npm - @backstage/plugin-auth-backend-module-aws-alb-provider - Versions diffs - 0.1.15-next.3 → 0.1.16 - Mend

@backstage/plugin-auth-backend-module-aws-alb-provider 0.1.15-next.3 → 0.1.16

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

package/CHANGELOG.md CHANGED Viewed

@@ -1,5 +1,47 @@
 # @backstage/plugin-auth-backend-module-aws-alb-provider
+## 0.1.16
+### Patch Changes
+- 17c9d35: Fix a bug where the signer was checked from the payload instead of the header
+- Updated dependencies
+  - @backstage/plugin-auth-backend@0.22.11
+## 0.1.15
+### Patch Changes
+- c8f1cae: Add `signIn` to authentication provider configuration schema
+- 4ea354f: Added a `signer` configuration option to validate against the token claims. We strongly recommend that you set this value (typically on the format `arn:aws:elasticloadbalancing:us-east-2:123456789012:loadbalancer/app/my-load-balancer/1234567890123456`) to ensure that the auth provider can safely check the authenticity of any incoming tokens.
+  Example:
+  ```diff
+   auth:
+     providers:
+       awsalb:
+         # this is the URL of the IdP you configured
+         issuer: 'https://example.okta.com/oauth2/default'
+         # this is the ARN of your ALB instance
+  +      signer: 'arn:aws:elasticloadbalancing:us-east-2:123456789012:loadbalancer/app/my-load-balancer/1234567890123456'
+         # this is the region where your ALB instance resides
+         region: 'us-west-2'
+         signIn:
+           resolvers:
+             # typically you would pick one of these
+             - resolver: emailMatchingUserEntityProfileEmail
+             - resolver: emailLocalPartMatchingUserEntityName
+  ```
+- 93095ee: Make sure node-fetch is version 2.7.0 or greater
+- Updated dependencies
+  - @backstage/backend-plugin-api@0.8.0
+  - @backstage/backend-common@0.24.0
+  - @backstage/plugin-auth-backend@0.22.10
+  - @backstage/plugin-auth-node@0.5.0
+  - @backstage/errors@1.2.4
 ## 0.1.15-next.3
 ### Patch Changes

package/dist/index.cjs.js CHANGED Viewed

@@ -108,12 +108,13 @@ const awsAlbAuthenticator = pluginAuthNode.createProxyAuthenticator({
   },
   initialize({ config }) {
     const issuer = config.getString("issuer");
+    const signer = config.getOptionalString("signer");
     const region = config.getString("region");
     const keyCache = new NodeCache__default.default({ stdTTL: 3600 });
     const getKey = provisionKeyCache(region, keyCache);
-    return { issuer, getKey };
+    return { issuer, signer, getKey };
   },
-  async authenticate({ req }, { issuer, getKey }) {
+  async authenticate({ req }, { issuer, signer, getKey }) {
     const jwt = req.header(ALB_JWT_HEADER);
     const accessToken = req.header(ALB_ACCESS_TOKEN_HEADER);
     if (jwt === void 0) {
@@ -128,9 +129,12 @@ const awsAlbAuthenticator = pluginAuthNode.createProxyAuthenticator({
     }
     try {
       const verifyResult = await jose.jwtVerify(jwt, getKey);
+      const header = verifyResult.protectedHeader;
