npm - @backstage/plugin-auth-backend - Versions diffs - 0.4.3 → 0.4.7 - Mend

@backstage/plugin-auth-backend 0.4.3 → 0.4.7

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

package/dist/index.d.ts CHANGED Viewed

@@ -1,11 +1,12 @@
+/// <reference types="node" />
 import express from 'express';
 import { Logger } from 'winston';
 import { PluginEndpointDiscovery, PluginDatabaseManager } from '@backstage/backend-common';
 import { CatalogApi } from '@backstage/catalog-client';
 import { UserEntity, Entity } from '@backstage/catalog-model';
 import { Config } from '@backstage/config';
-import { JSONWebKey } from 'jose';
 import { Profile } from 'passport';
+import { JSONWebKey } from 'jose';
 /** Represents any form of serializable JWK */
 interface AnyJWK extends Record<string, string> {
@@ -41,6 +42,101 @@ declare type TokenIssuer = {
     }>;
 };
+/**
+ * Common options for passport.js-based OAuth providers
+ */
+declare type OAuthProviderOptions = {
+    /**
+     * Client ID of the auth provider.
+     */
+    clientId: string;
+    /**
+     * Client Secret of the auth provider.
+     */
+    clientSecret: string;
+    /**
+     * Callback URL to be passed to the auth provider to redirect to after the user signs in.
+     */
+    callbackUrl: string;
+};
+declare type OAuthResult = {
+    fullProfile: Profile;
+    params: {
+        id_token?: string;
+        scope: string;
+        expires_in: number;
+    };
+    accessToken: string;
+    refreshToken?: string;
+};
+declare type OAuthResponse = AuthResponse<OAuthProviderInfo>;
+declare type OAuthProviderInfo = {
+    /**
+     * An access token issued for the signed in user.
+     */
+    accessToken: string;
+    /**
+     * (Optional) Id token issued for the signed in user.
+     */
+    idToken?: string;
+    /**
+     * Expiry of the access token in seconds.
+     */
+    expiresInSeconds?: number;
+    /**
+     * Scopes granted for the access token.
+     */
+    scope: string;
+    /**
+     * A refresh token issued for the signed in user
+     */
+    refreshToken?: string;
+};
+declare type OAuthState = {
+    nonce: string;
+    env: string;
+    origin?: string;
+};
+declare type OAuthStartRequest = express.Request<{}> & {
+    scope: string;
+    state: OAuthState;
+};
+declare type OAuthRefreshRequest = express.Request<{}> & {
+    scope: string;
+    refreshToken: string;
+};
+/**
+ * Any OAuth provider needs to implement this interface which has provider specific
+ * handlers for different methods to perform authentication, get access tokens,
+ * refresh tokens and perform sign out.
+ */
+interface OAuthHandlers {
+    /**
+     * This method initiates a sign in request with an auth provider.
+     * @param {express.Request} req
+     * @param options
+     */
+    start(req: OAuthStartRequest): Promise<RedirectInfo>;
+    /**
+     * Handles the redirect from the auth provider when the user has signed in.
+     * @param {express.Request} req
+     */
+    handler(req: express.Request): Promise<{
+        response: AuthResponse<OAuthProviderInfo>;
+        refreshToken?: string;
+    }>;
+    /**
+     * (Optional) Given a refresh token and scope fetches a new access token from the auth provider.
+     * @param {string} refreshToken
+     * @param {string} scope
+     */
+    refresh?(req: OAuthRefreshRequest): Promise<AuthResponse<OAuthProviderInfo>>;
+    /**
+     * (Optional) Sign out of the auth provider.
+     */
+    logout?(): Promise<void>;
+}
 /**
  * A identity client to interact with auth-backend
  * and authenticate backstage identity tokens
@@ -205,16 +301,6 @@ interface AuthProviderRouteHandlers {
      */
     logout?(req: express.Request, res: express.Response): Promise<void>;
 }
-/**
- * EXPERIMENTAL - this will almost certainly break in a future release.
- *
- * Used to resolve an identity from auth information in some auth providers.
- */
-declare type ExperimentalIdentityResolver = (
-/**
- * An object containing information specific to the auth provider.
