Backstage Plugins by Example: Part 3

Updating the Frontend Plugin

As a plugin developer, there are two main touchpoints for identities: the IdentityApi exported by @backstage/core-plugin-api via the identityApiRef, and a not yet existing middleware exported by @backstage/backend-common.

The IdentityApi gives access to the signed-in user’s identity in the frontend. It provides access to the user’s ID, lightweight profile information, and an ID token used to make authenticated calls within Backstage.

Securing the Backend APIs

The middleware that will be provided by @backstage/backend-common allows verification of Backstage ID tokens, and optionally loading additional information about the user. The progress is tracked in

NOTE: Identity management and the SignInPage in Backstage is NOT a method for blocking access for unauthorized users, that either requires additional backend implementation or a separate service like Google’s Identity-Aware Proxy. The identity system only serves to provide a personalized experience and access to a Backstage Identity Token, which can be passed to backend plugins.

$ curl http://localhost:7007/api/search/query\?term\=

Updating the Backend Plugin

curl http://localhost:7007/api/auth/.well-known/jwks.json

Wrap Up



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store