Commit Graph

780 Commits

Author SHA1 Message Date
Patrik Oldsberg 812700e590 Merge pull request #20580 from ataylorme/feat/okta-auth-scope-option
Allow user-defined scopes for Okta auth in config yaml
2023-11-14 11:45:20 +01:00
Alex Crome 11153a019d Merge remote-tracking branch 'upstream/master' into entra-rename 2023-10-28 10:39:42 +01:00
ataylorme 5ae8214a4d Better naming of variable
Signed-off-by: ataylorme <andrew@ataylor.me>
2023-10-26 08:05:13 -07:00
ataylorme 8466307819 Use additionalScopes for Okta auth instead of overriding scope entirely
Signed-off-by: ataylorme <andrew@ataylor.me>
2023-10-26 05:36:02 -07:00
Patrik Oldsberg 664e86f7f9 Merge pull request #19649 from rtriesscheijn/feature/fixed-token-issuer
feature(auth-backend): add a stable token issuer
2023-10-24 11:58:13 +02:00
Patrik Oldsberg 96c4f54bf6 auth-backend: revert microsoft auth implementation
Signed-off-by: Patrik Oldsberg <poldsberg@gmail.com>
2023-10-23 12:25:17 +02:00
Alex Crome 243c655a68 Updated Azure Active Directory to Entra ID
Microsoft have renamed Azure Active Directory to Entra ID.  https://learn.microsoft.com/en-us/azure/active-directory/fundamentals/new-name .  This PR updates references to AAD to refer to Entra ID.

* On each documentation page, I include `formerly Azure Active Directory` in the first non heading reference to Entra ID.  This will help anyone unfaimiliar withthe  name change, and will also mean the page continues to show up in search results if people search for the old name.
* I didn't correct references in file names, as this would cause broken links.  If we have a way of redirecting those to new urls I can look at doign that, but if not, I think it's better to leave existing links working.
* There were a few references to AAD in release notes for older versions - I left these alone as the product naming was correct at the time of the release notes.
* LDAP provider still has references to "Active Directory" as these reference to the on premise Active Directory, not Azure Active Directory

Signed-off-by: Alex Crome <afscrome@users.noreply.github.com>
2023-10-19 23:11:35 +01:00
Fredrik Adelöw 1600baf59d Merge pull request #20558 from backstage/freben/usehotmemoize
stop using `useHotMemoize`
2023-10-17 13:41:50 +02:00
rtriesscheijn 4bbde87a2e fix: pass full config to StaticTokenIssuer, documentation and test tweaks
Signed-off-by: rtriesscheijn <rtriesscheijn@bol.com>
2023-10-17 09:08:42 +02:00
rtriesscheijn d120af630c feat: read static key store config safely
Signed-off-by: rtriesscheijn <rtriesscheijn@bol.com>
2023-10-16 13:25:34 +02:00
rtriesscheijn bdf08ad04a feat: add static token issuer
Signed-off-by: rtriesscheijn <rtriesscheijn@bol.com>
2023-10-16 10:48:48 +02:00
ataylorme 1185e30cb4 Add test for okta auth custom scope
Signed-off-by: ataylorme <andrew@ataylor.me>
2023-10-13 15:11:11 -07:00
ataylorme 609a95492e Allow user-defined scopes for Okta auth in config yaml
- Accept a new scope option during okta creation with `createAuthProviderIntegration`
- Pass the user-defined `scope` as an option to `OktaAuthProvider`
- Add `scope` as an option for `OktaAuthProvider`
- Set `scope` in `OktaAuthProvider` to the `scope` passed as an `option` or a default of `'openid email profile offline_access'` if a user-defined option is not provided
- Update the `start` and `refresh` methods to use `scope` from `OktaAuthProvider` rather than `scope` from the request

