@backstage/plugin-auth-backend 0.15.1 → 0.16.0-next.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +36 -0
- package/dist/index.cjs.js +9 -3
- package/dist/index.cjs.js.map +1 -1
- package/dist/index.d.ts +52 -50
- package/package.json +8 -9
package/dist/index.d.ts
CHANGED
|
@@ -29,6 +29,8 @@ declare type TokenParams = {
|
|
|
29
29
|
|
|
30
30
|
/**
|
|
31
31
|
* Common options for passport.js-based OAuth providers
|
|
32
|
+
*
|
|
33
|
+
* @public
|
|
32
34
|
*/
|
|
33
35
|
declare type OAuthProviderOptions = {
|
|
34
36
|
/**
|
|
@@ -44,6 +46,7 @@ declare type OAuthProviderOptions = {
|
|
|
44
46
|
*/
|
|
45
47
|
callbackUrl: string;
|
|
46
48
|
};
|
|
49
|
+
/** @public */
|
|
47
50
|
declare type OAuthResult = {
|
|
48
51
|
fullProfile: Profile;
|
|
49
52
|
params: {
|
|
@@ -64,6 +67,7 @@ declare type OAuthResponse = {
|
|
|
64
67
|
providerInfo: OAuthProviderInfo;
|
|
65
68
|
backstageIdentity?: BackstageSignInResult;
|
|
66
69
|
};
|
|
70
|
+
/** @public */
|
|
67
71
|
declare type OAuthProviderInfo = {
|
|
68
72
|
/**
|
|
69
73
|
* An access token issued for the signed in user.
|
|
@@ -82,16 +86,19 @@ declare type OAuthProviderInfo = {
|
|
|
82
86
|
*/
|
|
83
87
|
scope: string;
|
|
84
88
|
};
|
|
89
|
+
/** @public */
|
|
85
90
|
declare type OAuthState = {
|
|
86
91
|
nonce: string;
|
|
87
92
|
env: string;
|
|
88
93
|
origin?: string;
|
|
89
94
|
scope?: string;
|
|
90
95
|
};
|
|
96
|
+
/** @public */
|
|
91
97
|
declare type OAuthStartRequest = express.Request<{}> & {
|
|
92
98
|
scope: string;
|
|
93
99
|
state: OAuthState;
|
|
94
100
|
};
|
|
101
|
+
/** @public */
|
|
95
102
|
declare type OAuthRefreshRequest = express.Request<{}> & {
|
|
96
103
|
scope: string;
|
|
97
104
|
refreshToken: string;
|
|
@@ -107,7 +114,7 @@ interface OAuthHandlers {
|
|
|
107
114
|
/**
|
|
108
115
|
* Initiate a sign in request with an auth provider.
|
|
109
116
|
*/
|
|
110
|
-
start(req: OAuthStartRequest): Promise<
|
|
117
|
+
start(req: OAuthStartRequest): Promise<OAuthStartResponse>;
|
|
111
118
|
/**
|
|
112
119
|
* Handle the redirect from the auth provider when the user has signed in.
