npm - @backstage/cli-module-auth - Versions diffs - 0.0.0-nightly-20260317031259 - Mend

@backstage/cli-module-auth 0.0.0-nightly-20260317031259

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (35) hide show

package/CHANGELOG.md +13 -0
package/README.md +19 -0
package/bin/backstage-cli-module-auth +32 -0
package/dist/commands/list.cjs.js +23 -0
package/dist/commands/list.cjs.js.map +1 -0
package/dist/commands/login.cjs.js +316 -0
package/dist/commands/login.cjs.js.map +1 -0
package/dist/commands/logout.cjs.js +55 -0
package/dist/commands/logout.cjs.js.map +1 -0
package/dist/commands/printToken.cjs.js +41 -0
package/dist/commands/printToken.cjs.js.map +1 -0
package/dist/commands/select.cjs.js +32 -0
package/dist/commands/select.cjs.js.map +1 -0
package/dist/commands/show.cjs.js +59 -0
package/dist/commands/show.cjs.js.map +1 -0
package/dist/index.cjs.js +45 -0
package/dist/index.cjs.js.map +1 -0
package/dist/index.d.ts +5 -0
package/dist/lib/auth.cjs.js +60 -0
package/dist/lib/auth.cjs.js.map +1 -0
package/dist/lib/http.cjs.js +26 -0
package/dist/lib/http.cjs.js.map +1 -0
package/dist/lib/localServer.cjs.js +80 -0
package/dist/lib/localServer.cjs.js.map +1 -0
package/dist/lib/pkce.cjs.js +23 -0
package/dist/lib/pkce.cjs.js.map +1 -0
package/dist/lib/prompt.cjs.js +44 -0
package/dist/lib/prompt.cjs.js.map +1 -0
package/dist/lib/secretStore.cjs.js +81 -0
package/dist/lib/secretStore.cjs.js.map +1 -0
package/dist/lib/storage.cjs.js +152 -0
package/dist/lib/storage.cjs.js.map +1 -0
package/dist/package.json.cjs.js +95 -0
package/dist/package.json.cjs.js.map +1 -0
package/package.json +63 -0

package/CHANGELOG.md ADDED Viewed

@@ -0,0 +1,13 @@
+# @backstage/cli-module-auth
+## 0.0.0-nightly-20260317031259
+### Minor Changes
+- 329f394: Initial release of the CLI module packages. Each module provides a set of commands that can be discovered automatically by `@backstage/cli` or executed standalone.
+### Patch Changes
+- Updated dependencies
+  - @backstage/cli-node@0.0.0-nightly-20260317031259
+  - @backstage/errors@1.2.7

package/README.md ADDED Viewed

@@ -0,0 +1,19 @@
+# @backstage/cli-module-auth
+CLI module that provides authentication commands for the Backstage CLI, enabling login, logout, and credential management for Backstage instances.
+## Commands
+| Command            | Description                                              |
+| :----------------- | :------------------------------------------------------- |
+| `auth login`       | Log in the CLI to a Backstage instance                   |
+| `auth logout`      | Log out the CLI and clear stored credentials             |
+| `auth show`        | Show details of an authenticated instance                |
+| `auth list`        | List authenticated instances                             |
+| `auth print-token` | Print an access token to stdout (auto-refresh if needed) |
+| `auth select`      | Select the default instance                              |
+## Documentation
+- [Backstage Readme](https://github.com/backstage/backstage/blob/master/README.md)
+- [Backstage Documentation](https://backstage.io/docs)

package/bin/backstage-cli-module-auth ADDED Viewed

@@ -0,0 +1,32 @@
+#!/usr/bin/env node
+/*
+ * Copyright 2024 The Backstage Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+const path = require('node:path');
+/* eslint-disable-next-line no-restricted-syntax */
+const isLocal = require('node:fs').existsSync(
+  path.resolve(__dirname, '../src'),
+);
+if (isLocal) {
+  require('@backstage/cli-node/config/nodeTransform.cjs');
+}
+const { runCliModule } = require('@backstage/cli-node');
+const cliModule = require(isLocal ? '../src/index' : '..').default;
+const pkg = require('../package.json');
+runCliModule({ module: cliModule, name: pkg.name, version: pkg.version });

package/dist/commands/list.cjs.js ADDED Viewed

@@ -0,0 +1,23 @@
+'use strict';
+Object.defineProperty(exports, '__esModule', { value: true });
+var cleye = require('cleye');
+var storage = require('../lib/storage.cjs.js');
+var list = async ({ args, info }) => {
+  cleye.cli({ help: info }, void 0, args);
+  const { instances, selected } = await storage.getAllInstances();
+  if (!instances.length) {
+    process.stderr.write("No instances found\n");
+    return;
+  }
+  for (const inst of instances) {
+    const mark = inst.name === selected?.name ? "* " : "  ";
+    process.stdout.write(`${mark}${inst.name} - ${inst.baseUrl}
+`);
+  }
+};
+exports.default = list;
+//# sourceMappingURL=list.cjs.js.map

package/dist/commands/list.cjs.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"list.cjs.js","sources":["../../src/commands/list.ts"],"sourcesContent":["/*\n * Copyright 2025 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { cli } from 'cleye';\nimport type { CliCommandContext } from '@backstage/cli-node';\nimport { getAllInstances } from '../lib/storage';\n\nexport default async ({ args, info }: CliCommandContext) => {\n cli({ help: info }, undefined, args);\n\n const { instances, selected } = await getAllInstances();\n if (!instances.length) {\n process.stderr.write('No instances found\\n');\n return;\n }\n for (const inst of instances) {\n const mark = inst.name === selected?.name ? '* ' : ' ';\n process.stdout.write(`${mark}${inst.name} - ${inst.baseUrl}\\n`);\n }\n};\n"],"names":["cli","getAllInstances"],"mappings":";;;;;;;AAoBA,WAAe,OAAO,EAAE,IAAA,EAAM,IAAA,EAAK,KAAyB;AAC1D,EAAAA,SAAA,CAAI,EAAE,IAAA,EAAM,IAAA,EAAK,EAAG,QAAW,IAAI,CAAA;AAEnC,EAAA,MAAM,EAAE,SAAA,EAAW,QAAA,EAAS,GAAI,MAAMC,uBAAA,EAAgB;AACtD,EAAA,IAAI,CAAC,UAAU,MAAA,EAAQ;AACrB,IAAA,OAAA,CAAQ,MAAA,CAAO,MAAM,sBAAsB,CAAA;AAC3C,IAAA;AAAA,EACF;AACA,EAAA,KAAA,MAAW,QAAQ,SAAA,EAAW;AAC5B,IAAA,MAAM,IAAA,GAAO,IAAA,CAAK,IAAA,KAAS,QAAA,EAAU,OAAO,IAAA,GAAO,IAAA;AACnD,IAAA,OAAA,CAAQ,MAAA,CAAO,MAAM,CAAA,EAAG,IAAI,GAAG,IAAA,CAAK,IAAI,CAAA,GAAA,EAAM,IAAA,CAAK,OAAO;AAAA,CAAI,CAAA;AAAA,EAChE;AACF,CAAA;;;;"}

