@backstage/plugin-auth-backend 0.18.4-next.1 → 0.18.4-next.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (4) hide show
  1. package/CHANGELOG.md +8 -0
  2. package/dist/index.cjs.js +18 -16
  3. package/dist/index.cjs.js.map +1 -1
  4. package/package.json +1 -1
package/CHANGELOG.md CHANGED
@@ -1,5 +1,13 @@
1
1
  # @backstage/plugin-auth-backend
2
2
 
3
+ ## 0.18.4-next.2
4
+
5
+ ### Patch Changes
6
+
7
+ - d0f5b0c886c2: Set the expiration time of oidc `idToken` to be less than backstage session expiration time.
8
+ - Updated dependencies
9
+ - @backstage/config@1.0.7
10
+
3
11
  ## 0.18.4-next.1
4
12
 
5
13
  ### Patch Changes
package/dist/index.cjs.js CHANGED
@@ -1449,8 +1449,9 @@ const gcpIap = createAuthProviderIntegration({
1449
1449
  }
1450
1450
  });
1451
1451
 
1452
+ const BACKSTAGE_SESSION_EXPIRATION = 3600;
1453
+
1452
1454
  const ACCESS_TOKEN_PREFIX = "access-token.";
1453
- const BACKSTAGE_SESSION_EXPIRATION$1 = 3600;
1454
1455
  class GithubAuthProvider {
1455
1456
  constructor(options) {
1456
1457
  this.signInResolver = options.signInResolver;
@@ -1544,10 +1545,10 @@ class GithubAuthProvider {
1544
1545
  if (expiresInSeconds) {
1545
1546
  expiresInSeconds = Math.min(
1546
1547
  expiresInSeconds,
1547
- BACKSTAGE_SESSION_EXPIRATION$1
1548
+ BACKSTAGE_SESSION_EXPIRATION
1548
1549
  );
1549
1550
  } else {
1550
- expiresInSeconds = BACKSTAGE_SESSION_EXPIRATION$1;
1551
+ expiresInSeconds = BACKSTAGE_SESSION_EXPIRATION;
1551
1552
  }
1552
1553
  }
1553
1554
  return {
@@ -1872,7 +1873,6 @@ const google = createAuthProviderIntegration({
1872
1873
  }
1873
1874
  });
1874
1875
 
1875
- const BACKSTAGE_SESSION_EXPIRATION = 3600;
1876
1876
  class MicrosoftAuthProvider {
1877
1877
  constructor(options) {
1878
1878
  this.skipUserProfile = (accessToken) => {
@@ -2337,17 +2337,10 @@ class OidcAuthProvider {
2337
2337
  // Then populate the profile with it
2338
2338
  async handleResult(result) {
2339
2339
  const { profile } = await this.authHandler(result, this.resolverContext);
2340
- const response = {
2341
- providerInfo: {
2342
- idToken: result.tokenset.id_token,
2343
- accessToken: result.tokenset.access_token,
2344
- scope: result.tokenset.scope,
2345
- expiresInSeconds: result.tokenset.expires_in
2346
- },
2347
- profile
2348
- };
2340
+ const expiresInSeconds = result.tokenset.expires_in === void 0 ? BACKSTAGE_SESSION_EXPIRATION : Math.min(result.tokenset.expires_in, BACKSTAGE_SESSION_EXPIRATION);
2341
+ let backstageIdentity = void 0;
2349
2342
  if (this.signInResolver) {
2350
- response.backstageIdentity = await this.signInResolver(
2343
+ backstageIdentity = await this.signInResolver(
2351
2344
  {
2352
2345
  result,
2353
2346
  profile
@@ -2355,7 +2348,16 @@ class OidcAuthProvider {
2355
2348
  this.resolverContext
2356
2349
  );
2357
2350
  }
2358
- return response;
2351
+ return {
2352
+ backstageIdentity,
2353
+ providerInfo: {
2354
+ idToken: result.tokenset.id_token,
2355
+ accessToken: result.tokenset.access_token,
2356
+ scope: result.tokenset.scope,
2357
+ expiresInSeconds
2358
+ },
2359
+ profile
2360
+ };
2359
2361
  }
2360
2362
  }
2361
2363
  const oidc = createAuthProviderIntegration({
@@ -3642,7 +3644,7 @@ async function createRouter(options) {
3642
3644
  logger,
3643
3645
  database: authDb
3644
3646
  });
3645
- const keyDurationSeconds = 3600;
3647
+ const keyDurationSeconds = BACKSTAGE_SESSION_EXPIRATION;
3646
3648
  const tokenIssuer = new TokenFactory({
3647
3649
  issuer: authUrl,
3648
3650
  keyStore,