auth-backend: cleanup types and move them closer to home

plugins/auth-backend/src/lib/EnvironmentHandler.ts

@@ -15,16 +15,17 @@
  */
 
 import express from 'express';
-import {
-  AuthProviderRouteHandlers,
-  EnvironmentIdentifierFn,
-} from '../providers/types';
+import { AuthProviderRouteHandlers } from '../providers/types';
 import { InputError } from '@backstage/backend-common';
 
 export type EnvironmentHandlers = {
   [key: string]: AuthProviderRouteHandlers;
 };
 
+export type EnvironmentIdentifierFn = (
+  req: express.Request,
+) => string | undefined;
+
 export class EnvironmentHandler implements AuthProviderRouteHandlers {
   constructor(
     private readonly providerId: string,

plugins/auth-backend/src/lib/PassportStrategyHelper.ts

@@ -17,12 +17,13 @@
 import express from 'express';
 import passport from 'passport';
 import jwtDecoder from 'jwt-decode';
-import {
-  RedirectInfo,
-  RefreshTokenResponse,
-  ProfileInfo,
-  ProviderStrategy,
-} from '../providers/types';
+import { ProfileInfo } from '../providers/types';
+
+export type PassportDoneCallback<Res, Private = never> = (
+  err?: Error,
+  response?: Res,
+  privateInfo?: Private,
+) => void;
 
 export const makeProfileInfo = (
   profile: passport.Profile,
@@ -63,6 +64,17 @@ export const makeProfileInfo = (
   };
 };
 
+export type RedirectInfo = {
+  /**
+   * URL to redirect to
+   */
+  url: string;
+  /**
+   * Status code to use for the redirect
+   */
+  status?: number;
+};
+
 export const executeRedirectStrategy = async (
   req: express.Request,
   providerStrategy: passport.Strategy,
@@ -106,6 +118,18 @@ export const executeFrameHandlerStrategy = async <T, PrivateInfo = never>(
   );
 };
 
+type RefreshTokenResponse = {
+  /**
+   * An access token issued for the signed in user.
+   */
+  accessToken: string;
+  /**
+   * Optionally, the server can issue a new Refresh Token for the user
+   */
+  refreshToken?: string;
+  params: any;
+};
+
 export const executeRefreshTokenStrategy = async (
   providerStrategy: passport.Strategy,
   refreshToken: string,
@@ -156,6 +180,10 @@ export const executeRefreshTokenStrategy = async (
   });
 };
 
+type ProviderStrategy = {
+  userProfile(accessToken: string, callback: Function): void;
+};
+
 export const executeFetchUserProfileStrategy = async (
   providerStrategy: passport.Strategy,
   accessToken: string,

plugins/auth-backend/src/lib/flow/authFlowHelpers.test.ts

@@ -16,7 +16,7 @@
 
 import express from 'express';
 import { ensuresXRequestedWith, postMessageResponse } from './authFlowHelpers';
-import { WebMessageResponse } from '../../providers/types';
+import { WebMessageResponse } from './types';
 
 describe('OAuthProvider Utils', () => {
   describe('postMessageResponse', () => {

plugins/auth-backend/src/lib/flow/authFlowHelpers.ts

@@ -16,7 +16,7 @@
 
 import express from 'express';
 import crypto from 'crypto';
-import { WebMessageResponse } from '../../providers/types';
+import { WebMessageResponse } from './types';
 
 export const postMessageResponse = (
   res: express.Response,

plugins/auth-backend/src/lib/flow/types.ts

@@ -0,0 +1,31 @@
+/*
+ * Copyright 2020 Spotify AB
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+import { AuthResponse } from '../../providers/types';
+
+/**
+ * Payload sent as a post message after the auth request is complete.
+ * If successful then has a valid payload with Auth information else contains an error.
+ */
+export type WebMessageResponse =
+  | {
+      type: 'authorization_response';
+      response: AuthResponse<unknown>;
+    }
+  | {
+      type: 'authorization_response';
+      error: Error;
+    };

plugins/auth-backend/src/lib/oauth/OAuthProvider.test.ts

@@ -20,8 +20,8 @@ import {
   TEN_MINUTES_MS,
   OAuthProvider,
 } from './OAuthProvider';
-import { OAuthProviderHandlers } from '../../providers/types';
 import { encodeState } from './helpers';
+import { OAuthProviderHandlers } from './types';
 
 const mockResponseData = {
   providerInfo: {

plugins/auth-backend/src/lib/oauth/OAuthProvider.ts

@@ -19,7 +19,6 @@ import crypto from 'crypto';
 import { URL } from 'url';
 import {
   AuthProviderRouteHandlers,
-  OAuthProviderHandlers,
   BackstageIdentity,
   AuthProviderConfig,
 } from '../../providers/types';
@@ -27,6 +26,7 @@ import { InputError } from '@backstage/backend-common';
 import { TokenIssuer } from '../../identity';
 import { verifyNonce, encodeState } from './helpers';
 import { postMessageResponse, ensuresXRequestedWith } from '../flow';
+import { OAuthProviderHandlers } from './types';
 
 export const THOUSAND_DAYS_MS = 1000 * 24 * 60 * 60 * 1000;
 export const TEN_MINUTES_MS = 600 * 1000;

plugins/auth-backend/src/lib/oauth/helpers.ts

@@ -15,9 +15,9 @@
  */
 
 import express from 'express';
-import { OAuthState } from '../../providers/types';
+import { OAuthState } from './types';
 
-const readState = (stateString: string): OAuthState => {
+export const readState = (stateString: string): OAuthState => {
   const state = Object.fromEntries(
     new URLSearchParams(decodeURIComponent(stateString)),
   );

plugins/auth-backend/src/lib/oauth/index.ts

@@ -14,4 +14,12 @@
  * limitations under the License.
  */
 
+export { OAuthEnvironmentHandler } from './OAuthEnvironmentHandler';
 export { OAuthProvider } from './OAuthProvider';
+export type {
+  OAuthProviderHandlers,
+  OAuthProviderInfo,
+  OAuthProviderOptions,
+  OAuthResponse,
+  OAuthState,
+} from './types';

plugins/auth-backend/src/lib/oauth/types.ts

@@ -0,0 +1,112 @@
+/*
+ * Copyright 2020 Spotify AB
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+import express from 'express';
+import { AuthResponse } from '../../providers/types';
+import { RedirectInfo } from '../PassportStrategyHelper';
+
+/**
+ * Common options for passport.js-based OAuth providers
+ */
+export type OAuthProviderOptions = {
+  /**
+   * Client ID of the auth provider.
+   */
+  clientId: string;
+  /**
+   * Client Secret of the auth provider.
+   */
+  clientSecret: string;
+  /**
+   * Callback URL to be passed to the auth provider to redirect to after the user signs in.
+   */
+  callbackUrl: string;
+};
+
+export type OAuthResponse = AuthResponse<OAuthProviderInfo>;
+
+export type OAuthProviderInfo = {
+  /**
+   * An access token issued for the signed in user.
+   */
+  accessToken: string;
+  /**
+   * (Optional) Id token issued for the signed in user.
+   */
+  idToken?: string;
+  /**
+   * Expiry of the access token in seconds.
+   */
+  expiresInSeconds?: number;
+  /**
+   * Scopes granted for the access token.
+   */
+  scope: string;
+  /**
+   * A refresh token issued for the signed in user
+   */
+  refreshToken?: string;
+};
+
+export type OAuthState = {
+  /* A type for the serialized value in the `state` parameter of the OAuth authorization flow
+   */
+  nonce: string;
+  env: string;
+};
+
+/**
+ * Any OAuth provider needs to implement this interface which has provider specific
+ * handlers for different methods to perform authentication, get access tokens,
+ * refresh tokens and perform sign out.
+ */
+export interface OAuthProviderHandlers {
+  /**
+   * This method initiates a sign in request with an auth provider.
+   * @param {express.Request} req
+   * @param options
+   */
+  start(
+    req: express.Request,
+    options: Record<string, string>,
+  ): Promise<RedirectInfo>;
+
+  /**
+   * Handles the redirect from the auth provider when the user has signed in.
+   * @param {express.Request} req
+   */
+  handler(
+    req: express.Request,
+  ): Promise<{
+    response: AuthResponse<OAuthProviderInfo>;
+    refreshToken?: string;
+  }>;
+
+  /**
+   * (Optional) Given a refresh token and scope fetches a new access token from the auth provider.
+   * @param {string} refreshToken
+   * @param {string} scope
+   */
+  refresh?(
+    refreshToken: string,
+    scope: string,
+  ): Promise<AuthResponse<OAuthProviderInfo>>;
+
+  /**
+   * (Optional) Sign out of the auth provider.
+   */
+  logout?(): Promise<void>;
+}