package/dist/commands/login.cjs.js ADDED Viewed

@@ -0,0 +1,316 @@
+'use strict';
+Object.defineProperty(exports, '__esModule', { value: true });
+var cleye = require('cleye');
+var localServer = require('../lib/localServer.cjs.js');
+var node_child_process = require('node:child_process');
+var pkce = require('../lib/pkce.cjs.js');
+var http = require('../lib/http.cjs.js');
+var storage = require('../lib/storage.cjs.js');
+var secretStore = require('../lib/secretStore.cjs.js');
+var crypto = require('node:crypto');
+var fs = require('fs-extra');
+var path = require('node:path');
+var glob = require('glob');
+var YAML = require('yaml');
+var inquirer = require('inquirer');
+function _interopDefaultCompat (e) { return e && typeof e === 'object' && 'default' in e ? e : { default: e }; }
+var crypto__default = /*#__PURE__*/_interopDefaultCompat(crypto);
+var fs__default = /*#__PURE__*/_interopDefaultCompat(fs);
+var path__default = /*#__PURE__*/_interopDefaultCompat(path);
+var glob__default = /*#__PURE__*/_interopDefaultCompat(glob);
+var YAML__default = /*#__PURE__*/_interopDefaultCompat(YAML);
+var inquirer__default = /*#__PURE__*/_interopDefaultCompat(inquirer);
+const TOKEN_EXCHANGE_TIMEOUT_MS = 3e4;
+var login = async ({ args, info }) => {
+  const {
+    flags: { backendUrl, noBrowser, instance: instanceFlag }
+  } = cleye.cli(
+    {
+      help: info,
+      flags: {
+        backendUrl: { type: String, description: "Backend base URL" },
+        noBrowser: {
+          type: Boolean,
+          description: "Do not open browser automatically"
+        },
+        instance: {
+          type: String,
+          description: "Name for this instance (used by other auth commands)"
+        }
+      }
+    },
+    void 0,
+    args
+  );
+  const { instances, selected } = await storage.getAllInstances();
+  let backendBaseUrl;
+  let instanceName;
+  if (instanceFlag) {
+    instanceName = instanceFlag;
+    const targetInstance = instances.find((i) => i.name === instanceFlag);
+    if (targetInstance) {
+      backendBaseUrl = normalizeUrl(backendUrl) ?? targetInstance.baseUrl;
+    } else {
+      backendBaseUrl = normalizeUrl(backendUrl) ?? await pickBaseUrl();
+    }
+  } else if (backendUrl) {
+    backendBaseUrl = normalizeUrl(backendUrl);
+    instanceName = deriveInstanceName(backendBaseUrl);
+  } else if (instances.length > 0) {
+    const choice = await promptForInstance(instances, selected);
+    if (choice === "__new__") {
+      backendBaseUrl = await pickBaseUrl();
+      instanceName = deriveInstanceName(backendBaseUrl);
+    } else {
+      const targetInstance = instances.find((i) => i.name === choice);
+      if (!targetInstance) {
+        throw new Error("Instance not found");
+      }
+      backendBaseUrl = targetInstance.baseUrl;
+      instanceName = targetInstance.name;
+    }
+  } else {
+    backendBaseUrl = await pickBaseUrl();
+    instanceName = deriveInstanceName(backendBaseUrl);
+  }
+  const authBaseUrl = `${backendBaseUrl}/api/auth`;
+  const clientId = `${authBaseUrl}/.well-known/oauth-client/cli.json`;
+  const metadataResponse = await fetch(clientId, {
+    signal: AbortSignal.timeout(3e4)
+  });
+  if (!metadataResponse.ok) {
+    throw new Error(
+      `Server does not support CLI authentication. Ensure CIMD is enabled on the backend.`
+    );
+  }
+  const { verifier, challenge, state } = createPkceState();
+  const callback = await localServer.startCallbackServer({ state });
+  try {
+    const authorizeUrl = buildAuthorizeUrl({
+      authBaseUrl,
+      clientId,
+      redirectUri: callback.url,
+      state,
+      challenge
+    });
+    await openBrowserOrPrint(authorizeUrl, noBrowser);
+    const code = await waitForAuthorizationCode(callback, state);
+    const token = await exchangeAuthorizationCode({
+      authBaseUrl,
+      code,
+      redirectUri: callback.url,
+      verifier
+    });
+    await persistInstance({
+      instanceName,
+      backendBaseUrl,
+      clientId,
+      token
+    });
+    process.stdout.write("Login successful\n");
+  } finally {
+    await callback.close();
+  }
+};
+async function promptForInstance(instances, selected) {
+  const choices = instances.map((i) => ({
+    name: `${i.name === selected?.name ? "* " : "  "}${i.name} (${i.baseUrl})`,
+    value: i.name
+  }));
+  choices.push({
+    name: "Add new instance...",
+    value: "__new__"
+  });
+  const { choice } = await inquirer__default.default.prompt([
+    {
+      type: "list",
+      name: "choice",
+      message: "Select instance to authenticate:",
+      choices,
+      default: selected?.name ?? "__new__"
+    }
+  ]);
+  return choice;
+}
+async function pickBaseUrl() {
+  const cwd = process.cwd();
+  const candidates = [];
+  const patterns = [
+    "app-config.yaml",
+    "app-config.*.yaml",
+    "packages/*/app-config.yaml",
+    "packages/*/app-config.*.yaml"
+  ];
+  const files = patterns.flatMap((p) => glob__default.default.sync(p, { cwd, nodir: true }));
+  for (const file of files) {
+    try {
+      const content = await fs__default.default.readFile(path__default.default.resolve(cwd, file), "utf8");
+      const doc = YAML__default.default.parse(content);
+      const url = doc?.backend?.baseUrl;
+      if (url) {
+        candidates.push({ url: normalizeUrl(url), file });
+      }
+    } catch {
+    }
+  }
+  const list = [...new Map(candidates.map((c) => [c.url, c])).values()];
+  if (list.length === 0) {
+    const { manual } = await inquirer__default.default.prompt([
+      { type: "input", name: "manual", message: "Enter backend base URL" }
+    ]);
+    return normalizeUrl(manual);
+  }
+  if (list.length === 1) {
+    return list[0].url;
+  }
+  const { picked } = await inquirer__default.default.prompt([
+    {
+      type: "list",
+      name: "picked",
+      message: "Select backend base URL",
+      choices: [
+        ...list.map((e) => ({ name: `${e.url} (${e.file})`, value: e.url })),
+        { name: "Enter manually", value: "__manual__" }
+      ]
+    }
+  ]);
+  if (picked === "__manual__") {
+    const { manual } = await inquirer__default.default.prompt([
+      { type: "input", name: "manual", message: "Enter backend base URL" }
+    ]);
+    return normalizeUrl(manual);
+  }
+  return picked;
+}
+function normalizeUrl(u) {
+  if (u === void 0) {
+    return void 0;
+  }
+  try {
+    const url = new URL(u);
+    return url.toString().replace(/\/$/, "");
+  } catch {
+    throw new Error(`'${u}' is not a valid URL`);
+  }
+}
+function deriveInstanceName(url) {
+  return new URL(url).host;
+}
+function createPkceState() {
+  const verifier = pkce.generateVerifier();
+  const challenge = pkce.challengeFromVerifier(verifier);
+  const state = cryptoRandom();
+  return { verifier, challenge, state };
+}
+function buildAuthorizeUrl(options) {
+  const { authBaseUrl, clientId, redirectUri, state, challenge } = options;
+  const authorize = new URL(`${authBaseUrl}/v1/authorize`);
+  authorize.searchParams.set("client_id", clientId);
+  authorize.searchParams.set("redirect_uri", redirectUri);
+  authorize.searchParams.set("response_type", "code");
+  authorize.searchParams.set("scope", "openid offline_access");
+  authorize.searchParams.set("state", state);
+  authorize.searchParams.set("code_challenge", challenge);
+  authorize.searchParams.set("code_challenge_method", "S256");
+  return authorize.toString();
+}
+async function openBrowserOrPrint(url, noBrowser) {
+  if (noBrowser) {
+    process.stdout.write(`Open this URL to continue: ${url}
+`);
+  } else {
+    process.stdout.write(`Opening the following URL: ${url}
+`);
+    openInBrowser(url);
+  }
+}
+async function waitForAuthorizationCode(callback, expectedState) {
+  const { code, state } = await callback.waitForCode();
+  if (state !== expectedState) {
+    throw new Error("State mismatch");
+  }
+  return code;
+}
+async function exchangeAuthorizationCode(options) {
+  const { authBaseUrl, code, redirectUri, verifier } = options;
+  return await http.httpJson(`${authBaseUrl}/v1/token`, {
+    method: "POST",
+    body: {
+      grant_type: "authorization_code",
+      code,
+      redirect_uri: redirectUri,
+      code_verifier: verifier
+    },
+    signal: AbortSignal.timeout(TOKEN_EXCHANGE_TIMEOUT_MS)
+  });
+}
+async function persistInstance(options) {
+  const { instanceName, backendBaseUrl, clientId, token } = options;
+  const secretStore$1 = await secretStore.getSecretStore();
+  await storage.withMetadataLock(async () => {
+    const service = `backstage-cli:auth-instance:${instanceName}`;
+    await secretStore$1.set(service, "accessToken", token.access_token);
+    if (token.refresh_token) {
+      await secretStore$1.set(service, "refreshToken", token.refresh_token);
+    } else {
+      process.stderr.write(
+        "Warning: No refresh token received. You will need to re-authenticate when the access token expires.\n"
+      );
+    }
+    let existing;
+    try {
+      existing = await storage.getInstanceByName(instanceName);
+    } catch {
+    }
+    await storage.upsertInstance({
+      name: instanceName,
+      baseUrl: backendBaseUrl,
+      clientId,
+      issuedAt: Date.now(),
+      accessTokenExpiresAt: Date.now() + token.expires_in * 1e3,
+      selected: existing?.selected
+    });
+  });
+}
+function cryptoRandom() {
+  return crypto__default.default.randomBytes(32).toString("hex");
+}
+function openInBrowser(url) {
+  const handleError = (error) => {
+    const message = error instanceof Error ? error.message : "Unknown error";
+    process.stderr.write(
+      `Warning: Failed to open browser automatically: ${message}
+`
+    );
+    process.stderr.write(`Please open this URL manually: ${url}
+`);
+  };
+  const spawnOpts = { detached: true, stdio: "ignore" };
+  let child;
+  try {
+    if (process.platform === "darwin") {
+      child = node_child_process.spawn("open", [url], spawnOpts);
+    } else if (process.platform === "win32") {
+      child = node_child_process.spawn(
+        "powershell",
+        ["-Command", `Start-Process '${url.replace(/'/g, "''")}'`],
+        spawnOpts
+      );
+    } else {
+      child = node_child_process.spawn("xdg-open", [url], spawnOpts);
+    }
+    child.unref();
+    child.on("error", handleError);
+  } catch (error) {
+    handleError(error);
+  }
+}
+exports.default = login;
+exports.openInBrowser = openInBrowser;
+//# sourceMappingURL=login.cjs.js.map

