npm - @backstage/plugin-auth-backend - Versions diffs - 0.6.1 → 0.8.0 - Mend

@backstage/plugin-auth-backend 0.6.1 → 0.8.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

package/dist/index.d.ts CHANGED Viewed

@@ -116,17 +116,16 @@ declare type OAuthRefreshRequest = express.Request<{}> & {
  * Any OAuth provider needs to implement this interface which has provider specific
  * handlers for different methods to perform authentication, get access tokens,
  * refresh tokens and perform sign out.
+ *
+ * @public
  */
 interface OAuthHandlers {
     /**
-     * This method initiates a sign in request with an auth provider.
-     * @param {express.Request} req
-     * @param options
+     * Initiate a sign in request with an auth provider.
      */
     start(req: OAuthStartRequest): Promise<RedirectInfo>;
     /**
-     * Handles the redirect from the auth provider when the user has signed in.
-     * @param {express.Request} req
+     * Handle the redirect from the auth provider when the user has signed in.
      */
     handler(req: express.Request): Promise<{
         response: OAuthResponse;
@@ -134,8 +133,6 @@ interface OAuthHandlers {
     }>;
     /**
      * (Optional) Given a refresh token and scope fetches a new access token from the auth provider.
-     * @param {string} refreshToken
-     * @param {string} scope
      */
     refresh?(req: OAuthRefreshRequest): Promise<{
         response: OAuthResponse;
@@ -225,6 +222,16 @@ declare class CatalogIdentityClient {
 declare function getEntityClaims(entity: UserEntity): TokenParams['claims'];
+/**
+ * The context that is used for auth processing.
+ *
+ * @public
+ */
+declare type AuthResolverContext = {
+    tokenIssuer: TokenIssuer;
+    catalogIdentityClient: CatalogIdentityClient;
+    logger: Logger;
+};
 declare type AuthProviderConfig = {
     /**
      * The protocol://domain[:port] where the app is hosted. This is used to construct the
@@ -256,10 +263,10 @@ declare type RedirectInfo = {
  *
  * The routes in the auth backend API are tied to these methods like below
  *
- * /auth/[provider]/start -> start
- * /auth/[provider]/handler/frame -> frameHandler
- * /auth/[provider]/refresh -> refresh
- * /auth/[provider]/logout -> logout
+ * `/auth/[provider]/start -> start`
+ * `/auth/[provider]/handler/frame -> frameHandler`
+ * `/auth/[provider]/refresh -> refresh`
+ * `/auth/[provider]/logout -> logout`
  */
 interface AuthProviderRouteHandlers {
     /**
@@ -270,9 +277,6 @@ interface AuthProviderRouteHandlers {
      * Response
      * - redirect to the auth provider for the user to sign in or consent.
      * - sets a nonce cookie and also pass the nonce as 'state' query parameter in the redirect request
-     *
-     * @param {express.Request} req
-     * @param {express.Response} res
      */
     start(req: express.Request, res: express.Response): Promise<void>;
     /**
@@ -284,9 +288,6 @@ interface AuthProviderRouteHandlers {
      * Response
      * - postMessage to the window with a payload that contains accessToken, expiryInSeconds?, idToken? and scope.
      * - sets a refresh token cookie if the auth provider supports refresh tokens
-     *
-     * @param {express.Request} req
-     * @param {express.Response} res
      */
     frameHandler(req: express.Request, res: express.Response): Promise<void>;
     /**
@@ -297,9 +298,6 @@ interface AuthProviderRouteHandlers {
      * - to contain a refresh token cookie and scope (Optional) query parameter.
      * Response
      * - payload with accessToken, expiryInSeconds?, idToken?, scope and user profile information.
-     *
-     * @param {express.Request} req
-     * @param {express.Response} res
      */
     refresh?(req: express.Request, res: express.Response): Promise<void>;
     /**
@@ -307,9 +305,6 @@ interface AuthProviderRouteHandlers {
      *
      * Response
      * - removes the refresh token cookie
-     *
-     * @param {express.Request} req
-     * @param {express.Response} res
      */
     logout?(req: express.Request, res: express.Response): Promise<void>;
 }
@@ -446,11 +441,7 @@ declare type SignInInfo<TAuthResult> = {
  *
  * @public
  */
-declare type SignInResolver<TAuthResult> = (info: SignInInfo<TAuthResult>, context: {
-    tokenIssuer: TokenIssuer;
-    catalogIdentityClient: CatalogIdentityClient;
-    logger: Logger;
-}) => Promise<BackstageSignInResult>;
+declare type SignInResolver<TAuthResult> = (info: SignInInfo<TAuthResult>, context: AuthResolverContext) => Promise<BackstageSignInResult>;
 /**
  * The return type of an authentication handler. Must contain valid profile
  * information.
@@ -473,7 +464,7 @@ declare type AuthHandlerResult = {
  *
  * @public
  */
-declare type AuthHandler<TAuthResult> = (input: TAuthResult) => Promise<AuthHandlerResult>;
+declare type AuthHandler<TAuthResult> = (input: TAuthResult, context: AuthResolverContext) => Promise<AuthHandlerResult>;
 declare type StateEncoder = (req: OAuthStartRequest) => Promise<{
     encodedState: string;
 }>;
@@ -500,11 +491,12 @@ declare type Options = {
     appOrigin: string;
     tokenIssuer: TokenIssuer;
     isOriginAllowed: (origin: string) => boolean;
+    callbackUrl?: string;
 };
 declare class OAuthAdapter implements AuthProviderRouteHandlers {
     private readonly handlers;
     private readonly options;
-    static fromConfig(config: AuthProviderConfig, handlers: OAuthHandlers, options: Pick<Options, 'providerId' | 'persistScopes' | 'disableRefresh' | 'tokenIssuer'>): OAuthAdapter;
+    static fromConfig(config: AuthProviderConfig, handlers: OAuthHandlers, options: Pick<Options, 'providerId' | 'persistScopes' | 'disableRefresh' | 'tokenIssuer' | 'callbackUrl'>): OAuthAdapter;
     constructor(handlers: OAuthHandlers, options: Options);
     start(req: express.Request, res: express.Response): Promise<void>;
