@backstage/plugin-auth-backend 0.4.7 → 0.5.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +68 -0
- package/README.md +6 -6
- package/dist/index.cjs.js +460 -351
- package/dist/index.cjs.js.map +1 -1
- package/dist/index.d.ts +121 -20
- package/package.json +9 -9
package/CHANGELOG.md
CHANGED
|
@@ -1,5 +1,73 @@
|
|
|
1
1
|
# @backstage/plugin-auth-backend
|
|
2
2
|
|
|
3
|
+
## 0.5.0
|
|
4
|
+
|
|
5
|
+
### Minor Changes
|
|
6
|
+
|
|
7
|
+
- a036b65c2f: **BREAKING CHANGE** The `idToken` field of `BackstageIdentity` has been removed, with the `token` taking its place. This means you may need to update existing `signIn.resolver` implementations to return an `token` rather than an `idToken`. This also applies to custom auth providers.
|
|
8
|
+
|
|
9
|
+
The `BackstageIdentity` type has been deprecated and will be removed in the future. Taking its place is the new `BackstageSignInResult` type with the same shape.
|
|
10
|
+
|
|
11
|
+
This change also introduces the new `BackstageIdentityResponse` that mirrors the type with the same name from `@backstage/core-plugin-api`. The `BackstageIdentityResponse` type is different from the `BackstageSignInResult` in that it also has a `identity` field which is of type `BackstageUserIdentity` and is a decoded version of the information within the token.
|
|
12
|
+
|
|
13
|
+
When implementing a custom auth provider that is not based on the `OAuthAdapter` you may need to convert `BackstageSignInResult` into a `BackstageIdentityResponse`, this can be done using the new `prepareBackstageIdentityResponse` function.
|
|
14
|
+
|
|
15
|
+
### Patch Changes
|
|
16
|
+
|
|
17
|
+
- 8f461e6043: Fixes potential bug introduced in `0.4.10` which causes `OAuth2AuthProvider` to authenticate using credentials in both POST payload and headers.
|
|
18
|
+
This might break some stricter OAuth2 implementations so there is now a `includeBasicAuth` config option that can manually be set to `true` to enable this behavior.
|
|
19
|
+
- dcd1a0c3f4: Minor improvement to the API reports, by not unpacking arguments directly
|
|
20
|
+
- Updated dependencies
|
|
21
|
+
- @backstage/test-utils@0.1.24
|
|
22
|
+
- @backstage/backend-common@0.9.13
|
|
23
|
+
|
|
24
|
+
## 0.4.10
|
|
25
|
+
|
|
26
|
+
### Patch Changes
|
|
27
|
+
|
|
28
|
+
- 4bf4111902: Migrated the SAML provider to implement the `authHandler` and `signIn.resolver` options.
|
|
29
|
+
- b055a6addc: Align on usage of `cross-fetch` vs `node-fetch` in frontend vs backend packages, and remove some unnecessary imports of either one of them
|
|
30
|
+
- 36fa32216f: Added signIn and authHandler resolver for oidc provider
|
|
31
|
+
- 7071dce02d: Expose catalog lib in plugin-auth-backend, i.e `CatalogIdentityClient` class is exposed now.
|
|
32
|
+
- 1b69ed44f2: Added custom OAuth2.0 authorization header for generic oauth2 provider.
|
|
33
|
+
- Updated dependencies
|
|
34
|
+
- @backstage/backend-common@0.9.12
|
|
35
|
+
|
|
36
|
+
## 0.4.9
|
|
37
|
+
|
|
38
|
+
### Patch Changes
|
|
39
|
+
|
|
40
|
+
- 9312572360: Switched to using the standardized JSON error responses for all provider endpoints.
|
|
41
|
+
- bab752e2b3: Change default port of backend from 7000 to 7007.
|
|
42
|
+
|
|
43
|
+
This is due to the AirPlay Receiver process occupying port 7000 and preventing local Backstage instances on MacOS to start.
