From 71c3b7f7653301fd23c3e4f5511f770d209ced6d Mon Sep 17 00:00:00 2001 From: Alex Crome Date: Mon, 19 Feb 2024 14:38:19 +0000 Subject: [PATCH] Fix Microsoft Auth Provider when Profile not requested Ensure that the Microsoft provider passes an empty profile object down if it hasn't received/requested one from the provider. Fixes #23032. The legacy Microsoft provider did something similar to replace a null profile with an empty object. https://github.com/backstage/backstage/blob/96c4f54bf6070db12676e9af0bf75d0d479c3d72/plugins/auth-backend/src/providers/microsoft/provider.ts#L266 I guess the only question is whether we want to fix this specifically for the Microsoft provider, or should we handle a null profiles deeper in the stack (i.e. `PassportOAuthAuthenticatorHelper.defaultProfileTransform` or in `PassportHelpers.transformProfile`) Reason this didn't affect the legacy backend is that it was only recently the legacy backend Microsoft module was swapped over to use the path from the newer backend - #22208 Signed-off-by: Alex Crome --- .changeset/eight-oranges-wave.md | 5 +++++ .../src/authenticator.ts | 13 +++++++++++-- 2 files changed, 16 insertions(+), 2 deletions(-) create mode 100644 .changeset/eight-oranges-wave.md diff --git a/.changeset/eight-oranges-wave.md b/.changeset/eight-oranges-wave.md new file mode 100644 index 0000000000..37ac485d6c --- /dev/null +++ b/.changeset/eight-oranges-wave.md @@ -0,0 +1,5 @@ +--- +'@backstage/plugin-auth-backend-module-microsoft-provider': patch +--- + +Fix error when microsoft token is requested without the profile scope. diff --git a/plugins/auth-backend-module-microsoft-provider/src/authenticator.ts b/plugins/auth-backend-module-microsoft-provider/src/authenticator.ts index 1b6eb87fae..f4927b76c0 100644 --- a/plugins/auth-backend-module-microsoft-provider/src/authenticator.ts +++ b/plugins/auth-backend-module-microsoft-provider/src/authenticator.ts @@ -16,6 +16,7 @@ import { createOAuthAuthenticator, + OAuthAuthenticatorResult, PassportOAuthAuthenticatorHelper, PassportOAuthDoneCallback, PassportProfile, @@ -25,8 +26,16 @@ import { union } from 'lodash'; /** @public */ export const microsoftAuthenticator = createOAuthAuthenticator({ - defaultProfileTransform: - PassportOAuthAuthenticatorHelper.defaultProfileTransform, + defaultProfileTransform: ( + result: OAuthAuthenticatorResult, + context, + ) => { + result.fullProfile = result.fullProfile ?? {}; + return PassportOAuthAuthenticatorHelper.defaultProfileTransform( + result, + context, + ); + }, initialize({ callbackUrl, config }) { const clientId = config.getString('clientId'); const clientSecret = config.getString('clientSecret');