@backstage/plugin-auth-backend 0.4.10 → 0.5.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +21 -0
- package/dist/index.cjs.js +222 -199
- package/dist/index.cjs.js.map +1 -1
- package/dist/index.d.ts +82 -20
- package/package.json +5 -5
package/dist/index.d.ts
CHANGED
|
@@ -70,7 +70,16 @@ declare type OAuthResult = {
|
|
|
70
70
|
accessToken: string;
|
|
71
71
|
refreshToken?: string;
|
|
72
72
|
};
|
|
73
|
-
|
|
73
|
+
/**
|
|
74
|
+
* The expected response from an OAuth flow.
|
|
75
|
+
*
|
|
76
|
+
* @public
|
|
77
|
+
*/
|
|
78
|
+
declare type OAuthResponse = {
|
|
79
|
+
profile: ProfileInfo;
|
|
80
|
+
providerInfo: OAuthProviderInfo;
|
|
81
|
+
backstageIdentity?: BackstageSignInResult;
|
|
82
|
+
};
|
|
74
83
|
declare type OAuthProviderInfo = {
|
|
75
84
|
/**
|
|
76
85
|
* An access token issued for the signed in user.
|
|
@@ -123,7 +132,7 @@ interface OAuthHandlers {
|
|
|
123
132
|
* @param {express.Request} req
|
|
124
133
|
*/
|
|
125
134
|
handler(req: express.Request): Promise<{
|
|
126
|
-
response:
|
|
135
|
+
response: OAuthResponse;
|
|
127
136
|
refreshToken?: string;
|
|
128
137
|
}>;
|
|
129
138
|
/**
|
|
@@ -131,7 +140,7 @@ interface OAuthHandlers {
|
|
|
131
140
|
* @param {string} refreshToken
|
|
132
141
|
* @param {string} scope
|
|
133
142
|
*/
|
|
134
|
-
refresh?(req: OAuthRefreshRequest): Promise<
|
|
143
|
+
refresh?(req: OAuthRefreshRequest): Promise<OAuthResponse>;
|
|
135
144
|
/**
|
|
136
145
|
* (Optional) Sign out of the auth provider.
|
|
137
146
|
*/
|
|
@@ -158,7 +167,7 @@ declare class IdentityClient {
|
|
|
158
167
|
* Returns a BackstageIdentity (user) matching the token.
|
|
159
168
|
* The method throws an error if verification fails.
|
|
160
169
|
*/
|
|
161
|
-
authenticate(token: string | undefined): Promise<
|
|
170
|
+
authenticate(token: string | undefined): Promise<BackstageIdentityResponse>;
|
|
162
171
|
/**
|
|
163
172
|
* Parses the given authorization header and returns
|
|
164
173
|
* the bearer token, or null if no bearer token is given
|
|
@@ -211,7 +220,7 @@ declare class CatalogIdentityClient {
|
|
|
211
220
|
*
|
|
212
221
|
* Returns a superset of the entity names that can be passed directly to `issueToken` as `ent`.
|
|
213
222
|
*/
|
|
214
|
-
resolveCatalogMembership(
|
|
223
|
+
resolveCatalogMembership(query: MemberClaimQuery): Promise<string[]>;
|
|
215
224
|
}
|
|
216
225
|
|
|
217
226
|
declare function getEntityClaims(entity: UserEntity): TokenParams['claims'];
|
|
@@ -317,37 +326,83 @@ declare type AuthProviderFactory = (options: AuthProviderFactoryOptions) => Auth
|
|
|
317
326
|
declare type AuthResponse<ProviderInfo> = {
|
|
318
327
|
providerInfo: ProviderInfo;
|
|
319
328
|
profile: ProfileInfo;
|
|
320
|
-
backstageIdentity?:
|
|
329
|
+
backstageIdentity?: BackstageIdentityResponse;
|
|
321
330
|
};
|
|
322
|
-
|
|
331
|
+
/**
|
|
332
|
+
* User identity information within Backstage.
