paulononato/backstage
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
56,390 Commits 1 Branch 0 Tags
34f1b2aeb1234428fe74e4581161845dd8fbfdff
Commit Graph

102 Commits

Author SHA1 Message Date
Patrik Oldsberg b8bbf061fd Merge pull request #25254 from Zaperex/update-auth-node-signin-resolver 
chore(auth-node): allow declarative signin resolvers to take precedence
 2024-08-06 13:43:56 +02:00
Patrik Oldsberg c5ce79a14c Merge pull request #25569 from backstage/nbs10/rename-setup-request-handlers 
[NBS 1.0]Rename `setupRequestMockHandlers` to `registerMswTestHooks`
 2024-07-16 11:01:29 +02:00
Camila Belo b82aff92aa refactor(test-utils): deprecate the isDockerDisabledForTests function 
Signed-off-by: Camila Belo <camilaibs@gmail.com>
 2024-07-10 17:06:00 +02:00
Camila Belo 95a3a0b91c refactor(test-utils): rename setupRequestMockHandlers to setupMswHandler 
Signed-off-by: Camila Belo <camilaibs@gmail.com>
 2024-07-10 15:45:49 +02:00
Olivier Liechti aca86a6a00 Address review comments 
Signed-off-by: Olivier Liechti <olivier.liechti@wasabi-tech.com>
 2024-07-10 08:11:02 +02:00
Olivier Liechti 55c1a729ac Simplify the bug fix, by implementing logic in the PassportHelper 
Signed-off-by: Olivier Liechti <olivier.liechti@wasabi-tech.com>
 2024-07-09 16:29:50 +02:00
Frank Kong 579afd0d32 chore(auth-node): allow declarative signin resolvers to take precedence 
Signed-off-by: Frank Kong <frkong@redhat.com>
 2024-06-14 18:33:50 -04:00
Patrik Oldsberg bdabd9952e auth-*: test fixes for new CookieScopeManager 
Signed-off-by: Patrik Oldsberg <poldsberg@gmail.com>
 2024-06-11 11:30:13 +02:00
Patrik Oldsberg dd99788e6b auth-node: allow additonalScopes to be a string too 
Signed-off-by: Patrik Oldsberg <poldsberg@gmail.com>
 2024-06-11 11:30:13 +02:00
Patrik Oldsberg bb7d150937 auth-node: added CookieScopeManager tests + fixes 
Signed-off-by: Patrik Oldsberg <poldsberg@gmail.com>
 2024-06-11 11:30:13 +02:00
Patrik Oldsberg 798ec37c1c auth-node: initial scope manager refactor 
Signed-off-by: Patrik Oldsberg <poldsberg@gmail.com>
 2024-06-11 11:30:13 +02:00
Heikki Hellgren 776ec144ed fix: review comments and naming 
Signed-off-by: Heikki Hellgren <heikki.hellgren@op.fi>
 2024-04-15 08:44:56 +03:00
Heikki Hellgren b0ae9ccac4 feat: support for new backend system via extension point 
Signed-off-by: Heikki Hellgren <heikki.hellgren@op.fi>
 2024-04-15 08:21:16 +03:00
Heikki Hellgren ea9262bc9f feat: allow overriding default ownership resolving 
This allows to modify the ownership resolving in the auth resolve
context. For example if user wants to include parent groups also to
the ownershipEntityRefs, it's not possible unless the built-in
auth providers are forked and rewritten.

