Patrik Oldsberg
387acc4130
Merge pull request #25823 from stephenglass/fix-redirect-error-handling
...
Fix error handling using auth redirect flow
2024-10-14 16:26:23 +02:00
Stephen Glass
5e5e4a850c
fix redirect error encoding
...
Signed-off-by: Stephen Glass <stephen@stephen.glass >
2024-10-08 09:25:02 -04:00
Patrik Oldsberg
217458a9a8
auth-node: add allowedDomains options for emailLocalPartMatchingUserEntityName + fixes
...
Signed-off-by: Patrik Oldsberg <poldsberg@gmail.com >
2024-10-08 01:12:10 +02:00
Stephen Glass
bbc261bb10
Merge branch 'master' of https://github.com/backstage/backstage into fix-redirect-error-handling
2024-10-01 23:12:47 -04:00
Stephen Glass
4935d29d15
change code to use search params instead of cookie
...
Signed-off-by: Stephen Glass <stephen@stephen.glass >
2024-10-01 23:12:10 -04:00
Gustaf Räntilä
f5276a21c7
Adapted to PR feedback
...
Signed-off-by: Gustaf Räntilä <g.rantila@gmail.com >
2024-09-13 16:02:29 +02:00
Gustaf Räntilä
6f409b7942
fix: Try matching emails without plus addressing
...
Signed-off-by: Gustaf Räntilä <g.rantila@gmail.com >
2024-09-13 11:27:15 +02:00
Camila Belo
d908d8c246
feat: migrate auth0 provider to nbs
...
Signed-off-by: Camila Belo <camilaibs@gmail.com >
2024-09-09 10:53:31 +02:00
Fredrik Adelöw
c46eb0fed2
Extend the "unable to resolve user identity" message
...
Signed-off-by: Fredrik Adelöw <freben@gmail.com >
2024-09-02 10:43:50 +02:00
Patrik Oldsberg
b8bbf061fd
Merge pull request #25254 from Zaperex/update-auth-node-signin-resolver
...
chore(auth-node): allow declarative signin resolvers to take precedence
2024-08-06 13:43:56 +02:00
Stephen Glass
155b901898
update test name
...
Signed-off-by: Stephen Glass <stephen@stephen.glass >
2024-07-29 00:47:32 -04:00
Stephen Glass
17c9a1a330
add test
...
Signed-off-by: Stephen Glass <stephen@stephen.glass >
2024-07-29 00:45:41 -04:00
Stephen Glass
5d8649d775
update param name
...
Signed-off-by: Stephen Glass <stephen@stephen.glass >
2024-07-28 23:28:13 -04:00
Stephen Glass
8542af998a
fix errors with auth redirect flow
...
Signed-off-by: Stephen Glass <stephen@stephen.glass >
2024-07-28 03:15:00 -04:00
Patrik Oldsberg
c5ce79a14c
Merge pull request #25569 from backstage/nbs10/rename-setup-request-handlers
...
[NBS 1.0]Rename `setupRequestMockHandlers` to `registerMswTestHooks`
2024-07-16 11:01:29 +02:00
Camila Belo
b82aff92aa
refactor(test-utils): deprecate the isDockerDisabledForTests function
...
Signed-off-by: Camila Belo <camilaibs@gmail.com >
2024-07-10 17:06:00 +02:00
Camila Belo
95a3a0b91c
refactor(test-utils): rename setupRequestMockHandlers to setupMswHandler
...
Signed-off-by: Camila Belo <camilaibs@gmail.com >
2024-07-10 15:45:49 +02:00
Olivier Liechti
aca86a6a00
Address review comments
...
Signed-off-by: Olivier Liechti <olivier.liechti@wasabi-tech.com >
2024-07-10 08:11:02 +02:00
Olivier Liechti
55c1a729ac
Simplify the bug fix, by implementing logic in the PassportHelper
...
Signed-off-by: Olivier Liechti <olivier.liechti@wasabi-tech.com >
2024-07-09 16:29:50 +02:00
Frank Kong
579afd0d32
chore(auth-node): allow declarative signin resolvers to take precedence
...
