Update identity-azure-auth-fns.ts

Merge pull request #2097 from Infisical/secret-sharing-ui-update
update phrasing
2025-07-25 14:07:47 +00:00 · 2024-07-16 04:15:04 +02:00 · 2024-07-10 18:38:32 -04:00 · 2024-07-10 13:46:22 -04:00 · 2024-07-10 08:06:06 -07:00
3 changed files with 10 additions and 2 deletions
--- a/backend/src/services/identity-azure-auth/identity-azure-auth-fns.ts
+++ b/backend/src/services/identity-azure-auth/identity-azure-auth-fns.ts
@@ -17,6 +17,7 @@ export const validateAzureIdentity = async ({
  const jwksUri = `https://login.microsoftonline.com/${tenantId}/discovery/keys`;

  const decodedJwt = jwt.decode(azureJwt, { complete: true }) as TDecodedAzureAuthJwt;
+
  const { kid } = decodedJwt.header;

  const { data }: { data: TAzureJwksUriResponse } = await axios.get(jwksUri);
@@ -27,6 +28,13 @@ export const validateAzureIdentity = async ({

  const publicKey = `-----BEGIN CERTIFICATE-----\n${signingKey.x5c[0]}\n-----END CERTIFICATE-----`;

+  // Case: This can happen when the user uses a custom resource (such as https://management.azure.com&client_id=value).
+  // In this case, the audience in the decoded JWT will not have a trailing slash, but the resource will.
+  if (!decodedJwt.payload.aud.endsWith("/") && resource.endsWith("/")) {
+    // eslint-disable-next-line no-param-reassign
+    resource = resource.slice(0, -1);
+  }
+
  return jwt.verify(azureJwt, publicKey, {
    audience: resource,
    issuer: `https://sts.windows.net/${tenantId}/`
--- a/frontend/next.config.js
+++ b/frontend/next.config.js
@@ -2,7 +2,7 @@ const path = require("path");

 const ContentSecurityPolicy = `
 	default-src 'self';
-	script-src 'self' https://app.posthog.com https://js.stripe.com https://api.stripe.com https://widget.intercom.io https://js.intercomcdn.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline' 'unsafe-eval';
+	script-src 'self' https://*.posthog.com https://*.*.posthog.com https://js.stripe.com https://api.stripe.com https://widget.intercom.io https://js.intercomcdn.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline' 'unsafe-eval';
 	style-src 'self' https://rsms.me 'unsafe-inline' https://hcaptcha.com https://*.hcaptcha.com;
 	child-src https://api.stripe.com;
 	frame-src https://js.stripe.com/ https://api.stripe.com https://www.youtube.com/ https://hcaptcha.com https://*.hcaptcha.com;
--- a/frontend/src/views/ShareSecretPublicPage/ShareSecretPublicPage.tsx
+++ b/frontend/src/views/ShareSecretPublicPage/ShareSecretPublicPage.tsx
@@ -77,7 +77,7 @@ export const ShareSecretPublicPage = ({ isNewSession }: { isNewSession: boolean
          </div>
          <div className="w-full flex justify-center">
            <h1 className={`${id ? "max-w-sm mb-4": "max-w-md mt-4 mb-6"} bg-gradient-to-b from-white to-bunker-200 bg-clip-text px-4 text-center text-3xl font-medium text-transparent`}>
-              {id ? "Someone shared a secret on Infisical with you" : "Share a secret with Infisical"}
+              {id ? "Someone shared a secret via Infisical with you" : "Share a secret via Infisical"}
            </h1>
          </div>
          <div className="m-auto mt-4 flex w-full max-w-2xl justify-center px-6">
Author	SHA1	Message	Date
Daniel Hougaard	7ed8feee6f	Update identity-azure-auth-fns.ts	2024-07-16 04:15:04 +02:00
Maidul Islam	9a861499df	Merge pull request #2097 from Infisical/secret-sharing-ui-update update phrasing	2024-07-10 18:38:32 -04:00
Maidul Islam	d1f3c98f21	fix posthog cross orgin calls	2024-07-10 13:46:22 -04:00
Vladyslav Matsiiako	ab7983973e	update phrasing	2024-07-10 08:06:06 -07:00