@backstage/plugin-auth-backend 0.20.0-next.2 → 0.20.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +28 -0
- package/config.d.ts +1 -0
- package/dist/index.cjs.js +15 -7
- package/dist/index.cjs.js.map +1 -1
- package/package.json +14 -14
package/CHANGELOG.md
CHANGED
|
@@ -1,5 +1,33 @@
|
|
|
1
1
|
# @backstage/plugin-auth-backend
|
|
2
2
|
|
|
3
|
+
## 0.20.0
|
|
4
|
+
|
|
5
|
+
### Minor Changes
|
|
6
|
+
|
|
7
|
+
- bdf08ad04a: Adds the StaticTokenIssuer and StaticKeyStore, an alternative token issuer that can be used to sign the Authorization header using a predefined public/private key pair.
|
|
8
|
+
|
|
9
|
+
### Patch Changes
|
|
10
|
+
|
|
11
|
+
- 243c655a68: JSDoc and Error message updates to handle `Azure Active Directory` re-brand to `Entra ID`
|
|
12
|
+
- 013611b42e: `knex` has been bumped to major version 3 and `better-sqlite3` to major version 9, which deprecate node 16 support.
|
|
13
|
+
- f2fc5acca6: Added an optional `additionalScopes` configuration parameter to `okta` providers, that lets you add additional scopes on top of the default ones.
|
|
14
|
+
- 96c4f54bf6: Reverted the Microsoft auth provider to the previous implementation.
|
|
15
|
+
- Updated dependencies
|
|
16
|
+
- @backstage/plugin-catalog-node@1.5.0
|
|
17
|
+
- @backstage/plugin-auth-backend-module-gitlab-provider@0.1.4
|
|
18
|
+
- @backstage/backend-common@0.19.9
|
|
19
|
+
- @backstage/backend-plugin-api@0.6.7
|
|
20
|
+
- @backstage/catalog-client@1.4.6
|
|
21
|
+
- @backstage/catalog-model@1.4.3
|
|
22
|
+
- @backstage/config@1.1.1
|
|
23
|
+
- @backstage/errors@1.2.3
|
|
24
|
+
- @backstage/types@1.1.1
|
|
25
|
+
- @backstage/plugin-auth-backend-module-gcp-iap-provider@0.2.1
|
|
26
|
+
- @backstage/plugin-auth-backend-module-github-provider@0.1.4
|
|
27
|
+
- @backstage/plugin-auth-backend-module-google-provider@0.1.4
|
|
28
|
+
- @backstage/plugin-auth-backend-module-oauth2-provider@0.1.4
|
|
29
|
+
- @backstage/plugin-auth-node@0.4.1
|
|
30
|
+
|
|
3
31
|
## 0.20.0-next.2
|
|
4
32
|
|
|
5
33
|
### Patch Changes
|
package/config.d.ts
CHANGED
package/dist/index.cjs.js
CHANGED
|
@@ -1960,6 +1960,7 @@ class OktaAuthProvider {
|
|
|
1960
1960
|
__publicField$9(this, "signInResolver");
|
|
1961
1961
|
__publicField$9(this, "authHandler");
|
|
1962
1962
|
__publicField$9(this, "resolverContext");
|
|
1963
|
+
__publicField$9(this, "additionalScopes");
|
|
1963
1964
|
/**
|
|
1964
1965
|
* Due to passport-okta-oauth forcing options.state = true,
|
|
1965
1966
|
* passport-oauth2 requires express-session to be installed
|
|
@@ -1979,6 +1980,7 @@ class OktaAuthProvider {
|
|
|
1979
1980
|
this.signInResolver = options.signInResolver;
|
|
1980
1981
|
this.authHandler = options.authHandler;
|
|
1981
1982
|
this.resolverContext = options.resolverContext;
|
|
1983
|
+
this.additionalScopes = options.additionalScopes || "";
|
|
1982
1984
|
this.strategy = new passportOktaOauth.Strategy(
|
|
1983
1985
|
{
|
|
1984
1986
|
clientID: options.clientId,
|
|
@@ -2007,11 +2009,18 @@ class OktaAuthProvider {
|
|
|
2007
2009
|
}
|
|
2008
2010
|
);
|
|
2009
2011
|
}
|
|
2012
|
+
combineScopeStrings(scopesA, scopesB) {
|
|
2013
|
+
const scopesAArray = scopesA.split(" ");
|
|
2014
|
+
const scopesBArray = scopesB.split(" ");
|
|
2015
|
+
const combinedScopes = /* @__PURE__ */ new Set([...scopesAArray, ...scopesBArray]);
|
|
2016
|
+
return Array.from(combinedScopes).join(" ");
|
|
2017
|
+
}
|
|
2010
2018
|
async start(req) {
|
|
2019
|
+
const scope = this.combineScopeStrings(req.scope, this.additionalScopes);
|
|
2011
2020
|
return await executeRedirectStrategy(req, this.strategy, {
|
|
2012
2021
|
accessType: "offline",
|
|
2013
2022
|
prompt: "consent",
|
|
2014
|
-
scope
|
|
2023
|
+
scope,
|
|
2015
2024
|
state: encodeState(req.state)
|
|
2016
2025
|
});
|
|
2017
2026
|
}
|
|
@@ -2023,11 +2032,8 @@ class OktaAuthProvider {
|
|
|
2023
2032
|
};
|
|
2024
2033
|
}
|
|
2025
2034
|
async refresh(req) {
|
|
2026
|
-
const
|
|
2027
|
-
|
|
2028
|
-
req.refreshToken,
|
|
2029
|
-
req.scope
|
|
2030
|
-
);
|
|
2035
|
+
const scope = this.combineScopeStrings(req.scope, this.additionalScopes);
|
|
2036
|
+
const { accessToken, refreshToken, params } = await executeRefreshTokenStrategy(this.strategy, req.refreshToken, scope);
|
|
2031
2037
|
const fullProfile = await executeFetchUserProfileStrategy(
|
|
2032
2038
|
this.strategy,
|
|
2033
2039
|
accessToken
|
|
@@ -2075,6 +2081,7 @@ const okta = createAuthProviderIntegration({
|
|
|
2075
2081
|
const idp = envConfig.getOptionalString("idp");
|
|
2076
2082
|
const customCallbackUrl = envConfig.getOptionalString("callbackUrl");
|
|
2077
2083
|
const callbackUrl = customCallbackUrl || `${globalConfig.baseUrl}/${providerId}/handler/frame`;
|
|
2084
|
+
const additionalScopes = envConfig.getOptionalString("additionalScopes");
|
|
2078
2085
|
if (!audience.startsWith("https://")) {
|
|
2079
2086
|
throw new Error("URL for 'audience' must start with 'https://'.");
|
|
2080
2087
|
}
|
|
@@ -2090,7 +2097,8 @@ const okta = createAuthProviderIntegration({
|
|
|
2090
2097
|
callbackUrl,
|
|
2091
2098
|
authHandler,
|
|
2092
2099
|
signInResolver: (_a = options == null ? void 0 : options.signIn) == null ? void 0 : _a.resolver,
|
|
2093
|
-
resolverContext
|
|
2100
|
+
resolverContext,
|
|
2101
|
+
additionalScopes
|
|
2094
2102
|
});
|
|
2095
2103
|
return OAuthAdapter.fromConfig(globalConfig, provider, {
|
|
2096
2104
|
providerId,
|