       const claims = verifyResult.payload;
-      if (issuer && claims?.iss !== issuer) {
+      if (claims?.iss !== issuer) {
         throw new errors.AuthenticationError("Issuer mismatch on JWT token");
+      } else if (signer && header?.signer !== signer) {
+        throw new errors.AuthenticationError("Signer mismatch on JWT token");
       }
       const fullProfile = {
         provider: "unknown",

package/dist/index.cjs.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"index.cjs.js","sources":["../src/helpers.ts","../src/authenticator.ts","../src/resolvers.ts","../src/module.ts"],"sourcesContent":["/\n Copyright 2023 The Backstage Authors\n \n Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n \n http://www.apache.org/licenses/LICENSE-2.0\n \n Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n /\nimport { KeyObject } from 'crypto';\nimport as crypto from 'crypto';\nimport { JWTHeaderParameters, decodeJwt } from 'jose';\nimport NodeCache from 'node-cache';\nimport fetch from 'node-fetch';\nimport { PassportProfile, ProfileInfo } from '@backstage/plugin-auth-node';\nimport { AuthenticationError } from '@backstage/errors';\n\nexport const makeProfileInfo = (\n profile: PassportProfile,\n idToken?: string,\n): ProfileInfo => {\n let email: string \| undefined = undefined;\n if (profile.emails && profile.emails.length > 0) {\n const [firstEmail] = profile.emails;\n email = firstEmail.value;\n }\n\n let picture: string \| undefined = undefined;\n if (profile.avatarUrl) {\n picture = profile.avatarUrl;\n } else if (profile.photos && profile.photos.length > 0) {\n const [firstPhoto] = profile.photos;\n picture = firstPhoto.value;\n }\n\n let displayName: string \| undefined =\n profile.displayName ?? profile.username ?? profile.id;\n\n if ((!email \|\| !picture \|\| !displayName) && idToken) {\n try {\n const decoded: Record<string, string> = decodeJwt(idToken) as {\n email?: string;\n picture?: string;\n name?: string;\n };\n if (!email && decoded.email) {\n email = decoded.email;\n }\n if (!picture && decoded.picture) {\n picture = decoded.picture;\n }\n if (!displayName && decoded.name) {\n displayName = decoded.name;\n }\n } catch (e) {\n throw new Error(`Failed to parse id token and get profile info, ${e}`);\n }\n }\n\n return {\n email,\n picture,\n displayName,\n };\n};\n\nconst getPublicKeyEndpoint = (region: string) => {\n if (region.startsWith('us-gov')) {\n return `https://s3-${encodeURIComponent(\n region,\n )}.amazonaws.com/aws-elb-public-keys-prod-${encodeURIComponent(region)}`;\n }\n\n return `https://public-keys.auth.elb.