@backstage/plugin-auth-backend-module-auth0-provider 0.4.2 → 0.4.3-next.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/CHANGELOG.md CHANGED
@@ -1,5 +1,23 @@
1
1
  # @backstage/plugin-auth-backend-module-auth0-provider
2
2
 
3
+ ## 0.4.3-next.1
4
+
5
+ ### Patch Changes
6
+
7
+ - 5446838: Added an optional `prompt` setting for Auth0 authorization requests. Set it to
8
+ `auto` to let Auth0 determine whether the user needs to be prompted. Existing
9
+ configurations continue to use `consent` by default.
10
+ - Updated dependencies
11
+ - @backstage/backend-plugin-api@1.9.3-next.1
12
+
13
+ ## 0.4.3-next.0
14
+
15
+ ### Patch Changes
16
+
17
+ - Updated dependencies
18
+ - @backstage/plugin-auth-node@0.7.3-next.0
19
+ - @backstage/backend-plugin-api@1.9.3-next.0
20
+
3
21
  ## 0.4.2
4
22
 
5
23
  ### Patch Changes
@@ -0,0 +1,100 @@
1
+ {
2
+ "$schema": "http://json-schema.org/draft-07/schema#",
3
+ "type": "object",
4
+ "properties": {
5
+ "auth": {
6
+ "type": "object",
7
+ "properties": {
8
+ "providers": {
9
+ "type": "object",
10
+ "properties": {
11
+ "auth0": {
12
+ "type": "object",
13
+ "additionalProperties": {
14
+ "type": "object",
15
+ "properties": {
16
+ "clientId": {
17
+ "type": "string"
18
+ },
19
+ "clientSecret": {
20
+ "type": "string",
21
+ "visibility": "secret"
22
+ },
23
+ "domain": {
24
+ "type": "string"
25
+ },
26
+ "callbackUrl": {
27
+ "type": "string"
28
+ },
29
+ "audience": {
30
+ "type": "string"
31
+ },
32
+ "connection": {
33
+ "type": "string"
34
+ },
35
+ "connectionScope": {
36
+ "type": "string"
37
+ },
38
+ "prompt": {
39
+ "type": "string",
40
+ "description": "Controls the prompt sent to Auth0. Set to `auto` to omit the parameter and let Auth0 determine whether to prompt the user. Defaults to `consent`."
41
+ },
42
+ "organization": {
43
+ "type": "string"
44
+ },
45
+ "federatedLogout": {
46
+ "type": "boolean",
47
+ "description": "Whether to perform federated logout, clearing both the Auth0 session and any upstream IdP session. Defaults to false."
48
+ },
49
+ "sessionDuration": {
50
+ "anyOf": [
51
+ {
52
+ "type": "object",
53
+ "properties": {
54
+ "years": {
55
+ "type": "number"
56
+ },
57
+ "months": {
58
+ "type": "number"
59
+ },
60
+ "weeks": {
61
+ "type": "number"
62
+ },
63
+ "days": {
64
+ "type": "number"
65
+ },
66
+ "hours": {
67
+ "type": "number"
68
+ },
69
+ "minutes": {
70
+ "type": "number"
71
+ },
72
+ "seconds": {
73
+ "type": "number"
74
+ },
75
+ "milliseconds": {
76
+ "type": "number"
77
+ }
78
+ },
79
+ "description": "Human friendly durations object."
80
+ },
81
+ {
82
+ "type": "string"
83
+ }
84
+ ]
85
+ }
86
+ },
87
+ "required": [
88
+ "clientId",
89
+ "clientSecret",
90
+ "domain"
91
+ ]
92
+ },
93
+ "visibility": "frontend"
94
+ }
95
+ }
96
+ }
97
+ }
98
+ }
99
+ }
100
+ }
@@ -17,6 +17,7 @@ function createAuth0Authenticator(options) {
17
17
  const audience = config.getOptionalString("audience");
18
18
  const connection = config.getOptionalString("connection");
19
19
  const connectionScope = config.getOptionalString("connectionScope");
20
+ const prompt = config.getOptionalString("prompt") ?? "consent";
20
21
  const callbackURL = config.getOptionalString("callbackUrl") ?? callbackUrl;
21
22
  const organization = config.getOptionalString("organization");
22
23
  const store = {
@@ -61,15 +62,22 @@ function createAuth0Authenticator(options) {
61
62
  audience,
62
63
  connection,
63
64
  connectionScope,
65
+ prompt,
64
66
  domain,
65
67
  clientID,
66
68
  federated
67
69
  };
68
70
  },
69
- async start(input, { helper, audience, connection, connectionScope: connection_scope }) {
71
+ async start(input, {
72
+ helper,
73
+ audience,
74
+ connection,
75
+ connectionScope: connection_scope,
76
+ prompt
77
+ }) {
70
78
  return helper.start(input, {
71
79
  accessType: "offline",
72
- prompt: "consent",
80
+ ...prompt !== "auto" ? { prompt } : {},
73
81
  ...audience ? { audience } : {},
74
82
  ...connection ? { connection } : {},
75
83
  ...connection_scope ? { connection_scope } : {}
@@ -1 +1 @@
1
- {"version":3,"file":"authenticator.cjs.js","sources":["../src/authenticator.ts"],"sourcesContent":["/*\n * Copyright 2024 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { CacheService } from '@backstage/backend-plugin-api';\nimport express from 'express';\nimport { decodeJwt } from 'jose';\nimport { Strategy } from 'passport';\nimport {\n createOAuthAuthenticator,\n PassportHelpers,\n PassportOAuthAuthenticatorHelper,\n PassportOAuthDoneCallback,\n PassportProfile,\n} from '@backstage/plugin-auth-node';\nimport { Auth0Strategy } from './strategy';\n\n/** @public */\nexport function createAuth0Authenticator(options?: { cache?: CacheService }) {\n const profileCache = options?.cache?.withOptions({\n defaultTtl: { minutes: 1 },\n });\n\n return createOAuthAuthenticator({\n defaultProfileTransform:\n PassportOAuthAuthenticatorHelper.defaultProfileTransform,\n initialize({ callbackUrl, config }) {\n const clientID = config.getString('clientId');\n const clientSecret = config.getString('clientSecret');\n const domain = config.getString('domain');\n const audience = config.getOptionalString('audience');\n const connection = config.getOptionalString('connection');\n const connectionScope = config.getOptionalString('connectionScope');\n const callbackURL =\n config.getOptionalString('callbackUrl') ?? callbackUrl;\n const organization = config.getOptionalString('organization');\n // Due to passport-auth0 forcing options.state = true,\n // passport-oauth2 requires express-session to be installed\n // so that the 'state' parameter of the oauth2 flow can be stored.\n // This implementation of StateStore matches the NullStore found within\n // passport-oauth2, which is the StateStore implementation used when options.state = false,\n // allowing us to avoid using express-session in order to integrate with auth0.\n const store = {\n store(_req: express.Request, cb: any) {\n cb(null, null);\n },\n verify(_req: express.Request, _state: string, cb: any) {\n cb(null, true);\n },\n };\n\n const strategy = new Auth0Strategy(\n {\n clientID,\n clientSecret,\n callbackURL,\n domain,\n store,\n organization,\n // We need passReqToCallback set to false to get params, but there's\n // no matching type signature for that, so instead behold this beauty\n passReqToCallback: false as true,\n },\n (\n accessToken: string,\n refreshToken: string,\n params: any,\n fullProfile: PassportProfile,\n