Commit Graph

861 Commits

Author SHA1 Message Date
Camila Belo b82aff92aa refactor(test-utils): deprecate the isDockerDisabledForTests function
Signed-off-by: Camila Belo <camilaibs@gmail.com>
2024-07-10 17:06:00 +02:00
Camila Belo 95a3a0b91c refactor(test-utils): rename setupRequestMockHandlers to setupMswHandler
Signed-off-by: Camila Belo <camilaibs@gmail.com>
2024-07-10 15:45:49 +02:00
Fredrik Adelöw 78c777b85a Merge pull request #24729 from kuangp/feat/userInfo
feat(userInfo): implement persisting user info to support limited tokens
2024-06-17 13:03:53 +02:00
Phil Kuang 4a50a87364 refactor(userInfo): minor updates
Signed-off-by: Phil Kuang <pkuang@factset.com>
2024-06-16 10:52:53 -04:00
Fredrik Adelöw d00af0915c Merge pull request #24353 from matteosilv/onelogin-provider
New OneLogin auth backend module
2024-06-10 16:10:44 +02:00
Phil Kuang 79b0b1f3d3 refactor(userInfo): store full claims
Signed-off-by: Phil Kuang <pkuang@factset.com>
2024-06-07 18:21:33 -04:00
Camila Belo 737f3ae5ef Merge branch 'master' into camilaibs/nbs10-deprecate-legacy-system-commons
Signed-off-by: Camila Belo <camilaibs@gmail.com>
2024-05-21 15:12:02 +02:00
Fredrik Adelöw 3e1bb15674 fixup
Signed-off-by: Fredrik Adelöw <freben@gmail.com>
2024-05-21 10:35:44 +02:00
Matteo Silvestri dab4cf2814 drafting onelogin auth backend module
Signed-off-by: Matteo Silvestri <matteosilv@gmail.com>
2024-05-21 10:35:44 +02:00
Camila Belo 8869b8ef30 refactor: stop using the legacy standalone server
Signed-off-by: Camila Belo <camilaibs@gmail.com>
2024-05-17 11:37:04 +02:00
Camila Belo eb34b87d5a refactor: stop using getVoidLogger in tests
Signed-off-by: Camila Belo <camilaibs@gmail.com>
2024-05-16 09:21:54 +02:00
Phil Kuang 3e823d3e14 feat(userInfo): implement persisting user info to support limited tokens
Signed-off-by: Phil Kuang <pkuang@factset.com>
2024-05-13 13:09:43 -04:00
Camila Belo d229dc49ad refator(backend-common): extract path utilities to plugin api
Signed-off-by: Camila Belo <camilaibs@gmail.com>
2024-05-13 13:23:45 +02:00
Patrik Oldsberg ee5173fd5e Merge pull request #22765 from drodil/auth_resolver_override
feat: allow overriding default ownership resolving
2024-04-23 16:44:50 +02:00
Patrick Jungermann ba763b6d86 feat(auth): migrate Bitbucket auth provider to module package
Migrate the Bitbucket auth provider to the new `@backstage/plugin-auth-backend-module-bitbucket-provider` module package.

Relates-to: #19476
Signed-off-by: Patrick Jungermann <Patrick.Jungermann@gmail.com>
2024-04-16 12:48:16 +02:00
YAEGASHI Takeshi f02fe79de0 Refactor auth-backend azure-easyauth provider
Signed-off-by: YAEGASHI Takeshi <yaegashi@gmail.com>
2024-04-16 11:55:35 +02:00
Heikki Hellgren 776ec144ed fix: review comments and naming
Signed-off-by: Heikki Hellgren <heikki.hellgren@op.fi>
2024-04-15 08:44:56 +03:00
Heikki Hellgren b0ae9ccac4 feat: support for new backend system via extension point
Signed-off-by: Heikki Hellgren <heikki.hellgren@op.fi>
2024-04-15 08:21:16 +03:00
Heikki Hellgren ea9262bc9f feat: allow overriding default ownership resolving
This allows to modify the ownership resolving in the auth resolve
context. For example if user wants to include parent groups also to
the ownershipEntityRefs, it's not possible unless the built-in
auth providers are forked and rewritten.

