@backstage/plugin-auth-backend 0.18.2-next.1 → 0.18.2-next.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +41 -0
- package/dist/index.cjs.js +147 -26
- package/dist/index.cjs.js.map +1 -1
- package/dist/index.d.ts +59 -41
- package/package.json +7 -7
package/dist/index.d.ts
CHANGED
|
@@ -17,7 +17,7 @@ import * as _backstage_backend_plugin_api from '@backstage/backend-plugin-api';
|
|
|
17
17
|
*
|
|
18
18
|
* @public
|
|
19
19
|
*/
|
|
20
|
-
|
|
20
|
+
type TokenParams = {
|
|
21
21
|
/**
|
|
22
22
|
* The claims that will be embedded within the token. At a minimum, this should include
|
|
23
23
|
* the subject claim, `sub`. It is common to also list entity ownership relations in the
|
|
@@ -39,7 +39,7 @@ declare type TokenParams = {
|
|
|
39
39
|
*
|
|
40
40
|
* @public
|
|
41
41
|
*/
|
|
42
|
-
|
|
42
|
+
type OAuthProviderOptions = {
|
|
43
43
|
/**
|
|
44
44
|
* Client ID of the auth provider.
|
|
45
45
|
*/
|
|
@@ -54,7 +54,7 @@ declare type OAuthProviderOptions = {
|
|
|
54
54
|
callbackUrl: string;
|
|
55
55
|
};
|
|
56
56
|
/** @public */
|
|
57
|
-
|
|
57
|
+
type OAuthResult = {
|
|
58
58
|
fullProfile: Profile;
|
|
59
59
|
params: {
|
|
60
60
|
id_token?: string;
|
|
@@ -69,13 +69,13 @@ declare type OAuthResult = {
|
|
|
69
69
|
*
|
|
70
70
|
* @public
|
|
71
71
|
*/
|
|
72
|
-
|
|
72
|
+
type OAuthResponse = {
|
|
73
73
|
profile: ProfileInfo;
|
|
74
74
|
providerInfo: OAuthProviderInfo;
|
|
75
75
|
backstageIdentity?: BackstageSignInResult;
|
|
76
76
|
};
|
|
77
77
|
/** @public */
|
|
78
|
-
|
|
78
|
+
type OAuthProviderInfo = {
|
|
79
79
|
/**
|
|
80
80
|
* An access token issued for the signed in user.
|
|
81
81
|
*/
|
|
@@ -94,7 +94,7 @@ declare type OAuthProviderInfo = {
|
|
|
94
94
|
scope: string;
|
|
95
95
|
};
|
|
96
96
|
/** @public */
|
|
97
|
-
|
|
97
|
+
type OAuthState = {
|
|
98
98
|
nonce: string;
|
|
99
99
|
env: string;
|
|
100
100
|
origin?: string;
|
|
@@ -103,17 +103,17 @@ declare type OAuthState = {
|
|
|
103
103
|
flow?: string;
|
|
104
104
|
};
|
|
105
105
|
/** @public */
|
|
106
|
-
|
|
106
|
+
type OAuthStartRequest = express.Request<{}> & {
|
|
107
107
|
scope: string;
|
|
108
108
|
state: OAuthState;
|
|
109
109
|
};
|
|
110
110
|
/** @public */
|
|
111
|
-
|
|
111
|
+
type OAuthRefreshRequest = express.Request<{}> & {
|
|
112
112
|
scope: string;
|
|
113
113
|
refreshToken: string;
|
|
114
114
|
};
|
|
115
115
|
/** @public */
|
|
116
|
-
|
|
116
|
+
type OAuthLogoutRequest = express.Request<{}> & {
|
|
117
117
|
refreshToken: string;
|
|
118
118
|
};
|
|
119
119
|
/**
|
|
@@ -163,7 +163,7 @@ interface OAuthHandlers {
|
|
|
163
163
|
*
|
|
164
164
|
* @public
|
|
165
165
|
*/
|
|
166
|
-
|
|
166
|
+
type AuthResolverCatalogUserQuery = {
|
|
167
167
|
entityRef: string | {
|
|
168
168
|
kind?: string;
|
|
169
169
|
namespace?: string;
|
|
@@ -179,7 +179,7 @@ declare type AuthResolverCatalogUserQuery = {
|
|
|
179
179
|
*
|
|
180
180
|
* @public
|
|
181
181
|
*/
|
|
182
|
-
|
|
182
|
+
type AuthResolverContext = {
|
|
183
183
|
/**
|
|
184
184
|
* Issues a Backstage token using the provided parameters.
