paulononato/backstage
1
0
Fork 0
Code Issues Pull Requests Actions 4 Packages Projects Releases Wiki Activity
53,824 Commits 1 Branch 0 Tags
c6113b5e787a569736dc82394debe756f84db2a0
Commit Graph

91 Commits

Author SHA1 Message Date
Heikki Hellgren 776ec144ed fix: review comments and naming 
Signed-off-by: Heikki Hellgren <heikki.hellgren@op.fi>
 2024-04-15 08:44:56 +03:00
Heikki Hellgren b0ae9ccac4 feat: support for new backend system via extension point 
Signed-off-by: Heikki Hellgren <heikki.hellgren@op.fi>
 2024-04-15 08:21:16 +03:00
Heikki Hellgren ea9262bc9f feat: allow overriding default ownership resolving 
This allows to modify the ownership resolving in the auth resolve
context. For example if user wants to include parent groups also to
the ownershipEntityRefs, it's not possible unless the built-in
auth providers are forked and rewritten.

Signed-off-by: Heikki Hellgren <heikki.hellgren@op.fi>
 2024-04-15 08:21:16 +03:00
Vincenzo Scamporlino 130b215629 backend-app-api: final service to service refactoring 
Co-authored-by: Patrik Oldsberg <poldsberg@gmail.com>
Signed-off-by: Vincenzo Scamporlino <vincenzos@spotify.com>
 2024-04-04 14:40:41 +02:00
Camila Belo ff681360cc refactor: make token types internal 
Co-authored-by: Patrik Oldsberg <poldsberg@gmail.com>
Signed-off-by: Camila Belo <camilaibs@gmail.com>
 2024-04-03 13:43:54 +02:00
Patrik Oldsberg 0d2a05418b backend-app-api,auth: move token typ claim to be a header param 
Co-authored-by: Camila Belo <camilaibs@gmail.com>
Signed-off-by: Patrik Oldsberg <poldsberg@gmail.com>
 2024-04-03 13:12:54 +02:00
Patrik Oldsberg 018b0910e0 backend-app-api,auth: add ent claim to user identity proof 
Co-authored-by: Camila Belo <camilaibs@gmail.com>
Signed-off-by: Patrik Oldsberg <poldsberg@gmail.com>
 2024-04-03 13:12:54 +02:00
Fredrik Adelöw 4194ac7200 auth: issue user identity claims and create limited user tokens from them 
Co-authored-by: Camila Belo <camilaibs@gmail.com>
Signed-off-by: Fredrik Adelöw <freben@gmail.com>
 2024-04-03 13:12:54 +02:00
Elias Rieb 038b2e6894 fix(auth): consider only entities of kind user when using findCatalogUser with filter query 
Signed-off-by: Elias Rieb <e.rieb@posteo.de>
 2024-03-05 09:05:02 +01:00
Patrik Oldsberg b4fc6e3164 auth-node: deprecate getBearerTokenFromAuthorizationHeader 
Co-authored-by: Fredrik Adelöw <freben@gmail.com>
Co-authored-by: Carl-Erik Bergström <cbergstrom@spotify.com>
Co-authored-by: blam <ben@blam.sh>
Signed-off-by: Patrik Oldsberg <poldsberg@gmail.com>
 2024-02-23 10:58:21 +01:00
blam b1b012d065 chore: fix tests and add changeset 
Signed-off-by: blam <ben@blam.sh>
 2024-02-21 12:44:45 +01:00
blam 9b810b9a99 feat: treat providerInfo as a seperate return value 
Signed-off-by: blam <ben@blam.sh>
 2024-02-21 11:43:47 +01:00
Alex Crome a0b01eda2c Moved defence against null tokens into defaultProfileTransform to apply more broadly than just Microsoft tokens. 
Signed-off-by: Alex Crome <afscrome@users.noreply.github.com>
 2024-02-19 15:07:47 +00:00
Jamie Klassen d4cc552ab1 refactor auth plugins to use jose 
Signed-off-by: Jamie Klassen <jamie.klassen@broadcom.com>
 2024-02-02 11:03:09 -05:00
Ruben Vallejo 70a3c2631f resolve rebase type/compilation errors 
Signed-off-by: Ruben Vallejo <rvallejo@vmware.com>
 2023-10-12 10:12:55 -04:00
Patrik Oldsberg fdff9cc040 Merge pull request #20317 from mitchhentgesspotify/mhentges/fix-gcp-iap-refresh-500 
Fix `authenticate()` ctx properties being missing
 2023-10-09 16:41:39 +02:00
Adam Kunicki 8b8b1d23ae auth-node: Refresh handler not returning persisted scope in response 
The refresh handler is returning an empty scope if scope was previously
saved in a cookie. The session is successfully refreshed but the client
receives a response without the scope it requested, prompting a new
login.