|
|
333
|
+
*
|
|
334
|
+
* @public
|
|
335
|
+
*/
|
|
336
|
+
declare type BackstageUserIdentity = {
|
|
323
337
|
/**
|
|
324
|
-
*
|
|
325
|
-
*
|
|
326
|
-
* This is typically the same as the user entity `metadata.name`.
|
|
338
|
+
* The type of identity that this structure represents. In the frontend app
|
|
339
|
+
* this will currently always be 'user'.
|
|
327
340
|
*/
|
|
328
|
-
|
|
341
|
+
type: 'user';
|
|
329
342
|
/**
|
|
330
|
-
*
|
|
331
|
-
*
|
|
343
|
+
* The entityRef of the user in the catalog.
|
|
344
|
+
* For example User:default/sandra
|
|
332
345
|
*/
|
|
333
|
-
|
|
346
|
+
userEntityRef: string;
|
|
334
347
|
/**
|
|
335
|
-
* The
|
|
348
|
+
* The user and group entities that the user claims ownership through
|
|
336
349
|
*/
|
|
337
|
-
|
|
350
|
+
ownershipEntityRefs: string[];
|
|
351
|
+
};
|
|
352
|
+
/**
|
|
353
|
+
* A representation of a successful Backstage sign-in.
|
|
354
|
+
*
|
|
355
|
+
* Compared to the {@link BackstageIdentityResponse} this type omits
|
|
356
|
+
* the decoded identity information embedded in the token.
|
|
357
|
+
*
|
|
358
|
+
* @public
|
|
359
|
+
*/
|
|
360
|
+
interface BackstageSignInResult {
|
|
361
|
+
/**
|
|
362
|
+
* An opaque ID that uniquely identifies the user within Backstage.
|
|
363
|
+
*
|
|
364
|
+
* This is typically the same as the user entity `metadata.name`.
|
|
365
|
+
*
|
|
366
|
+
* @deprecated Use the `identity` field instead
|
|
367
|
+
*/
|
|
368
|
+
id: string;
|
|
338
369
|
/**
|
|
339
370
|
* The entity that the user is represented by within Backstage.
|
|
340
371
|
*
|
|
341
372
|
* This entity may or may not exist within the Catalog, and it can be used
|
|
342
373
|
* to read and store additional metadata about the user.
|
|
374
|
+
*
|
|
375
|
+
* @deprecated Use the `identity` field instead.
|
|
343
376
|
*/
|
|
344
377
|
entity?: Entity;
|
|
345
|
-
|
|
378
|
+
/**
|
|
379
|
+
* The token used to authenticate the user within Backstage.
|
|
380
|
+
*/
|
|
381
|
+
token: string;
|
|
382
|
+
}
|
|
383
|
+
/**
|
|
384
|
+
* The old exported symbol for {@link BackstageSignInResult}.
|
|
385
|
+
* @public
|
|
386
|
+
* @deprecated Use the `BackstageSignInResult` type instead.
|
|
387
|
+
*/
|
|
388
|
+
declare type BackstageIdentity = BackstageSignInResult;
|
|
389
|
+
/**
|
|
390
|
+
* Response object containing the {@link BackstageUserIdentity} and the token from the authentication provider.
|
|
391
|
+
* @public
|
|
392
|
+
*/
|
|
393
|
+
interface BackstageIdentityResponse extends BackstageSignInResult {
|
|
394
|
+
/**
|
|
395
|
+
* A plaintext description of the identity that is encapsulated within the token.
|
|
396
|
+
*/
|
|
397
|
+
identity: BackstageUserIdentity;
|
|
398
|
+
}
|
|
346
399
|
/**
|
|
347
400
|
* Used to display login information to user, i.e. sidebar popup.
|
|
348
401
|
*
|
|
349
402
|
* It is also temporarily used as the profile of the signed-in user's Backstage
|
|
350
403
|
* identity, but we want to replace that with data from identity and/org catalog service
|
|
404
|
+
*
|
|
405
|
+
* @public
|
|
351
406
|
*/
|
|
352
407
|
declare type ProfileInfo = {
|
|
353
408
|
/**
|
|
@@ -378,7 +433,7 @@ declare type SignInResolver<AuthResult> = (info: SignInInfo<AuthResult>, context
|
|
|
378
433
|
tokenIssuer: TokenIssuer;
|
|
379
434
|
catalogIdentityClient: CatalogIdentityClient;
|
|
380
435
|
logger: Logger;
|
|
381
|
-
}) => Promise<
|
|
436
|
+
}) => Promise<BackstageSignInResult>;
|
|
382
437
|
declare type AuthHandlerResult = {
|
|
383
438
|
profile: ProfileInfo;
|
|
384
439
|
};
|
|
@@ -719,6 +774,13 @@ declare const factories: {
|
|
|
719
774
|
[providerId: string]: AuthProviderFactory;
|
|
720
775
|
};
|
|
721
776
|
|
|
777
|
+
/**
|
|
778
|
+
* Parses token and decorates the BackstageIdentityResponse with identity information sourced from the token
|
|
779
|
+
*
|
|
780
|
+
* @public
|
|
781
|
+
*/
|
|
782
|
+
declare function prepareBackstageIdentityResponse(result: BackstageSignInResult): BackstageIdentityResponse;
|
|
783
|
+
|
|
722
784
|
declare type ProviderFactories = {
|
|
723
785
|
[s: string]: AuthProviderFactory;
|
|
724
786
|
};
|
|
@@ -729,7 +791,7 @@ interface RouterOptions {
|
|
|
729
791
|
discovery: PluginEndpointDiscovery;
|
|
730
792
|
providerFactories?: ProviderFactories;
|
|
731
793
|
}
|
|
732
|
-
declare function createRouter(
|
|
794
|
+
declare function createRouter(options: RouterOptions): Promise<express.Router>;
|
|
733
795
|
declare function createOriginFilter(config: Config): (origin: string) => boolean;
|
|
734
796
|
|
|
735
797
|
/**
|
|
@@ -747,4 +809,4 @@ declare type WebMessageResponse = {
|
|
|
747
809
|
declare const postMessageResponse: (res: express.Response, appOrigin: string, response: WebMessageResponse) => void;
|
|
748
810
|
declare const ensuresXRequestedWith: (req: express.Request) => boolean;
|
|
749
811
|
|
|
750
|
-
export { AtlassianAuthProvider, AtlassianProviderOptions, AuthProviderFactory, AuthProviderFactoryOptions, AuthProviderRouteHandlers, AuthResponse, AwsAlbProviderOptions, BackstageIdentity, BitbucketOAuthResult, BitbucketPassportProfile, BitbucketProviderOptions, CatalogIdentityClient, GithubOAuthResult, GithubProviderOptions, GitlabProviderOptions, GoogleProviderOptions, IdentityClient, MicrosoftProviderOptions, OAuth2ProviderOptions, OAuthAdapter, OAuthEnvironmentHandler, OAuthHandlers, OAuthProviderInfo, OAuthProviderOptions, OAuthRefreshRequest, OAuthResponse, OAuthResult, OAuthStartRequest, OAuthState, OktaProviderOptions, ProfileInfo, RouterOptions, SamlAuthResult, SamlProviderOptions, TokenIssuer, WebMessageResponse, bitbucketUserIdSignInResolver, bitbucketUsernameSignInResolver, createAtlassianProvider, createAwsAlbProvider, createBitbucketProvider, createGithubProvider, createGitlabProvider, createGoogleProvider, createMicrosoftProvider, createOAuth2Provider, createOidcProvider, createOktaProvider, createOriginFilter, createRouter, createSamlProvider, factories as defaultAuthProviderFactories, encodeState, ensuresXRequestedWith, getEntityClaims, googleEmailSignInResolver, microsoftEmailSignInResolver, oktaEmailSignInResolver, postMessageResponse, readState, verifyNonce };
