@backstage/plugin-auth-backend 0.22.0-next.2 → 0.22.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +54 -0
- package/dist/index.cjs.js +37 -37
- package/dist/index.cjs.js.map +1 -1
- package/dist/index.d.ts +1 -1
- package/package.json +23 -23
package/CHANGELOG.md
CHANGED
|
@@ -1,5 +1,59 @@
|
|
|
1
1
|
# @backstage/plugin-auth-backend
|
|
2
2
|
|
|
3
|
+
## 0.22.1
|
|
4
|
+
|
|
5
|
+
### Patch Changes
|
|
6
|
+
|
|
7
|
+
- Updated dependencies
|
|
8
|
+
- @backstage/plugin-catalog-node@1.9.0
|
|
9
|
+
- @backstage/plugin-auth-backend-module-atlassian-provider@0.1.6
|
|
10
|
+
- @backstage/plugin-auth-backend-module-aws-alb-provider@0.1.6
|
|
11
|
+
- @backstage/plugin-auth-backend-module-github-provider@0.1.11
|
|
12
|
+
- @backstage/plugin-auth-backend-module-gitlab-provider@0.1.11
|
|
13
|
+
- @backstage/plugin-auth-backend-module-google-provider@0.1.11
|
|
14
|
+
- @backstage/plugin-auth-backend-module-microsoft-provider@0.1.9
|
|
15
|
+
- @backstage/plugin-auth-backend-module-oauth2-provider@0.1.11
|
|
16
|
+
- @backstage/plugin-auth-backend-module-oidc-provider@0.1.5
|
|
17
|
+
- @backstage/plugin-auth-backend-module-okta-provider@0.0.7
|
|
18
|
+
|
|
19
|
+
## 0.22.0
|
|
20
|
+
|
|
21
|
+
### Minor Changes
|
|
22
|
+
|
|
23
|
+
- 293c835: Add support for Service Tokens to Cloudflare Access auth provider
|
|
24
|
+
- 492fe83: **BREAKING**: The `CatalogIdentityClient` constructor now also requires the `discovery` service to be forwarded from the plugin environment. This is part of the migration to support the new auth services, which has also been done for the `createRouter` function.
|
|
25
|
+
|
|
26
|
+
### Patch Changes
|
|
27
|
+
|
|
28
|
+
- 999224f: Bump dependency `minimatch` to v9
|
|
29
|
+
- 7c29e7f: Fixed refresh scope to match start method in OneLogin provider.
|
|
30
|
+
- 2af5354: Bump dependency `jose` to v5
|
|
31
|
+
- 38af71a: Updated dependency `google-auth-library` to `^9.0.0`.
|
|
32
|
+
- 0fb419b: Updated dependency `uuid` to `^9.0.0`.
|
|
33
|
+
Updated dependency `@types/uuid` to `^9.0.0`.
|
|
34
|
+
- fa7ea3f: Internal refactor to break out how the router is constructed
|
|
35
|
+
- Updated dependencies
|
|
36
|
+
- @backstage/backend-common@0.21.4
|
|
37
|
+
- @backstage/plugin-auth-node@0.4.9
|
|
38
|
+
- @backstage/config@1.2.0
|
|
39
|
+
- @backstage/errors@1.2.4
|
|
40
|
+
- @backstage/backend-plugin-api@0.6.14
|
|
41
|
+
- @backstage/plugin-auth-backend-module-oidc-provider@0.1.4
|
|
42
|
+
- @backstage/plugin-auth-backend-module-oauth2-proxy-provider@0.1.7
|
|
43
|
+
- @backstage/plugin-auth-backend-module-microsoft-provider@0.1.9
|
|
44
|
+
- @backstage/plugin-auth-backend-module-aws-alb-provider@0.1.5
|
|
45
|
+
- @backstage/plugin-catalog-node@1.8.0
|
|
46
|
+
- @backstage/catalog-client@1.6.1
|
|
47
|
+
- @backstage/plugin-auth-backend-module-gcp-iap-provider@0.2.9
|
|
48
|
+
- @backstage/plugin-auth-backend-module-google-provider@0.1.11
|
|
49
|
+
- @backstage/plugin-auth-backend-module-atlassian-provider@0.1.6
|
|
50
|
+
- @backstage/plugin-auth-backend-module-github-provider@0.1.11
|
|
51
|
+
- @backstage/plugin-auth-backend-module-gitlab-provider@0.1.11
|
|
52
|
+
