npm - @backstage/plugin-auth-backend - Versions diffs - 0.16.0-next.2 → 0.16.0-next.3 - Mend

@backstage/plugin-auth-backend 0.16.0-next.2 → 0.16.0-next.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/CHANGELOG.md CHANGED Viewed

@@ -1,5 +1,23 @@
 # @backstage/plugin-auth-backend
+## 0.16.0-next.3
+### Minor Changes
+- 8600855fbf: The auth0 integration is updated to use the `passport-auth0` library. The configuration under `auth.providers.auth0.\*` now supports an optional `audience` parameter; providing that allows you to connect to the correct API to get permissions, access tokens, and full profile information.
+  [What is an Audience](https://community.auth0.com/t/what-is-the-audience/71414)
+### Patch Changes
+- Updated dependencies
+  - @backstage/catalog-client@1.1.0-next.2
+  - @backstage/catalog-model@1.1.1-next.0
+  - @backstage/config@1.0.2-next.0
+  - @backstage/errors@1.1.1-next.0
+  - @backstage/backend-common@0.15.1-next.3
+  - @backstage/plugin-auth-node@0.2.5-next.3
 ## 0.16.0-next.2
 ### Patch Changes

package/dist/index.cjs.js CHANGED Viewed

@@ -11,6 +11,7 @@ var pickBy = require('lodash/pickBy');
 var crypto = require('crypto');
 var url = require('url');
 var jwtDecoder = require('jwt-decode');
+var Auth0InternalStrategy = require('passport-auth0');
 var fetch = require('node-fetch');
 var NodeCache = require('node-cache');
 var jose = require('jose');
@@ -64,6 +65,7 @@ var pickBy__default = /*#__PURE__*/_interopDefaultLegacy(pickBy);
 var crypto__default = /*#__PURE__*/_interopDefaultLegacy(crypto);
 var crypto__namespace = /*#__PURE__*/_interopNamespace(crypto);
 var jwtDecoder__default = /*#__PURE__*/_interopDefaultLegacy(jwtDecoder);
+var Auth0InternalStrategy__default = /*#__PURE__*/_interopDefaultLegacy(Auth0InternalStrategy);
 var fetch__default = /*#__PURE__*/_interopDefaultLegacy(fetch);
 var NodeCache__default = /*#__PURE__*/_interopDefaultLegacy(NodeCache);
 var session__default = /*#__PURE__*/_interopDefaultLegacy(session);
@@ -494,7 +496,7 @@ const executeRedirectStrategy = async (req, providerStrategy, options) => {
     strategy.authenticate(req, { ...options });
   });
 };
-const executeFrameHandlerStrategy = async (req, providerStrategy) => {
+const executeFrameHandlerStrategy = async (req, providerStrategy, options) => {
   return new Promise(
     (resolve, reject) => {
       const strategy = Object.create(providerStrategy);
@@ -523,7 +525,7 @@ const executeFrameHandlerStrategy = async (req, providerStrategy) => {
       strategy.redirect = () => {
         reject(new Error("Unexpected redirect"));
       };
-      strategy.authenticate(req, {});
+      strategy.authenticate(req, { ...options != null ? options : {} });
     }
   );
 };
@@ -701,7 +703,7 @@ const atlassian = createAuthProviderIntegration({
   }
 });
-class Auth0Strategy extends OAuth2Strategy__default["default"] {
+class Auth0Strategy extends Auth0InternalStrategy__default["default"] {
   constructor(options, verify) {
     const optionsWithURLs = {
       ...options,
@@ -716,16 +718,26 @@ class Auth0Strategy extends OAuth2Strategy__default["default"] {
 class Auth0AuthProvider {
   constructor(options) {
+    this.store = {
+      store(_req, cb) {
+        cb(null, null);
+      },
+      verify(_req, _state, cb) {
+        cb(null, true);
+      }
+    };
     this.signInResolver = options.signInResolver;
     this.authHandler = options.authHandler;
     this.resolverContext = options.resolverContext;
+    this.audience = options.audience;
     this._strategy = new Auth0Strategy(
       {
         clientID: options.clientId,
         clientSecret: options.clientSecret,
         callbackURL: options.callbackUrl,
         domain: options.domain,
-        passReqToCallback: false
+        passReqToCallback: false,
+        store: this.store
       },
       (accessToken, refreshToken, params, fullProfile, done) => {
         done(
@@ -748,11 +760,14 @@ class Auth0AuthProvider {
       accessType: "offline",
       prompt: "consent",
       scope: req.scope,
-      state: encodeState(req.state)
+      state: encodeState(req.state),
+      ...this.audience ? { audience: this.audience } : {}
     });
   }
   async handler(req) {
-    const { result, privateInfo } = await executeFrameHandlerStrategy(req, this._strategy);
+    const { result, privateInfo } = await executeFrameHandlerStrategy(req, this._strategy, {
+      ...this.audience ? { audience: this.audience } : {}
+    });
     return {
       response: await this.handleResult(result),
       refreshToken: privateInfo.refreshToken
@@ -808,6 +823,7 @@ const auth0 = createAuthProviderIntegration({
       const clientSecret = envConfig.getString("clientSecret");
       const domain = envConfig.getString("domain");
       const customCallbackUrl = envConfig.getOptionalString("callbackUrl");
+      const audience = envConfig.getOptionalString("audience");
       const callbackUrl = customCallbackUrl || `${globalConfig.baseUrl}/${providerId}/handler/frame`;
       const authHandler = (options == null ? void 0 : options.authHandler) ? options.authHandler : async ({ fullProfile, params }) => ({
         profile: makeProfileInfo(fullProfile, params.id_token)
@@ -820,7 +836,8 @@ const auth0 = createAuthProviderIntegration({
         domain,
         authHandler,
         signInResolver,
-        resolverContext
+        resolverContext,
+        audience
       });
       return OAuthAdapter.fromConfig(globalConfig, provider, {
         providerId,