|
|
44
|
+
|
|
45
|
+
You can change the port back to 7000 or any other value by providing an `app-config.yaml` with the following values:
|
|
46
|
+
|
|
47
|
+
```
|
|
48
|
+
backend:
|
|
49
|
+
listen: 0.0.0.0:7123
|
|
50
|
+
baseUrl: http://localhost:7123
|
|
51
|
+
```
|
|
52
|
+
|
|
53
|
+
More information can be found here: https://backstage.io/docs/conf/writing
|
|
54
|
+
|
|
55
|
+
- Updated dependencies
|
|
56
|
+
- @backstage/errors@0.1.5
|
|
57
|
+
- @backstage/backend-common@0.9.11
|
|
58
|
+
- @backstage/test-utils@0.1.23
|
|
59
|
+
|
|
60
|
+
## 0.4.8
|
|
61
|
+
|
|
62
|
+
### Patch Changes
|
|
63
|
+
|
|
64
|
+
- 892c1d9202: Update OAuthAdapter to create identity.token from identity.idToken if it does not exist, and prevent overwrites to identity.toke. Update login page commonProvider to prefer .token over .idToken
|
|
65
|
+
- Updated dependencies
|
|
66
|
+
- @backstage/catalog-client@0.5.2
|
|
67
|
+
- @backstage/catalog-model@0.9.7
|
|
68
|
+
- @backstage/backend-common@0.9.10
|
|
69
|
+
- @backstage/test-utils@0.1.22
|
|
70
|
+
|
|
3
71
|
## 0.4.7
|
|
4
72
|
|
|
5
73
|
### Patch Changes
|
package/README.md
CHANGED
|
@@ -34,7 +34,7 @@ Follow this link, [Create new OAuth App](https://github.com/settings/application
|
|
|
34
34
|
1. Set Application Name to `backstage-dev` or something along those lines.
|
|
35
35
|
1. You can set the Homepage URL to whatever you want to.
|
|
36
36
|
1. The Authorization Callback URL should match the redirect URI set in Backstage.
|
|
37
|
-
1. Set this to `http://localhost:
|
|
37
|
+
1. Set this to `http://localhost:7007/api/auth/github` for local development.
|
|
38
38
|
1. Set this to `http://{APP_FQDN}:{APP_BACKEND_PORT}/api/auth/github` for non-local deployments.
|
|
39
39
|
|
|
40
40
|
```bash
|
|
@@ -58,7 +58,7 @@ Follow this link, [Add new application](https://gitlab.com/-/profile/application
|
|
|
58
58
|
|
|
59
59
|
1. Set Application Name to `backstage-dev` or something along those lines.
|
|
60
60
|
1. The Authorization Callback URL should match the redirect URI set in Backstage.
|
|
61
|
-
1. Set this to `http://localhost:
|
|
61
|
+
1. Set this to `http://localhost:7007/api/auth/gitlab/handler/frame` for local development.
|
|
62
62
|
1. Set this to `http://{APP_FQDN}:{APP_BACKEND_PORT}/api/auth/gitlab/handler/frame` for non-local deployments.
|
|
63
63
|
1. Select the following scopes from the list:
|
|
64
64
|
- [x] `read_user` Grants read-only access to the authenticated user's profile through the /user API endpoint, which includes username, public email, and full name. Also grants access to read-only API endpoints under /users.
|
|
@@ -91,9 +91,9 @@ export AUTH_GITLAB_CLIENT_SECRET=x
|
|
|
91
91
|
|
|
92
92
|
Add a new Okta application using the following URI conventions:
|
|
93
93
|
|
|
94
|
-
Login redirect URI's: `http://localhost:
|
|
95
|
-
Logout redirect URI's: `http://localhost:
|
|
96
|
-
Initiate login URI's: `http://localhost:
|
|
94
|
+
Login redirect URI's: `http://localhost:7007/api/auth/okta/handler/frame`
|
|
95
|
+
Logout redirect URI's: `http://localhost:7007/api/auth/okta/logout`
|
|
96
|
+
Initiate login URI's: `http://localhost:7007/api/auth/okta/start`
|
|
97
97
|
|
|
98
98
|
Then configure the following environment variables to be used in the `app-config.yaml` file:
|
|
99
99
|
|
|
@@ -122,7 +122,7 @@ Click [here](https://portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMe
|
|
|
122
122
|
- Give the app a name. e.g. `backstage-dev`
|
|
123
123
|
- Select `Accounts in this organizational directory only` under supported account types.
|
|
124
124
|
- Enter the callback URL for your backstage backend instance:
|
|
125
|
-
- For local development, this is likely `http://localhost:
|
|
125
|
+
- For local development, this is likely `http://localhost:7007/api/auth/microsoft/handler/frame`
|
|
126
126
|
- For non-local deployments, this will be `https://{APP_FQDN}:{APP_BACKEND_PORT}/auth/microsoft/handler/frame`
|
|
127
127
|
- Click `Register`.
|
|
128
128
|
|