- @backstage/plugin-auth-backend-module-oauth2-provider@0.1.11
|
|
53
|
+
- @backstage/plugin-auth-backend-module-okta-provider@0.0.7
|
|
54
|
+
- @backstage/catalog-model@1.4.5
|
|
55
|
+
- @backstage/types@1.1.1
|
|
56
|
+
|
|
3
57
|
## 0.22.0-next.2
|
|
4
58
|
|
|
5
59
|
### Patch Changes
|
package/dist/index.cjs.js
CHANGED
|
@@ -44,25 +44,17 @@ var passport = require('passport');
|
|
|
44
44
|
var config = require('@backstage/config');
|
|
45
45
|
var types = require('@backstage/types');
|
|
46
46
|
|
|
47
|
-
function
|
|
47
|
+
function _interopDefaultCompat (e) { return e && typeof e === 'object' && 'default' in e ? e : { default: e }; }
|
|
48
48
|
|
|
49
|
-
var express__default = /*#__PURE__*/
|
|
50
|
-
var Router__default = /*#__PURE__*/
|
|
51
|
-
var cookieParser__default = /*#__PURE__*/
|
|
52
|
-
var Auth0InternalStrategy__default = /*#__PURE__*/
|
|
53
|
-
var crypto__default = /*#__PURE__*/
|
|
54
|
-
var fetch__default = /*#__PURE__*/
|
|
55
|
-
var session__default = /*#__PURE__*/
|
|
56
|
-
var connectSessionKnex__default = /*#__PURE__*/
|
|
57
|
-
var passport__default = /*#__PURE__*/
|
|
58
|
-
|
|
59
|
-
function createAuthProviderIntegration(config) {
|
|
60
|
-
var _a;
|
|
61
|
-
return Object.freeze({
|
|
62
|
-
...config,
|
|
63
|
-
resolvers: Object.freeze((_a = config.resolvers) != null ? _a : {})
|
|
64
|
-
});
|
|
65
|
-
}
|
|
49
|
+
var express__default = /*#__PURE__*/_interopDefaultCompat(express);
|
|
50
|
+
var Router__default = /*#__PURE__*/_interopDefaultCompat(Router);
|
|
51
|
+
var cookieParser__default = /*#__PURE__*/_interopDefaultCompat(cookieParser);
|
|
52
|
+
var Auth0InternalStrategy__default = /*#__PURE__*/_interopDefaultCompat(Auth0InternalStrategy);
|
|
53
|
+
var crypto__default = /*#__PURE__*/_interopDefaultCompat(crypto);
|
|
54
|
+
var fetch__default = /*#__PURE__*/_interopDefaultCompat(fetch);
|
|
55
|
+
var session__default = /*#__PURE__*/_interopDefaultCompat(session);
|
|
56
|
+
var connectSessionKnex__default = /*#__PURE__*/_interopDefaultCompat(connectSessionKnex);
|
|
57
|
+
var passport__default = /*#__PURE__*/_interopDefaultCompat(passport);
|
|
66
58
|
|
|
67
59
|
function adaptLegacyOAuthHandler(authHandler) {
|
|
68
60
|
return authHandler && (async (result, ctx) => authHandler(
|
|
@@ -128,6 +120,14 @@ function adaptOAuthSignInResolverToLegacy(resolvers) {
|
|
|
128
120
|
return legacyResolvers;
|
|
129
121
|
}
|
|
130
122
|
|
|
123
|
+
function createAuthProviderIntegration(config) {
|
|
124
|
+
var _a;
|
|
125
|
+
return Object.freeze({
|
|
126
|
+
...config,
|
|
127
|
+
resolvers: Object.freeze((_a = config.resolvers) != null ? _a : {})
|
|
128
|
+
});
|
|
129
|
+
}
|
|
130
|
+
|
|
131
131
|
const atlassian = createAuthProviderIntegration({
|
|
132
132
|
create(options) {
|
|
133
133
|
var _a;
|
|
@@ -139,7 +139,7 @@ const atlassian = createAuthProviderIntegration({
|
|
|
139
139
|
}
|
|
140
140
|
});
|
|
141
141
|
|
|
142
|
-
class Auth0Strategy extends Auth0InternalStrategy__default
|
|
142
|
+
class Auth0Strategy extends Auth0InternalStrategy__default.default {
|
|
143
143
|
constructor(options, verify) {
|
|
144
144
|
const optionsWithURLs = {
