@backstage/plugin-auth-backend 0.25.0-next.2 → 0.25.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +49 -0
- package/package.json +13 -13
package/CHANGELOG.md
CHANGED
|
@@ -1,5 +1,54 @@
|
|
|
1
1
|
# @backstage/plugin-auth-backend
|
|
2
2
|
|
|
3
|
+
## 0.25.0
|
|
4
|
+
|
|
5
|
+
### Minor Changes
|
|
6
|
+
|
|
7
|
+
- 57221d9: **BREAKING**: Removed support for the old backend system, and removed all deprecated exports.
|
|
8
|
+
|
|
9
|
+
If you were using one of the deprecated imports from this package, you will have to follow the instructions in their respective deprecation notices before upgrading. Most of the general utilities are available from `@backstage/plugin-auth-node`, and the specific auth providers are available from dedicated packages such as for example `@backstage/plugin-auth-backend-module-github-provider`. See [the auth docs](https://backstage.io/docs/auth/) for specific instructions.
|
|
10
|
+
|
|
11
|
+
### Patch Changes
|
|
12
|
+
|
|
13
|
+
- 0d606ac: Added the configuration flag `auth.omitIdentityTokenOwnershipClaim` that causes issued user tokens to no longer contain the `ent` claim that represents the ownership references of the user.
|
|
14
|
+
|
|
15
|
+
The benefit of this new flag is that issued user tokens will be much smaller in
|
|
16
|
+
size, but they will no longer be self-contained. This means that any consumers
|
|
17
|
+
of the token that require access to the ownership claims now need to call the
|
|
18
|
+
`/api/auth/v1/userinfo` endpoint instead. Within the Backstage ecosystem this is
|
|
19
|
+
done automatically, as clients will still receive the full set of claims during
|
|
20
|
+
authentication, while plugin backends will need to use the `UserInfoService`
|
|
21
|
+
which already calls the user info endpoint if necessary.
|
|
22
|
+
|
|
23
|
+
When enabling this flag, it is important that any custom sign-in resolvers directly return the result of the sign-in method. For example, the following would not work:
|
|
24
|
+
|
|
25
|
+
```ts
|
|
26
|
+
const { token } = await ctx.issueToken({
|
|
27
|
+
claims: { sub: entityRef, ent: [entityRef] },
|
|
28
|
+
});
|
|
29
|
+
return { token }; // WARNING: This will not work with the flag enabled
|
|
30
|
+
```
|
|
31
|
+
|
|
32
|
+
Instead, the sign-in resolver should directly return the result:
|
|
33
|
+
|
|
34
|
+
```ts
|
|
35
|
+
return ctx.issueToken({
|
|
36
|
+
claims: { sub: entityRef, ent: [entityRef] },
|
|
37
|
+
});
|
|
38
|
+
```
|
|
39
|
+
|
|
40
|
+
- 72d019d: Removed various typos
|
|
41
|
+
- ab53e6f: Added support for the new `dangerousEntityRefFallback` option for `signInWithCatalogUser` in `AuthResolverContext`.
|
|
42
|
+
- b128ed9: The `static` key store now issues tokens with the same structure as other key stores. Tokens now include the `typ` field in the header and the `uip` (user identity proof) in the payload.
|
|
43
|
+
- Updated dependencies
|
|
44
|
+
- @backstage/catalog-model@1.7.4
|
|
45
|
+
- @backstage/plugin-catalog-node@1.17.0
|
|
46
|
+
- @backstage/plugin-auth-node@0.6.3
|
|
47
|
+
- @backstage/backend-plugin-api@1.3.1
|
|
48
|
+
- @backstage/config@1.3.2
|
|
49
|
+
- @backstage/errors@1.2.7
|
|
50
|
+
- @backstage/types@1.2.1
|
|
51
|
+
|
|
3
52
|
## 0.25.0-next.2
|
|
4
53
|
|
|
5
54
|
### Patch Changes
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@backstage/plugin-auth-backend",
|
|
3
|
-
"version": "0.25.0
|
|
3
|
+
"version": "0.25.0",
|
|
4
4
|
"description": "A Backstage backend plugin that handles authentication",
|
|
5
5
|
"backstage": {
|
|
6
6
|
"role": "backend-plugin",
|
|
@@ -46,13 +46,13 @@
|
|
|
46
46
|
"test": "backstage-cli package test"
|
|
47
47
|
},
|
|
48
48
|
"dependencies": {
|
|
49
|
-
"@backstage/backend-plugin-api": "1.3.1
|
|
50
|
-
"@backstage/catalog-model": "1.7.
|
|
51
|
-
"@backstage/config": "1.3.2",
|
|
52
|
-
"@backstage/errors": "1.2.7",
|
|
53
|
-
"@backstage/plugin-auth-node": "0.6.3
|
|
54
|
-
"@backstage/plugin-catalog-node": "1.17.0
|
|
55
|
-
"@backstage/types": "1.2.1",
|
|
49
|
+
"@backstage/backend-plugin-api": "^1.3.1",
|
|
50
|
+
"@backstage/catalog-model": "^1.7.4",
|
|
51
|
+
"@backstage/config": "^1.3.2",
|
|
52
|
+
"@backstage/errors": "^1.2.7",
|
|
53
|
+
"@backstage/plugin-auth-node": "^0.6.3",
|
|
54
|
+
"@backstage/plugin-catalog-node": "^1.17.0",
|
|
55
|
+
"@backstage/types": "^1.2.1",
|
|
56
56
|
"@google-cloud/firestore": "^7.0.0",
|
|
57
57
|
"connect-session-knex": "^4.0.0",
|
|
58
58
|
"cookie-parser": "^1.4.5",
|
|
@@ -68,11 +68,11 @@
|
|
|
68
68
|
"uuid": "^11.0.0"
|
|
69
69
|
},
|
|
70
70
|
"devDependencies": {
|
|
71
|
-
"@backstage/backend-defaults": "0.10.0
|
|
72
|
-
"@backstage/backend-test-utils": "1.5.0
|
|
73
|
-
"@backstage/cli": "0.32.1
|
|
74
|
-
"@backstage/plugin-auth-backend-module-google-provider": "0.3.3
|
|
75
|
-
"@backstage/plugin-auth-backend-module-guest-provider": "0.2.8
|
|
71
|
+
"@backstage/backend-defaults": "^0.10.0",
|
|
72
|
+
"@backstage/backend-test-utils": "^1.5.0",
|
|
73
|
+
"@backstage/cli": "^0.32.1",
|
|
74
|
+
"@backstage/plugin-auth-backend-module-google-provider": "^0.3.3",
|
|
75
|
+
"@backstage/plugin-auth-backend-module-guest-provider": "^0.2.8",
|
|
76
76
|
"@types/cookie-parser": "^1.4.2",
|
|
77
77
|
"@types/express": "^4.17.6",
|
|
78
78
|
"@types/express-session": "^1.17.2",
|