@backstage/plugin-auth-backend 0.22.4 → 0.22.5-next.1

package/CHANGELOG.md

@@ -1,5 +1,59 @@
 # @backstage/plugin-auth-backend
 
+## 0.22.5-next.1
+
+### Patch Changes
+
+- Updated dependencies
+  - @backstage/backend-common@0.22.0-next.1
+  - @backstage/plugin-auth-backend-module-aws-alb-provider@0.1.10-next.1
+  - @backstage/plugin-auth-backend-module-oidc-provider@0.1.9-next.1
+  - @backstage/plugin-auth-node@0.4.13-next.1
+  - @backstage/plugin-auth-backend-module-atlassian-provider@0.1.10-next.1
+  - @backstage/plugin-auth-backend-module-bitbucket-provider@0.1.1-next.1
+  - @backstage/plugin-auth-backend-module-cloudflare-access-provider@0.1.1-next.1
+  - @backstage/plugin-auth-backend-module-github-provider@0.1.15-next.1
+  - @backstage/plugin-auth-backend-module-gitlab-provider@0.1.15-next.1
+  - @backstage/plugin-auth-backend-module-microsoft-provider@0.1.13-next.1
+  - @backstage/plugin-auth-backend-module-oauth2-provider@0.1.15-next.1
+  - @backstage/plugin-auth-backend-module-okta-provider@0.0.11-next.1
+  - @backstage/plugin-auth-backend-module-azure-easyauth-provider@0.1.1-next.1
+  - @backstage/plugin-auth-backend-module-gcp-iap-provider@0.2.13-next.1
+  - @backstage/plugin-auth-backend-module-google-provider@0.1.15-next.1
+  - @backstage/plugin-auth-backend-module-oauth2-proxy-provider@0.1.11-next.1
+  - @backstage/plugin-catalog-node@1.11.2-next.1
+  - @backstage/backend-plugin-api@0.6.18-next.1
+
+## 0.22.5-next.0
+
+### Patch Changes
+
+- ea9262b: Allow overriding default ownership resolving with the new `AuthOwnershipResolutionExtensionPoint`
+- Updated dependencies
+  - @backstage/catalog-model@1.5.0-next.0
+  - @backstage/plugin-auth-backend-module-oidc-provider@0.1.9-next.0
+  - @backstage/plugin-auth-node@0.4.13-next.0
+  - @backstage/backend-common@0.21.8-next.0
+  - @backstage/backend-plugin-api@0.6.18-next.0
+  - @backstage/catalog-client@1.6.5-next.0
+  - @backstage/plugin-auth-backend-module-azure-easyauth-provider@0.1.1-next.0
+  - @backstage/plugin-catalog-node@1.11.2-next.0
+  - @backstage/config@1.2.0
+  - @backstage/errors@1.2.4
+  - @backstage/types@1.1.1
+  - @backstage/plugin-auth-backend-module-atlassian-provider@0.1.10-next.0
+  - @backstage/plugin-auth-backend-module-aws-alb-provider@0.1.10-next.0
+  - @backstage/plugin-auth-backend-module-bitbucket-provider@0.1.1-next.0
+  - @backstage/plugin-auth-backend-module-cloudflare-access-provider@0.1.1-next.0
+  - @backstage/plugin-auth-backend-module-gcp-iap-provider@0.2.13-next.0
+  - @backstage/plugin-auth-backend-module-github-provider@0.1.15-next.0
+  - @backstage/plugin-auth-backend-module-gitlab-provider@0.1.15-next.0
+  - @backstage/plugin-auth-backend-module-google-provider@0.1.15-next.0
+  - @backstage/plugin-auth-backend-module-microsoft-provider@0.1.13-next.0
+  - @backstage/plugin-auth-backend-module-oauth2-provider@0.1.15-next.0
+  - @backstage/plugin-auth-backend-module-oauth2-proxy-provider@0.1.11-next.0
+  - @backstage/plugin-auth-backend-module-okta-provider@0.0.11-next.0
+
 ## 0.22.4
 
