@backstage/plugin-auth-backend 0.18.1 → 0.18.2-next.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (6) hide show
  1. package/CHANGELOG.md +29 -0
  2. package/config.d.ts +88 -9
  3. package/dist/index.cjs.js +15 -4
  4. package/dist/index.cjs.js.map +1 -1
  5. package/dist/index.d.ts +2 -0
  6. package/package.json +5 -6
package/CHANGELOG.md CHANGED
@@ -1,5 +1,34 @@
1
1
  # @backstage/plugin-auth-backend
2
2
 
3
+ ## 0.18.2-next.1
4
+
5
+ ### Patch Changes
6
+
7
+ - e0c6e8b9c3c: Update peer dependencies
8
+ - Updated dependencies
9
+ - @backstage/backend-common@0.18.4-next.1
10
+ - @backstage/catalog-client@1.4.0
11
+ - @backstage/catalog-model@1.2.1
12
+ - @backstage/config@1.0.7
13
+ - @backstage/errors@1.1.5
14
+ - @backstage/types@1.0.2
15
+ - @backstage/plugin-auth-node@0.2.13-next.1
16
+
17
+ ## 0.18.2-next.0
18
+
19
+ ### Patch Changes
20
+
21
+ - d8f774c30df: Enforce the secret visibility of certificates and client secrets in the auth backend. Also, document all known options for each auth plugin.
22
+ - 7908d72e033: Introduce a new global config parameter, `auth.enableExperimentalRedirectFlow`. When enabled, auth will happen with an in-window redirect flow rather than through a popup window.
23
+ - Updated dependencies
24
+ - @backstage/backend-common@0.18.4-next.0
25
+ - @backstage/config@1.0.7
26
+ - @backstage/catalog-client@1.4.0
27
+ - @backstage/catalog-model@1.2.1
28
+ - @backstage/errors@1.1.5
29
+ - @backstage/types@1.0.2
30
+ - @backstage/plugin-auth-node@0.2.13-next.0
31
+
3
32
  ## 0.18.1
4
33
 
5
34
  ### Patch Changes
package/config.d.ts CHANGED
@@ -62,30 +62,72 @@ export interface Config {
62
62
  */
63
63
  providers?: {
64
64
  google?: {
65
- [authEnv: string]: { [key: string]: string };
65
+ [authEnv: string]: {
66
+ clientId: string;
67
+ /**
68
+ * @visibility secret
69
+ */
70
+ clientSecret: string;
71
+ callbackUrl?: string;
72
+ };
66
73
  };
67
74
  github?: {
68
- [authEnv: string]: { [key: string]: string };
75
+ [authEnv: string]: {
76
+ clientId: string;
77
+ /**
78
+ * @visibility secret
79
+ */
80
+ clientSecret: string;
81
+ callbackUrl?: string;
82
+ enterpriseInstanceUrl?: string;
83
+ };
69
84
  };
70
85
  gitlab?: {
71
- [authEnv: string]: { [key: string]: string };
86
+ [authEnv: string]: {
87
+ clientId: string;
88
+ /**
89
+ * @visibility secret
90
+ */
91
+ clientSecret: string;
92
+ audience?: string;
93
+ callbackUrl?: string;
94
+ };
72
95
  };
73
96
  saml?: {
74
97
  entryPoint: string;
75
98
  logoutUrl?: string;
76
99
  issuer: string;
100
+ /**
101
+ * @visibility secret
102
+ */
77
103
  cert: string;
78
104
  audience?: string;
105
+ /**
106
+ * @visibility secret
107
+ */
79
108
  privateKey?: string;
80
109
  authnContext?: string[];
81
110
  identifierFormat?: string;
111
+ /**
112
+ * @visibility secret
113
+ */
82
114
  decryptionPvk?: string;
83
115
  signatureAlgorithm?: 'sha256' | 'sha512';
84
116
  digestAlgorithm?: string;
85
117
  acceptedClockSkewMs?: number;
86
118
  };
87
119
  okta?: {
88
- [authEnv: string]: { [key: string]: string };
120
+ [authEnv: string]: {
121
+ clientId: string;
122
+ /**
123
+ * @visibility secret
124
+ */
125
+ clientSecret: string;
126
+ audience: string;
127
+ authServerId?: string;
128
+ idp?: string;
129
+ callbackUrl?: string;
130
+ };
89
131
  };
90
132
  oauth2?: {
91
133
  [authEnv: string]: {
@@ -101,19 +143,56 @@ export interface Config {
