npm - @backstage/plugin-auth-backend - Versions diffs - 0.7.0-next.0 → 0.7.0 - Mend

@backstage/plugin-auth-backend 0.7.0-next.0 → 0.7.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/CHANGELOG.md CHANGED Viewed

@@ -1,5 +1,26 @@
 # @backstage/plugin-auth-backend
+## 0.7.0
+### Minor Changes
+- 6e92ee6267: Add new authentication provider to support the oauth2-proxy.
+  **BREAKING** The `AuthHandler` requires now an `AuthResolverContext` parameter. This aligns with the
+  behavior of the `SignInResolver`.
+- f8496730ab: Switched the handling of the `BackstageIdentityResponse` so that the returned `identity.userEntityRef` is always a full entity reference. If `userEntityRef` was previously set to `jane`, it will now be `user:default/jane`. The `userEntityRef` in the response is parsed from the `sub` claim in the payload of the Backstage token.
+- a53d7d8143: Update provider subs to return full entity ref.
+### Patch Changes
+- f815b7e4a4: build(deps): bump `@google-cloud/firestore` from 4.15.1 to 5.0.2
+- Updated dependencies
+  - @backstage/backend-common@0.10.4
+  - @backstage/config@0.1.13
+  - @backstage/catalog-model@0.9.10
+  - @backstage/catalog-client@0.5.5
 ## 0.7.0-next.0
 ### Minor Changes

package/dist/index.cjs.js CHANGED Viewed

@@ -245,6 +245,10 @@ function parseJwtPayload(token) {
 }
 function prepareBackstageIdentityResponse(result) {
   const { sub, ent } = parseJwtPayload(result.token);
+  const userEntityRef = catalogModel.stringifyEntityRef(catalogModel.parseEntityRef(sub, {
+    defaultKind: "user",
+    defaultNamespace: catalogModel.ENTITY_DEFAULT_NAMESPACE
+  }));
   return {
     ...{
       idToken: result.token,
@@ -252,7 +256,7 @@ function prepareBackstageIdentityResponse(result) {
     },
     identity: {
       type: "user",
-      userEntityRef: sub,
+      userEntityRef,
       ownershipEntityRefs: ent != null ? ent : []
     }
   };
@@ -1211,7 +1215,10 @@ const githubDefaultSignInResolver = async (info, ctx) => {
   const { fullProfile } = info.result;
   const userId = fullProfile.username || fullProfile.id;
   const token = await ctx.tokenIssuer.issueToken({
-    claims: { sub: userId, ent: [`user:default/${userId}`] }
+    claims: {
+      sub: `user:default/${userId}`,
+      ent: [`user:default/${userId}`]
+    }
   });
   return { id: userId, token };
 };
@@ -1278,7 +1285,7 @@ const gitlabDefaultSignInResolver = async (info, ctx) => {
     id = profile.email.split("@")[0];
   }
   const token = await ctx.tokenIssuer.issueToken({
-    claims: { sub: id, ent: [`user:default/${id}`] }
+    claims: { sub: `user:default/${id}`, ent: [`user:default/${id}`] }
   });
   return { id, token };
 };
@@ -1662,7 +1669,10 @@ const microsoftDefaultSignInResolver = async (info, ctx) => {
   }
   const userId = profile.email.split("@")[0];
   const token = await ctx.tokenIssuer.issueToken({
-    claims: { sub: userId, ent: [`user:default/${userId}`] }
+    claims: {
+      sub: `user:default/${userId}`,
+      ent: [`user:default/${userId}`]
+    }
   });
   return { id: userId, token };
 };
@@ -1807,7 +1817,7 @@ const oAuth2DefaultSignInResolver$1 = async (info, ctx) => {
   }
   const userId = profile.email.split("@")[0];
   const token = await ctx.tokenIssuer.issueToken({
-    claims: { sub: userId, ent: [`user:default/${userId}`] }
+    claims: { sub: `user:default/${userId}`, ent: [`user:default/${userId}`] }
   });
   return { id: userId, token };
 };
@@ -2545,7 +2555,7 @@ const oktaDefaultSignInResolver = async (info, ctx) => {
   }
   const userId = profile.email.split("@")[0];
   const token = await ctx.tokenIssuer.issueToken({
-    claims: { sub: userId, ent: [`user:default/${userId}`] }
+    claims: { sub: `user:default/${userId}`, ent: [`user:default/${userId}`] }
   });
   return { id: userId, token };
 };