From 2b0648ea60a9d37b708be5dc4ce6079bec125877 Mon Sep 17 00:00:00 2001 From: Ruben Vallejo Date: Thu, 7 Sep 2023 15:15:34 -0400 Subject: [PATCH] PR chores: changeset, api-report, cleaning Signed-off-by: Ruben Vallejo --- .changeset/short-ears-rescue.md | 5 +++ .changeset/tiny-peaches-brake.md | 5 +++ .changeset/young-ducks-heal.md | 5 +++ .../api-report.md | 28 +++++++++++++++ .../dev/index.ts | 2 +- .../src/authenticator.test.ts | 2 +- .../src/authenticator.ts | 5 +-- .../src/config.d.ts | 34 +++++++++++++++++++ .../src/module.ts | 15 +++++--- plugins/auth-backend/api-report.md | 13 +------ plugins/auth-backend/package.json | 7 +--- plugins/auth-node/api-report.md | 1 + 12 files changed, 95 insertions(+), 27 deletions(-) create mode 100644 .changeset/short-ears-rescue.md create mode 100644 .changeset/tiny-peaches-brake.md create mode 100644 .changeset/young-ducks-heal.md create mode 100644 plugins/auth-backend-module-pinniped-provider/api-report.md create mode 100644 plugins/auth-backend-module-pinniped-provider/src/config.d.ts diff --git a/.changeset/short-ears-rescue.md b/.changeset/short-ears-rescue.md new file mode 100644 index 0000000000000..41968f3da412c --- /dev/null +++ b/.changeset/short-ears-rescue.md @@ -0,0 +1,5 @@ +--- +'@backstage/plugin-auth-backend-module-pinniped-provider': minor +--- + +Add new Pinniped auth module and authenticator to be used alongside the new Pinniped auth provider. diff --git a/.changeset/tiny-peaches-brake.md b/.changeset/tiny-peaches-brake.md new file mode 100644 index 0000000000000..e6d979fca31cc --- /dev/null +++ b/.changeset/tiny-peaches-brake.md @@ -0,0 +1,5 @@ +--- +'@backstage/plugin-auth-backend': patch +--- + +Add Pinniped Auth Provider to list of default auth providers diff --git a/.changeset/young-ducks-heal.md b/.changeset/young-ducks-heal.md new file mode 100644 index 0000000000000..28614e47bcee0 --- /dev/null +++ b/.changeset/young-ducks-heal.md @@ -0,0 +1,5 @@ +--- +'@backstage/plugin-auth-node': patch +--- + +Adding optional audience parameter to OAuthState type declaration diff --git a/plugins/auth-backend-module-pinniped-provider/api-report.md b/plugins/auth-backend-module-pinniped-provider/api-report.md new file mode 100644 index 0000000000000..98be8e0b33133 --- /dev/null +++ b/plugins/auth-backend-module-pinniped-provider/api-report.md @@ -0,0 +1,28 @@ +## API Report File for "@backstage/plugin-auth-backend-module-pinniped-provider" + +> Do not edit this file. It is a report generated by [API Extractor](https://api-extractor.com/). + +```ts +import { BackendFeature } from '@backstage/backend-plugin-api'; +import { BaseClient } from 'openid-client'; +import { OAuthAuthenticator } from '@backstage/plugin-auth-node'; +import { Strategy } from 'openid-client'; +import { TokenSet } from 'openid-client'; + +// @public (undocumented) +export const authModulePinnipedProvider: () => BackendFeature; + +// @public (undocumented) +export const pinnipedAuthenticator: OAuthAuthenticator< + Promise<{ + strategy: Strategy< + { + tokenset: TokenSet; + }, + BaseClient + >; + client: BaseClient; + }>, + unknown +>; +``` diff --git a/plugins/auth-backend-module-pinniped-provider/dev/index.ts b/plugins/auth-backend-module-pinniped-provider/dev/index.ts index 0d29676cc48ab..cf0a6ebac9839 100644 --- a/plugins/auth-backend-module-pinniped-provider/dev/index.ts +++ b/plugins/auth-backend-module-pinniped-provider/dev/index.ts @@ -23,4 +23,4 @@ const backend = createBackend(); backend.add(authPlugin); backend.add(authModulePinnipedProvider); -backend.start(); \ No newline at end of file +backend.start(); diff --git a/plugins/auth-backend-module-pinniped-provider/src/authenticator.test.ts b/plugins/auth-backend-module-pinniped-provider/src/authenticator.test.ts index 87d443a11a954..ea2ca451b5480 100644 --- a/plugins/auth-backend-module-pinniped-provider/src/authenticator.test.ts +++ b/plugins/auth-backend-module-pinniped-provider/src/authenticator.test.ts @@ -353,7 +353,7 @@ describe('pinnipedAuthenticator', () => { ); expect(handlerResponse.session.idToken).toEqual(clusterScopedIdToken); - }, 70000); + }); it('fails on network error during token exchange', async () => { mswServer.use( diff --git a/plugins/auth-backend-module-pinniped-provider/src/authenticator.ts b/plugins/auth-backend-module-pinniped-provider/src/authenticator.ts index 0194ed03debbb..0b178cc0808a2 100644 --- a/plugins/auth-backend-module-pinniped-provider/src/authenticator.ts +++ b/plugins/auth-backend-module-pinniped-provider/src/authenticator.ts @@ -21,6 +21,7 @@ import { } from '@backstage/plugin-auth-node'; import { Issuer, TokenSet, Strategy as OidcStrategy } from 'openid-client'; +/** @public */ export const pinnipedAuthenticator = createOAuthAuthenticator({ defaultProfileTransform: async (_r, _c) => ({ profile: {} }), async initialize({ callbackUrl, config }) { @@ -114,7 +115,7 @@ export const pinnipedAuthenticator = createOAuthAuthenticator({ : Promise.resolve(user.tokenset.id_token) ).then(idToken => { resolve({ - fullProfile: { provider: ' ', id: ' ', displayName: ' ' }, + fullProfile: { provider: '', id: '', displayName: '' }, session: { accessToken: user.tokenset.access_token!, tokenType: user.tokenset.token_type ?? 