@backstage/plugin-auth-backend-module-auth0-provider 0.2.10 → 0.3.0-next.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (7) hide show
  1. package/CHANGELOG.md +21 -0
  2. package/config.d.ts +1 -0
  3. package/dist/authenticator.cjs.js +2 -0
  4. package/dist/authenticator.cjs.js.map +1 -1
  5. package/dist/strategy.cjs.js +26 -0
  6. package/dist/strategy.cjs.js.map +1 -1
  7. package/package.json +11 -8
package/CHANGELOG.md CHANGED
@@ -1,5 +1,26 @@
1
1
  # @backstage/plugin-auth-backend-module-auth0-provider
2
2
 
3
+ ## 0.3.0-next.1
4
+
5
+ ### Patch Changes
6
+
7
+ - 867c905: Add support for organizational invites in auth0 strategy
8
+ - Updated dependencies
9
+ - @backstage/backend-plugin-api@1.7.0-next.1
10
+ - @backstage/plugin-auth-node@0.6.13-next.1
11
+
12
+ ## 0.3.0-next.0
13
+
14
+ ### Minor Changes
15
+
16
+ - 36804fe: feat: Added organization option to authorization params of the strategy
17
+
18
+ ### Patch Changes
19
+
20
+ - Updated dependencies
21
+ - @backstage/backend-plugin-api@1.7.0-next.0
22
+ - @backstage/plugin-auth-node@0.6.12-next.0
23
+
3
24
  ## 0.2.10
4
25
 
5
26
  ### Patch Changes
package/config.d.ts CHANGED
@@ -32,6 +32,7 @@ export interface Config {
32
32
  audience?: string;
33
33
  connection?: string;
34
34
  connectionScope?: string;
35
+ organization?: string;
35
36
  sessionDuration?: HumanDuration | string;
36
37
  };
37
38
  };
package/dist/authenticator.cjs.js CHANGED
@@ -13,6 +13,7 @@ const auth0Authenticator = pluginAuthNode.createOAuthAuthenticator({
13
13
  const connection = config.getOptionalString("connection");
14
14
  const connectionScope = config.getOptionalString("connectionScope");
15
15
  const callbackURL = config.getOptionalString("callbackUrl") ?? callbackUrl;
16
+ const organization = config.getOptionalString("organization");
16
17
  const store = {
17
18
  store(_req, cb) {
18
19
  cb(null, null);
@@ -29,6 +30,7 @@ const auth0Authenticator = pluginAuthNode.createOAuthAuthenticator({
29
30
  callbackURL,
30
31
  domain,
31
32
  store,
33
+ organization,
32
34
  // We need passReqToCallback set to false to get params, but there's
33
35
  // no matching type signature for that, so instead behold this beauty
34
36
  passReqToCallback: false
package/dist/authenticator.cjs.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"authenticator.cjs.js","sources":["../src/authenticator.ts"],"sourcesContent":["/*\n * Copyright 2024 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport express from 'express';\nimport {\n createOAuthAuthenticator,\n PassportOAuthAuthenticatorHelper,\n PassportOAuthDoneCallback,\n PassportProfile,\n} from '@backstage/plugin-auth-node';\nimport { Auth0Strategy } from './strategy';\n\n/** @public */\nexport const auth0Authenticator = createOAuthAuthenticator({\n defaultProfileTransform:\n PassportOAuthAuthenticatorHelper.defaultProfileTransform,\n initialize({ callbackUrl, config }) {\n const clientID = config.getString('clientId');\n const clientSecret = config.getString('clientSecret');\n const domain = config.getString('domain');\n const audience = config.getOptionalString('audience');\n const connection = config.getOptionalString('connection');\n const connectionScope = config.getOptionalString('connectionScope');\n const callbackURL = config.getOptionalString('callbackUrl') ?? callbackUrl;\n // Due to passport-auth0 forcing options.state = true,\n // passport-oauth2 requires express-session to be installed\n // so that the 'state' parameter of the oauth2 flow can be stored.\n // This implementation of StateStore matches the NullStore found within\n // passport-oauth2, which is the StateStore implementation used when options.state = false,\n // allowing us to avoid using express-session in order to integrate with auth0.\n const store = {\n store(_req: express.Request, cb: any) {\n cb(null, null);\n },\n verify(_req: express.Request, _state: string, cb: any) {\n cb(null, true);\n },\n };\n\n const helper = PassportOAuthAuthenticatorHelper.from(\n new Auth0Strategy(\n {\n clientID,\n clientSecret,\n callbackURL,\n domain,\n store,\n // We need passReqToCallback set to false to get params, but there's\n // no matching type signature for that, so instead behold this beauty\n passReqToCallback: false as true,\n },\n (\n accessToken: string,\n refreshToken: string,\n params: any,\n fullProfile: PassportProfile,\n done: PassportOAuthDoneCallback,\n ) => {\n done(\n undefined,\n {\n fullProfile,\n accessToken,\n params,\n },\n {\n refreshToken,\n },\n );\n },\n ),\n );\n return { helper, audience, connection, connectionScope };\n },\n\n async start(\n input,\n { helper, audience, connection, connectionScope: connection_scope },\n ) {\n return helper.start(input, {\n accessType: 'offline',\n prompt: 'consent',\n ...(audience ? { audience } : {}),\n ...(connection ? { connection } : {}),\n ...(connection_scope ? { connection_scope } : {}),\n });\n },\n\n async authenticate(\n input,\n { helper, audience, connection, connectionScope: connection_scope },\n ) {\n return helper.authenticate(input, {\n ...(audience ? { audience } : {}),\n ...(connection ? { connection } : {}),\n ...