@backstage/plugin-auth-backend 0.5.2 → 0.6.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. package/CHANGELOG.md +40 -0
  2. package/dist/index.cjs.js +1148 -1076
  3. package/dist/index.cjs.js.map +1 -1
  4. package/dist/index.d.ts +138 -96
  5. package/package.json +5 -6
package/dist/index.d.ts CHANGED
@@ -1,10 +1,10 @@
1
1
  /// <reference types="node" />
2
2
  import express from 'express';
3
3
  import { Logger } from 'winston';
4
+ import { Config } from '@backstage/config';
4
5
  import { PluginEndpointDiscovery, PluginDatabaseManager } from '@backstage/backend-common';
5
6
  import { CatalogApi } from '@backstage/catalog-client';
6
7
  import { UserEntity, Entity } from '@backstage/catalog-model';
7
- import { Config } from '@backstage/config';
8
8
  import { Profile } from 'passport';
9
9
  import { JSONWebKey } from 'jose';
10
10
  import { TokenSet, UserinfoResponse } from 'openid-client';
@@ -97,10 +97,6 @@ declare type OAuthProviderInfo = {
97
97
  * Scopes granted for the access token.
98
98
  */
99
99
  scope: string;
100
- /**
101
- * A refresh token issued for the signed in user
102
- */
103
- refreshToken?: string;
104
100
  };
105
101
  declare type OAuthState = {
106
102
  nonce: string;
@@ -140,7 +136,10 @@ interface OAuthHandlers {
140
136
  * @param {string} refreshToken
141
137
  * @param {string} scope
142
138
  */
143
- refresh?(req: OAuthRefreshRequest): Promise<OAuthResponse>;
139
+ refresh?(req: OAuthRefreshRequest): Promise<{
140
+ response: OAuthResponse;
141
+ refreshToken?: string;
142
+ }>;
144
143
  /**
145
144
  * (Optional) Sign out of the auth provider.
146
145
  */
@@ -513,6 +512,134 @@ declare const readState: (stateString: string) => OAuthState;
513
512
  declare const encodeState: (state: OAuthState) => string;
514
513
  declare const verifyNonce: (req: express.Request, providerId: string) => void;
515
514
 
515
+ declare type AtlassianAuthProviderOptions = OAuthProviderOptions & {
516
+ scopes: string;
517
+ signInResolver?: SignInResolver<OAuthResult>;
518
+ authHandler: AuthHandler<OAuthResult>;
519
+ tokenIssuer: TokenIssuer;
520
+ catalogIdentityClient: CatalogIdentityClient;
521
+ logger: Logger;
522
+ };
523
+ declare class AtlassianAuthProvider implements OAuthHandlers {
524
+ private readonly _strategy;
525
+ private readonly signInResolver?;
526
+ private readonly authHandler;
527
+ private readonly tokenIssuer;
528
+ private readonly catalogIdentityClient;
529
+ private readonly logger;
530
+ constructor(options: AtlassianAuthProviderOptions);
531
+ start(req: OAuthStartRequest): Promise<RedirectInfo>;
532
+ handler(req: express.Request): Promise<{
533
+ response: OAuthResponse;
534
+ refreshToken: string | undefined;
535
+ }>;
536
+ private handleResult;
537
+ refresh(req: OAuthRefreshRequest): Promise<{
538
+ response: OAuthResponse;
539
+ refreshToken: string | undefined;
540
+ }>;
541
+ }
542
+ declare type AtlassianProviderOptions = {
543
+ /**
544
+ * The profile transformation function used to verify and convert the auth response
545
+ * into the profile that will be presented to the user.
546
+ */
547
+ authHandler?: AuthHandler<OAuthResult>;
548
+ /**
549
+ * Configure sign-in for this provider, without it the provider can not be used to sign users in.
550
+ */
551
+ signIn?: {
552
+ resolver: SignInResolver<OAuthResult>;
553
+ };
554
+ };
555
+ declare const createAtlassianProvider: (options?: AtlassianProviderOptions | undefined) => AuthProviderFactory;
556
+
557
+ /** @public */
558
+ declare type Auth0ProviderOptions = {
559
+ /**
560
+ * The profile transformation function used to verify and convert the auth response
561
+ * into the profile that will be presented to the user.
562
+ */
563
+ authHandler?: AuthHandler<OAuthResult>;
564
+ /**
565
+ * Configure sign-in for this provider, without it the provider can not be used to sign users in.
566
+ */
567
+ signIn?: {
568
+ /**
569
+ * Maps an auth result to a Backstage identity for the user.
