Commit Graph

717 Commits

Author SHA1 Message Date
Patrik Oldsberg d2085641c4 Merge pull request #17191 from go-xman/feat/export-common-identify-resolver
chore: add common identify resolvers for `oidc` auth provider
2023-04-05 12:42:56 +02:00
mingfu 6a90095133 chore: add common identify resolvers for oidc auth provider
Signed-off-by: mingfu <mingfu@alauda.io>
2023-04-05 18:17:03 +08:00
Johan Haals 0db9d8c10d Merge pull request #17108 from afscrome/easyauthexport
Properly expose easy auth provider
2023-04-05 10:07:00 +02:00
Patrik Oldsberg 715dcb7627 Merge pull request #16323 from jamieklassen/multiaudience-microsoft
Microsoft auth provider manages tokens for multiple resources
2023-04-04 17:48:53 +02:00
Fredrik Adelöw e0c6e8b9c3 get rid of majority of peer dependency warnings in yarn
Signed-off-by: Fredrik Adelöw <freben@gmail.com>
2023-03-27 12:26:23 +02:00
Alex Crome 7019734333 Fix Api Report
Signed-off-by: Alex Crome <afscrome@users.noreply.github.com>
2023-03-27 00:53:19 +01:00
Alex Crome a0ef1ec734 Properly expose easy auth provider
16108 added support for Azure easy auth, however the provider wasn't properly exposed so it can't be used.
This PR fixes that by properly exposing the provider

Signed-off-by: Alex Crome <afscrome@users.noreply.github.com>
2023-03-27 00:20:48 +01:00
Jamie Klassen 475abd1dc3 support non-microsoft graph scopes
Signed-off-by: Jamie Klassen <jklassen@vmware.com>
2023-03-24 17:10:25 -04:00
Jamie Klassen 646025786e construct test subject via factory function
Rather than using the MicrosoftAuthProvider constructor directly -- this is
more faithful to how this object is instantiated in practice.

Also, introduce FakeMicrosoftAPI to simulate negotiating scopes, authorization
codes, access tokens, and refresh tokens with Azure.

Signed-off-by: Jamie Klassen <jklassen@vmware.com>
2023-03-24 17:10:17 -04:00
Jamie Klassen 3b0ac0d7e2 convert module mock to msw
This should allow for easier refactoring and adding new microsoft-specific
features.

Signed-off-by: Jamie Klassen <jklassen@vmware.com>
2023-03-24 16:48:41 -04:00
Patrik Oldsberg 5ae279d283 Merge pull request #15841 from headphonejames/redirect-oauth-flow
Oauth2 redirect flow for authentication (instead of using popup)
2023-03-21 11:02:42 +01:00
Adi Krhan e262738b8a Handle token difference in Microsoft provider
Signed-off-by: Adi Krhan <adikrhan43@gmail.com>
2023-03-13 09:23:59 +01:00
headphonejames 57ec7e2250 minor clean up
Signed-off-by: headphonejames <generalfuzz@gmail.com>
2023-02-28 17:20:23 -08:00
headphonejames d7e856ad55 simplify code and test cases. clean up rendering.
Signed-off-by: headphonejames <generalfuzz@gmail.com>
2023-02-28 17:05:11 -08:00
headphonejames 5177a7f2b4 Merge branch 'master' into redirect-oauth-flow 2023-02-27 17:20:37 -08:00
headphonejames 5acc047748 Move configuration of redirect authentication flow to a global parameter named "enableExperimentalRedirectFlow". Pass the configApi instance into authentication providers to read new configuration parameter.
Signed-off-by: headphonejames <generalfuzz@gmail.com>
2023-02-27 16:34:30 -08:00
Katharina Sick be3cddaab5 fix: fix getting credentials for Bitbucket Server in the RepoUrlPicker
Signed-off-by: Katharina Sick <katharina.sick@dynatrace.com>
2023-02-22 15:51:47 +01:00
headphonejames ad15aaa285 Add onSignInStarted() and onSignInFailure() hooks. Clean up and renaming.
Signed-off-by: headphonejames <generalfuzz@gmail.com>
2023-02-21 18:45:50 -08:00
Alex Crome b84349e2f6 PR Feedback
Signed-off-by: Alex Crome <afscrome@users.noreply.github.com>
2023-02-14 14:50:37 +00:00
Alex Crome aa721158d1 Merge remote-tracking branch 'upstream/master' into easyauth 2023-02-14 14:47:01 +00:00
Patrik Oldsberg 63421b1729 Merge pull request #16186 from KatharinaSick/feature/bitbucket-server-auth-provider
feat(auth): add auth provider for Bitbucket Server
2023-02-13 23:06:01 +01:00
Katharina Sick 1fad33684e use node-fetch
Signed-off-by: Katharina Sick <katharina.sick@dynatrace.com>
2023-02-13 16:31:49 +01:00
Katharina Sick 0c1d0229aa remove not needed test dependencies
Signed-off-by: Katharina Sick <katharina.sick@dynatrace.com>
2023-02-13 13:46:03 +01:00
Patrik Oldsberg 5febb216fe backend-plugin-api: refactor CacheService to lift up client methods to the service
Signed-off-by: Patrik Oldsberg <poldsberg@gmail.com>
2023-02-10 10:19:44 +01:00
Katharina Sick bb3e4c3f8d use msw for tests & fix resolver type
Signed-off-by: Katharina Sick <katharina.sick@dynatrace.com>
2023-02-07 17:33:31 +01:00
Katharina Sick d19c77cc41 fixed API report errors and regenerated the reports
Signed-off-by: Katharina Sick <katharina.sick@dynatrace.com>
2023-02-07 08:55:10 +01:00
Katharina Sick db10b6ef65 feat(auth): add auth provider for Bitbucket Server
Signed-off-by: Katharina Sick <katharina.sick@dynatrace.com>
2023-02-06 11:10:58 +01:00
headphonejames 167f457803 fix missing code fixes from update after PR review.
Signed-off-by: headphonejames <generalfuzz@gmail.com>
2023-02-03 12:18:50 -08:00
headphonejames ae4d826fb2 Updates to redirect implementation after initial PR review.
Signed-off-by: headphonejames <generalfuzz@gmail.com>
2023-02-03 12:03:01 -08:00
Alex Crome f79df8ab24 Initial easyauth work
Signed-off-by: Alex Crome <afscrome@users.noreply.github.com>
2023-02-01 12:02:24 +00:00
headphonejames 9a9170047b Implementation for oauth2 authentication using a redirect flow (without window popup) from frontend to backend API, followed by a redirect back to the fronted. A localstorage provider token is added before the redirect to the backend auth API.
During the subsequent front end refresh an asynchronous backstage session refresh is triggered when the provider token is put in localstorage. The session refresh will return a backstage authentication token if authentication succeeded during the previous backend auth API execution.