Signed-off-by: Heikki Hellgren <heikki.hellgren@op.fi>
2024-04-15 08:21:16 +03:00
Fredrik Adelöw c26218d351 extract the cloudflare access auth provider
Signed-off-by: Fredrik Adelöw <freben@gmail.com>
2024-04-14 11:39:33 +02:00
Patrik Oldsberg bf4d71a729 auth-backend: add initial userinfo endpoint
Signed-off-by: Patrik Oldsberg <poldsberg@gmail.com>
2024-04-08 17:11:46 +02:00
Camila Belo ff681360cc refactor: make token types internal
Co-authored-by: Patrik Oldsberg <poldsberg@gmail.com>
Signed-off-by: Camila Belo <camilaibs@gmail.com>
2024-04-03 13:43:54 +02:00
Patrik Oldsberg 0d2a05418b backend-app-api,auth: move token typ claim to be a header param
Co-authored-by: Camila Belo <camilaibs@gmail.com>
Signed-off-by: Patrik Oldsberg <poldsberg@gmail.com>
2024-04-03 13:12:54 +02:00
Patrik Oldsberg 018b0910e0 backend-app-api,auth: add ent claim to user identity proof
Co-authored-by: Camila Belo <camilaibs@gmail.com>
Signed-off-by: Patrik Oldsberg <poldsberg@gmail.com>
2024-04-03 13:12:54 +02:00
Fredrik Adelöw 4194ac7200 auth: issue user identity claims and create limited user tokens from them
Co-authored-by: Camila Belo <camilaibs@gmail.com>
Signed-off-by: Fredrik Adelöw <freben@gmail.com>
2024-04-03 13:12:54 +02:00
Patrik Oldsberg 9966baab13 Merge pull request #23308 from Roshick/patch-2
fix(auth): filter only for users in emailMatchingUserEntityProfileEmail resolver
2024-03-25 16:02:01 +01:00
Ben Lambert 2c61fae153 Merge pull request #23582 from manuelfalcon/fixing-refresh-onelogin-auth-provider
OneLogin auth provider refresh method fixing scope as start method
2024-03-19 14:31:41 +01:00
Patrik Oldsberg d202a258d1 Merge pull request #23265 from swnia/master
Fix for atlassian OAuth flow
2024-03-19 10:05:16 +01:00
manuel.falcon 7c29e7fdbe OneLogin auth provider refresh method fixing scope as start method
Signed-off-by: manuel.falcon <manuel.falcon@glovoapp.com>
2024-03-15 15:29:45 +01:00
Elias Rieb 002bc3bf74 fix code and add test
Signed-off-by: Elias Rieb <e.rieb@posteo.de>
2024-03-12 18:04:42 +01:00
Fredrik Adelöw 469c9c59e8 prettier
Signed-off-by: Fredrik Adelöw <freben@gmail.com>
2024-03-12 13:17:57 +01:00
Fredrik Adelöw 5a146a15fc Update plugins/auth-backend/src/lib/resolvers/CatalogAuthResolverContext.ts
Signed-off-by: Fredrik Adelöw <freben@gmail.com>
2024-03-12 12:12:33 +01:00
Elias Rieb 038b2e6894 fix(auth): consider only entities of kind user when using findCatalogUser with filter query
Signed-off-by: Elias Rieb <e.rieb@posteo.de>
2024-03-05 09:05:02 +01:00
Severin Wischmann 10268db725 Removed unused config value
The config value `audience` was used to set the baseUrl which has a static value.
The audience parameter is static in the used library. Therefore, the reading of the config value was removed.

Signed-off-by: Severin Wischmann <severinwischmann@nianticlabs.com>
2024-03-01 10:44:42 +01:00
Fredrik Adelöw 95aee1904e Merge pull request #22211 from tylerd-canva/tylerd/cfaccess-token-poc
Add support for Cloudflare Access Tokens to `cfaccess` Auth Provider
2024-02-27 10:20:32 +01:00
Patrik Oldsberg 492fe83977 auth-backend: migrate to support new auth services
Co-authored-by: Fredrik Adelöw <freben@gmail.com>
Co-authored-by: Carl-Erik Bergström <cbergstrom@spotify.com>
Co-authored-by: blam <ben@blam.sh>
Signed-off-by: Patrik Oldsberg <poldsberg@gmail.com>
2024-02-23 10:58:13 +01:00
Tyler Davis bfd0d62351 update tests
Signed-off-by: Tyler Davis <tylerd@canva.com>
2024-02-22 17:31:59 +11:00
Tyler Davis 0d1ad9faf9 PR feedback: change structure of serviceTokens config
Signed-off-by: Tyler Davis <tylerd@canva.com>
2024-02-22 17:20:55 +11:00
Tyler Davis 3191d616e8 pr feedback: make service tokens configurable
Signed-off-by: Tyler Davis <tylerd@canva.com>
2024-02-22 17:20:55 +11:00
Tyler Davis 293c835e05 Add support for Service Tokens to the cfaccess auth provider
Signed-off-by: Tyler Davis <tylerd@canva.com>
2024-02-22 16:30:23 +11:00
Fredrik Adelöw fa7ea3f2f0 break out the providers router into a separate file
Signed-off-by: Fredrik Adelöw <freben@gmail.com>
2024-02-16 14:33:10 +01:00
Fredrik Adelöw f5e04e39d2 move away from deprecated types, import from auth-node
Signed-off-by: Fredrik Adelöw <freben@gmail.com>
2024-02-16 12:59:21 +01:00
Patrik Oldsberg a3b3e1bf8a Merge pull request #22767 from backstage/rugvip/fix
explore: fix GroupsDiagram test
2024-02-06 15:52:39 +01:00
Patrik Oldsberg 0cd6325602 Merge pull request #22580 from secustor/chore/migrate-passport-saml
chore(plugins/auth-backend): migrate from passport-saml package to @node-saml/passport-saml
2024-02-06 15:03:51 +01:00
Patrik Oldsberg a9e0107111 auth-backend: refuse to issue excessively large tokens
Signed-off-by: Patrik Oldsberg <poldsberg@gmail.com>
2024-02-06 15:02:24 +01:00
secustor d589a0488d expose new needed configuration options
Signed-off-by: secustor <sebastian@poxhofer.at>
2024-02-06 10:09:52 +01:00
Aramis ee3cbed39d remove symmetric keys
Signed-off-by: Aramis <sennyeyaramis@gmail.com>
2024-02-04 10:46:50 -05:00
Aramis 4a89bc48b1 add support for service-to-service auth external callers
Signed-off-by: Aramis <sennyeyaramis@gmail.com>
2024-02-04 10:46:50 -05:00
Aramis f6dfb17b78 add additional scopes
Signed-off-by: Aramis <sennyeyaramis@gmail.com>
2024-02-04 10:46:49 -05:00
Aramis c3a91f8213 fix(auth): add support for additional alg values
Signed-off-by: Aramis <sennyeyaramis@gmail.com>
2024-02-04 10:46:49 -05:00