stackoom
  简体   繁体   中英

How to enable sign-in with Google on Backstage?

 原文  2022-05-13 02:21:30       google-oauth/ single-sign-on/ backstage

Question

On Backstage, after following all the steps on https://backstage.io/docs/auth/google/provider , I get the message "The Google provider is not configured to support sign-in" after going through the Google SSO interface.

If I understood correctly, I have to setup Backstage to enable/allow Google provider to sign-in users. But I'm lost on how to do this.

How to configure Google provider to support sign-in on Backstage?

在此处输入图像描述

1 answers

solution1
 1 ACCPTED  2022-05-18 21:00:44

It seems you missed the backend app's auth plugin configuration as mentioned in the docs

You should create a resolver function to map the google's user identity to a backstage's user identity or, optionally, skip the catalog's user lookup ( there are caveats to this approach ).

The following documentation explains about the resolver function and user identities: Sign-in Identities and Resolvers

The following code is an example of how you would achieve a google resolver WITHOUT mapping to a backstage user identity and I recommend using it for testing purposes only and, as previosly mentioned, there are caveats to this approach. I strongly recommend understanding the documentation and the power mapping the external user identity to a backstage user identity unleashes.

./packages/backend/src/plugins/auth.ts


 import { createRouter, providers } from '@backstage/plugin-auth-backend'; import { Router } from 'express'; import { PluginEnvironment } from '../types'; import { DEFAULT_NAMESPACE, stringifyEntityRef, } from '@backstage/catalog-model'; export default async function createPlugin( env: PluginEnvironment, ): Promise<Router> { return await createRouter({ ...env, providerFactories: { google: providers.google.create({ signIn: { resolver: async ({ profile }, ctx) => { if (!profile.email) { throw new Error( 'Login failed, user profile does not contain an email', ); } const [localPart] = profile.email.split('@'); const userEntityRef = stringifyEntityRef({ kind: 'User', name: localPart, namespace: DEFAULT_NAMESPACE, }); return ctx.issueToken({ claims: { sub: userEntityRef, ent: [userEntityRef], }, }); }, }, }), }, }); }

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Google Sign-In, How to store session state? Google Sign-In: how to retry when there is a failure? Google Sign-in is not working How to setting Google Sign-In for Google+ not show by popup How to make Google sign-in token valid for longer than 1 hour? How to authorize calls after Google Sign-In flow "Error updating Google" message when trying to enable Google Sign-In for Firebase Authentication Google Sign-in: Token Expired Scopes for migration from Google+ Sign-In to Google Sign-In Google Sign-In: backend verification
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM