@backstage/plugin-auth-backend 0.13.0-next.2 → 0.13.1-next.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. package/CHANGELOG.md +177 -0
  2. package/dist/index.cjs.js +59 -36
  3. package/dist/index.cjs.js.map +1 -1
  4. package/dist/index.d.ts +38 -5
  5. package/package.json +11 -11
package/dist/index.d.ts CHANGED
@@ -7,6 +7,7 @@ import { Config } from '@backstage/config';
7
7
  import { BackstageSignInResult, BackstageIdentityResponse } from '@backstage/plugin-auth-node';
8
8
  import { Profile } from 'passport';
9
9
  import { UserEntity, Entity } from '@backstage/catalog-model';
10
+ import { IncomingHttpHeaders } from 'http';
10
11
  import { TokenSet, UserinfoResponse } from 'openid-client';
11
12
  import { JsonValue } from '@backstage/types';
12
13
 
@@ -973,15 +974,38 @@ declare const createOAuth2Provider: (options?: {
973
974
  *
974
975
  * @public
975
976
  */
976
- declare type OAuth2ProxyResult<JWTPayload> = {
977
+ declare type OAuth2ProxyResult<JWTPayload = {}> = {
977
978
  /**
978
- * Parsed and decoded JWT payload.
979
+ * The parsed payload of the `accessToken`. The token is only parsed, not verified.
980
+ *
981
+ * @deprecated Access through the `headers` instead. This will be removed in a future release.
979
982
  */
980
983
  fullProfile: JWTPayload;
981
984
  /**
982
- * Raw JWT token
985
+ * The token received via the X-OAUTH2-PROXY-ID-TOKEN header. Will be an empty string
986
+ * if the header is not set. Note the this is typically an OpenID Connect token.
987
+ *
988
+ * @deprecated Access through the `headers` instead. This will be removed in a future release.
983
989
  */
984
990
  accessToken: string;
991
+ /**
992
+ * The headers of the incoming request from the OAuth2 proxy. This will include
993
+ * both the headers set by the client as well as the ones added by the OAuth2 proxy.
994
+ * You should only trust the headers that are injected by the OAuth2 proxy.
995
+ *
996
+ * Useful headers to use to complete the sign-in are for example `x-forwarded-user`
997
+ * and `x-forwarded-email`. See the OAuth2 proxy documentation for more information
998
+ * about the available headers and how to enable them. In particular it is possible
999
+ * to forward access and identity tokens, which can be user for additional verification
1000
+ * and lookups.
1001
+ */
1002
+ headers: IncomingHttpHeaders;
1003
+ /**
1004
+ * Provides convenient access to the request headers.
1005
+ *
1006
+ * This call is simply forwarded to `req.get(name)`.
1007
+ */
1008
+ getHeader(name: string): string | undefined;
985
1009
  };
986
1010
  /**
987
1011
  * @public
@@ -1009,8 +1033,12 @@ declare type Oauth2ProxyProviderOptions<JWTPayload> = {
1009
1033
  declare const createOauth2ProxyProvider: (options: {
1010
1034
  /**
1011
1035
  * Configure an auth handler to generate a profile for the user.
1036
+ *
1037
+ * The default implementation uses the value of the `X-Forwarded-Preferred-Username`
1038
+ * header as the display name, falling back to `X-Forwarded-User`, and the value of
1039
+ * the `X-Forwarded-Email` header as the email address.
1012
1040
  */
1013
- authHandler: AuthHandler<OAuth2ProxyResult<unknown>>;
1041
+ authHandler?: AuthHandler<OAuth2ProxyResult<unknown>> | undefined;
1014
1042
  /**
1015
1043
  * Configure sign-in for this provider, without it the provider can not be used to sign users in.
