@backstage/plugin-auth-backend 0.22.4 → 0.22.5-next.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. package/CHANGELOG.md +30 -0
  2. package/dist/index.cjs.js +30 -10
  3. package/dist/index.cjs.js.map +1 -1
  4. package/dist/index.d.ts +3 -2
  5. package/package.json +24 -24
package/CHANGELOG.md CHANGED
@@ -1,5 +1,35 @@
1
1
  # @backstage/plugin-auth-backend
2
2
 
3
+ ## 0.22.5-next.0
4
+
5
+ ### Patch Changes
6
+
7
+ - ea9262b: Allow overriding default ownership resolving with the new `AuthOwnershipResolutionExtensionPoint`
8
+ - Updated dependencies
9
+ - @backstage/catalog-model@1.5.0-next.0
10
+ - @backstage/plugin-auth-backend-module-oidc-provider@0.1.9-next.0
11
+ - @backstage/plugin-auth-node@0.4.13-next.0
12
+ - @backstage/backend-common@0.21.8-next.0
13
+ - @backstage/backend-plugin-api@0.6.18-next.0
14
+ - @backstage/catalog-client@1.6.5-next.0
15
+ - @backstage/plugin-auth-backend-module-azure-easyauth-provider@0.1.1-next.0
16
+ - @backstage/plugin-catalog-node@1.11.2-next.0
17
+ - @backstage/config@1.2.0
18
+ - @backstage/errors@1.2.4
19
+ - @backstage/types@1.1.1
20
+ - @backstage/plugin-auth-backend-module-atlassian-provider@0.1.10-next.0
21
+ - @backstage/plugin-auth-backend-module-aws-alb-provider@0.1.10-next.0
22
+ - @backstage/plugin-auth-backend-module-bitbucket-provider@0.1.1-next.0
23
+ - @backstage/plugin-auth-backend-module-cloudflare-access-provider@0.1.1-next.0
24
+ - @backstage/plugin-auth-backend-module-gcp-iap-provider@0.2.13-next.0
25
+ - @backstage/plugin-auth-backend-module-github-provider@0.1.15-next.0
26
+ - @backstage/plugin-auth-backend-module-gitlab-provider@0.1.15-next.0
27
+ - @backstage/plugin-auth-backend-module-google-provider@0.1.15-next.0
28
+ - @backstage/plugin-auth-backend-module-microsoft-provider@0.1.13-next.0
29
+ - @backstage/plugin-auth-backend-module-oauth2-provider@0.1.15-next.0
30
+ - @backstage/plugin-auth-backend-module-oauth2-proxy-provider@0.1.11-next.0
31
+ - @backstage/plugin-auth-backend-module-okta-provider@0.0.11-next.0
32
+
3
33
  ## 0.22.4
4
34
 
5
35
  ### Patch Changes
package/dist/index.cjs.js CHANGED
@@ -1560,12 +1560,13 @@ function getDefaultOwnershipEntityRefs(entity) {
1560
1560
  return Array.from(/* @__PURE__ */ new Set([catalogModel.stringifyEntityRef(entity), ...membershipRefs]));
1561
1561
  }
1562
1562
  class CatalogAuthResolverContext {
1563
- constructor(logger, tokenIssuer, catalogIdentityClient, catalogApi, auth) {
1563
+ constructor(logger, tokenIssuer, catalogIdentityClient, catalogApi, auth, ownershipResolver) {
1564
1564
  this.logger = logger;
1565
1565
  this.tokenIssuer = tokenIssuer;
1566
1566
  this.catalogIdentityClient = catalogIdentityClient;
1567
1567
  this.catalogApi = catalogApi;
1568
1568
  this.auth = auth;
1569
+ this.ownershipResolver = ownershipResolver;
1569
1570
  }
1570
1571
  static create(options) {
1571
1572
  const catalogIdentityClient = new CatalogIdentityClient({
@@ -1580,7 +1581,8 @@ class CatalogAuthResolverContext {
1580
1581
  options.tokenIssuer,
1581
1582
  catalogIdentityClient,
1582
1583
  options.catalogApi,
1583
- options.auth
1584
+ options.auth,
1585
+ options.ownershipResolver
1584
1586
  );
1585
1587
  }
1586
1588
  async issueToken(params) {
@@ -1641,11 +1643,17 @@ class CatalogAuthResolverContext {
1641
1643
  }
1642
1644
  async signInWithCatalogUser(query) {
1643
1645
  const { entity } = await this.findCatalogUser(query);
1644
- const ownershipRefs = getDefaultOwnershipEntityRefs(entity);
1646
+ let ent;
1647
+ if (this.ownershipResolver) {
1648
+ const { ownershipEntityRefs } = await this.ownershipResolver.resolveOwnershipEntityRefs(entity);
1649
+ ent = ownershipEntityRefs;
