@backstage/plugin-auth-backend-module-auth0-provider 0.0.0-nightly-20240910023018

package/CHANGELOG.md

@@ -0,0 +1,13 @@
+# @backstage/plugin-auth-backend-module-auth0-provider
+
+## 0.0.0-nightly-20240910023018
+
+### Minor Changes
+
+- d908d8c: New module for `@backstage/plugin-auth-backend` that adds a Auth0 auth provider.
+
+### Patch Changes
+
+- Updated dependencies
+  - @backstage/backend-plugin-api@0.0.0-nightly-20240910023018
+  - @backstage/plugin-auth-node@0.0.0-nightly-20240910023018

package/README.md

@@ -0,0 +1,8 @@
+# Auth Module: Auth0 Provider
+
+This module provides an Auth0 auth provider implementation for `@backstage/plugin-auth-backend`.
+
+## Links
+
+- [Repository](https://gitlab.com/backstage/backstage/tree/master/plugins/auth-backend-module-auth0-provider)
+- [Backstage Project Homepage](https://backstage.io)

package/config.d.ts

@@ -0,0 +1,37 @@
+/*
+ * Copyright 2024 The Backstage Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+export interface Config {
+  auth?: {
+    providers?: {
+      /** @visibility frontend */
+      auth0?: {
+        [authEnv: string]: {
+          clientId: string;
+          /**
+           * @visibility secret
+           */
+          clientSecret: string;
+          domain: string;
+          callbackUrl?: string;
+          audience?: string;
+          connection?: string;
+          connectionScope?: string;
+        };
+      };
+    };
+  };
+}

package/dist/index.cjs.js

@@ -0,0 +1,119 @@
+'use strict';
+
+Object.defineProperty(exports, '__esModule', { value: true });
+
+var pluginAuthNode = require('@backstage/plugin-auth-node');
+var Auth0InternalStrategy = require('passport-auth0');
+var backendPluginApi = require('@backstage/backend-plugin-api');
+
+function _interopDefaultCompat (e) { return e && typeof e === 'object' && 'default' in e ? e : { default: e }; }
+
+var Auth0InternalStrategy__default = /*#__PURE__*/_interopDefaultCompat(Auth0InternalStrategy);
+
+class Auth0Strategy extends Auth0InternalStrategy__default.default {
+  constructor(options, verify) {
+    const optionsWithURLs = {
+      ...options,
+      authorizationURL: `https://${options.domain}/authorize`,
+      tokenURL: `https://${options.domain}/oauth/token`,
+      userInfoURL: `https://${options.domain}/userinfo`,
+      apiUrl: `https://${options.domain}/api`
+    };
+    super(optionsWithURLs, verify);
+  }
+}
+
+const auth0Authenticator = pluginAuthNode.createOAuthAuthenticator({
+  defaultProfileTransform: pluginAuthNode.PassportOAuthAuthenticatorHelper.defaultProfileTransform,
+  initialize({ callbackUrl, config }) {
+    const clientID = config.getString("clientId");
+    const clientSecret = config.getString("clientSecret");
+    const domain = config.getString("domain");
+    const audience = config.getOptionalString("audience");
+    const connection = config.getOptionalString("connection");
+    const connectionScope = config.getOptionalString("connectionScope");
+    const callbackURL = config.getOptionalString("callbackUrl") ?? callbackUrl;
+    const store = {
+      store(_req, cb) {
+        cb(null, null);
+      },
+      verify(_req, _state, cb) {
+        cb(null, true);
+      }
+    };
+    const helper = pluginAuthNode.PassportOAuthAuthenticatorHelper.from(
+      new Auth0Strategy(
+        {
+          clientID,
+          clientSecret,
+          callbackURL,
+          domain,
+          store,
+          // We need passReqToCallback set to false to get params, but there's
+          // no matching type signature for that, so instead behold this beauty
+          passReqToCallback: false
+        },
+        (accessToken, refreshToken, params, fullProfile, done) => {
+          done(
+            void 0,
+            {
+              fullProfile,
+              accessToken,
+              params
+            },
+            {
+              refreshToken
+            }
+          );
+        }
+      )
+    );
+    return { helper, audience, connection, connectionScope };
+  },
+  async start(input, { helper, audience, connection, connectionScope: connection_scope }) {
+    return helper.start(input, {
+      accessType: "offline",
+      prompt: "consent",
+      ...audience ? { audience } : {},
+      ...connection ? { connection } : {},
+      ...connection_scope ? { connection_scope } : {}
+    });
+  },
+  async authenticate(input, { helper, audience, connection, connectionScope: connection_scope }) {
+    return helper.authenticate(input, {
+      ...audience ? { audience } : {},
+      ...connection ? { connection } : {},
+      ...connection_scope ? { connection_scope } : {}
+    });
+  },
+  async refresh(input, { helper }) {
+    return helper.refresh(input);
+  }
+});
+
+const authModuleAuth0Provider = backendPluginApi.createBackendModule({
+  pluginId: "auth",
+  moduleId: "auth0-provider",
+  register(reg) {
+    reg.registerInit({
+      deps: {
+        providers: pluginAuthNode.authProvidersExtensionPoint
+      },
+      async init({ providers }) {
+        providers.registerProvider({
+          providerId: "auth0",
+          factory: pluginAuthNode.createOAuthProviderFactory({
+            authenticator: auth0Authenticator,
+            signInResolverFactories: {
+              ...pluginAuthNode.commonSignInResolvers
+            }
+          })
+        });
+      }
+    });
+  }
+});
+
+exports.auth0Authenticator = auth0Authenticator;
+exports.default = authModuleAuth0Provider;
+//# sourceMappingURL=index.cjs.js.map