done: PassportOAuthDoneCallback,\n ) => {\n done(\n undefined,\n {\n fullProfile,\n accessToken,\n params,\n },\n {\n refreshToken,\n },\n );\n },\n );\n\n const helper = PassportOAuthAuthenticatorHelper.from(strategy);\n const federated = config.getOptionalBoolean('federatedLogout') ?? false;\n return {\n helper,\n strategy: strategy as Strategy,\n audience,\n connection,\n connectionScope,\n domain,\n clientID,\n federated,\n };\n },\n\n async start(\n input,\n { helper, audience, connection, connectionScope: connection_scope },\n ) {\n return helper.start(input, {\n accessType: 'offline',\n prompt: 'consent',\n ...(audience ? { audience } : {}),\n ...(connection ? { connection } : {}),\n ...(connection_scope ? { connection_scope } : {}),\n });\n },\n\n async authenticate(\n input,\n { helper, audience, connection, connectionScope: connection_scope },\n ) {\n return helper.authenticate(input, {\n ...(audience ? { audience } : {}),\n ...(connection ? { connection } : {}),\n ...(connection_scope ? { connection_scope } : {}),\n });\n },\n\n async refresh(input, { helper, strategy }) {\n const result = await PassportHelpers.executeRefreshTokenStrategy(\n strategy,\n input.refreshToken,\n input.scope,\n );\n\n const { sub } = decodeJwt(result.params.id_token);\n const cacheKey = sub ? `auth0-profile:${sub}` : undefined;\n\n let fullProfile = cacheKey\n ? ((await profileCache?.get(cacheKey)) as PassportProfile | undefined)\n : undefined;\n\n if (!fullProfile) {\n fullProfile = await helper.fetchProfile(result.accessToken);\n if (cacheKey) {\n await profileCache?.set(\n cacheKey,\n JSON.parse(JSON.stringify(fullProfile)),\n );\n }\n }\n\n return {\n fullProfile,\n session: {\n accessToken: result.accessToken,\n tokenType: result.params.token_type ?? 'bearer',\n scope: result.params.scope,\n expiresInSeconds: result.params.expires_in,\n idToken: result.params.id_token,\n refreshToken: result.refreshToken,\n },\n };\n },\n\n async logout(input, { domain, clientID, federated }) {\n const logoutUrl = new URL(`https://${domain}/v2/logout`);\n if (federated) {\n logoutUrl.searchParams.set('federated', '');\n }\n logoutUrl.searchParams.set('client_id', clientID);\n const origin = input.req.get('origin');\n if (origin) {\n logoutUrl.searchParams.set('returnTo', origin);\n }\n return { logoutUrl: logoutUrl.toString() };\n },\n });\n}\n\n/** @public */\nexport const auth0Authenticator = createAuth0Authenticator();\n"],"names":["createOAuthAuthenticator","PassportOAuthAuthenticatorHelper","strategy","Auth0Strategy","PassportHelpers","decodeJwt"],"mappings":";;;;;;AA8BO,SAAS,yBAAyB,OAAA,EAAoC;AAC3E,EAAA,MAAM,YAAA,GAAe,OAAA,EAAS,KAAA,EAAO,WAAA,CAAY;AAAA,IAC/C,UAAA,EAAY,EAAE,OAAA,EAAS,CAAA;AAAE,GAC1B,CAAA;AAED,EAAA,OAAOA,uCAAA,CAAyB;AAAA,IAC9B,yBACEC,+CAAA,CAAiC,uBAAA;AAAA,IACnC,UAAA,CAAW,EAAE,WAAA,EAAa,MAAA,EAAO,EAAG;AAClC,MAAA,MAAM,QAAA,GAAW,MAAA,CAAO,SAAA,CAAU,UAAU,CAAA;AAC5C,MAAA,MAAM,YAAA,GAAe,MAAA,CAAO,SAAA,CAAU,cAAc,CAAA;AACpD,MAAA,MAAM,MAAA,GAAS,MAAA,CAAO,SAAA,CAAU,QAAQ,CAAA;AACxC,MAAA,MAAM,QAAA,GAAW,MAAA,CAAO,iBAAA,CAAkB,UAAU,CAAA;AACpD,MAAA,MAAM,UAAA,GAAa,MAAA,CAAO,iBAAA,CAAkB,YAAY,CAAA;AACxD,MAAA,MAAM,eAAA,GAAkB,MAAA,CAAO,iBAAA,CAAkB,iBAAiB,CAAA;AAClE,MAAA,MAAM,WAAA,GACJ,MAAA,CAAO,iBAAA,CAAkB,aAAa,CAAA,IAAK,WAAA;AAC7C,MAAA,MAAM,YAAA,GAAe,MAAA,CAAO,iBAAA,CAAkB,cAAc,CAAA;AAO5D,MAAA,MAAM,KAAA,GAAQ;AAAA,QACZ,KAAA,CAAM,MAAuB,EAAA,EAAS;AACpC,UAAA,EAAA,CAAG,MAAM,IAAI,CAAA;AAAA,QACf,CAAA;AAAA,QACA,MAAA,CAAO,IAAA,EAAuB,MAAA,EAAgB,EAAA,EAAS;AACrD,UAAA,EAAA,CAAG,MAAM,IAAI,CAAA;AAAA,QACf;AAAA,OACF;AAEA,MAAA,MAAMC,aAAW,IAAIC,sBAAA;AAAA,QACnB;AAAA,UACE,QAAA;AAAA,UACA,YAAA;AAAA,UACA,WAAA;AAAA,UACA,MAAA;AAAA,UACA,KAAA;AAAA,UACA,YAAA;AAAA;AAAA;AAAA,UAGA,iBAAA,EAAmB;AAAA,SACrB;AAAA,QACA,CACE,WAAA,EACA,YAAA,EACA,MAAA,EACA,aACA,IAAA,KACG;AACH,UAAA,IAAA;AAAA,YACE,MAAA;AAAA,YACA;AAAA,cACE,WAAA;AAAA,cACA,WAAA;AAAA,cACA;AAAA,aACF;AAAA,YACA;AAAA,cACE;AAAA;AACF,WACF;AAAA,QACF;AAAA,OACF;AAEA,MAAA,MAAM,MAAA,GAASF,+CAAA,CAAiC,IAAA,CAAKC,UAAQ,CAAA;AAC7D,MAAA,MAAM,SAAA,GAAY,MAAA,CAAO,kBAAA,CAAmB,iBAAiB,CAAA,IAAK,KAAA;AAClE,MAAA,OAAO;AAAA,QACL,MAAA;AAAA,kBACAA,UAAA;AAAA,QACA,QAAA;AAAA,QACA,UAAA;AAAA,QACA,eAAA;AAAA,QACA,MAAA;AAAA,QACA,QAAA;AAAA,QACA;AAAA,OACF;AAAA,IACF,CAAA;AAAA,IAEA,MAAM,MACJ,KAAA,EACA,EAAE,QAAQ,QAAA,EAAU,UAAA,EAAY,eAAA,EAAiB,gBAAA,EAAiB,EAClE;AACA,MAAA,OAAO,MAAA,CAAO,MAAM,KAAA,EAAO;AAAA,QACzB,UAAA,EAAY,SAAA;AAAA,QACZ,MAAA,EAAQ,SAAA;AAAA,QACR,GAAI,QAAA,GAAW,EAAE,QAAA,KAAa,EAAC;AAAA,QAC/B,GAAI,UAAA,GAAa,EAAE,UAAA,KAAe,EAAC;AAAA,QACnC,GAAI,gBAAA,GAAmB,EAAE,gBAAA,KAAqB;AAAC,OAChD,CAAA;AAAA,IACH,CAAA;AAAA,IAEA,MAAM,aACJ,KAAA,EACA,EAAE,QAAQ,QAAA,EAAU,UAAA,EAAY,eAAA,EAAiB,gBAAA,EAAiB,EAClE;AACA,MAAA,OAAO,MAAA,CAAO,aAAa,KAAA,EAAO;AAAA,QAChC,GAAI,QAAA,GAAW,EAAE,QAAA,KAAa,EAAC;AAAA,QAC/B,GAAI,UAAA,GAAa,EAAE,UAAA,KAAe,EAAC;AAAA,QACnC,GAAI,gBAAA,GAAmB,EAAE,gBAAA,KAAqB;AAAC,OAChD,CAAA;AAAA,IACH,CAAA;AAAA,IAEA,MAAM,OAAA,CAAQ,KAAA,EAAO,EAAE,MAAA,EAAQ,UAAS,EAAG;AACzC,MAAA,MAAM,MAAA,GAAS,MAAME,8BAAA,CAAgB,2BAAA;AAAA,QACnC,QAAA;AAAA,QACA,KAAA,CAAM,YAAA;AAAA,QACN,KAAA,CAAM;AAAA,OACR;AAEA,MAAA,MAAM,EAAE,GAAA,EAAI,GAAIC,cAAA,CAAU,MAAA,CAAO,OAAO,QAAQ,CAAA;AAChD,MAAA,MAAM,QAAA,GAAW,GAAA,GAAM,CAAA,cAAA,EAAiB,GAAG,CAAA,CAAA,GAAK,MAAA;AAEhD,MAAA,IAAI,cAAc,QAAA,GACZ,MAAM,YAAA,EAAc,GAAA,CAAI,QAAQ,CAAA,GAClC,MAAA;AAEJ,MAAA,IAAI,CAAC,WAAA,EAAa;AAChB,QAAA,WAAA,GAAc,MAAM,MAAA,CAAO,YAAA,CAAa,MAAA,CAAO,WAAW,CAAA;AAC1D,QAAA,IAAI,QAAA,EAAU;AACZ,UAAA,MAAM,YAAA,EAAc,GAAA;AAAA,YAClB,QAAA;AAAA,YACA,IAAA,CAAK,KAAA,CAAM,IAAA,CAAK,SAAA,CAAU,WAAW,CAAC;AAAA,WACxC;AAAA,QACF;AAAA,MACF;AAEA,MAAA,OAAO;AAAA,QACL,WAAA;AAAA,QACA,OAAA,EAAS;AAAA,UACP,aAAa,MAAA,CAAO,WAAA;AAAA,UACpB,SAAA,EAAW,MAAA,CAAO,MAAA,CAAO,UAAA,IAAc,QAAA;AAAA,UACvC,KAAA,EAAO,OAAO,MAAA,CAAO,KAAA;AAAA,UACrB,gBAAA,EAAkB,OAAO,MAAA,CAAO,UAAA;AAAA,UAChC,OAAA,EAAS,OAAO,MAAA,CAAO,QAAA;AAAA,UACvB,cAAc,MAAA,CAAO;AAAA;AACvB,OACF;AAAA,IACF,CAAA;AAAA,IAEA,MAAM,MAAA,CAAO,KAAA,EAAO,EAAE,MAAA,EAAQ,QAAA,EAAU,WAAU,EAAG;AACnD,MAAA,MAAM,SAAA,GAAY,IAAI,GAAA,CAAI,CAAA,QAAA,EAAW,MAAM,CAAA,UAAA,CAAY,CAAA;AACvD,MAAA,IAAI,SAAA,EAAW;AACb,QAAA,SAAA,CAAU,YAAA,CAAa,GAAA,CAAI,WAAA,EAAa,EAAE,CAAA;AAAA,MAC5C;AACA,MAAA,SAAA,CAAU,YAAA,CAAa,GAAA,CAAI,WAAA,EAAa,QAAQ,CAAA;AAChD,MAAA,MAAM,MAAA,GAAS,KAAA,CAAM,GAAA,CAAI,GAAA,CAAI,QAAQ,CAAA;AACrC,MAAA,IAAI,MAAA,EAAQ;AACV,QAAA,SAAA,CAAU,YAAA,CAAa,GAAA,CAAI,UAAA,EAAY,MAAM,CAAA;AAAA,MAC/C;AACA,MAAA,OAAO,EAAE,SAAA,EAAW,SAAA,CAAU,QAAA,EAAS,EAAE;AAAA,IAC3C;AAAA,GACD,CAAA;AACH;AAGO,MAAM,qBAAqB,wBAAA;;;;;"}
1