|
|
185
185
|
*/
|
|
@@ -206,7 +206,7 @@ declare type AuthResolverContext = {
|
|
|
206
206
|
* The callback used to resolve the cookie configuration for auth providers that use cookies.
|
|
207
207
|
* @public
|
|
208
208
|
*/
|
|
209
|
-
|
|
209
|
+
type CookieConfigurer = (ctx: {
|
|
210
210
|
/** ID of the auth provider that this configuration applies to */
|
|
211
211
|
providerId: string;
|
|
212
212
|
/** The externally reachable base URL of the auth-backend plugin */
|
|
@@ -222,7 +222,7 @@ declare type CookieConfigurer = (ctx: {
|
|
|
222
222
|
sameSite?: 'none' | 'lax' | 'strict';
|
|
223
223
|
};
|
|
224
224
|
/** @public */
|
|
225
|
-
|
|
225
|
+
type AuthProviderConfig = {
|
|
226
226
|
/**
|
|
227
227
|
* The protocol://domain[:port] where the app is hosted. This is used to construct the
|
|
228
228
|
* callbackURL to redirect to once the user signs in to the auth provider.
|
|
@@ -242,7 +242,7 @@ declare type AuthProviderConfig = {
|
|
|
242
242
|
cookieConfigurer?: CookieConfigurer;
|
|
243
243
|
};
|
|
244
244
|
/** @public */
|
|
245
|
-
|
|
245
|
+
type OAuthStartResponse = {
|
|
246
246
|
/**
|
|
247
247
|
* URL to redirect to
|
|
248
248
|
*/
|
|
@@ -306,7 +306,7 @@ interface AuthProviderRouteHandlers {
|
|
|
306
306
|
logout?(req: express.Request, res: express.Response): Promise<void>;
|
|
307
307
|
}
|
|
308
308
|
/** @public */
|
|
309
|
-
|
|
309
|
+
type AuthProviderFactory = (options: {
|
|
310
310
|
providerId: string;
|
|
311
311
|
globalConfig: AuthProviderConfig;
|
|
312
312
|
config: Config;
|
|
@@ -314,7 +314,7 @@ declare type AuthProviderFactory = (options: {
|
|
|
314
314
|
resolverContext: AuthResolverContext;
|
|
315
315
|
}) => AuthProviderRouteHandlers;
|
|
316
316
|
/** @public */
|
|
317
|
-
|
|
317
|
+
type AuthResponse<ProviderInfo> = {
|
|
318
318
|
providerInfo: ProviderInfo;
|
|
319
319
|
profile: ProfileInfo;
|
|
320
320
|
backstageIdentity?: BackstageIdentityResponse;
|
|
@@ -328,7 +328,7 @@ declare type AuthResponse<ProviderInfo> = {
|
|
|
328
328
|
*
|
|
329
329
|
* @public
|
|
330
330
|
*/
|
|
331
|
-
|
|
331
|
+
type ProfileInfo = {
|
|
332
332
|
/**
|
|
333
333
|
* Email ID of the signed in user.
|
|
334
334
|
*/
|
|
@@ -349,7 +349,7 @@ declare type ProfileInfo = {
|
|
|
349
349
|
*
|
|
350
350
|
* @public
|
|
351
351
|
*/
|
|
352
|
-
|
|
352
|
+
type SignInInfo<TAuthResult> = {
|
|
353
353
|
/**
|
|
354
354
|
* The simple profile passed down for use in the frontend.
