Skip to main content

@backstage/plugin-auth-node

Home > @backstage/plugin-auth-node

Common functionality and types for the Backstage auth plugin.

Classes

Class

Description

DefaultIdentityClient

An identity client to interact with auth-backend and authenticate Backstage tokens

This is not a stable API yet

IdentityClient

An identity client to interact with auth-backend and authenticate Backstage tokens

This is not a stable API yet

OAuthEnvironmentHandler

PassportHelpers

PassportOAuthAuthenticatorHelper

Functions

Function

Description

createOAuthAuthenticator(authenticator)

createOAuthProviderFactory(options)

createOAuthRouteHandlers(options)

createProxyAuthenticator(authenticator)

createProxyAuthProviderFactory(options)

createProxyAuthRouteHandlers(options)

createSignInResolverFactory(options)

decodeOAuthState(encodedState)

encodeOAuthState(state)

getBearerTokenFromAuthorizationHeader(authorizationHeader)

Parses the given authorization header and returns the bearer token, or undefined if no bearer token is given.

prepareBackstageIdentityResponse(result)

Parses a Backstage-issued token and decorates the BackstageIdentityResponse with identity information sourced from the token.

readDeclarativeSignInResolver(options)

sendWebMessageResponse(res, appOrigin, response)

Interfaces

Interface

Description

AuthOwnershipResolutionExtensionPoint

AuthOwnershipResolver

Resolver interface for resolving the ownership entity references for entity

AuthProviderRegistrationOptions

AuthProviderRouteHandlers

Any Auth provider needs to implement this interface which handles the routes in the auth backend. Any auth API requests from the frontend reaches these methods.

The routes in the auth backend API are tied to these methods like below

/auth/[provider]/start -> start /auth/[provider]/handler/frame -> frameHandler /auth/[provider]/refresh -> refresh /auth/[provider]/logout -> logout

AuthProvidersExtensionPoint

BackstageIdentityResponse

Response object containing the BackstageUserIdentity and the token from the authentication provider.

BackstageSignInResult

A representation of a successful Backstage sign-in.

Compared to the BackstageIdentityResponse this type omits the decoded identity information embedded in the token.

IdentityApi

An identity client api to authenticate Backstage tokens

This is not a stable API yet

OAuthAuthenticator

OAuthAuthenticatorAuthenticateInput

OAuthAuthenticatorLogoutInput

OAuthAuthenticatorRefreshInput

OAuthAuthenticatorResult

OAuthAuthenticatorScopeOptions

OAuthAuthenticatorStartInput

OAuthRouteHandlersOptions

OAuthSession

ProxyAuthenticator

ProxyAuthRouteHandlersOptions

ReadDeclarativeSignInResolverOptions

SignInResolverFactory

SignInResolverFactoryOptions

Namespaces

Namespace

Description

commonSignInResolvers

A collection of common sign-in resolvers that work with any auth provider.

Variables

Variable

Description

authOwnershipResolutionExtensionPoint

authProvidersExtensionPoint

tokenTypes

Core properties of various token types.

Type Aliases

Type Alias

Description

AuthProviderConfig

AuthProviderFactory

AuthResolverCatalogUserQuery

A query for a single user in the catalog.

If entityRef is used, the default kind is 'User'.

If annotations are used, all annotations must be present and match the provided value exactly. Only entities of kind 'User' will be considered.

If filter are used, only entities of kind 'User' will be considered unless it is explicitly specified differently in the filter.

Regardless of the query method, the query must match exactly one entity in the catalog, or an error will be thrown.

AuthResolverContext

The context that is used for auth processing.

BackstageUserIdentity

User identity information within Backstage.

ClientAuthResponse

CookieConfigurer

The callback used to resolve the cookie configuration for auth providers that use cookies.

IdentityApiGetIdentityRequest

Options to request the identity from a Backstage backend request

IdentityClientOptions

An identity client options object which allows extra configurations

This is not a stable API yet

OAuthState

A type for the serialized value in the state parameter of the OAuth authorization flow

OAuthStateTransform

PassportDoneCallback

PassportOAuthDoneCallback

PassportOAuthPrivateInfo

PassportOAuthResult

PassportProfile

ProfileInfo

Used to display login information to user, i.e. sidebar popup.

It is also temporarily used as the profile of the signed-in user's Backstage identity, but we want to replace that with data from identity and/org catalog service

ProfileTransform

Describes the function that transforms the result of a successful authentication into a ProfileInfo object.

This function may optionally throw an error in order to reject authentication.

SignInInfo

Type of sign in information context. Includes the profile information and authentication result which contains auth related information.

SignInResolver

Describes the function which handles the result of a successful authentication. Must return a valid BackstageSignInResult.

TokenParams

Parameters used to issue new Backstage Tokens

WebMessageResponse

Payload sent as a post message after the auth request is complete. If successful then has a valid payload with Auth information else contains an error.