Signed-off-by: Heikki Hellgren <heikki.hellgren@op.fi>
 2024-04-15 08:21:16 +03:00
Vincenzo Scamporlino 130b215629 backend-app-api: final service to service refactoring 
Co-authored-by: Patrik Oldsberg <poldsberg@gmail.com>
Signed-off-by: Vincenzo Scamporlino <vincenzos@spotify.com>
 2024-04-04 14:40:41 +02:00
Camila Belo ff681360cc refactor: make token types internal 
Co-authored-by: Patrik Oldsberg <poldsberg@gmail.com>
Signed-off-by: Camila Belo <camilaibs@gmail.com>
 2024-04-03 13:43:54 +02:00
Patrik Oldsberg 0d2a05418b backend-app-api,auth: move token typ claim to be a header param 
Co-authored-by: Camila Belo <camilaibs@gmail.com>
Signed-off-by: Patrik Oldsberg <poldsberg@gmail.com>
 2024-04-03 13:12:54 +02:00
Patrik Oldsberg 018b0910e0 backend-app-api,auth: add ent claim to user identity proof 
Co-authored-by: Camila Belo <camilaibs@gmail.com>
Signed-off-by: Patrik Oldsberg <poldsberg@gmail.com>
 2024-04-03 13:12:54 +02:00
Fredrik Adelöw 4194ac7200 auth: issue user identity claims and create limited user tokens from them 
Co-authored-by: Camila Belo <camilaibs@gmail.com>
Signed-off-by: Fredrik Adelöw <freben@gmail.com>
 2024-04-03 13:12:54 +02:00
Elias Rieb 038b2e6894 fix(auth): consider only entities of kind user when using findCatalogUser with filter query 
Signed-off-by: Elias Rieb <e.rieb@posteo.de>
 2024-03-05 09:05:02 +01:00
Patrik Oldsberg b4fc6e3164 auth-node: deprecate getBearerTokenFromAuthorizationHeader 
Co-authored-by: Fredrik Adelöw <freben@gmail.com>
Co-authored-by: Carl-Erik Bergström <cbergstrom@spotify.com>
Co-authored-by: blam <ben@blam.sh>
Signed-off-by: Patrik Oldsberg <poldsberg@gmail.com>
 2024-02-23 10:58:21 +01:00
blam b1b012d065 chore: fix tests and add changeset 
Signed-off-by: blam <ben@blam.sh>
 2024-02-21 12:44:45 +01:00
blam 9b810b9a99 feat: treat providerInfo as a seperate return value 
Signed-off-by: blam <ben@blam.sh>
 2024-02-21 11:43:47 +01:00
Alex Crome a0b01eda2c Moved defence against null tokens into defaultProfileTransform to apply more broadly than just Microsoft tokens. 
Signed-off-by: Alex Crome <afscrome@users.noreply.github.com>
 2024-02-19 15:07:47 +00:00
Jamie Klassen d4cc552ab1 refactor auth plugins to use jose 
Signed-off-by: Jamie Klassen <jamie.klassen@broadcom.com>
 2024-02-02 11:03:09 -05:00
Ruben Vallejo 70a3c2631f resolve rebase type/compilation errors 
Signed-off-by: Ruben Vallejo <rvallejo@vmware.com>
 2023-10-12 10:12:55 -04:00
Patrik Oldsberg fdff9cc040 Merge pull request #20317 from mitchhentgesspotify/mhentges/fix-gcp-iap-refresh-500 
Fix `authenticate()` ctx properties being missing
 2023-10-09 16:41:39 +02:00
Adam Kunicki 8b8b1d23ae auth-node: Refresh handler not returning persisted scope in response 
The refresh handler is returning an empty scope if scope was previously
saved in a cookie. The session is successfully refreshed but the client
receives a response without the scope it requested, prompting a new
login.

Resolves #20322

Signed-off-by: Adam Kunicki <kunickiaj@gmail.com>
 2023-10-04 10:18:03 -07:00
Mitchell Hentges 6f142d5356 Fix authenticate() ctx properties being missing 
This was broken because the return value of `initialize()` was a `Promise<...>` but its caller wasn't `await`-ing the value.

This was causing the `gcpIap` provider to fail on the `/request` endpoint because `jwtHeader` was undefined.

The OAuth equivalent keeps `initialize()` synchronous, and all implementations don't _need_ to be `async`, so make them synchronous instead.

I've chosen the changelog to be a `major` bump since this changes the API of a public type.

