npm - @backstage/plugin-auth-backend - Versions diffs - 0.7.0-next.0 → 0.9.0-next.1 - Mend

@backstage/plugin-auth-backend 0.7.0-next.0 → 0.9.0-next.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

package/dist/index.d.ts CHANGED Viewed

@@ -2,7 +2,7 @@
 import express from 'express';
 import { Logger } from 'winston';
 import { Config } from '@backstage/config';
-import { PluginEndpointDiscovery, PluginDatabaseManager } from '@backstage/backend-common';
+import { TokenManager, PluginEndpointDiscovery, PluginDatabaseManager } from '@backstage/backend-common';
 import { CatalogApi } from '@backstage/catalog-client';
 import { UserEntity, Entity } from '@backstage/catalog-model';
 import { Profile } from 'passport';
@@ -103,6 +103,7 @@ declare type OAuthState = {
     nonce: string;
     env: string;
     origin?: string;
+    scope?: string;
 };
 declare type OAuthStartRequest = express.Request<{}> & {
     scope: string;
@@ -144,6 +145,39 @@ interface OAuthHandlers {
     logout?(): Promise<void>;
 }
+declare type UserQuery = {
+    annotations: Record<string, string>;
+};
+declare type MemberClaimQuery = {
+    entityRefs: string[];
+    logger?: Logger;
+};
+/**
+ * A catalog client tailored for reading out identity data from the catalog.
+ */
+declare class CatalogIdentityClient {
+    private readonly catalogApi;
+    private readonly tokenManager;
+    constructor(options: {
+        catalogApi: CatalogApi;
+        tokenManager: TokenManager;
+    });
+    /**
+     * Looks up a single user using a query.
+     *
+     * Throws a NotFoundError or ConflictError if 0 or multiple users are found.
+     */
+    findUser(query: UserQuery): Promise<UserEntity>;
+    /**
+     * Resolve additional entity claims from the catalog, using the passed-in entity names. Designed
+     * to be used within a `signInResolver` where additional entity claims might be provided, but
+     * group membership and transient group membership lean on imported catalog relations.
+     *
+     * Returns a superset of the entity names that can be passed directly to `issueToken` as `ent`.
+     */
+    resolveCatalogMembership(query: MemberClaimQuery): Promise<string[]>;
+}
 /**
  * A identity client to interact with auth-backend
  * and authenticate backstage identity tokens
@@ -187,39 +221,6 @@ declare class IdentityClient {
     private refreshKeyStore;
 }
-declare type UserQuery = {
-    annotations: Record<string, string>;
-};
-declare type MemberClaimQuery = {
-    entityRefs: string[];
-    logger?: Logger;
-};
-/**
- * A catalog client tailored for reading out identity data from the catalog.
- */
-declare class CatalogIdentityClient {
-    private readonly catalogApi;
-    private readonly tokenIssuer;
-    constructor(options: {
-        catalogApi: CatalogApi;
-        tokenIssuer: TokenIssuer;
-    });
-    /**
-     * Looks up a single user using a query.
-     *
-     * Throws a NotFoundError or ConflictError if 0 or multiple users are found.
-     */
-    findUser(query: UserQuery): Promise<UserEntity>;
-    /**
-     * Resolve additional entity claims from the catalog, using the passed-in entity names. Designed
-     * to be used within a `signInResolver` where additional entity claims might be provided, but
-     * group membership and transient group membership lean on imported catalog relations.
-     *
-     * Returns a superset of the entity names that can be passed directly to `issueToken` as `ent`.
-     */
-    resolveCatalogMembership(query: MemberClaimQuery): Promise<string[]>;
-}
 declare function getEntityClaims(entity: UserEntity): TokenParams['claims'];
 /**
@@ -313,6 +314,7 @@ declare type AuthProviderFactoryOptions = {
     globalConfig: AuthProviderConfig;
     config: Config;
     logger: Logger;
+    tokenManager: TokenManager;
     tokenIssuer: TokenIssuer;
     discovery: PluginEndpointDiscovery;
     catalogApi: CatalogApi;
@@ -491,11 +493,13 @@ declare type Options = {
     appOrigin: string;
     tokenIssuer: TokenIssuer;
     isOriginAllowed: (origin: string) => boolean;
+    callbackUrl?: string;
 };
 declare class OAuthAdapter implements AuthProviderRouteHandlers {
     private readonly handlers;
     private readonly options;
-    static fromConfig(config: AuthProviderConfig, handlers: OAuthHandlers, options: Pick<Options, 'providerId' | 'persistScopes' | 'disableRefresh' | 'tokenIssuer'>): OAuthAdapter;
+    static fromConfig(config: AuthProviderConfig, handlers: OAuthHandlers, options: Pick<Options, 'providerId' | 'persistScopes' | 'disableRefresh' | 'tokenIssuer' | 'callbackUrl'>): OAuthAdapter;
+    private readonly baseCookieOptions;
     constructor(handlers: OAuthHandlers, options: Options);
     start(req: express.Request, res: express.Response): Promise<void>;
     frameHandler(req: express.Request, res: express.Response): Promise<void>;
@@ -507,8 +511,8 @@ declare class OAuthAdapter implements AuthProviderRouteHandlers {
      */
     private populateIdentity;
     private setNonceCookie;
-    private setScopesCookie;
-    private getScopesFromCookie;
+    private setGrantedScopeCookie;
+    private getGrantedScopeFromCookie;
     private setRefreshTokenCookie;
     private removeRefreshTokenCookie;
 }
@@ -974,6 +978,7 @@ interface RouterOptions {
     database: PluginDatabaseManager;
     config: Config;
     discovery: PluginEndpointDiscovery;
+    tokenManager: TokenManager;
     providerFactories?: ProviderFactories;
 }
 declare function createRouter(options: RouterOptions): Promise<express.Router>;

package/package.json CHANGED Viewed

@@ -1,7 +1,7 @@
 {
   "name": "@backstage/plugin-auth-backend",
   "description": "A Backstage backend plugin that handles authentication",
-  "version": "0.7.0-next.0",
+  "version": "0.9.0-next.1",
   "main": "dist/index.cjs.js",
   "types": "dist/index.d.ts",
   "license": "Apache-2.0",
@@ -30,13 +30,13 @@
     "clean": "backstage-cli clean"
   },
   "dependencies": {
-    "@backstage/backend-common": "^0.10.4-next.0",
-    "@backstage/catalog-client": "^0.5.5-next.0",
-    "@backstage/catalog-model": "^0.9.10-next.0",
-    "@backstage/config": "^0.1.13-next.0",
+    "@backstage/backend-common": "^0.10.6-next.0",
+    "@backstage/catalog-client": "^0.5.5",
+    "@backstage/catalog-model": "^0.9.10",
+    "@backstage/config": "^0.1.13",
     "@backstage/errors": "^0.2.0",
     "@backstage/types": "^0.1.1",
-    "@google-cloud/firestore": "^4.15.1",
+    "@google-cloud/firestore": "^5.0.2",
     "@types/express": "^4.17.6",
     "@types/passport": "^1.0.3",
     "compression": "^1.7.4",
@@ -58,7 +58,7 @@
     "node-cache": "^5.1.2",
     "node-fetch": "^2.6.1",
     "openid-client": "^4.2.1",
-    "passport": "^0.4.1",
+    "passport": "^0.5.2",
     "passport-bitbucket-oauth2": "^0.1.2",
     "passport-github2": "^0.1.12",
     "passport-gitlab2": "^5.0.0",
@@ -73,8 +73,8 @@
     "yn": "^4.0.0"
   },
   "devDependencies": {
-    "@backstage/cli": "^0.12.0-next.0",
-    "@backstage/test-utils": "^0.2.3-next.0",
+    "@backstage/cli": "^0.13.1-next.1",
+    "@backstage/test-utils": "^0.2.4-next.0",
     "@types/body-parser": "^1.19.0",
     "@types/cookie-parser": "^1.4.2",
     "@types/express-session": "^1.17.2",
@@ -94,5 +94,5 @@
     "config.d.ts"
   ],
   "configSchema": "config.d.ts",
-  "gitHead": "31184691d5a38cb78b091c8f7ad6db80604519a6"
+  "gitHead": "d6da97a1edeb21fcefc682d91916987ba9f3d89a"
 }