN=*"
+      - "MB_ENABLE_EMBEDDING=true"
+      - "MB_PREMIUM_EMBEDDING_TOKEN=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"
+      - "MB_JWT_ENABLED=true"
+      - "MB_JWT_IDENTITY_PROVIDER_URI=http://localhost:3001/login"
+      - "MB_JWT_SHARED_SECRET=ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff"
+    networks: 
+      - metanet1
+    healthcheck:
+      test: curl --fail -I http://localhost:3000/api/health || exit 1
+      interval: 15s
+      timeout: 5s
+      retries: 5
+  setup_full_app_embedding_demo:
+    image: bash:5.1.16
+    container_name: setup_full_app_embedding_demo
+    volumes:
+      - $PWD/setup:/tmp
+    networks:
+      - metanet1
+    depends_on:
+      metabase:
+        condition: service_healthy
+    command: sh /tmp/metabase-setup.sh metabase:3000
+  okta_jwt_sso:
+    build: .
+    container_name: okta_jwt_sso
+    hostname: webapp
+    ports:
+      - 3001:3001
+    networks:
+      - metanet1
+    depends_on:
+      metabase:
+        condition: service_healthy
+networks: 
+  metanet1:
+    driver: bridge

okta-jwt-sso/metabase/Dockerfile

@@ -0,0 +1,12 @@
+FROM eclipse-temurin:21-jre
+
+WORKDIR /app
+
+RUN apt-get update && apt-get install -y bash fonts-noto fontconfig curl ca-certificates-java
+
+ADD https://downloads.metabase.com/enterprise/latest/metabase.jar .
+ADD https://raw.githubusercontent.com/metabase/metabase/master/bin/docker/run_metabase.sh .
+
+EXPOSE 3000
+
+CMD ["java", "-jar", "metabase.jar"]