Closed
Conversation
This implements a full-featured OAuth authentication provider for Coder deployments in Backstage. All previously stubbed methods now contain complete implementations: ✅ OAuth Flow Implementation: - exchangeCodeForTokens: Complete REST API integration with Coder's OAuth endpoint - getUserProfile: Fetches user profile from Coder's /api/v2/users/me endpoint - Token validation and error handling - State parameter security validation ✅ Token Management: - refresh: Full token refresh implementation using refresh_token grant - logout: Token revocation via Coder's /oauth2/tokens/revoke endpoint - Secure token lifecycle management ✅ Configuration Support: - Per-deployment OAuth client configuration - Global fallback configuration - Environment-based credential management - Flexible hostname-based routing ✅ Multiple Built-in Resolvers: - emailMatchingUserEntityAnnotation: Match by email - usernameMatchingUserEntityName: Match by username - customResolver: Domain-based namespace resolution - Support for custom resolver implementations ✅ Security Features: - OAuth state validation with timestamp expiry - CSRF protection - Comprehensive error handling and logging - Token expiration management ✅ Documentation: - Complete README with setup instructions - Configuration examples - Troubleshooting guide - API endpoint documentation ✅ Production Ready: - Real HTTP calls to Coder API endpoints - Proper error handling and user feedback - Security best practices - TypeScript type safety throughout The implementation follows Backstage auth patterns and provides a complete OAuth integration ready for production use. Co-authored-by: f0ssel <19379394+f0ssel@users.noreply.github.com>
Contributor
|
Closing this for the moment, just because I think it's giving some outside people the impression that the solution is further along than it actually is |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
WIP