package/dist/commands/login.cjs.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"login.cjs.js","sources":["../../src/commands/login.ts"],"sourcesContent":["/*\n * Copyright 2025 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { cli } from 'cleye';\nimport type { CliCommandContext } from '@backstage/cli-node';\nimport { startCallbackServer } from '../lib/localServer';\nimport { spawn } from 'node:child_process';\nimport { challengeFromVerifier, generateVerifier } from '../lib/pkce';\nimport { httpJson } from '../lib/http';\nimport {\n upsertInstance,\n withMetadataLock,\n getAllInstances,\n getInstanceByName,\n StoredInstance,\n} from '../lib/storage';\nimport { getSecretStore } from '../lib/secretStore';\nimport crypto from 'node:crypto';\nimport fs from 'fs-extra';\nimport path from 'node:path';\nimport glob from 'glob';\nimport YAML from 'yaml';\nimport inquirer from 'inquirer';\n\nconst TOKEN_EXCHANGE_TIMEOUT_MS = 30_000;\n\nexport default async ({ args, info }: CliCommandContext) => {\n const {\n flags: { backendUrl, noBrowser, instance: instanceFlag },\n } = cli(\n {\n help: info,\n flags: {\n backendUrl: { type: String, description: 'Backend base URL' },\n noBrowser: {\n type: Boolean,\n description: 'Do not open browser automatically',\n },\n instance: {\n type: String,\n description: 'Name for this instance (used by other auth commands)',\n },\n },\n },\n undefined,\n args,\n );\n\n const { instances, selected } = await getAllInstances();\n\n let backendBaseUrl: string;\n let instanceName: string;\n\n if (instanceFlag) {\n instanceName = instanceFlag;\n const targetInstance = instances.find(i => i.name === instanceFlag);\n if (targetInstance) {\n backendBaseUrl = normalizeUrl(backendUrl) ?? targetInstance.baseUrl;\n } else {\n backendBaseUrl = normalizeUrl(backendUrl) ?? (await pickBaseUrl());\n }\n } else if (backendUrl) {\n backendBaseUrl = normalizeUrl(backendUrl);\n instanceName = deriveInstanceName(backendBaseUrl);\n } else if (instances.length > 0) {\n const choice = await promptForInstance(instances, selected);\n if (choice === '__new__') {\n backendBaseUrl = await pickBaseUrl();\n instanceName = deriveInstanceName(backendBaseUrl);\n } else {\n const targetInstance = instances.find(i => i.name === choice);\n if (!targetInstance) {\n throw new Error('Instance not found');\n }\n backendBaseUrl = targetInstance.baseUrl;\n instanceName = targetInstance.name;\n }\n } else {\n backendBaseUrl = await pickBaseUrl();\n instanceName = deriveInstanceName(backendBaseUrl);\n }\n\n const authBaseUrl = `${backendBaseUrl}/api/auth`;\n const clientId = `${authBaseUrl}/.well-known/oauth-client/cli.json`;\n\n const metadataResponse = await fetch(clientId, {\n signal: AbortSignal.timeout(30_000),\n });\n if (!metadataResponse.ok) {\n throw new Error(\n `Server does not support CLI authentication. Ensure CIMD is enabled on the backend.`,\n );\n }\n\n const { verifier, challenge, state } = createPkceState();\n const callback = await startCallbackServer({ state });\n\n try {\n const authorizeUrl = buildAuthorizeUrl({\n authBaseUrl,\n clientId,\n redirectUri: callback.url,\n state,\n challenge,\n });\n\n await openBrowserOrPrint(authorizeUrl, noBrowser);\n\n const code = await waitForAuthorizationCode(callback, state);\n\n const token = await exchangeAuthorizationCode({\n authBaseUrl,\n code,\n redirectUri: callback.url,\n verifier,\n });\n\n await persistInstance({\n instanceName,\n backendBaseUrl,\n clientId,\n token,\n });\n\n process.stdout.write('Login successful\\n');\n } finally {\n await callback.close();\n }\n};\n\nasync function promptForInstance(\n instances: StoredInstance[],\n selected: StoredInstance | undefined,\n): Promise<string> {\n const choices = instances.map(i => ({\n name: `${i.name === selected?.name ? '* ' : ' '}${i.name} (${i.baseUrl})`,\n value: i.name,\n }));\n\n choices.push({\n name: 'Add new instance...',\n value: '__new__',\n });\n\n const { choice } = await inquirer.prompt<{ choice: string }>([\n {\n type: 'list',\n name: 'choice',\n message: 'Select instance to authenticate:',\n choices,\n default: selected?.name ?? '__new__',\n },\n ]);\n\n return choice;\n}\n\nasync function pickBaseUrl() {\n const cwd = process.cwd();\n const candidates: Array<{ url: string; file: string }> = [];\n\n const patterns = [\n 'app-config.yaml',\n 'app-config.*.yaml',\n 'packages/*/app-config.yaml',\n 'packages/*/app-config.