Resolves #20322

Signed-off-by: Adam Kunicki <kunickiaj@gmail.com>
 2023-10-04 10:18:03 -07:00
Mitchell Hentges 6f142d5356 Fix authenticate() ctx properties being missing 
This was broken because the return value of `initialize()` was a `Promise<...>` but its caller wasn't `await`-ing the value.

This was causing the `gcpIap` provider to fail on the `/request` endpoint because `jwtHeader` was undefined.

The OAuth equivalent keeps `initialize()` synchronous, and all implementations don't _need_ to be `async`, so make them synchronous instead.

I've chosen the changelog to be a `major` bump since this changes the API of a public type.

Signed-off-by: Mitchell Hentges <mhentges@spotify.com>
 2023-10-04 10:08:50 +02:00
Patrik Oldsberg 911d90e306 auth-node: avoid passing through empty scope in start 
Signed-off-by: Patrik Oldsberg <poldsberg@gmail.com>
 2023-09-25 20:09:39 +02:00
Patrik Oldsberg 6c2b0793bf auth-node: fix for persisted scopes not being restored on sign-in 
Signed-off-by: Patrik Oldsberg <poldsberg@gmail.com>
 2023-09-25 14:02:15 +02:00
Patrik Oldsberg d852a15972 auth-node: add refreshTokenExpiresInSeconds field to OAuthSession 
Signed-off-by: Patrik Oldsberg <poldsberg@gmail.com>
 2023-08-20 16:02:55 +02:00
Patrik Oldsberg 18619f793c auth-backend: track backstage session expiration separately 
Signed-off-by: Patrik Oldsberg <poldsberg@gmail.com>
 2023-08-19 13:39:02 +02:00
Patrik Oldsberg ee28fa94da auth-node: minor review fixes 
Signed-off-by: Patrik Oldsberg <poldsberg@gmail.com>
 2023-08-11 17:03:06 +02:00
Patrik Oldsberg f5eff800fd auth-node: tweaked some error types 
Signed-off-by: Patrik Oldsberg <poldsberg@gmail.com>
 2023-08-11 17:03:06 +02:00
Patrik Oldsberg 02ea2388d6 auth-node: avoid atob 
Signed-off-by: Patrik Oldsberg <poldsberg@gmail.com>
 2023-08-11 17:03:06 +02:00
Patrik Oldsberg b8515ae3b6 auth-node: fix OAuthState doc 
Signed-off-by: Patrik Oldsberg <poldsberg@gmail.com>
 2023-08-11 17:03:06 +02:00
Patrik Oldsberg 296c818ddf auth-node: move parseWebPessageResponse to test util + fix error value handling 
Signed-off-by: Patrik Oldsberg <poldsberg@gmail.com>
 2023-08-11 17:03:06 +02:00
Patrik Oldsberg 258b410cad auth refactor type fixes 
Signed-off-by: Patrik Oldsberg <poldsberg@gmail.com>
 2023-08-09 10:42:25 +02:00
Patrik Oldsberg 0678d122a8 auth-node: tests for OAuth handler refresh 
Signed-off-by: Patrik Oldsberg <poldsberg@gmail.com>
 2023-08-09 10:42:25 +02:00
Patrik Oldsberg 2f8c1e75d4 auth-node: OAuth handlers frame handler test + fixes 
Signed-off-by: Patrik Oldsberg <poldsberg@gmail.com>
 2023-08-09 10:42:25 +02:00
Patrik Oldsberg 8d5aa7a3a3 auth-node: start tests for oauth handler 
Signed-off-by: Patrik Oldsberg <poldsberg@gmail.com>
 2023-08-09 10:42:25 +02:00
Patrik Oldsberg 83941bb617 auth-node: add initial OAuth route handlers test 
Signed-off-by: Patrik Oldsberg <poldsberg@gmail.com>