1650
+ } else {
1651
+ ent = getDefaultOwnershipEntityRefs(entity);
1652
+ }
1645
1653
  const token = await this.tokenIssuer.issueToken({
1646
1654
  claims: {
1647
1655
  sub: catalogModel.stringifyEntityRef(entity),
1648
- ent: ownershipRefs
1656
+ ent
1649
1657
  }
1650
1658
  });
1651
1659
  return { token };
@@ -1664,7 +1672,8 @@ function bindProviderRouters(targetRouter, options) {
1664
1672
  httpAuth,
1665
1673
  tokenManager,
1666
1674
  tokenIssuer,
1667
- catalogApi
1675
+ catalogApi,
1676
+ ownershipResolver
1668
1677
  } = options;
1669
1678
  const providersConfig = config.getOptionalConfig("auth.providers");
1670
1679
  const isOriginAllowed = createOriginFilter(config);
@@ -1691,7 +1700,8 @@ function bindProviderRouters(targetRouter, options) {
1691
1700
  tokenManager,
1692
1701
  discovery,
1693
1702
  auth,
1694
- httpAuth
1703
+ httpAuth,
1704
+ ownershipResolver
1695
1705
  })
1696
1706
  });
1697
1707
  const r = Router__default.default();
@@ -2005,7 +2015,7 @@ class DatabaseKeyStore {
2005
2015
  var __defProp$2 = Object.defineProperty;
2006
2016
  var __defNormalProp$2 = (obj, key, value) => key in obj ? __defProp$2(obj, key, { enumerable: true, configurable: true, writable: true, value }) : obj[key] = value;
2007
2017
  var __publicField$2 = (obj, key, value) => {
2008
- __defNormalProp$2(obj, typeof key !== "symbol" ? key + "" : key, value);
2018
+ __defNormalProp$2(obj, key + "" , value);
2009
2019
  return value;
2010
2020
  };
2011
2021
  class MemoryKeyStore {
@@ -2257,7 +2267,7 @@ var __accessCheck = (obj, member, msg) => {
2257
2267
  };
2258
2268
  var __privateGet = (obj, member, getter) => {
2259
2269
  __accessCheck(obj, member, "read from private field");
2260
- return getter ? getter.call(obj) : member.get(obj);
2270
+ return member.get(obj);
2261
2271
  };
2262
2272
  var __privateAdd = (obj, member, value) => {
2263
2273
  if (member.has(obj))
@@ -2266,7 +2276,7 @@ var __privateAdd = (obj, member, value) => {
2266
2276
  };
2267
2277
  var __privateSet = (obj, member, value, setter) => {
2268
2278
  __accessCheck(obj, member, "write to private field");
2269
- setter ? setter.call(obj, value) : member.set(obj, value);
2279
+ member.set(obj, value);
2270
2280
  return value;
2271
2281
  };
2272
2282
  var _database, _promise;
@@ -2480,6 +2490,7 @@ const authPlugin = backendPluginApi.createBackendPlugin({
2480
2490
  pluginId: "auth",
2481
2491
  register(reg) {
2482
2492
  const providers = /* @__PURE__ */ new Map();
2493
+ let ownershipResolver = void 0;
2483
2494
  reg.registerExtensionPoint(pluginAuthNode.authProvidersExtensionPoint, {
2484
2495
  registerProvider({ providerId, factory }) {
2485
2496
  if (providers.has(providerId)) {
@@ -2490,6 +2501,14 @@ const authPlugin = backendPluginApi.createBackendPlugin({
2490
2501
  providers.set(providerId, factory);
2491
2502
  }
2492
2503
  });
2504
+ reg.registerExtensionPoint(pluginAuthNode.authOwnershipResolutionExtensionPoint, {
2505
+ setAuthOwnershipResolver(resolver) {
2506
+ if (ownershipResolver) {
2507
+ throw new Error("Auth ownership resolver is already set");
2508
+ }
2509
+ ownershipResolver = resolver;
2510
+ }
2511
+ });
2493
2512
  reg.registerInit({
2494
2513
  deps: {
2495
2514
  httpRouter: backendPluginApi.coreServices.httpRouter,
@@ -2523,7 +2542,8 @@ const authPlugin = backendPluginApi.createBackendPlugin({
2523
2542
  httpAuth,
2524
2543
  catalogApi,
2525
2544
  providerFactories: Object.fromEntries(providers),
2526
- disableDefaultProviderFactories: true
2545
+ disableDefaultProviderFactories: true,
2546
+ ownershipResolver
2527
2547
  });
2528
2548
  httpRouter.addAuthPolicy({
2529
2549
  path: "/",