*.yaml',\n ];\n const files = patterns.flatMap(p => glob.sync(p, { cwd, nodir: true }));\n for (const file of files) {\n try {\n const content = await fs.readFile(path.resolve(cwd, file), 'utf8');\n const doc = YAML.parse(content);\n const url = doc?.backend?.baseUrl as string | undefined;\n if (url) {\n candidates.push({ url: normalizeUrl(url), file });\n }\n } catch {\n // ignore parse errors\n }\n }\n\n const list = [...new Map(candidates.map(c => [c.url, c])).values()];\n if (list.length === 0) {\n const { manual } = await inquirer.prompt<{ manual: string }>([\n { type: 'input', name: 'manual', message: 'Enter backend base URL' },\n ]);\n return normalizeUrl(manual);\n }\n if (list.length === 1) {\n return list[0].url;\n }\n\n const { picked } = await inquirer.prompt<{ picked: string }>([\n {\n type: 'list',\n name: 'picked',\n message: 'Select backend base URL',\n choices: [\n ...list.map(e => ({ name: `${e.url} (${e.file})`, value: e.url })),\n { name: 'Enter manually', value: '__manual__' },\n ],\n },\n ]);\n if (picked === '__manual__') {\n const { manual } = await inquirer.prompt<{ manual: string }>([\n { type: 'input', name: 'manual', message: 'Enter backend base URL' },\n ]);\n return normalizeUrl(manual);\n }\n return picked;\n}\n\nfunction normalizeUrl(u: string): string;\nfunction normalizeUrl(u: string | undefined): string | undefined;\nfunction normalizeUrl(u: string | undefined): string | undefined {\n if (u === undefined) {\n return undefined;\n }\n try {\n const url = new URL(u);\n return url.toString().replace(/\\/$/, '');\n } catch {\n throw new Error(`'${u}' is not a valid URL`);\n }\n}\n\nfunction deriveInstanceName(url: string): string {\n return new URL(url).host;\n}\n\nfunction createPkceState() {\n const verifier = generateVerifier();\n const challenge = challengeFromVerifier(verifier);\n const state = cryptoRandom();\n return { verifier, challenge, state };\n}\n\nfunction buildAuthorizeUrl(options: {\n authBaseUrl: string;\n clientId: string;\n redirectUri: string;\n state: string;\n challenge: string;\n}): string {\n const { authBaseUrl, clientId, redirectUri, state, challenge } = options;\n const authorize = new URL(`${authBaseUrl}/v1/authorize`);\n authorize.searchParams.set('client_id', clientId);\n authorize.searchParams.set('redirect_uri', redirectUri);\n authorize.searchParams.set('response_type', 'code');\n authorize.searchParams.set('scope', 'openid offline_access');\n authorize.searchParams.set('state', state);\n authorize.searchParams.set('code_challenge', challenge);\n authorize.searchParams.set('code_challenge_method', 'S256');\n return authorize.toString();\n}\n\nasync function openBrowserOrPrint(url: string, noBrowser?: boolean) {\n if (noBrowser) {\n process.stdout.write(`Open this URL to continue: ${url}\\n`);\n } else {\n process.stdout.write(`Opening the following URL: ${url}\\n`);\n openInBrowser(url);\n }\n}\n\nasync function waitForAuthorizationCode(\n callback: Awaited<ReturnType<typeof startCallbackServer>>,\n expectedState: string,\n) {\n const { code, state } = await callback.waitForCode();\n if (state !== expectedState) {\n throw new Error('State mismatch');\n }\n return code;\n}\n\nasync function exchangeAuthorizationCode(options: {\n authBaseUrl: string;\n code: string;\n redirectUri: string;\n verifier: string;\n}) {\n const { authBaseUrl, code, redirectUri, verifier } = options;\n return await httpJson<{\n access_token: string;\n token_type: string;\n expires_in: number;\n id_token?: string;\n refresh_token?: string;\n }>(`${authBaseUrl}/v1/token`, {\n method: 'POST',\n body: {\n grant_type: 'authorization_code',\n code,\n redirect_uri: redirectUri,\n code_verifier: verifier,\n },\n signal: AbortSignal.timeout(TOKEN_EXCHANGE_TIMEOUT_MS),\n });\n}\n\nasync function persistInstance(options: {\n instanceName: string;\n backendBaseUrl: string;\n clientId: string;\n token: { access_token: string; refresh_token?: string; expires_in: number };\n}) {\n const { instanceName, backendBaseUrl, clientId, token } = options;\n const secretStore = await getSecretStore();\n await withMetadataLock(async () => {\n const service = `backstage-cli:auth-instance:${instanceName}`;\n await secretStore.set(service, 'accessToken', token.access_token);\n if (token.refresh_token) {\n await secretStore.set(service, 'refreshToken', token.refresh_token);\n } else {\n process.stderr.write(\n 'Warning: No refresh token received. You will need to re-authenticate when the access token expires.\\n',\n );\n }\n let existing: StoredInstance | undefined;\n try {\n existing = await getInstanceByName(instanceName);\n } catch {\n // new instance\n }\n await upsertInstance({\n name: instanceName,\n baseUrl: backendBaseUrl,\n clientId,\n issuedAt: Date.now(),\n accessTokenExpiresAt: Date.now() + token.expires_in * 1000,\n selected: existing?.selected,\n });\n });\n}\n\nfunction cryptoRandom(): string {\n return crypto.randomBytes(32).toString('hex');\n}\n\n// The react-dev-utils/openBrowser breaks the login URL by encoding the URL parameters again\nexport function openInBrowser(url: string): void {\n const handleError = (error: unknown) => {\n const message = error instanceof Error ? error.message : 'Unknown error';\n process.stderr.write(\n `Warning: Failed to open browser automatically: ${message}\\n`,\n );\n process.stderr.write(`Please open this URL manually: ${url}\\n`);\n };\n\n const spawnOpts = { detached: true, stdio: 'ignore' } as