【Backstage.io】Migrating OIDC Auth Module to the New Backend System

with @backstage/plugin-auth-backend-module-oidc-provider

Before starting the article, if you haven’t set up OIDC authentication for Backstage, you can refer to my previous article.

【Backstage.io】OIDC Authentication with Duende IdentityServer

I basically followed the official guide to complete the integration of OIDC into the new backend system.

Migrating your Backend to the New Backend System | Backstage Software Catalog and Developer…

Then I succeeded with the code below in backend/src/index.ts

import { oidcAuthenticator } from '@backstage/plugin-auth-backend-module-oidc-provider';
import { authProvidersExtensionPoint, createOAuthProviderFactory } from '@backstage/plugin-auth-node';
import { createBackendModule } from '@backstage/backend-plugin-api';
import {
  DEFAULT_NAMESPACE,
  stringifyEntityRef,
} from '@backstage/catalog-model';

export const authModuleIdentityServerProvider = createBackendModule({
  pluginId: 'auth',
  moduleId: 'auth.sso-auth-provider',
  register(reg) {
    reg.registerInit({
      deps: { providers: authProvidersExtensionPoint },
      async init({ providers }) {
        providers.registerProvider({
          providerId: 'sso-auth-provider',
          factory: createOAuthProviderFactory({
            authenticator: oidcAuthenticator,
            async signInResolver(info, ctx) {
              const userRef = stringifyEntityRef({
                kind: 'User',
                name: info.result.fullProfile.userinfo.sub,
                namespace: DEFAULT_NAMESPACE,
              });
              return ctx.issueToken({
                claims: {
                  sub: userRef, // The user's own identity
                  ent: [userRef], // A list of identities that the user claims ownership through
                },
              });
            },
          }),
        });
      },
    });
  },
});

const backend = createBackend();

backend.add(import('@backstage/plugin-auth-backend-module-oidc-provider'));
backend.add(authModuleIdentityServerProvider);

According to the official Migration Guide, we can run yarn new to create a backend module. Try changing auth.sso-auth-provider in index.ts to this format.

Replace the code in plugins/auth-backend-module-oidc/src/module.ts with the createBackendModule code from index.ts, without making any changes. Finally, add this module to index.ts:

backend.add(import('@internal/backstage-plugin-auth-backend-module-oidc'))

And that is my success example.

I am grateful to the official Backstage Discord community for all the inspiration they provided!