 ### Patch Changes

package/dist/index.cjs.js

@@ -1560,12 +1560,13 @@ function getDefaultOwnershipEntityRefs(entity) {
   return Array.from(/* @__PURE__ */ new Set([catalogModel.stringifyEntityRef(entity), ...membershipRefs]));
 }
 class CatalogAuthResolverContext {
-  constructor(logger, tokenIssuer, catalogIdentityClient, catalogApi, auth) {
+  constructor(logger, tokenIssuer, catalogIdentityClient, catalogApi, auth, ownershipResolver) {
     this.logger = logger;
     this.tokenIssuer = tokenIssuer;
     this.catalogIdentityClient = catalogIdentityClient;
     this.catalogApi = catalogApi;
     this.auth = auth;
+    this.ownershipResolver = ownershipResolver;
   }
   static create(options) {
     const catalogIdentityClient = new CatalogIdentityClient({
@@ -1580,7 +1581,8 @@ class CatalogAuthResolverContext {
       options.tokenIssuer,
       catalogIdentityClient,
       options.catalogApi,
-      options.auth
+      options.auth,
+      options.ownershipResolver
     );
   }
   async issueToken(params) {
@@ -1641,11 +1643,17 @@ class CatalogAuthResolverContext {
   }
   async signInWithCatalogUser(query) {
     const { entity } = await this.findCatalogUser(query);
-    const ownershipRefs = getDefaultOwnershipEntityRefs(entity);
+    let ent;
+    if (this.ownershipResolver) {
+      const { ownershipEntityRefs } = await this.ownershipResolver.resolveOwnershipEntityRefs(entity);
+      ent = ownershipEntityRefs;
+    } else {
+      ent = getDefaultOwnershipEntityRefs(entity);
+    }
     const token = await this.tokenIssuer.issueToken({
       claims: {
         sub: catalogModel.stringifyEntityRef(entity),
-        ent: ownershipRefs
+        ent
       }
     });
     return { token };
@@ -1664,7 +1672,8 @@ function bindProviderRouters(targetRouter, options) {
     httpAuth,
     tokenManager,
     tokenIssuer,
-    catalogApi
+    catalogApi,
+    ownershipResolver
   } = options;
   const providersConfig = config.getOptionalConfig("auth.providers");
   const isOriginAllowed = createOriginFilter(config);
@@ -1691,7 +1700,8 @@ function bindProviderRouters(targetRouter, options) {
             tokenManager,
             discovery,
             auth,
-            httpAuth
+            httpAuth,
+            ownershipResolver
           })
         });
         const r = Router__default.default();
@@ -2005,7 +2015,7 @@ class DatabaseKeyStore {
 var __defProp$2 = Object.defineProperty;
 var __defNormalProp$2 = (obj, key, value) => key in obj ? __defProp$2(obj, key, { enumerable: true, configurable: true, writable: true, value }) : obj[key] = value;
 var __publicField$2 = (obj, key, value) => {
-  __defNormalProp$2(obj, typeof key !== "symbol" ? key + "" : key, value);
+  __defNormalProp$2(obj, key + "" , value);
   return value;
 };
 class MemoryKeyStore {
@@ -2257,7 +2267,7 @@ var __accessCheck = (obj, member, msg) => {
 };
 var __privateGet = (obj, member, getter) => {
   __accessCheck(obj, member, "read from private field");
-  return getter ? getter.call(obj) : member.get(obj);
+  return member.get(obj);
 };
 var __privateAdd = (obj, member, value) => {
   if (member.has(obj))
@@ -2266,7 +2276,7 @@ var __privateAdd = (obj, member, value) => {
 };
 var __privateSet = (obj, member, value, setter) => {
   __accessCheck(obj, member, "write to private field");
-  setter ? setter.call(obj, value) : member.set(obj, value);
+  member.set(obj, value);
   return value;
 };
 var _database, _promise;
@@ -2480,6 +2490,7 @@ const authPlugin = backendPluginApi.createBackendPlugin({
   pluginId: "auth",
   register(reg) {
     const providers = /* @__PURE__ */ new Map();
+    let ownershipResolver = void 0;
     reg.registerExtensionPoint(pluginAuthNode.authProvidersExtensionPoint, {
       registerProvider({ providerId, factory }) {
         if (providers.has(providerId)) {
@@ -2490,6 +2501,14 @@ const authPlugin = backendPluginApi.createBackendPlugin({
         providers.set(providerId, factory);
       }
     });
+    reg.registerExtensionPoint(pluginAuthNode.authOwnershipResolutionExtensionPoint, {
+      setAuthOwnershipResolver(resolver) {
+        if (ownershipResolver) {
+          throw new Error("Auth ownership resolver is already set");
+        }
+        ownershipResolver = resolver;
+      }
+    });
     reg.registerInit({
       deps: {
         httpRouter: backendPluginApi.coreServices.httpRouter,
@@ -2523,7 +2542,8 @@ const authPlugin = backendPluginApi.createBackendPlugin({
           httpAuth,
           catalogApi,
           providerFactories: Object.fromEntries(providers),
-          disableDefaultProviderFactories: true
+          disableDefaultProviderFactories: true,
+          ownershipResolver
         });
         httpRouter.addAuthPolicy({
           path: "/",