@backstage/plugin-auth-backend 0.6.2 → 0.7.0-next.0

package/dist/index.d.ts

@@ -222,6 +222,16 @@ declare class CatalogIdentityClient {
 
 declare function getEntityClaims(entity: UserEntity): TokenParams['claims'];
 
+/**
+ * The context that is used for auth processing.
+ *
+ * @public
+ */
+declare type AuthResolverContext = {
+    tokenIssuer: TokenIssuer;
+    catalogIdentityClient: CatalogIdentityClient;
+    logger: Logger;
+};
 declare type AuthProviderConfig = {
     /**
      * The protocol://domain[:port] where the app is hosted. This is used to construct the
@@ -431,11 +441,7 @@ declare type SignInInfo<TAuthResult> = {
  *
  * @public
  */
-declare type SignInResolver<TAuthResult> = (info: SignInInfo<TAuthResult>, context: {
-    tokenIssuer: TokenIssuer;
-    catalogIdentityClient: CatalogIdentityClient;
-    logger: Logger;
-}) => Promise<BackstageSignInResult>;
+declare type SignInResolver<TAuthResult> = (info: SignInInfo<TAuthResult>, context: AuthResolverContext) => Promise<BackstageSignInResult>;
 /**
  * The return type of an authentication handler. Must contain valid profile
  * information.
@@ -458,7 +464,7 @@ declare type AuthHandlerResult = {
  *
  * @public
  */
-declare type AuthHandler<TAuthResult> = (input: TAuthResult) => Promise<AuthHandlerResult>;
+declare type AuthHandler<TAuthResult> = (input: TAuthResult, context: AuthResolverContext) => Promise<AuthHandlerResult>;
 declare type StateEncoder = (req: OAuthStartRequest) => Promise<{
     encodedState: string;
 }>;
@@ -751,6 +757,49 @@ declare type OAuth2ProviderOptions = {
 };
 declare const createOAuth2Provider: (options?: OAuth2ProviderOptions | undefined) => AuthProviderFactory;
 
+/**
+ * JWT header extraction result, containing the raw value and the parsed JWT
+ * payload.
+ *
+ * @public
+ */
+declare type OAuth2ProxyResult<JWTPayload> = {
+    /**
+     * Parsed and decoded JWT payload.
+     */
+    fullProfile: JWTPayload;
+    /**
+     * Raw JWT token
+     */
+    accessToken: string;
+};
+/**
+ * Options for the oauth2-proxy provider factory
+ *
+ * @public
+ */
+declare type Oauth2ProxyProviderOptions<JWTPayload> = {
+    /**
+     * Configure an auth handler to generate a profile for the user.
+     */
+    authHandler: AuthHandler<OAuth2ProxyResult<JWTPayload>>;
+    /**
+     * Configure sign-in for this provider, without it the provider can not be used to sign users in.
+     */
+    signIn: {
+        /**
+         * Maps an auth result to a Backstage identity for the user.
+         */
+        resolver: SignInResolver<OAuth2ProxyResult<JWTPayload>>;
+    };
+};
+/**
+ * Factory function for oauth2-proxy auth provider
+ *
+ * @public
+ */
+declare const createOauth2ProxyProvider: <JWTPayload>(options: Oauth2ProxyProviderOptions<JWTPayload>) => AuthProviderFactory;
+
 /**
  * authentication result for the OIDC which includes the token set and user information (a profile response sent by OIDC server)
  * @public
@@ -945,4 +994,4 @@ declare type WebMessageResponse = {
 declare const postMessageResponse: (res: express.Response, appOrigin: string, response: WebMessageResponse) => void;
 declare const ensuresXRequestedWith: (req: express.Request) => boolean;
 
