PR chores: changeset, api-report, cleaning

Signed-off-by: Ruben Vallejo <rvallejo@vmware.com>

.changeset/short-ears-rescue.md

@@ -0,0 +1,5 @@
+---
+'@backstage/plugin-auth-backend-module-pinniped-provider': minor
+---
+
+Add new Pinniped auth module and authenticator to be used alongside the new Pinniped auth provider.

.changeset/tiny-peaches-brake.md

@@ -0,0 +1,5 @@
+---
+'@backstage/plugin-auth-backend': patch
+---
+
+Add Pinniped Auth Provider to list of default auth providers

.changeset/young-ducks-heal.md

@@ -0,0 +1,5 @@
+---
+'@backstage/plugin-auth-node': patch
+---
+
+Adding optional audience parameter to OAuthState type declaration

plugins/auth-backend-module-pinniped-provider/api-report.md

@@ -0,0 +1,28 @@
+## API Report File for "@backstage/plugin-auth-backend-module-pinniped-provider"
+
+> Do not edit this file. It is a report generated by [API Extractor](https://api-extractor.com/).
+
+```ts
+import { BackendFeature } from '@backstage/backend-plugin-api';
+import { BaseClient } from 'openid-client';
+import { OAuthAuthenticator } from '@backstage/plugin-auth-node';
+import { Strategy } from 'openid-client';
+import { TokenSet } from 'openid-client';
+
+// @public (undocumented)
+export const authModulePinnipedProvider: () => BackendFeature;
+
+// @public (undocumented)
+export const pinnipedAuthenticator: OAuthAuthenticator<
+  Promise<{
+    strategy: Strategy<
+      {
+        tokenset: TokenSet;
+      },
+      BaseClient
+    >;
+    client: BaseClient;
+  }>,
+  unknown
+>;
+```

plugins/auth-backend-module-pinniped-provider/dev/index.ts

@@ -23,4 +23,4 @@ const backend = createBackend();
 backend.add(authPlugin);
 backend.add(authModulePinnipedProvider);
 
-backend.start();
+backend.start();

plugins/auth-backend-module-pinniped-provider/src/authenticator.test.ts

@@ -353,7 +353,7 @@ describe('pinnipedAuthenticator', () => {
       );
 
       expect(handlerResponse.session.idToken).toEqual(clusterScopedIdToken);
-    }, 70000);
+    });
 
     it('fails on network error during token exchange', async () => {
       mswServer.use(

plugins/auth-backend-module-pinniped-provider/src/authenticator.ts

@@ -21,6 +21,7 @@ import {
 } from '@backstage/plugin-auth-node';
 import { Issuer, TokenSet, Strategy as OidcStrategy } from 'openid-client';
 
+/** @public */
 export const pinnipedAuthenticator = createOAuthAuthenticator({
   defaultProfileTransform: async (_r, _c) => ({ profile: {} }),
   async initialize({ callbackUrl, config }) {
@@ -114,7 +115,7 @@ export const pinnipedAuthenticator = createOAuthAuthenticator({
           : Promise.resolve(user.tokenset.id_token)
         ).then(idToken => {
           resolve({
-            fullProfile: { provider: ' ', id: ' ', displayName: ' ' },
+            fullProfile: { provider: '', id: '', displayName: '' },
             session: {
               accessToken: user.tokenset.access_token!,
               tokenType: user.tokenset.token_type ?? 'bearer',
@@ -152,7 +153,7 @@ export const pinnipedAuthenticator = createOAuthAuthenticator({
       }
 
       resolve({
-        fullProfile: { provider: ' ', id: ' ', displayName: ' ' },
+        fullProfile: { provider: '', id: '', displayName: '' },
         session: {
           accessToken: tokenset.access_token!,
           tokenType: tokenset.token_type ?? 'bearer',