plugins/auth-backend/src/providers/auth0/provider.ts

@@ -19,22 +19,22 @@ import passport from 'passport';
 import Auth0Strategy from './strategy';
 import { Logger } from 'winston';
 import { TokenIssuer } from '../../identity';
-import { OAuthProvider } from '../../lib/oauth';
+import {
+  OAuthProvider,
+  OAuthProviderOptions,
+  OAuthProviderHandlers,
+  OAuthResponse,
+} from '../../lib/oauth';
 import {
   executeFetchUserProfileStrategy,
   executeFrameHandlerStrategy,
   executeRedirectStrategy,
   executeRefreshTokenStrategy,
   makeProfileInfo,
-} from '../../lib/PassportStrategyHelper';
-import {
-  AuthProviderConfig,
-  OAuthProviderHandlers,
-  OAuthResponse,
   PassportDoneCallback,
   RedirectInfo,
-  OAuthProviderOptions,
-} from '../types';
+} from '../../lib/PassportStrategyHelper';
+import { AuthProviderConfig } from '../types';
 import { Config } from '@backstage/config';
 
 type PrivateInfo = {

plugins/auth-backend/src/providers/factories.ts

@@ -25,15 +25,12 @@ import { createOktaProvider } from './okta';
 import { createSamlProvider } from './saml';
 import { createAuth0Provider } from './auth0';
 import { createMicrosoftProvider } from './microsoft';
-import {
-  AuthProviderConfig,
-  AuthProviderFactory,
-  EnvironmentIdentifierFn,
-} from './types';
+import { AuthProviderConfig, AuthProviderFactory } from './types';
 import { Config } from '@backstage/config';
 import {
   EnvironmentHandlers,
   EnvironmentHandler,
+  EnvironmentIdentifierFn,
 } from '../lib/EnvironmentHandler';
 
 const factories: { [providerId: string]: AuthProviderFactory } = {

plugins/auth-backend/src/providers/github/provider.ts

@@ -20,16 +20,16 @@ import {
   executeFrameHandlerStrategy,
   executeRedirectStrategy,
   makeProfileInfo,
-} from '../../lib/PassportStrategyHelper';
-import {
-  OAuthProviderHandlers,
-  AuthProviderConfig,
-  RedirectInfo,
-  OAuthProviderOptions,
-  OAuthResponse,
   PassportDoneCallback,
-} from '../types';
-import { OAuthProvider } from '../../lib/oauth';
+  RedirectInfo,
+} from '../../lib/PassportStrategyHelper';
+import { AuthProviderConfig } from '../types';
+import {
+  OAuthProvider,
+  OAuthProviderOptions,
+  OAuthProviderHandlers,
+  OAuthResponse,
+} from '../../lib/oauth';
 import { Logger } from 'winston';
 import { TokenIssuer } from '../../identity';
 import passport from 'passport';

plugins/auth-backend/src/providers/gitlab/provider.ts

@@ -20,16 +20,16 @@ import {
   executeFrameHandlerStrategy,
   executeRedirectStrategy,
   makeProfileInfo,
-} from '../../lib/PassportStrategyHelper';
-import {
-  OAuthProviderHandlers,
-  AuthProviderConfig,
-  RedirectInfo,
-  OAuthProviderOptions,
-  OAuthResponse,
   PassportDoneCallback,
-} from '../types';
-import { OAuthProvider } from '../../lib/oauth';
+  RedirectInfo,
+} from '../../lib/PassportStrategyHelper';
+import { AuthProviderConfig } from '../types';
+import {
+  OAuthProvider,
+  OAuthProviderOptions,
+  OAuthProviderHandlers,
+  OAuthResponse,
+} from '../../lib/oauth';
 import { Logger } from 'winston';
 import { TokenIssuer } from '../../identity';
 import passport from 'passport';

plugins/auth-backend/src/providers/google/provider.ts

@@ -22,16 +22,16 @@ import {
   executeRefreshTokenStrategy,
   makeProfileInfo,
   executeFetchUserProfileStrategy,
-} from '../../lib/PassportStrategyHelper';
-import {
-  OAuthProviderHandlers,
+  PassportDoneCallback,
   RedirectInfo,
-  AuthProviderConfig,
+} from '../../lib/PassportStrategyHelper';
+import { AuthProviderConfig } from '../types';
+import {
+  OAuthProvider,
+  OAuthProviderHandlers,
   OAuthProviderOptions,
   OAuthResponse,
-  PassportDoneCallback,
-} from '../types';
-import { OAuthProvider } from '../../lib/oauth';
+} from '../../lib/oauth';
 import passport from 'passport';
 import { Logger } from 'winston';
 import { TokenIssuer } from '../../identity';

plugins/auth-backend/src/providers/microsoft/provider.ts

@@ -24,18 +24,18 @@ import {
   executeRefreshTokenStrategy,
   makeProfileInfo,
   executeFetchUserProfileStrategy,
+  PassportDoneCallback,
+  RedirectInfo,
 } from '../../lib/PassportStrategyHelper';
 
