Skip to main content

@backstage/plugin-auth-node

Home > @backstage/plugin-auth-node

Common functionality and types for the Backstage auth plugin.

Classes

ClassDescription
DefaultIdentityClient

An identity client to interact with auth-backend and authenticate Backstage tokens

This is not a stable API yet

IdentityClient

An identity client to interact with auth-backend and authenticate Backstage tokens

This is not a stable API yet

OAuthEnvironmentHandler
PassportHelpers
PassportOAuthAuthenticatorHelper

Functions

FunctionDescription
createOAuthAuthenticator(authenticator)
createOAuthProviderFactory(options)
createOAuthRouteHandlers(options)
createProxyAuthenticator(authenticator)
createProxyAuthProviderFactory(options)
createProxyAuthRouteHandlers(options)
createSignInResolverFactory(options)
decodeOAuthState(encodedState)
encodeOAuthState(state)
getBearerTokenFromAuthorizationHeader(authorizationHeader)Parses the given authorization header and returns the bearer token, or undefined if no bearer token is given.
prepareBackstageIdentityResponse(result)Parses a Backstage-issued token and decorates the BackstageIdentityResponse with identity information sourced from the token.
readDeclarativeSignInResolver(options)
sendWebMessageResponse(res, appOrigin, response)

Interfaces

InterfaceDescription
AuthProviderRegistrationOptions
AuthProviderRouteHandlers

Any Auth provider needs to implement this interface which handles the routes in the auth backend. Any auth API requests from the frontend reaches these methods.

The routes in the auth backend API are tied to these methods like below

/auth/[provider]/start -> start /auth/[provider]/handler/frame -> frameHandler /auth/[provider]/refresh -> refresh /auth/[provider]/logout -> logout

AuthProvidersExtensionPoint
BackstageIdentityResponseResponse object containing the BackstageUserIdentity and the token from the authentication provider.
BackstageSignInResult

A representation of a successful Backstage sign-in.

Compared to the BackstageIdentityResponse this type omits the decoded identity information embedded in the token.

IdentityApi

An identity client api to authenticate Backstage tokens

This is not a stable API yet

OAuthAuthenticator
OAuthAuthenticatorAuthenticateInput
OAuthAuthenticatorLogoutInput
OAuthAuthenticatorRefreshInput
OAuthAuthenticatorResult
OAuthAuthenticatorStartInput
OAuthRouteHandlersOptions
OAuthSession
ProxyAuthenticator
ProxyAuthRouteHandlersOptions
ReadDeclarativeSignInResolverOptions
SignInResolverFactory
SignInResolverFactoryOptions

Namespaces

NamespaceDescription
commonSignInResolversA collection of common sign-in resolvers that work with any auth provider.

Variables

VariableDescription
authProvidersExtensionPoint

Type Aliases

Type AliasDescription
AuthProviderConfig
AuthProviderFactory
AuthResolverCatalogUserQuery

A query for a single user in the catalog.

If entityRef is used, the default kind is 'User'.

If annotations are used, all annotations must be present and match the provided value exactly. Only entities of kind 'User' will be considered.

If filter are used, only entities of kind 'User' will be considered unless it is explicitly specified differently in the filter.

Regardless of the query method, the query must match exactly one entity in the catalog, or an error will be thrown.

AuthResolverContextThe context that is used for auth processing.
BackstageUserIdentityUser identity information within Backstage.
ClientAuthResponse
CookieConfigurerThe callback used to resolve the cookie configuration for auth providers that use cookies.
IdentityApiGetIdentityRequestOptions to request the identity from a Backstage backend request
IdentityClientOptions

An identity client options object which allows extra configurations

This is not a stable API yet

OAuthStateA type for the serialized value in the state parameter of the OAuth authorization flow
OAuthStateTransform
PassportDoneCallback
PassportOAuthDoneCallback
PassportOAuthPrivateInfo
PassportOAuthResult
PassportProfile
ProfileInfo

Used to display login information to user, i.e. sidebar popup.

It is also temporarily used as the profile of the signed-in user's Backstage identity, but we want to replace that with data from identity and/org catalog service

ProfileTransform

Describes the function that transforms the result of a successful authentication into a ProfileInfo object.

This function may optionally throw an error in order to reject authentication.

SignInInfoType of sign in information context. Includes the profile information and authentication result which contains auth related information.
SignInResolverDescribes the function which handles the result of a successful authentication. Must return a valid BackstageSignInResult.
TokenParamsParameters used to issue new Backstage Tokens
WebMessageResponsePayload sent as a post message after the auth request is complete. If successful then has a valid payload with Auth information else contains an error.