${encodeURIComponent(\n region,\n )}.amazonaws.com`;\n};\n\nexport const provisionKeyCache = (region: string, keyCache: NodeCache) => {\n return async (header: JWTHeaderParameters): Promise<KeyObject> => {\n if (!header.kid) {\n throw new AuthenticationError('No key id was specified in header');\n }\n const optionalCacheKey = keyCache.get<KeyObject>(header.kid);\n if (optionalCacheKey) {\n return crypto.createPublicKey(optionalCacheKey);\n }\n\n const keyText: string = await fetch(\n `${getPublicKeyEndpoint(region)}/${encodeURIComponent(header.kid)}`,\n ).then(response => response.text());\n\n const keyValue = crypto.createPublicKey(keyText);\n keyCache.set(header.kid, keyValue.export({ format: 'pem', type: 'spki' }));\n return keyValue;\n };\n};\n","/\n Copyright 2023 The Backstage Authors\n \n Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n \n http://www.apache.org/licenses/LICENSE-2.0\n \n Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n /\n\nimport { AuthenticationError } from '@backstage/errors';\nimport { AwsAlbClaims, AwsAlbResult } from './types';\nimport { jwtVerify } from 'jose';\nimport {\n PassportProfile,\n createProxyAuthenticator,\n} from '@backstage/plugin-auth-node';\nimport NodeCache from 'node-cache';\nimport { makeProfileInfo, provisionKeyCache } from './helpers';\n\nexport const ALB_JWT_HEADER = 'x-amzn-oidc-data';\nexport const ALB_ACCESS_TOKEN_HEADER = 'x-amzn-oidc-accesstoken';\n\n/* @public /\nexport const awsAlbAuthenticator = createProxyAuthenticator({\n defaultProfileTransform: async (result: AwsAlbResult) => {\n return {\n profile: makeProfileInfo(result.fullProfile, result.accessToken),\n };\n },\n initialize({ config }) {\n const issuer = config.getString('issuer');\n const region = config.getString('region');\n const keyCache = new NodeCache({ stdTTL: 3600 });\n const getKey = provisionKeyCache(region, keyCache);\n return { issuer, getKey };\n },\n async authenticate({ req }, { issuer, getKey }) {\n const jwt = req.header(ALB_JWT_HEADER);\n const accessToken = req.header(ALB_ACCESS_TOKEN_HEADER);\n\n if (jwt === undefined) {\n throw new AuthenticationError(\n `Missing ALB OIDC header: ${ALB_JWT_HEADER}`,\n );\n }\n\n if (accessToken === undefined) {\n throw new AuthenticationError(\n `Missing ALB OIDC header: ${ALB_ACCESS_TOKEN_HEADER}`,\n );\n }\n\n try {\n const verifyResult = await jwtVerify(jwt, getKey);\n const claims = verifyResult.payload as AwsAlbClaims;\n\n if (issuer && claims?.iss !== issuer) {\n throw new AuthenticationError('Issuer mismatch on JWT token');\n }\n\n const fullProfile: PassportProfile = {\n provider: 'unknown',\n id: claims.sub,\n displayName: claims.name,\n username: claims.email.split('@')[0].toLowerCase(),\n name: {\n familyName: claims.family_name,\n givenName: claims.given_name,\n },\n emails: [{ value: claims.email.toLowerCase() }],\n photos: [{ value: claims.picture }],\n };\n\n return {\n result: {\n fullProfile,\n accessToken: accessToken,\n expiresInSeconds: claims.exp,\n },\n providerInfo: {\n accessToken: accessToken,\n expiresInSeconds: claims.exp,\n },\n };\n } catch (e) {\n throw new Error(`Exception occurred during JWT processing: ${e}`);\n }\n },\n});\n","/\n * Copyright 2023 The Backstage Authors\n \n Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n \n http://www.apache.org/licenses/LICENSE-2.0\n \n Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n /\n\nimport {\n createSignInResolverFactory,\n SignInInfo,\n} from '@backstage/plugin-auth-node';\nimport { AwsAlbResult } from './types';\n/\n Available sign-in resolvers for the AWS ALB auth provider.