+ {"version":3,"file":"authenticator.cjs.js","sources":["../src/authenticator.ts"],"sourcesContent":["/*\n * Copyright 2024 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { CacheService } from '@backstage/backend-plugin-api';\nimport express from 'express';\nimport { decodeJwt } from 'jose';\nimport { Strategy } from 'passport';\nimport {\n createOAuthAuthenticator,\n PassportHelpers,\n PassportOAuthAuthenticatorHelper,\n PassportOAuthDoneCallback,\n PassportProfile,\n} from '@backstage/plugin-auth-node';\nimport { Auth0Strategy } from './strategy';\n\n/** @public */\nexport function createAuth0Authenticator(options?: { cache?: CacheService }) {\n const profileCache = options?.cache?.withOptions({\n defaultTtl: { minutes: 1 },\n });\n\n return createOAuthAuthenticator({\n defaultProfileTransform:\n PassportOAuthAuthenticatorHelper.defaultProfileTransform,\n initialize({ callbackUrl, config }) {\n const clientID = config.getString('clientId');\n const clientSecret = config.getString('clientSecret');\n const domain = config.getString('domain');\n const audience = config.getOptionalString('audience');\n const connection = config.getOptionalString('connection');\n const connectionScope = config.getOptionalString('connectionScope');\n const prompt = config.getOptionalString('prompt') ?? 'consent';\n const callbackURL =\n config.getOptionalString('callbackUrl') ?? callbackUrl;\n const organization = config.getOptionalString('organization');\n // Due to passport-auth0 forcing options.state = true,\n // passport-oauth2 requires express-session to be installed\n // so that the 'state' parameter of the oauth2 flow can be stored.\n // This implementation of StateStore matches the NullStore found within\n // passport-oauth2, which is the StateStore implementation used when options.state = false,\n // allowing us to avoid using express-session in order to integrate with auth0.\n const store = {\n store(_req: express.Request, cb: any) {\n cb(null, null);\n },\n verify(_req: express.Request, _state: string, cb: any) {\n cb(null, true);\n },\n };\n\n const strategy = new Auth0Strategy(\n {\n clientID,\n clientSecret,\n callbackURL,\n domain,\n store,\n organization,\n // We need passReqToCallback set to false to get params, but there's\n // no matching type signature for that, so instead behold this beauty\n passReqToCallback: false as true,\n },\n (\n accessToken: string,\n refreshToken: string,\n params: any,\n fullProfile: PassportProfile,\n done: PassportOAuthDoneCallback,\n ) => {\n done(\n undefined,\n {\n fullProfile,\n accessToken,\n params,\n },\n {\n refreshToken,\n },\n );\n },\n );\n\n const helper = PassportOAuthAuthenticatorHelper.from(strategy);\n const federated = config.getOptionalBoolean('federatedLogout') ?? false;\n return {\n helper,\n strategy: strategy as Strategy,\n audience,\n connection,\n connectionScope,\n prompt,\n domain,\n clientID,\n federated,\n };\n },\n\n async start(\n input,\n {\n helper,\n audience,\n connection,\n connectionScope: connection_scope,\n prompt,\n },\n ) {\n return helper.start(input, {\n accessType: 'offline',\n ...(prompt !== 'auto' ? { prompt } : {}),\n ...(audience ? { audience } : {}),\n ...(connection ? { connection } : {}),\n ...