570
+ */
571
+ resolver: SignInResolver<OAuthResult>;
572
+ };
573
+ };
574
+ /** @public */
575
+ declare const createAuth0Provider: (options?: Auth0ProviderOptions | undefined) => AuthProviderFactory;
576
+
577
+ declare type AwsAlbResult = {
578
+ fullProfile: Profile;
579
+ expiresInSeconds?: number;
580
+ accessToken: string;
581
+ };
582
+ declare type AwsAlbProviderOptions = {
583
+ /**
584
+ * The profile transformation function used to verify and convert the auth response
585
+ * into the profile that will be presented to the user.
586
+ */
587
+ authHandler?: AuthHandler<AwsAlbResult>;
588
+ /**
589
+ * Configure sign-in for this provider, without it the provider can not be used to sign users in.
590
+ */
591
+ signIn: {
592
+ /**
593
+ * Maps an auth result to a Backstage identity for the user.
594
+ */
595
+ resolver: SignInResolver<AwsAlbResult>;
596
+ };
597
+ };
598
+ declare const createAwsAlbProvider: (options?: AwsAlbProviderOptions | undefined) => AuthProviderFactory;
599
+
600
+ declare type BitbucketOAuthResult = {
601
+ fullProfile: BitbucketPassportProfile;
602
+ params: {
603
+ id_token?: string;
604
+ scope: string;
605
+ expires_in: number;
606
+ };
607
+ accessToken: string;
608
+ refreshToken?: string;
609
+ };
610
+ declare type BitbucketPassportProfile = Profile & {
611
+ id?: string;
612
+ displayName?: string;
613
+ username?: string;
614
+ avatarUrl?: string;
615
+ _json?: {
616
+ links?: {
617
+ avatar?: {
618
+ href?: string;
619
+ };
620
+ };
621
+ };
622
+ };
623
+ declare const bitbucketUsernameSignInResolver: SignInResolver<BitbucketOAuthResult>;
624
+ declare const bitbucketUserIdSignInResolver: SignInResolver<BitbucketOAuthResult>;
625
+ declare type BitbucketProviderOptions = {
626
+ /**
627
+ * The profile transformation function used to verify and convert the auth response
628
+ * into the profile that will be presented to the user.
629
+ */
630
+ authHandler?: AuthHandler<OAuthResult>;
631
+ /**
632
+ * Configure sign-in for this provider, without it the provider can not be used to sign users in.
633
+ */
634
+ signIn?: {
635
+ /**
636
+ * Maps an auth result to a Backstage identity for the user.
637
+ */
638
+ resolver: SignInResolver<OAuthResult>;
639
+ };
640
+ };
641
+ declare const createBitbucketProvider: (options?: BitbucketProviderOptions | undefined) => AuthProviderFactory;
642
+
516
643
  declare type GithubOAuthResult = {
517
644
  fullProfile: Profile;
518
645
  params: {
@@ -672,32 +799,8 @@ declare type OktaProviderOptions = {
672
799
  };
673
800
  declare const createOktaProvider: (_options?: OktaProviderOptions | undefined) => AuthProviderFactory;
674
801
 
675
- declare type BitbucketOAuthResult = {
676
- fullProfile: BitbucketPassportProfile;
677
- params: {
678
- id_token?: string;
679
- scope: string;
680
- expires_in: number;
681
- };
682
- accessToken: string;
683
- refreshToken?: string;
684
- };
685
- declare type BitbucketPassportProfile = Profile & {
686
- id?: string;
687
- displayName?: string;
688
- username?: string;
689
- avatarUrl?: string;
690
- _json?: {
691
- links?: {
692
- avatar?: {
693
- href?: string;
694
- };
695
- };
696
- };
697
- };
698
- declare const bitbucketUsernameSignInResolver: SignInResolver<BitbucketOAuthResult>;
699
- declare const bitbucketUserIdSignInResolver: SignInResolver<BitbucketOAuthResult>;
700
- declare type BitbucketProviderOptions = {
802
+ /** @public */
803
+ declare type OneLoginProviderOptions = {
701
804
  /**
702
805
  * The profile transformation function used to verify and convert the auth response
703
806
  * into the profile that will be presented to the user.