|
|
812
|
+
export { AtlassianAuthProvider, AtlassianProviderOptions, AuthProviderFactory, AuthProviderFactoryOptions, AuthProviderRouteHandlers, AuthResponse, AwsAlbProviderOptions, BackstageIdentity, BackstageIdentityResponse, BackstageSignInResult, BackstageUserIdentity, BitbucketOAuthResult, BitbucketPassportProfile, BitbucketProviderOptions, CatalogIdentityClient, GithubOAuthResult, GithubProviderOptions, GitlabProviderOptions, GoogleProviderOptions, IdentityClient, MicrosoftProviderOptions, OAuth2ProviderOptions, OAuthAdapter, OAuthEnvironmentHandler, OAuthHandlers, OAuthProviderInfo, OAuthProviderOptions, OAuthRefreshRequest, OAuthResponse, OAuthResult, OAuthStartRequest, OAuthState, OktaProviderOptions, ProfileInfo, RouterOptions, SamlAuthResult, SamlProviderOptions, TokenIssuer, WebMessageResponse, bitbucketUserIdSignInResolver, bitbucketUsernameSignInResolver, createAtlassianProvider, createAwsAlbProvider, createBitbucketProvider, createGithubProvider, createGitlabProvider, createGoogleProvider, createMicrosoftProvider, createOAuth2Provider, createOidcProvider, createOktaProvider, createOriginFilter, createRouter, createSamlProvider, factories as defaultAuthProviderFactories, encodeState, ensuresXRequestedWith, getEntityClaims, googleEmailSignInResolver, microsoftEmailSignInResolver, oktaEmailSignInResolver, postMessageResponse, prepareBackstageIdentityResponse, readState, verifyNonce };
|
package/package.json
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@backstage/plugin-auth-backend",
|
|
3
3
|
"description": "A Backstage backend plugin that handles authentication",
|
|
4
|
-
"version": "0.
|
|
4
|
+
"version": "0.5.0",
|
|
5
5
|
"main": "dist/index.cjs.js",
|
|
6
6
|
"types": "dist/index.d.ts",
|
|
7
7
|
"license": "Apache-2.0",
|
|
@@ -30,12 +30,12 @@
|
|
|
30
30
|
"clean": "backstage-cli clean"
|
|
31
31
|
},
|
|
32
32
|
"dependencies": {
|
|
33
|
-
"@backstage/backend-common": "^0.9.
|
|
33
|
+
"@backstage/backend-common": "^0.9.13",
|
|
34
34
|
"@backstage/catalog-client": "^0.5.2",
|
|
35
35
|
"@backstage/catalog-model": "^0.9.7",
|
|
36
36
|
"@backstage/config": "^0.1.11",
|
|
37
37
|
"@backstage/errors": "^0.1.5",
|
|
38
|
-
"@backstage/test-utils": "^0.1.
|
|
38
|
+
"@backstage/test-utils": "^0.1.24",
|
|
39
39
|
"@google-cloud/firestore": "^4.15.1",
|
|
40
40
|
"@types/express": "^4.17.6",
|
|
41
41
|
"@types/passport": "^1.0.3",
|
|
@@ -73,7 +73,7 @@
|
|
|
73
73
|
"yn": "^4.0.0"
|
|
74
74
|
},
|
|
75
75
|
"devDependencies": {
|
|
76
|
-
"@backstage/cli": "^0.10.
|
|
76
|
+
"@backstage/cli": "^0.10.1",
|
|
77
77
|
"@types/body-parser": "^1.19.0",
|
|
78
78
|
"@types/cookie-parser": "^1.4.2",
|
|
79
79
|
"@types/express-session": "^1.17.2",
|
|
@@ -92,5 +92,5 @@
|
|
|
92
92
|
"config.d.ts"
|
|
93
93
|
],
|
|
94
94
|
"configSchema": "config.d.ts",
|
|
95
|
-
"gitHead": "
|
|
95
|
+
"gitHead": "562be0b43016294e27af3ad024191bb86b13b1c1"
|
|
96
96
|
}
|