(connection_scope ? { connection_scope } : {}),\n });\n },\n\n async refresh(input, { helper }) {\n return helper.refresh(input);\n },\n});\n"],"names":["createOAuthAuthenticator","PassportOAuthAuthenticatorHelper","Auth0Strategy"],"mappings":";;;;;AA0BO,MAAM,qBAAqBA,uCAAA,CAAyB;AAAA,EACzD,yBACEC,+CAAA,CAAiC,uBAAA;AAAA,EACnC,UAAA,CAAW,EAAE,WAAA,EAAa,MAAA,EAAO,EAAG;AAClC,IAAA,MAAM,QAAA,GAAW,MAAA,CAAO,SAAA,CAAU,UAAU,CAAA;AAC5C,IAAA,MAAM,YAAA,GAAe,MAAA,CAAO,SAAA,CAAU,cAAc,CAAA;AACpD,IAAA,MAAM,MAAA,GAAS,MAAA,CAAO,SAAA,CAAU,QAAQ,CAAA;AACxC,IAAA,MAAM,QAAA,GAAW,MAAA,CAAO,iBAAA,CAAkB,UAAU,CAAA;AACpD,IAAA,MAAM,UAAA,GAAa,MAAA,CAAO,iBAAA,CAAkB,YAAY,CAAA;AACxD,IAAA,MAAM,eAAA,GAAkB,MAAA,CAAO,iBAAA,CAAkB,iBAAiB,CAAA;AAClE,IAAA,MAAM,WAAA,GAAc,MAAA,CAAO,iBAAA,CAAkB,aAAa,CAAA,IAAK,WAAA;AAO/D,IAAA,MAAM,KAAA,GAAQ;AAAA,MACZ,KAAA,CAAM,MAAuB,EAAA,EAAS;AACpC,QAAA,EAAA,CAAG,MAAM,IAAI,CAAA;AAAA,MACf,CAAA;AAAA,MACA,MAAA,CAAO,IAAA,EAAuB,MAAA,EAAgB,EAAA,EAAS;AACrD,QAAA,EAAA,CAAG,MAAM,IAAI,CAAA;AAAA,MACf;AAAA,KACF;AAEA,IAAA,MAAM,SAASA,+CAAA,CAAiC,IAAA;AAAA,MAC9C,IAAIC,sBAAA;AAAA,QACF;AAAA,UACE,QAAA;AAAA,UACA,YAAA;AAAA,UACA,WAAA;AAAA,UACA,MAAA;AAAA,UACA,KAAA;AAAA;AAAA;AAAA,UAGA,iBAAA,EAAmB;AAAA,SACrB;AAAA,QACA,CACE,WAAA,EACA,YAAA,EACA,MAAA,EACA,aACA,IAAA,KACG;AACH,UAAA,IAAA;AAAA,YACE,MAAA;AAAA,YACA;AAAA,cACE,WAAA;AAAA,cACA,WAAA;AAAA,cACA;AAAA,aACF;AAAA,YACA;AAAA,cACE;AAAA;AACF,WACF;AAAA,QACF;AAAA;AACF,KACF;AACA,IAAA,OAAO,EAAE,MAAA,EAAQ,QAAA,EAAU,UAAA,EAAY,eAAA,EAAgB;AAAA,EACzD,CAAA;AAAA,EAEA,MAAM,MACJ,KAAA,EACA,EAAE,QAAQ,QAAA,EAAU,UAAA,EAAY,eAAA,EAAiB,gBAAA,EAAiB,EAClE;AACA,IAAA,OAAO,MAAA,CAAO,MAAM,KAAA,EAAO;AAAA,MACzB,UAAA,EAAY,SAAA;AAAA,MACZ,MAAA,EAAQ,SAAA;AAAA,MACR,GAAI,QAAA,GAAW,EAAE,QAAA,KAAa,EAAC;AAAA,MAC/B,GAAI,UAAA,GAAa,EAAE,UAAA,KAAe,EAAC;AAAA,MACnC,GAAI,gBAAA,GAAmB,EAAE,gBAAA,KAAqB;AAAC,KAChD,CAAA;AAAA,EACH,CAAA;AAAA,EAEA,MAAM,aACJ,KAAA,EACA,EAAE,QAAQ,QAAA,EAAU,UAAA,EAAY,eAAA,EAAiB,gBAAA,EAAiB,EAClE;AACA,IAAA,OAAO,MAAA,CAAO,aAAa,KAAA,EAAO;AAAA,MAChC,GAAI,QAAA,GAAW,EAAE,QAAA,KAAa,EAAC;AAAA,MAC/B,GAAI,UAAA,GAAa,EAAE,UAAA,KAAe,EAAC;AAAA,MACnC,GAAI,gBAAA,GAAmB,EAAE,gBAAA,KAAqB;AAAC,KAChD,CAAA;AAAA,EACH,CAAA;AAAA,EAEA,MAAM,OAAA,CAAQ,KAAA,EAAO,EAAE,QAAO,EAAG;AAC/B,IAAA,OAAO,MAAA,CAAO,QAAQ,KAAK,CAAA;AAAA,EAC7B;AACF,CAAC;;;;"}
1
+ {"version":3,"file":"authenticator.cjs.js","sources":["../src/authenticator.ts"],"sourcesContent":["/*\n * Copyright 2024 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport express from 'express';\nimport {\n createOAuthAuthenticator,\n PassportOAuthAuthenticatorHelper,\n PassportOAuthDoneCallback,\n PassportProfile,\n} from '@backstage/plugin-auth-node';\nimport { Auth0Strategy } from './strategy';\n\n/** @public */\nexport const auth0Authenticator = createOAuthAuthenticator({\n defaultProfileTransform:\n PassportOAuthAuthenticatorHelper.defaultProfileTransform,\n initialize({ callbackUrl, config }) {\n const clientID = config.getString('clientId');\n const clientSecret = config.getString('clientSecret');\n const domain = config.getString('domain');\n const audience = config.getOptionalString('audience');\n const connection = config.getOptionalString('connection');\n const connectionScope = config.getOptionalString('connectionScope');\n const callbackURL = config.getOptionalString('callbackUrl') ?? callbackUrl;\n const organization = config.getOptionalString('organization');\n // Due to passport-auth0 forcing options.state = true,\n // passport-oauth2 requires express-session to be installed\n // so that the 'state' parameter of the oauth2 flow can be stored.