|
|
355
355
|
*/
|
|
@@ -366,14 +366,14 @@ declare type SignInInfo<TAuthResult> = {
|
|
|
366
366
|
*
|
|
367
367
|
* @public
|
|
368
368
|
*/
|
|
369
|
-
|
|
369
|
+
type SignInResolver<TAuthResult> = (info: SignInInfo<TAuthResult>, context: AuthResolverContext) => Promise<BackstageSignInResult>;
|
|
370
370
|
/**
|
|
371
371
|
* The return type of an authentication handler. Must contain valid profile
|
|
372
372
|
* information.
|
|
373
373
|
*
|
|
374
374
|
* @public
|
|
375
375
|
*/
|
|
376
|
-
|
|
376
|
+
type AuthHandlerResult = {
|
|
377
377
|
profile: ProfileInfo;
|
|
378
378
|
};
|
|
379
379
|
/**
|
|
@@ -389,19 +389,25 @@ declare type AuthHandlerResult = {
|
|
|
389
389
|
*
|
|
390
390
|
* @public
|
|
391
391
|
*/
|
|
392
|
-
|
|
392
|
+
type AuthHandler<TAuthResult> = (input: TAuthResult, context: AuthResolverContext) => Promise<AuthHandlerResult>;
|
|
393
393
|
/** @public */
|
|
394
|
-
|
|
394
|
+
type StateEncoder = (req: OAuthStartRequest) => Promise<{
|
|
395
395
|
encodedState: string;
|
|
396
396
|
}>;
|
|
397
397
|
|
|
398
398
|
/** @public */
|
|
399
|
-
|
|
399
|
+
type AwsAlbResult = {
|
|
400
400
|
fullProfile: Profile;
|
|
401
401
|
expiresInSeconds?: number;
|
|
402
402
|
accessToken: string;
|
|
403
403
|
};
|
|
404
404
|
|
|
405
|
+
/** @public */
|
|
406
|
+
type EasyAuthResult = {
|
|
407
|
+
fullProfile: Profile;
|
|
408
|
+
accessToken?: string;
|
|
409
|
+
};
|
|
410
|
+
|
|
405
411
|
/** @public */
|
|
406
412
|
declare class OAuthEnvironmentHandler implements AuthProviderRouteHandlers {
|
|
407
413
|
private readonly handlers;
|
|
@@ -416,7 +422,7 @@ declare class OAuthEnvironmentHandler implements AuthProviderRouteHandlers {
|
|
|
416
422
|
}
|
|
417
423
|
|
|
418
424
|
/** @public */
|
|
419
|
-
|
|
425
|
+
type OAuthAdapterOptions = {
|
|
420
426
|
providerId: string;
|
|
421
427
|
persistScopes?: boolean;
|
|
422
428
|
appOrigin: string;
|
|
@@ -458,7 +464,7 @@ declare const encodeState: (state: OAuthState) => string;
|
|
|
458
464
|
declare const verifyNonce: (req: express.Request, providerId: string) => void;
|
|
459
465
|
|
|
460
466
|
/** @public */
|
|
461
|
-
|
|
467
|
+
type BitbucketOAuthResult = {
|
|
462
468
|
fullProfile: BitbucketPassportProfile;
|
|
463
469
|
params: {
|
|
464
470
|
id_token?: string;
|
|
@@ -469,7 +475,7 @@ declare type BitbucketOAuthResult = {
|
|
|
469
475
|
refreshToken?: string;
|
|
470
476
|
};
|
|
471
477
|
/** @public */
|
|
472
|
-
|
|
478
|
+
type BitbucketPassportProfile = Profile & {
|
|
473
479
|
id?: string;
|
|
474
480
|
displayName?: string;
|
|
475
481
|
username?: string;
|
|
@@ -484,7 +490,7 @@ declare type BitbucketPassportProfile = Profile & {
|
|
|
484
490
|
};
|
|
485
491
|
|
|
486
492
|
/** @public */
|
|
487
|
-
|
|
493
|
+
type BitbucketServerOAuthResult = {
|
|
488
494
|
fullProfile: Profile;
|
|
489
495
|
params: {
|
|
490
496
|
scope: string;
|
|
@@ -504,7 +510,7 @@ declare type BitbucketServerOAuthResult = {
|
|
|
504
510
|
*
|
|
505
511
|
* @public
|
|
506
512
|
*/
|
|
507
|
-
|
|
513
|
+
type CloudflareAccessClaims = {
|
|
508
514
|
/**
|
|
509
515
|
* `aud` identifies the application to which the JWT is issued.
