Skip to main content
Version: Next

AuthProviderRouteHandlers

Home > @backstage/plugin-auth-node > AuthProviderRouteHandlers

Any Auth provider needs to implement this interface which handles the routes in the auth backend. Any auth API requests from the frontend reaches these methods.

The routes in the auth backend API are tied to these methods like below

/auth/[provider]/start -> start /auth/[provider]/handler/frame -> frameHandler /auth/[provider]/refresh -> refresh /auth/[provider]/logout -> logout

Signature:

export interface AuthProviderRouteHandlers 

Methods

Method

Description

frameHandler(req, res)

Once the user signs in or consents in the OAuth screen, the auth provider redirects to the callbackURL which is handled by this method.

Request - to contain a nonce cookie and a 'state' query parameter Response - postMessage to the window with a payload that contains accessToken, expiryInSeconds?, idToken? and scope. - sets a refresh token cookie if the auth provider supports refresh tokens

logout(req, res)?

(Optional) (Optional) Handles sign out requests

Response - removes the refresh token cookie

refresh(req, res)?

(Optional) (Optional) If the auth provider supports refresh tokens then this method handles requests to get a new access token.

Other types of providers may also use this method to implement its own logic to create new sessions upon request. For example, this can be used to create a new session for a provider that handles requests from an authenticating proxy.

Request - to contain a refresh token cookie and scope (Optional) query parameter. Response - payload with accessToken, expiryInSeconds?, idToken?, scope and user profile information.

start(req, res)

Handles the start route of the API. This initiates a sign in request with an auth provider.

Request - scopes for the auth request (Optional) Response - redirect to the auth provider for the user to sign in or consent. - sets a nonce cookie and also pass the nonce as 'state' query parameter in the redirect request