auth-backend(fix): Add basicAuth option to OAuth provider

Signed-off-by: Johan Haals <johan.haals@gmail.com>
This commit is contained in:
Johan Haals
2021-12-07 10:59:52 +01:00
parent 95ab7baba6
commit 8f461e6043
2 changed files with 17 additions and 6 deletions
+6
View File
@@ -0,0 +1,6 @@
---
'@backstage/plugin-auth-backend': patch
---
Fixes potential bug introduced in `0.4.10` which causes `OAuth2AuthProvider` to authenticate using credentials in both POST payload and headers.
This might break some stricter OAuth2 implementations so there is now a `basicAuth` config option that can manually be set to `true` to enable this behavior.
@@ -59,6 +59,7 @@ export type OAuth2AuthProviderOptions = OAuthProviderOptions & {
tokenUrl: string;
scope?: string;
logger: Logger;
basicAuth?: boolean;
};
export class OAuth2AuthProvider implements OAuthHandlers {
@@ -85,12 +86,14 @@ export class OAuth2AuthProvider implements OAuthHandlers {
tokenURL: options.tokenUrl,
passReqToCallback: false as true,
scope: options.scope,
customHeaders: {
Authorization: `Basic ${this.encodeClientCredentials(
options.clientId,
options.clientSecret,
)}`,
},
customHeaders: options.basicAuth
? {
Authorization: `Basic ${this.encodeClientCredentials(
options.clientId,
options.clientSecret,
)}`,
}
: undefined,
},
(
accessToken: any,
@@ -244,6 +247,7 @@ export const createOAuth2Provider = (
const authorizationUrl = envConfig.getString('authorizationUrl');
const tokenUrl = envConfig.getString('tokenUrl');
const scope = envConfig.getOptionalString('scope');
const basicAuth = envConfig.getOptionalBoolean('basicAuth');
const disableRefresh =
envConfig.getOptionalBoolean('disableRefresh') ?? false;
@@ -280,6 +284,7 @@ export const createOAuth2Provider = (
tokenUrl,
scope,
logger,
basicAuth,
});
return OAuthAdapter.fromConfig(globalConfig, provider, {