     frameHandler(req: express.Request, res: express.Response): Promise<void>;
@@ -688,7 +680,7 @@ declare type GithubProviderOptions = {
      * Providing your own stateEncoder will allow you to add addition parameters to the state field.
      *
      * It is typed as follows:
-     *   export type StateEncoder = (input: OAuthState) => Promise<{encodedState: string}>;
+     *   `export type StateEncoder = (input: OAuthState) => Promise<{encodedState: string}>;`
      *
      * Note: the stateEncoder must encode a 'nonce' value and an 'env' value. Without this, the OAuth flow will fail
      * (These two values will be set by the req.state by default)
@@ -766,6 +758,49 @@ declare type OAuth2ProviderOptions = {
 };
 declare const createOAuth2Provider: (options?: OAuth2ProviderOptions | undefined) => AuthProviderFactory;
+/**
+ * JWT header extraction result, containing the raw value and the parsed JWT
+ * payload.
+ *
+ * @public
+ */
+declare type OAuth2ProxyResult<JWTPayload> = {
+    /**
+     * Parsed and decoded JWT payload.
+     */
+    fullProfile: JWTPayload;
+    /**
+     * Raw JWT token
+     */
+    accessToken: string;
+};
+/**
+ * Options for the oauth2-proxy provider factory
+ *
+ * @public
+ */
+declare type Oauth2ProxyProviderOptions<JWTPayload> = {
+    /**
+     * Configure an auth handler to generate a profile for the user.
+     */
+    authHandler: AuthHandler<OAuth2ProxyResult<JWTPayload>>;
+    /**
+     * Configure sign-in for this provider, without it the provider can not be used to sign users in.
+     */
+    signIn: {
+        /**
+         * Maps an auth result to a Backstage identity for the user.
+         */
+        resolver: SignInResolver<OAuth2ProxyResult<JWTPayload>>;
+    };
+};
+/**
+ * Factory function for oauth2-proxy auth provider
+ *
+ * @public
+ */
+declare const createOauth2ProxyProvider: <JWTPayload>(options: Oauth2ProxyProviderOptions<JWTPayload>) => AuthProviderFactory;
 /**
  * authentication result for the OIDC which includes the token set and user information (a profile response sent by OIDC server)
  * @public
@@ -960,4 +995,4 @@ declare type WebMessageResponse = {
 declare const postMessageResponse: (res: express.Response, appOrigin: string, response: WebMessageResponse) => void;
 declare const ensuresXRequestedWith: (req: express.Request) => boolean;
-export { AtlassianAuthProvider, AtlassianProviderOptions, Auth0ProviderOptions, AuthHandler, AuthHandlerResult, AuthProviderFactory, AuthProviderFactoryOptions, AuthProviderRouteHandlers, AuthResponse, AwsAlbProviderOptions, BackstageIdentity, BackstageIdentityResponse, BackstageSignInResult, BackstageUserIdentity, BitbucketOAuthResult, BitbucketPassportProfile, BitbucketProviderOptions, CatalogIdentityClient, GcpIapProviderOptions, GcpIapResult, GcpIapTokenInfo, GithubOAuthResult, GithubProviderOptions, GitlabProviderOptions, GoogleProviderOptions, IdentityClient, MicrosoftProviderOptions, OAuth2ProviderOptions, OAuthAdapter, OAuthEnvironmentHandler, OAuthHandlers, OAuthProviderInfo, OAuthProviderOptions, OAuthRefreshRequest, OAuthResponse, OAuthResult, OAuthStartRequest, OAuthState, OidcAuthResult, OidcProviderOptions, OktaProviderOptions, OneLoginProviderOptions, ProfileInfo, RouterOptions, SamlAuthResult, SamlProviderOptions, SignInInfo, SignInResolver, TokenIssuer, WebMessageResponse, bitbucketUserIdSignInResolver, bitbucketUsernameSignInResolver, createAtlassianProvider, createAuth0Provider, createAwsAlbProvider, createBitbucketProvider, createGcpIapProvider, createGithubProvider, createGitlabProvider, createGoogleProvider, createMicrosoftProvider, createOAuth2Provider, createOidcProvider, createOktaProvider, createOneLoginProvider, createOriginFilter, createRouter, createSamlProvider, factories as defaultAuthProviderFactories, encodeState, ensuresXRequestedWith, getEntityClaims, googleEmailSignInResolver, microsoftEmailSignInResolver, oktaEmailSignInResolver, postMessageResponse, prepareBackstageIdentityResponse, readState, verifyNonce };
+export { AtlassianAuthProvider, AtlassianProviderOptions, Auth0ProviderOptions, AuthHandler, AuthHandlerResult, AuthProviderFactory, AuthProviderFactoryOptions, AuthProviderRouteHandlers, AuthResolverContext, AuthResponse, AwsAlbProviderOptions, BackstageIdentity, BackstageIdentityResponse, BackstageSignInResult, BackstageUserIdentity, BitbucketOAuthResult, BitbucketPassportProfile, BitbucketProviderOptions, CatalogIdentityClient, GcpIapProviderOptions, GcpIapResult, GcpIapTokenInfo, GithubOAuthResult, GithubProviderOptions, GitlabProviderOptions, GoogleProviderOptions, IdentityClient, MicrosoftProviderOptions, OAuth2ProviderOptions, OAuth2ProxyResult, OAuthAdapter, OAuthEnvironmentHandler, OAuthHandlers, OAuthProviderInfo, OAuthProviderOptions, OAuthRefreshRequest, OAuthResponse, OAuthResult, OAuthStartRequest, OAuthState, Oauth2ProxyProviderOptions, OidcAuthResult, OidcProviderOptions, OktaProviderOptions, OneLoginProviderOptions, ProfileInfo, RouterOptions, SamlAuthResult, SamlProviderOptions, SignInInfo, SignInResolver, TokenIssuer, WebMessageResponse, bitbucketUserIdSignInResolver, bitbucketUsernameSignInResolver, createAtlassianProvider, createAuth0Provider, createAwsAlbProvider, createBitbucketProvider, createGcpIapProvider, createGithubProvider, createGitlabProvider, createGoogleProvider, createMicrosoftProvider, createOAuth2Provider, createOauth2ProxyProvider, createOidcProvider, createOktaProvider, createOneLoginProvider, createOriginFilter, createRouter, createSamlProvider, factories as defaultAuthProviderFactories, encodeState, ensuresXRequestedWith, getEntityClaims, googleEmailSignInResolver, microsoftEmailSignInResolver, oktaEmailSignInResolver, postMessageResponse, prepareBackstageIdentityResponse, readState, verifyNonce };

