@backstage/plugin-auth-backend 0.17.0-next.0 → 0.17.0-next.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +18 -0
- package/dist/index.cjs.js +28 -4
- package/dist/index.cjs.js.map +1 -1
- package/dist/index.d.ts +7 -2
- package/package.json +9 -9
package/CHANGELOG.md
CHANGED
|
@@ -1,5 +1,23 @@
|
|
|
1
1
|
# @backstage/plugin-auth-backend
|
|
2
2
|
|
|
3
|
+
## 0.17.0-next.1
|
|
4
|
+
|
|
5
|
+
### Minor Changes
|
|
6
|
+
|
|
7
|
+
- e2dc42e9f0: Google OAuth refresh tokens will now be revoked on logout by calling Google's API
|
|
8
|
+
|
|
9
|
+
### Patch Changes
|
|
10
|
+
|
|
11
|
+
- b5c126010c: Auth0 provider now supports optional `connection` and `connectionScope` parameters to configure social identity providers.
|
|
12
|
+
- Updated dependencies
|
|
13
|
+
- @backstage/catalog-client@1.1.1-next.1
|
|
14
|
+
- @backstage/backend-common@0.15.2-next.1
|
|
15
|
+
- @backstage/catalog-model@1.1.2-next.1
|
|
16
|
+
- @backstage/config@1.0.3-next.1
|
|
17
|
+
- @backstage/errors@1.1.2-next.1
|
|
18
|
+
- @backstage/types@1.0.0
|
|
19
|
+
- @backstage/plugin-auth-node@0.2.6-next.1
|
|
20
|
+
|
|
3
21
|
## 0.17.0-next.0
|
|
4
22
|
|
|
5
23
|
### Minor Changes
|
package/dist/index.cjs.js
CHANGED
|
@@ -306,6 +306,9 @@ class OAuthAdapter {
|
|
|
306
306
|
...cookieConfig
|
|
307
307
|
});
|
|
308
308
|
};
|
|
309
|
+
this.getRefreshTokenFromCookie = (req) => {
|
|
310
|
+
return req.cookies[`${this.options.providerId}-refresh-token`];
|
|
311
|
+
};
|
|
309
312
|
this.getGrantedScopeFromCookie = (req) => {
|
|
310
313
|
return req.cookies[`${this.options.providerId}-granted-scope`];
|
|
311
314
|
};
|
|
@@ -415,6 +418,13 @@ class OAuthAdapter {
|
|
|
415
418
|
if (!ensuresXRequestedWith(req)) {
|
|
416
419
|
throw new errors.AuthenticationError("Invalid X-Requested-With header");
|
|
417
420
|
}
|
|
421
|
+
if (this.handlers.logout) {
|
|
422
|
+
const refreshToken = this.getRefreshTokenFromCookie(req);
|
|
423
|
+
const revokeRequest = Object.assign(req, {
|
|
424
|
+
refreshToken
|
|
425
|
+
});
|
|
426
|
+
await this.handlers.logout(revokeRequest);
|
|
427
|
+
}
|
|
418
428
|
const origin = req.get("origin");
|
|
419
429
|
const cookieConfig = this.getCookieConfig(origin);
|
|
420
430
|
this.removeRefreshTokenCookie(res, cookieConfig);
|
|
@@ -431,7 +441,7 @@ class OAuthAdapter {
|
|
|
431
441
|
);
|
|
432
442
|
}
|
|
433
443
|
try {
|
|
434
|
-
const refreshToken =
|
|
444
|
+
const refreshToken = this.getRefreshTokenFromCookie(req);
|
|
435
445
|
if (!refreshToken) {
|
|
436
446
|
throw new errors.InputError("Missing session cookie");
|
|
437
447
|
}
|
|
@@ -745,6 +755,8 @@ class Auth0AuthProvider {
|
|
|
745
755
|
this.authHandler = options.authHandler;
|
|
746
756
|
this.resolverContext = options.resolverContext;
|
|
747
757
|
this.audience = options.audience;
|
|
758
|
+
this.connection = options.connection;
|
|
759
|
+
this.connectionScope = options.connectionScope;
|
|
748
760
|
this._strategy = new Auth0Strategy(
|
|
749
761
|
{
|
|
750
762
|
clientID: options.clientId,
|
|
@@ -776,12 +788,16 @@ class Auth0AuthProvider {
|
|
|
776
788
|
prompt: "consent",
|
|
777
789
|
scope: req.scope,
|
|
778
790
|
state: encodeState(req.state),
|
|
779
|
-
...this.audience ? { audience: this.audience } : {}
|
|
791
|
+
...this.audience ? { audience: this.audience } : {},
|
|
792
|
+
...this.connection ? { connection: this.connection } : {},
|
|
793
|
+
...this.connectionScope ? { connection_scope: this.connectionScope } : {}
|
|
780
794
|
});
|
|
781
795
|
}
|
|
782
796
|
async handler(req) {
|
|
783
797
|
const { result, privateInfo } = await executeFrameHandlerStrategy(req, this._strategy, {
|
|
784
|
-
...this.audience ? { audience: this.audience } : {}
|
|
798
|
+
...this.audience ? { audience: this.audience } : {},
|
|
799
|
+
...this.connection ? { connection: this.connection } : {},
|
|
800
|
+
...this.connectionScope ? { connection_scope: this.connectionScope } : {}
|
|
785
801
|
});
|
|
786
802
|
return {
|
|
787
803
|
response: await this.handleResult(result),
|
|
@@ -839,6 +855,8 @@ const auth0 = createAuthProviderIntegration({
|
|
|
839
855
|
const domain = envConfig.getString("domain");
|
|
840
856
|
const customCallbackUrl = envConfig.getOptionalString("callbackUrl");
|
|
841
857
|
const audience = envConfig.getOptionalString("audience");
|
|
858
|
+
const connection = envConfig.getOptionalString("connection");
|
|
859
|
+
const connectionScope = envConfig.getOptionalString("connectionScope");
|
|
842
860
|
const callbackUrl = customCallbackUrl || `${globalConfig.baseUrl}/${providerId}/handler/frame`;
|
|
843
861
|
const authHandler = (options == null ? void 0 : options.authHandler) ? options.authHandler : async ({ fullProfile, params }) => ({
|
|
844
862
|
profile: makeProfileInfo(fullProfile, params.id_token)
|
|
@@ -852,7 +870,9 @@ const auth0 = createAuthProviderIntegration({
|
|
|
852
870
|
authHandler,
|
|
853
871
|
signInResolver,
|
|
854
872
|
resolverContext,
|
|
855
|
-
audience
|
|
873
|
+
audience,
|
|
874
|
+
connection,
|
|
875
|
+
connectionScope
|
|
856
876
|
});
|
|
857
877
|
return OAuthAdapter.fromConfig(globalConfig, provider, {
|
|
858
878
|
providerId,
|
|
@@ -1712,6 +1732,10 @@ class GoogleAuthProvider {
|
|
|
1712
1732
|
refreshToken: privateInfo.refreshToken
|
|
1713
1733
|
};
|
|
1714
1734
|
}
|
|
1735
|
+
async logout(req) {
|
|
1736
|
+
const oauthClient = new googleAuthLibrary.OAuth2Client();
|
|
1737
|
+
await oauthClient.revokeToken(req.refreshToken);
|
|
1738
|
+
}
|
|
1715
1739
|
async refresh(req) {
|
|
1716
1740
|
const { accessToken, refreshToken, params } = await executeRefreshTokenStrategy(
|
|
1717
1741
|
this.strategy,
|