|
|
113
120
|
*/
|
|
@@ -218,7 +225,8 @@ declare type AuthProviderConfig = {
|
|
|
218
225
|
*/
|
|
219
226
|
cookieConfigurer?: CookieConfigurer;
|
|
220
227
|
};
|
|
221
|
-
|
|
228
|
+
/** @public */
|
|
229
|
+
declare type OAuthStartResponse = {
|
|
222
230
|
/**
|
|
223
231
|
* URL to redirect to
|
|
224
232
|
*/
|
|
@@ -238,6 +246,8 @@ declare type RedirectInfo = {
|
|
|
238
246
|
* `/auth/[provider]/handler/frame -> frameHandler`
|
|
239
247
|
* `/auth/[provider]/refresh -> refresh`
|
|
240
248
|
* `/auth/[provider]/logout -> logout`
|
|
249
|
+
*
|
|
250
|
+
* @public
|
|
241
251
|
*/
|
|
242
252
|
interface AuthProviderRouteHandlers {
|
|
243
253
|
/**
|
|
@@ -279,6 +289,7 @@ interface AuthProviderRouteHandlers {
|
|
|
279
289
|
*/
|
|
280
290
|
logout?(req: express.Request, res: express.Response): Promise<void>;
|
|
281
291
|
}
|
|
292
|
+
/** @public */
|
|
282
293
|
declare type AuthProviderFactory = (options: {
|
|
283
294
|
providerId: string;
|
|
284
295
|
globalConfig: AuthProviderConfig;
|
|
@@ -368,6 +379,14 @@ declare type StateEncoder = (req: OAuthStartRequest) => Promise<{
|
|
|
368
379
|
encodedState: string;
|
|
369
380
|
}>;
|
|
370
381
|
|
|
382
|
+
/** @public */
|
|
383
|
+
declare type AwsAlbResult = {
|
|
384
|
+
fullProfile: Profile;
|
|
385
|
+
expiresInSeconds?: number;
|
|
386
|
+
accessToken: string;
|
|
387
|
+
};
|
|
388
|
+
|
|
389
|
+
/** @public */
|
|
371
390
|
declare class OAuthEnvironmentHandler implements AuthProviderRouteHandlers {
|
|
372
391
|
private readonly handlers;
|
|
373
392
|
static mapConfig(config: Config, factoryFunc: (envConfig: Config) => AuthProviderRouteHandlers): OAuthEnvironmentHandler;
|
|
@@ -380,7 +399,8 @@ declare class OAuthEnvironmentHandler implements AuthProviderRouteHandlers {
|
|
|
380
399
|
private getProviderForEnv;
|
|
381
400
|
}
|
|
382
401
|
|
|
383
|
-
|
|
402
|
+
/** @public */
|
|
403
|
+
declare type OAuthAdapterOptions = {
|
|
384
404
|
providerId: string;
|
|
385
405
|
secure: boolean;
|
|
386
406
|
persistScopes?: boolean;
|
|
@@ -390,12 +410,13 @@ declare type Options = {
|
|
|
390
410
|
isOriginAllowed: (origin: string) => boolean;
|
|
391
411
|
callbackUrl: string;
|
|
392
412
|
};
|
|
413
|
+
/** @public */
|
|
393
414
|
declare class OAuthAdapter implements AuthProviderRouteHandlers {
|
|
394
415
|
private readonly handlers;
|
|
395
416
|
private readonly options;
|
|
396
|
-
static fromConfig(config: AuthProviderConfig, handlers: OAuthHandlers, options: Pick<
|
|
417
|
+
static fromConfig(config: AuthProviderConfig, handlers: OAuthHandlers, options: Pick<OAuthAdapterOptions, 'providerId' | 'persistScopes' | 'callbackUrl'>): OAuthAdapter;
|
|
397
418
|
private readonly baseCookieOptions;
|
|
398
|
-
constructor(handlers: OAuthHandlers, options:
|
|
419
|
+
constructor(handlers: OAuthHandlers, options: OAuthAdapterOptions);
|
|
399
420
|
start(req: express.Request, res: express.Response): Promise<void>;
|
|
400
421
|
frameHandler(req: express.Request, res: express.Response): Promise<void>;
|
|
401
422
|
logout(req: express.Request, res: express.Response): Promise<void>;
|
|
@@ -412,45 +433,14 @@ declare class OAuthAdapter implements AuthProviderRouteHandlers {
|
|
|
412
433
|
private removeRefreshTokenCookie;
|
|
413
434
|
}
|
|
414
435
|
|
|
436
|
+
/** @public */
|
|
415
437
|
declare const readState: (stateString: string) => OAuthState;
|
|
438
|
+
/** @public */
|
|
416
439
|
declare const encodeState: (state: OAuthState) => string;
|
|
440
|
+
/** @public */
|
|
417
441
|
declare const verifyNonce: (req: express.Request, providerId: string) => void;
|
|
418
442
|
|
|
419
|
-
declare type AtlassianAuthProviderOptions = OAuthProviderOptions & {
|
|
420
|
-
scopes: string;
|
|
421
|
-
signInResolver?: SignInResolver<OAuthResult>;
|
|
422
|
-
authHandler: AuthHandler<OAuthResult>;
|
|
423
|
-
resolverContext: AuthResolverContext;
|
|
424
|
-
};
|
|
425
|
-
/**
|
|
426
|
-
* @public
|
|
427
|
-
* @deprecated This export is deprecated and will be removed in the future.
