@backstage/plugin-auth-backend-module-oauth2-provider 0.0.0-nightly-20230913021415

package/CHANGELOG.md

@@ -0,0 +1,27 @@
+# @backstage/plugin-auth-backend-module-oauth2-provider
+
+## 0.0.0-nightly-20230913021415
+
+### Minor Changes
+
+- 101cf1d13b04: New module for `@backstage/plugin-auth-backend` that adds a `oauth2` auth provider.
+
+### Patch Changes
+
+- Updated dependencies
+  - @backstage/plugin-auth-node@0.0.0-nightly-20230913021415
+  - @backstage/backend-common@0.0.0-nightly-20230913021415
+  - @backstage/backend-plugin-api@0.0.0-nightly-20230913021415
+
+## 0.1.0-next.0
+
+### Minor Changes
+
+- 101cf1d13b04: New module for `@backstage/plugin-auth-backend` that adds a `oauth2` auth provider.
+
+### Patch Changes
+
+- Updated dependencies
+  - @backstage/backend-plugin-api@0.6.3-next.3
+  - @backstage/backend-common@0.19.5-next.3
+  - @backstage/plugin-auth-node@0.3.0-next.3

package/README.md

@@ -0,0 +1,8 @@
+# Auth Module: oauth2 Provider
+
+This module provides an oauth2 auth provider implementation for `@backstage/plugin-auth-backend`.
+
+## Links
+
+- [Repository](https://oauth2.com/backstage/backstage/tree/master/plugins/auth-backend-module-oauth2-provider)
+- [Backstage Project Homepage](https://backstage.io)

package/config.d.ts

@@ -0,0 +1,37 @@
+/*
+ * Copyright 2020 The Backstage Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+export interface Config {
+  auth?: {
+    providers?: {
+      /** @visibility frontend */
+      oauth2?: {
+        [authEnv: string]: {
+          clientId: string;
+          /**
+           * @visibility secret
+           */
+          clientSecret: string;
+          authorizationUrl: string;
+          tokenUrl: string;
+          scope?: string;
+          disableRefresh?: boolean;
+          includeBasicAuth?: boolean;
+        };
+      };
+    };
+  };
+}

package/dist/index.cjs.js

@@ -0,0 +1,104 @@
+'use strict';
+
+Object.defineProperty(exports, '__esModule', { value: true });
+
+var passportOauth2 = require('passport-oauth2');
+var pluginAuthNode = require('@backstage/plugin-auth-node');
+var backendPluginApi = require('@backstage/backend-plugin-api');
+
+const oauth2Authenticator = pluginAuthNode.createOAuthAuthenticator({
+  defaultProfileTransform: pluginAuthNode.PassportOAuthAuthenticatorHelper.defaultProfileTransform,
+  initialize({ callbackUrl, config }) {
+    const clientId = config.getString("clientId");
+    const clientSecret = config.getString("clientSecret");
+    const authorizationUrl = config.getString("authorizationUrl");
+    const tokenUrl = config.getString("tokenUrl");
+    const scope = config.getOptionalString("scope");
+    const includeBasicAuth = config.getOptionalBoolean("includeBasicAuth");
+    return pluginAuthNode.PassportOAuthAuthenticatorHelper.from(
+      new passportOauth2.Strategy(
+        {
+          clientID: clientId,
+          clientSecret,
+          callbackURL: callbackUrl,
+          authorizationURL: authorizationUrl,
+          tokenURL: tokenUrl,
+          passReqToCallback: false,
+          scope,
+          customHeaders: includeBasicAuth ? {
+            Authorization: `Basic ${encodeClientCredentials(
+              clientId,
+              clientSecret
+            )}`
+          } : void 0
+        },
+        (accessToken, refreshToken, params, fullProfile, done) => {
+          done(
+            void 0,
+            { fullProfile, params, accessToken },
+            { refreshToken }
+          );
+        }
+      )
+    );
+  },
+  async start(input, helper) {
+    return helper.start(input, {
+      accessType: "offline",
+      prompt: "consent"
+    });
+  },
+  async authenticate(input, helper) {
+    return helper.authenticate(input);
+  },
+  async refresh(input, helper) {
+    return helper.refresh(input);
+  }
+});
+function encodeClientCredentials(clientID, clientSecret) {
+  return Buffer.from(`${clientID}:${clientSecret}`).toString("base64");
+}
+
+exports.oauth2SignInResolvers = void 0;
+((oauth2SignInResolvers2) => {
+  oauth2SignInResolvers2.usernameMatchingUserEntityName = pluginAuthNode.createSignInResolverFactory({
+    create() {
+      return async (info, ctx) => {
+        const { result } = info;
+        const id = result.fullProfile.username;
+        if (!id) {
+          throw new Error(`Oauth2 user profile does not contain a username`);
+        }
+        return ctx.signInWithCatalogUser({ entityRef: { name: id } });
+      };
+    }
+  });
+})(exports.oauth2SignInResolvers || (exports.oauth2SignInResolvers = {}));
+
+const authModuleOauth2Provider = backendPluginApi.createBackendModule({
+  pluginId: "auth",
+  moduleId: "oauth2-provider",
+  register(reg) {
+    reg.registerInit({
+      deps: {
+        providers: pluginAuthNode.authProvidersExtensionPoint
+      },
+      async init({ providers }) {
+        providers.registerProvider({
+          providerId: "oauth2",
+          factory: pluginAuthNode.createOAuthProviderFactory({
+            authenticator: oauth2Authenticator,
+            signInResolverFactories: {
+              ...exports.oauth2SignInResolvers,
+              ...pluginAuthNode.commonSignInResolvers
+            }
+          })
+        });
+      }
+    });
+  }
+});
+
+exports["default"] = authModuleOauth2Provider;
+exports.oauth2Authenticator = oauth2Authenticator;
+//# sourceMappingURL=index.cjs.js.map

