@backstage/plugin-auth-node 0.1.1 → 0.1.4

package/CHANGELOG.md

@@ -1,5 +1,32 @@
 # @backstage/plugin-auth-node
 
+## 0.1.4
+
+### Patch Changes
+
+- Updated dependencies
+  - @backstage/catalog-model@0.12.0
+  - @backstage/backend-common@0.12.0
+
+## 0.1.3
+
+### Patch Changes
+
+- Updated dependencies
+  - @backstage/backend-common@0.11.0
+  - @backstage/catalog-model@0.11.0
+
+## 0.1.2
+
+### Patch Changes
+
+- Fix for the previous release with missing type declarations.
+- Updated dependencies
+  - @backstage/backend-common@0.10.9
+  - @backstage/catalog-model@0.10.1
+  - @backstage/config@0.1.15
+  - @backstage/errors@0.2.2
+
 ## 0.1.1
 
 ### Patch Changes

package/dist/index.d.ts

@@ -0,0 +1,124 @@
+import { PluginEndpointDiscovery } from '@backstage/backend-common';
+import { Entity } from '@backstage/catalog-model';
+
+/**
+ * Parses the given authorization header and returns the bearer token, or
+ * undefined if no bearer token is given.
+ *
+ * @remarks
+ *
+ * This function is explicitly built to tolerate bad inputs safely, so you may
+ * call it directly with e.g. the output of `req.header('authorization')`
+ * without first checking that it exists.
+ *
+ * @public
+ */
+declare function getBearerTokenFromAuthorizationHeader(authorizationHeader: unknown): string | undefined;
+
+/**
+ * A representation of a successful Backstage sign-in.
+ *
+ * Compared to the {@link BackstageIdentityResponse} this type omits
+ * the decoded identity information embedded in the token.
+ *
+ * @public
+ */
+interface BackstageSignInResult {
+    /**
+     * An opaque ID that uniquely identifies the user within Backstage.
+     *
+     * This is typically the same as the user entity `metadata.name`.
+     *
+     * @deprecated Use the `identity` field instead
+     */
+    id: string;
+    /**
+     * The entity that the user is represented by within Backstage.
+     *
+     * This entity may or may not exist within the Catalog, and it can be used
+     * to read and store additional metadata about the user.
+     *
+     * @deprecated Use the `identity` field instead.
+     */
+    entity?: Entity;
+    /**
+     * The token used to authenticate the user within Backstage.
+     */
+    token: string;
+}
+/**
+ * Response object containing the {@link BackstageUserIdentity} and the token
+ * from the authentication provider.
+ *
+ * @public
+ */
+interface BackstageIdentityResponse extends BackstageSignInResult {
+    /**
+     * A plaintext description of the identity that is encapsulated within the token.
+     */
+    identity: BackstageUserIdentity;
+}
+/**
+ * User identity information within Backstage.
+ *
+ * @public
+ */
+declare type BackstageUserIdentity = {
+    /**
+     * The type of identity that this structure represents. In the frontend app
+     * this will currently always be 'user'.
+     */
+    type: 'user';
+    /**
+     * The entityRef of the user in the catalog.
+     * For example User:default/sandra
+     */
+    userEntityRef: string;
+    /**
+     * The user and group entities that the user claims ownership through
+     */
+    ownershipEntityRefs: string[];
+};
+
+/**
+ * An identity client to interact with auth-backend and authenticate Backstage
+ * tokens
+ *
+ * @experimental This is not a stable API yet
+ * @public
+ */
+declare class IdentityClient {
+    private readonly discovery;
+    private readonly issuer;
+    private keyStore;
+    private keyStoreUpdated;
+    /**
+     * Create a new {@link IdentityClient} instance.
+     */
+    static create(options: {
+        discovery: PluginEndpointDiscovery;
+        issuer: string;
+    }): IdentityClient;
+    private constructor();
+    /**
+     * Verifies the given backstage identity token
+     * Returns a BackstageIdentity (user) matching the token.
+     * The method throws an error if verification fails.
+     */
+    authenticate(token: string | undefined): Promise<BackstageIdentityResponse>;
+    /**
+     * Returns the public signing key matching the given jwt token,
+     * or null if no matching key was found
+     */
+    private getKey;
+    /**
+     * Lists public part of keys used to sign Backstage Identity tokens
+     */
+    private listPublicKeys;
+    /**
+     * Fetches public keys and caches them locally
+     */
+    private refreshKeyStore;
+}
+
+export { BackstageIdentityResponse, BackstageSignInResult, BackstageUserIdentity, IdentityClient, getBearerTokenFromAuthorizationHeader };

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@backstage/plugin-auth-node",
-  "version": "0.1.1",
+  "version": "0.1.4",
   "main": "dist/index.cjs.js",
   "types": "dist/index.d.ts",
   "license": "Apache-2.0",
@@ -23,21 +23,21 @@
     "start": "backstage-cli package start"
   },
   "dependencies": {
-    "@backstage/backend-common": "^0.10.8",
-    "@backstage/catalog-model": "^0.10.0",
-    "@backstage/config": "^0.1.14",
-    "@backstage/errors": "^0.2.1",
+    "@backstage/backend-common": "^0.12.0",
+    "@backstage/catalog-model": "^0.12.0",
+    "@backstage/config": "^0.1.15",
+    "@backstage/errors": "^0.2.2",
     "jose": "^1.27.1",
     "node-fetch": "^2.6.7",
     "winston": "^3.2.1"
   },
   "devDependencies": {
-    "@backstage/cli": "^0.14.0",
+    "@backstage/cli": "^0.15.0",
     "msw": "^0.35.0",
     "uuid": "^8.0.0"
   },
   "files": [
     "dist"
   ],
-  "gitHead": "4805c3d13ce9bfc369e53c271b1b95e722b3b4dc"
+  "gitHead": "04bb0dd824b78f6b57dac62c3015e681f094045c"
 }