1016
1044
  */
@@ -1349,6 +1377,7 @@ declare const providers: Readonly<{
1349
1377
  } | undefined) => AuthProviderFactory;
1350
1378
  resolvers: Readonly<{
1351
1379
  emailLocalPartMatchingUserEntityName: () => SignInResolver<unknown>;
1380
+ emailMatchingUserEntityProfileEmail: () => SignInResolver<unknown>;
1352
1381
  emailMatchingUserEntityAnnotation(): SignInResolver<OAuthResult>;
1353
1382
  }>;
1354
1383
  }>;
@@ -1360,6 +1389,8 @@ declare const providers: Readonly<{
1360
1389
  } | undefined;
1361
1390
  } | undefined) => AuthProviderFactory;
1362
1391
  resolvers: Readonly<{
1392
+ emailLocalPartMatchingUserEntityName: () => SignInResolver<unknown>;
1393
+ emailMatchingUserEntityProfileEmail: () => SignInResolver<unknown>;
1363
1394
  emailMatchingUserEntityAnnotation(): SignInResolver<OAuthResult>;
1364
1395
  }>;
1365
1396
  }>;
@@ -1374,7 +1405,7 @@ declare const providers: Readonly<{
1374
1405
  }>;
1375
1406
  oauth2Proxy: Readonly<{
1376
1407
  create: (options: {
1377
- authHandler: AuthHandler<OAuth2ProxyResult<unknown>>;
1408
+ authHandler?: AuthHandler<OAuth2ProxyResult<unknown>> | undefined;
1378
1409
  signIn: {
1379
1410
  resolver: SignInResolver<OAuth2ProxyResult<unknown>>;
1380
1411
  };
@@ -1398,6 +1429,8 @@ declare const providers: Readonly<{
1398
1429
  } | undefined;
1399
1430
  } | undefined) => AuthProviderFactory;
1400
1431
  resolvers: Readonly<{
1432
+ emailLocalPartMatchingUserEntityName: () => SignInResolver<unknown>;
1433
+ emailMatchingUserEntityProfileEmail: () => SignInResolver<unknown>;
1401
1434
  emailMatchingUserEntityAnnotation(): SignInResolver<OAuthResult>;
1402
1435
  }>;
1403
1436
  }>;
package/package.json CHANGED
@@ -1,7 +1,7 @@
1
1
  {
2
2
  "name": "@backstage/plugin-auth-backend",
3
3
  "description": "A Backstage backend plugin that handles authentication",
4
- "version": "0.13.0-next.2",
4
+ "version": "0.13.1-next.1",
5
5
  "main": "dist/index.cjs.js",
6
6
  "types": "dist/index.d.ts",
7
7
  "license": "Apache-2.0",
@@ -33,12 +33,12 @@
33
33
  "clean": "backstage-cli package clean"
34
34
  },
35
35
  "dependencies": {
36
- "@backstage/backend-common": "^0.13.2-next.2",
37
- "@backstage/catalog-client": "^1.0.1-next.0",
38
- "@backstage/catalog-model": "^1.0.1-next.0",
36
+ "@backstage/backend-common": "^0.13.3-next.1",
37
+ "@backstage/catalog-client": "^1.0.1",
38
+ "@backstage/catalog-model": "^1.0.1",
39
39
  "@backstage/config": "^1.0.0",
40
40
  "@backstage/errors": "^1.0.0",
41
- "@backstage/plugin-auth-node": "^0.2.0-next.0",
41
+ "@backstage/plugin-auth-node": "^0.2.1-next.0",
42
42
  "@backstage/types": "^1.0.0",
43
43
  "@google-cloud/firestore": "^5.0.2",
44
44
  "@types/express": "^4.17.6",
@@ -49,9 +49,9 @@
49
49
  "express": "^4.17.1",
50
50
  "express-promise-router": "^4.1.0",
51
51
  "express-session": "^1.17.1",
52
- "fs-extra": "10.0.1",
52
+ "fs-extra": "10.1.0",
53
53
  "google-auth-library": "^7.6.1",
54
- "jose": "^1.27.1",
54
+ "jose": "^4.6.0",
55
55
  "jwt-decode": "^3.1.0",
56
56
  "knex": "^1.0.2",
57
57
  "lodash": "^4.17.21",
@@ -66,7 +66,7 @@
66
66
  "passport-github2": "^0.1.12",
67
67
  "passport-gitlab2": "^5.0.0",
68
68
  "passport-google-oauth20": "^2.0.0",
69
- "passport-microsoft": "^0.1.0",
69
+ "passport-microsoft": "^1.0.0",
70
70
  "passport-oauth2": "^1.6.1",
71
71
  "passport-okta-oauth": "^0.0.1",
72
72
  "passport-onelogin-oauth": "^0.0.1",
@@ -76,8 +76,8 @@
76
76
  "yn": "^4.0.0"
77
77
  },
78
78
  "devDependencies": {
79
- "@backstage/backend-test-utils": "^0.1.23-next.1",
80
- "@backstage/cli": "^0.17.0-next.3",
79
+ "@backstage/backend-test-utils": "^0.1.24-next.0",
80
+ "@backstage/cli": "^0.17.1-next.1",
81
81
  "@types/body-parser": "^1.19.0",
82
82
  "@types/cookie-parser": "^1.4.2",
83
83
  "@types/express-session": "^1.17.2",
@@ -97,5 +97,5 @@
97
97
  "config.d.ts"
98
98
  ],
99
99
  "configSchema": "config.d.ts",
100
- "gitHead": "2eca57d93ef1081f4a76a19fc994a8e9e1a19e00"
100
+ "gitHead": "0b3df66a238c66a5498dab85b1ed85a8607289f1"
101
101
  }