101
143
  };
102
144
  };
103
145
  oidc?: {
104
- [authEnv: string]: { [key: string]: string };
146
+ [authEnv: string]: {
147
+ clientId: string;
148
+ /**
149
+ * @visibility secret
150
+ */
151
+ clientSecret: string;
152
+ callbackUrl?: string;
153
+ metadataUrl: string;
154
+ scope?: string;
155
+ prompt?: string;
156
+ };
105
157
  };
106
158
  auth0?: {
107
- [authEnv: string]: { [key: string]: string };
159
+ [authEnv: string]: {
160
+ clientId: string;
161
+ /**
162
+ * @visibility secret
163
+ */
164
+ clientSecret: string;
165
+ domain: string;
166
+ callbackUrl?: string;
167
+ audience?: string;
168
+ connection?: string;
169
+ connectionScope?: string;
170
+ };
108
171
  };
109
172
  microsoft?: {
110
- [authEnv: string]: { [key: string]: string };
173
+ [authEnv: string]: {
174
+ clientId: string;
175
+ /**
176
+ * @visibility secret
177
+ */
178
+ clientSecret: string;
179
+ tenantId: string;
180
+ callbackUrl?: string;
181
+ };
111
182
  };
112
183
  onelogin?: {
113
- [authEnv: string]: { [key: string]: string };
184
+ [authEnv: string]: {
185
+ clientId: string;
186
+ /**
187
+ * @visibility secret
188
+ */
189
+ clientSecret: string;
190
+ issuer: string;
191
+ callbackUrl?: string;
192
+ };
114
193
  };
115
194
  awsalb?: {
116
- issuer?: string;
195
+ iss?: string;
117
196
  region: string;
118
197
  };
119
198
  cfaccess?: {
package/dist/index.cjs.js CHANGED
@@ -353,17 +353,19 @@ class OAuthAdapter {
353
353
  });
354
354
  }
355
355
  async start(req, res) {
356
- var _a, _b, _c, _d;
356
+ var _a, _b, _c, _d, _e, _f;
357
357
  const scope = (_b = (_a = req.query.scope) == null ? void 0 : _a.toString()) != null ? _b : "";
358
358
  const env = (_c = req.query.env) == null ? void 0 : _c.toString();
359
359
  const origin = (_d = req.query.origin) == null ? void 0 : _d.toString();
360
+ const redirectUrl = (_e = req.query.redirectUrl) == null ? void 0 : _e.toString();
361
+ const flow = (_f = req.query.flow) == null ? void 0 : _f.toString();
360
362
  if (!env) {
361
363
  throw new errors.InputError("No env provided in request query parameters");
362
364
  }
363
365
  const cookieConfig = this.getCookieConfig(origin);
364
366
  const nonce = crypto__default["default"].randomBytes(16).toString("base64");
365
367
  this.setNonceCookie(res, nonce, cookieConfig);
366
- const state = { nonce, env, origin };
368
+ const state = { nonce, env, origin, redirectUrl, flow };
367
369
  if (this.options.persistScopes) {
368
370
  state.scope = scope;
369
371
  }
@@ -402,10 +404,19 @@ class OAuthAdapter {
402
404
  this.setRefreshTokenCookie(res, refreshToken, cookieConfig);
403
405
  }
404
406
  const identity = await this.populateIdentity(response.backstageIdentity);
405
- return postMessageResponse(res, appOrigin, {
407
+ const responseObj = {
406
408
  type: "authorization_response",
407
409
  response: { ...response, backstageIdentity: identity }
408
- });
410
+ };
411
+ if (state.flow === "redirect") {
412
+ if (!state.redirectUrl) {
413
+ throw new errors.InputError(
414
+ "No redirectUrl provided in request query parameters"
415
+ );
416
+ }
417
+ res.redirect(state.redirectUrl);
418
+ }
419
+ return postMessageResponse(res, appOrigin, responseObj);
409
420
  } catch (error) {
410
421
  const { name, message } = errors.isError(error) ? error : new Error("Encountered invalid error");
411
422
  return postMessageResponse(res, appOrigin, {