@backstage/plugin-auth-backend 0.0.0-nightly-20220412023410 → 0.0.0-nightly-20220415024634

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. package/CHANGELOG.md +254 -5
  2. package/dist/index.cjs.js +793 -1120
  3. package/dist/index.cjs.js.map +1 -1
  4. package/dist/index.d.ts +632 -63
  5. package/package.json +7 -7
package/CHANGELOG.md CHANGED
@@ -1,24 +1,273 @@
1
1
  # @backstage/plugin-auth-backend
2
2
 
3
- ## 0.0.0-nightly-20220412023410
3
+ ## 0.0.0-nightly-20220415024634
4
4
 
5
5
  ### Minor Changes
6
6
 
7
7
  - 15d3a3c39a: **BREAKING**: All sign-in resolvers must now return a `token` in their sign-in result. Returning an `id` is no longer supported.
8
+ - c5aeaf339d: **BREAKING**: All auth providers have had their default sign-in resolvers removed. This means that if you want to use a particular provider for sign-in, you must provide an explicit sign-in resolver. For more information on how to configure sign-in resolvers, see the [sign-in resolver documentation](https://backstage.io/docs/auth/identity-resolver).
8
9
 
9
10
  ### Patch Changes
10
11
 
12
+ - c5aeaf339d: **DEPRECATION**: The `AuthProviderFactoryOptions` type has been deprecated, as the options are now instead inlined in the `AuthProviderFactory` type. This will make it possible to more easily introduce new options in the future without a possibly breaking change.
11
13
  - 794f7542b6: Updated openid-client from 4.1.2 to 5.1.3
14
+ - c5aeaf339d: **DEPRECATION**: The `getEntityClaims` helper has been deprecated, with `getDefaultOwnershipEntityRefs` being added to replace it.
12
15
  - de231e5b06: Declare oauth2 `clientSecret` with visibility secret
16
+ - c5aeaf339d: **DEPRECATION**: All `create<Provider>Provider` and `<provider>*SignInResolver` have been deprecated. Instead, a single `providers` object is exported which contains all built-in auth providers.
17
+
18
+ If you have a setup that currently looks for example like this:
19
+
20
+ ```ts
21
+ import {
22
+ createRouter,
23
+ defaultAuthProviderFactories,
24
+ createGoogleProvider,
25
+ googleEmailSignInResolver,
26
+ } from '@backstage/plugin-auth-backend';
27
+ import { Router } from 'express';
28
+ import { PluginEnvironment } from '../types';
29
+
30
+ export default async function createPlugin(
31
+ env: PluginEnvironment,
32
+ ): Promise<Router> {
33
+ return await createRouter({
34
+ ...env,
35
+ providerFactories: {
36
+ ...defaultAuthProviderFactories,
37
+ google: createGoogleProvider({
38
+ signIn: {
39
+ resolver: googleEmailSignInResolver,
40
+ },
41
+ }),
42
+ },
43
+ });
44
+ }
45
+ ```
46
+
47
+ You would migrate it to something like this:
48
+
49
+ ```ts
50
+ import {
51
+ createRouter,
52
+ providers,
53
+ defaultAuthProviderFactories,
54
+ } from '@backstage/plugin-auth-backend';
55
+ import { Router } from 'express';
56
+ import { PluginEnvironment } from '../types';
57
+
58
+ export default async function createPlugin(
59
+ env: PluginEnvironment,
60
+ ): Promise<Router> {
61
+ return await createRouter({
62
+ ...env,
63
+ providerFactories: {
64
+ ...defaultAuthProviderFactories,
65
+ google: providers.google.create({
66
+ signIn: {
67
+ resolver: providers.google.resolvers.emailMatchingUserEntityAnnotation(),
68
+ },
69
+ }),
70
+ },
71
+ });
72
+ }
73
+ ```
74
+
13
75
  - 2cc1d1b235: Applied the fix from version 0.12.3 of this package, which is part of the v1.0.1 release of Backstage.
76
+ - c5aeaf339d: **DEPRECATION** The `AuthResolverContext` has received a number of changes, which is the context used by auth handlers and sign-in resolvers.
77
+
78
+ The following fields deprecated: `logger`, `tokenIssuer`, `catalogIdentityClient`. If you need to access the `logger`, you can do so through a closure instead. The `tokenIssuer` has been replaced with an `issueToken` method, which is available directory on the context. The `catalogIdentityClient` has been replaced by the `signInWithCatalogUser` method, as well as the lower level `findCatalogUser` method and `getDefaultOwnershipEntityRefs` helper.
