npm - @backstage/plugin-auth-backend - Versions diffs - 0.15.0-next.3 → 0.15.1-next.1 - Mend

@backstage/plugin-auth-backend 0.15.0-next.3 → 0.15.1-next.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

package/dist/index.d.ts CHANGED Viewed

@@ -6,6 +6,7 @@ import { Entity, UserEntity } from '@backstage/catalog-model';
 import { Config } from '@backstage/config';
 import { BackstageSignInResult, BackstageIdentityResponse } from '@backstage/plugin-auth-node';
 import { Profile } from 'passport';
+import * as _backstage_backend_common from '@backstage/backend-common';
 import { PluginDatabaseManager, PluginEndpointDiscovery, TokenManager } from '@backstage/backend-common';
 import { IncomingHttpHeaders } from 'http';
 import { TokenSet, UserinfoResponse } from 'openid-client';
@@ -474,6 +475,94 @@ declare type BitbucketPassportProfile = Profile & {
     };
 };
+/**
+ * CloudflareAccessClaims
+ *
+ * Can be used in externally provided auth handler or sign in resolver to
+ * enrich user profile for sign-in user entity
+ *
+ * @public
+ */
+declare type CloudflareAccessClaims = {
+    /**
+     * `aud` identifies the application to which the JWT is issued.
+     */
+    aud: string[];
+    /**
+     * `email` contains the email address of the authenticated user.
+     */
+    email: string;
+    /**
+     * iat and exp are the issuance and expiration timestamps.
+     */
+    exp: number;
+    iat: number;
+    /**
+     * `nonce` is the session identifier.
+     */
+    nonce: string;
+    /**
+     * `identity_nonce` is available in the Application Token and can be used to
+     * query all group membership for a given user.
+     */
+    identity_nonce: string;
+    /**
+     * `sub` contains the identifier of the authenticated user.
+     */
+    sub: string;
+    /**
+     * `iss` the issuer is the application’s Cloudflare Access Domain URL.
+     */
+    iss: string;
+    /**
+     * `custom` contains SAML attributes in the Application Token specified by an
+     * administrator in the identity provider configuration.
+     */
+    custom: string;
+};
+/**
+ * CloudflareAccessGroup
+ *
+ * @public
+ */
+declare type CloudflareAccessGroup = {
+    /**
+     * Group id
+     */
+    id: string;
+    /**
+     * Name of group as defined in Cloudflare zero trust dashboard
+     */
+    name: string;
+    /**
+     * Access group email address
+     */
+    email: string;
+};
+/**
+ * CloudflareAccessIdentityProfile
+ *
+ * Can be used in externally provided auth handler or sign in resolver to
+ * enrich user profile for sign-in user entity
+ *
+ * @public
+ */
+declare type CloudflareAccessIdentityProfile = {
+    id: string;
+    name: string;
+    email: string;
+    groups: CloudflareAccessGroup[];
+};
+/**
+ *
+ * @public
+ */
+declare type CloudflareAccessResult = {
+    claims: CloudflareAccessClaims;
+    cfIdentity: CloudflareAccessIdentityProfile;
+    expiresInSeconds?: number;
+};
 declare type GithubOAuthResult = {
     fullProfile: Profile;
     params: {
@@ -616,6 +705,18 @@ declare const providers: Readonly<{
             userIdMatchingUserEntityAnnotation(): SignInResolver<OAuthResult>;
         }>;
     }>;
+    cfAccess: Readonly<{
+        create: (options: {
+            authHandler?: AuthHandler<CloudflareAccessResult> | undefined;
+            signIn: {
+                resolver: SignInResolver<CloudflareAccessResult>;
+            };
+            cache?: _backstage_backend_common.CacheClient | undefined;
+        }) => AuthProviderFactory;
+        resolvers: Readonly<{
+            emailMatchingUserEntityProfileEmail: () => SignInResolver<unknown>;
+        }>;
+    }>;
     gcpIap: Readonly<{
         create: (options: {
             authHandler?: AuthHandler<GcpIapResult> | undefined;
@@ -841,4 +942,4 @@ declare class CatalogIdentityClient {
  */
 declare function getDefaultOwnershipEntityRefs(entity: Entity): string[];
-export { AtlassianAuthProvider, AuthHandler, AuthHandlerResult, AuthProviderConfig, AuthProviderFactory, AuthProviderRouteHandlers, AuthResolverCatalogUserQuery, AuthResolverContext, AuthResponse, AwsAlbResult, BitbucketOAuthResult, BitbucketPassportProfile, CatalogIdentityClient, CookieConfigurer, GcpIapResult, GcpIapTokenInfo, GithubOAuthResult, OAuth2ProxyResult, OAuthAdapter, OAuthEnvironmentHandler, OAuthHandlers, OAuthProviderInfo, OAuthProviderOptions, OAuthRefreshRequest, OAuthResponse, OAuthResult, OAuthStartRequest, OAuthState, OidcAuthResult, ProfileInfo, RouterOptions, SamlAuthResult, SignInInfo, SignInResolver, StateEncoder, TokenParams, WebMessageResponse, createAuthProviderIntegration, createOriginFilter, createRouter, defaultAuthProviderFactories, encodeState, ensuresXRequestedWith, getDefaultOwnershipEntityRefs, postMessageResponse, prepareBackstageIdentityResponse, providers, readState, verifyNonce };
+export { AtlassianAuthProvider, AuthHandler, AuthHandlerResult, AuthProviderConfig, AuthProviderFactory, AuthProviderRouteHandlers, AuthResolverCatalogUserQuery, AuthResolverContext, AuthResponse, AwsAlbResult, BitbucketOAuthResult, BitbucketPassportProfile, CatalogIdentityClient, CloudflareAccessClaims, CloudflareAccessGroup, CloudflareAccessIdentityProfile, CloudflareAccessResult, CookieConfigurer, GcpIapResult, GcpIapTokenInfo, GithubOAuthResult, OAuth2ProxyResult, OAuthAdapter, OAuthEnvironmentHandler, OAuthHandlers, OAuthProviderInfo, OAuthProviderOptions, OAuthRefreshRequest, OAuthResponse, OAuthResult, OAuthStartRequest, OAuthState, OidcAuthResult, ProfileInfo, RouterOptions, SamlAuthResult, SignInInfo, SignInResolver, StateEncoder, TokenParams, WebMessageResponse, createAuthProviderIntegration, createOriginFilter, createRouter, defaultAuthProviderFactories, encodeState, ensuresXRequestedWith, getDefaultOwnershipEntityRefs, postMessageResponse, prepareBackstageIdentityResponse, providers, readState, verifyNonce };