package/dist/index.cjs.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.cjs.js","sources":["../src/authenticator.ts","../src/resolvers.ts","../src/module.ts"],"sourcesContent":["/*\n * Copyright 2023 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n *     http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { Strategy as Oauth2Strategy } from 'passport-oauth2';\nimport {\n  createOAuthAuthenticator,\n  PassportOAuthAuthenticatorHelper,\n  PassportOAuthDoneCallback,\n  PassportProfile,\n} from '@backstage/plugin-auth-node';\n\n/** @public */\nexport const oauth2Authenticator = createOAuthAuthenticator({\n  defaultProfileTransform:\n    PassportOAuthAuthenticatorHelper.defaultProfileTransform,\n  initialize({ callbackUrl, config }) {\n    const clientId = config.getString('clientId');\n    const clientSecret = config.getString('clientSecret');\n    const authorizationUrl = config.getString('authorizationUrl');\n    const tokenUrl = config.getString('tokenUrl');\n    const scope = config.getOptionalString('scope');\n    const includeBasicAuth = config.getOptionalBoolean('includeBasicAuth');\n\n    return PassportOAuthAuthenticatorHelper.from(\n      new Oauth2Strategy(\n        {\n          clientID: clientId,\n          clientSecret: clientSecret,\n          callbackURL: callbackUrl,\n          authorizationURL: authorizationUrl,\n          tokenURL: tokenUrl,\n          passReqToCallback: false,\n          scope: scope,\n          customHeaders: includeBasicAuth\n            ? {\n                Authorization: `Basic ${encodeClientCredentials(\n                  clientId,\n                  clientSecret,\n                )}`,\n              }\n            : undefined,\n        },\n        (\n          accessToken: any,\n          refreshToken: any,\n          params: any,\n          fullProfile: PassportProfile,\n          done: PassportOAuthDoneCallback,\n        ) => {\n          done(\n            undefined,\n            { fullProfile, params, accessToken },\n            { refreshToken },\n          );\n        },\n      ),\n    );\n  },\n\n  async start(input, helper) {\n    return helper.start(input, {\n      accessType: 'offline',\n      prompt: 'consent',\n    });\n  },\n\n  async authenticate(input, helper) {\n    return helper.authenticate(input);\n  },\n\n  async refresh(input, helper) {\n    return helper.refresh(input);\n  },\n});\n\n/** @private */\nfunction encodeClientCredentials(\n  clientID: string,\n  clientSecret: string,\n): string {\n  return