package/dist/index.cjs.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.cjs.js","sources":["../src/strategy.ts","../src/authenticator.ts","../src/module.ts"],"sourcesContent":["/*\n * Copyright 2024 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n *     http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport Auth0InternalStrategy from 'passport-auth0';\nimport type { StateStore } from 'passport-oauth2';\n\n/** @public */\nexport interface Auth0StrategyOptionsWithRequest {\n  clientID: string;\n  clientSecret: string;\n  callbackURL: string;\n  domain: string;\n  passReqToCallback: true;\n  store: StateStore;\n}\n\n/** @public */\nexport class Auth0Strategy extends Auth0InternalStrategy {\n  constructor(\n    options: Auth0StrategyOptionsWithRequest,\n    verify: Auth0InternalStrategy.VerifyFunction,\n  ) {\n    const optionsWithURLs = {\n      ...options,\n      authorizationURL: `https://${options.domain}/authorize`,\n      tokenURL: `https://${options.domain}/oauth/token`,\n      userInfoURL: `https://${options.domain}/userinfo`,\n      apiUrl: `https://${options.domain}/api`,\n    };\n    super(optionsWithURLs, verify);\n  }\n}\n","/*\n * Copyright 2024 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n *     http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport express from 'express';\nimport {\n  createOAuthAuthenticator,\n  PassportOAuthAuthenticatorHelper,\n  PassportOAuthDoneCallback,\n  PassportProfile,\n} from '@backstage/plugin-auth-node';\nimport { Auth0Strategy } from './strategy';\n\n/** @public */\nexport const auth0Authenticator = createOAuthAuthenticator({\n  defaultProfileTransform:\n    PassportOAuthAuthenticatorHelper.defaultProfileTransform,\n  initialize({ callbackUrl, config }) {\n    const clientID = config.getString('clientId');\n    const clientSecret = config.getString('clientSecret');\n    const domain = config.getString('domain');\n    const audience = config.getOptionalString('audience');\n    const connection = config.getOptionalString('connection');\n    const connectionScope = config.getOptionalString('connectionScope');\n    const callbackURL = config.getOptionalString('callbackUrl') ?? callbackUrl;\n    // Due to passport-auth0 forcing options.state = true,\n    // passport-oauth2 requires express-session to be installed\n    // so that the 'state' parameter of the oauth2 flow can be stored.\n    // This implementation of StateStore matches the NullStore found within\n    // passport-oauth2, which is the StateStore implementation used when options.state = false,\n    // allowing us to avoid using express-session in order to integrate with auth0.