New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We鈥檒l occasionally send you account related emails.
Already on GitHub? Sign in to your account
馃檹 Help Wanted: Auth Backend Module Migrations #19476
Comments
Hi @Rugvip I'd like to help out |
Hello @Rugvip I'd also want to help |
@mihrab34 @IvyJeptoo great! 馃帀 Best pick a single provider to start with |
@Rugvip I'm having this error when i try |
@Rugvip, can we put a hold on the Microsoft auth provider? I'm wondering if now is a good time to rename it. We use Azure in most places and this is one of the only places we call something Microsoft (that I'm aware of could be wrong). I can put together an RFC to get feedback on this if you think that's needed. CC @sanderaernouts @afscrome |
@awanlin yep we could easily do a rename when creating the new module 馃憤 Let's not ship any new module before we have settled on the name. I'd say though that from my understanding "Microsoft" actually makes sense. I find it to be similar to Google auth, where the auth itself if managed through GCP and gives access to a lot of GCP resources, but the scope in the end is much broader than just GCP, so it's the "Google" provider. |
@mihrab34 seems like there's an issue with the isolated-vm installation, most likely you'll want to have a look at https://github.com/laverdet/isolated-vm#requirements and make sure that's covered for your OS |
@awanlin A month of two ago, I'd definitely have said to rename to azure, however Microsoft have now decided to rename Azure Active Directory to Microsoft Entra Id 馃う https://devblogs.microsoft.com/identity/aad-rebrand I do think the Microsoft / Azure integrations as a whole could do with a naming check as there are a few naming inconsistencies. (e.g. some of the Azure Devops integrations are just named |
Alright, that works for me, also forgot about the whole name change for Azure AD. Then feel free to work on this who every wants! Thanks for the feedback @Rugvip @TheGemmell @afscrome 馃憤 |
@Rugvip I just wanted to ask if it possible if we can mention the modules that each will be handling so that two people dont work on the same module(just a suggestion) |
@IvyJeptoo yep makes sense, done |
I'll be running with |
I will take the auth0 |
PR for the |
I will be working on the oidc migration |
@TheGemmell what鈥檚 the ETA on the Microsoft auth module? This is blocking us from using the new backend system |
@ahhhndre |
PR for |
Oh wow, hope everything is fine now @TheGemmell? That's for sure a more important priority but thanks for submitting the PR! |
PR for |
Hello, will be my first open source contribution, I can make for atlassian. I'll use some open PR to check how to make it easier. |
Is anyone looking at the |
doesn't look like it - go for it, @Parsifal-M! |
@Parsifal-M, could you make some progress on aws-alb one? I did not realize that somebody is already working on it and started spending some time. Nevertheless, let me know if I can help as we use that one. |
Hey! I had planned to start this weekend! But if you've already made progress that's fine! I will hold off for now 鉁岋笍 Could you tag me in the PR so I can also take a look once it's ready? I'm quite curious about it 馃憣 Thanks for the heads up! |
Looking at the auth-backend changelog, looks like oauth2-proxy, microsoft, and atlassian has been refactored? |
Hi @Rugvip, @Parsifal-M I opened a PR for AWS ALB provider - #21810 |
Hi, I'm willing to take azure-easyauth. |
@hasson82 Have there been any updates regarding the azure-easyauth migration on your side? I鈥檓 currently working on setting up DevOps for Backstage on Azure Container Apps and have ported azure-easyauth to the new backend system for internal use, as it has become the default configuration in Backstage v1.24.0. https://github.com/yaegashi/dx2devops-backstage-containerapp |
I'm working on the new azure-easyauth auth provider: #23909 The migration in the older provider is not yet implemented but coming soon. Any comments or suggestions would be appreciated. |
Anyone can pick up Onelogin and/or JumpCloud please? |
I made one for cfaccess #23997 |
Migrate the Bitbucket auth provider to the new `@backstage/plugin-auth-backend-module-bitbucket-provider` module package. Relates-to: backstage#19476 Signed-off-by: Patrick Jungermann <Patrick.Jungermann@gmail.com>
Migrate the Bitbucket auth provider to the new `@backstage/plugin-auth-backend-module-bitbucket-provider` module package. Relates-to: backstage#19476 Signed-off-by: Patrick Jungermann <Patrick.Jungermann@gmail.com>
Migrate the Bitbucket auth provider to the new `@backstage/plugin-auth-backend-module-bitbucket-provider` module package. Relates-to: backstage#19476 Signed-off-by: Patrick Jungermann <Patrick.Jungermann@gmail.com>
Migrate the Bitbucket auth provider to the new `@backstage/plugin-auth-backend-module-bitbucket-provider` module package. Relates-to: backstage#19476 Signed-off-by: Patrick Jungermann <Patrick.Jungermann@gmail.com>
Migrate the Bitbucket auth provider to the new `@backstage/plugin-auth-backend-module-bitbucket-provider` module package. Relates-to: backstage#19476 Signed-off-by: Patrick Jungermann <Patrick.Jungermann@gmail.com>
Migrate the Bitbucket auth provider to the new `@backstage/plugin-auth-backend-module-bitbucket-provider` module package. Relates-to: backstage#19476 Signed-off-by: Patrick Jungermann <Patrick.Jungermann@gmail.com>
I started taking a look at OneLogin, but I don't know how much effort I can put on it: |
Made progresses with OneLogin impl. If anybody wants to review, I think is pretty much ready |
Hi, is bitbucketServer based on OAuth provider |
@JeevaRamanathan yes it is, the current implementation is over here:
|
The auth backend recently introduced a new architecture as it was migrated to support the new backend system in #19280. The new architecture implements the auth provider specific logic as "authenticators". There are currently two different kinds of authenticators, OAuth and proxy, along with accompanying route handlers and provider factories.
As part of this we also move all auth providers to be separate modules, and then use that new module for the implementation in
auth-backend
for backwards compatibility.Process
For any given OAuth provider implementation, the following is a good starting point for migrating any provider:
plugins/auth-backend-module-gitlab-provider
directory toplugins/auth-backend-module-<provider-id>-provider
GitLab
with<ProviderName>
, use the name of the provider as it appears in text.Gitlab
with<ProviderId>
, use the PascalCase version of the provider name as it appears in code, this might be the same as the previous step.gitlab
with<providerId>
, use the camelCase version of the provider name as it appears in code.plugins/auth-backend/src/providers/<providerId>/provider.ts
. If there are tests for this specific logic then you can migrate those to authenticator or module tests, but other than that the existing provider tests can be deleted. If there are particular tests that you would like too keep, check if it makes sense to add them to https://github.com/backstage/backstage/blob/master/plugins/auth-node/src/oauth/createOAuthRouteHandlers.test.ts.config.d.ts
in the new module, move over and remove any related configuration inplugins/auth-backend/config.d.ts
.plugins/auth-backend/src/providers/<providerId>
to use the new module, adding a dependency for the new module toauth-backend
. Use the legacy helpers as shown in #19475, do not add additional resolvers, options, or other API.The process for migrating a proxy provider is similar, but use
plugins/auth-backend-module-gcp-iap-provider
as a starting point instead.Migration Status
This is the current migration status of all auth providers that need migration. Let us know if you want to help out! 馃檹
oauth2
provider module聽#19696The text was updated successfully, but these errors were encountered: