@backstage/plugin-auth-backend 0.10.0-next.0 → 0.10.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +66 -0
- package/dist/index.cjs.js +369 -444
- package/dist/index.cjs.js.map +1 -1
- package/dist/index.d.ts +6 -120
- package/package.json +6 -5
package/dist/index.d.ts
CHANGED
|
@@ -4,9 +4,9 @@ import { Logger } from 'winston';
|
|
|
4
4
|
import { Config } from '@backstage/config';
|
|
5
5
|
import { TokenManager, PluginEndpointDiscovery, PluginDatabaseManager } from '@backstage/backend-common';
|
|
6
6
|
import { CatalogApi } from '@backstage/catalog-client';
|
|
7
|
-
import {
|
|
7
|
+
import { BackstageSignInResult, BackstageIdentityResponse } from '@backstage/plugin-auth-node';
|
|
8
8
|
import { Profile } from 'passport';
|
|
9
|
-
import {
|
|
9
|
+
import { UserEntity } from '@backstage/catalog-model';
|
|
10
10
|
import { TokenSet, UserinfoResponse } from 'openid-client';
|
|
11
11
|
import { JsonValue } from '@backstage/types';
|
|
12
12
|
|
|
@@ -178,49 +178,6 @@ declare class CatalogIdentityClient {
|
|
|
178
178
|
resolveCatalogMembership(query: MemberClaimQuery): Promise<string[]>;
|
|
179
179
|
}
|
|
180
180
|
|
|
181
|
-
/**
|
|
182
|
-
* A identity client to interact with auth-backend
|
|
183
|
-
* and authenticate backstage identity tokens
|
|
184
|
-
*
|
|
185
|
-
* @experimental This is not a stable API yet
|
|
186
|
-
*/
|
|
187
|
-
declare class IdentityClient {
|
|
188
|
-
private readonly discovery;
|
|
189
|
-
private readonly issuer;
|
|
190
|
-
private keyStore;
|
|
191
|
-
private keyStoreUpdated;
|
|
192
|
-
constructor(options: {
|
|
193
|
-
discovery: PluginEndpointDiscovery;
|
|
194
|
-
issuer: string;
|
|
195
|
-
});
|
|
196
|
-
/**
|
|
197
|
-
* Verifies the given backstage identity token
|
|
198
|
-
* Returns a BackstageIdentity (user) matching the token.
|
|
199
|
-
* The method throws an error if verification fails.
|
|
200
|
-
*/
|
|
201
|
-
authenticate(token: string | undefined): Promise<BackstageIdentityResponse>;
|
|
202
|
-
/**
|
|
203
|
-
* Parses the given authorization header and returns
|
|
204
|
-
* the bearer token, or null if no bearer token is given
|
|
205
|
-
*/
|
|
206
|
-
static getBearerToken(authorizationHeader: string | undefined): string | undefined;
|
|
207
|
-
/**
|
|
208
|
-
* Returns the public signing key matching the given jwt token,
|
|
209
|
-
* or null if no matching key was found
|
|
210
|
-
*/
|
|
211
|
-
private getKey;
|
|
212
|
-
/**
|
|
213
|
-
* Lists public part of keys used to sign Backstage Identity tokens
|
|
214
|
-
*/
|
|
215
|
-
listPublicKeys(): Promise<{
|
|
216
|
-
keys: JSONWebKey[];
|
|
217
|
-
}>;
|
|
218
|
-
/**
|
|
219
|
-
* Fetches public keys and caches them locally
|
|
220
|
-
*/
|
|
221
|
-
private refreshKeyStore;
|
|
222
|
-
}
|
|
223
|
-
|
|
224
181
|
declare function getEntityClaims(entity: UserEntity): TokenParams['claims'];
|
|
225
182
|
|
|
226
183
|
/**
|
|
@@ -345,77 +302,6 @@ declare type AuthResponse<ProviderInfo> = {
|
|
|
345
302
|
profile: ProfileInfo;
|
|
346
303
|
backstageIdentity?: BackstageIdentityResponse;
|
|
347
304
|
};
|
|
348
|
-
/**
|
|
349
|
-
* User identity information within Backstage.
|
|
350
|
-
*
|
|
351
|
-
* @public
|
|
352
|
-
*/
|
|
353
|
-
declare type BackstageUserIdentity = {
|
|
354
|
-
/**
|
|
355
|
-
* The type of identity that this structure represents. In the frontend app
|
|
356
|
-
* this will currently always be 'user'.
|
|
357
|
-
*/
|
|
358
|
-
type: 'user';
|
|
359
|
-
/**
|
|
360
|
-
* The entityRef of the user in the catalog.