|
|
428
|
-
*/
|
|
429
|
-
declare class AtlassianAuthProvider implements OAuthHandlers {
|
|
430
|
-
private readonly _strategy;
|
|
431
|
-
private readonly signInResolver?;
|
|
432
|
-
private readonly authHandler;
|
|
433
|
-
private readonly resolverContext;
|
|
434
|
-
constructor(options: AtlassianAuthProviderOptions);
|
|
435
|
-
start(req: OAuthStartRequest): Promise<RedirectInfo>;
|
|
436
|
-
handler(req: express.Request): Promise<{
|
|
437
|
-
response: OAuthResponse;
|
|
438
|
-
refreshToken: string | undefined;
|
|
439
|
-
}>;
|
|
440
|
-
private handleResult;
|
|
441
|
-
refresh(req: OAuthRefreshRequest): Promise<{
|
|
442
|
-
response: OAuthResponse;
|
|
443
|
-
refreshToken: string | undefined;
|
|
444
|
-
}>;
|
|
445
|
-
}
|
|
446
|
-
|
|
447
443
|
/** @public */
|
|
448
|
-
declare type AwsAlbResult = {
|
|
449
|
-
fullProfile: Profile;
|
|
450
|
-
expiresInSeconds?: number;
|
|
451
|
-
accessToken: string;
|
|
452
|
-
};
|
|
453
|
-
|
|
454
444
|
declare type BitbucketOAuthResult = {
|
|
455
445
|
fullProfile: BitbucketPassportProfile;
|
|
456
446
|
params: {
|
|
@@ -461,6 +451,7 @@ declare type BitbucketOAuthResult = {
|
|
|
461
451
|
accessToken: string;
|
|
462
452
|
refreshToken?: string;
|
|
463
453
|
};
|
|
454
|
+
/** @public */
|
|
464
455
|
declare type BitbucketPassportProfile = Profile & {
|
|
465
456
|
id?: string;
|
|
466
457
|
displayName?: string;
|
|
@@ -554,15 +545,16 @@ declare type CloudflareAccessIdentityProfile = {
|
|
|
554
545
|
groups: CloudflareAccessGroup[];
|
|
555
546
|
};
|
|
556
547
|
/**
|
|
557
|
-
*
|
|
558
548
|
* @public
|
|
559
549
|
*/
|
|
560
550
|
declare type CloudflareAccessResult = {
|
|
561
551
|
claims: CloudflareAccessClaims;
|
|
562
552
|
cfIdentity: CloudflareAccessIdentityProfile;
|
|
563
553
|
expiresInSeconds?: number;
|
|
554
|
+
token: string;
|
|
564
555
|
};
|
|
565
556
|
|
|
557
|
+
/** @public */
|
|
566
558
|
declare type GithubOAuthResult = {
|
|
567
559
|
fullProfile: Profile;
|
|
568
560
|
params: {
|
|
@@ -849,6 +841,8 @@ declare const defaultAuthProviderFactories: {
|
|
|
849
841
|
*
|
|
850
842
|
* The returned object facilitates the creation of provider instances, and
|
|
851
843
|
* supplies built-in sign-in resolvers for the specific provider.
|
|
844
|
+
*
|
|
845
|
+
* @public
|
|
852
846
|
*/
|
|
853
847
|
declare function createAuthProviderIntegration<TCreateOptions extends unknown[], TResolvers extends {
|
|
854
848
|
[name in string]: (...args: any[]) => SignInResolver<any>;
|
|
@@ -869,9 +863,11 @@ declare function createAuthProviderIntegration<TCreateOptions extends unknown[],
|
|
|
869
863
|
*/
|
|
870
864
|
declare function prepareBackstageIdentityResponse(result: BackstageSignInResult): BackstageIdentityResponse;
|
|
871
865
|
|
|
866
|
+
/** @public */
|
|
872
867
|
declare type ProviderFactories = {
|
|
873
868
|
[s: string]: AuthProviderFactory;
|
|
874
869
|
};
|
|
870
|
+
/** @public */
|
|
875
871
|
interface RouterOptions {
|
|
876
872
|
logger: Logger;
|
|
877
873
|
database: PluginDatabaseManager;
|
|
@@ -881,12 +877,16 @@ interface RouterOptions {
|
|
|
881
877
|
tokenFactoryAlgorithm?: string;
|
|
882
878
|
providerFactories?: ProviderFactories;
|
|
883
879
|
}
|
|
880
|
+
/** @public */
|
|
884
881
|
declare function createRouter(options: RouterOptions): Promise<express.Router>;
|
|
882
|
+
/** @public */
|
|
885
883
|
declare function createOriginFilter(config: Config): (origin: string) => boolean;
|
|
886
884
|
|
|
887
885
|
/**
|
|
888
886
|
* Payload sent as a post message after the auth request is complete.