79
+
80
+ It should be possible to migrate most sign-in resolvers to more or less only use `signInWithCatalogUser`, for example an email lookup resolver like this one:
81
+
82
+ ```ts
83
+ async ({ profile }, ctx) => {
84
+ if (!profile.email) {
85
+ throw new Error('Profile contained no email');
86
+ }
87
+
88
+ const entity = await ctx.catalogIdentityClient.findUser({
89
+ annotations: {
90
+ 'acme.org/email': profile.email,
91
+ },
92
+ });
93
+
94
+ const claims = getEntityClaims(entity);
95
+ const token = await ctx.tokenIssuer.issueToken({ claims });
96
+
97
+ return { id: entity.metadata.name, entity, token };
98
+ };
99
+ ```
100
+
101
+ can be migrated to the following:
102
+
103
+ ```ts
104
+ async ({ profile }, ctx) => {
105
+ if (!profile.email) {
106
+ throw new Error('Profile contained no email');
107
+ }
108
+
109
+ return ctx.signInWithCatalogUser({
110
+ annotations: {
111
+ 'acme.org/email': profile.email,
112
+ },
113
+ });
114
+ };
115
+ ```
116
+
117
+ While a direct entity name lookup using a user ID might look like this:
118
+
119
+ ```ts
120
+ async ({ result: { fullProfile } }, ctx) => {
121
+ return ctx.signInWithCatalogUser({
122
+ entityRef: {
123
+ name: fullProfile.userId,
124
+ },
125
+ });
126
+ };
127
+ ```
128
+
129
+ If you want more control over the way that users are looked up, ownership is assigned, or tokens are issued, you can use a combination of the `findCatalogUser`, `getDefaultOwnershipEntityRefs`, and `issueToken` instead.
130
+
14
131
  - f4cdf4cac1: Defensively encode URL parameters when fetching ELB keys
15
132
  - 6ee04078e1: **DEPRECATION**: The `tokenIssuer` option for `OAuthAdapter` is no longer needed and has been deprecated.
16
133
  - a45bce06e3: Handle trailing slashes on GitHub `enterpriseInstanceUrl` settings
134
+ - c5aeaf339d: Added exports of the following types: `AuthProviderConfig`, `StateEncoder`, `TokenParams`, `AwsAlbResult`.
135
+ - Updated dependencies
136
+ - @backstage/catalog-model@0.0.0-nightly-20220415024634
137
+ - @backstage/plugin-auth-node@0.0.0-nightly-20220415024634
138
+ - @backstage/backend-common@0.0.0-nightly-20220415024634
139
+ - @backstage/catalog-client@0.0.0-nightly-20220415024634
140
+
141
+ ## 0.13.0-next.2
142
+
143
+ ### Minor Changes
144
+
145
+ - c5aeaf339d: **BREAKING**: All auth providers have had their default sign-in resolvers removed. This means that if you want to use a particular provider for sign-in, you must provide an explicit sign-in resolver. For more information on how to configure sign-in resolvers, see the [sign-in resolver documentation](https://backstage.io/docs/auth/identity-resolver).
146
+
147
+ ### Patch Changes
148
+
149
+ - c5aeaf339d: **DEPRECATION**: The `AuthProviderFactoryOptions` type has been deprecated, as the options are now instead inlined in the `AuthProviderFactory` type. This will make it possible to more easily introduce new options in the future without a possibly breaking change.
150
+ - 794f7542b6: Updated openid-client from 4.1.2 to 5.1.3
151
+ - c5aeaf339d: **DEPRECATION**: The `getEntityClaims` helper has been deprecated, with `getDefaultOwnershipEntityRefs` being added to replace it.
152
+ - de231e5b06: Declare oauth2 `clientSecret` with visibility secret
153
+ - c5aeaf339d: **DEPRECATION**: All `create<Provider>Provider` and `<provider>*SignInResolver` have been deprecated. Instead, a single `providers` object is exported which contains all built-in auth providers.
154
+
155
+ If you have a setup that currently looks for example like this:
156
+
157
+ ```ts
158
+ import {
159
+ createRouter,
160
+ defaultAuthProviderFactories,
161
+ createGoogleProvider,
162
+ googleEmailSignInResolver,
163
+ } from '@backstage/plugin-auth-backend';
164
