@backstage/plugin-auth-backend 0.13.1-next.2 → 0.14.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +38 -0
- package/dist/index.cjs.js +9 -12
- package/dist/index.cjs.js.map +1 -1
- package/dist/index.d.ts +1 -2
- package/package.json +9 -9
package/CHANGELOG.md
CHANGED
|
@@ -1,5 +1,43 @@
|
|
|
1
1
|
# @backstage/plugin-auth-backend
|
|
2
2
|
|
|
3
|
+
## 0.14.0
|
|
4
|
+
|
|
5
|
+
### Minor Changes
|
|
6
|
+
|
|
7
|
+
- 2df2f01a29: Removed the explicit `disableRefresh` option from `OAuthAdapter`. Refresh can still be disabled for a provider by not implementing the `refresh` method.
|
|
8
|
+
|
|
9
|
+
### Patch Changes
|
|
10
|
+
|
|
11
|
+
- cac3ba68a2: Fixed a bug that was introduced in `0.13.1-next.0` which caused the `ent` claim of issued tokens to be dropped.
|
|
12
|
+
- 5d268623dd: Updates the OAuth2 Proxy provider to require less infrastructure configuration.
|
|
13
|
+
|
|
14
|
+
The auth result object of the OAuth2 Proxy now provides access to the request headers, both through the `headers` object as well as `getHeader` method. The existing logic that parses and extracts the user information from ID tokens is deprecated and will be removed in a future release. See the OAuth2 Proxy provider documentation for more details.
|
|
15
|
+
|
|
16
|
+
The OAuth2 Proxy provider now also has a default `authHandler` implementation that reads the display name and email from the incoming request headers.
|
|
17
|
+
|
|
18
|
+
- 2df2f01a29: The Auth0 adapter no longer disables session refreshing.
|
|
19
|
+
- cfc0f19699: Updated dependency `fs-extra` to `10.1.0`.
|
|
20
|
+
- 787ae0d541: Add more common predefined sign-in resolvers to auth providers.
|
|
21
|
+
|
|
22
|
+
Add the existing resolver to more providers (already available at `google`):
|
|
23
|
+
|
|
24
|
+
- `providers.microsoft.resolvers.emailLocalPartMatchingUserEntityName()`
|
|
25
|
+
- `providers.okta.resolvers.emailLocalPartMatchingUserEntityName()`
|
|
26
|
+
|
|
27
|
+
Add a new resolver for simple email-to-email matching:
|
|
28
|
+
|
|
29
|
+
- `providers.google.resolvers.emailMatchingUserEntityProfileEmail()`
|
|
30
|
+
- `providers.microsoft.resolvers.emailMatchingUserEntityProfileEmail()`
|
|
31
|
+
- `providers.okta.resolvers.emailMatchingUserEntityProfileEmail()`
|
|
32
|
+
|
|
33
|
+
- 9ec4e0613e: Update to `jose` 4.6.0
|
|
34
|
+
- Updated dependencies
|
|
35
|
+
- @backstage/backend-common@0.13.3
|
|
36
|
+
- @backstage/config@1.0.1
|
|
37
|
+
- @backstage/plugin-auth-node@0.2.1
|
|
38
|
+
- @backstage/catalog-client@1.0.2
|
|
39
|
+
- @backstage/catalog-model@1.0.2
|
|
40
|
+
|
|
3
41
|
## 0.13.1-next.2
|
|
4
42
|
|
|
5
43
|
### Patch Changes
|
package/dist/index.cjs.js
CHANGED
|
@@ -367,7 +367,7 @@ class OAuthAdapter {
|
|
|
367
367
|
this.setGrantedScopeCookie(res, state.scope);
|
|
368
368
|
response.providerInfo.scope = state.scope;
|
|
369
369
|
}
|
|
370
|
-
if (refreshToken
|
|
370
|
+
if (refreshToken) {
|
|
371
371
|
this.setRefreshTokenCookie(res, refreshToken);
|
|
372
372
|
}
|
|
373
373
|
const identity = await this.populateIdentity(response.backstageIdentity);
|
|
@@ -395,7 +395,7 @@ class OAuthAdapter {
|
|
|
395
395
|
if (!ensuresXRequestedWith(req)) {
|
|
396
396
|
throw new errors.AuthenticationError("Invalid X-Requested-With header");
|
|
397
397
|
}
|
|
398
|
-
if (!this.handlers.refresh
|
|
398
|
+
if (!this.handlers.refresh) {
|
|
399
399
|
throw new errors.InputError(`Refresh token is not supported for provider ${this.options.providerId}`);
|
|
400
400
|
}
|
|
401
401
|
try {
|
|
@@ -752,7 +752,6 @@ const auth0 = createAuthProviderIntegration({
|
|
|
752
752
|
resolverContext
|
|
753
753
|
});
|
|
754
754
|
return OAuthAdapter.fromConfig(globalConfig, provider, {
|
|
755
|
-
disableRefresh: true,
|
|
756
755
|
providerId,
|
|
757
756
|
callbackUrl
|
|
758
757
|
});
|
|