Addresses https://github.com/backstage/backstage/issues/9582

Signed-off-by: headphonejames <generalfuzz@gmail.com>
2023-01-18 14:32:00 -08:00
Fredrik Adelöw 9bafcfc209 update tests to be more robust against catalog-client changes
Signed-off-by: Fredrik Adelöw <freben@gmail.com>
2022-11-14 16:55:48 +01:00
Adam Kunicki 89d705e806 Permit customizing the header name for the IAP jwt
This creates a new configuration parameter `jwtHeader` for the gcp-iap
auth provider. This allows setting a custom header to look in for the
IAP issued JWT.

Signed-off-by: Adam Kunicki <kunickiaj@gmail.com>
2022-11-11 21:02:55 -08:00
kvmw 24152c0c52 Inject optional CatalogApi in auth-backend router
Signed-off-by: kvmw <mshamsi@vmware.com>
2022-11-07 16:13:15 +01:00
Patrick Jungermann abaed9770e chore(auth): improve logging
Make the logging more clear as "provider" is ambiguous.

Signed-off-by: Patrick Jungermann <Patrick.Jungermann@gmail.com>
2022-10-28 11:58:34 +02:00
Johan Haals 35438ef744 Merge pull request #13670 from fabuloso/secure-google-oauth-logout
Revoke Google OAuth refresh token on logout
2022-10-04 10:36:00 +02:00
Leonardo Cardoso de Almeida b1f9a031aa style: prettify auth0 provider codestyle
Signed-off-by: Leonardo Cardoso de Almeida <leozzito@Leonardos-MacBook-Pro.local>
2022-09-29 12:14:14 -03:00
Leonardo Cardoso de Almeida 9ad307a07c feat: add connection/connection scope options to auth0 provider
Signed-off-by: Leonardo Cardoso de Almeida <leozzito@Leonardos-MacBook-Pro.local>
2022-09-29 11:31:12 -03:00
Alessandro Dalfovo 7289b5ec4e Call logout OAuth handler in OAuthAdapter
Signed-off-by: Alessandro Dalfovo <dalfovo.alessandro@gmail.com>
2022-09-27 13:06:02 +02:00
ahmed 3e0f0c0285 oauth: consider hosted gitlab with relative path
Signed-off-by: ahmed <ahmed@planet.com>
2022-09-26 22:07:11 +02:00
Patrik Oldsberg 8360315ca5 Merge pull request #13559 from backstage/rugvip/jest29
cli: switch to Jest 29
2022-09-20 18:48:50 +02:00
Patrik Oldsberg 272fce8325 Merge pull request #13556 from backstage/eide/allow-third-party-cookies
[auth-backend]: Calculate `SameSite` cookie attribute in defaultCookieConfigurer and default to `none`
2022-09-20 17:20:22 +02:00
Marcus Eide d0f7bb0291 Use origin from request when calculating cookie config in start
Signed-off-by: Marcus Eide <eide@spotify.com>
2022-09-20 15:16:26 +02:00
Patrik Oldsberg 2e4e6c3500 test fixes to support Jest 29
Signed-off-by: Patrik Oldsberg <poldsberg@gmail.com>
2022-09-20 14:51:19 +02:00
Ben Lambert d2dc96e4d0 Merge pull request #13595 from DavidZemon/feature/allow-more-jwt-claims
feat: Allow passing additional JWT claims to `TokenIssuer`
2022-09-20 11:08:34 +02:00
David Zemon c8e837da5b feat: Use JsonValue for JWT claim values
Signed-off-by: David Zemon <david@zemon.name>
2022-09-19 08:01:14 -05:00
Marcus Eide 04c50e297d Resolve cookie configuration per request
Signed-off-by: Marcus Eide <eide@spotify.com>
2022-09-16 09:57:44 +02:00
Marcus Eide 12943d1ade Calculate SameSite attribute more carefully, defaulting to lax in most cases
Signed-off-by: Marcus Eide <eide@spotify.com>
2022-09-09 11:16:04 +02:00
Joe Patterson 69d478d5b4 Merge branch 'backstage:master' into master 2022-09-09 10:31:27 +10:00
David Zemon 19ac96e4c2 feat: Allow passing additional JWT claims to TokenIssuer
Signed-off-by: David Zemon <david@zemon.name>
2022-09-08 11:36:49 -05:00