Signed-off-by: Mitchell Hentges <mhentges@spotify.com>
 2023-10-04 10:08:50 +02:00
Patrik Oldsberg 911d90e306 auth-node: avoid passing through empty scope in start 
Signed-off-by: Patrik Oldsberg <poldsberg@gmail.com>
 2023-09-25 20:09:39 +02:00
Patrik Oldsberg 6c2b0793bf auth-node: fix for persisted scopes not being restored on sign-in 
Signed-off-by: Patrik Oldsberg <poldsberg@gmail.com>
 2023-09-25 14:02:15 +02:00
Patrik Oldsberg d852a15972 auth-node: add refreshTokenExpiresInSeconds field to OAuthSession 
Signed-off-by: Patrik Oldsberg <poldsberg@gmail.com>
 2023-08-20 16:02:55 +02:00
Patrik Oldsberg 18619f793c auth-backend: track backstage session expiration separately 
Signed-off-by: Patrik Oldsberg <poldsberg@gmail.com>
 2023-08-19 13:39:02 +02:00
Patrik Oldsberg ee28fa94da auth-node: minor review fixes 
Signed-off-by: Patrik Oldsberg <poldsberg@gmail.com>
 2023-08-11 17:03:06 +02:00
Patrik Oldsberg f5eff800fd auth-node: tweaked some error types 
Signed-off-by: Patrik Oldsberg <poldsberg@gmail.com>
 2023-08-11 17:03:06 +02:00
Patrik Oldsberg 02ea2388d6 auth-node: avoid atob 
Signed-off-by: Patrik Oldsberg <poldsberg@gmail.com>
 2023-08-11 17:03:06 +02:00
Patrik Oldsberg b8515ae3b6 auth-node: fix OAuthState doc 
Signed-off-by: Patrik Oldsberg <poldsberg@gmail.com>
 2023-08-11 17:03:06 +02:00
Patrik Oldsberg 296c818ddf auth-node: move parseWebPessageResponse to test util + fix error value handling 
Signed-off-by: Patrik Oldsberg <poldsberg@gmail.com>
 2023-08-11 17:03:06 +02:00
Patrik Oldsberg 258b410cad auth refactor type fixes 
Signed-off-by: Patrik Oldsberg <poldsberg@gmail.com>
 2023-08-09 10:42:25 +02:00
Patrik Oldsberg 0678d122a8 auth-node: tests for OAuth handler refresh 
Signed-off-by: Patrik Oldsberg <poldsberg@gmail.com>
 2023-08-09 10:42:25 +02:00
Patrik Oldsberg 2f8c1e75d4 auth-node: OAuth handlers frame handler test + fixes 
Signed-off-by: Patrik Oldsberg <poldsberg@gmail.com>
 2023-08-09 10:42:25 +02:00
Patrik Oldsberg 8d5aa7a3a3 auth-node: start tests for oauth handler 
Signed-off-by: Patrik Oldsberg <poldsberg@gmail.com>
 2023-08-09 10:42:25 +02:00
Patrik Oldsberg 83941bb617 auth-node: add initial OAuth route handlers test 
Signed-off-by: Patrik Oldsberg <poldsberg@gmail.com>
 2023-08-09 10:42:25 +02:00
Patrik Oldsberg c3aa1b91e1 auth-node: add proxy provider APIs 
Signed-off-by: Patrik Oldsberg <poldsberg@gmail.com>
 2023-08-09 10:42:24 +02:00
Patrik Oldsberg d3265deba8 auth-node: refactor to use plain ProfileTransform 
Signed-off-by: Patrik Oldsberg <poldsberg@gmail.com>
 2023-08-09 10:42:24 +02:00
Patrik Oldsberg acbf02aada auth-node: refactor and rename common sign-in resolvers 
Signed-off-by: Patrik Oldsberg <poldsberg@gmail.com>
 2023-08-09 10:42:24 +02:00
Patrik Oldsberg f7b3d26cf4 auth-node: export sign-in helpers and built-in resolver factories 
Signed-off-by: Patrik Oldsberg <poldsberg@gmail.com>
 2023-08-09 10:42:24 +02:00
Patrik Oldsberg e14ad7c018 auth-node: fix OAuth redirect flow return 
Signed-off-by: Patrik Oldsberg <poldsberg@gmail.com>
 2023-08-09 10:42:24 +02:00
Patrik Oldsberg d30b4e387a auth-node: add readDeclarativeSignInResolver 
Signed-off-by: Patrik Oldsberg <poldsberg@gmail.com>
 2023-08-09 10:42:24 +02:00
Patrik Oldsberg 861c5708c2 auth-node: add common sign-in resolvers 
Signed-off-by: Patrik Oldsberg <poldsberg@gmail.com>
 2023-08-09 10:42:24 +02:00