const;\n let child;\n try {\n if (process.platform === 'darwin') {\n child = spawn('open', [url], spawnOpts);\n } else if (process.platform === 'win32') {\n child = spawn(\n 'powershell',\n ['-Command', `Start-Process '${url.replace(/'/g, \"''\")}'`],\n spawnOpts,\n );\n } else {\n child = spawn('xdg-open', [url], spawnOpts);\n }\n child.unref();\n child.on('error', handleError);\n } catch (error) {\n handleError(error);\n }\n}\n"],"names":["cli","getAllInstances","startCallbackServer","inquirer","glob","fs","path","YAML","generateVerifier","challengeFromVerifier","httpJson","secretStore","getSecretStore","withMetadataLock","getInstanceByName","upsertInstance","crypto","spawn"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;AAqCA,MAAM,yBAAA,GAA4B,GAAA;AAElC,YAAe,OAAO,EAAE,IAAA,EAAM,IAAA,EAAK,KAAyB;AAC1D,EAAA,MAAM;AAAA,IACJ,KAAA,EAAO,EAAE,UAAA,EAAY,SAAA,EAAW,UAAU,YAAA;AAAa,GACzD,GAAIA,SAAA;AAAA,IACF;AAAA,MACE,IAAA,EAAM,IAAA;AAAA,MACN,KAAA,EAAO;AAAA,QACL,UAAA,EAAY,EAAE,IAAA,EAAM,MAAA,EAAQ,aAAa,kBAAA,EAAmB;AAAA,QAC5D,SAAA,EAAW;AAAA,UACT,IAAA,EAAM,OAAA;AAAA,UACN,WAAA,EAAa;AAAA,SACf;AAAA,QACA,QAAA,EAAU;AAAA,UACR,IAAA,EAAM,MAAA;AAAA,UACN,WAAA,EAAa;AAAA;AACf;AACF,KACF;AAAA,IACA,MAAA;AAAA,IACA;AAAA,GACF;AAEA,EAAA,MAAM,EAAE,SAAA,EAAW,QAAA,EAAS,GAAI,MAAMC,uBAAA,EAAgB;AAEtD,EAAA,IAAI,cAAA;AACJ,EAAA,IAAI,YAAA;AAEJ,EAAA,IAAI,YAAA,EAAc;AAChB,IAAA,YAAA,GAAe,YAAA;AACf,IAAA,MAAM,iBAAiB,SAAA,CAAU,IAAA,CAAK,CAAA,CAAA,KAAK,CAAA,CAAE,SAAS,YAAY,CAAA;AAClE,IAAA,IAAI,cAAA,EAAgB;AAClB,MAAA,cAAA,GAAiB,YAAA,CAAa,UAAU,CAAA,IAAK,cAAA,CAAe,OAAA;AAAA,IAC9D,CAAA,MAAO;AACL,MAAA,cAAA,GAAiB,YAAA,CAAa,UAAU,CAAA,IAAM,MAAM,WAAA,EAAY;AAAA,IAClE;AAAA,EACF,WAAW,UAAA,EAAY;AACrB,IAAA,cAAA,GAAiB,aAAa,UAAU,CAAA;AACxC,IAAA,YAAA,GAAe,mBAAmB,cAAc,CAAA;AAAA,EAClD,CAAA,MAAA,IAAW,SAAA,CAAU,MAAA,GAAS,CAAA,EAAG;AAC/B,IAAA,MAAM,MAAA,GAAS,MAAM,iBAAA,CAAkB,SAAA,EAAW,QAAQ,CAAA;AAC1D,IAAA,IAAI,WAAW,SAAA,EAAW;AACxB,MAAA,cAAA,GAAiB,MAAM,WAAA,EAAY;AACnC,MAAA,YAAA,GAAe,mBAAmB,cAAc,CAAA;AAAA,IAClD,CAAA,MAAO;AACL,MAAA,MAAM,iBAAiB,SAAA,CAAU,IAAA,CAAK,CAAA,CAAA,KAAK,CAAA,CAAE,SAAS,MAAM,CAAA;AAC5D,MAAA,IAAI,CAAC,cAAA,EAAgB;AACnB,QAAA,MAAM,IAAI,MAAM,oBAAoB,CAAA;AAAA,MACtC;AACA,MAAA,cAAA,GAAiB,cAAA,CAAe,OAAA;AAChC,MAAA,YAAA,GAAe,cAAA,CAAe,IAAA;AAAA,IAChC;AAAA,EACF,CAAA,MAAO;AACL,IAAA,cAAA,GAAiB,MAAM,WAAA,EAAY;AACnC,IAAA,YAAA,GAAe,mBAAmB,cAAc,CAAA;AAAA,EAClD;AAEA,EAAA,MAAM,WAAA,GAAc,GAAG,cAAc,CAAA,SAAA,CAAA;AACrC,EAAA,MAAM,QAAA,GAAW,GAAG,WAAW,CAAA,kCAAA,CAAA;AAE/B,EAAA,MAAM,gBAAA,GAAmB,MAAM,KAAA,CAAM,QAAA,EAAU;AAAA,IAC7C,MAAA,EAAQ,WAAA,CAAY,OAAA,CAAQ,GAAM;AAAA,GACnC,CAAA;AACD,EAAA,IAAI,CAAC,iBAAiB,EAAA,EAAI;AACxB,IAAA,MAAM,IAAI,KAAA;AAAA,MACR,CAAA,kFAAA;AAAA,KACF;AAAA,EACF;AAEA,EAAA,MAAM,EAAE,QAAA,EAAU,SAAA,EAAW,KAAA,KAAU,eAAA,EAAgB;AACvD,EAAA,MAAM,QAAA,GAAW,MAAMC,+BAAA,CAAoB,EAAE,OAAO,CAAA;AAEpD,EAAA,IAAI;AACF,IAAA,MAAM,eAAe,iBAAA,CAAkB;AAAA,MACrC,WAAA;AAAA,MACA,QAAA;AAAA,MACA,aAAa,QAAA,CAAS,GAAA;AAAA,MACtB,KAAA;AAAA,MACA;AAAA,KACD,CAAA;AAED,IAAA,MAAM,kBAAA,CAAmB,cAAc,SAAS,CAAA;AAEhD,IAAA,MAAM,IAAA,GAAO,MAAM,wBAAA,CAAyB,QAAA,EAAU,KAAK,CAAA;AAE3D,IAAA,MAAM,KAAA,GAAQ,MAAM,yBAAA,CAA0B;AAAA,MAC5C,WAAA;AAAA,MACA,IAAA;AAAA,MACA,aAAa,QAAA,CAAS,GAAA;AAAA,MACtB;AAAA,KACD,CAAA;AAED,IAAA,MAAM,eAAA,CAAgB;AAAA,MACpB,YAAA;AAAA,MACA,cAAA;AAAA,MACA,QAAA;AAAA,MACA;AAAA,KACD,CAAA;AAED,IAAA,OAAA,CAAQ,MAAA,CAAO,MAAM,oBAAoB,CAAA;AAAA,EAC3C,CAAA,SAAE;AACA,IAAA,MAAM,SAAS,KAAA,EAAM;AAAA,EACvB;AACF,CAAA;AAEA,eAAe,iBAAA,CACb,WACA,QAAA,EACiB;AACjB,EAAA,MAAM,OAAA,GAAU,SAAA,CAAU,GAAA,CAAI,CAAA,CAAA,MAAM;AAAA,IAClC,IAAA,EAAM,CAAA,EAAG,CAAA,CAAE,IAAA,KAAS,QAAA,EAAU,IAAA,GAAO,IAAA,GAAO,IAAI,CAAA,EAAG,CAAA,CAAE,IAAI,CAAA,EAAA,EAAK,EAAE,OAAO,CAAA,CAAA,CAAA;AAAA,IACvE,OAAO,CAAA,CAAE;AAAA,GACX,CAAE,CAAA;AAEF,EAAA,OAAA,CAAQ,IAAA,CAAK;AAAA,IACX,IAAA,EAAM,qBAAA;AAAA,IACN,KAAA,EAAO;AAAA,GACR,CAAA;AAED,EAAA,MAAM,EAAE,MAAA,EAAO,GAAI,MAAMC,0BAAS,MAAA,CAA2B;AAAA,IAC3D;AAAA,MACE,IAAA,EAAM,MAAA;AAAA,MACN,IAAA,EAAM,QAAA;AAAA,MACN,OAAA,EAAS,kCAAA;AAAA,MACT,OAAA;AAAA,MACA,OAAA,EAAS,UAAU,IAAA,IAAQ;AAAA;AAC7B,GACD,CAAA;AAED,EAAA,OAAO,MAAA;AACT;AAEA,eAAe,WAAA,GAAc;AAC3B,EAAA,MAAM,GAAA,GAAM,QAAQ,GAAA,EAAI;AACxB,EAAA,MAAM,aAAmD,EAAC;AAE1D,EAAA,MAAM,QAAA,GAAW;AAAA,IACf,iBAAA;AAAA,IACA,mBAAA;AAAA,IACA,4BAAA;AAAA,IACA;AAAA,GACF;AACA,EAAA,MAAM,KAAA,GAAQ,QAAA,CAAS,OAAA,CAAQ,CAAA,CAAA,KAAKC,qBAAA,CAAK,IAAA,CAAK,CAAA,EAAG,EAAE,GAAA,EAAK,KAAA,EAAO,IAAA,EAAM,CAAC,CAAA;AACtE,EAAA,KAAA,MAAW,QAAQ,KAAA,EAAO;AACxB,IAAA,IAAI;AACF,MAAA,MAAM,OAAA,GAAU,MAAMC,mBAAA,CAAG,QAAA,CAASC,sBAAK,OAAA,CAAQ,GAAA,EAAK,IAAI,CAAA,EAAG,MAAM,CAAA;AACjE,MAAA,MAAM,GAAA,GAAMC,qBAAA,CAAK,KAAA,CAAM,OAAO,CAAA;AAC9B,MAAA,MAAM,GAAA,GAAM,KAAK,OAAA,EAAS,OAAA;AAC1B,MAAA,IAAI,GAAA,EAAK;AACP,QAAA,UAAA,CAAW,KAAK,EAAE,GAAA,EAAK,aAAa,GAAG,CAAA,EAAG,MAAM,CAAA;AAAA,MAClD;AAAA,IACF,CAAA,CAAA,MAAQ;AAAA,IAER;AAAA,EACF;AAEA,EAAA,MAAM,OAAO,CAAC,GAAG,IAAI,GAAA,CAAI,WAAW,GAAA,CAAI,CAAA,CAAA,KAAK,CAAC,CAAA,CAAE,KAAK,CAAC,CAAC,CAAC,CAAA,CAAE,QAAQ,CAAA;AAClE,EAAA,IAAI,IAAA,CAAK,WAAW,CAAA,EAAG;AACrB,IAAA,MAAM,EAAE,MAAA,EAAO,GAAI,MAAMJ,0BAAS,MAAA,CAA2B;AAAA,MAC3D,EAAE,IAAA,EAAM,OAAA,EAAS,IAAA,EAAM,QAAA,EAAU,SAAS,wBAAA;AAAyB,KACpE,CAAA;AACD,IAAA,OAAO,aAAa,MAAM,CAAA;AAAA,EAC5B;AACA,EAAA,IAAI,IAAA,CAAK,WAAW,CAAA,EAAG;AACrB,IAAA,OAAO,IAAA,CAAK,CAAC,CAAA,CAAE,GAAA;AAAA,EACjB;AAEA,EAAA,MAAM,EAAE,MAAA,EAAO,GAAI,MAAMA,0BAAS,MAAA,CAA2B;AAAA,IAC3D;AAAA,MACE,IAAA,EAAM,MAAA;AAAA,MACN,IAAA,EAAM,QAAA;AAAA,MACN,OAAA,EAAS,yBAAA;AAAA,MACT,OAAA,EAAS;AAAA,QACP,GAAG,IAAA,CAAK,GAAA,CAAI,CAAA,CAAA,MAAM,EAAE,MAAM,CAAA,EAAG,CAAA,CAAE,GAAG,CAAA,EAAA,EAAK,EAAE,IAAI,CAAA,CAAA,CAAA,EAAK,KAAA,EAAO,CAAA,CAAE,KAAI,CAAE,CAAA;AAAA,QACjE,EAAE,IAAA,EAAM,gBAAA,EAAkB,KAAA,EAAO,YAAA;AAAa;AAChD;AACF,GACD,CAAA;AACD,EAAA,IAAI,WAAW,YAAA,EAAc;AAC3B,IAAA,MAAM,EAAE,MAAA,EAAO,GAAI,MAAMA,0BAAS,MAAA,CAA2B;AAAA,MAC3D,EAAE,IAAA,EAAM,OAAA,EAAS,IAAA,EAAM,QAAA,EAAU,SAAS,wBAAA;AAAyB,KACpE,CAAA;AACD,IAAA,OAAO,aAAa,MAAM,CAAA;AAAA,EAC5B;AACA,EAAA,OAAO,MAAA;AACT;AAIA,SAAS,aAAa,CAAA,EAA2C;AAC/D,EAAA,IAAI,MAAM,MAAA,EAAW;AACnB,IAAA,OAAO,MAAA;AAAA,EACT;AACA,EAAA,IAAI;AACF,IAAA,MAAM,GAAA,GAAM,IAAI,GAAA,CAAI,CAAC,CAAA;AACrB,IAAA,OAAO,GAAA,CAAI,QAAA,EAAS,CAAE,OAAA,CAAQ,OAAO,EAAE,CAAA;AAAA,EACzC,CAAA,CAAA,MAAQ;AACN,IAAA,MAAM,IAAI,KAAA,CAAM,CAAA,CAAA,EAAI,CAAC,CAAA,oBAAA,CAAsB,CAAA;AAAA,EAC7C;AACF;AAEA,SAAS,mBAAmB,GAAA,EAAqB;AAC/C,EAAA,OAAO,IAAI,GAAA,CAAI,GAAG,CAAA,CAAE,IAAA;AACtB;AAEA,SAAS,eAAA,GAAkB;AACzB,EAAA,MAAM,WAAWK,qBAAA,EAAiB;AAClC,EAAA,MAAM,SAAA,GAAYC,2BAAsB,QAAQ,CAAA;AAChD,EAAA,MAAM,QAAQ,YAAA,EAAa;AAC3B,EAAA,OAAO,EAAE,QAAA,EAAU,SAAA,EAAW,KAAA,EAAM;AACtC;AAEA,SAAS,kBAAkB,OAAA,EAMhB;AACT,EAAA,MAAM,EAAE,WAAA,EAAa,QAAA,EAAU,WAAA,EAAa,KAAA,EAAO,WAAU,GAAI,OAAA;AACjE,EAAA,MAAM,SAAA,GAAY,IAAI,GAAA,CAAI,CAAA,EAAG,WAAW,CAAA,aAAA,CAAe,CAAA;AACvD,EAAA,SAAA,CAAU,YAAA,CAAa,GAAA,CAAI,WAAA,EAAa,QAAQ,CAAA;AAChD,EAAA,SAAA,CAAU,YAAA,CAAa,GAAA,CAAI,cAAA,EAAgB,WAAW,CAAA;AACtD,EAAA,SAAA,CAAU,YAAA,CAAa,GAAA,CAAI,eAAA,EAAiB,MAAM,CAAA;AAClD,EAAA,SAAA,CAAU,YAAA,CAAa,GAAA,CAAI,OAAA,EAAS,uBAAuB,CAAA;AAC3D,EAAA,SAAA,CAAU,YAAA,CAAa,GAAA,CAAI,OAAA,EAAS,KAAK,CAAA;AACzC,EAAA,SAAA,CAAU,YAAA,CAAa,GAAA,CAAI,gBAAA,EAAkB,SAAS,CAAA;AACtD,EAAA,SAAA,CAAU,YAAA,CAAa,GAAA,CAAI,uBAAA,EAAyB,MAAM,CAAA;AAC1D,EAAA,OAAO,UAAU,QAAA,EAAS;AAC5B;AAEA,eAAe,kBAAA,CAAmB,KAAa,SAAA,EAAqB;AAClE,EAAA,IAAI,SAAA,EAAW;AACb,IAAA,OAAA,CAAQ,MAAA,CAAO,KAAA,CAAM,CAAA,2BAAA,EAA8B,GAAG;AAAA,CAAI,CAAA;AAAA,EAC5D,CAAA,MAAO;AACL,IAAA,OAAA,CAAQ,MAAA,CAAO,KAAA,CAAM,CAAA,2BAAA,EAA8B,GAAG;AAAA,CAAI,CAAA;AAC1D,IAAA,aAAA,CAAc,GAAG,CAAA;AAAA,EACnB;AACF;AAEA,eAAe,wBAAA,CACb,UACA,aAAA,EACA;AACA,EAAA,MAAM,EAAE,IAAA,EAAM,KAAA,EAAM,GAAI,MAAM,SAAS,WAAA,EAAY;AACnD,EAAA,IAAI,UAAU,aAAA,EAAe;AAC3B,IAAA,MAAM,IAAI,MAAM,gBAAgB,CAAA;AAAA,EAClC;AACA,EAAA,OAAO,IAAA;AACT;AAEA,eAAe,0BAA0B,OAAA,EAKtC;AACD,EAAA,MAAM,EAAE,WAAA,EAAa,IAAA,EAAM,WAAA,EAAa,UAAS,GAAI,OAAA;AACrD,EAAA,OAAO,MAAMC,aAAA,CAMV,CAAA,EAAG,WAAW,CAAA,SAAA,CAAA,EAAa;AAAA,IAC5B,MAAA,EAAQ,MAAA;AAAA,IACR,IAAA,EAAM;AAAA,MACJ,UAAA,EAAY,oBAAA;AAAA,MACZ,IAAA;AAAA,MACA,YAAA,EAAc,WAAA;AAAA,MACd,aAAA,EAAe;AAAA,KACjB;AAAA,IACA,MAAA,EAAQ,WAAA,CAAY,OAAA,CAAQ,yBAAyB;AAAA,GACtD,CAAA;AACH;AAEA,eAAe,gBAAgB,OAAA,EAK5B;AACD,EAAA,MAAM,EAAE,YAAA,EAAc,cAAA,EAAgB,QAAA,EAAU,OAAM,GAAI,OAAA;AAC1D,EAAA,MAAMC,aAAA,GAAc,MAAMC,0BAAA,EAAe;AACzC,EAAA,MAAMC,yBAAiB,YAAY;AACjC,IAAA,MAAM,OAAA,GAAU,+BAA+B,YAAY,CAAA,CAAA;AAC3D,IAAA,MAAMF,aAAA,CAAY,GAAA,CAAI,OAAA,EAAS,aAAA,EAAe,MAAM,YAAY,CAAA;AAChE,IAAA,IAAI,MAAM,aAAA,EAAe;AACvB,MAAA,MAAMA,aAAA,CAAY,GAAA,CAAI,OAAA,EAAS,cAAA,EAAgB,MAAM,aAAa,CAAA;AAAA,IACpE,CAAA,MAAO;AACL,MAAA,OAAA,CAAQ,MAAA,CAAO,KAAA;AAAA,QACb;AAAA,OACF;AAAA,IACF;AACA,IAAA,IAAI,QAAA;AACJ,IAAA,IAAI;AACF,MAAA,QAAA,GAAW,MAAMG,0BAAkB,YAAY,CAAA;AAAA,IACjD,CAAA,CAAA,MAAQ;AAAA,IAER;AACA,IAAA,MAAMC,sBAAA,CAAe;AAAA,MACnB,IAAA,EAAM,YAAA;AAAA,MACN,OAAA,EAAS,cAAA;AAAA,MACT,QAAA;AAAA,MACA,QAAA,EAAU,KAAK,GAAA,EAAI;AAAA,MACnB,oBAAA,EAAsB,IAAA,CAAK,GAAA,EAAI,GAAI,MAAM,UAAA,GAAa,GAAA;AAAA,MACtD,UAAU,QAAA,EAAU;AAAA,KACrB,CAAA;AAAA,EACH,CAAC,CAAA;AACH;AAEA,SAAS,YAAA,GAAuB;AAC9B,EAAA,OAAOC,uBAAA,CAAO,WAAA,CAAY,EAAE,CAAA,CAAE,SAAS,KAAK,CAAA;AAC9C;AAGO,SAAS,cAAc,GAAA,EAAmB;AAC/C,EAAA,MAAM,WAAA,GAAc,CAAC,KAAA,KAAmB;AACtC,IAAA,MAAM,OAAA,GAAU,KAAA,YAAiB,KAAA,GAAQ,KAAA,CAAM,OAAA,GAAU,eAAA;AACzD,IAAA,OAAA,CAAQ,MAAA,CAAO,KAAA;AAAA,MACb,kDAAkD,OAAO;AAAA;AAAA,KAC3D;AACA,IAAA,OAAA,CAAQ,MAAA,CAAO,KAAA,CAAM,CAAA,+BAAA,EAAkC,GAAG;AAAA,CAAI,CAAA;AAAA,EAChE,CAAA;AAEA,EAAA,MAAM,SAAA,GAAY,EAAE,QAAA,EAAU,IAAA,EAAM,OAAO,QAAA,EAAS;AACpD,EAAA,IAAI,KAAA;AACJ,EAAA,IAAI;AACF,IAAA,IAAI,OAAA,CAAQ,aAAa,QAAA,EAAU;AACjC,MAAA,KAAA,GAAQC,wBAAA,CAAM,MAAA,EAAQ,CAAC,GAAG,GAAG,SAAS,CAAA;AAAA,IACxC,CAAA,MAAA,IAAW,OAAA,CAAQ,QAAA,KAAa,OAAA,EAAS;AACvC,MAAA,KAAA,GAAQA,wBAAA;AAAA,QACN,YAAA;AAAA,QACA,CAAC,YAAY,CAAA,eAAA,EAAkB,GAAA,CAAI,QAAQ,IAAA,EAAM,IAAI,CAAC,CAAA,CAAA,CAAG,CAAA;AAAA,QACzD;AAAA,OACF;AAAA,IACF,CAAA,MAAO;AACL,MAAA,KAAA,GAAQA,wBAAA,CAAM,UAAA,EAAY,CAAC,GAAG,GAAG,SAAS,CAAA;AAAA,IAC5C;AACA,IAAA,KAAA,CAAM,KAAA,EAAM;AACZ,IAAA,KAAA,CAAM,EAAA,CAAG,SAAS,WAAW,CAAA;AAAA,EAC/B,SAAS,KAAA,EAAO;AACd,IAAA,WAAA,CAAY,KAAK,CAAA;AAAA,EACnB;AACF;;;;;"}