\n \n @public\n /\nexport namespace awsAlbSignInResolvers {\n export const emailMatchingUserEntityProfileEmail =\n createSignInResolverFactory({\n create() {\n return async (info: SignInInfo<AwsAlbResult>, ctx) => {\n if (!info.result.fullProfile.emails) {\n throw new Error(\n 'Login failed, user profile does not contain an email',\n );\n }\n return ctx.signInWithCatalogUser({\n filter: {\n kind: ['User'],\n 'spec.profile.email': info.result.fullProfile.emails[0].value,\n },\n });\n };\n },\n });\n}\n","/\n * Copyright 2023 The Backstage Authors\n \n Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n \n http://www.apache.org/licenses/LICENSE-2.0\n \n Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n /\nimport { createBackendModule } from '@backstage/backend-plugin-api';\nimport {\n authProvidersExtensionPoint,\n commonSignInResolvers,\n createProxyAuthProviderFactory,\n} from '@backstage/plugin-auth-node';\nimport { awsAlbAuthenticator } from './authenticator';\nimport { awsAlbSignInResolvers } from './resolvers';\n\n/* @public */\nexport const authModuleAwsAlbProvider = createBackendModule({\n pluginId: 'auth',\n moduleId: 'awsAlbProvider',\n register(reg) {\n reg.registerInit({\n deps: {\n providers: authProvidersExtensionPoint,\n },\n async init({ providers }) {\n providers.registerProvider({\n providerId: 'awsalb',\n factory: createProxyAuthProviderFactory({\n authenticator: awsAlbAuthenticator,\n signInResolverFactories: {\n ...commonSignInResolvers,\n ...awsAlbSignInResolvers,\n },\n }),\n });\n },\n });\n },\n});\n"],"names":["decodeJwt","AuthenticationError","crypto","fetch","createProxyAuthenticator","NodeCache","jwtVerify","awsAlbSignInResolvers","createSignInResolverFactory","createBackendModule","authProvidersExtensionPoint","createProxyAuthProviderFactory","commonSignInResolvers"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAuBa,MAAA,eAAA,GAAkB,CAC7B,OAAA,EACA,OACgB,KAAA;AAChB,EAAA,IAAI,KAA4B,GAAA,KAAA,CAAA,CAAA;AAChC,EAAA,IAAI,OAAQ,CAAA,MAAA,IAAU,OAAQ,CAAA,MAAA,CAAO,SAAS,CAAG,EAAA;AAC/C,IAAM,MAAA,CAAC,UAAU,CAAA,GAAI,OAAQ,CAAA,MAAA,CAAA;AAC7B,IAAA,KAAA,GAAQ,UAAW,CAAA,KAAA,CAAA;AAAA,GACrB;AAEA,EAAA,IAAI,OAA8B,GAAA,KAAA,CAAA,CAAA;AAClC,EAAA,IAAI,QAAQ,SAAW,EAAA;AACrB,IAAA,OAAA,GAAU,OAAQ,CAAA,SAAA,CAAA;AAAA,aACT,OAAQ,CAAA,MAAA,IAAU,OAAQ,CAAA,MAAA,CAAO,SAAS,CAAG,EAAA;AACtD,IAAM,MAAA,CAAC,UAAU,CAAA,GAAI,OAAQ,CAAA,MAAA,CAAA;AAC7B,IAAA,OAAA,GAAU,UAAW,CAAA,KAAA,CAAA;AAAA,GACvB;AAEA,EAAA,IAAI,WACF,GAAA,OAAA,CAAQ,WAAe,IAAA,OAAA,CAAQ,YAAY,OAAQ,CAAA,EAAA,CAAA;AAErD,EAAA,IAAA,CAAK,CAAC,KAAS,IAAA,CAAC,OAAW,IAAA,CAAC,gBAAgB,OAAS,EAAA;AACnD,IAAI,IAAA;AACF,MAAM,MAAA,OAAA,GAAkCA,eAAU,OAAO,CAAA,CAAA;AAKzD,MAAI,IAAA,CAAC,KAAS,IAAA,OAAA,CAAQ,KAAO,EAAA;AAC3B,QAAA,KAAA,GAAQ,OAAQ,CAAA,KAAA,CAAA;AAAA,OAClB;AACA,MAAI,IAAA,CAAC,OAAW,IAAA,OAAA,CAAQ,OAAS,EAAA;AAC/B,QAAA,OAAA,GAAU,OAAQ,CAAA,OAAA,CAAA;AAAA,OACpB;AACA,MAAI,IAAA,CAAC,WAAe,IAAA,OAAA,CAAQ,IAAM,EAAA;AAChC,QAAA,WAAA,GAAc,OAAQ,CAAA,IAAA,CAAA;AAAA,OACxB;AAAA,aACO,CAAG,EAAA;AACV,MAAA,MAAM,IAAI,KAAA,CAAM,CAAkD,+CAAA,EAAA,CAAC,CAAE,CAAA,CAAA,CAAA;AAAA,KACvE;AAAA,GACF;AAEA,EAAO,OAAA;AAAA,IACL,KAAA;AAAA,IACA,OAAA;AAAA,IACA,WAAA;AAAA,GACF,CAAA;AACF,CAAA,CAAA;AAEA,MAAM,oBAAA,GAAuB,CAAC,MAAmB,KAAA;AAC/C,EAAI,IAAA,MAAA,CAAO,UAAW,CAAA,QAAQ,CAAG,EAAA;AAC/B,IAAA,OAAO,CAAc,WAAA,EAAA,kBAAA;AAAA,MACnB,MAAA;AAAA,KACD,CAAA,wCAAA,EAA2C,kBAAmB,CAAA,MAAM,CAAC,CAAA,CAAA,CAAA;AAAA,GACxE;AAEA,EAAA,OAAO,CAAgC,6BAAA,EAAA,kBAAA;AAAA,IACrC,MAAA;AAAA,GACD,CAAA,cAAA,CAAA,CAAA;AACH,CAAA,CAAA;AAEa,MAAA,iBAAA,GAAoB,CAAC,MAAA,EAAgB,QAAwB,KAAA;AACxE,EAAA,OAAO,OAAO,MAAoD,KAAA;AAChE,IAAI,IAAA,CAAC,OAAO,GAAK,EAAA;AACf,MAAM,MAAA,IAAIC,2BAAoB,mCAAmC,CAAA,CAAA;AAAA,KACnE;AACA,IAAA,MAAM,gBAAmB,GAAA,QAAA,CAAS,GAAe,CAAA,MAAA,CAAO,GAAG,CAAA,CAAA;AAC3D,IAAA,IAAI,gBAAkB,EAAA;AACpB,MAAO,OAAAC,iBAAA,CAAO,gBAAgB,gBAAgB,CAAA,CAAA;AAAA,KAChD;AAEA,IAAA,MAAM,UAAkB,MAAMC,sBAAA;AAAA,MAC5B,CAAA,EAAG,qBAAqB,MAAM,CAAC,IAAI,kBAAmB,CAAA,MAAA,CAAO,GAAG,CAAC,CAAA,CAAA;AAAA,KACjE,CAAA,IAAA,CAAK,CAAY,QAAA,KAAA,QAAA,CAAS,MAAM,CAAA,CAAA;AAElC,IAAM,MAAA,QAAA,GAAWD,iBAAO,CAAA,eAAA,CAAgB,OAAO,CAAA,CAAA;AAC/C,IAAS,QAAA,CAAA,GAAA,CAAI,MAAO,CAAA,GAAA,EAAK,QAAS,CAAA,MAAA,CAAO,EAAE,MAAA,EAAQ,KAAO,EAAA,IAAA,EAAM,MAAO,EAAC,CAAC,CAAA,CAAA;AACzE,IAAO,OAAA,QAAA,CAAA;AAAA,GACT,CAAA;AACF,CAAA;;AC5EO,MAAM,cAAiB,GAAA,kBAAA,CAAA;AACvB,MAAM,uBAA0B,GAAA,yBAAA,CAAA;AAGhC,MAAM,sBAAsBE,uCAAyB,CAAA;AAAA,EAC1D,uBAAA,EAAyB,OAAO,MAAyB,KAAA;AACvD,IAAO,OAAA;AAAA,MACL,OAAS,EAAA,eAAA,CAAgB,MAAO,CAAA,WAAA,EAAa,OAAO,WAAW,CAAA;AAAA,KACjE,CAAA;AAAA,GACF;AAAA,EACA,UAAA,CAAW,EAAE,MAAA,EAAU,EAAA;AACrB,IAAM,MAAA,MAAA,GAAS,MAAO,CAAA,SAAA,CAAU,QAAQ,CAAA,CAAA;AACxC,IAAM,MAAA,MAAA,GAAS,MAAO,CAAA,SAAA,CAAU,QAAQ,CAAA,CAAA;AACxC,IAAA,MAAM,WAAW,IAAIC,0BAAA,CAAU,EAAE,MAAA,EAAQ,MAAM,CAAA,CAAA;AAC/C,IAAM,MAAA,MAAA,GAAS,iBAAkB,CAAA,MAAA,EAAQ,QAAQ,CAAA,CAAA;AACjD,IAAO,OAAA,EAAE,QAAQ,MAAO,EAAA,CAAA;AAAA,GAC1B;AAAA,EACA,MAAM,aAAa,EAAE,GAAA,IAAO,EAAE,MAAA,EAAQ,QAAU,EAAA;AAC9C,IAAM,MAAA,GAAA,GAAM,GAAI,CAAA,MAAA,CAAO,cAAc,CAAA,CAAA;AACrC,IAAM,MAAA,WAAA,GAAc,GAAI,CAAA,MAAA,CAAO,uBAAuB,CAAA,CAAA;AAEtD,IAAA,IAAI,QAAQ,KAAW,CAAA,EAAA;AACrB,MAAA,MAAM,IAAIJ,0BAAA;AAAA,QACR,4BAA4B,cAAc,CAAA,CAAA;AAAA,OAC5C,CAAA;AAAA,KACF;AAEA,IAAA,IAAI,gBAAgB,KAAW,CAAA,EAAA;AAC7B,MAAA,MAAM,IAAIA,0BAAA;AAAA,QACR,4BAA4B,uBAAuB,CAAA,CAAA;AAAA,OACrD,CAAA;AAAA,KACF;AAEA,IAAI,IAAA;AACF,MAAA,MAAM,YAAe,GAAA,MAAMK,cAAU,CAAA,GAAA,EAAK,MAAM,CAAA,CAAA;AAChD,MAAA,MAAM,SAAS,YAAa,CAAA,OAAA,CAAA;AAE5B,MAAI,IAAA,MAAA,IAAU,MAAQ,EAAA,GAAA,KAAQ,MAAQ,EAAA;AACpC,QAAM,MAAA,IAAIL,2BAAoB,8BAA8B,CAAA,CAAA;AAAA,OAC9D;AAEA,MAAA,MAAM,WAA+B,GAAA;AAAA,QACnC,QAAU,EAAA,SAAA;AAAA,QACV,IAAI,MAAO,CAAA,GAAA;AAAA,QACX,aAAa,MAAO,CAAA,IAAA;AAAA,QACpB,QAAA,EAAU,OAAO,KAAM,CAAA,KAAA,CAAM,GAAG,CAAE,CAAA,CAAC,EAAE,WAAY,EAAA;AAAA,QACjD,IAAM,EAAA;AAAA,UACJ,YAAY,MAAO,CAAA,WAAA;AAAA,UACnB,WAAW,MAAO,