-import {
-  OAuthProviderHandlers,
-  RedirectInfo,
-  AuthProviderConfig,
-  OAuthProviderOptions,
-  OAuthResponse,
-  PassportDoneCallback,
-} from '../types';
+import { AuthProviderConfig } from '../types';
 
-import { OAuthProvider } from '../../lib/oauth';
+import {
+  OAuthProvider,
+  OAuthProviderOptions,
+  OAuthProviderHandlers,
+  OAuthResponse,
+} from '../../lib/oauth';
 import { Logger } from 'winston';
 import { TokenIssuer } from '../../identity';
 import { Config } from '@backstage/config';

plugins/auth-backend/src/providers/oauth2/provider.ts

@@ -19,22 +19,22 @@ import passport from 'passport';
 import { Strategy as OAuth2Strategy } from 'passport-oauth2';
 import { Logger } from 'winston';
 import { TokenIssuer } from '../../identity';
-import { OAuthProvider } from '../../lib/oauth';
+import {
+  OAuthProvider,
+  OAuthProviderOptions,
+  OAuthProviderHandlers,
+  OAuthResponse,
+} from '../../lib/oauth';
 import {
   executeFetchUserProfileStrategy,
   executeFrameHandlerStrategy,
   executeRedirectStrategy,
   executeRefreshTokenStrategy,
   makeProfileInfo,
-} from '../../lib/PassportStrategyHelper';
-import {
-  AuthProviderConfig,
-  OAuthProviderOptions,
-  OAuthProviderHandlers,
-  OAuthResponse,
   PassportDoneCallback,
   RedirectInfo,
-} from '../types';
+} from '../../lib/PassportStrategyHelper';
+import { AuthProviderConfig } from '../types';
 import { Config } from '@backstage/config';
 
 type PrivateInfo = {

plugins/auth-backend/src/providers/okta/provider.ts

@@ -14,7 +14,12 @@
  * limitations under the License.
  */
 import express from 'express';
-import { OAuthProvider } from '../../lib/oauth';
+import {
+  OAuthProvider,
+  OAuthProviderOptions,
+  OAuthProviderHandlers,
+  OAuthResponse,
+} from '../../lib/oauth';
 import { Strategy as OktaStrategy } from 'passport-okta-oauth';
 import passport from 'passport';
 import {
@@ -23,15 +28,10 @@ import {
   executeRefreshTokenStrategy,
   makeProfileInfo,
   executeFetchUserProfileStrategy,
-} from '../../lib/PassportStrategyHelper';
-import {
-  OAuthProviderHandlers,
-  RedirectInfo,
-  AuthProviderConfig,
-  OAuthProviderOptions,
-  OAuthResponse,
   PassportDoneCallback,
-} from '../types';
+  RedirectInfo,
+} from '../../lib/PassportStrategyHelper';
+import { AuthProviderConfig } from '../types';
 import { Logger } from 'winston';
 import { StateStore } from 'passport-oauth2';
 import { TokenIssuer } from '../../identity';

plugins/auth-backend/src/providers/saml/provider.ts

@@ -23,11 +23,11 @@ import {
 import {
   executeFrameHandlerStrategy,
   executeRedirectStrategy,
+  PassportDoneCallback,
 } from '../../lib/PassportStrategyHelper';
 import {
   AuthProviderConfig,
   AuthProviderRouteHandlers,
-  PassportDoneCallback,
   ProfileInfo,
 } from '../types';
 import { postMessageResponse } from '../../lib/flow';

plugins/auth-backend/src/providers/types.ts

@@ -19,21 +19,6 @@ import { Logger } from 'winston';
 import { TokenIssuer } from '../identity';
 import { Config } from '@backstage/config';
 