package/dist/commands/logout.cjs.js ADDED Viewed

@@ -0,0 +1,55 @@
+'use strict';
+Object.defineProperty(exports, '__esModule', { value: true });
+var cleye = require('cleye');
+var secretStore = require('../lib/secretStore.cjs.js');
+var storage = require('../lib/storage.cjs.js');
+var http = require('../lib/http.cjs.js');
+var prompt = require('../lib/prompt.cjs.js');
+var logout = async ({ args, info }) => {
+  const {
+    flags: { instance: instanceFlag }
+  } = cleye.cli(
+    {
+      help: info,
+      flags: {
+        instance: {
+          type: String,
+          description: "Name of the instance to log out"
+        }
+      }
+    },
+    void 0,
+    args
+  );
+  const { name: instanceName } = await prompt.pickInstance(instanceFlag);
+  await storage.withMetadataLock(async () => {
+    const instance = await storage.getInstanceByName(instanceName);
+    const secretStore$1 = await secretStore.getSecretStore();
+    const service = `backstage-cli:auth-instance:${instanceName}`;
+    const refreshToken = await secretStore$1.get(service, "refreshToken") ?? "";
+    if (refreshToken) {
+      try {
+        const authBaseUrl = new URL("/api/auth", instance.baseUrl).toString().replace(/\/$/, "");
+        await http.httpJson(`${authBaseUrl}/v1/revoke`, {
+          method: "POST",
+          body: {
+            token: refreshToken,
+            token_type_hint: "refresh_token"
+          },
+          signal: AbortSignal.timeout(3e4)
+        });
+      } catch {
+      }
+    }
+    await secretStore$1.delete(service, "accessToken");
+    await secretStore$1.delete(service, "refreshToken");
+    await storage.removeInstance(instance.name);
+  });
+  process.stdout.write("Logged out\n");
+};
+exports.default = logout;
+//# sourceMappingURL=logout.cjs.js.map

package/dist/commands/logout.cjs.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"logout.cjs.js","sources":["../../src/commands/logout.ts"],"sourcesContent":["/*\n * Copyright 2025 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { cli } from 'cleye';\nimport type { CliCommandContext } from '@backstage/cli-node';\nimport { getSecretStore } from '../lib/secretStore';\nimport {\n removeInstance,\n withMetadataLock,\n getInstanceByName,\n} from '../lib/storage';\nimport { httpJson } from '../lib/http';\nimport { pickInstance } from '../lib/prompt';\n\nexport default async ({ args, info }: CliCommandContext) => {\n const {\n flags: { instance: instanceFlag },\n } = cli(\n {\n help: info,\n flags: {\n instance: {\n type: String,\n description: 'Name of the instance to log out',\n },\n },\n },\n undefined,\n args,\n );\n\n const { name: instanceName } = await pickInstance(instanceFlag);\n\n await withMetadataLock(async () => {\n const instance = await getInstanceByName(instanceName);\n const secretStore = await getSecretStore();\n const service = `backstage-cli:auth-instance:${instanceName}`;\n const refreshToken = (await secretStore.get(service, 'refreshToken')) ?? '';\n\n if (refreshToken) {\n try {\n const authBaseUrl = new URL('/api/auth', instance.baseUrl)\n .toString()\n .replace(/\\/$/, '');\n await httpJson(`${authBaseUrl}/v1/revoke`, {\n method: 'POST',\n body: {\n token: refreshToken,\n token_type_hint: 'refresh_token',\n },\n signal: AbortSignal.timeout(30_000),\n });\n } catch {\n // ignore errors per RFC 7009\n }\n }\n\n await secretStore.delete(service, 'accessToken');\n await secretStore.delete(service, 'refreshToken');\n await removeInstance(instance.name);\n });\n\n process.stdout.write('Logged out\\n');\n};\n"],"names":["cli","pickInstance","withMetadataLock","getInstanceByName","secretStore","getSecretStore","httpJson","removeInstance"],"mappings":";;;;;;;;;;AA2BA,aAAe,OAAO,EAAE,IAAA,EAAM,IAAA,EAAK,KAAyB;AAC1D,EAAA,MAAM;AAAA,IACJ,KAAA,EAAO,EAAE,QAAA,EAAU,YAAA;AAAa,GAClC,GAAIA,SAAA;AAAA,IACF;AAAA,MACE,IAAA,EAAM,IAAA;AAAA,MACN,KAAA,EAAO;AAAA,QACL,QAAA,EAAU;AAAA,UACR,IAAA,EAAM,MAAA;AAAA,UACN,WAAA,EAAa;AAAA;AACf;AACF,KACF;AAAA,IACA,MAAA;AAAA,IACA;AAAA,GACF;AAEA,EAAA,MAAM,EAAE,IAAA,EAAM,YAAA,EAAa,GAAI,MAAMC,oBAAa,YAAY,CAAA;AAE9D,EAAA,MAAMC,yBAAiB,YAAY;AACjC,IAAA,MAAM,QAAA,GAAW,MAAMC,yBAAA,CAAkB,YAAY,CAAA;AACrD,IAAA,MAAMC,aAAA,GAAc,MAAMC,0BAAA,EAAe;AACzC,IAAA,MAAM,OAAA,GAAU,+BAA+B,YAAY,CAAA,CAAA;AAC3D,IAAA,MAAM,eAAgB,MAAMD,aAAA,CAAY,GAAA,CAAI,OAAA,EAAS,cAAc,CAAA,IAAM,EAAA;AAEzE,IAAA,IAAI,YAAA,EAAc;AAChB,MAAA,IAAI;AACF,QAAA,MAAM,WAAA,GAAc,IAAI,GAAA,CAAI,WAAA,EAAa,QAAA,CAAS,OAAO,CAAA,CACtD,QAAA,EAAS,CACT,OAAA,CAAQ,KAAA,EAAO,EAAE,CAAA;AACpB,QAAA,MAAME,aAAA,CAAS,CAAA,EAAG,WAAW,CAAA,UAAA,CAAA,EAAc;AAAA,UACzC,MAAA,EAAQ,MAAA;AAAA,UACR,IAAA,EAAM;AAAA,YACJ,KAAA,EAAO,YAAA;AAAA,YACP,eAAA,EAAiB;AAAA,WACnB;AAAA,UACA,MAAA,EAAQ,WAAA,CAAY,OAAA,CAAQ,GAAM;AAAA,SACnC,CAAA;AAAA,MACH,CAAA,CAAA,MAAQ;AAAA,MAER;AAAA,IACF;AAEA,IAAA,MAAMF,aAAA,CAAY,MAAA,CAAO,OAAA,EAAS,aAAa,CAAA;AAC/C,IAAA,MAAMA,aAAA,CAAY,MAAA,CAAO,OAAA,EAAS,cAAc,CAAA;AAChD,IAAA,MAAMG,sBAAA,CAAe,SAAS,IAAI,CAAA;AAAA,EACpC,CAAC,CAAA;AAED,EAAA,OAAA,CAAQ,MAAA,CAAO,MAAM,cAAc,CAAA;AACrC,CAAA;;;;"}

