From 8513cd7d00e3995344cdbb20acc97c5f2b036dcb Mon Sep 17 00:00:00 2001 From: Patrik Oldsberg Date: Tue, 8 Aug 2023 17:52:39 +0200 Subject: [PATCH] changesets: added changesets for auth-backend refactor Signed-off-by: Patrik Oldsberg --- .changeset/dry-wasps-occur.md | 5 +++++ .changeset/healthy-tools-count.md | 5 +++++ .changeset/pink-cups-rescue.md | 28 ++++++++++++++++++++++++++++ .changeset/sweet-hairs-complain.md | 5 +++++ 4 files changed, 43 insertions(+) create mode 100644 .changeset/dry-wasps-occur.md create mode 100644 .changeset/healthy-tools-count.md create mode 100644 .changeset/pink-cups-rescue.md create mode 100644 .changeset/sweet-hairs-complain.md diff --git a/.changeset/dry-wasps-occur.md b/.changeset/dry-wasps-occur.md new file mode 100644 index 0000000000..0c7d231708 --- /dev/null +++ b/.changeset/dry-wasps-occur.md @@ -0,0 +1,5 @@ +--- +'@backstage/plugin-auth-backend-module-gcp-iap-provider': minor +--- + +New module for `@backstage/plugin-auth-backend` that adds a GCP IAP auth provider. diff --git a/.changeset/healthy-tools-count.md b/.changeset/healthy-tools-count.md new file mode 100644 index 0000000000..5d3f04159f --- /dev/null +++ b/.changeset/healthy-tools-count.md @@ -0,0 +1,5 @@ +--- +'@backstage/plugin-auth-backend': patch +--- + +Deprecated several exports that are now available from `@backstage/plugin-auth-node` instead. diff --git a/.changeset/pink-cups-rescue.md b/.changeset/pink-cups-rescue.md new file mode 100644 index 0000000000..abb69e88b7 --- /dev/null +++ b/.changeset/pink-cups-rescue.md @@ -0,0 +1,28 @@ +--- +'@backstage/plugin-auth-node': minor +--- + +Introduced a new system for building auth providers for `@backstage/plugin-auth-backend`, which both increases the amount of code re-use across providers, and also works better with the new backend system. + +Many existing types have been moved from `@backstage/plugin-auth-backend` in order to avoid a direct dependency on the plugin from modules. + +Auth provider integrations are now primarily implemented through a pattern of creating "authenticators", which are in turn specific to each kind of integrations. Initially there are two types: `createOAuthAuthenticator` and `createProxyAuthenticator`. These come paired with functions that let you create the corresponding route handlers, `createOAuthRouteHandlers` and `createProxyAuthRouteHandlers`, as well as provider factories, `createOAuthProviderFactory` and `createProxyAuthProviderFactory`. This new authenticator pattern allows the sign-in logic to be separated from the auth integration logic, allowing it to be completely re-used across all providers of the same kind. + +The new provider factories also implement a new declarative way to configure sign-in resolvers, rather than configuration through code. Sign-in resolvers can now be configured through the `resolvers` configuration key, where the first resolver that provides an identity will be used, for example: + +```yaml +auth: + providers: + google: + development: + clientId: ... + clientSecret: ... + signIn: + resolvers: + - resolver: emailMatchingUserEntityAnnotation + - resolver: emailLocalPartMatchingUserEntityName +``` + +These configurable resolvers are created with a new `createSignInResolverFactory` function, which creates a sign-in resolver factory, optionally with an options schema that will be used both when configuring the sign-in resolver through configuration and code. + +The internal helpers from `@backstage/plugin-auth-backend` that were used to implement auth providers using passport strategies have now also been made available as public API, through `PassportHelpers` and `PassportOAuthAuthenticatorHelper`. diff --git a/.changeset/sweet-hairs-complain.md b/.changeset/sweet-hairs-complain.md new file mode 100644 index 0000000000..56dede5617 --- /dev/null +++ b/.changeset/sweet-hairs-complain.md @@ -0,0 +1,5 @@ +--- +'@backstage/plugin-auth-backend-module-google-provider': minor +--- + +New module for `@backstage/plugin-auth-backend` that adds a Google auth provider.