Signed-off-by: Frank Kong <frkong@redhat.com >
2024-06-14 18:33:50 -04:00
Patrik Oldsberg
bdabd9952e
auth-*: test fixes for new CookieScopeManager
...
Signed-off-by: Patrik Oldsberg <poldsberg@gmail.com >
2024-06-11 11:30:13 +02:00
Patrik Oldsberg
dd99788e6b
auth-node: allow additonalScopes to be a string too
...
Signed-off-by: Patrik Oldsberg <poldsberg@gmail.com >
2024-06-11 11:30:13 +02:00
Patrik Oldsberg
bb7d150937
auth-node: added CookieScopeManager tests + fixes
...
Signed-off-by: Patrik Oldsberg <poldsberg@gmail.com >
2024-06-11 11:30:13 +02:00
Patrik Oldsberg
798ec37c1c
auth-node: initial scope manager refactor
...
Signed-off-by: Patrik Oldsberg <poldsberg@gmail.com >
2024-06-11 11:30:13 +02:00
Heikki Hellgren
776ec144ed
fix: review comments and naming
...
Signed-off-by: Heikki Hellgren <heikki.hellgren@op.fi >
2024-04-15 08:44:56 +03:00
Heikki Hellgren
b0ae9ccac4
feat: support for new backend system via extension point
...
Signed-off-by: Heikki Hellgren <heikki.hellgren@op.fi >
2024-04-15 08:21:16 +03:00
Heikki Hellgren
ea9262bc9f
feat: allow overriding default ownership resolving
...
This allows to modify the ownership resolving in the auth resolve
context. For example if user wants to include parent groups also to
the ownershipEntityRefs, it's not possible unless the built-in
auth providers are forked and rewritten.
Signed-off-by: Heikki Hellgren <heikki.hellgren@op.fi >
2024-04-15 08:21:16 +03:00
Vincenzo Scamporlino
130b215629
backend-app-api: final service to service refactoring
...
Co-authored-by: Patrik Oldsberg <poldsberg@gmail.com >
Signed-off-by: Vincenzo Scamporlino <vincenzos@spotify.com >
2024-04-04 14:40:41 +02:00
Camila Belo
ff681360cc
refactor: make token types internal
...
Co-authored-by: Patrik Oldsberg <poldsberg@gmail.com >
Signed-off-by: Camila Belo <camilaibs@gmail.com >
2024-04-03 13:43:54 +02:00
Patrik Oldsberg
0d2a05418b
backend-app-api,auth: move token typ claim to be a header param
...
Co-authored-by: Camila Belo <camilaibs@gmail.com >
Signed-off-by: Patrik Oldsberg <poldsberg@gmail.com >
2024-04-03 13:12:54 +02:00
Patrik Oldsberg
018b0910e0
backend-app-api,auth: add ent claim to user identity proof
...
Co-authored-by: Camila Belo <camilaibs@gmail.com >
Signed-off-by: Patrik Oldsberg <poldsberg@gmail.com >
2024-04-03 13:12:54 +02:00
Fredrik Adelöw
4194ac7200
auth: issue user identity claims and create limited user tokens from them
...
Co-authored-by: Camila Belo <camilaibs@gmail.com >
Signed-off-by: Fredrik Adelöw <freben@gmail.com >
2024-04-03 13:12:54 +02:00
Elias Rieb
038b2e6894
fix(auth): consider only entities of kind user when using findCatalogUser with filter query
...
Signed-off-by: Elias Rieb <e.rieb@posteo.de >
2024-03-05 09:05:02 +01:00
Patrik Oldsberg
b4fc6e3164
auth-node: deprecate getBearerTokenFromAuthorizationHeader
...
Co-authored-by: Fredrik Adelöw <freben@gmail.com >
Co-authored-by: Carl-Erik Bergström <cbergstrom@spotify.com >
Co-authored-by: blam <ben@blam.sh >
Signed-off-by: Patrik Oldsberg <poldsberg@gmail.com >
2024-02-23 10:58:21 +01:00
blam
b1b012d065
chore: fix tests and add changeset
...