\n // This implementation of StateStore matches the NullStore found within\n // passport-oauth2, which is the StateStore implementation used when options.state = false,\n // allowing us to avoid using express-session in order to integrate with auth0.\n const store = {\n store(_req: express.Request, cb: any) {\n cb(null, null);\n },\n verify(_req: express.Request, _state: string, cb: any) {\n cb(null, true);\n },\n };\n\n const helper = PassportOAuthAuthenticatorHelper.from(\n new Auth0Strategy(\n {\n clientID,\n clientSecret,\n callbackURL,\n domain,\n store,\n organization,\n // We need passReqToCallback set to false to get params, but there's\n // no matching type signature for that, so instead behold this beauty\n passReqToCallback: false as true,\n },\n (\n accessToken: string,\n refreshToken: string,\n params: any,\n fullProfile: PassportProfile,\n done: PassportOAuthDoneCallback,\n ) => {\n done(\n undefined,\n {\n fullProfile,\n accessToken,\n params,\n },\n {\n refreshToken,\n },\n );\n },\n ),\n );\n return { helper, audience, connection, connectionScope };\n },\n\n async start(\n input,\n { helper, audience, connection, connectionScope: connection_scope },\n ) {\n return helper.start(input, {\n accessType: 'offline',\n prompt: 'consent',\n ...(audience ? { audience } : {}),\n ...(connection ? { connection } : {}),\n ...(connection_scope ? { connection_scope } : {}),\n });\n },\n\n async authenticate(\n input,\n { helper, audience, connection, connectionScope: connection_scope },\n ) {\n return helper.authenticate(input, {\n ...(audience ? { audience } : {}),\n ...(connection ? { connection } : {}),\n ...(connection_scope ? { connection_scope } : {}),\n });\n },\n\n async refresh(input, { helper }) {\n return helper.refresh(input);\n },\n});\n"],"names":["createOAuthAuthenticator","PassportOAuthAuthenticatorHelper","Auth0Strategy"],"mappings":";;;;;AA0BO,MAAM,qBAAqBA,uCAAA,CAAyB;AAAA,EACzD,yBACEC,+CAAA,CAAiC,uBAAA;AAAA,EACnC,UAAA,CAAW,EAAE,WAAA,EAAa,MAAA,EAAO,EAAG;AAClC,IAAA,MAAM,QAAA,GAAW,MAAA,CAAO,SAAA,CAAU,UAAU,CAAA;AAC5C,IAAA,MAAM,YAAA,GAAe,MAAA,CAAO,SAAA,CAAU,cAAc,CAAA;AACpD,IAAA,MAAM,MAAA,GAAS,MAAA,CAAO,SAAA,CAAU,QAAQ,CAAA;AACxC,IAAA,MAAM,QAAA,GAAW,MAAA,CAAO,iBAAA,CAAkB,UAAU,CAAA;AACpD,IAAA,MAAM,UAAA,GAAa,MAAA,CAAO,iBAAA,CAAkB,YAAY,CAAA;AACxD,IAAA,MAAM,eAAA,GAAkB,MAAA,CAAO,iBAAA,CAAkB,iBAAiB,CAAA;AAClE,IAAA,MAAM,WAAA,GAAc,MAAA,CAAO,iBAAA,CAAkB,aAAa,CAAA,IAAK,WAAA;AAC/D,IAAA,MAAM,YAAA,GAAe,MAAA,CAAO,iBAAA,CAAkB,cAAc,CAAA;AAO5D,IAAA,MAAM,KAAA,GAAQ;AAAA,MACZ,KAAA,CAAM,MAAuB,EAAA,EAAS;AACpC,QAAA,EAAA,CAAG,MAAM,IAAI,CAAA;AAAA,MACf,CAAA;AAAA,MACA,MAAA,CAAO,IAAA,EAAuB,MAAA,EAAgB,EAAA,EAAS;AACrD,QAAA,EAAA,CAAG,MAAM,IAAI,CAAA;AAAA,MACf;AAAA,KACF;AAEA,IAAA,MAAM,SAASA,+CAAA,CAAiC,IAAA;AAAA,MAC9C,IAAIC,sBAAA;AAAA,QACF;AAAA,UACE,QAAA;AAAA,UACA,YAAA;AAAA,UACA,WAAA;AAAA,UACA,MAAA;AAAA,UACA,KAAA;AAAA,UACA,YAAA;AAAA;AAAA;AAAA,UAGA,iBAAA,EAAmB;AAAA,SACrB;AAAA,QACA,CACE,WAAA,EACA,YAAA,EACA,MAAA,EACA,aACA,IAAA,KACG;AACH,UAAA,IAAA;AAAA,YACE,MAAA;AAAA,YACA;AAAA,cACE,WAAA;AAAA,cACA,WAAA;AAAA,cACA;AAAA,aACF;AAAA,YACA;AAAA,cACE;AAAA;AACF,WACF;AAAA,QACF;AAAA;AACF,KACF;AACA,IAAA,OAAO,EAAE,MAAA,EAAQ,QAAA,EAAU,UAAA,EAAY,eAAA,EAAgB;AAAA,EACzD,CAAA;AAAA,EAEA,MAAM,MACJ,KAAA,EACA,EAAE,QAAQ,QAAA,EAAU,UAAA,EAAY,eAAA,EAAiB,gBAAA,EAAiB,EAClE;AACA,IAAA,OAAO,MAAA,CAAO,MAAM,KAAA,EAAO;AAAA,MACzB,UAAA,EAAY,SAAA;AAAA,MACZ,MAAA,EAAQ,SAAA;AAAA,MACR,GAAI,QAAA,GAAW,EAAE,QAAA,KAAa,EAAC;AAAA,MAC/B,GAAI,UAAA,GAAa,EAAE,UAAA,KAAe,EAAC;AAAA,MACnC,GAAI,gBAAA,GAAmB,EAAE,gBAAA,KAAqB;AAAC,KAChD,CAAA;AAAA,EACH,CAAA;AAAA,EAEA,MAAM,aACJ,KAAA,EACA,EAAE,QAAQ,QAAA,EAAU,UAAA,EAAY,eAAA,EAAiB,gBAAA,EAAiB,EAClE;AACA,IAAA,OAAO,MAAA,CAAO,aAAa,KAAA,EAAO;AAAA,MAChC,GAAI,QAAA,GAAW,EAAE,QAAA,KAAa,EAAC;AAAA,MAC/B,GAAI,UAAA,GAAa,EAAE,UAAA,KAAe,EAAC;AAAA,MACnC,GAAI,gBAAA,GAAmB,EAAE,gBAAA,KAAqB;AAAC,KAChD,CAAA;AAAA,EACH,CAAA;AAAA,EAEA,MAAM,OAAA,CAAQ,KAAA,EAAO,EAAE,QAAO,EAAG;AAC/B,IAAA,OAAO,MAAA,CAAO,QAAQ,KAAK,CAAA;AAAA,EAC7B;AACF,CAAC;;;;"}
package/dist/strategy.cjs.js CHANGED
@@ -1,12 +1,14 @@
1
1
  'use strict';
2
2
 
3
3
  var Auth0InternalStrategy = require('passport-auth0');
4
+ var errors = require('@backstage/errors');
4
5
 
5
6
  function _interopDefaultCompat (e) { return e && typeof e === 'object' && 'default' in e ? e : { default: e }; }
6
7
 
7
8
  var Auth0InternalStrategy__default = /*#__PURE__*/_interopDefaultCompat(Auth0InternalStrategy);
8
9
 
9
10
  class Auth0Strategy extends Auth0InternalStrategy__default.default {
11
+ organization;
10
12
  constructor(options, verify) {
11
13
  const optionsWithURLs = {
12
14
  ...options,
@@ -16,6 +18,30 @@ class Auth0Strategy extends Auth0InternalStrategy__default.default {
16
18
  apiUrl: `https://${options.domain}/api`
17
19
  };
18
20
  super(optionsWithURLs, verify);
21
+ this.organization = options.organization;
22
+ }
23
+ authenticate(req, options) {
24
+ const { organization, invitation } = req.query;
25
+ if (organization && this.organization && organization !== this.organization) {
26
+ throw new errors.InputError(
27
+ "Organization mismatch. The organization provided in the request does not match the organization configured in the strategy."
