1cc86bee1c
Version Packages (next)
2026-04-21 15:07:43 +00:00
f0c27227cf
chore: remove duplicate dependencies/devDependencies entries
...
Several packages had the same dependency listed in both `dependencies`
and `devDependencies`. This removes the duplicate from whichever section
is incorrect based on actual usage in the source code.
Signed-off-by: Fredrik Adelöw <freben@spotify.com >
Made-with: Cursor
2026-04-16 10:22:01 +02:00
93e643d142
Version Packages
2026-04-14 14:57:31 +00:00
6c10d88c13
Version Packages (next)
2026-04-07 15:30:58 +00:00
7bc057e8b6
Merge pull request #33703 from backstage/feat/auth0-federated-logout
...
feat(auth): support provider logout redirects, implement Auth0 federated logout
2026-04-01 15:27:27 +02:00
208cf5f922
fix(auth): add security hardening and federated config for Auth0 logout
...
Add server-side URL validation for logoutUrl (HTTPS + localhost only),
origin validation on the logout endpoint, and a configurable `federated`
option (default false) for Auth0 provider logout. Includes comprehensive
test coverage for all security controls.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com >
Signed-off-by: Jack Palmer <jackpalmer@spotify.com >
2026-04-01 13:06:43 +01:00
3532be4763
fix(auth): harden logout redirect with origin validation and protocol check
...
Add origin allowlist validation in the OAuth logout handler (matching
the existing start/refresh pattern) and validate the logoutUrl protocol
on the frontend before redirecting. Also replace inline type annotation
with the named OAuthAuthenticatorLogoutResult type.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com >
Signed-off-by: Jack Palmer <jackpalmer@spotify.com >
2026-04-01 13:06:43 +01:00
a2cb332e25
Version Packages (next)
2026-03-31 15:30:51 +00:00
9244b70c57
chore: add changesets, update API reports, fix type errors
...
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com >
Signed-off-by: Jonathan Roebuck <jroebuck@spotify.com >
2026-03-31 16:20:23 +01:00
0ef5a03fb3
feat(auth-node): return logoutUrl in logout response when provided by authenticator
...
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com >
Signed-off-by: Jonathan Roebuck <jroebuck@spotify.com >
2026-03-31 16:20:23 +01:00
fec31bdde5
feat(auth-node): add OAuthAuthenticatorLogoutResult type for provider logout redirects
...
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com >
Signed-off-by: Jonathan Roebuck <jroebuck@spotify.com >
2026-03-31 16:20:23 +01:00
3f8060c460
Merge pull request #33536 from jonkoops/fix/zod-schema-first-generics
...
fix: use schema-first generic pattern for Zod type compatibility
2026-03-26 17:16:51 +01:00
fa550786b0
fix: use schema-first generic pattern for Zod type compatibility
...
Refactor `SignInResolverFactoryOptions` and `createSchemaFromZod` to use
`TSchema extends ZodType` instead of `ZodSchema<Output, Def, Input>`,
avoiding "excessively deep" TypeScript inference errors when multiple
Zod copies are resolved in a project.
Signed-off-by: Jon Koops <jonkoops@gmail.com >
2026-03-26 16:31:41 +01:00
c1b510cabb
Version Packages (next)
2026-03-24 14:54:00 +00:00
5725b5fcfa
Version Packages
2026-03-17 21:39:07 +00:00
e6c41459f5
chore: Switch some zod imports to type only
...
Signed-off-by: Gabriel Dugny <gabriel.dugny@believe.com >
2026-03-17 16:48:43 +01:00
0257363c51
Allow zod v3 or v4 dependency (keep using v3)
...
Signed-off-by: Gabriel Dugny <gabriel.dugny@believe.com >
2026-03-17 16:48:42 +01:00
49171c9de4
chore: Update all imports to zod/v3
...
Signed-off-by: Gabriel Dugny <gabriel.dugny@believe.com >
2026-03-17 16:48:42 +01:00
ed7c4e3bef
Version Packages (next)
2026-03-10 17:34:12 +00:00
db0d171511
Version Packages (next)
2026-03-03 14:16:49 +00:00
4bd6a3a1af
Version Packages (next)
2026-02-24 19:24:06 +00:00
e6df5d52ce
Version Packages
2026-02-17 16:06:18 +00:00
7c41134684
Version Packages (next)
2026-02-10 16:14:59 +00:00
1ea737c1e2
Version Packages (next)
2026-02-03 14:24:29 +00:00
d4b85dddee
Version Packages (next)
2026-01-27 15:51:11 +00:00
f02219a054
Merge pull request #32516 from backstage/freben/nodecolon
...