\n    const store = {\n      store(_req: express.Request, cb: any) {\n        cb(null, null);\n      },\n      verify(_req: express.Request, _state: string, cb: any) {\n        cb(null, true);\n      },\n    };\n\n    const helper = PassportOAuthAuthenticatorHelper.from(\n      new Auth0Strategy(\n        {\n          clientID,\n          clientSecret,\n          callbackURL,\n          domain,\n          store,\n          // We need passReqToCallback set to false to get params, but there's\n          // no matching type signature for that, so instead behold this beauty\n          passReqToCallback: false as true,\n        },\n        (\n          accessToken: string,\n          refreshToken: string,\n          params: any,\n          fullProfile: PassportProfile,\n          done: PassportOAuthDoneCallback,\n        ) => {\n          done(\n            undefined,\n            {\n              fullProfile,\n              accessToken,\n              params,\n            },\n            {\n              refreshToken,\n            },\n          );\n        },\n      ),\n    );\n    return { helper, audience, connection, connectionScope };\n  },\n\n  async start(\n    input,\n    { helper, audience, connection, connectionScope: connection_scope },\n  ) {\n    return helper.start(input, {\n      accessType: 'offline',\n      prompt: 'consent',\n      ...(audience ? { audience } : {}),\n      ...(connection ? { connection } : {}),\n      ...(connection_scope ? { connection_scope } : {}),\n    });\n  },\n\n  async authenticate(\n    input,\n    { helper, audience, connection, connectionScope: connection_scope },\n  ) {\n    return helper.authenticate(input, {\n      ...(audience ? { audience } : {}),\n      ...(connection ? { connection } : {}),\n      ...(connection_scope ? { connection_scope } : {}),\n    });\n  },\n\n  async refresh(input, { helper }) {\n    return helper.refresh(input);\n  },\n});\n","/*\n * Copyright 2024 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n *     http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { createBackendModule } from '@backstage/backend-plugin-api';\nimport {\n  authProvidersExtensionPoint,\n  commonSignInResolvers,\n  createOAuthProviderFactory,\n} from '@backstage/plugin-auth-node';\nimport { auth0Authenticator } from './authenticator';\n\n/** @public */\nexport const authModuleAuth0Provider = createBackendModule({\n  pluginId: 'auth',\n  moduleId: 'auth0-provider',\n  register(reg) {\n    reg.registerInit({\n      deps: {\n        providers: authProvidersExtensionPoint,\n      },\n      async init({ providers }) {\n        providers.registerProvider({\n          providerId: 'auth0',\n          factory: createOAuthProviderFactory({\n            authenticator: auth0Authenticator,\n            signInResolverFactories: {\n              ...commonSignInResolvers,\n            },\n          }),\n        });\n      },\n    });\n  },\n});\n"],"names":["Auth0InternalStrategy","createOAuthAuthenticator","PassportOAuthAuthenticatorHelper","createBackendModule","authProvidersExtensionPoint","createOAuthProviderFactory","commonSignInResolvers"],"mappings":";;;;;;;;;;;;AA8BO,MAAM,sBAAsBA,sCAAsB,CAAA;AAAA,EACvD,WAAA,CACE,SACA,MACA,EAAA;AACA,IAAA,MAAM,eAAkB,GAAA;AAAA,MACtB,GAAG,OAAA;AAAA,MACH,gBAAA,EAAkB,CAAW,QAAA,EAAA,OAAA,CAAQ,MAAM,CAAA,UAAA,CAAA;AAAA,MAC3C,QAAA,EAAU,CAAW,QAAA,EAAA,OAAA,CAAQ,MAAM,CAAA,YAAA,CAAA;AAAA,MACnC,WAAA,EAAa,CAAW,QAAA,EAAA,OAAA,CAAQ,MAAM,CAAA,SAAA,CAAA;AAAA,MACtC,MAAA,EAAQ,CAAW,QAAA,EAAA,OAAA,CAAQ,MAAM,CAAA,IAAA,CAAA;AAAA,KACnC,CAAA;AACA,IAAA,KAAA,CAAM,iBAAiB,MAAM,CAAA,CAAA;AAAA,GAC/B;AACF;;AClBO,MAAM,qBAAqBC,uCAAyB,CAAA;AAAA,EACzD,yBACEC,+CAAiC,CAAA,uBAAA;AAAA,EACnC,UAAW,CAAA,EAAE,WAAa,EAAA,MAAA,EAAU,EAAA;AAClC,IAAM,MAAA,QAAA,GAAW,MAAO,CAAA,SAAA,CAAU,UAAU,CAAA,CAAA;AAC5C,IAAM,MAAA,YAAA,GAAe,MAAO,CAAA,SAAA,CAAU,cAAc,CAAA,CAAA;AACpD,IAAM,MAAA,MAAA,GAAS,MAAO,CAAA,SAAA,CAAU,QAAQ,CAAA,CAAA;AACxC,IAAM,MAAA,QAAA,GAAW,MAAO,CAAA,iBAAA,CAAkB,UAAU,CAAA,CAAA;AACpD,IAAM,MAAA,UAAA,GAAa,MAAO,CAAA,iBAAA,CAAkB,YAAY,CAAA,CAAA;AACxD,IAAM,MAAA,eAAA,GAAkB,MAAO,CAAA,iBAAA,CAAkB,iBAAiB,CAAA,CAAA;AAClE,IAAA,MAAM,WAAc,GAAA,MAAA,CAAO,iBAAkB,CAAA,aAAa,CAAK,IAAA,WAAA,CAAA;AAO/D,IAAA,MAAM,KAAQ,GAAA;AAAA,MACZ,KAAA,CAAM,MAAuB,EAAS,EAAA;AACpC,QAAA,EAAA,CAAG,MAAM,IAAI,CAAA,CAAA;AAAA,OACf;AAAA,MACA,MAAA,CAAO,IAAuB,EAAA,MAAA,EAAgB,EAAS,EAAA;AACrD,QAAA,EAAA,CAAG,MAAM,IAAI,CAAA,CAAA;AAAA,OACf;AAAA,KACF,CAAA;AAEA,IAAA,MAAM,SAASA,+CAAiC,CAAA,IAAA;AAAA,MAC9C,IAAI,aAAA;AAAA,QACF;AAAA,UACE,QAAA;AAAA,UACA,YAAA;AAAA,UACA,WAAA;AAAA,UACA,MAAA;AAAA,UACA,KAAA;AAAA;AAAA;AAAA,UAGA,iBAAmB,EAAA,KAAA;AAAA,SACrB;AAAA,QACA,CACE,WAAA,EACA,YACA,EAAA,MAAA,EACA,aACA,IACG,KAAA;AACH,UAAA,IAAA;AAAA,YACE,KAAA,CAAA;AAAA,YACA;AAAA,cACE,WAAA;AAAA,cACA,WAAA;AAAA,cACA,MAAA;AAAA,aACF;AAAA,YACA;AAAA,cACE,YAAA;AAAA,aACF;AAAA,WACF,CAAA;AAAA,SACF;AAAA,OACF;AAAA,KACF,CAAA;AACA,IAAA,OAAO,EAAE,MAAA,EAAQ,QAAU,EAAA,UAAA,EAAY,eAAgB,EAAA,CAAA;AAAA,GACzD;AAAA,EAEA,MAAM,MACJ,KACA,EAAA,EAAE,QAAQ,QAAU,EAAA,UAAA,EAAY,eAAiB,EAAA,gBAAA,EACjD,EAAA;AACA,IAAO,OAAA,MAAA,CAAO,MAAM,KAAO,EAAA;AAAA,MACzB,UAAY,EAAA,SAAA;AAAA,MACZ,MAAQ,EAAA,SAAA;AAAA,MACR,GAAI,QAAA,GAAW,EAAE,QAAA,KAAa,EAAC;AAAA,MAC/B,GAAI,UAAA,GAAa,EAAE,UAAA,KAAe,EAAC;AAAA,MACnC,GAAI,gBAAA,GAAmB,EAAE,gBAAA,KAAqB,EAAC;AAAA,KAChD,CAAA,CAAA;AAAA,GACH;AAAA,EAEA,MAAM,aACJ,KACA,EAAA,EAAE,QAAQ,QAAU,EAAA,UAAA,EAAY,eAAiB,EAAA,gBAAA,EACjD,EAAA;AACA,IAAO,OAAA,MAAA,CAAO,aAAa,KAAO,EAAA;AAAA,MAChC,GAAI,QAAA,GAAW,EAAE,QAAA,KAAa,EAAC;AAAA,MAC/B,GAAI,UAAA,GAAa,EAAE,UAAA,KAAe,EAAC;AAAA,MACnC,GAAI,gBAAA,GAAmB,EAAE,gBAAA,KAAqB,EAAC;AAAA,KAChD,CAAA,CAAA;AAAA,GACH;AAAA,EAEA,MAAM,OAAA,CAAQ,KAAO,EAAA,EAAE,QAAU,EAAA;AAC/B,IAAO,OAAA,MAAA,CAAO,QAAQ,KAAK,CAAA,CAAA;AAAA,GAC7B;AACF,CAAC;;AC1FM,MAAM,0BAA0BC,oCAAoB,CAAA;AAAA,EACzD,QAAU,EAAA,MAAA;AAAA,EACV,QAAU,EAAA,gBAAA;AAAA,EACV,SAAS,GAAK,EAAA;AACZ,IAAA,GAAA,CAAI,YAAa,CAAA;AAAA,MACf,IAAM,EAAA;AAAA,QACJ,SAAW,EAAAC,0CAAA;AAAA,OACb;AAAA,MACA,MAAM,IAAA,CAAK,EAAE,SAAA,EAAa,EAAA;AACxB,QAAA,SAAA,CAAU,gBAAiB,CAAA;AAAA,UACzB,UAAY,EAAA,OAAA;AAAA,UACZ,SAASC,yCAA2B,CAAA;AAAA,YAClC,aAAe,EAAA,kBAAA;AAAA,YACf,uBAAyB,EAAA;AAAA,cACvB,GAAGC,oCAAA;AAAA,aACL;AAAA,WACD,CAAA;AAAA,SACF,CAAA,CAAA;AAAA,OACH;AAAA,KACD,CAAA,CAAA;AAAA,GACH;AACF,CAAC;;;;;"}