Buffer.from(`${clientID}:${clientSecret}`).toString('base64');\n}\n","/*\n * Copyright 2023 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n *     http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport {\n  createSignInResolverFactory,\n  OAuthAuthenticatorResult,\n  PassportProfile,\n  SignInInfo,\n} from '@backstage/plugin-auth-node';\n\n/**\n * Available sign-in resolvers for the oauth2 auth provider.\n *\n * @public\n */\nexport namespace oauth2SignInResolvers {\n  /**\n   * Looks up the user by matching their oauth2 username to the entity name.\n   */\n  export const usernameMatchingUserEntityName = createSignInResolverFactory({\n    create() {\n      return async (\n        info: SignInInfo<OAuthAuthenticatorResult<PassportProfile>>,\n        ctx,\n      ) => {\n        const { result } = info;\n\n        const id = result.fullProfile.username;\n        if (!id) {\n          throw new Error(`Oauth2 user profile does not contain a username`);\n        }\n\n        return ctx.signInWithCatalogUser({ entityRef: { name: id } });\n      };\n    },\n  });\n}\n","/*\n * Copyright 2023 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n *     http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\nimport { createBackendModule } from '@backstage/backend-plugin-api';\nimport {\n  authProvidersExtensionPoint,\n  commonSignInResolvers,\n  createOAuthProviderFactory,\n} from '@backstage/plugin-auth-node';\nimport { oauth2Authenticator } from './authenticator';\nimport { oauth2SignInResolvers } from './resolvers';\n\n/** @public */\nexport const authModuleOauth2Provider = createBackendModule({\n  pluginId: 'auth',\n  moduleId: 'oauth2-provider',\n  register(reg) {\n    reg.registerInit({\n      deps: {\n        providers: authProvidersExtensionPoint,\n      },\n      async init({ providers }) {\n        providers.registerProvider({\n          providerId: 'oauth2',\n          factory: createOAuthProviderFactory({\n            authenticator: oauth2Authenticator,\n            signInResolverFactories: {\n              ...oauth2SignInResolvers,\n              ...commonSignInResolvers,\n            },\n          }),\n        });\n      },\n    });\n  },\n});\n"],"names":["createOAuthAuthenticator","PassportOAuthAuthenticatorHelper","Oauth2Strategy","oauth2SignInResolvers","createSignInResolverFactory","createBackendModule","authProvidersExtensionPoint","createOAuthProviderFactory","commonSignInResolvers"],"mappings":";;;;;;;;AAyBO,MAAM,sBAAsBA,uCAAyB,CAAA;AAAA,EAC1D,yBACEC,+CAAiC,CAAA,uBAAA;AAAA,EACnC,UAAW,CAAA,EAAE,WAAa,EAAA,MAAA,EAAU,EAAA;AAClC,IAAM,MAAA,QAAA,GAAW,MAAO,CAAA,SAAA,CAAU,UAAU,CAAA,CAAA;AAC5C,IAAM,MAAA,YAAA,GAAe,MAAO,CAAA,SAAA,CAAU,cAAc,CAAA,CAAA;AACpD,IAAM,MAAA,gBAAA,GAAmB,MAAO,CAAA,SAAA,CAAU,kBAAkB,CAAA,CAAA;AAC5D,IAAM,MAAA,QAAA,GAAW,MAAO,CAAA,SAAA,CAAU,UAAU,CAAA,CAAA;AAC5C,IAAM,MAAA,KAAA,GAAQ,MAAO,CAAA,iBAAA,CAAkB,OAAO,CAAA,CAAA;AAC9C,IAAM,MAAA,gBAAA,GAAmB,MAAO,CAAA,kBAAA,CAAmB,kBAAkB,CAAA,CAAA;AAErE,IAAA,OAAOA,+CAAiC,CAAA,IAAA;AAAA,MACtC,IAAIC,uBAAA;AAAA,QACF;AAAA,UACE,QAAU,EAAA,QAAA;AAAA,UACV,YAAA;AAAA,UACA,WAAa,EAAA,WAAA;AAAA,UACb,gBAAkB,EAAA,gBAAA;AAAA,UAClB,QAAU,EAAA,QAAA;AAAA,UACV,iBAAmB,EAAA,KAAA;AAAA,UACnB,KAAA;AAAA,UACA,eAAe,gBACX,GAAA;AAAA,YACE,eAAe,CAAS,MAAA,EAAA,uBAAA;AAAA,cACtB,QAAA;AAAA,cACA,YAAA;AAAA,aACD,CAAA,CAAA;AAAA,WAEH,GAAA,KAAA,CAAA;AAAA,SACN;AAAA,QACA,CACE,WAAA,EACA,YACA,EAAA,MAAA,EACA,aACA,IACG,KAAA;AACH,UAAA,IAAA;AAAA,YACE,KAAA,CAAA;AAAA,YACA,EAAE,WAAa,EAAA,MAAA,EAAQ,WAAY,EAAA;AAAA,YACnC,EAAE,YAAa,EAAA;AAAA,WACjB,CAAA;AAAA,SACF;AAAA,OACF;AAAA,KACF,CAAA;AAAA,GACF;AAAA,EAEA,MAAM,KAAM,CAAA,KAAA,EAAO,MAAQ,EAAA;AACzB,IAAO,OAAA,MAAA,CAAO,MAAM,KAAO,EAAA;AAAA,MACzB,UAAY,EAAA,SAAA;AAAA,MACZ,MAAQ,EAAA,SAAA;AAAA,KACT,CAAA,CAAA;AAAA,GACH;AAAA,EAEA,MAAM,YAAa,CAAA,KAAA,EAAO,MAAQ,EAAA;AAChC,IAAO,OAAA,MAAA,CAAO,aAAa,KAAK,CAAA,CAAA;AAAA,GAClC;AAAA,EAEA,MAAM,OAAQ,CAAA,KAAA,EAAO,MAAQ,EAAA;AAC3B,IAAO,OAAA,MAAA,CAAO,QAAQ,KAAK,CAAA,CAAA;AAAA,GAC7B;AACF,CAAC,EAAA;AAGD,SAAS,uBAAA,CACP,UACA,YACQ,EAAA;AACR,EAAO,OAAA,MAAA,CAAO,KAAK,CAAG,EAAA,QAAQ,IAAI,YAAY,CAAA,CAAE,CAAE,CAAA,QAAA,CAAS,QAAQ,CAAA,CAAA;AACrE;;AClEiBC,uCAAA;AAAA,CAAV,CAAUA,sBAAV,KAAA;AAIE,EAAMA,sBAAAA,CAAA,iCAAiCC,0CAA4B,CAAA;AAAA,IACxE,MAAS,GAAA;AACP,MAAO,OAAA,OACL,MACA,GACG,KAAA;AACH,QAAM,MAAA,EAAE,QAAW,GAAA,IAAA,CAAA;AAEnB,QAAM,MAAA,EAAA,GAAK,OAAO,WAAY,CAAA,QAAA,CAAA;AAC9B,QAAA,IAAI,CAAC,EAAI,EAAA;AACP,UAAM,MAAA,IAAI,MAAM,CAAiD,+CAAA,CAAA,CAAA,CAAA;AAAA,SACnE;AAEA,QAAO,OAAA,GAAA,CAAI,sBAAsB,EAAE,SAAA,EAAW,EAAE,IAAM,EAAA,EAAA,IAAM,CAAA,CAAA;AAAA,OAC9D,CAAA;AAAA,KACF;AAAA,GACD,CAAA,CAAA;AAAA,CApBc,EAAAD,6BAAA,KAAAA,6BAAA,GAAA,EAAA,CAAA,CAAA;;ACHV,MAAM,2BAA2BE,oCAAoB,CAAA;AAAA,EAC1D,QAAU,EAAA,MAAA;AAAA,EACV,QAAU,EAAA,iBAAA;AAAA,EACV,SAAS,GAAK,EAAA;AACZ,IAAA,GAAA,CAAI,YAAa,CAAA;AAAA,MACf,IAAM,EAAA;AAAA,QACJ,SAAW,EAAAC,0CAAA;AAAA,OACb;AAAA,MACA,MAAM,IAAA,CAAK,EAAE,SAAA,EAAa,EAAA;AACxB,QAAA,SAAA,CAAU,gBAAiB,CAAA;AAAA,UACzB,UAAY,EAAA,QAAA;AAAA,UACZ,SAASC,yCAA2B,CAAA;AAAA,YAClC,aAAe,EAAA,mBAAA;AAAA,YACf,uBAAyB,EAAA;AAAA,cACvB,GAAGJ,6BAAA;AAAA,cACH,GAAGK,oCAAA;AAAA,aACL;AAAA,WACD,CAAA;AAAA,SACF,CAAA,CAAA;AAAA,OACH;AAAA,KACD,CAAA,CAAA;AAAA,GACH;AACF,CAAC;;;;;"}