(connection_scope ? { connection_scope } : {}),\n });\n },\n\n async authenticate(\n input,\n { helper, audience, connection, connectionScope: connection_scope },\n ) {\n return helper.authenticate(input, {\n ...(audience ? { audience } : {}),\n ...(connection ? { connection } : {}),\n ...(connection_scope ? { connection_scope } : {}),\n });\n },\n\n async refresh(input, { helper, strategy }) {\n const result = await PassportHelpers.executeRefreshTokenStrategy(\n strategy,\n input.refreshToken,\n input.scope,\n );\n\n const { sub } = decodeJwt(result.params.id_token);\n const cacheKey = sub ? `auth0-profile:${sub}` : undefined;\n\n let fullProfile = cacheKey\n ? ((await profileCache?.get(cacheKey)) as PassportProfile | undefined)\n : undefined;\n\n if (!fullProfile) {\n fullProfile = await helper.fetchProfile(result.accessToken);\n if (cacheKey) {\n await profileCache?.set(\n cacheKey,\n JSON.parse(JSON.stringify(fullProfile)),\n );\n }\n }\n\n return {\n fullProfile,\n session: {\n accessToken: result.accessToken,\n tokenType: result.params.token_type ?? 'bearer',\n scope: result.params.scope,\n expiresInSeconds: result.params.expires_in,\n idToken: result.params.id_token,\n refreshToken: result.refreshToken,\n },\n };\n },\n\n async logout(input, { domain, clientID, federated }) {\n const logoutUrl = new URL(`https://${domain}/v2/logout`);\n if (federated) {\n logoutUrl.searchParams.set('federated', '');\n }\n logoutUrl.searchParams.set('client_id', clientID);\n const origin = input.req.get('origin');\n if (origin) {\n logoutUrl.searchParams.set('returnTo', origin);\n }\n return { logoutUrl: logoutUrl.toString() };\n },\n });\n}\n\n/** @public */\nexport const auth0Authenticator = createAuth0Authenticator();\n"],"names":["createOAuthAuthenticator","PassportOAuthAuthenticatorHelper","strategy","Auth0Strategy","PassportHelpers","decodeJwt"],"mappings":";;;;;;AA8BO,SAAS,yBAAyB,OAAA,EAAoC;AAC3E,EAAA,MAAM,YAAA,GAAe,OAAA,EAAS,KAAA,EAAO,WAAA,CAAY;AAAA,IAC/C,UAAA,EAAY,EAAE,OAAA,EAAS,CAAA;AAAE,GAC1B,CAAA;AAED,EAAA,OAAOA,uCAAA,CAAyB;AAAA,IAC9B,yBACEC,+CAAA,CAAiC,uBAAA;AAAA,IACnC,UAAA,CAAW,EAAE,WAAA,EAAa,MAAA,EAAO,EAAG;AAClC,MAAA,MAAM,QAAA,GAAW,MAAA,CAAO,SAAA,CAAU,UAAU,CAAA;AAC5C,MAAA,MAAM,YAAA,GAAe,MAAA,CAAO,SAAA,CAAU,cAAc,CAAA;AACpD,MAAA,MAAM,MAAA,GAAS,MAAA,CAAO,SAAA,CAAU,QAAQ,CAAA;AACxC,MAAA,MAAM,QAAA,GAAW,MAAA,CAAO,iBAAA,CAAkB,UAAU,CAAA;AACpD,MAAA,MAAM,UAAA,GAAa,MAAA,CAAO,iBAAA,CAAkB,YAAY,CAAA;AACxD,MAAA,MAAM,eAAA,GAAkB,MAAA,CAAO,iBAAA,CAAkB,iBAAiB,CAAA;AAClE,MAAA,MAAM,MAAA,GAAS,MAAA,CAAO,iBAAA,CAAkB,QAAQ,CAAA,IAAK,SAAA;AACrD,MAAA,MAAM,WAAA,GACJ,MAAA,CAAO,iBAAA,CAAkB,aAAa,CAAA,IAAK,WAAA;AAC7C,MAAA,MAAM,YAAA,GAAe,MAAA,CAAO,iBAAA,CAAkB,cAAc,CAAA;AAO5D,MAAA,MAAM,KAAA,GAAQ;AAAA,QACZ,KAAA,CAAM,MAAuB,EAAA,EAAS;AACpC,UAAA,EAAA,CAAG,MAAM,IAAI,CAAA;AAAA,QACf,CAAA;AAAA,QACA,MAAA,CAAO,IAAA,EAAuB,MAAA,EAAgB,EAAA,EAAS;AACrD,UAAA,EAAA,CAAG,MAAM,IAAI,CAAA;AAAA,QACf;AAAA,OACF;AAEA,MAAA,MAAMC,aAAW,IAAIC,sBAAA;AAAA,QACnB;AAAA,UACE,QAAA;AAAA,UACA,YAAA;AAAA,UACA,WAAA;AAAA,UACA,MAAA;AAAA,UACA,KAAA;AAAA,UACA,YAAA;AAAA;AAAA;AAAA,UAGA,iBAAA,EAAmB;AAAA,SACrB;AAAA,QACA,CACE,WAAA,EACA,YAAA,EACA,MAAA,EACA,aACA,IAAA,KACG;AACH,UAAA,IAAA;AAAA,YACE,MAAA;AAAA,YACA;AAAA,cACE,WAAA;AAAA,cACA,WAAA;AAAA,cACA;AAAA,aACF;AAAA,YACA;AAAA,cACE;AAAA;AACF,WACF;AAAA,QACF;AAAA,OACF;AAEA,MAAA,MAAM,MAAA,GAASF,+CAAA,CAAiC,IAAA,CAAKC,UAAQ,CAAA;AAC7D,MAAA,MAAM,SAAA,GAAY,MAAA,CAAO,kBAAA,CAAmB,iBAAiB,CAAA,IAAK,KAAA;AAClE,MAAA,OAAO;AAAA,QACL,MAAA;AAAA,kBACAA,UAAA;AAAA,QACA,QAAA;AAAA,QACA,UAAA;AAAA,QACA,eAAA;AAAA,QACA,MAAA;AAAA,QACA,MAAA;AAAA,QACA,QAAA;AAAA,QACA;AAAA,OACF;AAAA,IACF,CAAA;AAAA,IAEA,MAAM,MACJ,KAAA,EACA;AAAA,MACE,MAAA;AAAA,MACA,QAAA;AAAA,MACA,UAAA;AAAA,MACA,eAAA,EAAiB,gBAAA;AAAA,MACjB;AAAA,KACF,EACA;AACA,MAAA,OAAO,MAAA,CAAO,MAAM,KAAA,EAAO;AAAA,QACzB,UAAA,EAAY,SAAA;AAAA,QACZ,GAAI,MAAA,KAAW,MAAA,GAAS,EAAE,MAAA,KAAW,EAAC;AAAA,QACtC,GAAI,QAAA,GAAW,EAAE,QAAA,KAAa,EAAC;AAAA,QAC/B,GAAI,UAAA,GAAa,EAAE,UAAA,KAAe,EAAC;AAAA,QACnC,GAAI,gBAAA,GAAmB,EAAE,gBAAA,KAAqB;AAAC,OAChD,CAAA;AAAA,IACH,CAAA;AAAA,IAEA,MAAM,aACJ,KAAA,EACA,EAAE,QAAQ,QAAA,EAAU,UAAA,EAAY,eAAA,EAAiB,gBAAA,EAAiB,EAClE;AACA,MAAA,OAAO,MAAA,CAAO,aAAa,KAAA,EAAO;AAAA,QAChC,GAAI,QAAA,GAAW,EAAE,QAAA,KAAa,EAAC;AAAA,QAC/B,GAAI,UAAA,GAAa,EAAE,UAAA,KAAe,EAAC;AAAA,QACnC,GAAI,gBAAA,GAAmB,EAAE,gBAAA,KAAqB;AAAC,OAChD,CAAA;AAAA,IACH,CAAA;AAAA,IAEA,MAAM,OAAA,CAAQ,KAAA,EAAO,EAAE,MAAA,EAAQ,UAAS,EAAG;AACzC,MAAA,MAAM,MAAA,GAAS,MAAME,8BAAA,CAAgB,2BAAA;AAAA,QACnC,QAAA;AAAA,QACA,KAAA,CAAM,YAAA;AAAA,QACN,KAAA,CAAM;AAAA,OACR;AAEA,MAAA,MAAM,EAAE,GAAA,EAAI,GAAIC,cAAA,CAAU,MAAA,CAAO,OAAO,QAAQ,CAAA;AAChD,MAAA,MAAM,QAAA,GAAW,GAAA,GAAM,CAAA,cAAA,EAAiB,GAAG,CAAA,CAAA,GAAK,MAAA;AAEhD,MAAA,IAAI,cAAc,QAAA,GACZ,MAAM,YAAA,EAAc,GAAA,CAAI,QAAQ,CAAA,GAClC,MAAA;AAEJ,MAAA,IAAI,CAAC,WAAA,EAAa;AAChB,QAAA,WAAA,GAAc,MAAM,MAAA,CAAO,YAAA,CAAa,MAAA,CAAO,WAAW,CAAA;AAC1D,QAAA,IAAI,QAAA,EAAU;AACZ,UAAA,MAAM,YAAA,EAAc,GAAA;AAAA,YAClB,QAAA;AAAA,YACA,IAAA,CAAK,KAAA,CAAM,IAAA,CAAK,SAAA,CAAU,WAAW,CAAC;AAAA,WACxC;AAAA,QACF;AAAA,MACF;AAEA,MAAA,OAAO;AAAA,QACL,WAAA;AAAA,QACA,OAAA,EAAS;AAAA,UACP,aAAa,MAAA,CAAO,WAAA;AAAA,UACpB,SAAA,EAAW,MAAA,CAAO,MAAA,CAAO,UAAA,IAAc,QAAA;AAAA,UACvC,KAAA,EAAO,OAAO,MAAA,CAAO,KAAA;AAAA,UACrB,gBAAA,EAAkB,OAAO,MAAA,CAAO,UAAA;AAAA,UAChC,OAAA,EAAS,OAAO,MAAA,CAAO,QAAA;AAAA,UACvB,cAAc,MAAA,CAAO;AAAA;AACvB,OACF;AAAA,IACF,CAAA;AAAA,IAEA,MAAM,MAAA,CAAO,KAAA,EAAO,EAAE,MAAA,EAAQ,QAAA,EAAU,WAAU,EAAG;AACnD,MAAA,MAAM,SAAA,GAAY,IAAI,GAAA,CAAI,CAAA,QAAA,EAAW,MAAM,CAAA,UAAA,CAAY,CAAA;AACvD,MAAA,IAAI,SAAA,EAAW;AACb,QAAA,SAAA,CAAU,YAAA,CAAa,GAAA,CAAI,WAAA,EAAa,EAAE,CAAA;AAAA,MAC5C;AACA,MAAA,SAAA,CAAU,YAAA,CAAa,GAAA,CAAI,WAAA,EAAa,QAAQ,CAAA;AAChD,MAAA,MAAM,MAAA,GAAS,KAAA,CAAM,GAAA,CAAI,GAAA,CAAI,QAAQ,CAAA;AACrC,MAAA,IAAI,MAAA,EAAQ;AACV,QAAA,SAAA,CAAU,YAAA,CAAa,GAAA,CAAI,UAAA,EAAY,MAAM,CAAA;AAAA,MAC/C;AACA,MAAA,OAAO,EAAE,SAAA,EAAW,SAAA,CAAU,QAAA,EAAS,EAAE;AAAA,IAC3C;AAAA,GACD,CAAA;AACH;AAGO,MAAM,qBAAqB,wBAAA;;;;;"}
package/dist/index.d.ts CHANGED
@@ -13,6 +13,7 @@ declare function createAuth0Authenticator(options?: {
13
13
  audience: string | undefined;
14
14
  connection: string | undefined;
15
15
  connectionScope: string | undefined;
16
+ prompt: string;
16
17
  domain: string;
17
18
  clientID: string;
18
19
  federated: boolean;
@@ -24,6 +25,7 @@ declare const auth0Authenticator: _backstage_plugin_auth_node.OAuthAuthenticator
24
25
  audience: string | undefined;
25
26
  connection: string | undefined;
26
27
  connectionScope: string | undefined;
28
+ prompt: string;
27
29
  domain: string;
28
30
  clientID: string;