@@ -964,7 +963,6 @@ const bitbucket = createAuthProviderIntegration({
|
|
|
964
963
|
resolverContext
|
|
965
964
|
});
|
|
966
965
|
return OAuthAdapter.fromConfig(globalConfig, provider, {
|
|
967
|
-
disableRefresh: false,
|
|
968
966
|
providerId,
|
|
969
967
|
callbackUrl
|
|
970
968
|
});
|
|
@@ -1236,7 +1234,6 @@ const gitlab = createAuthProviderIntegration({
|
|
|
1236
1234
|
resolverContext
|
|
1237
1235
|
});
|
|
1238
1236
|
return OAuthAdapter.fromConfig(globalConfig, provider, {
|
|
1239
|
-
disableRefresh: false,
|
|
1240
1237
|
providerId,
|
|
1241
1238
|
callbackUrl
|
|
1242
1239
|
});
|
|
@@ -1355,7 +1352,6 @@ const google = createAuthProviderIntegration({
|
|
|
1355
1352
|
resolverContext
|
|
1356
1353
|
});
|
|
1357
1354
|
return OAuthAdapter.fromConfig(globalConfig, provider, {
|
|
1358
|
-
disableRefresh: false,
|
|
1359
1355
|
providerId,
|
|
1360
1356
|
callbackUrl
|
|
1361
1357
|
});
|
|
@@ -1486,7 +1482,6 @@ const microsoft = createAuthProviderIntegration({
|
|
|
1486
1482
|
resolverContext
|
|
1487
1483
|
});
|
|
1488
1484
|
return OAuthAdapter.fromConfig(globalConfig, provider, {
|
|
1489
|
-
disableRefresh: false,
|
|
1490
1485
|
providerId,
|
|
1491
1486
|
callbackUrl
|
|
1492
1487
|
});
|
|
@@ -1515,9 +1510,11 @@ const microsoftEmailSignInResolver = microsoft.resolvers.emailMatchingUserEntity
|
|
|
1515
1510
|
|
|
1516
1511
|
class OAuth2AuthProvider {
|
|
1517
1512
|
constructor(options) {
|
|
1513
|
+
var _a;
|
|
1518
1514
|
this.signInResolver = options.signInResolver;
|
|
1519
1515
|
this.authHandler = options.authHandler;
|
|
1520
1516
|
this.resolverContext = options.resolverContext;
|
|
1517
|
+
this.disableRefresh = (_a = options.disableRefresh) != null ? _a : false;
|
|
1521
1518
|
this._strategy = new OAuth2Strategy.Strategy({
|
|
1522
1519
|
clientID: options.clientId,
|
|
1523
1520
|
clientSecret: options.clientSecret,
|
|
@@ -1556,6 +1553,9 @@ class OAuth2AuthProvider {
|
|
|
1556
1553
|
};
|
|
1557
1554
|
}
|
|
1558
1555
|
async refresh(req) {
|
|
1556
|
+
if (this.disableRefresh) {
|
|
1557
|
+
throw new errors.InputError("Session refreshes have been disabled");
|
|
1558
|
+
}
|
|
1559
1559
|
const refreshTokenResponse = await executeRefreshTokenStrategy(this._strategy, req.refreshToken, req.scope);
|
|
1560
1560
|
const { accessToken, params, refreshToken } = refreshTokenResponse;
|
|
1561
1561
|
const fullProfile = await executeFetchUserProfileStrategy(this._strategy, accessToken);
|
|
@@ -1617,10 +1617,10 @@ const oauth2 = createAuthProviderIntegration({
|
|
|
1617
1617
|
tokenUrl,
|
|
1618
1618
|
scope,
|
|
1619
1619
|
includeBasicAuth,
|
|
1620
|
-
resolverContext
|
|
1620
|
+
resolverContext,
|
|
1621
|
+
disableRefresh
|
|
1621
1622
|
});
|
|
1622
1623
|
return OAuthAdapter.fromConfig(globalConfig, provider, {
|
|
1623
|
-
disableRefresh,
|
|
1624
1624
|
providerId,
|
|
1625
1625
|
callbackUrl
|
|
1626
1626
|
});
|
|
@@ -1820,7 +1820,6 @@ const oidc = createAuthProviderIntegration({
|
|
|
1820
1820
|
resolverContext
|
|
1821
1821
|
});
|
|
1822
1822
|
return OAuthAdapter.fromConfig(globalConfig, provider, {
|
|
1823
|
-
disableRefresh: false,
|
|
1824
1823
|
providerId,
|
|
1825
1824
|
callbackUrl
|
|
1826
1825
|
});
|
|
@@ -1933,7 +1932,6 @@ const okta = createAuthProviderIntegration({
|
|
|
1933
1932
|
resolverContext
|
|
1934
1933
|
});
|
|
1935
1934
|
return OAuthAdapter.fromConfig(globalConfig, provider, {
|
|
1936
|
-
disableRefresh: false,
|
|
1937
1935
|
providerId,
|
|
1938
1936
|
callbackUrl
|
|
1939
1937
|
});
|
|
@@ -2051,7 +2049,6 @@ const onelogin = createAuthProviderIntegration({
|
|
|
2051
2049
|
resolverContext
|
|
2052
2050
|
});
|
|
2053
2051
|
return OAuthAdapter.fromConfig(globalConfig, provider, {
|
|
2054
|
-
disableRefresh: false,
|
|
2055
2052
|
providerId,
|
|
2056
2053
|
callbackUrl
|
|
2057
2054
|
});
|