- */
-payload: object, catalogApi: CatalogApi) => Promise<AuthResponse<any>>;
 declare type AuthProviderFactoryOptions = {
     providerId: string;
     globalConfig: AuthProviderConfig;
@@ -223,7 +309,6 @@ declare type AuthProviderFactoryOptions = {
     tokenIssuer: TokenIssuer;
     discovery: PluginEndpointDiscovery;
     catalogApi: CatalogApi;
-    identityResolver?: ExperimentalIdentityResolver;
 };
 declare type AuthProviderFactory = (options: AuthProviderFactoryOptions) => AuthProviderRouteHandlers;
 declare type AuthResponse<ProviderInfo> = {
@@ -303,6 +388,9 @@ declare type AuthHandlerResult = {
  * possible to use this function as a way to limit access to a certain group of users.
  */
 declare type AuthHandler<AuthResult> = (input: AuthResult) => Promise<AuthHandlerResult>;
+declare type StateEncoder = (req: OAuthStartRequest) => Promise<{
+    encodedState: string;
+}>;
 declare class OAuthEnvironmentHandler implements AuthProviderRouteHandlers {
     private readonly handlers;
@@ -316,101 +404,6 @@ declare class OAuthEnvironmentHandler implements AuthProviderRouteHandlers {
     private getProviderForEnv;
 }
-/**
- * Common options for passport.js-based OAuth providers
- */
-declare type OAuthProviderOptions = {
-    /**
-     * Client ID of the auth provider.
-     */
-    clientId: string;
-    /**
-     * Client Secret of the auth provider.
-     */
-    clientSecret: string;
-    /**
-     * Callback URL to be passed to the auth provider to redirect to after the user signs in.
-     */
-    callbackUrl: string;
-};
-declare type OAuthResult = {
-    fullProfile: Profile;
-    params: {
-        id_token?: string;
-        scope: string;
-        expires_in: number;
-    };
-    accessToken: string;
-    refreshToken?: string;
-};
-declare type OAuthResponse = AuthResponse<OAuthProviderInfo>;
-declare type OAuthProviderInfo = {
-    /**
-     * An access token issued for the signed in user.
-     */
-    accessToken: string;
-    /**
-     * (Optional) Id token issued for the signed in user.
-     */
-    idToken?: string;
-    /**
-     * Expiry of the access token in seconds.
-     */
-    expiresInSeconds?: number;
-    /**
-     * Scopes granted for the access token.
-     */
-    scope: string;
-    /**
-     * A refresh token issued for the signed in user
-     */
-    refreshToken?: string;
-};
-declare type OAuthState = {
-    nonce: string;
-    env: string;
-    origin?: string;
-};
-declare type OAuthStartRequest = express.Request<{}> & {
-    scope: string;
-    state: OAuthState;
-};
-declare type OAuthRefreshRequest = express.Request<{}> & {
-    scope: string;
-    refreshToken: string;
-};
-/**
- * Any OAuth provider needs to implement this interface which has provider specific
- * handlers for different methods to perform authentication, get access tokens,
- * refresh tokens and perform sign out.
- */
-interface OAuthHandlers {
-    /**
-     * This method initiates a sign in request with an auth provider.
-     * @param {express.Request} req
-     * @param options
-     */
-    start(req: OAuthStartRequest): Promise<RedirectInfo>;
-    /**
-     * Handles the redirect from the auth provider when the user has signed in.
-     * @param {express.Request} req
-     */
-    handler(req: express.Request): Promise<{
-        response: AuthResponse<OAuthProviderInfo>;
-        refreshToken?: string;
-    }>;
-    /**
-     * (Optional) Given a refresh token and scope fetches a new access token from the auth provider.
-     * @param {string} refreshToken
-     * @param {string} scope
-     */
-    refresh?(req: OAuthRefreshRequest): Promise<AuthResponse<OAuthProviderInfo>>;
-    /**
-     * (Optional) Sign out of the auth provider.
-     */
-    logout?(): Promise<void>;
-}
 declare type Options = {
     providerId: string;
     secure: boolean;
@@ -472,6 +465,23 @@ declare type GithubProviderOptions = {
          */
         resolver?: SignInResolver<GithubOAuthResult>;
     };
+    /**
+     * The state encoder used to encode the 'state' parameter on the OAuth request.
+     *
+     * It should return a string that takes the state params (from the request), url encodes the params
+     * and finally base64 encodes them.
+     *
+     * Providing your own stateEncoder will allow you to add addition parameters to the state field.
+     *
+     * It is typed as follows:
+     *   export type StateEncoder = (input: OAuthState) => Promise<{encodedState: string}>;
+     *
+     * Note: the stateEncoder must encode a 'nonce' value and an 'env' value. Without this, the OAuth flow will fail
+     * (These two values will be set by the req.state by default)
+     *
+     * For more information, please see the helper module in ../../oauth/helpers #readState
+     */
+    stateEncoder?: StateEncoder;
 };
 declare const createGithubProvider: (options?: GithubProviderOptions | undefined) => AuthProviderFactory;
@@ -604,6 +614,68 @@ declare type BitbucketProviderOptions = {
 };
 declare const createBitbucketProvider: (options?: BitbucketProviderOptions | undefined) => AuthProviderFactory;
+declare type AtlassianAuthProviderOptions = OAuthProviderOptions & {
+    scopes: string;
+    signInResolver?: SignInResolver<OAuthResult>;
+    authHandler: AuthHandler<OAuthResult>;
+    tokenIssuer: TokenIssuer;
+    catalogIdentityClient: CatalogIdentityClient;
+    logger: Logger;
+};
+declare class AtlassianAuthProvider implements OAuthHandlers {
+    private readonly _strategy;
+    private readonly signInResolver?;
+    private readonly authHandler;
+    private readonly tokenIssuer;
+    private readonly catalogIdentityClient;
+    private readonly logger;
+    constructor(options: AtlassianAuthProviderOptions);
+    start(req: OAuthStartRequest): Promise<RedirectInfo>;
+    handler(req: express.Request): Promise<{
+        response: OAuthResponse;
+        refreshToken: string;
+    }>;
+    private handleResult;
+    refresh(req: OAuthRefreshRequest): Promise<OAuthResponse>;
+}
+declare type AtlassianProviderOptions = {
+    /**
+     * The profile transformation function used to verify and convert the auth response
+     * into the profile that will be presented to the user.
+     */
+    authHandler?: AuthHandler<OAuthResult>;
+    /**
+     * Configure sign-in for this provider, without it the provider can not be used to sign users in.
+     */
+    signIn?: {
+        resolver: SignInResolver<OAuthResult>;
+    };
+};
+declare const createAtlassianProvider: (options?: AtlassianProviderOptions | undefined) => AuthProviderFactory;
+declare type AwsAlbResult = {
+    fullProfile: Profile;
+    expiresInSeconds?: number;
+    accessToken: string;
+};
+declare type AwsAlbProviderOptions = {
+    /**
+     * The profile transformation function used to verify and convert the auth response
+     * into the profile that will be presented to the user.
+     */
+    authHandler?: AuthHandler<AwsAlbResult>;
+    /**
+     * Configure sign-in for this provider, without it the provider can not be used to sign users in.
+     */
+    signIn: {
+        /**
+         * Maps an auth result to a Backstage identity for the user.
