Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Signed-off-by: Joe Porpeglia <josephp@spotify.com>
- Loading branch information
1 parent
7023e70
commit cef64b1
Showing
2 changed files
with
52 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,27 @@ | ||
--- | ||
'@backstage/plugin-auth-backend': minor | ||
--- | ||
|
||
**BREAKING** Added `tokenManager` as a required property for the auth-backend `createRouter` function. This dependency is used to issue server tokens that are used by the `CatalogIdentityClient` when looking up users and their group membership during authentication. | ||
|
||
These changes are **required** to `packages/backend/src/plugins/auth.ts`: | ||
|
||
```diff | ||
export default async function createPlugin({ | ||
logger, | ||
database, | ||
config, | ||
discovery, | ||
+ tokenManager, | ||
}: PluginEnvironment): Promise<Router> { | ||
return await createRouter({ | ||
logger, | ||
config, | ||
database, | ||
discovery, | ||
+ tokenManager, | ||
}); | ||
} | ||
``` | ||
|
||
**BREAKING** The `CatalogIdentityClient` constructor now expects a `TokenManager` instead of a `TokenIssuer`. The `TokenManager` interface is used to generate a server token when [resolving a user's identity and membership through the catalog](https://backstage.io/docs/auth/identity-resolver). Using server tokens for these requests allows the auth-backend to bypass authorization checks when permissions are enabled for Backstage. This change will break apps that rely on the user tokens that were previously used by the client. Refer to the ["Backend-to-backend Authentication" tutorial](https://backstage.io/docs/tutorials/backend-to-backend-auth) for more information on server token usage. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,25 @@ | ||
--- | ||
'@backstage/create-app': patch | ||
--- | ||
|
||
Added `tokenManager` as a required property for the auth-backend `createRouter` function. This dependency is used to issue server tokens that are used by the `CatalogIdentityClient` when looking up users and their group membership during authentication. | ||
|
||
These changes are **required** to `packages/backend/src/plugins/auth.ts`: | ||
|
||
```diff | ||
export default async function createPlugin({ | ||
logger, | ||
database, | ||
config, | ||
discovery, | ||
+ tokenManager, | ||
}: PluginEnvironment): Promise<Router> { | ||
return await createRouter({ | ||
logger, | ||
config, | ||
database, | ||
discovery, | ||
+ tokenManager, | ||
}); | ||
} | ||
``` |