npm - @backstage/plugin-auth-backend - Versions diffs - 0.6.2 → 0.9.0-next.0 - Mend

@backstage/plugin-auth-backend 0.6.2 → 0.9.0-next.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

package/dist/index.d.ts CHANGED Viewed

@@ -2,7 +2,7 @@
 import express from 'express';
 import { Logger } from 'winston';
 import { Config } from '@backstage/config';
-import { PluginEndpointDiscovery, PluginDatabaseManager } from '@backstage/backend-common';
+import { TokenManager, PluginEndpointDiscovery, PluginDatabaseManager } from '@backstage/backend-common';
 import { CatalogApi } from '@backstage/catalog-client';
 import { UserEntity, Entity } from '@backstage/catalog-model';
 import { Profile } from 'passport';
@@ -144,6 +144,39 @@ interface OAuthHandlers {
     logout?(): Promise<void>;
 }
+declare type UserQuery = {
+    annotations: Record<string, string>;
+};
+declare type MemberClaimQuery = {
+    entityRefs: string[];
+    logger?: Logger;
+};
+/**
+ * A catalog client tailored for reading out identity data from the catalog.
+ */
+declare class CatalogIdentityClient {
+    private readonly catalogApi;
+    private readonly tokenManager;
+    constructor(options: {
+        catalogApi: CatalogApi;
+        tokenManager: TokenManager;
+    });
+    /**
+     * Looks up a single user using a query.
+     *
+     * Throws a NotFoundError or ConflictError if 0 or multiple users are found.
+     */
+    findUser(query: UserQuery): Promise<UserEntity>;
+    /**
+     * Resolve additional entity claims from the catalog, using the passed-in entity names. Designed
+     * to be used within a `signInResolver` where additional entity claims might be provided, but
+     * group membership and transient group membership lean on imported catalog relations.
+     *
+     * Returns a superset of the entity names that can be passed directly to `issueToken` as `ent`.
+     */
+    resolveCatalogMembership(query: MemberClaimQuery): Promise<string[]>;
+}
 /**
  * A identity client to interact with auth-backend
  * and authenticate backstage identity tokens
@@ -187,41 +220,18 @@ declare class IdentityClient {
     private refreshKeyStore;
 }
-declare type UserQuery = {
-    annotations: Record<string, string>;
-};
-declare type MemberClaimQuery = {
-    entityRefs: string[];
-    logger?: Logger;
-};
-/**
- * A catalog client tailored for reading out identity data from the catalog.
- */
-declare class CatalogIdentityClient {
-    private readonly catalogApi;
-    private readonly tokenIssuer;
-    constructor(options: {
-        catalogApi: CatalogApi;
-        tokenIssuer: TokenIssuer;
-    });
-    /**
-     * Looks up a single user using a query.
-     *
-     * Throws a NotFoundError or ConflictError if 0 or multiple users are found.
-     */
-    findUser(query: UserQuery): Promise<UserEntity>;
-    /**
-     * Resolve additional entity claims from the catalog, using the passed-in entity names. Designed
-     * to be used within a `signInResolver` where additional entity claims might be provided, but
-     * group membership and transient group membership lean on imported catalog relations.
-     *
-     * Returns a superset of the entity names that can be passed directly to `issueToken` as `ent`.
-     */
-    resolveCatalogMembership(query: MemberClaimQuery): Promise<string[]>;
-}
 declare function getEntityClaims(entity: UserEntity): TokenParams['claims'];
+/**
+ * The context that is used for auth processing.
+ *
+ * @public
+ */
+declare type AuthResolverContext = {
+    tokenIssuer: TokenIssuer;
+    catalogIdentityClient: CatalogIdentityClient;
+    logger: Logger;
+};
 declare type AuthProviderConfig = {
     /**
      * The protocol://domain[:port] where the app is hosted. This is used to construct the
@@ -303,6 +313,7 @@ declare type AuthProviderFactoryOptions = {
     globalConfig: AuthProviderConfig;
     config: Config;
     logger: Logger;
+    tokenManager: TokenManager;
     tokenIssuer: TokenIssuer;
     discovery: PluginEndpointDiscovery;
     catalogApi: CatalogApi;
@@ -431,11 +442,7 @@ declare type SignInInfo<TAuthResult> = {
  *
  * @public
  */
-declare type SignInResolver<TAuthResult> = (info: SignInInfo<TAuthResult>, context: {
-    tokenIssuer: TokenIssuer;
-    catalogIdentityClient: CatalogIdentityClient;
-    logger: Logger;
-}) => Promise<BackstageSignInResult>;
+declare type SignInResolver<TAuthResult> = (info: SignInInfo<TAuthResult>, context: AuthResolverContext) => Promise<BackstageSignInResult>;
 /**
  * The return type of an authentication handler. Must contain valid profile
  * information.
@@ -458,7 +465,7 @@ declare type AuthHandlerResult = {
  *
  * @public
  */
-declare type AuthHandler<TAuthResult> = (input: TAuthResult) => Promise<AuthHandlerResult>;
+declare type AuthHandler<TAuthResult> = (input: TAuthResult, context: AuthResolverContext) => Promise<AuthHandlerResult>;
 declare type StateEncoder = (req: OAuthStartRequest) => Promise<{
     encodedState: string;
 }>;
@@ -485,11 +492,12 @@ declare type Options = {
     appOrigin: string;
     tokenIssuer: TokenIssuer;
     isOriginAllowed: (origin: string) => boolean;
+    callbackUrl?: string;
 };
 declare class OAuthAdapter implements AuthProviderRouteHandlers {
     private readonly handlers;
     private readonly options;
-    static fromConfig(config: AuthProviderConfig, handlers: OAuthHandlers, options: Pick<Options, 'providerId' | 'persistScopes' | 'disableRefresh' | 'tokenIssuer'>): OAuthAdapter;
+    static fromConfig(config: AuthProviderConfig, handlers: OAuthHandlers, options: Pick<Options, 'providerId' | 'persistScopes' | 'disableRefresh' | 'tokenIssuer' | 'callbackUrl'>): OAuthAdapter;
