@backstage/plugin-auth-backend 0.17.0-next.0 → 0.17.0-next.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. package/CHANGELOG.md +31 -0
  2. package/dist/index.cjs.js +28 -4
  3. package/dist/index.cjs.js.map +1 -1
  4. package/dist/index.d.ts +7 -2
  5. package/package.json +9 -9
package/CHANGELOG.md CHANGED
@@ -1,5 +1,36 @@
1
1
  # @backstage/plugin-auth-backend
2
2
 
3
+ ## 0.17.0-next.2
4
+
5
+ ### Patch Changes
6
+
7
+ - Updated dependencies
8
+ - @backstage/backend-common@0.15.2-next.2
9
+ - @backstage/plugin-auth-node@0.2.6-next.2
10
+ - @backstage/catalog-client@1.1.1-next.2
11
+ - @backstage/catalog-model@1.1.2-next.2
12
+ - @backstage/config@1.0.3-next.2
13
+ - @backstage/errors@1.1.2-next.2
14
+ - @backstage/types@1.0.0
15
+
16
+ ## 0.17.0-next.1
17
+
18
+ ### Minor Changes
19
+
20
+ - e2dc42e9f0: Google OAuth refresh tokens will now be revoked on logout by calling Google's API
21
+
22
+ ### Patch Changes
23
+
24
+ - b5c126010c: Auth0 provider now supports optional `connection` and `connectionScope` parameters to configure social identity providers.
25
+ - Updated dependencies
26
+ - @backstage/catalog-client@1.1.1-next.1
27
+ - @backstage/backend-common@0.15.2-next.1
28
+ - @backstage/catalog-model@1.1.2-next.1
29
+ - @backstage/config@1.0.3-next.1
30
+ - @backstage/errors@1.1.2-next.1
31
+ - @backstage/types@1.0.0
32
+ - @backstage/plugin-auth-node@0.2.6-next.1
33
+
3
34
  ## 0.17.0-next.0
4
35
 
5
36
  ### Minor Changes
package/dist/index.cjs.js CHANGED
@@ -306,6 +306,9 @@ class OAuthAdapter {
306
306
  ...cookieConfig
307
307
  });
308
308
  };
309
+ this.getRefreshTokenFromCookie = (req) => {
310
+ return req.cookies[`${this.options.providerId}-refresh-token`];
311
+ };
309
312
  this.getGrantedScopeFromCookie = (req) => {
310
313
  return req.cookies[`${this.options.providerId}-granted-scope`];
311
314
  };
@@ -415,6 +418,13 @@ class OAuthAdapter {
415
418
  if (!ensuresXRequestedWith(req)) {
416
419
  throw new errors.AuthenticationError("Invalid X-Requested-With header");
417
420
  }
421
+ if (this.handlers.logout) {
422
+ const refreshToken = this.getRefreshTokenFromCookie(req);
423
+ const revokeRequest = Object.assign(req, {
424
+ refreshToken
425
+ });
426
+ await this.handlers.logout(revokeRequest);
427
+ }
418
428
  const origin = req.get("origin");
419
429
  const cookieConfig = this.getCookieConfig(origin);
420
430
  this.removeRefreshTokenCookie(res, cookieConfig);
@@ -431,7 +441,7 @@ class OAuthAdapter {
431
441
  );
432
442
  }
433
443
  try {
434
- const refreshToken = req.cookies[`${this.options.providerId}-refresh-token`];
444
+ const refreshToken = this.getRefreshTokenFromCookie(req);
435
445
  if (!refreshToken) {
436
446
  throw new errors.InputError("Missing session cookie");
437
447
  }
@@ -745,6 +755,8 @@ class Auth0AuthProvider {
745
755
  this.authHandler = options.authHandler;
746
756
  this.resolverContext = options.resolverContext;
747
757
  this.audience = options.audience;
758
+ this.connection = options.connection;
759
+ this.connectionScope = options.connectionScope;
748
760
  this._strategy = new Auth0Strategy(
749
761
  {
750
762
  clientID: options.clientId,
@@ -776,12 +788,16 @@ class Auth0AuthProvider {
776
788
  prompt: "consent",
777
789
  scope: req.scope,
778
790
  state: encodeState(req.state),
779
- ...this.audience ? { audience: this.audience } : {}
791
+ ...this.audience ? { audience: this.audience } : {},
792
+ ...this.connection ? { connection: this.connection } : {},
793
+ ...this.connectionScope ? { connection_scope: this.connectionScope } : {}
780
794
  });
781
795
  }
782
796
  async handler(req) {
783
797
  const { result, privateInfo } = await executeFrameHandlerStrategy(req, this._strategy, {
784
- ...this.audience ? { audience: this.audience } : {}
798
+ ...this.audience ? { audience: this.audience } : {},
799
+ ...this.connection ? { connection: this.connection } : {},
800
+ ...this.connectionScope ? { connection_scope: this.connectionScope } : {}
785
801
  });
786
802
  return {
787
803
  response: await this.handleResult(result),
@@ -839,6 +855,8 @@ const auth0 = createAuthProviderIntegration({
839
855
  const domain = envConfig.getString("domain");
840
856
  const customCallbackUrl = envConfig.getOptionalString("callbackUrl");
841
857
  const audience = envConfig.getOptionalString("audience");
858
+ const connection = envConfig.getOptionalString("connection");
859
+ const connectionScope = envConfig.getOptionalString("connectionScope");
842
860
  const callbackUrl = customCallbackUrl || `${globalConfig.baseUrl}/${providerId}/handler/frame`;
843
861
  const authHandler = (options == null ? void 0 : options.authHandler) ? options.authHandler : async ({ fullProfile, params }) => ({
844
862
  profile: makeProfileInfo(fullProfile, params.id_token)
@@ -852,7 +870,9 @@ const auth0 = createAuthProviderIntegration({
852
870
  authHandler,
853
871
  signInResolver,
854
872
  resolverContext,
855
- audience
873
+ audience,
874
+ connection,
875
+ connectionScope
856
876
  });
857
877
  return OAuthAdapter.fromConfig(globalConfig, provider, {
858
878
  providerId,
@@ -1712,6 +1732,10 @@ class GoogleAuthProvider {
1712
1732
  refreshToken: privateInfo.refreshToken
1713
1733
  };
1714
1734
  }
1735
+ async logout(req) {
1736
+ const oauthClient = new googleAuthLibrary.OAuth2Client();
1737
+ await oauthClient.revokeToken(req.refreshToken);
1738
+ }
1715
1739
  async refresh(req) {
1716
1740
  const { accessToken, refreshToken, params } = await executeRefreshTokenStrategy(
1717
1741
  this.strategy,