|
|
145
145
|
...options,
|
|
@@ -203,7 +203,7 @@ const postMessageResponse = (res, appOrigin, response) => {
|
|
|
203
203
|
window.close();
|
|
204
204
|
}, 100); // same as the interval of the core-app-api lib/loginPopup.ts (to address race conditions)
|
|
205
205
|
`;
|
|
206
|
-
const hash = crypto__default
|
|
206
|
+
const hash = crypto__default.default.createHash("sha256").update(script).digest("base64");
|
|
207
207
|
res.setHeader("Content-Type", "text/html");
|
|
208
208
|
res.setHeader("X-Frame-Options", "sameorigin");
|
|
209
209
|
res.setHeader("Content-Security-Policy", `script-src 'sha256-${hash}'`);
|
|
@@ -304,7 +304,7 @@ class OAuthAdapter {
|
|
|
304
304
|
throw new errors.InputError("No env provided in request query parameters");
|
|
305
305
|
}
|
|
306
306
|
const cookieConfig = this.getCookieConfig(origin);
|
|
307
|
-
const nonce = crypto__default
|
|
307
|
+
const nonce = crypto__default.default.randomBytes(16).toString("base64");
|
|
308
308
|
this.setNonceCookie(res, nonce, cookieConfig);
|
|
309
309
|
const state = { nonce, env, origin, redirectUrl, flow };
|
|
310
310
|
if (this.options.persistScopes) {
|
|
@@ -965,7 +965,7 @@ class CloudflareAccessAuthProvider {
|
|
|
965
965
|
headers.set(CF_JWT_HEADER, jwt);
|
|
966
966
|
headers.set("cookie", `${COOKIE_AUTH_NAME}=${jwt}`);
|
|
967
967
|
try {
|
|
968
|
-
const res = await fetch__default
|
|
968
|
+
const res = await fetch__default.default(
|
|
969
969
|
`https://${this.teamName}.cloudflareaccess.com/cdn-cgi/access/get-identity`,
|
|
970
970
|
{ headers }
|
|
971
971
|
);
|
|
@@ -1360,7 +1360,7 @@ class OneLoginProvider {
|
|
|
1360
1360
|
const { accessToken, refreshToken, params } = await executeRefreshTokenStrategy(
|
|
1361
1361
|
this._strategy,
|
|
1362
1362
|
req.refreshToken,
|
|
1363
|
-
|
|
1363
|
+
"openid"
|
|
1364
1364
|
);
|
|
1365
1365
|
const fullProfile = await executeFetchUserProfileStrategy(
|
|
1366
1366
|
this._strategy,
|
|
@@ -1630,7 +1630,7 @@ class BitbucketServerAuthProvider {
|
|
|
1630
1630
|
async fetchProfile(result) {
|
|
1631
1631
|
let whoAmIResponse;
|
|
1632
1632
|
try {
|
|
1633
|
-
whoAmIResponse = await fetch__default
|
|
1633
|
+
whoAmIResponse = await fetch__default.default(
|
|
1634
1634
|
`https://${this.host}/plugins/servlet/applinks/whoami`,
|
|
1635
1635
|
{
|
|
1636
1636
|
headers: {
|
|
@@ -1647,7 +1647,7 @@ class BitbucketServerAuthProvider {
|
|
|
1647
1647
|
}
|
|
1648
1648
|
let userResponse;
|
|
1649
1649
|
try {
|
|
1650
|
-
userResponse = await fetch__default
|
|
1650
|
+
userResponse = await fetch__default.default(
|
|
1651
1651
|
`https://${this.host}/rest/api/latest/users/${username}?avatarSize=256`,
|
|
1652
1652
|
{
|
|
1653
1653
|
headers: {
|
|
@@ -2091,7 +2091,7 @@ function bindProviderRouters(targetRouter, options) {
|
|
|
2091
2091
|
httpAuth
|
|
2092
2092
|
})
|
|
2093
2093
|
});
|
|
2094
|
-
const r = Router__default
|
|
2094
|
+
const r = Router__default.default();
|
|
2095
2095
|
r.get("/start", provider.start.bind(provider));
|
|
2096
2096
|
r.get("/handler/frame", provider.frameHandler.bind(provider));
|
|
2097
2097
|
r.post("/handler/frame", provider.frameHandler.bind(provider));
