@backstage/plugin-auth-backend 0.14.0 → 0.14.1-next.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. package/CHANGELOG.md +31 -0
  2. package/dist/index.cjs.js +19 -17
  3. package/dist/index.cjs.js.map +1 -1
  4. package/migrations/20220522100910_key_field_size.js +49 -0
  5. package/package.json +10 -10
package/CHANGELOG.md CHANGED
@@ -1,5 +1,36 @@
1
1
  # @backstage/plugin-auth-backend
2
2
 
3
+ ## 0.14.1-next.2
4
+
5
+ ### Patch Changes
6
+
7
+ - bc6fb57094: Updated dependency `passport` to `^0.6.0`.
8
+ - Updated dependencies
9
+ - @backstage/backend-common@0.14.0-next.2
10
+ - @backstage/plugin-auth-node@0.2.2-next.2
11
+
12
+ ## 0.14.1-next.1
13
+
14
+ ### Patch Changes
15
+
16
+ - 5e055079f0: Increased key field size for signing_keys table to account for larger signature keys
17
+ - 8f7b1835df: Updated dependency `msw` to `^0.41.0`.
18
+ - 467facc6ea: Fix improper binding of 'this' in ALB Auth provider
19
+ - Updated dependencies
20
+ - @backstage/backend-common@0.13.6-next.1
21
+ - @backstage/catalog-client@1.0.3-next.0
22
+ - @backstage/plugin-auth-node@0.2.2-next.1
23
+ - @backstage/catalog-model@1.0.3-next.0
24
+
25
+ ## 0.14.1-next.0
26
+
27
+ ### Patch Changes
28
+
29
+ - f6aae90e4e: Added configurable algorithm field for TokenFactory
30
+ - Updated dependencies
31
+ - @backstage/backend-common@0.13.6-next.0
32
+ - @backstage/plugin-auth-node@0.2.2-next.0
33
+
3
34
  ## 0.14.0
4
35
 
5
36
  ### Minor Changes
package/dist/index.cjs.js CHANGED
@@ -26,9 +26,9 @@ var passportOneloginOauth = require('passport-onelogin-oauth');
26
26
  var passportSaml = require('passport-saml');
27
27
  var googleAuthLibrary = require('google-auth-library');
28
28
  var catalogClient = require('@backstage/catalog-client');
29
- var uuid = require('uuid');
30
- var luxon = require('luxon');
31
29
  var catalogModel = require('@backstage/catalog-model');
30
+ var luxon = require('luxon');
31
+ var uuid = require('uuid');
32
32
  var backendCommon = require('@backstage/backend-common');
33
33
  var firestore = require('@google-cloud/firestore');
34
34
  var lodash = require('lodash');
@@ -764,6 +764,19 @@ const ALB_JWT_HEADER = "x-amzn-oidc-data";
764
764
  const ALB_ACCESS_TOKEN_HEADER = "x-amzn-oidc-accesstoken";
765
765
  class AwsAlbAuthProvider {
766
766
  constructor(options) {
767
+ this.getKey = async (header) => {
768
+ if (!header.kid) {
769
+ throw new errors.AuthenticationError("No key id was specified in header");
770
+ }
771
+ const optionalCacheKey = this.keyCache.get(header.kid);
772
+ if (optionalCacheKey) {
773
+ return crypto__namespace.createPublicKey(optionalCacheKey);
774
+ }
775
+ const keyText = await fetch__default["default"](`https://public-keys.auth.elb.${encodeURIComponent(this.region)}.amazonaws.com/${encodeURIComponent(header.kid)}`).then((response) => response.text());
776
+ const keyValue = crypto__namespace.createPublicKey(keyText);
777
+ this.keyCache.set(header.kid, keyValue.export({ format: "pem", type: "spki" }));
778
+ return keyValue;
779
+ };
767
780
  this.region = options.region;
768
781
  this.issuer = options.issuer;
769
782
  this.authHandler = options.authHandler;
@@ -837,19 +850,6 @@ class AwsAlbAuthProvider {
837
850
  profile
838
851
  };
839
852
  }
840
- async getKey(header) {
841
- if (!header.kid) {
842
- throw new errors.AuthenticationError("No key id was specified in header");
843
- }
844
- const optionalCacheKey = this.keyCache.get(header.kid);
845
- if (optionalCacheKey) {
846
- return crypto__namespace.createPublicKey(optionalCacheKey);
847
- }
848
- const keyText = await fetch__default["default"](`https://public-keys.auth.elb.${encodeURIComponent(this.region)}.amazonaws.com/${encodeURIComponent(header.kid)}`).then((response) => response.text());
849
- const keyValue = crypto__namespace.createPublicKey(keyText);
850
- this.keyCache.set(header.kid, keyValue.export({ format: "pem", type: "spki" }));
851
- return keyValue;
852
- }
853
853
  }
854
854
  const awsAlb = createAuthProviderIntegration({
855
855
  create(options) {
@@ -2300,10 +2300,12 @@ function createOidcRouter(options) {
2300
2300
  const MS_IN_S = 1e3;
2301
2301
  class TokenFactory {
2302
2302
  constructor(options) {
2303
+ var _a;
2303
2304
  this.issuer = options.issuer;
2304
2305
  this.logger = options.logger;
2305
2306
  this.keyStore = options.keyStore;
2306
2307
  this.keyDurationSeconds = options.keyDurationSeconds;
2308
+ this.algorithm = (_a = options.algorithm) != null ? _a : "ES256";
2307
2309
  }
2308
2310
  async issueToken(params) {
2309
2311
  const key = await this.getKey();
@@ -2359,11 +2361,11 @@ class TokenFactory {
2359
2361
  seconds: this.keyDurationSeconds
2360
2362
  }).toJSDate();
2361
2363
  const promise = (async () => {
2362
- const key = await jose.generateKeyPair("ES256");
2364
+ const key = await jose.generateKeyPair(this.algorithm);
2363
2365
  const publicKey = await jose.exportJWK(key.publicKey);
2364
2366
  const privateKey = await jose.exportJWK(key.privateKey);
2365
2367
  publicKey.kid = privateKey.kid = uuid.v4();
2366
- publicKey.alg = privateKey.alg = "ES256";
2368
+ publicKey.alg = privateKey.alg = this.algorithm;
2367
2369
  this.logger.info(`Created new signing key ${publicKey.kid}`);
2368
2370
  await this.keyStore.addKey(publicKey);
2369
2371
  return privateKey;