package/package.json CHANGED Viewed

@@ -1,7 +1,7 @@
 {
   "name": "@backstage/plugin-auth-backend",
   "description": "A Backstage backend plugin that handles authentication",
-  "version": "0.6.1",
+  "version": "0.8.0",
   "main": "dist/index.cjs.js",
   "types": "dist/index.d.ts",
   "license": "Apache-2.0",
@@ -30,14 +30,13 @@
     "clean": "backstage-cli clean"
   },
   "dependencies": {
-    "@backstage/backend-common": "^0.10.2",
-    "@backstage/catalog-client": "^0.5.3",
-    "@backstage/catalog-model": "^0.9.8",
-    "@backstage/config": "^0.1.11",
-    "@backstage/errors": "^0.1.5",
-    "@backstage/test-utils": "^0.2.1",
+    "@backstage/backend-common": "^0.10.5",
+    "@backstage/catalog-client": "^0.5.5",
+    "@backstage/catalog-model": "^0.9.10",
+    "@backstage/config": "^0.1.13",
+    "@backstage/errors": "^0.2.0",
     "@backstage/types": "^0.1.1",
-    "@google-cloud/firestore": "^4.15.1",
+    "@google-cloud/firestore": "^5.0.2",
     "@types/express": "^4.17.6",
     "@types/passport": "^1.0.3",
     "compression": "^1.7.4",
@@ -74,7 +73,8 @@
     "yn": "^4.0.0"
   },
   "devDependencies": {
-    "@backstage/cli": "^0.10.5",
+    "@backstage/cli": "^0.13.0",
+    "@backstage/test-utils": "^0.2.3",
     "@types/body-parser": "^1.19.0",
     "@types/cookie-parser": "^1.4.2",
     "@types/express-session": "^1.17.2",
@@ -94,5 +94,5 @@
     "config.d.ts"
   ],
   "configSchema": "config.d.ts",
-  "gitHead": "ffdb98aa2973366d48ff1774a7f892bc0c926e7e"
+  "gitHead": "493394603a2c47ea1d141159af9bc7bb84fac9e5"
 }