|
|
@@ -2146,7 +2146,7 @@ function createOriginFilter(config) {
|
|
|
2146
2146
|
|
|
2147
2147
|
function bindOidcRouter(targetRouter, options) {
|
|
2148
2148
|
const { baseUrl, tokenIssuer } = options;
|
|
2149
|
-
const router = Router__default
|
|
2149
|
+
const router = Router__default.default();
|
|
2150
2150
|
targetRouter.use(router);
|
|
2151
2151
|
const config = {
|
|
2152
2152
|
issuer: baseUrl,
|
|
@@ -2730,7 +2730,7 @@ async function createRouter(options) {
|
|
|
2730
2730
|
providerFactories = {}
|
|
2731
2731
|
} = options;
|
|
2732
2732
|
const { auth, httpAuth } = backendCommon.createLegacyAuthAdapters(options);
|
|
2733
|
-
const router = Router__default
|
|
2733
|
+
const router = Router__default.default();
|
|
2734
2734
|
const appUrl = config.getString("app.baseUrl");
|
|
2735
2735
|
const authUrl = await discovery.getExternalBaseUrl("auth");
|
|
2736
2736
|
const backstageTokenExpiration = readBackstageTokenExpiration(config);
|
|
@@ -2760,11 +2760,11 @@ async function createRouter(options) {
|
|
|
2760
2760
|
}
|
|
2761
2761
|
const secret = config.getOptionalString("auth.session.secret");
|
|
2762
2762
|
if (secret) {
|
|
2763
|
-
router.use(cookieParser__default
|
|
2763
|
+
router.use(cookieParser__default.default(secret));
|
|
2764
2764
|
const enforceCookieSSL = authUrl.startsWith("https");
|
|
2765
|
-
const KnexSessionStore = connectSessionKnex__default
|
|
2765
|
+
const KnexSessionStore = connectSessionKnex__default.default(session__default.default);
|
|
2766
2766
|
router.use(
|
|
2767
|
-
session__default
|
|
2767
|
+
session__default.default({
|
|
2768
2768
|
secret,
|
|
2769
2769
|
saveUninitialized: false,
|
|
2770
2770
|
resave: false,
|
|
@@ -2775,13 +2775,13 @@ async function createRouter(options) {
|
|
|
2775
2775
|
})
|
|
2776
2776
|
})
|
|
2777
2777
|
);
|
|
2778
|
-
router.use(passport__default
|
|
2779
|
-
router.use(passport__default
|
|
2778
|
+
router.use(passport__default.default.initialize());
|
|
2779
|
+
router.use(passport__default.default.session());
|
|
2780
2780
|
} else {
|
|
2781
|
-
router.use(cookieParser__default
|
|
2781
|
+
router.use(cookieParser__default.default());
|
|
2782
2782
|
}
|
|
2783
|
-
router.use(express__default
|
|
2784
|
-
router.use(express__default
|
|
2783
|
+
router.use(express__default.default.urlencoded({ extended: false }));
|
|
2784
|
+
router.use(express__default.default.json());
|
|
2785
2785
|
const providers = options.disableDefaultProviderFactories ? providerFactories : {
|
|
2786
2786
|
...defaultAuthProviderFactories,
|
|
2787
2787
|
...providerFactories
|
|
@@ -2865,7 +2865,7 @@ exports.OAuthEnvironmentHandler = OAuthEnvironmentHandler;
|
|
|
2865
2865
|
exports.createAuthProviderIntegration = createAuthProviderIntegration;
|
|
2866
2866
|
exports.createOriginFilter = createOriginFilter;
|
|
2867
2867
|
exports.createRouter = createRouter;
|
|
2868
|
-
exports
|
|
2868
|
+
exports.default = authPlugin;
|
|
2869
2869
|
exports.defaultAuthProviderFactories = defaultAuthProviderFactories;
|
|
2870
2870
|
exports.encodeState = encodeState;
|
|
2871
2871
|
exports.ensuresXRequestedWith = ensuresXRequestedWith;
|