'bearer', @@ -152,7 +153,7 @@ export const pinnipedAuthenticator = createOAuthAuthenticator({ } resolve({ - fullProfile: { provider: ' ', id: ' ', displayName: ' ' }, + fullProfile: { provider: '', id: '', displayName: '' }, session: { accessToken: tokenset.access_token!, tokenType: tokenset.token_type ?? 'bearer', diff --git a/plugins/auth-backend-module-pinniped-provider/src/config.d.ts b/plugins/auth-backend-module-pinniped-provider/src/config.d.ts new file mode 100644 index 0000000000000..50685abfb0405 --- /dev/null +++ b/plugins/auth-backend-module-pinniped-provider/src/config.d.ts @@ -0,0 +1,34 @@ +/* + * Copyright 2020 The Backstage Authors + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +export interface Config { + /** Configuration options for the auth plugin */ + auth?: { + providers?: { + pinniped?: { + [authEnv: string]: { + clientId: string; + federationDomain: string; + /** + * @visibility secret + */ + clientSecret: string; + scope?: string; + }; + }; + }; + }; +} diff --git a/plugins/auth-backend-module-pinniped-provider/src/module.ts b/plugins/auth-backend-module-pinniped-provider/src/module.ts index 0b7ca9e293a33..5fff30e82e449 100644 --- a/plugins/auth-backend-module-pinniped-provider/src/module.ts +++ b/plugins/auth-backend-module-pinniped-provider/src/module.ts @@ -14,9 +14,14 @@ * limitations under the License. */ import { createBackendModule } from '@backstage/backend-plugin-api'; -import { authProvidersExtensionPoint, commonSignInResolvers, createOAuthProviderFactory } from '@backstage/plugin-auth-node'; +import { + authProvidersExtensionPoint, + commonSignInResolvers, + createOAuthProviderFactory, +} from '@backstage/plugin-auth-node'; import { pinnipedAuthenticator } from './authenticator'; +/** @public */ export const authModulePinnipedProvider = createBackendModule({ pluginId: 'auth', moduleId: 'pinniped-provider', @@ -31,10 +36,10 @@ export const authModulePinnipedProvider = createBackendModule({ factory: createOAuthProviderFactory({ authenticator: pinnipedAuthenticator, signInResolverFactories: { - ...commonSignInResolvers - } - }) - }) + ...commonSignInResolvers, + }, + }), + }); }, }); }, diff --git a/plugins/auth-backend/api-report.md b/plugins/auth-backend/api-report.md index 25629d0dee089..f7dda68c35b3d 100644 --- a/plugins/auth-backend/api-report.md +++ b/plugins/auth-backend/api-report.md @@ -619,18 +619,7 @@ export const providers: Readonly<{ resolvers: never; }>; pinniped: Readonly<{ - create: ( - options?: - | { - authHandler?: AuthHandler | undefined; - signIn?: - | { - resolver: SignInResolver; - } - | undefined; - } - | undefined, - ) => AuthProviderFactory; + create: () => AuthProviderFactory_2; resolvers: never; }>; saml: Readonly<{ diff --git a/plugins/auth-backend/package.json b/plugins/auth-backend/package.json index e81d60b2893da..8540a55ecf136 100644 --- a/plugins/auth-backend/package.json +++ b/plugins/auth-backend/package.json @@ -32,7 +32,6 @@ "clean": "backstage-cli package clean" }, "dependencies": { - "-": "^0.0.1", "@backstage/backend-common": "workspace:^", "@backstage/backend-plugin-api": "workspace:^", "@backstage/catalog-client": "workspace:^", @@ -57,21 +56,18 @@ "cookie-parser": "^1.4.5", "cookie-signature": "^1.2.1", "cors": "^2.8.5", - "d": "^1.0.1", - "e": "^0.2.32", "express": "^4.17.1", "express-promise-router": "^4.1.0", "express-session": "^1.17.1", "fs-extra": "10.1.0", "google-auth-library": "^8.0.0", "jose": "^4.6.0", - "jwt-decode": "^3.1.2", "knex": "^2.0.0", "lodash": "^4.17.21", "luxon": "^3.0.0", "minimatch": "^5.0.0", "morgan": "^1.10.0", - "njwt": "^2.0.0", + "jwt-decode": "^3.1.2", "node-cache": "^5.1.2", "node-fetch": "^2.6.7", "openid-client": "^5.2.1", @@ -86,7 +82,6 @@ "passport-onelogin-oauth": "^0.0.1", "passport-saml": "^3.1.2", "uuid": "^8.0.0", - "v": "^0.3.0", "winston": "^3.2.1", "yn": "^4.0.0" }, diff --git a/plugins/auth-node/api-report.md b/plugins/auth-node/api-report.md index a782847d7af5b..282bd87d98189 100644 --- a/plugins/auth-node/api-report.md +++ b/plugins/auth-node/api-report.md @@ -399,6 +399,7 @@ export type OAuthState = { scope?: string; redirectUrl?: string; flow?: string; + audience?: string; }; // @public (undocumented)