package/package.json CHANGED Viewed

@@ -1,7 +1,7 @@
 {
   "name": "@backstage/plugin-auth-backend",
   "description": "A Backstage backend plugin that handles authentication",
-  "version": "0.15.0-next.3",
+  "version": "0.15.1-next.1",
   "main": "dist/index.cjs.js",
   "types": "dist/index.d.ts",
   "license": "Apache-2.0",
@@ -33,15 +33,15 @@
     "clean": "backstage-cli package clean"
   },
   "dependencies": {
-    "@backstage/backend-common": "^0.14.1-next.3",
-    "@backstage/catalog-client": "^1.0.4-next.2",
-    "@backstage/catalog-model": "^1.1.0-next.3",
+    "@backstage/backend-common": "^0.15.0-next.0",
+    "@backstage/catalog-client": "^1.0.4",
+    "@backstage/catalog-model": "^1.1.0",
     "@backstage/config": "^1.0.1",
-    "@backstage/errors": "^1.1.0-next.0",
-    "@backstage/plugin-auth-node": "^0.2.3-next.2",
+    "@backstage/errors": "^1.1.0",
+    "@backstage/plugin-auth-node": "^0.2.4-next.0",
     "@backstage/types": "^1.0.0",
     "@davidzemon/passport-okta-oauth": "^0.0.5",
-    "@google-cloud/firestore": "^5.0.2",
+    "@google-cloud/firestore": "^6.0.0",
     "@types/express": "^4.17.6",
     "@types/passport": "^1.0.3",
     "compression": "^1.7.4",
@@ -76,8 +76,8 @@
     "yn": "^4.0.0"
   },
   "devDependencies": {
-    "@backstage/backend-test-utils": "^0.1.26-next.3",
-    "@backstage/cli": "^0.18.0-next.3",
+    "@backstage/backend-test-utils": "^0.1.27-next.0",
+    "@backstage/cli": "^0.18.1-next.1",
     "@types/body-parser": "^1.19.0",
     "@types/cookie-parser": "^1.4.2",
     "@types/express-session": "^1.17.2",
@@ -88,7 +88,7 @@
     "@types/passport-saml": "^1.1.3",
     "@types/passport-strategy": "^0.2.35",
     "@types/xml2js": "^0.4.7",
-    "msw": "^0.43.0",
+    "msw": "^0.44.0",
     "supertest": "^6.1.3"
   },
   "files": [
@@ -97,5 +97,5 @@
     "config.d.ts"
   ],
   "configSchema": "config.d.ts",
-  "gitHead": "291b3a07233061266d9f3ce431345bf19fa4bbd5"
+  "gitHead": "9b7d23351cdbe29fb16060f6f9e8442932d3fa29"
 }