 2023-08-09 10:42:25 +02:00
Patrik Oldsberg c3aa1b91e1 auth-node: add proxy provider APIs 
Signed-off-by: Patrik Oldsberg <poldsberg@gmail.com>
 2023-08-09 10:42:24 +02:00
Patrik Oldsberg d3265deba8 auth-node: refactor to use plain ProfileTransform 
Signed-off-by: Patrik Oldsberg <poldsberg@gmail.com>
 2023-08-09 10:42:24 +02:00
Patrik Oldsberg acbf02aada auth-node: refactor and rename common sign-in resolvers 
Signed-off-by: Patrik Oldsberg <poldsberg@gmail.com>
 2023-08-09 10:42:24 +02:00
Patrik Oldsberg f7b3d26cf4 auth-node: export sign-in helpers and built-in resolver factories 
Signed-off-by: Patrik Oldsberg <poldsberg@gmail.com>
 2023-08-09 10:42:24 +02:00
Patrik Oldsberg e14ad7c018 auth-node: fix OAuth redirect flow return 
Signed-off-by: Patrik Oldsberg <poldsberg@gmail.com>
 2023-08-09 10:42:24 +02:00
Patrik Oldsberg d30b4e387a auth-node: add readDeclarativeSignInResolver 
Signed-off-by: Patrik Oldsberg <poldsberg@gmail.com>
 2023-08-09 10:42:24 +02:00
Patrik Oldsberg 861c5708c2 auth-node: add common sign-in resolvers 
Signed-off-by: Patrik Oldsberg <poldsberg@gmail.com>
 2023-08-09 10:42:24 +02:00
Patrik Oldsberg 39e19858b8 auth-node: add sign-in resolver factory 
Signed-off-by: Patrik Oldsberg <poldsberg@gmail.com>
 2023-08-09 10:42:24 +02:00
Patrik Oldsberg 12b4d8a3f8 auth-node: deprecate AuthProviderConfig and move to top-level props instead 
Signed-off-by: Patrik Oldsberg <poldsberg@gmail.com>
 2023-08-09 10:42:24 +02:00
Patrik Oldsberg 63484f54c6 auth-node: export OAuth state helpers and types 
Signed-off-by: Patrik Oldsberg <poldsberg@gmail.com>
 2023-08-09 10:42:24 +02:00
Patrik Oldsberg 987637d75a auth-node: added createOAuthProviderFactory 
Signed-off-by: Patrik Oldsberg <poldsberg@gmail.com>
 2023-08-09 10:42:23 +02:00
Patrik Oldsberg 112e45e37f auth-backend: move OAuthEnvironmentHandler to auth-node 
Signed-off-by: Patrik Oldsberg <poldsberg@gmail.com>
 2023-08-09 10:42:23 +02:00
Patrik Oldsberg 3c1df5d4a9 auth-node: createOAuthHandleres -> createOAuthRouteHandlers + refactor state transform 
Signed-off-by: Patrik Oldsberg <poldsberg@gmail.com>
 2023-08-09 10:42:23 +02:00
Patrik Oldsberg 5195c2adaa auth-node: provide passport OAuth helper types 
Signed-off-by: Patrik Oldsberg <poldsberg@gmail.com>
 2023-08-09 10:42:23 +02:00
Patrik Oldsberg c723a90f32 auth-node: add providers extension point 
Signed-off-by: Patrik Oldsberg <poldsberg@gmail.com>
 2023-08-09 10:42:23 +02:00
Patrik Oldsberg a49f1dc7e8 auth-node: add oauth index exports 
Signed-off-by: Patrik Oldsberg <poldsberg@gmail.com>
 2023-08-09 10:42:23 +02:00
Patrik Oldsberg 6f5414273c auth-node: add default OAuth profile transform 
Signed-off-by: Patrik Oldsberg <poldsberg@gmail.com>
 2023-08-09 10:42:23 +02:00
Patrik Oldsberg 1e5baf0c6e auth-node: move identity related modules to identity dir 
Signed-off-by: Patrik Oldsberg <poldsberg@gmail.com>
 2023-08-09 10:42:23 +02:00