@@ -713,69 +816,8 @@ declare type BitbucketProviderOptions = {
713
816
  resolver: SignInResolver<OAuthResult>;
714
817
  };
715
818
  };
716
- declare const createBitbucketProvider: (options?: BitbucketProviderOptions | undefined) => AuthProviderFactory;
717
-
718
- declare type AtlassianAuthProviderOptions = OAuthProviderOptions & {
719
- scopes: string;
720
- signInResolver?: SignInResolver<OAuthResult>;
721
- authHandler: AuthHandler<OAuthResult>;
722
- tokenIssuer: TokenIssuer;
723
- catalogIdentityClient: CatalogIdentityClient;
724
- logger: Logger;
725
- };
726
- declare class AtlassianAuthProvider implements OAuthHandlers {
727
- private readonly _strategy;
728
- private readonly signInResolver?;
729
- private readonly authHandler;
730
- private readonly tokenIssuer;
731
- private readonly catalogIdentityClient;
732
- private readonly logger;
733
- constructor(options: AtlassianAuthProviderOptions);
734
- start(req: OAuthStartRequest): Promise<RedirectInfo>;
735
- handler(req: express.Request): Promise<{
736
- response: OAuthResponse;
737
- refreshToken: string;
738
- }>;
739
- private handleResult;
740
- refresh(req: OAuthRefreshRequest): Promise<OAuthResponse>;
741
- }
742
- declare type AtlassianProviderOptions = {
743
- /**
744
- * The profile transformation function used to verify and convert the auth response
745
- * into the profile that will be presented to the user.
746
- */
747
- authHandler?: AuthHandler<OAuthResult>;
748
- /**
749
- * Configure sign-in for this provider, without it the provider can not be used to sign users in.
750
- */
751
- signIn?: {
752
- resolver: SignInResolver<OAuthResult>;
753
- };
754
- };
755
- declare const createAtlassianProvider: (options?: AtlassianProviderOptions | undefined) => AuthProviderFactory;
756
-
757
- declare type AwsAlbResult = {
758
- fullProfile: Profile;
759
- expiresInSeconds?: number;
760
- accessToken: string;
761
- };
762
- declare type AwsAlbProviderOptions = {
763
- /**
764
- * The profile transformation function used to verify and convert the auth response
765
- * into the profile that will be presented to the user.
766
- */
767
- authHandler?: AuthHandler<AwsAlbResult>;
768
- /**
769
- * Configure sign-in for this provider, without it the provider can not be used to sign users in.
770
- */
771
- signIn: {
772
- /**
773
- * Maps an auth result to a Backstage identity for the user.
774
- */
775
- resolver: SignInResolver<AwsAlbResult>;
776
- };
777
- };
778
- declare const createAwsAlbProvider: (options?: AwsAlbProviderOptions | undefined) => AuthProviderFactory;
819
+ /** @public */
820
+ declare const createOneLoginProvider: (options?: OneLoginProviderOptions | undefined) => AuthProviderFactory;
779
821
 
780
822
  /** @public */
781
823
  declare type SamlAuthResult = {
@@ -840,4 +882,4 @@ declare type WebMessageResponse = {
840
882
  declare const postMessageResponse: (res: express.Response, appOrigin: string, response: WebMessageResponse) => void;
841
883
  declare const ensuresXRequestedWith: (req: express.Request) => boolean;
842
884
 
843
- export { AtlassianAuthProvider, AtlassianProviderOptions, AuthHandler, AuthHandlerResult, AuthProviderFactory, AuthProviderFactoryOptions, AuthProviderRouteHandlers, AuthResponse, AwsAlbProviderOptions, BackstageIdentity, BackstageIdentityResponse, BackstageSignInResult, BackstageUserIdentity, BitbucketOAuthResult, BitbucketPassportProfile, BitbucketProviderOptions, CatalogIdentityClient, GithubOAuthResult, GithubProviderOptions, GitlabProviderOptions, GoogleProviderOptions, IdentityClient, MicrosoftProviderOptions, OAuth2ProviderOptions, OAuthAdapter, OAuthEnvironmentHandler, OAuthHandlers, OAuthProviderInfo, OAuthProviderOptions, OAuthRefreshRequest, OAuthResponse, OAuthResult, OAuthStartRequest, OAuthState, OidcAuthResult, OidcProviderOptions, OktaProviderOptions, ProfileInfo, RouterOptions, SamlAuthResult, SamlProviderOptions, SignInInfo, SignInResolver, TokenIssuer, WebMessageResponse, bitbucketUserIdSignInResolver, bitbucketUsernameSignInResolver, createAtlassianProvider, createAwsAlbProvider, createBitbucketProvider, createGithubProvider, createGitlabProvider, createGoogleProvider, createMicrosoftProvider, createOAuth2Provider, createOidcProvider, createOktaProvider, createOriginFilter, createRouter, createSamlProvider, factories