package/dist/commands/printToken.cjs.js ADDED Viewed

@@ -0,0 +1,41 @@
+'use strict';
+Object.defineProperty(exports, '__esModule', { value: true });
+var cleye = require('cleye');
+var auth = require('../lib/auth.cjs.js');
+var storage = require('../lib/storage.cjs.js');
+var secretStore = require('../lib/secretStore.cjs.js');
+var printToken = async ({ args, info }) => {
+  const {
+    flags: { instance: instanceFlag }
+  } = cleye.cli(
+    {
+      help: info,
+      flags: {
+        instance: {
+          type: String,
+          description: "Name of the instance to use"
+        }
+      }
+    },
+    void 0,
+    args
+  );
+  let instance = await storage.getSelectedInstance(instanceFlag);
+  if (auth.accessTokenNeedsRefresh(instance)) {
+    instance = await auth.refreshAccessToken(instance.name);
+  }
+  const secretStore$1 = await secretStore.getSecretStore();
+  const service = `backstage-cli:auth-instance:${instance.name}`;
+  const accessToken = await secretStore$1.get(service, "accessToken");
+  if (!accessToken) {
+    throw new Error('No access token found. Run "auth login" to authenticate.');
+  }
+  process.stdout.write(`${accessToken}
+`);
+};
+exports.default = printToken;
+//# sourceMappingURL=printToken.cjs.js.map

package/dist/commands/printToken.cjs.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"printToken.cjs.js","sources":["../../src/commands/printToken.ts"],"sourcesContent":["/*\n * Copyright 2025 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { cli } from 'cleye';\nimport type { CliCommandContext } from '@backstage/cli-node';\nimport { accessTokenNeedsRefresh, refreshAccessToken } from '../lib/auth';\nimport { getSelectedInstance } from '../lib/storage';\nimport { getSecretStore } from '../lib/secretStore';\n\nexport default async ({ args, info }: CliCommandContext) => {\n const {\n flags: { instance: instanceFlag },\n } = cli(\n {\n help: info,\n flags: {\n instance: {\n type: String,\n description: 'Name of the instance to use',\n },\n },\n },\n undefined,\n args,\n );\n\n let instance = await getSelectedInstance(instanceFlag);\n\n if (accessTokenNeedsRefresh(instance)) {\n instance = await refreshAccessToken(instance.name);\n }\n\n const secretStore = await getSecretStore();\n const service = `backstage-cli:auth-instance:${instance.name}`;\n const accessToken = await secretStore.get(service, 'accessToken');\n if (!accessToken) {\n throw new Error('No access token found. Run \"auth login\" to authenticate.');\n }\n\n process.stdout.write(`${accessToken}\\n`);\n};\n"],"names":["cli","getSelectedInstance","accessTokenNeedsRefresh","refreshAccessToken","secretStore","getSecretStore"],"mappings":";;;;;;;;;AAsBA,iBAAe,OAAO,EAAE,IAAA,EAAM,IAAA,EAAK,KAAyB;AAC1D,EAAA,MAAM;AAAA,IACJ,KAAA,EAAO,EAAE,QAAA,EAAU,YAAA;AAAa,GAClC,GAAIA,SAAA;AAAA,IACF;AAAA,MACE,IAAA,EAAM,IAAA;AAAA,MACN,KAAA,EAAO;AAAA,QACL,QAAA,EAAU;AAAA,UACR,IAAA,EAAM,MAAA;AAAA,UACN,WAAA,EAAa;AAAA;AACf;AACF,KACF;AAAA,IACA,MAAA;AAAA,IACA;AAAA,GACF;AAEA,EAAA,IAAI,QAAA,GAAW,MAAMC,2BAAA,CAAoB,YAAY,CAAA;AAErD,EAAA,IAAIC,4BAAA,CAAwB,QAAQ,CAAA,EAAG;AACrC,IAAA,QAAA,GAAW,MAAMC,uBAAA,CAAmB,QAAA,CAAS,IAAI,CAAA;AAAA,EACnD;AAEA,EAAA,MAAMC,aAAA,GAAc,MAAMC,0BAAA,EAAe;AACzC,EAAA,MAAM,OAAA,GAAU,CAAA,4BAAA,EAA+B,QAAA,CAAS,IAAI,CAAA,CAAA;AAC5D,EAAA,MAAM,WAAA,GAAc,MAAMD,aAAA,CAAY,GAAA,CAAI,SAAS,aAAa,CAAA;AAChE,EAAA,IAAI,CAAC,WAAA,EAAa;AAChB,IAAA,MAAM,IAAI,MAAM,0DAA0D,CAAA;AAAA,EAC5E;AAEA,EAAA,OAAA,CAAQ,MAAA,CAAO,KAAA,CAAM,CAAA,EAAG,WAAW;AAAA,CAAI,CAAA;AACzC,CAAA;;;;"}

package/dist/commands/select.cjs.js ADDED Viewed

@@ -0,0 +1,32 @@
+'use strict';
+Object.defineProperty(exports, '__esModule', { value: true });
+var cleye = require('cleye');
+var storage = require('../lib/storage.cjs.js');
+var prompt = require('../lib/prompt.cjs.js');
+var select = async ({ args, info }) => {
+  const {
+    flags: { instance: instanceFlag }
+  } = cleye.cli(
+    {
+      help: info,
+      flags: {
+        instance: {
+          type: String,
+          description: "Name of the instance to select"
+        }
+      }
+    },
+    void 0,
+    args
+  );
+  const instance = await prompt.pickInstance(instanceFlag);
+  await storage.setSelectedInstance(instance.name);
+  process.stderr.write(`Selected instance '${instance.name}'
+`);
+};
+exports.default = select;
+//# sourceMappingURL=select.cjs.js.map

package/dist/commands/select.cjs.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"select.cjs.js","sources":["../../src/commands/select.ts"],"sourcesContent":["/*\n * Copyright 2025 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { cli } from 'cleye';\nimport type { CliCommandContext } from '@backstage/cli-node';\nimport { setSelectedInstance } from '../lib/storage';\nimport { pickInstance } from '../lib/prompt';\n\nexport default async ({ args, info }: CliCommandContext) => {\n const {\n flags: { instance: instanceFlag },\n } = cli(\n {\n help: info,\n flags: {\n instance: {\n type: String,\n description: 'Name of the instance to select',\n },\n },\n },\n undefined,\n args,\n );\n\n const instance = await pickInstance(instanceFlag);\n\n await setSelectedInstance(instance.name);\n process.stderr.write(`Selected instance '${instance.name}'\\n`);\n};\n"],"names":["cli","pickInstance","setSelectedInstance"],"mappings":";;;;;;;;AAqBA,aAAe,OAAO,EAAE,IAAA,EAAM,IAAA,EAAK,KAAyB;AAC1D,EAAA,MAAM;AAAA,IACJ,KAAA,EAAO,EAAE,QAAA,EAAU,YAAA;AAAa,GAClC,GAAIA,SAAA;AAAA,IACF;AAAA,MACE,IAAA,EAAM,IAAA;AAAA,MACN,KAAA,EAAO;AAAA,QACL,QAAA,EAAU;AAAA,UACR,IAAA,EAAM,MAAA;AAAA,UACN,WAAA,EAAa;AAAA;AACf;AACF,KACF;AAAA,IACA,MAAA;AAAA,IACA;AAAA,GACF;AAEA,EAAA,MAAM,QAAA,GAAW,MAAMC,mBAAA,CAAa,YAAY,CAAA;AAEhD,EAAA,MAAMC,2BAAA,CAAoB,SAAS,IAAI,CAAA;AACvC,EAAA,OAAA,CAAQ,MAAA,CAAO,KAAA,CAAM,CAAA,mBAAA,EAAsB,QAAA,CAAS,IAAI,CAAA;AAAA,CAAK,CAAA;AAC/D,CAAA;;;;"}