changesets: added changesets for auth-backend changes

Signed-off-by: Patrik Oldsberg <poldsberg@gmail.com>
This commit is contained in:
Patrik Oldsberg
2022-04-08 16:24:38 +02:00
parent 0f201ad50e
commit c5aeaf339d
6 changed files with 140 additions and 0 deletions
+5
View File
@@ -0,0 +1,5 @@
---
'@backstage/plugin-auth-backend': patch
---
**DEPRECATION**: The `AuthProviderFactoryOptions` type has been deprecated, as the options are now instead inlined in the `AuthProviderFactory` type. This will make it possible to more easily introduce new options in the future without a possibly breaking change.
+5
View File
@@ -0,0 +1,5 @@
---
'@backstage/plugin-auth-backend': patch
---
**DEPRECATION**: The `getEntityClaims` helper has been deprecated, with `getDefaultOwnershipEntityRefs` being added to replace it.
+62
View File
@@ -0,0 +1,62 @@
---
'@backstage/plugin-auth-backend': patch
---
**DEPRECATION**: All `create<Provider>Provider` and `<provider>*SignInResolver` have been deprecated. Instead, a single `providers` object is exported which contains all built-in auth providers.
If you have a setup that currently looks for example like this:
```ts
import {
createRouter,
defaultAuthProviderFactories,
createGoogleProvider,
googleEmailSignInResolver,
} from '@backstage/plugin-auth-backend';
import { Router } from 'express';
import { PluginEnvironment } from '../types';
export default async function createPlugin(
env: PluginEnvironment,
): Promise<Router> {
return await createRouter({
...env,
providerFactories: {
...defaultAuthProviderFactories,
google: createGoogleProvider({
signIn: {
resolver: googleEmailSignInResolver,
},
}),
},
});
}
```
You would migrate it to something like this:
```ts
import {
createRouter,
providers,
defaultAuthProviderFactories,
} from '@backstage/plugin-auth-backend';
import { Router } from 'express';
import { PluginEnvironment } from '../types';
export default async function createPlugin(
env: PluginEnvironment,
): Promise<Router> {
return await createRouter({
...env,
providerFactories: {
...defaultAuthProviderFactories,
google: providers.google.create({
signIn: {
resolver: providers.google.resolvers.lookupEmailAnnotation(),
},
}),
},
});
}
```
+58
View File
@@ -0,0 +1,58 @@
---
'@backstage/plugin-auth-backend': patch
---
**DEPRECATION** The `AuthResolverContext` has received a number of changes, which is the context used by auth handlers and sign-in resolvers.
The following fields deprecated: `logger`, `tokenIssuer`, `catalogIdentityClient`. If you need to access the `logger`, you can do so through a closure instead. The `tokenIssuer` has been replaced with an `issueToken` method, which is available directory on the context. The `catalogIdentityClient` has been replaced by the `signInWithCatalogUser` method, as well as the lower level `findCatalogUser` method and `getDefaultOwnershipEntityRefs` helper.
It should be possible to migrate most sign-in resolvers to more or less only use `signInWithCatalogUser`, for example an email lookup resolver like this one:
```ts
async ({ profile }, ctx) => {
if (!profile.email) {
throw new Error('Profile contained no email');
}
const entity = await ctx.catalogIdentityClient.findUser({
annotations: {
'acme.org/email': profile.email,
},
});
const claims = getEntityClaims(entity);
const token = await ctx.tokenIssuer.issueToken({ claims });
return { id: entity.metadata.name, entity, token };
};
```
can be migrated to the following:
```ts
async ({ profile }, ctx) => {
if (!profile.email) {
throw new Error('Profile contained no email');
}
return ctx.signInWithCatalogUser({
annotations: {
'acme.org/email': profile.email,
},
});
};
```
While a direct entity name lookup using a user ID might look like this:
```ts
async ({ result: { fullProfile } }, ctx) => {
return ctx.signInWithCatalogUser({
entityRef: {
name: fullProfile.userId,
},
});
};
```
If you want more control over the way that users are looked up, ownership is assigned, or tokens are issued, you can use a combination of the `findCatalogUser`, `getDefaultOwnershipEntityRefs`, and `issueToken` instead.
+5
View File
@@ -0,0 +1,5 @@
---
'@backstage/plugin-auth-backend': minor
---
**BREAKING**: All auth providers have had their default sign-in resolvers removed. This means that if you want to use a particular provider for sign-in, you must provide an explicit sign-in resolver. For more information on how to configure sign-in resolvers, see the [sign-in resolver documentation](https://backstage.io/docs/auth/identity-resolver).
+5
View File
@@ -0,0 +1,5 @@
---
'@backstage/plugin-auth-backend': patch
---
Added exports of the following types: `AuthProviderConfig`, `StateEncoder`, `TokenParams`, `AwsAlbResult`.