|
|
510
516
|
*/
|
|
@@ -546,7 +552,7 @@ declare type CloudflareAccessClaims = {
|
|
|
546
552
|
*
|
|
547
553
|
* @public
|
|
548
554
|
*/
|
|
549
|
-
|
|
555
|
+
type CloudflareAccessGroup = {
|
|
550
556
|
/**
|
|
551
557
|
* Group id
|
|
552
558
|
*/
|
|
@@ -568,7 +574,7 @@ declare type CloudflareAccessGroup = {
|
|
|
568
574
|
*
|
|
569
575
|
* @public
|
|
570
576
|
*/
|
|
571
|
-
|
|
577
|
+
type CloudflareAccessIdentityProfile = {
|
|
572
578
|
id: string;
|
|
573
579
|
name: string;
|
|
574
580
|
email: string;
|
|
@@ -577,7 +583,7 @@ declare type CloudflareAccessIdentityProfile = {
|
|
|
577
583
|
/**
|
|
578
584
|
* @public
|
|
579
585
|
*/
|
|
580
|
-
|
|
586
|
+
type CloudflareAccessResult = {
|
|
581
587
|
claims: CloudflareAccessClaims;
|
|
582
588
|
cfIdentity: CloudflareAccessIdentityProfile;
|
|
583
589
|
expiresInSeconds?: number;
|
|
@@ -585,7 +591,7 @@ declare type CloudflareAccessResult = {
|
|
|
585
591
|
};
|
|
586
592
|
|
|
587
593
|
/** @public */
|
|
588
|
-
|
|
594
|
+
type GithubOAuthResult = {
|
|
589
595
|
fullProfile: Profile;
|
|
590
596
|
params: {
|
|
591
597
|
scope: string;
|
|
@@ -602,7 +608,7 @@ declare type GithubOAuthResult = {
|
|
|
602
608
|
*
|
|
603
609
|
* @public
|
|
604
610
|
*/
|
|
605
|
-
|
|
611
|
+
type OAuth2ProxyResult<JWTPayload = {}> = {
|
|
606
612
|
/**
|
|
607
613
|
* The parsed payload of the `accessToken`. The token is only parsed, not verified.
|
|
608
614
|
*
|
|
@@ -640,13 +646,13 @@ declare type OAuth2ProxyResult<JWTPayload = {}> = {
|
|
|
640
646
|
* authentication result for the OIDC which includes the token set and user information (a profile response sent by OIDC server)
|
|
641
647
|
* @public
|
|
642
648
|
*/
|
|
643
|
-
|
|
649
|
+
type OidcAuthResult = {
|
|
644
650
|
tokenset: TokenSet;
|
|
645
651
|
userinfo: UserinfoResponse;
|
|
646
652
|
};
|
|
647
653
|
|
|
648
654
|
/** @public */
|
|
649
|
-
|
|
655
|
+
type SamlAuthResult = {
|
|
650
656
|
fullProfile: any;
|
|
651
657
|
};
|
|
652
658
|
|
|
@@ -655,7 +661,7 @@ declare type SamlAuthResult = {
|
|
|
655
661
|
*
|
|
656
662
|
* @public
|
|
657
663
|
*/
|
|
658
|
-
|
|
664
|
+
type GcpIapTokenInfo = {
|
|
659
665
|
/**
|
|
660
666
|
* The unique, stable identifier for the user.
|
|
661
667
|
*/
|
|
@@ -675,7 +681,7 @@ declare type GcpIapTokenInfo = {
|
|
|
675
681
|
*
|
|
676
682
|
* @public
|
|
677
683
|
*/
|
|
678
|
-
|
|
684
|
+
type GcpIapResult = {
|
|
679
685
|
/**
|
|
680
686
|
* The data extracted from the IAP token header.