28
+ );
29
+ }
30
+ super.authenticate(req, {
31
+ ...options,
32
+ ...organization ? { organization } : {},
33
+ ...invitation ? { invitation } : {}
34
+ });
35
+ }
36
+ authorizationParams(options) {
37
+ const params = super.authorizationParams(options);
38
+ if (options.organization || this.organization) {
39
+ params.organization = options.organization || this.organization;
40
+ }
41
+ if (options.invitation) {
42
+ params.invitation = options.invitation;
43
+ }
44
+ return params;
19
45
  }
20
46
  }
21
47
 
package/dist/strategy.cjs.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"strategy.cjs.js","sources":["../src/strategy.ts"],"sourcesContent":["/*\n * Copyright 2024 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport Auth0InternalStrategy from 'passport-auth0';\nimport type { StateStore } from 'passport-oauth2';\n\n/** @public */\nexport interface Auth0StrategyOptionsWithRequest {\n clientID: string;\n clientSecret: string;\n callbackURL: string;\n domain: string;\n passReqToCallback: true;\n store: StateStore;\n}\n\n/** @public */\nexport class Auth0Strategy extends Auth0InternalStrategy {\n constructor(\n options: Auth0StrategyOptionsWithRequest,\n verify: Auth0InternalStrategy.VerifyFunction,\n ) {\n const optionsWithURLs = {\n ...options,\n authorizationURL: `https://${options.domain}/authorize`,\n tokenURL: `https://${options.domain}/oauth/token`,\n userInfoURL: `https://${options.domain}/userinfo`,\n apiUrl: `https://${options.domain}/api`,\n };\n super(optionsWithURLs, verify);\n }\n}\n"],"names":["Auth0InternalStrategy"],"mappings":";;;;;;;;AA8BO,MAAM,sBAAsBA,sCAAA,CAAsB;AAAA,EACvD,WAAA,CACE,SACA,MAAA,EACA;AACA,IAAA,MAAM,eAAA,GAAkB;AAAA,MACtB,GAAG,OAAA;AAAA,MACH,gBAAA,EAAkB,CAAA,QAAA,EAAW,OAAA,CAAQ,MAAM,CAAA,UAAA,CAAA;AAAA,MAC3C,QAAA,EAAU,CAAA,QAAA,EAAW,OAAA,CAAQ,MAAM,CAAA,YAAA,CAAA;AAAA,MACnC,WAAA,EAAa,CAAA,QAAA,EAAW,OAAA,CAAQ,MAAM,CAAA,SAAA,CAAA;AAAA,MACtC,MAAA,EAAQ,CAAA,QAAA,EAAW,OAAA,CAAQ,MAAM,CAAA,IAAA;AAAA,KACnC;AACA,IAAA,KAAA,CAAM,iBAAiB,MAAM,CAAA;AAAA,EAC/B;AACF;;;;"}
1
+ {"version":3,"file":"strategy.cjs.js","sources":["../src/strategy.ts"],"sourcesContent":["/*\n * Copyright 2024 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport Auth0InternalStrategy from 'passport-auth0';\nimport type { StateStore } from 'passport-oauth2';\nimport type express from 'express';\nimport { InputError } from '@backstage/errors';\n\n/** @public */\nexport interface Auth0StrategyOptionsWithRequest {\n clientID: string;\n clientSecret: string;\n callbackURL: string;\n domain: string;\n passReqToCallback: true;\n store: StateStore;\n organization?: string;\n}\n\n/** @public */\nexport class Auth0Strategy extends Auth0InternalStrategy {\n private organization: string | undefined;\n\n constructor(\n options: Auth0StrategyOptionsWithRequest,\n verify: Auth0InternalStrategy.VerifyFunction,\n ) {\n const optionsWithURLs = {\n ...options,\n authorizationURL: `https://${options.domain}/authorize`,\n tokenURL: `https://${options.domain}/oauth/token`,\n userInfoURL: `https://${options.domain}/userinfo`,\n apiUrl: `https://${options.domain}/api`,\n };\n super(optionsWithURLs, verify);\n this.organization = options.organization;\n }\n\n authenticate(req: express.Request, options: Record<string, any>): void {\n const { organization, invitation } = req.query;\n\n // Throw an error if the organization in the request does not match the organization configured in the strategy\n if (\n organization &&\n this.organization &&\n organization !