npm - @backstage/plugin-auth-backend - Versions diffs - 0.11.0 → 0.12.0 - Mend

@backstage/plugin-auth-backend 0.11.0 → 0.12.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/CHANGELOG.md CHANGED Viewed

@@ -1,5 +1,21 @@
 # @backstage/plugin-auth-backend
+## 0.12.0
+### Minor Changes
+- 0c8ba31d72: **BREAKING**: The `TokenFactory.issueToken` used by custom sign-in resolvers now ensures that the sub claim given is a full entity reference of the format `<kind>:<namespace>/<name>`. Any existing custom sign-in resolver functions that do not supply a full entity reference must be updated.
+### Patch Changes
+- 899f196af5: Use `getEntityByRef` instead of `getEntityByName` in the catalog client
+- 36aa63022b: Use `CompoundEntityRef` instead of `EntityName`, and `getCompoundEntityRef` instead of `getEntityName`, from `@backstage/catalog-model`.
+- Updated dependencies
+  - @backstage/catalog-model@0.12.0
+  - @backstage/catalog-client@0.8.0
+  - @backstage/backend-common@0.12.0
+  - @backstage/plugin-auth-node@0.1.4
 ## 0.11.0
 ### Minor Changes

package/dist/index.cjs.js CHANGED Viewed

@@ -2786,6 +2786,11 @@ class TokenFactory {
     const aud = "backstage";
     const iat = Math.floor(Date.now() / MS_IN_S);
     const exp = iat + this.keyDurationSeconds;
+    try {
+      catalogModel.parseEntityRef(sub);
+    } catch (error) {
+      throw new Error('"sub" claim provided by the auth resolver is not a valid EntityRef.');
+    }
     this.logger.info(`Issuing token for ${sub}, with entities ${ent != null ? ent : []}`);
     return jose.JWS.sign({ iss, sub, aud, iat, exp, ent }, key, {
       alg: key.alg,