|
|
889
887
|
* If successful then has a valid payload with Auth information else contains an error.
|
|
888
|
+
*
|
|
889
|
+
* @public
|
|
890
890
|
*/
|
|
891
891
|
declare type WebMessageResponse = {
|
|
892
892
|
type: 'authorization_response';
|
|
@@ -896,18 +896,15 @@ declare type WebMessageResponse = {
|
|
|
896
896
|
error: Error;
|
|
897
897
|
};
|
|
898
898
|
|
|
899
|
+
/** @public */
|
|
899
900
|
declare const postMessageResponse: (res: express.Response, appOrigin: string, response: WebMessageResponse) => void;
|
|
901
|
+
/** @public */
|
|
900
902
|
declare const ensuresXRequestedWith: (req: express.Request) => boolean;
|
|
901
903
|
|
|
902
|
-
declare type UserQuery = {
|
|
903
|
-
annotations: Record<string, string>;
|
|
904
|
-
};
|
|
905
|
-
declare type MemberClaimQuery = {
|
|
906
|
-
entityRefs: string[];
|
|
907
|
-
logger?: Logger;
|
|
908
|
-
};
|
|
909
904
|
/**
|
|
910
905
|
* A catalog client tailored for reading out identity data from the catalog.
|
|
906
|
+
*
|
|
907
|
+
* @public
|
|
911
908
|
*/
|
|
912
909
|
declare class CatalogIdentityClient {
|
|
913
910
|
private readonly catalogApi;
|
|
@@ -921,7 +918,9 @@ declare class CatalogIdentityClient {
|
|
|
921
918
|
*
|
|
922
919
|
* Throws a NotFoundError or ConflictError if 0 or multiple users are found.
|
|
923
920
|
*/
|
|
924
|
-
findUser(query:
|
|
921
|
+
findUser(query: {
|
|
922
|
+
annotations: Record<string, string>;
|
|
923
|
+
}): Promise<UserEntity>;
|
|
925
924
|
/**
|
|
926
925
|
* Resolve additional entity claims from the catalog, using the passed-in entity names. Designed
|
|
927
926
|
* to be used within a `signInResolver` where additional entity claims might be provided, but
|
|
@@ -929,7 +928,10 @@ declare class CatalogIdentityClient {
|
|
|
929
928
|
*
|
|
930
929
|
* Returns a superset of the entity names that can be passed directly to `issueToken` as `ent`.
|
|
931
930
|
*/
|
|
932
|
-
resolveCatalogMembership(query:
|
|
931
|
+
resolveCatalogMembership(query: {
|
|
932
|
+
entityRefs: string[];
|
|
933
|
+
logger?: Logger;
|
|
934
|
+
}): Promise<string[]>;
|
|
933
935
|
}
|
|
934
936
|
|
|
935
937
|
/**
|
|
@@ -942,4 +944,4 @@ declare class CatalogIdentityClient {
|
|
|
942
944
|
*/
|
|
943
945
|
declare function getDefaultOwnershipEntityRefs(entity: Entity): string[];
|
|
944
946
|
|
|
945
|
-
export {
|
|
947
|
+
export { AuthHandler, AuthHandlerResult, AuthProviderConfig, AuthProviderFactory, AuthProviderRouteHandlers, AuthResolverCatalogUserQuery, AuthResolverContext, AuthResponse, AwsAlbResult, BitbucketOAuthResult, BitbucketPassportProfile, CatalogIdentityClient, CloudflareAccessClaims, CloudflareAccessGroup, CloudflareAccessIdentityProfile, CloudflareAccessResult, CookieConfigurer, GcpIapResult, GcpIapTokenInfo, GithubOAuthResult, OAuth2ProxyResult, OAuthAdapter, OAuthAdapterOptions, OAuthEnvironmentHandler, OAuthHandlers, OAuthProviderInfo, OAuthProviderOptions, OAuthRefreshRequest, OAuthResponse, OAuthResult, OAuthStartRequest, OAuthStartResponse, OAuthState, OidcAuthResult, ProfileInfo, ProviderFactories, RouterOptions, SamlAuthResult, SignInInfo, SignInResolver, StateEncoder, TokenParams, WebMessageResponse, createAuthProviderIntegration, createOriginFilter, createRouter, defaultAuthProviderFactories, encodeState, ensuresXRequestedWith, getDefaultOwnershipEntityRefs, postMessageResponse, prepareBackstageIdentityResponse, providers, readState, verifyNonce };
|
package/package.json
CHANGED
|
@@ -1,11 +1,10 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@backstage/plugin-auth-backend",
|
|
3
3
|
"description": "A Backstage backend plugin that handles authentication",
|
|
4
|
-
"version": "0.