-export { AtlassianAuthProvider, AtlassianProviderOptions, Auth0ProviderOptions, AuthHandler, AuthHandlerResult, AuthProviderFactory, AuthProviderFactoryOptions, AuthProviderRouteHandlers, AuthResponse, AwsAlbProviderOptions, BackstageIdentity, BackstageIdentityResponse, BackstageSignInResult, BackstageUserIdentity, BitbucketOAuthResult, BitbucketPassportProfile, BitbucketProviderOptions, CatalogIdentityClient, GcpIapProviderOptions, GcpIapResult, GcpIapTokenInfo, GithubOAuthResult, GithubProviderOptions, GitlabProviderOptions, GoogleProviderOptions, IdentityClient, MicrosoftProviderOptions, OAuth2ProviderOptions, OAuthAdapter, OAuthEnvironmentHandler, OAuthHandlers, OAuthProviderInfo, OAuthProviderOptions, OAuthRefreshRequest, OAuthResponse, OAuthResult, OAuthStartRequest, OAuthState, OidcAuthResult, OidcProviderOptions, OktaProviderOptions, OneLoginProviderOptions, ProfileInfo, RouterOptions, SamlAuthResult, SamlProviderOptions, SignInInfo, SignInResolver, TokenIssuer, WebMessageResponse, bitbucketUserIdSignInResolver, bitbucketUsernameSignInResolver, createAtlassianProvider, createAuth0Provider, createAwsAlbProvider, createBitbucketProvider, createGcpIapProvider, createGithubProvider, createGitlabProvider, createGoogleProvider, createMicrosoftProvider, createOAuth2Provider, createOidcProvider, createOktaProvider, createOneLoginProvider, createOriginFilter, createRouter, createSamlProvider, factories as defaultAuthProviderFactories, encodeState, ensuresXRequestedWith, getEntityClaims, googleEmailSignInResolver, microsoftEmailSignInResolver, oktaEmailSignInResolver, postMessageResponse, prepareBackstageIdentityResponse, readState, verifyNonce };
+export { AtlassianAuthProvider, AtlassianProviderOptions, Auth0ProviderOptions, AuthHandler, AuthHandlerResult, AuthProviderFactory, AuthProviderFactoryOptions, AuthProviderRouteHandlers, AuthResolverContext, AuthResponse, AwsAlbProviderOptions, BackstageIdentity, BackstageIdentityResponse, BackstageSignInResult, BackstageUserIdentity, BitbucketOAuthResult, BitbucketPassportProfile, BitbucketProviderOptions, CatalogIdentityClient, GcpIapProviderOptions, GcpIapResult, GcpIapTokenInfo, GithubOAuthResult, GithubProviderOptions, GitlabProviderOptions, GoogleProviderOptions, IdentityClient, MicrosoftProviderOptions, OAuth2ProviderOptions, OAuth2ProxyResult, OAuthAdapter, OAuthEnvironmentHandler, OAuthHandlers, OAuthProviderInfo, OAuthProviderOptions, OAuthRefreshRequest, OAuthResponse, OAuthResult, OAuthStartRequest, OAuthState, Oauth2ProxyProviderOptions, OidcAuthResult, OidcProviderOptions, OktaProviderOptions, OneLoginProviderOptions, ProfileInfo, RouterOptions, SamlAuthResult, SamlProviderOptions, SignInInfo, SignInResolver, TokenIssuer, WebMessageResponse, bitbucketUserIdSignInResolver, bitbucketUsernameSignInResolver, createAtlassianProvider, createAuth0Provider, createAwsAlbProvider, createBitbucketProvider, createGcpIapProvider, createGithubProvider, createGitlabProvider, createGoogleProvider, createMicrosoftProvider, createOAuth2Provider, createOauth2ProxyProvider, createOidcProvider, createOktaProvider, createOneLoginProvider, createOriginFilter, createRouter, createSamlProvider, factories as defaultAuthProviderFactories, encodeState, ensuresXRequestedWith, getEntityClaims, googleEmailSignInResolver, microsoftEmailSignInResolver, oktaEmailSignInResolver, postMessageResponse, prepareBackstageIdentityResponse, readState, verifyNonce };

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@backstage/plugin-auth-backend",
   "description": "A Backstage backend plugin that handles authentication",
-  "version": "0.6.2",
+  "version": "0.7.0-next.0",
   "main": "dist/index.cjs.js",
   "types": "dist/index.d.ts",
   "license": "Apache-2.0",
@@ -30,10 +30,10 @@
     "clean": "backstage-cli clean"
   },
   "dependencies": {
-    "@backstage/backend-common": "^0.10.3",
-    "@backstage/catalog-client": "^0.5.4",
-    "@backstage/catalog-model": "^0.9.9",
-    "@backstage/config": "^0.1.12",
+    "@backstage/backend-common": "^0.10.4-next.0",
+    "@backstage/catalog-client": "^0.5.5-next.0",
+    "@backstage/catalog-model": "^0.9.10-next.0",
+    "@backstage/config": "^0.1.13-next.0",
     "@backstage/errors": "^0.2.0",
     "@backstage/types": "^0.1.1",
     "@google-cloud/firestore": "^4.15.1",
@@ -73,8 +73,8 @@
     "yn": "^4.0.0"
   },
   "devDependencies": {
-    "@backstage/cli": "^0.11.0",
-    "@backstage/test-utils": "^0.2.2",
+    "@backstage/cli": "^0.12.0-next.0",
+    "@backstage/test-utils": "^0.2.3-next.0",
     "@types/body-parser": "^1.19.0",
     "@types/cookie-parser": "^1.4.2",
     "@types/express-session": "^1.17.2",
@@ -94,5 +94,5 @@
     "config.d.ts"
   ],
   "configSchema": "config.d.ts",
-  "gitHead": "da66c61bdd63cdb3f0f0cd2e26dc9e6454d93c7b"
+  "gitHead": "31184691d5a38cb78b091c8f7ad6db80604519a6"
 }