-export type OAuthProviderOptions = {
-  /**
-   * Client ID of the auth provider.
-   */
-  clientId: string;
-  /**
-   * Client Secret of the auth provider.
-   */
-  clientSecret: string;
-  /**
-   * Callback URL to be passed to the auth provider to redirect to after the user signs in.
-   */
-  callbackUrl: string;
-};
-
 export type AuthProviderConfig = {
   /**
    * The protocol://domain[:port] where the app is hosted. This is used to construct the
@@ -47,49 +32,6 @@ export type AuthProviderConfig = {
   appUrl: string;
 };
 
-/**
- * Any OAuth provider needs to implement this interface which has provider specific
- * handlers for different methods to perform authentication, get access tokens,
- * refresh tokens and perform sign out.
- */
-export interface OAuthProviderHandlers {
-  /**
-   * This method initiates a sign in request with an auth provider.
-   * @param {express.Request} req
-   * @param options
-   */
-  start(
-    req: express.Request,
-    options: Record<string, string>,
-  ): Promise<RedirectInfo>;
-
-  /**
-   * Handles the redirect from the auth provider when the user has signed in.
-   * @param {express.Request} req
-   */
-  handler(
-    req: express.Request,
-  ): Promise<{
-    response: AuthResponse<OAuthProviderInfo>;
-    refreshToken?: string;
-  }>;
-
-  /**
-   * (Optional) Given a refresh token and scope fetches a new access token from the auth provider.
-   * @param {string} refreshToken
-   * @param {string} scope
-   */
-  refresh?(
-    refreshToken: string,
-    scope: string,
-  ): Promise<AuthResponse<OAuthProviderInfo>>;
-
-  /**
-   * (Optional) Sign out of the auth provider.
-   */
-  logout?(): Promise<void>;
-}
-
 /**
  * Any Auth provider needs to implement this interface which handles the routes in the
  * auth backend. Any auth API requests from the frontend reaches these methods.
@@ -180,8 +122,6 @@ export type AuthResponse<ProviderInfo> = {
   backstageIdentity?: BackstageIdentity;
 };
 
-export type OAuthResponse = AuthResponse<OAuthProviderInfo>;
-
 export type BackstageIdentity = {
   /**
    * The backstage user ID.
@@ -194,67 +134,6 @@ export type BackstageIdentity = {
   idToken?: string;
 };
 
-export type OAuthProviderInfo = {
-  /**
-   * An access token issued for the signed in user.
-   */
-  accessToken: string;
-  /**
-   * (Optional) Id token issued for the signed in user.
-   */
-  idToken?: string;
-  /**
-   * Expiry of the access token in seconds.
-   */
-  expiresInSeconds?: number;
-  /**
-   * Scopes granted for the access token.
-   */
-  scope: string;
-  /**
-   * A refresh token issued for the signed in user
-   */
-  refreshToken?: string;
-};
-
-export type OAuthPrivateInfo = {
-  /**
-   * A refresh token issued for the signed in user.
-   */
-  refreshToken: string;
-};
-
-/**
- * Payload sent as a post message after the auth request is complete.
- * If successful then has a valid payload with Auth information else contains an error.
- */
-export type WebMessageResponse =
-  | {
-      type: 'authorization_response';
-      response: AuthResponse<unknown>;
-    }
-  | {
-      type: 'authorization_response';
-      error: Error;
-    };
-
-export type PassportDoneCallback<Res, Private = never> = (
-  err?: Error,
-  response?: Res,
-  privateInfo?: Private,
-) => void;
-
-export type RedirectInfo = {
-  /**
-   * URL to redirect to
-   */
-  url: string;
-  /**
-   * Status code to use for the redirect
-   */
-  status?: number;
-};
-
 /**
  * Used to display login information to user, i.e. sidebar popup.
  *
@@ -276,39 +155,3 @@ export type ProfileInfo = {
    */
   picture?: string;
 };
-
-export type RefreshTokenResponse = {
-  /**
-   * An access token issued for the signed in user.
-   */
-  accessToken: string;
-  /**
-   * Optionally, the server can issue a new Refresh Token for the user
-   */
-  refreshToken?: string;
-  params: any;
-};
-
-export type ProviderStrategy = {
-  userProfile(accessToken: string, callback: Function): void;
-};
-
-export type SAMLProviderConfig = {
-  entryPoint: string;
-  issuer: string;
-};
-
-export type SAMLEnvironmentProviderConfig = {
-  [key: string]: SAMLProviderConfig;
-};
-
-export type OAuthState = {
-  /* A type for the serialized value in the `state` parameter of the OAuth authorization flow
-   */
-  nonce: string;
-  env: string;
-};
-
-export type EnvironmentIdentifierFn = (
-  req: express.Request,
-) => string | undefined;