|
|
681
687
|
*/
|
|
@@ -831,7 +837,10 @@ declare const providers: Readonly<{
|
|
|
831
837
|
resolver: SignInResolver<OidcAuthResult>;
|
|
832
838
|
} | undefined;
|
|
833
839
|
} | undefined) => AuthProviderFactory;
|
|
834
|
-
resolvers:
|
|
840
|
+
resolvers: Readonly<{
|
|
841
|
+
emailLocalPartMatchingUserEntityName: () => SignInResolver<unknown>;
|
|
842
|
+
emailMatchingUserEntityProfileEmail: () => SignInResolver<unknown>;
|
|
843
|
+
}>;
|
|
835
844
|
}>;
|
|
836
845
|
okta: Readonly<{
|
|
837
846
|
create: (options?: {
|
|
@@ -866,6 +875,15 @@ declare const providers: Readonly<{
|
|
|
866
875
|
nameIdMatchingUserEntityName(): SignInResolver<SamlAuthResult>;
|
|
867
876
|
}>;
|
|
868
877
|
}>;
|
|
878
|
+
easyAuth: Readonly<{
|
|
879
|
+
create: (options?: {
|
|
880
|
+
authHandler?: AuthHandler<EasyAuthResult> | undefined;
|
|
881
|
+
signIn: {
|
|
882
|
+
resolver: SignInResolver<EasyAuthResult>;
|
|
883
|
+
};
|
|
884
|
+
} | undefined) => AuthProviderFactory;
|
|
885
|
+
resolvers: never;
|
|
886
|
+
}>;
|
|
869
887
|
}>;
|
|
870
888
|
/**
|
|
871
889
|
* All auth provider factories that are installed by default.
|
|
@@ -905,7 +923,7 @@ declare function createAuthProviderIntegration<TCreateOptions extends unknown[],
|
|
|
905
923
|
declare function prepareBackstageIdentityResponse(result: BackstageSignInResult): BackstageIdentityResponse;
|
|
906
924
|
|
|
907
925
|
/** @public */
|
|
908
|
-
|
|
926
|
+
type ProviderFactories = {
|
|
909
927
|
[s: string]: AuthProviderFactory;
|
|
910
928
|
};
|
|
911
929
|
/** @public */
|
|
@@ -930,7 +948,7 @@ declare function createOriginFilter(config: Config): (origin: string) => boolean
|
|
|
930
948
|
*
|
|
931
949
|
* @public
|
|
932
950
|
*/
|
|
933
|
-
|
|
951
|
+
type WebMessageResponse = {
|
|
934
952
|
type: 'authorization_response';
|
|
935
953
|
response: AuthResponse<unknown>;
|
|
936
954
|
} | {
|
|
@@ -986,4 +1004,4 @@ declare class CatalogIdentityClient {
|
|
|
986
1004
|
*/
|
|
987
1005
|
declare function getDefaultOwnershipEntityRefs(entity: Entity): string[];
|
|
988
1006
|
|
|
989
|
-
export { AuthHandler, AuthHandlerResult, AuthProviderConfig, AuthProviderFactory, AuthProviderRouteHandlers, AuthResolverCatalogUserQuery, AuthResolverContext, AuthResponse, AwsAlbResult, BitbucketOAuthResult, BitbucketPassportProfile, BitbucketServerOAuthResult, CatalogIdentityClient, CloudflareAccessClaims, CloudflareAccessGroup, CloudflareAccessIdentityProfile, CloudflareAccessResult, CookieConfigurer, GcpIapResult, GcpIapTokenInfo, GithubOAuthResult, OAuth2ProxyResult, OAuthAdapter, OAuthAdapterOptions, OAuthEnvironmentHandler, OAuthHandlers, OAuthLogoutRequest, OAuthProviderInfo, OAuthProviderOptions, OAuthRefreshRequest, OAuthResponse, OAuthResult, OAuthStartRequest, OAuthStartResponse, OAuthState, OidcAuthResult, ProfileInfo, ProviderFactories, RouterOptions, SamlAuthResult, SignInInfo, SignInResolver, StateEncoder, TokenParams, WebMessageResponse, createAuthProviderIntegration, createOriginFilter, createRouter, defaultAuthProviderFactories, encodeState, ensuresXRequestedWith, getDefaultOwnershipEntityRefs, postMessageResponse, prepareBackstageIdentityResponse, providers, readState, verifyNonce };
