DEVHIDE
Login Or Sign up

Enable PKCE in swagger inside backstage.io

17 Views Asked by At

I am using backstage.io running inside a docker container.

Everything works fine, I can import my catalog-infos from an on-prem GitLab and the OpenAPI specs are correctly displayed in the SwaggerUI, except authorization in the SwaggerUI (with authorizationCode and PKCE).

This is the Dockerfile I use for building my container:

FROM node:18-bookworm-slim AS build

RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \
  --mount=type=cache,target=/var/lib/apt,sharing=locked \
  apt-get update && \
  apt-get install -y --no-install-recommends python3 g++ build-essential && \
  yarn config set python /usr/bin/python3

WORKDIR /app

RUN npm install -g @backstage/[email protected]
RUN BACKSTAGE_APP_NAME="backstage" backstage-create-app --skip-install --path /app

RUN --mount=type=cache,target=/home/node/.cache/yarn,sharing=locked,uid=1000,gid=1000 \
  yarn install --network-timeout 600000
RUN --mount=type=cache,target=/home/node/.cache/yarn,sharing=locked,uid=1000,gid=1000 \
  yarn --cwd packages/backend add @backstage/plugin-catalog-backend-module-openapi

RUN sed -i "s+import { Router } from 'express';+import { Router } from 'express';\nimport { jsonSchemaRefPlaceholderResolver } from '@backstage/plugin-catalog-backend-module-openapi';+" packages/backend/src/plugins/catalog.ts
RUN sed -i "s/builder.addProcessor(new ScaffolderEntitiesProcessor());/builder.addProcessor(new ScaffolderEntitiesProcessor());\nbuilder.setPlaceholderResolver('openapi', jsonSchemaRefPlaceholderResolver);\nbuilder.setPlaceholderResolver('asyncapi', jsonSchemaRefPlaceholderResolver);/" packages/backend/src/plugins/catalog.ts

RUN yarn tsc
RUN yarn --cwd packages/backend build

RUN mkdir packages/backend/dist/skeleton packages/backend/dist/bundle \
  && tar xzf packages/backend/dist/skeleton.tar.gz -C packages/backend/dist/skeleton \
  && tar xzf packages/backend/dist/bundle.tar.gz -C packages/backend/dist/bundle

FROM node:18-bookworm-slim

# Install isolate-vm dependencies, these are needed by the @backstage/plugin-scaffolder-backend.
RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \
  --mount=type=cache,target=/var/lib/apt,sharing=locked \
  apt-get update && \
  apt-get install -y --no-install-recommends python3 g++ build-essential && \
  yarn config set python /usr/bin/python3

# Install sqlite3 dependencies. You can skip this if you don't use sqlite3 in the image,
# in which case you should also move better-sqlite3 to "devDependencies" in package.json.
# Additionally, we install dependencies for `techdocs.generator.runIn: local`.
# https://backstage.io/docs/features/techdocs/getting-started#disabling-docker-in-docker-situation-optional
RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \
  --mount=type=cache,target=/var/lib/apt,sharing=locked \
  apt-get update && \
  apt-get install -y --no-install-recommends libsqlite3-dev python3 python3-pip python3-venv build-essential && \
  yarn config set python /usr/bin/python3

WORKDIR /app

# Copy the install dependencies from the build stage and context
COPY --from=build --chown=node:node /app/yarn.lock /app/package.json /app/packages/backend/dist/skeleton/ ./

RUN --mount=type=cache,target=/home/node/.cache/yarn,sharing=locked,uid=1000,gid=1000 \
  yarn install --production --network-timeout 600000

# Copy the built packages from the build stage
COPY --from=build --chown=node:node /app/packages/backend/dist/bundle/ ./

# Copy Swagger oAuth redirect page
COPY --chown=node:node files/oauth2-redirect.html /app/packages/app/dist/oauth2-redirect.html

# This switches many Node.js dependencies to production mode.
ENV NODE_ENV production

CMD ["node", "packages/backend", "--config", "app-config.yaml"]

and with these commands I build and then run it:

docker build --pull \
  -f Dockerfile \
  -t backstage-custom:latest \
  .

docker run --name backstage \
--hostname %H \
-p 127.0.0.1:7007:7007 \
--volume ~/backstage/data:/app/data \
--volume ~/backstage/app-config.yaml:/app/app-config.yaml \
--volume /var/run/docker.sock:/var/run/docker.sock \
backstage-custom:latest

I've found this page where it is described how to add the redirect page - which I already included in the Dockerfile.

But what I am still missing is how I can enable the setting usePkceWithAuthorizationCodeGrant as described here.

I tried to directly run SwaggerUI - there I can define this setting and it works!

docker run --rm -p 80:8080 \
-v ~/SWAGGER_UI:/foo \
-e SWAGGER_JSON=/foo/my-service-openapi.yml \
-e OAUTH_CLIENT_ID=backstage-dev \
-e OAUTH_SCOPES="openid offline" \
-e OAUTH_USE_PKCE=true \
swaggerapi/swagger-ui

But how can I do this in backstage?

docker oauth-2.0 swagger-ui pkce backstage
Original Q&A
0

There are 0 best solutions below

Related Questions in DOCKER

Related Questions in OAUTH-2.0

Related Questions in SWAGGER-UI

Related Questions in PKCE

Related Questions in BACKSTAGE

Trending Questions

Popular # Hahtags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs

Popular Questions

.

Copyright © 2021 Jogjafile Inc.