|
|
361
|
-
* For example User:default/sandra
|
|
362
|
-
*/
|
|
363
|
-
userEntityRef: string;
|
|
364
|
-
/**
|
|
365
|
-
* The user and group entities that the user claims ownership through
|
|
366
|
-
*/
|
|
367
|
-
ownershipEntityRefs: string[];
|
|
368
|
-
};
|
|
369
|
-
/**
|
|
370
|
-
* A representation of a successful Backstage sign-in.
|
|
371
|
-
*
|
|
372
|
-
* Compared to the {@link BackstageIdentityResponse} this type omits
|
|
373
|
-
* the decoded identity information embedded in the token.
|
|
374
|
-
*
|
|
375
|
-
* @public
|
|
376
|
-
*/
|
|
377
|
-
interface BackstageSignInResult {
|
|
378
|
-
/**
|
|
379
|
-
* An opaque ID that uniquely identifies the user within Backstage.
|
|
380
|
-
*
|
|
381
|
-
* This is typically the same as the user entity `metadata.name`.
|
|
382
|
-
*
|
|
383
|
-
* @deprecated Use the `identity` field instead
|
|
384
|
-
*/
|
|
385
|
-
id: string;
|
|
386
|
-
/**
|
|
387
|
-
* The entity that the user is represented by within Backstage.
|
|
388
|
-
*
|
|
389
|
-
* This entity may or may not exist within the Catalog, and it can be used
|
|
390
|
-
* to read and store additional metadata about the user.
|
|
391
|
-
*
|
|
392
|
-
* @deprecated Use the `identity` field instead.
|
|
393
|
-
*/
|
|
394
|
-
entity?: Entity;
|
|
395
|
-
/**
|
|
396
|
-
* The token used to authenticate the user within Backstage.
|
|
397
|
-
*/
|
|
398
|
-
token: string;
|
|
399
|
-
}
|
|
400
|
-
/**
|
|
401
|
-
* The old exported symbol for {@link BackstageSignInResult}.
|
|
402
|
-
*
|
|
403
|
-
* @public
|
|
404
|
-
* @deprecated Use the {@link BackstageSignInResult} instead.
|
|
405
|
-
*/
|
|
406
|
-
declare type BackstageIdentity = BackstageSignInResult;
|
|
407
|
-
/**
|
|
408
|
-
* Response object containing the {@link BackstageUserIdentity} and the token
|
|
409
|
-
* from the authentication provider.
|
|
410
|
-
*
|
|
411
|
-
* @public
|
|
412
|
-
*/
|
|
413
|
-
interface BackstageIdentityResponse extends BackstageSignInResult {
|
|
414
|
-
/**
|
|
415
|
-
* A plaintext description of the identity that is encapsulated within the token.
|
|
416
|
-
*/
|
|
417
|
-
identity: BackstageUserIdentity;
|
|
418
|
-
}
|
|
419
305
|
/**
|
|
420
306
|
* Used to display login information to user, i.e. sidebar popup.
|
|
421
307
|
*
|
|
@@ -459,7 +345,7 @@ declare type SignInInfo<TAuthResult> = {
|
|
|
459
345
|
};
|
|
460
346
|
/**
|
|
461
347
|
* Describes the function which handles the result of a successful
|
|
462
|
-
* authentication. Must return a valid {@link BackstageSignInResult}.
|
|
348
|
+
* authentication. Must return a valid {@link @backstage/plugin-auth-node#BackstageSignInResult}.
|
|
463
349
|
*
|
|
464
350
|
* @public
|
|
465
351
|
*/
|
|
@@ -837,7 +723,7 @@ declare type OidcAuthResult = {
|
|
|
837
723
|
* can be passed while creating a OIDC provider.
|
|
838
724
|
*
|
|
839
725
|
* authHandler : called after sign in was successful, a new object must be returned which includes a profile
|
|
840
|
-
* signInResolver: called after sign in was successful, expects to return a new {@link BackstageSignInResult}
|
|
726
|
+
* signInResolver: called after sign in was successful, expects to return a new {@link @backstage/plugin-auth-node#BackstageSignInResult}
|
|
841
727
|
*
|
|
842
728
|
* Both options are optional. There is fallback for authHandler where the default handler expect an e-mail explicitly
|
|
843
729
|
* otherwise it throws an error
|
|
@@ -983,7 +869,7 @@ declare const factories: {
|
|
|
983
869
|
|
|
984
870
|
/**
|
|
985
871
|
* Parses a Backstage-issued token and decorates the
|
|
986
|
-
* {@link BackstageIdentityResponse} with identity information sourced from the
|
|
872
|
+
* {@link @backstage/plugin-auth-node#BackstageIdentityResponse} with identity information sourced from the
|
|
987
873
|
* token.