plugins/auth-backend-module-pinniped-provider/src/config.d.ts

@@ -0,0 +1,34 @@
+/*
+ * Copyright 2020 The Backstage Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+export interface Config {
+  /** Configuration options for the auth plugin */
+  auth?: {
+    providers?: {
+      pinniped?: {
+        [authEnv: string]: {
+          clientId: string;
+          federationDomain: string;
+          /**
+           * @visibility secret
+           */
+          clientSecret: string;
+          scope?: string;
+        };
+      };
+    };
+  };
+}

plugins/auth-backend-module-pinniped-provider/src/module.ts

@@ -14,9 +14,14 @@
  * limitations under the License.
  */
 import { createBackendModule } from '@backstage/backend-plugin-api';
-import { authProvidersExtensionPoint, commonSignInResolvers, createOAuthProviderFactory } from '@backstage/plugin-auth-node';
+import {
+  authProvidersExtensionPoint,
+  commonSignInResolvers,
+  createOAuthProviderFactory,
+} from '@backstage/plugin-auth-node';
 import { pinnipedAuthenticator } from './authenticator';
 
+/** @public */
 export const authModulePinnipedProvider = createBackendModule({
   pluginId: 'auth',
   moduleId: 'pinniped-provider',
@@ -31,10 +36,10 @@ export const authModulePinnipedProvider = createBackendModule({
           factory: createOAuthProviderFactory({
             authenticator: pinnipedAuthenticator,
             signInResolverFactories: {
-              ...commonSignInResolvers
-            }
-          })
-        })
+              ...commonSignInResolvers,
+            },
+          }),
+        });
       },
     });
   },

plugins/auth-backend/api-report.md

@@ -619,18 +619,7 @@ export const providers: Readonly<{
     resolvers: never;
   }>;
   pinniped: Readonly<{
-    create: (
-      options?:
-        | {
-            authHandler?: AuthHandler<OidcAuthResult> | undefined;
-            signIn?:
-              | {
-                  resolver: SignInResolver<OidcAuthResult>;
-                }
-              | undefined;
-          }
-        | undefined,
-    ) => AuthProviderFactory;
+    create: () => AuthProviderFactory_2;
     resolvers: never;
   }>;
   saml: Readonly<{

plugins/auth-backend/package.json

@@ -32,7 +32,6 @@
     "clean": "backstage-cli package clean"
   },
   "dependencies": {
-    "-": "^0.0.1",
     "@backstage/backend-common": "workspace:^",
     "@backstage/backend-plugin-api": "workspace:^",
     "@backstage/catalog-client": "workspace:^",
@@ -57,21 +56,18 @@
     "cookie-parser": "^1.4.5",
     "cookie-signature": "^1.2.1",
     "cors": "^2.8.5",
-    "d": "^1.0.1",
-    "e": "^0.2.32",
     "express": "^4.17.1",
     "express-promise-router": "^4.1.0",
     "express-session": "^1.17.1",
     "fs-extra": "10.1.0",
     "google-auth-library": "^8.0.0",
     "jose": "^4.6.0",
-    "jwt-decode": "^3.1.2",
     "knex": "^2.0.0",
     "lodash": "^4.17.21",
     "luxon": "^3.0.0",
     "minimatch": "^5.0.0",
     "morgan": "^1.10.0",
-    "njwt": "^2.0.0",
+    "jwt-decode": "^3.1.2",
     "node-cache": "^5.1.2",
     "node-fetch": "^2.6.7",
     "openid-client": "^5.2.1",
@@ -86,7 +82,6 @@
     "passport-onelogin-oauth": "^0.0.1",
     "passport-saml": "^3.1.2",
     "uuid": "^8.0.0",
-    "v": "^0.3.0",
     "winston": "^3.2.1",
     "yn": "^4.0.0"
   },

plugins/auth-node/api-report.md

@@ -399,6 +399,7 @@ export type OAuthState = {
   scope?: string;
   redirectUrl?: string;
   flow?: string;
+  audience?: string;
 };
 
 // @public (undocumented)