package/dist/index.d.ts

@@ -0,0 +1,23 @@
+import * as _backstage_plugin_auth_node from '@backstage/plugin-auth-node';
+import { PassportOAuthAuthenticatorHelper, PassportProfile, OAuthAuthenticatorResult } from '@backstage/plugin-auth-node';
+import * as _backstage_backend_plugin_api from '@backstage/backend-plugin-api';
+
+/** @public */
+declare const oauth2Authenticator: _backstage_plugin_auth_node.OAuthAuthenticator<PassportOAuthAuthenticatorHelper, PassportProfile>;
+
+/** @public */
+declare const authModuleOauth2Provider: () => _backstage_backend_plugin_api.BackendFeature;
+
+/**
+ * Available sign-in resolvers for the oauth2 auth provider.
+ *
+ * @public
+ */
+declare namespace oauth2SignInResolvers {
+    /**
+     * Looks up the user by matching their oauth2 username to the entity name.
+     */
+    const usernameMatchingUserEntityName: _backstage_plugin_auth_node.SignInResolverFactory<OAuthAuthenticatorResult<PassportProfile>, unknown>;
+}
+
+export { authModuleOauth2Provider as default, oauth2Authenticator, oauth2SignInResolvers };

package/package.json

@@ -0,0 +1,45 @@
+{
+  "name": "@backstage/plugin-auth-backend-module-oauth2-provider",
+  "description": "The oauth2-provider backend module for the auth plugin.",
+  "version": "0.0.0-nightly-20230913021415",
+  "main": "dist/index.cjs.js",
+  "types": "dist/index.d.ts",
+  "license": "Apache-2.0",
+  "publishConfig": {
+    "access": "public",
+    "main": "dist/index.cjs.js",
+    "types": "dist/index.d.ts"
+  },
+  "backstage": {
+    "role": "backend-plugin-module"
+  },
+  "scripts": {
+    "start": "backstage-cli package start",
+    "build": "backstage-cli package build",
+    "lint": "backstage-cli package lint",
+    "test": "backstage-cli package test",
+    "clean": "backstage-cli package clean",
+    "prepack": "backstage-cli package prepack",
+    "postpack": "backstage-cli package postpack"
+  },
+  "dependencies": {
+    "@backstage/backend-common": "^0.0.0-nightly-20230913021415",
+    "@backstage/backend-plugin-api": "^0.0.0-nightly-20230913021415",
+    "@backstage/plugin-auth-node": "^0.0.0-nightly-20230913021415",
+    "express": "^4.18.2",
+    "passport": "^0.6.0",
+    "passport-oauth2": "^1.6.1"
+  },
+  "devDependencies": {
+    "@backstage/backend-defaults": "^0.0.0-nightly-20230913021415",
+    "@backstage/backend-test-utils": "^0.0.0-nightly-20230913021415",
+    "@backstage/cli": "^0.0.0-nightly-20230913021415",
+    "@backstage/plugin-auth-backend": "^0.0.0-nightly-20230913021415",
+    "supertest": "^6.3.3"
+  },
+  "configSchema": "config.d.ts",
+  "files": [
+    "dist",
+    "config.d.ts"
+  ]
+}