as defaultAuthProviderFactories, encodeState, ensuresXRequestedWith, getEntityClaims, googleEmailSignInResolver, microsoftEmailSignInResolver, oktaEmailSignInResolver, postMessageResponse, prepareBackstageIdentityResponse, readState, verifyNonce };
885
+ export { AtlassianAuthProvider, AtlassianProviderOptions, Auth0ProviderOptions, AuthHandler, AuthHandlerResult, AuthProviderFactory, AuthProviderFactoryOptions, AuthProviderRouteHandlers, AuthResponse, AwsAlbProviderOptions, BackstageIdentity, BackstageIdentityResponse, BackstageSignInResult, BackstageUserIdentity, BitbucketOAuthResult, BitbucketPassportProfile, BitbucketProviderOptions, CatalogIdentityClient, GithubOAuthResult, GithubProviderOptions, GitlabProviderOptions, GoogleProviderOptions, IdentityClient, MicrosoftProviderOptions, OAuth2ProviderOptions, OAuthAdapter, OAuthEnvironmentHandler, OAuthHandlers, OAuthProviderInfo, OAuthProviderOptions, OAuthRefreshRequest, OAuthResponse, OAuthResult, OAuthStartRequest, OAuthState, OidcAuthResult, OidcProviderOptions, OktaProviderOptions, OneLoginProviderOptions, ProfileInfo, RouterOptions, SamlAuthResult, SamlProviderOptions, SignInInfo, SignInResolver, TokenIssuer, WebMessageResponse, bitbucketUserIdSignInResolver, bitbucketUsernameSignInResolver, createAtlassianProvider, createAuth0Provider, createAwsAlbProvider, createBitbucketProvider, createGithubProvider, createGitlabProvider, createGoogleProvider, createMicrosoftProvider, createOAuth2Provider, createOidcProvider, createOktaProvider, createOneLoginProvider, createOriginFilter, createRouter, createSamlProvider, factories as defaultAuthProviderFactories, encodeState, ensuresXRequestedWith, getEntityClaims, googleEmailSignInResolver, microsoftEmailSignInResolver, oktaEmailSignInResolver, postMessageResponse, prepareBackstageIdentityResponse, readState, verifyNonce };
package/package.json CHANGED
@@ -1,7 +1,7 @@
1
1
  {
2
2
  "name": "@backstage/plugin-auth-backend",
3
3
  "description": "A Backstage backend plugin that handles authentication",
4
- "version": "0.5.2",
4
+ "version": "0.6.0",
5
5
  "main": "dist/index.cjs.js",
6
6
  "types": "dist/index.d.ts",
7
7
  "license": "Apache-2.0",
@@ -30,12 +30,12 @@
30
30
  "clean": "backstage-cli clean"
31
31
  },
32
32
  "dependencies": {
33
- "@backstage/backend-common": "^0.10.0",
33
+ "@backstage/backend-common": "^0.10.1",
34
34
  "@backstage/catalog-client": "^0.5.3",
35
35
  "@backstage/catalog-model": "^0.9.8",
36
36
  "@backstage/config": "^0.1.11",
37
37
  "@backstage/errors": "^0.1.5",
38
- "@backstage/test-utils": "^0.2.0",
38
+ "@backstage/test-utils": "^0.2.1",
39
39
  "@google-cloud/firestore": "^4.15.1",
40
40
  "@types/express": "^4.17.6",
41
41
  "@types/passport": "^1.0.3",
@@ -46,7 +46,6 @@
46
46
  "express-promise-router": "^4.1.0",
47
47
  "express-session": "^1.17.1",
48
48
  "fs-extra": "9.1.0",
49
- "got": "^11.5.2",
50
49
  "helmet": "^4.0.0",
51
50
  "jose": "^1.27.1",
52
51
  "jwt-decode": "^3.1.0",
@@ -73,7 +72,7 @@
73
72
  "yn": "^4.0.0"
74
73
  },
75
74
  "devDependencies": {
76
- "@backstage/cli": "^0.10.3",
75
+ "@backstage/cli": "^0.10.4",
77
76
  "@types/body-parser": "^1.19.0",
78
77
  "@types/cookie-parser": "^1.4.2",
79
78
  "@types/express-session": "^1.17.2",
@@ -92,5 +91,5 @@
92
91
  "config.d.ts"
93
92
  ],
94
93
  "configSchema": "config.d.ts",
95
- "gitHead": "b315430f9dfcfa19ab0dd90f5b4ac6904938fba7"
94
+ "gitHead": "4b2a8ed96ff427735c872a72c1864321ef698436"
96
95
  }