     constructor(handlers: OAuthHandlers, options: Options);
     start(req: express.Request, res: express.Response): Promise<void>;
     frameHandler(req: express.Request, res: express.Response): Promise<void>;
@@ -751,6 +759,49 @@ declare type OAuth2ProviderOptions = {
 };
 declare const createOAuth2Provider: (options?: OAuth2ProviderOptions | undefined) => AuthProviderFactory;
+/**
+ * JWT header extraction result, containing the raw value and the parsed JWT
+ * payload.
+ *
+ * @public
+ */
+declare type OAuth2ProxyResult<JWTPayload> = {
+    /**
+     * Parsed and decoded JWT payload.
+     */
+    fullProfile: JWTPayload;
+    /**
+     * Raw JWT token
+     */
+    accessToken: string;
+};
+/**
+ * Options for the oauth2-proxy provider factory
+ *
+ * @public
+ */
+declare type Oauth2ProxyProviderOptions<JWTPayload> = {
+    /**
+     * Configure an auth handler to generate a profile for the user.
+     */
+    authHandler: AuthHandler<OAuth2ProxyResult<JWTPayload>>;
+    /**
+     * Configure sign-in for this provider, without it the provider can not be used to sign users in.
+     */
+    signIn: {
+        /**
+         * Maps an auth result to a Backstage identity for the user.
+         */
+        resolver: SignInResolver<OAuth2ProxyResult<JWTPayload>>;
+    };
+};
+/**
+ * Factory function for oauth2-proxy auth provider
+ *
+ * @public
+ */
+declare const createOauth2ProxyProvider: <JWTPayload>(options: Oauth2ProxyProviderOptions<JWTPayload>) => AuthProviderFactory;
 /**
  * authentication result for the OIDC which includes the token set and user information (a profile response sent by OIDC server)
  * @public
@@ -925,6 +976,7 @@ interface RouterOptions {
     database: PluginDatabaseManager;
     config: Config;
     discovery: PluginEndpointDiscovery;
+    tokenManager: TokenManager;
     providerFactories?: ProviderFactories;
 }
 declare function createRouter(options: RouterOptions): Promise<express.Router>;
@@ -945,4 +997,4 @@ declare type WebMessageResponse = {
 declare const postMessageResponse: (res: express.Response, appOrigin: string, response: WebMessageResponse) => void;
 declare const ensuresXRequestedWith: (req: express.Request) => boolean;
-export { AtlassianAuthProvider, AtlassianProviderOptions, Auth0ProviderOptions, AuthHandler, AuthHandlerResult, AuthProviderFactory, AuthProviderFactoryOptions, AuthProviderRouteHandlers, AuthResponse, AwsAlbProviderOptions, BackstageIdentity, BackstageIdentityResponse, BackstageSignInResult, BackstageUserIdentity, BitbucketOAuthResult, BitbucketPassportProfile, BitbucketProviderOptions, CatalogIdentityClient, GcpIapProviderOptions, GcpIapResult, GcpIapTokenInfo, GithubOAuthResult, GithubProviderOptions, GitlabProviderOptions, GoogleProviderOptions, IdentityClient, MicrosoftProviderOptions, OAuth2ProviderOptions, OAuthAdapter, OAuthEnvironmentHandler, OAuthHandlers, OAuthProviderInfo, OAuthProviderOptions, OAuthRefreshRequest, OAuthResponse, OAuthResult, OAuthStartRequest, OAuthState, OidcAuthResult, OidcProviderOptions, OktaProviderOptions, OneLoginProviderOptions, ProfileInfo, RouterOptions, SamlAuthResult, SamlProviderOptions, SignInInfo, SignInResolver, TokenIssuer, WebMessageResponse, bitbucketUserIdSignInResolver, bitbucketUsernameSignInResolver, createAtlassianProvider, createAuth0Provider, createAwsAlbProvider, createBitbucketProvider, createGcpIapProvider, createGithubProvider, createGitlabProvider, createGoogleProvider, createMicrosoftProvider, createOAuth2Provider, createOidcProvider, createOktaProvider, createOneLoginProvider, createOriginFilter, createRouter, createSamlProvider, factories as defaultAuthProviderFactories, encodeState, ensuresXRequestedWith, getEntityClaims, googleEmailSignInResolver, microsoftEmailSignInResolver, oktaEmailSignInResolver, postMessageResponse, prepareBackstageIdentityResponse, readState, verifyNonce };
+export { AtlassianAuthProvider, AtlassianProviderOptions, Auth0ProviderOptions, AuthHandler, AuthHandlerResult, AuthProviderFactory, AuthProviderFactoryOptions, AuthProviderRouteHandlers, AuthResolverContext, AuthResponse, AwsAlbProviderOptions, BackstageIdentity, BackstageIdentityResponse, BackstageSignInResult, BackstageUserIdentity, BitbucketOAuthResult, BitbucketPassportProfile, BitbucketProviderOptions, CatalogIdentityClient, GcpIapProviderOptions, GcpIapResult, GcpIapTokenInfo, GithubOAuthResult, GithubProviderOptions, GitlabProviderOptions, GoogleProviderOptions, IdentityClient, MicrosoftProviderOptions, OAuth2ProviderOptions, OAuth2ProxyResult, OAuthAdapter, OAuthEnvironmentHandler, OAuthHandlers, OAuthProviderInfo, OAuthProviderOptions, OAuthRefreshRequest, OAuthResponse, OAuthResult, OAuthStartRequest, OAuthState, Oauth2ProxyProviderOptions, OidcAuthResult, OidcProviderOptions, OktaProviderOptions, OneLoginProviderOptions, ProfileInfo, RouterOptions, SamlAuthResult, SamlProviderOptions, SignInInfo, SignInResolver, TokenIssuer, WebMessageResponse, bitbucketUserIdSignInResolver, bitbucketUsernameSignInResolver, createAtlassianProvider, createAuth0Provider, createAwsAlbProvider, createBitbucketProvider, createGcpIapProvider, createGithubProvider, createGitlabProvider, createGoogleProvider, createMicrosoftProvider, createOAuth2Provider, createOauth2ProxyProvider, createOidcProvider, createOktaProvider, createOneLoginProvider, createOriginFilter, createRouter, createSamlProvider, factories as defaultAuthProviderFactories, encodeState, ensuresXRequestedWith, getEntityClaims, googleEmailSignInResolver, microsoftEmailSignInResolver, oktaEmailSignInResolver, postMessageResponse, prepareBackstageIdentityResponse, readState, verifyNonce };