|
|
4
|
+
"version": "0.16.0-next.2",
|
|
5
5
|
"main": "dist/index.cjs.js",
|
|
6
6
|
"types": "dist/index.d.ts",
|
|
7
7
|
"license": "Apache-2.0",
|
|
8
|
-
"private": false,
|
|
9
8
|
"publishConfig": {
|
|
10
9
|
"access": "public",
|
|
11
10
|
"main": "dist/index.cjs.js",
|
|
@@ -33,12 +32,12 @@
|
|
|
33
32
|
"clean": "backstage-cli package clean"
|
|
34
33
|
},
|
|
35
34
|
"dependencies": {
|
|
36
|
-
"@backstage/backend-common": "^0.15.
|
|
37
|
-
"@backstage/catalog-client": "^1.0.
|
|
35
|
+
"@backstage/backend-common": "^0.15.1-next.2",
|
|
36
|
+
"@backstage/catalog-client": "^1.0.5-next.1",
|
|
38
37
|
"@backstage/catalog-model": "^1.1.0",
|
|
39
38
|
"@backstage/config": "^1.0.1",
|
|
40
39
|
"@backstage/errors": "^1.1.0",
|
|
41
|
-
"@backstage/plugin-auth-node": "^0.2.
|
|
40
|
+
"@backstage/plugin-auth-node": "^0.2.5-next.2",
|
|
42
41
|
"@backstage/types": "^1.0.0",
|
|
43
42
|
"@davidzemon/passport-okta-oauth": "^0.0.5",
|
|
44
43
|
"@google-cloud/firestore": "^6.0.0",
|
|
@@ -76,8 +75,8 @@
|
|
|
76
75
|
"yn": "^4.0.0"
|
|
77
76
|
},
|
|
78
77
|
"devDependencies": {
|
|
79
|
-
"@backstage/backend-test-utils": "^0.1.
|
|
80
|
-
"@backstage/cli": "^0.
|
|
78
|
+
"@backstage/backend-test-utils": "^0.1.28-next.2",
|
|
79
|
+
"@backstage/cli": "^0.19.0-next.2",
|
|
81
80
|
"@types/body-parser": "^1.19.0",
|
|
82
81
|
"@types/cookie-parser": "^1.4.2",
|
|
83
82
|
"@types/express-session": "^1.17.2",
|
|
@@ -88,7 +87,7 @@
|
|
|
88
87
|
"@types/passport-saml": "^1.1.3",
|
|
89
88
|
"@types/passport-strategy": "^0.2.35",
|
|
90
89
|
"@types/xml2js": "^0.4.7",
|
|
91
|
-
"msw": "^0.
|
|
90
|
+
"msw": "^0.47.0",
|
|
92
91
|
"supertest": "^6.1.3"
|
|
93
92
|
},
|
|
94
93
|
"files": [
|
|
@@ -97,5 +96,5 @@
|
|
|
97
96
|
"config.d.ts"
|
|
98
97
|
],
|
|
99
98
|
"configSchema": "config.d.ts",
|
|
100
|
-
"gitHead": "
|
|
99
|
+
"gitHead": "24f889f173370f060725fcf9404081e40769beb4"
|
|
101
100
|
}
|