CAAA,UAAA;AAAA,SACpB;AAAA,QACA,MAAA,EAAQ,CAAC,EAAE,KAAA,EAAO,OAAO,KAAM,CAAA,WAAA,IAAe,CAAA;AAAA,QAC9C,QAAQ,CAAC,EAAE,KAAO,EAAA,MAAA,CAAO,SAAS,CAAA;AAAA,OACpC,CAAA;AAEA,MAAO,OAAA;AAAA,QACL,MAAQ,EAAA;AAAA,UACN,WAAA;AAAA,UACA,WAAA;AAAA,UACA,kBAAkB,MAAO,CAAA,GAAA;AAAA,SAC3B;AAAA,QACA,YAAc,EAAA;AAAA,UACZ,WAAA;AAAA,UACA,kBAAkB,MAAO,CAAA,GAAA;AAAA,SAC3B;AAAA,OACF,CAAA;AAAA,aACO,CAAG,EAAA;AACV,MAAA,MAAM,IAAI,KAAA,CAAM,CAA6C,0CAAA,EAAA,CAAC,CAAE,CAAA,CAAA,CAAA;AAAA,KAClE;AAAA,GACF;AACF,CAAC;;ACrEgBM,uCAAA;AAAA,CAAV,CAAUA,sBAAV,KAAA;AACE,EAAMA,sBAAAA,CAAA,sCACXC,0CAA4B,CAAA;AAAA,IAC1B,MAAS,GAAA;AACP,MAAO,OAAA,OAAO,MAAgC,GAAQ,KAAA;AACpD,QAAA,IAAI,CAAC,IAAA,CAAK,MAAO,CAAA,WAAA,CAAY,MAAQ,EAAA;AACnC,UAAA,MAAM,IAAI,KAAA;AAAA,YACR,sDAAA;AAAA,WACF,CAAA;AAAA,SACF;AACA,QAAA,OAAO,IAAI,qBAAsB,CAAA;AAAA,UAC/B,MAAQ,EAAA;AAAA,YACN,IAAA,EAAM,CAAC,MAAM,CAAA;AAAA,YACb,sBAAsB,IAAK,CAAA,MAAA,CAAO,WAAY,CAAA,MAAA,CAAO,CAAC,CAAE,CAAA,KAAA;AAAA,WAC1D;AAAA,SACD,CAAA,CAAA;AAAA,OACH,CAAA;AAAA,KACF;AAAA,GACD,CAAA,CAAA;AAAA,CAlBY,EAAAD,6BAAA,KAAAA,6BAAA,GAAA,EAAA,CAAA,CAAA;;ACDV,MAAM,2BAA2BE,oCAAoB,CAAA;AAAA,EAC1D,QAAU,EAAA,MAAA;AAAA,EACV,QAAU,EAAA,gBAAA;AAAA,EACV,SAAS,GAAK,EAAA;AACZ,IAAA,GAAA,CAAI,YAAa,CAAA;AAAA,MACf,IAAM,EAAA;AAAA,QACJ,SAAW,EAAAC,0CAAA;AAAA,OACb;AAAA,MACA,MAAM,IAAA,CAAK,EAAE,SAAA,EAAa,EAAA;AACxB,QAAA,SAAA,CAAU,gBAAiB,CAAA;AAAA,UACzB,UAAY,EAAA,QAAA;AAAA,UACZ,SAASC,6CAA+B,CAAA;AAAA,YACtC,aAAe,EAAA,mBAAA;AAAA,YACf,uBAAyB,EAAA;AAAA,cACvB,GAAGC,oCAAA;AAAA,cACH,GAAGL,6BAAA;AAAA,aACL;AAAA,WACD,CAAA;AAAA,SACF,CAAA,CAAA;AAAA,OACH;AAAA,KACD,CAAA,CAAA;AAAA,GACH;AACF,CAAC;;;;;;"}
1	+ {"version":3,"file":"index.cjs.js","sources":["../src/helpers.ts","../src/authenticator.ts","../src/resolvers.ts","../src/module.ts"],"sourcesContent":["/\n Copyright 2023 The Backstage Authors\n \n Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n \n http://www.apache.org/licenses/LICENSE-2.0\n \n Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n /\nimport { KeyObject } from 'crypto';\nimport as crypto from 'crypto';\nimport { JWTHeaderParameters, decodeJwt } from 'jose';\nimport NodeCache from 'node-cache';\nimport fetch from 'node-fetch';\nimport { PassportProfile, ProfileInfo } from '@backstage/plugin-auth-node';\nimport { AuthenticationError } from '@backstage/errors';\n\nexport const makeProfileInfo = (\n profile: PassportProfile,\n idToken?: string,\n): ProfileInfo => {\n let email: string \| undefined = undefined;\n if (profile.emails && profile.emails.length > 0) {\n const [firstEmail] = profile.emails;\n email = firstEmail.value;\n }\n\n let picture: string \| undefined = undefined;\n if (profile.avatarUrl) {\n picture = profile.avatarUrl;\n } else if (profile.photos && profile.photos.length > 0) {\n const [firstPhoto] = profile.photos;\n picture = firstPhoto.value;\n }\n\n let displayName: string \| undefined =\n profile.displayName ?? profile.username ?? profile.id;\n\n if ((!email \|\| !picture \|\| !displayName) && idToken) {\n try {\n const decoded: Record<string, string> = decodeJwt(idToken) as {\n email?: string;\n picture?: string;\n name?: string;\n };\n if (!email && decoded.email) {\n email = decoded.email;\n }\n if (!picture && decoded.picture) {\n picture = decoded.picture;\n }\n if (!displayName && decoded.name) {\n displayName = decoded.name;\n }\n } catch (e) {\n throw new Error(`Failed to parse id token and get profile info, ${e}`);\n }\n }\n\n return {\n email,\n picture,\n displayName,\n };\n};\n\nconst getPublicKeyEndpoint = (region: string) => {\n if (region.startsWith('us-gov')) {\n return `https://s3-${encodeURIComponent(\n region,\n )}.amazonaws.com/aws-elb-public-keys-prod-${encodeURIComponent(region)}`;\n }\n\n return `https://public-keys.auth.elb.${encodeURIComponent(\n region,\n )}.amazonaws.com`;\n};\n\nexport const provisionKeyCache = (region: string, keyCache: NodeCache) => {\n return async (header: JWTHeaderParameters): Promise<KeyObject> => {\n if (!header.kid) {\n throw new AuthenticationError('No key id was specified in header');\n }\n const optionalCacheKey = keyCache.get<KeyObject>(header.kid);\n if (optionalCacheKey) {\n return crypto.createPublicKey(optionalCacheKey);\n }\n\n const keyText: string = await fetch(\n `${getPublicKeyEndpoint(region)}/${encodeURIComponent(header.kid)}`,\n ).then(response => response.text());\n\n const keyValue = crypto.createPublicKey(keyText);\n keyCache.set(header.kid, keyValue.export({ format: 'pem', type: 'spki' }));\n return keyValue;\n };\n};\n","/\n Copyright 2023 The Backstage Authors\n \n Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n \n http://www.apache.org/licenses/LICENSE-2.0\n \n Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n /\n\nimport { AuthenticationError } from '@backstage/errors';\nimport { AwsAlbClaims, AwsAlbResult, AwsAlbProtectedHeader } from './types';\nimport { jwtVerify } from 'jose';\nimport {\n PassportProfile,\n createProxyAuthenticator,\n} from '@backstage/plugin-auth-node';\nimport NodeCache from 'node-cache';\nimport { makeProfileInfo, provisionKeyCache } from './helpers';\n\nexport const ALB_JWT_HEADER = 'x-amzn-oidc-data';\nexport const ALB_ACCESS_TOKEN_HEADER = 'x-amzn-oidc-accesstoken';\n\n/* @public /\nexport const awsAlbAuthenticator = createProxyAuthenticator({\n defaultProfileTransform: async (result: AwsAlbResult) => {\n return {\n profile: makeProfileInfo(result.fullProfile, result.accessToken),\n };\n },\n initialize({ config }) {\n const issuer = config.getString('issuer');\n const signer = config.getOptionalString('signer');\n const region = config.getString('region');\n const keyCache = new NodeCache({ stdTTL: 3600 });\n const getKey = provisionKeyCache(region, keyCache);\n return { issuer, signer, getKey };\n },\n async authenticate({ req }, { issuer, signer, getKey }) {\n const jwt = req.header(ALB_JWT_HEADER);\n const accessToken = req.header(ALB_ACCESS_TOKEN_HEADER);\n\n if (jwt === undefined) {\n throw new AuthenticationError(\n `Missing ALB OIDC header: ${ALB_JWT_HEADER}`,\n );\n }\n\n if (accessToken === undefined) {\n throw new AuthenticationError(\n `Missing ALB OIDC header: ${ALB_ACCESS_TOKEN_HEADER}`,\n );\n }\n\n try {\n const verifyResult = await jwtVerify(jwt, getKey);\n const header = verifyResult.protectedHeader as AwsAlbProtectedHeader;\n const claims = verifyResult.payload as AwsAlbClaims;\n\n if (claims?.iss !