package/package.json CHANGED Viewed

@@ -1,7 +1,7 @@
 {
   "name": "@backstage/plugin-auth-backend",
   "description": "A Backstage backend plugin that handles authentication",
-  "version": "0.6.2",
+  "version": "0.9.0-next.0",
   "main": "dist/index.cjs.js",
   "types": "dist/index.d.ts",
   "license": "Apache-2.0",
@@ -30,13 +30,13 @@
     "clean": "backstage-cli clean"
   },
   "dependencies": {
-    "@backstage/backend-common": "^0.10.3",
-    "@backstage/catalog-client": "^0.5.4",
-    "@backstage/catalog-model": "^0.9.9",
-    "@backstage/config": "^0.1.12",
+    "@backstage/backend-common": "^0.10.5",
+    "@backstage/catalog-client": "^0.5.5",
+    "@backstage/catalog-model": "^0.9.10",
+    "@backstage/config": "^0.1.13",
     "@backstage/errors": "^0.2.0",
     "@backstage/types": "^0.1.1",
-    "@google-cloud/firestore": "^4.15.1",
+    "@google-cloud/firestore": "^5.0.2",
     "@types/express": "^4.17.6",
     "@types/passport": "^1.0.3",
     "compression": "^1.7.4",
@@ -58,7 +58,7 @@
     "node-cache": "^5.1.2",
     "node-fetch": "^2.6.1",
     "openid-client": "^4.2.1",
-    "passport": "^0.4.1",
+    "passport": "^0.5.2",
     "passport-bitbucket-oauth2": "^0.1.2",
     "passport-github2": "^0.1.12",
     "passport-gitlab2": "^5.0.0",
@@ -73,8 +73,8 @@
     "yn": "^4.0.0"
   },
   "devDependencies": {
-    "@backstage/cli": "^0.11.0",
-    "@backstage/test-utils": "^0.2.2",
+    "@backstage/cli": "^0.13.1-next.0",
+    "@backstage/test-utils": "^0.2.3",
     "@types/body-parser": "^1.19.0",
     "@types/cookie-parser": "^1.4.2",
     "@types/express-session": "^1.17.2",
@@ -94,5 +94,5 @@
     "config.d.ts"
   ],
   "configSchema": "config.d.ts",
-  "gitHead": "da66c61bdd63cdb3f0f0cd2e26dc9e6454d93c7b"
+  "gitHead": "a28838ac5c80c7332caa6ca0569d2ec85151784f"
 }