Signed-off-by: ataylorme <andrew@ataylor.me>
2023-10-13 11:43:39 -07:00
Markus c58f8264f1 fix: empty scope in oidc client response
Signed-off-by: Markus <mail@markussiebert.com>
2023-10-12 17:56:49 +02:00
Fredrik Adelöw dd0350379b stop using useHotMemoize
Signed-off-by: Fredrik Adelöw <freben@gmail.com>
2023-10-12 10:03:58 +02:00
Fredrik Adelöw ba9c46bdd7 stop using SingleHostDiscovery
Signed-off-by: Fredrik Adelöw <freben@gmail.com>
2023-10-12 09:22:23 +02:00
Chris Gemmell 2dfeb4b612 fixed
Signed-off-by: Chris Gemmell <chris.gemmell8@gmail.com>
2023-09-23 16:42:43 +10:00
Chris 2d8f7e82c1 auth-backend: migrate microsoft provider to separate module
Signed-off-by: Chris Gemmell <chris.gemmell8@gmail.com>
2023-09-23 15:26:40 +10:00
Andre Wanlin ee8f53966f Changed to address feedback
Signed-off-by: Andre Wanlin <67169551+awanlin@users.noreply.github.com>
2023-09-11 12:37:31 -05:00
Patrik Oldsberg 71114ac50e plugins: refactory to use default export for new backend system
Co-authored-by: Fredrik Adelöw <freben@gmail.com>
Co-authored-by: Camila Belo <camilaibs@gmail.com>
Co-authored-by: Johan Haals <johan.haals@gmail.com>
Co-authored-by: Philipp Hugenroth <philipph@spotify.com>
Signed-off-by: Patrik Oldsberg <poldsberg@gmail.com>
2023-09-07 18:53:48 +02:00
Fredrik Adelöw f57281bc7e revert #19602
Signed-off-by: Fredrik Adelöw <freben@gmail.com>
2023-08-29 13:07:51 +02:00
Patrick Jungermann 0fa3a43d87 chore(deps): replace passport-saml with @node-saml/passport-saml
`passport-saml` was deprecated and replaced by `@node-saml/passport-saml`
since version 4.0.0.