|
|
1007
|
+
export { AuthHandler, AuthHandlerResult, AuthProviderConfig, AuthProviderFactory, AuthProviderRouteHandlers, AuthResolverCatalogUserQuery, AuthResolverContext, AuthResponse, AwsAlbResult, BitbucketOAuthResult, BitbucketPassportProfile, BitbucketServerOAuthResult, CatalogIdentityClient, CloudflareAccessClaims, CloudflareAccessGroup, CloudflareAccessIdentityProfile, CloudflareAccessResult, CookieConfigurer, EasyAuthResult, GcpIapResult, GcpIapTokenInfo, GithubOAuthResult, OAuth2ProxyResult, OAuthAdapter, OAuthAdapterOptions, OAuthEnvironmentHandler, OAuthHandlers, OAuthLogoutRequest, OAuthProviderInfo, OAuthProviderOptions, OAuthRefreshRequest, OAuthResponse, OAuthResult, OAuthStartRequest, OAuthStartResponse, OAuthState, OidcAuthResult, ProfileInfo, ProviderFactories, RouterOptions, SamlAuthResult, SignInInfo, SignInResolver, StateEncoder, TokenParams, WebMessageResponse, createAuthProviderIntegration, createOriginFilter, createRouter, defaultAuthProviderFactories, encodeState, ensuresXRequestedWith, getDefaultOwnershipEntityRefs, postMessageResponse, prepareBackstageIdentityResponse, providers, readState, verifyNonce };
|
package/package.json
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@backstage/plugin-auth-backend",
|
|
3
3
|
"description": "A Backstage backend plugin that handles authentication",
|
|
4
|
-
"version": "0.18.2-next.
|
|
4
|
+
"version": "0.18.2-next.3",
|
|
5
5
|
"main": "dist/index.cjs.js",
|
|
6
6
|
"types": "dist/index.d.ts",
|
|
7
7
|
"license": "Apache-2.0",
|
|
@@ -32,12 +32,12 @@
|
|
|
32
32
|
"clean": "backstage-cli package clean"
|
|
33
33
|
},
|
|
34
34
|
"dependencies": {
|
|
35
|
-
"@backstage/backend-common": "^0.18.4-next.
|
|
36
|
-
"@backstage/catalog-client": "^1.4.
|
|
37
|
-
"@backstage/catalog-model": "^1.
|
|
35
|
+
"@backstage/backend-common": "^0.18.4-next.2",
|
|
36
|
+
"@backstage/catalog-client": "^1.4.1-next.1",
|
|
37
|
+
"@backstage/catalog-model": "^1.3.0-next.0",
|
|
38
38
|
"@backstage/config": "^1.0.7",
|
|
39
39
|
"@backstage/errors": "^1.1.5",
|
|
40
|
-
"@backstage/plugin-auth-node": "^0.2.13-next.
|
|
40
|
+
"@backstage/plugin-auth-node": "^0.2.13-next.2",
|
|
41
41
|
"@backstage/types": "^1.0.2",
|
|
42
42
|
"@davidzemon/passport-okta-oauth": "^0.0.5",
|
|
43
43
|
"@google-cloud/firestore": "^6.0.0",
|
|
@@ -76,8 +76,8 @@
|
|
|
76
76
|
"yn": "^4.0.0"
|
|
77
77
|
},
|
|
78
78
|
"devDependencies": {
|
|
79
|
-
"@backstage/backend-test-utils": "^0.1.36-next.
|
|
80
|
-
"@backstage/cli": "^0.22.6-next.
|
|
79
|
+
"@backstage/backend-test-utils": "^0.1.36-next.2",
|
|
80
|
+
"@backstage/cli": "^0.22.6-next.3",
|
|
81
81
|
"@types/body-parser": "^1.19.0",
|
|
82
82
|
"@types/cookie-parser": "^1.4.2",
|
|
83
83
|
"@types/express-session": "^1.17.2",
|