29
31
  federated: boolean;
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@backstage/plugin-auth-backend-module-auth0-provider",
3
- "version": "0.4.2",
3
+ "version": "0.4.3-next.1",
4
4
  "description": "The auth0-provider backend module for the auth plugin.",
5
5
  "backstage": {
6
6
  "role": "backend-plugin-module",
@@ -25,7 +25,7 @@
25
25
  "types": "dist/index.d.ts",
26
26
  "files": [
27
27
  "dist",
28
- "config.d.ts"
28
+ "config.schema.json"
29
29
  ],
30
30
  "scripts": {
31
31
  "build": "backstage-cli package build",
@@ -37,9 +37,9 @@
37
37
  "test": "backstage-cli package test"
38
38
  },
39
39
  "dependencies": {
40
- "@backstage/backend-plugin-api": "^1.9.2",
41
- "@backstage/errors": "^1.3.1",
42
- "@backstage/plugin-auth-node": "^0.7.2",
40
+ "@backstage/backend-plugin-api": "1.9.3-next.1",
41
+ "@backstage/errors": "1.3.1",
42
+ "@backstage/plugin-auth-node": "0.7.3-next.0",
43
43
  "@types/passport": "^1.0.3",
44
44
  "express": "^4.22.0",
45
45
  "jose": "^5.0.0",
@@ -48,16 +48,16 @@
48
48
  "passport-oauth2": "^1.6.1"
49
49
  },
50
50
  "devDependencies": {
51
- "@backstage/backend-defaults": "^0.17.3",
52
- "@backstage/backend-test-utils": "^1.11.4",
53
- "@backstage/cli": "^0.36.3",
54
- "@backstage/plugin-auth-backend": "^0.29.1",
55
- "@backstage/types": "^1.2.2",
51
+ "@backstage/backend-defaults": "0.17.5-next.2",
52
+ "@backstage/backend-test-utils": "1.11.5-next.0",
53
+ "@backstage/cli": "0.36.4-next.2",
54
+ "@backstage/plugin-auth-backend": "0.29.2-next.1",
55
+ "@backstage/types": "1.2.2",
56
56
  "@types/passport-auth0": "^1.0.5",
57
57
  "@types/passport-oauth2": "^1.4.15",
58
58
  "supertest": "^7.0.0"
59
59
  },
60
- "configSchema": "config.d.ts",
60
+ "configSchema": "config.schema.json",
61
61
  "typesVersions": {
62
62
  "*": {
63
63
  "package.json": [
package/config.d.ts DELETED
@@ -1,46 +0,0 @@
1
- /*
2
- * Copyright 2024 The Backstage Authors
3
- *
4
- * Licensed under the Apache License, Version 2.0 (the "License");
5
- * you may not use this file except in compliance with the License.
6
- * You may obtain a copy of the License at
7
- *
8
- * http://www.apache.org/licenses/LICENSE-2.0
9
- *
10
- * Unless required by applicable law or agreed to in writing, software
11
- * distributed under the License is distributed on an "AS IS" BASIS,
12
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13
- * See the License for the specific language governing permissions and
14
- * limitations under the License.
15
- */
16
-
17
- import { HumanDuration } from '@backstage/types';
18
-
19
- export interface Config {
20
- auth?: {
21
- providers?: {
22
- /** @visibility frontend */
23
- auth0?: {
24
- [authEnv: string]: {
25
- clientId: string;
26
- /**
27
- * @visibility secret
28
- */
29
- clientSecret: string;
30
- domain: string;
31
- callbackUrl?: string;
32
- audience?: string;
33
- connection?: string;
34
- connectionScope?: string;
35
- organization?: string;
36
- /**
37
- * Whether to perform federated logout, clearing both the Auth0
38
- * session and any upstream IdP session. Defaults to false.
39
- */
40
- federatedLogout?: boolean;
41
- sessionDuration?: HumanDuration | string;
42
- };
43
- };
44
- };
45
- };
46
- }