Add a rule for the use of `node:` prefix on native imports
2026-01-27 14:17:14 +01:00
69d880e171
Bump to latest zod
...
Signed-off-by: Fredrik Adelöw <freben@gmail.com >
2026-01-26 13:52:02 +01:00
7455dae884
require the use of node prefix on native imports
...
Signed-off-by: Fredrik Adelöw <freben@gmail.com >
2026-01-26 13:22:53 +01:00
2e902e7b43
Version Packages
2026-01-20 16:40:05 +00:00
4eeba9ed61
Upgrade zod-validation-error to version 4
...
Signed-off-by: Jon Koops <jonkoops@gmail.com >
2026-01-14 14:46:55 +01:00
872eb91313
Upgrade zod-to-json-schema to latest version
...
Signed-off-by: Jon Koops <jonkoops@gmail.com >
2026-01-14 12:03:47 +01:00
c24788d5bb
Version Packages
2025-12-16 14:08:20 +00:00
4e4901c21d
Merge pull request #32095 from UncleDoom/refactor-oauthcookiemanager-fix-chunked-cookie-removal
...
fix(auth): fix edge case related to chunked oauth token cookie
2025-12-15 22:11:48 +01:00
b35f8b2ac8
fix(auth): fix edge case related to new chunked oauth token cookie having less chunks than previous one and refactor for readability
...
Signed-off-by: Dominik Bargowski <dominik.bargowski@gmail.com >
2025-12-10 19:58:31 +01:00
e08f48a9b5
Version Packages (next)
2025-12-09 15:00:09 +00:00
e9dd634664
fix(auth): update cookie deletion logic for chunked cookies
...
Signed-off-by: Jessica He <jhe@redhat.com >
2025-12-05 09:18:05 -05:00
2e09a29a40
improve auth flake
...
Signed-off-by: Fredrik Adelöw <freben@gmail.com >
2025-12-03 12:32:36 +01:00
de96a60f7a
chore(deps): bump express from 4.21.2 to 4.22.0
...
Bumps [express](https://github.com/expressjs/express ) from 4.21.2 to 4.22.0.
- [Release notes](https://github.com/expressjs/express/releases )
- [Changelog](https://github.com/expressjs/express/blob/4.22.0/History.md )
- [Commits](https://github.com/expressjs/express/compare/4.21.2...4.22.0 )
---
updated-dependencies:
- dependency-name: express
dependency-version: 4.22.0
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com >
2025-12-02 20:33:46 +01:00
756986e5e7
Version Packages (next)
2025-11-25 16:21:32 +00:00
2389358126
fix(auth): remove leading dot in auth cookie cleanup
...
Signed-off-by: Jessica He <jhe@redhat.com >
2025-11-24 12:25:18 -05:00
792f4d7e3d
Version Packages
2025-11-18 12:23:09 +00:00
3738293d26
Version Packages (next)
2025-11-04 15:00:26 +00:00
807af8ce0e
Version Packages (next)
2025-10-21 16:14:43 +00:00
b436f73803
Merge pull request #31166 from schultzp2020/constructor-parameters
...
refactor: convert constructor parameter properties for erasableSyntaxOnly compatibility
2025-10-15 18:56:42 +02:00
d6ce2db9ca
Version Packages
2025-10-14 15:29:54 +00:00
05f60e1e0a
refactor: convert constructor parameter properties for erasableSyntaxOnly compatibility
...
Signed-off-by: Paul Schultz <pschultz@pobox.com >
2025-10-14 08:29:21 -05:00
c2c60546d2
Version Packages (next)
2025-09-24 12:57:42 +00:00
b799a2d07f
Version Packages
2025-09-16 13:22:58 +00:00
020d484ac4
Version Packages (next)
2025-09-09 15:00:36 +00:00
62e3de764c
chore: initial plugin fix
...
Signed-off-by: benjdlambert <ben@blam.sh >
Signed-off-by: benjdlambert <ben@blam.sh >
2025-09-09 16:26:24 +02:00
github-actions[bot]