|
|
988
874
|
*
|
|
989
875
|
* @public
|
|
@@ -1019,4 +905,4 @@ declare type WebMessageResponse = {
|
|
|
1019
905
|
declare const postMessageResponse: (res: express.Response, appOrigin: string, response: WebMessageResponse) => void;
|
|
1020
906
|
declare const ensuresXRequestedWith: (req: express.Request) => boolean;
|
|
1021
907
|
|
|
1022
|
-
export { AtlassianAuthProvider, AtlassianProviderOptions, Auth0ProviderOptions, AuthHandler, AuthHandlerResult, AuthProviderFactory, AuthProviderFactoryOptions, AuthProviderRouteHandlers, AuthResolverContext, AuthResponse, AwsAlbProviderOptions,
|
|
908
|
+
export { AtlassianAuthProvider, AtlassianProviderOptions, Auth0ProviderOptions, AuthHandler, AuthHandlerResult, AuthProviderFactory, AuthProviderFactoryOptions, AuthProviderRouteHandlers, AuthResolverContext, AuthResponse, AwsAlbProviderOptions, BitbucketOAuthResult, BitbucketPassportProfile, BitbucketProviderOptions, CatalogIdentityClient, CookieConfigurer, GcpIapProviderOptions, GcpIapResult, GcpIapTokenInfo, GithubOAuthResult, GithubProviderOptions, GitlabProviderOptions, GoogleProviderOptions, MicrosoftProviderOptions, OAuth2ProviderOptions, OAuth2ProxyResult, OAuthAdapter, OAuthEnvironmentHandler, OAuthHandlers, OAuthProviderInfo, OAuthProviderOptions, OAuthRefreshRequest, OAuthResponse, OAuthResult, OAuthStartRequest, OAuthState, Oauth2ProxyProviderOptions, OidcAuthResult, OidcProviderOptions, OktaProviderOptions, OneLoginProviderOptions, ProfileInfo, RouterOptions, SamlAuthResult, SamlProviderOptions, SignInInfo, SignInResolver, TokenIssuer, WebMessageResponse, bitbucketUserIdSignInResolver, bitbucketUsernameSignInResolver, createAtlassianProvider, createAuth0Provider, createAwsAlbProvider, createBitbucketProvider, createGcpIapProvider, createGithubProvider, createGitlabProvider, createGoogleProvider, createMicrosoftProvider, createOAuth2Provider, createOauth2ProxyProvider, createOidcProvider, createOktaProvider, createOneLoginProvider, createOriginFilter, createRouter, createSamlProvider, factories as defaultAuthProviderFactories, encodeState, ensuresXRequestedWith, getEntityClaims, googleEmailSignInResolver, microsoftEmailSignInResolver, oktaEmailSignInResolver, postMessageResponse, prepareBackstageIdentityResponse, readState, verifyNonce };
|
package/package.json
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@backstage/plugin-auth-backend",
|
|
3
3
|
"description": "A Backstage backend plugin that handles authentication",
|
|
4
|
-
"version": "0.10.0
|
|
4
|
+
"version": "0.10.0",
|
|
5
5
|
"main": "dist/index.cjs.js",
|
|
6
6
|
"types": "dist/index.d.ts",
|
|
7
7
|
"license": "Apache-2.0",
|
|
@@ -30,11 +30,12 @@
|
|
|
30
30
|
"clean": "backstage-cli clean"
|
|
31
31
|
},
|
|
32
32
|
"dependencies": {
|
|
33
|
-
"@backstage/backend-common": "^0.10.7
|
|
34
|
-
"@backstage/catalog-client": "^0.
|
|
33
|
+
"@backstage/backend-common": "^0.10.7",
|
|
34
|
+
"@backstage/catalog-client": "^0.6.0",
|
|
35
35
|
"@backstage/catalog-model": "^0.9.10",
|
|
36
36
|
"@backstage/config": "^0.1.13",
|
|
37
37
|
"@backstage/errors": "^0.2.0",
|
|
38
|
+
"@backstage/plugin-auth-node": "^0.1.0",
|
|
38
39
|
"@backstage/types": "^0.1.1",
|
|
39
40
|
"@google-cloud/firestore": "^5.0.2",
|
|
40
41
|
"@types/express": "^4.17.6",
|
|
@@ -73,7 +74,7 @@
|
|
|
73
74
|
"yn": "^4.0.0"
|
|
74
75
|
},
|
|
75
76
|
"devDependencies": {
|
|
76
|
-
"@backstage/cli": "^0.13.2
|
|
77
|
+
"@backstage/cli": "^0.13.2",
|
|
77
78
|
"@backstage/test-utils": "^0.2.4",
|
|
78
79
|
"@types/body-parser": "^1.19.0",
|
|
79
80
|
"@types/cookie-parser": "^1.4.2",
|
|
@@ -94,5 +95,5 @@
|
|
|
94
95
|
"config.d.ts"
|
|
95
96
|
],
|
|
96
97
|
"configSchema": "config.d.ts",
|
|
97
|
-
"gitHead": "
|
|
98
|
+
"gitHead": "4f4bc77a4152d372b10a4e8d97d92f00e23f3b56"
|
|
98
99
|
}
|