+         */
+        resolver: SignInResolver<AwsAlbResult>;
+    };
+};
+declare const createAwsAlbProvider: (options?: AwsAlbProviderOptions | undefined) => AuthProviderFactory;
 declare const factories: {
     [providerId: string]: AuthProviderFactory;
 };
@@ -636,4 +708,4 @@ declare type WebMessageResponse = {
 declare const postMessageResponse: (res: express.Response, appOrigin: string, response: WebMessageResponse) => void;
 declare const ensuresXRequestedWith: (req: express.Request) => boolean;
-export { AuthProviderFactory, AuthProviderFactoryOptions, AuthProviderRouteHandlers, AuthResponse, BackstageIdentity, BitbucketOAuthResult, BitbucketPassportProfile, BitbucketProviderOptions, GithubOAuthResult, GithubProviderOptions, GitlabProviderOptions, GoogleProviderOptions, IdentityClient, MicrosoftProviderOptions, OAuth2ProviderOptions, OAuthAdapter, OAuthEnvironmentHandler, OAuthHandlers, OAuthProviderInfo, OAuthProviderOptions, OAuthRefreshRequest, OAuthResponse, OAuthResult, OAuthStartRequest, OAuthState, OktaProviderOptions, ProfileInfo, RouterOptions, TokenIssuer, WebMessageResponse, bitbucketUserIdSignInResolver, bitbucketUsernameSignInResolver, createBitbucketProvider, createGithubProvider, createGitlabProvider, createGoogleProvider, createMicrosoftProvider, createOAuth2Provider, createOktaProvider, createOriginFilter, createRouter, factories as defaultAuthProviderFactories, encodeState, ensuresXRequestedWith, googleEmailSignInResolver, microsoftEmailSignInResolver, oktaEmailSignInResolver, postMessageResponse, readState, verifyNonce };
+export { AtlassianAuthProvider, AtlassianProviderOptions, AuthProviderFactory, AuthProviderFactoryOptions, AuthProviderRouteHandlers, AuthResponse, AwsAlbProviderOptions, BackstageIdentity, BitbucketOAuthResult, BitbucketPassportProfile, BitbucketProviderOptions, GithubOAuthResult, GithubProviderOptions, GitlabProviderOptions, GoogleProviderOptions, IdentityClient, MicrosoftProviderOptions, OAuth2ProviderOptions, OAuthAdapter, OAuthEnvironmentHandler, OAuthHandlers, OAuthProviderInfo, OAuthProviderOptions, OAuthRefreshRequest, OAuthResponse, OAuthResult, OAuthStartRequest, OAuthState, OktaProviderOptions, ProfileInfo, RouterOptions, TokenIssuer, WebMessageResponse, bitbucketUserIdSignInResolver, bitbucketUsernameSignInResolver, createAtlassianProvider, createAwsAlbProvider, createBitbucketProvider, createGithubProvider, createGitlabProvider, createGoogleProvider, createMicrosoftProvider, createOAuth2Provider, createOktaProvider, createOriginFilter, createRouter, factories as defaultAuthProviderFactories, encodeState, ensuresXRequestedWith, googleEmailSignInResolver, microsoftEmailSignInResolver, oktaEmailSignInResolver, postMessageResponse, readState, verifyNonce };

package/package.json CHANGED Viewed

@@ -1,7 +1,7 @@
 {
   "name": "@backstage/plugin-auth-backend",
   "description": "A Backstage backend plugin that handles authentication",
-  "version": "0.4.3",
+  "version": "0.4.7",
   "main": "dist/index.cjs.js",
   "types": "dist/index.d.ts",
   "license": "Apache-2.0",
@@ -30,12 +30,13 @@
     "clean": "backstage-cli clean"
   },
   "dependencies": {
-    "@backstage/backend-common": "^0.9.6",
-    "@backstage/catalog-client": "^0.5.0",
-    "@backstage/catalog-model": "^0.9.4",
-    "@backstage/config": "^0.1.10",
-    "@backstage/errors": "^0.1.1",
-    "@backstage/test-utils": "^0.1.18",
+    "@backstage/backend-common": "^0.9.9",
+    "@backstage/catalog-client": "^0.5.1",
+    "@backstage/catalog-model": "^0.9.6",
+    "@backstage/config": "^0.1.11",
+    "@backstage/errors": "^0.1.4",
+    "@backstage/test-utils": "^0.1.21",
+    "@google-cloud/firestore": "^4.15.1",
     "@types/express": "^4.17.6",
     "@types/passport": "^1.0.3",
     "compression": "^1.7.4",
@@ -72,7 +73,7 @@
     "yn": "^4.0.0"
   },
   "devDependencies": {
-    "@backstage/cli": "^0.7.15",
+    "@backstage/cli": "^0.8.2",
     "@types/body-parser": "^1.19.0",
     "@types/cookie-parser": "^1.4.2",
     "@types/express-session": "^1.17.2",
@@ -83,7 +84,7 @@
     "@types/passport-saml": "^1.1.3",
     "@types/passport-strategy": "^0.2.35",
     "@types/xml2js": "^0.4.7",
-    "msw": "^0.29.0"
+    "msw": "^0.35.0"
   },
   "files": [
     "dist",
@@ -91,5 +92,5 @@
     "config.d.ts"
   ],
   "configSchema": "config.d.ts",
-  "gitHead": "16279cb3284369941e2eaf8b8968da207232cd6d"
+  "gitHead": "5bdaccc40b4a814cf0b45d429f15a3afacc2f60b"
 }