package/dist/index.d.ts

@@ -0,0 +1,16 @@
+import * as _backstage_plugin_auth_node from '@backstage/plugin-auth-node';
+import { PassportOAuthAuthenticatorHelper, PassportProfile } from '@backstage/plugin-auth-node';
+import * as _backstage_backend_plugin_api from '@backstage/backend-plugin-api';
+
+/** @public */
+declare const auth0Authenticator: _backstage_plugin_auth_node.OAuthAuthenticator<{
+    helper: PassportOAuthAuthenticatorHelper;
+    audience: string | undefined;
+    connection: string | undefined;
+    connectionScope: string | undefined;
+}, PassportProfile>;
+
+/** @public */
+declare const authModuleAuth0Provider: _backstage_backend_plugin_api.BackendFeature;
+
+export { auth0Authenticator, authModuleAuth0Provider as default };

package/package.json

@@ -0,0 +1,53 @@
+{
+  "name": "@backstage/plugin-auth-backend-module-auth0-provider",
+  "version": "0.0.0-nightly-20240910023018",
+  "description": "The auth0-provider backend module for the auth plugin.",
+  "backstage": {
+    "role": "backend-plugin-module",
+    "pluginId": "auth",
+    "pluginPackage": "@backstage/plugin-auth-backend"
+  },
+  "publishConfig": {
+    "access": "public",
+    "main": "dist/index.cjs.js",
+    "types": "dist/index.d.ts"
+  },
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/backstage/backstage",
+    "directory": "plugins/auth-backend-module-auth0-provider"
+  },
+  "license": "Apache-2.0",
+  "main": "dist/index.cjs.js",
+  "types": "dist/index.d.ts",
+  "files": [
+    "dist",
+    "config.d.ts"
+  ],
+  "scripts": {
+    "build": "backstage-cli package build",
+    "clean": "backstage-cli package clean",
+    "lint": "backstage-cli package lint",
+    "prepack": "backstage-cli package prepack",
+    "postpack": "backstage-cli package postpack",
+    "start": "backstage-cli package start",
+    "test": "backstage-cli package test"
+  },
+  "dependencies": {
+    "@backstage/backend-plugin-api": "^0.0.0-nightly-20240910023018",
+    "@backstage/plugin-auth-node": "^0.0.0-nightly-20240910023018",
+    "express": "^4.17.1",
+    "passport-auth0": "^1.4.3",
+    "passport-oauth2": "^1.6.1"
+  },
+  "devDependencies": {
+    "@backstage/backend-defaults": "^0.0.0-nightly-20240910023018",
+    "@backstage/backend-test-utils": "^0.0.0-nightly-20240910023018",
+    "@backstage/cli": "^0.0.0-nightly-20240910023018",
+    "@backstage/plugin-auth-backend": "^0.0.0-nightly-20240910023018",
+    "@types/passport-auth0": "^1.0.5",
+    "@types/passport-oauth2": "^1.4.15",
+    "supertest": "^6.3.3"
+  },
+  "configSchema": "config.d.ts"
+}