== this.organization\n ) {\n throw new InputError(\n 'Organization mismatch. The organization provided in the request does not match the organization configured in the strategy.',\n );\n }\n\n super.authenticate(req, {\n ...options,\n ...(organization ? { organization } : {}),\n ...(invitation ? { invitation } : {}),\n });\n }\n\n authorizationParams(options: Record<string, any>): Record<string, any> {\n const params = super.authorizationParams(options);\n\n if (options.organization || this.organization) {\n params.organization = options.organization || this.organization;\n }\n\n if (options.invitation) {\n params.invitation = options.invitation;\n }\n\n return params;\n }\n}\n"],"names":["Auth0InternalStrategy","InputError"],"mappings":";;;;;;;;;AAiCO,MAAM,sBAAsBA,sCAAA,CAAsB;AAAA,EAC/C,YAAA;AAAA,EAER,WAAA,CACE,SACA,MAAA,EACA;AACA,IAAA,MAAM,eAAA,GAAkB;AAAA,MACtB,GAAG,OAAA;AAAA,MACH,gBAAA,EAAkB,CAAA,QAAA,EAAW,OAAA,CAAQ,MAAM,CAAA,UAAA,CAAA;AAAA,MAC3C,QAAA,EAAU,CAAA,QAAA,EAAW,OAAA,CAAQ,MAAM,CAAA,YAAA,CAAA;AAAA,MACnC,WAAA,EAAa,CAAA,QAAA,EAAW,OAAA,CAAQ,MAAM,CAAA,SAAA,CAAA;AAAA,MACtC,MAAA,EAAQ,CAAA,QAAA,EAAW,OAAA,CAAQ,MAAM,CAAA,IAAA;AAAA,KACnC;AACA,IAAA,KAAA,CAAM,iBAAiB,MAAM,CAAA;AAC7B,IAAA,IAAA,CAAK,eAAe,OAAA,CAAQ,YAAA;AAAA,EAC9B;AAAA,EAEA,YAAA,CAAa,KAAsB,OAAA,EAAoC;AACrE,IAAA,MAAM,EAAE,YAAA,EAAc,UAAA,EAAW,GAAI,GAAA,CAAI,KAAA;AAGzC,IAAA,IACE,YAAA,IACA,IAAA,CAAK,YAAA,IACL,YAAA,KAAiB,KAAK,YAAA,EACtB;AACA,MAAA,MAAM,IAAIC,iBAAA;AAAA,QACR;AAAA,OACF;AAAA,IACF;AAEA,IAAA,KAAA,CAAM,aAAa,GAAA,EAAK;AAAA,MACtB,GAAG,OAAA;AAAA,MACH,GAAI,YAAA,GAAe,EAAE,YAAA,KAAiB,EAAC;AAAA,MACvC,GAAI,UAAA,GAAa,EAAE,UAAA,KAAe;AAAC,KACpC,CAAA;AAAA,EACH;AAAA,EAEA,oBAAoB,OAAA,EAAmD;AACrE,IAAA,MAAM,MAAA,GAAS,KAAA,CAAM,mBAAA,CAAoB,OAAO,CAAA;AAEhD,IAAA,IAAI,OAAA,CAAQ,YAAA,IAAgB,IAAA,CAAK,YAAA,EAAc;AAC7C,MAAA,MAAA,CAAO,YAAA,GAAe,OAAA,CAAQ,YAAA,IAAgB,IAAA,CAAK,YAAA;AAAA,IACrD;AAEA,IAAA,IAAI,QAAQ,UAAA,EAAY;AACtB,MAAA,MAAA,CAAO,aAAa,OAAA,CAAQ,UAAA;AAAA,IAC9B;AAEA,IAAA,OAAO,MAAA;AAAA,EACT;AACF;;;;"}
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@backstage/plugin-auth-backend-module-auth0-provider",
3
- "version": "0.2.10",
3
+ "version": "0.3.0-next.1",
4
4
  "description": "The auth0-provider backend module for the auth plugin.",
5
5
  "backstage": {
6
6
  "role": "backend-plugin-module",
@@ -37,18 +37,21 @@
37
37
  "test": "backstage-cli package test"
38
38
  },
39
39
  "dependencies": {
40
- "@backstage/backend-plugin-api": "^1.6.0",
41
- "@backstage/plugin-auth-node": "^0.6.10",
40
+ "@backstage/backend-plugin-api": "1.7.0-next.1",
41
+ "@backstage/errors": "1.2.7",
42
+ "@backstage/plugin-auth-node": "0.6.13-next.1",
42
43
  "express": "^4.22.0",
44
+ "passport": "^0.7.0",
43
45
  "passport-auth0": "^1.4.3",
44
46
  "passport-oauth2": "^1.6.1"
45
47
  },
46
48
  "devDependencies": {
47
- "@backstage/backend-defaults": "^0.14.0",
48
- "@backstage/backend-test-utils": "^1.10.2",
49
- "@backstage/cli": "^0.35.0",
50
- "@backstage/plugin-auth-backend": "^0.25.7",
51
- "@backstage/types": "^1.2.2",
49
+ "@backstage/backend-defaults": "0.15.2-next.1",
50
+ "@backstage/backend-test-utils": "1.11.0-next.1",
51
+ "@backstage/cli": "0.35.4-next.2",
52
+ "@backstage/plugin-auth-backend": "0.27.0-next.1",
53
+ "@backstage/types": "1.2.2",
54
+ "@types/passport": "^1.0.3",
52
55
  "@types/passport-auth0": "^1.0.5",
53
56
  "@types/passport-oauth2": "^1.4.15",
54
57
  "supertest": "^7.0.0"