Signed-off-by: blam <ben@blam.sh >
2024-02-21 12:44:45 +01:00
blam
9b810b9a99
feat: treat providerInfo as a seperate return value
...
Signed-off-by: blam <ben@blam.sh >
2024-02-21 11:43:47 +01:00
Alex Crome
a0b01eda2c
Moved defence against null tokens into defaultProfileTransform to apply more broadly than just Microsoft tokens.
...
Signed-off-by: Alex Crome <afscrome@users.noreply.github.com >
2024-02-19 15:07:47 +00:00
Jamie Klassen
d4cc552ab1
refactor auth plugins to use jose
...
Signed-off-by: Jamie Klassen <jamie.klassen@broadcom.com >
2024-02-02 11:03:09 -05:00
Ruben Vallejo
70a3c2631f
resolve rebase type/compilation errors
...
Signed-off-by: Ruben Vallejo <rvallejo@vmware.com >
2023-10-12 10:12:55 -04:00
Patrik Oldsberg
fdff9cc040
Merge pull request #20317 from mitchhentgesspotify/mhentges/fix-gcp-iap-refresh-500
...
Fix `authenticate()` ctx properties being missing
2023-10-09 16:41:39 +02:00
Adam Kunicki
8b8b1d23ae
auth-node: Refresh handler not returning persisted scope in response
...
The refresh handler is returning an empty scope if scope was previously
saved in a cookie. The session is successfully refreshed but the client
receives a response without the scope it requested, prompting a new
login.
Resolves #20322
Signed-off-by: Adam Kunicki <kunickiaj@gmail.com >
2023-10-04 10:18:03 -07:00
Mitchell Hentges
6f142d5356
Fix authenticate() ctx properties being missing
...
This was broken because the return value of `initialize()` was a `Promise<...>` but its caller wasn't `await`-ing the value.
This was causing the `gcpIap` provider to fail on the `/request` endpoint because `jwtHeader` was undefined.
The OAuth equivalent keeps `initialize()` synchronous, and all implementations don't _need_ to be `async`, so make them synchronous instead.
I've chosen the changelog to be a `major` bump since this changes the API of a public type.
Signed-off-by: Mitchell Hentges <mhentges@spotify.com >
2023-10-04 10:08:50 +02:00
Patrik Oldsberg
911d90e306
auth-node: avoid passing through empty scope in start
...
Signed-off-by: Patrik Oldsberg <poldsberg@gmail.com >
2023-09-25 20:09:39 +02:00
Patrik Oldsberg
6c2b0793bf
auth-node: fix for persisted scopes not being restored on sign-in
...
Signed-off-by: Patrik Oldsberg <poldsberg@gmail.com >
2023-09-25 14:02:15 +02:00
Patrik Oldsberg
d852a15972
auth-node: add refreshTokenExpiresInSeconds field to OAuthSession
...
Signed-off-by: Patrik Oldsberg <poldsberg@gmail.com >
2023-08-20 16:02:55 +02:00
Patrik Oldsberg
18619f793c
auth-backend: track backstage session expiration separately
...
Signed-off-by: Patrik Oldsberg <poldsberg@gmail.com >
2023-08-19 13:39:02 +02:00
Patrik Oldsberg
ee28fa94da
auth-node: minor review fixes
...
Signed-off-by: Patrik Oldsberg <poldsberg@gmail.com >
2023-08-11 17:03:06 +02:00
Patrik Oldsberg
f5eff800fd
auth-node: tweaked some error types
...
Signed-off-by: Patrik Oldsberg <poldsberg@gmail.com >
2023-08-11 17:03:06 +02:00
Patrik Oldsberg
02ea2388d6
auth-node: avoid atob
...
Signed-off-by: Patrik Oldsberg <poldsberg@gmail.com >
2023-08-11 17:03:06 +02:00
Patrik Oldsberg
b8515ae3b6
auth-node: fix OAuthState doc
...
Signed-off-by: Patrik Oldsberg <poldsberg@gmail.com >
2023-08-11 17:03:06 +02:00