Relates-to: #18083
Signed-off-by: Patrick Jungermann <Patrick.Jungermann@gmail.com>
2023-08-25 15:16:52 +02:00
Patrik Oldsberg 080cc77947 auth-backend: migrate gitlab provider to separate module
Signed-off-by: Patrik Oldsberg <poldsberg@gmail.com>
2023-08-22 13:44:42 +02:00
Patrik Oldsberg 72f7979fd2 auth-backend: migrate github provider
Signed-off-by: Patrik Oldsberg <poldsberg@gmail.com>
2023-08-20 16:02:55 +02:00
Patrik Oldsberg 18619f793c auth-backend: track backstage session expiration separately
Signed-off-by: Patrik Oldsberg <poldsberg@gmail.com>
2023-08-19 13:39:02 +02:00
Patrik Oldsberg 7944d43f47 auth-backend: add plugin export for new backend system
Signed-off-by: Patrik Oldsberg <poldsberg@gmail.com>
2023-08-18 15:06:41 +02:00
Patrik Oldsberg 0f0e2a378b auth-backend: fix oauth state test
Signed-off-by: Patrik Oldsberg <poldsberg@gmail.com>
2023-08-09 10:42:25 +02:00
Patrik Oldsberg 961179c533 auth-backend: deprecate more types that have been indirectly moved to auth-node
Signed-off-by: Patrik Oldsberg <poldsberg@gmail.com>
2023-08-09 10:42:25 +02:00
Patrik Oldsberg 9ae287521a auth-backend: fix legacy adaopter test
Signed-off-by: Patrik Oldsberg <poldsberg@gmail.com>
2023-08-09 10:42:25 +02:00
Patrik Oldsberg 258b410cad auth refactor type fixes
Signed-off-by: Patrik Oldsberg <poldsberg@gmail.com>
2023-08-09 10:42:25 +02:00
Patrik Oldsberg 3db911fc98 auth-backend: pass through global config values at top-level
Signed-off-by: Patrik Oldsberg <poldsberg@gmail.com>
2023-08-09 10:42:25 +02:00
Patrik Oldsberg 7ab7ad5c79 auth-backend: refactor google provider tests
Signed-off-by: Patrik Oldsberg <poldsberg@gmail.com>
2023-08-09 10:42:25 +02:00
Patrik Oldsberg 0d078740e8 auth-backend: move gcp-iap provider test
Signed-off-by: Patrik Oldsberg <poldsberg@gmail.com>
2023-08-09 10:42:25 +02:00
Patrik Oldsberg 9aeb35adce auth-backend: migrate gcp-iap provider to use new system
Signed-off-by: Patrik Oldsberg <poldsberg@gmail.com>
2023-08-09 10:42:24 +02:00
Patrik Oldsberg 647929a483 auth-backend: migrate google provider to use new system
Signed-off-by: Patrik Oldsberg <poldsberg@gmail.com>
2023-08-09 10:42:24 +02:00
Patrik Oldsberg 23a8fa5025 auth-backend: spelling fix
Signed-off-by: Patrik Oldsberg <poldsberg@gmail.com>
2023-08-09 10:42:24 +02:00
Patrik Oldsberg 549dd6db12 auth-backend: added new to legacy sign-in resolvers transform
Signed-off-by: Patrik Oldsberg <poldsberg@gmail.com>
2023-08-09 10:42:24 +02:00
Patrik Oldsberg 7d29ca8e8c auth-backend: added legacy sign-in resolver transform
Signed-off-by: Patrik Oldsberg <poldsberg@gmail.com>
2023-08-09 10:42:24 +02:00
Patrik Oldsberg 705ac88dcc auth-backend: added legacy authHandler transform
Signed-off-by: Patrik Oldsberg <poldsberg@gmail.com>
2023-08-09 10:42:24 +02:00
Patrik Oldsberg a4d47d29ad auth-backend: more deprecations in lib
Signed-off-by: Patrik Oldsberg <poldsberg@gmail.com>
2023-08-09 10:42:24 +02:00
Patrik Oldsberg 2f214950a3 add auth-backend-module-iap-provider
Signed-off-by: Patrik Oldsberg <poldsberg@gmail.com>
2023-08-09 10:42:24 +02:00
Patrik Oldsberg 969f9f2553 auth-backend: deprecate OAuth types
Signed-off-by: Patrik Oldsberg <poldsberg@gmail.com>
2023-08-09 10:42:24 +02:00
Patrik Oldsberg afdfeb7974 auth-backend: deprecate OAuthAdapter
Signed-off-by: Patrik Oldsberg <poldsberg@gmail.com>
2023-08-09 10:42:23 +02:00
Patrik Oldsberg 112e45e37f auth-backend: move OAuthEnvironmentHandler to auth-node
Signed-off-by: Patrik Oldsberg <poldsberg@gmail.com>
2023-08-09 10:42:23 +02:00
Patrik Oldsberg 48793dfc95 auth-backend: move prepareBackstageIdentityResponse to auth-node
Signed-off-by: Patrik Oldsberg <poldsberg@gmail.com>
2023-08-09 10:42:23 +02:00
Patrik Oldsberg b62b47a6dd auth-backend: move a couple more types to auth-node
Signed-off-by: Patrik Oldsberg <poldsberg@gmail.com>
2023-08-09 10:42:23 +02:00
Patrik Oldsberg 6c7952ee85 auth-backend: move CookieConfigurer to auth-node
Signed-off-by: Patrik Oldsberg <poldsberg@gmail.com>
2023-08-09 10:42:23 +02:00
Patrik Oldsberg 318816cef9 auth-backend: move a few types to auth-node
Signed-off-by: Patrik Oldsberg <poldsberg@gmail.com>
2023-08-09 10:42:22 +02:00
Patrik Oldsberg 747712f930 auth-backend: add optional token_type field in OAuthResult
Signed-off-by: Patrik Oldsberg <poldsberg@gmail.com>
2023-08-09 10:42:22 +02:00
Patrik Oldsberg 1c522713cd auth-backend: throw error if sign-in result does not contain token when preparting identity response
Signed-off-by: Patrik Oldsberg <poldsberg@gmail.com>
2023-08-09 10:42:22 +02:00