+ import { Router } from 'express';
165
+ import { PluginEnvironment } from '../types';
166
+
167
+ export default async function createPlugin(
168
+ env: PluginEnvironment,
169
+ ): Promise<Router> {
170
+ return await createRouter({
171
+ ...env,
172
+ providerFactories: {
173
+ ...defaultAuthProviderFactories,
174
+ google: createGoogleProvider({
175
+ signIn: {
176
+ resolver: googleEmailSignInResolver,
177
+ },
178
+ }),
179
+ },
180
+ });
181
+ }
182
+ ```
183
+
184
+ You would migrate it to something like this:
185
+
186
+ ```ts
187
+ import {
188
+ createRouter,
189
+ providers,
190
+ defaultAuthProviderFactories,
191
+ } from '@backstage/plugin-auth-backend';
192
+ import { Router } from 'express';
193
+ import { PluginEnvironment } from '../types';
194
+
195
+ export default async function createPlugin(
196
+ env: PluginEnvironment,
197
+ ): Promise<Router> {
198
+ return await createRouter({
199
+ ...env,
200
+ providerFactories: {
201
+ ...defaultAuthProviderFactories,
202
+ google: providers.google.create({
203
+ signIn: {
204
+ resolver: providers.google.resolvers.emailMatchingUserEntityAnnotation(),
205
+ },
206
+ }),
207
+ },
208
+ });
209
+ }
210
+ ```
211
+
212
+ - c5aeaf339d: **DEPRECATION** The `AuthResolverContext` has received a number of changes, which is the context used by auth handlers and sign-in resolvers.
213
+
214
+ The following fields deprecated: `logger`, `tokenIssuer`, `catalogIdentityClient`. If you need to access the `logger`, you can do so through a closure instead. The `tokenIssuer` has been replaced with an `issueToken` method, which is available directory on the context. The `catalogIdentityClient` has been replaced by the `signInWithCatalogUser` method, as well as the lower level `findCatalogUser` method and `getDefaultOwnershipEntityRefs` helper.
215
+
216
+ It should be possible to migrate most sign-in resolvers to more or less only use `signInWithCatalogUser`, for example an email lookup resolver like this one:
217
+
218
+ ```ts
219
+ async ({ profile }, ctx) => {
220
+ if (!profile.email) {
221
+ throw new Error('Profile contained no email');
222
+ }
223
+
224
+ const entity = await ctx.catalogIdentityClient.findUser({
225
+ annotations: {
226
+ 'acme.org/email': profile.email,
227
+ },
228
+ });
229
+
230
+ const claims = getEntityClaims(entity);
231
+ const token = await ctx.tokenIssuer.issueToken({ claims });
232
+
233
+ return { id: entity.metadata.name, entity, token };
234
+ };
235
+ ```
236
+
237
+ can be migrated to the following:
238
+
239
+ ```ts
240
+ async ({ profile }, ctx) => {
241
+ if (!profile.email) {
242
+ throw new Error('Profile contained no email');
243
+ }
244
+
245
+ return ctx.signInWithCatalogUser({
246
+ annotations: {
247
+ 'acme.org/email': profile.email,
248
+ },
249
+ });
250
+ };
251
+ ```
252
+
253
+ While a direct entity name lookup using a user ID might look like this:
254
+
255
+ ```ts
256
+ async ({ result: { fullProfile } }, ctx) => {
257
+ return ctx.signInWithCatalogUser({
258
+ entityRef: {
259
+ name: fullProfile.userId,
260
+ },
261
+ });
262
+ };
263
+ ```
264
+
265
+ If you want more control over the way that users are looked up, ownership is assigned, or tokens are issued, you can use a combination of the `findCatalogUser`, `getDefaultOwnershipEntityRefs`, and `issueToken` instead.
266
+
267
+ - f4cdf4cac1: Defensively encode URL parameters when fetching ELB keys
268
+ - c5aeaf339d: Added exports of the following types: `AuthProviderConfig`, `StateEncoder`, `TokenParams`, `AwsAlbResult`.
17
269
  - Updated dependencies
18
- - @backstage/catalog-model@0.0.0-nightly-20220412023410
19
- - @backstage/plugin-auth-node@0.0.0-nightly-20220412023410
20
- - @backstage/backend-common@0.0.0-nightly-20220412023410
21
- - @backstage/catalog-client@0.0.0-nightly-20220412023410
270
+ - @backstage/backend-common@0.13.2-next.2
22
271
 
23
272
  ## 0.13.0-next.1
24
273