Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Pinniped Auth Provider #19846

Merged
merged 24 commits into from Oct 13, 2023
Merged

Pinniped Auth Provider #19846

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
24 commits
Select commit Hold shift + click to select a range
d4cdf46
extract pinniped auth provider
Mar 27, 2023
50223e7
WIP: conditionally skip user profile
Mar 27, 2023
7b4b8a0
wip: auth-backed performs rfc 8693 token exchange
Mar 28, 2023
07df9ce
implement consent redirect in new PinnipedAuthProvider
rvallejony Jul 11, 2023
295dae8
passing pinniped authprovider #handler responds with Id token test
rvallejony Jul 24, 2023
7c26171
refactor: minimal passing implementation
Aug 8, 2023
c1c062a
refine requirements for start method
Aug 8, 2023
b6f103d
working integration test
Aug 9, 2023
7dc7a38
authorization code exchange for a valid access_token
rvallejony Aug 15, 2023
ae05982
Provider requests scopes
rvallejony Aug 17, 2023
07dcd84
Add redirect and error methods to the handlers strategy along with un…
rvallejony Aug 21, 2023
9fedd45
introduce audience parameter into start method and pass it into oauth…
rvallejony Aug 22, 2023
44483b9
refactor and add #refresh to pinnipedAuth provider
rvallejony Aug 22, 2023
448ff7b
add offline_access scope to default scope list in #start
rvallejony Aug 24, 2023
eb1dac4
Change handler to return scope returned by the tokenset
rvallejony Aug 24, 2023
f5be2ec
Add rfc token exchange logic to #handler success
rvallejony Aug 28, 2023
5ee7c78
refactor provider unit tests
rvallejony Aug 28, 2023
70a3c26
resolve rebase type/compilation errors
rvallejony Aug 30, 2023
8d3e9c7
clean up tests
Aug 30, 2023
501a8b5
WIP: new auth pattern refactor, intro module and authenticator tests,…
rvallejony Aug 31, 2023
362a5e2
Completed Pinniped Authenticator refactor with passing unit tests
rvallejony Sep 6, 2023
ae34255
PR chores: changeset, api-report, cleaning, add catalog-info entry
rvallejony Sep 7, 2023
b497b6e
Extract rfc8693 tokenexchange logic to a helper function
rvallejony Sep 12, 2023
2f172ba
remove pinniped provider from default providers in auth-backend
rvallejony Oct 11, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
5 changes: 5 additions & 0 deletions .changeset/short-ears-rescue.md
View file
Open in desktop
@@ -0,0 +1,5 @@
---
'@backstage/plugin-auth-backend-module-pinniped-provider': minor
---

Add new Pinniped auth module and authenticator to be used alongside the new Pinniped auth provider.
5 changes: 5 additions & 0 deletions .changeset/young-ducks-heal.md
View file
Open in desktop
@@ -0,0 +1,5 @@
---
'@backstage/plugin-auth-node': patch
---

Adding optional audience parameter to OAuthState type declaration
1 change: 1 addition & 0 deletions plugins/auth-backend-module-pinniped-provider/.eslintrc.js
View file
Open in desktop
@@ -0,0 +1 @@
module.exports = require('@backstage/cli/config/eslint-factory')(__dirname);
7 changes: 7 additions & 0 deletions plugins/auth-backend-module-pinniped-provider/README.md
View file
Open in desktop
@@ -0,0 +1,7 @@
# Auth Module: Pinniped Provider

This module provides an Pinniped auth provider implementation for `@backstage/plugin-auth-backend`.

## Links

- [Backstage](https://backstage.io)
28 changes: 28 additions & 0 deletions plugins/auth-backend-module-pinniped-provider/api-report.md
View file
Open in desktop
@@ -0,0 +1,28 @@
## API Report File for "@backstage/plugin-auth-backend-module-pinniped-provider"

> Do not edit this file. It is a report generated by [API Extractor](https://api-extractor.com/).

```ts
import { BackendFeature } from '@backstage/backend-plugin-api';
import { BaseClient } from 'openid-client';
import { OAuthAuthenticator } from '@backstage/plugin-auth-node';
import { Strategy } from 'openid-client';
import { TokenSet } from 'openid-client';

// @public (undocumented)
export const authModulePinnipedProvider: () => BackendFeature;

// @public (undocumented)
export const pinnipedAuthenticator: OAuthAuthenticator<
Promise<{
providerStrategy: Strategy<
{
tokenset: TokenSet;
},
BaseClient
>;
client: BaseClient;
}>,
unknown
>;
```
10 changes: 10 additions & 0 deletions plugins/auth-backend-module-pinniped-provider/catalog-info.yaml
View file
Open in desktop
@@ -0,0 +1,10 @@
apiVersion: backstage.io/v1alpha1
kind: Component
metadata:
name: backstage-plugin-auth-backend-module-pinniped-provider
title: '@backstage/plugin-auth-backend-module-pinniped-provider'
description: The pinniped-provider backend module for the auth plugin.
spec:
lifecycle: experimental
type: backstage-backend-plugin-module
owner: maintainers
26 changes: 26 additions & 0 deletions plugins/auth-backend-module-pinniped-provider/dev/index.ts
View file
Open in desktop
@@ -0,0 +1,26 @@
/*
* Copyright 2023 The Backstage Authors
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/

import { createBackend } from '@backstage/backend-defaults';
import authPlugin from '@backstage/plugin-auth-backend';
import { authModulePinnipedProvider } from '../src';

const backend = createBackend();

backend.add(authPlugin);
backend.add(authModulePinnipedProvider);

backend.start();
49 changes: 49 additions & 0 deletions plugins/auth-backend-module-pinniped-provider/package.json
View file
Open in desktop
@@ -0,0 +1,49 @@
{
"name": "@backstage/plugin-auth-backend-module-pinniped-provider",
"description": "The pinniped-provider backend module for the auth plugin.",
"version": "0.0.0",
"main": "src/index.ts",
"types": "src/index.ts",
"license": "Apache-2.0",
"publishConfig": {
"access": "public",
"main": "dist/index.cjs.js",
"types": "dist/index.d.ts"
},
"backstage": {
"role": "backend-plugin-module"
},
"scripts": {
"start": "backstage-cli package start",
"build": "backstage-cli package build",
"lint": "backstage-cli package lint",
"test": "backstage-cli package test",
"clean": "backstage-cli package clean",
"prepack": "backstage-cli package prepack",
"postpack": "backstage-cli package postpack"
},
"dependencies": {
"@backstage/backend-common": "workspace:^",
"@backstage/backend-plugin-api": "workspace:^",
"@backstage/plugin-auth-node": "workspace:^",
"openid-client": "^5.4.3"
},
"devDependencies": {
"@backstage/backend-defaults": "workspace:^",
"@backstage/backend-test-utils": "workspace:^",
"@backstage/cli": "workspace:^",
"@backstage/config": "workspace:^",
"@backstage/plugin-auth-backend": "workspace:^",
"cookie-parser": "^1.4.6",
"express": "^4.18.2",
"express-promise-router": "^4.1.1",
"express-session": "^1.17.3",
"jose": "^4.14.6",
"msw": "^1.3.0",
"passport": "^0.6.0",
"supertest": "^6.3.3"
},
"files": [
"dist"
]
}