== issuer) {\n throw new AuthenticationError('Issuer mismatch on JWT token');\n } else if (signer && header?.signer !== signer) {\n throw new AuthenticationError('Signer mismatch on JWT token');\n }\n\n const fullProfile: PassportProfile = {\n provider: 'unknown',\n id: claims.sub,\n displayName: claims.name,\n username: claims.email.split('@')[0].toLowerCase(),\n name: {\n familyName: claims.family_name,\n givenName: claims.given_name,\n },\n emails: [{ value: claims.email.toLowerCase() }],\n photos: [{ value: claims.picture }],\n };\n\n return {\n result: {\n fullProfile,\n accessToken: accessToken,\n expiresInSeconds: claims.exp,\n },\n providerInfo: {\n accessToken: accessToken,\n expiresInSeconds: claims.exp,\n },\n };\n } catch (e) {\n throw new Error(`Exception occurred during JWT processing: ${e}`);\n }\n },\n});\n","/\n * Copyright 2023 The Backstage Authors\n \n Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n \n http://www.apache.org/licenses/LICENSE-2.0\n \n Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n /\n\nimport {\n createSignInResolverFactory,\n SignInInfo,\n} from '@backstage/plugin-auth-node';\nimport { AwsAlbResult } from './types';\n/\n Available sign-in resolvers for the AWS ALB auth provider.\n \n @public\n /\nexport namespace awsAlbSignInResolvers {\n export const emailMatchingUserEntityProfileEmail =\n createSignInResolverFactory({\n create() {\n return async (info: SignInInfo<AwsAlbResult>, ctx) => {\n if (!info.result.fullProfile.emails) {\n throw new Error(\n 'Login failed, user profile does not contain an email',\n );\n }\n return ctx.signInWithCatalogUser({\n filter: {\n kind: ['User'],\n 'spec.profile.email': info.result.fullProfile.emails[0].value,\n },\n });\n };\n },\n });\n}\n","/\n * Copyright 2023 The Backstage Authors\n \n Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n \n http://www.apache.org/licenses/LICENSE-2.0\n \n Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n /\nimport { createBackendModule } from '@backstage/backend-plugin-api';\nimport {\n authProvidersExtensionPoint,\n commonSignInResolvers,\n createProxyAuthProviderFactory,\n} from '@backstage/plugin-auth-node';\nimport { awsAlbAuthenticator } from './authenticator';\nimport { awsAlbSignInResolvers } from './resolvers';\n\n/* @public */\nexport const authModuleAwsAlbProvider = createBackendModule({\n pluginId: 'auth',\n moduleId: 'awsAlbProvider',\n register(reg) {\n reg.registerInit({\n deps: {\n providers: authProvidersExtensionPoint,\n },\n async init({ providers }) {\n providers.registerProvider({\n providerId: 'awsalb',\n factory: createProxyAuthProviderFactory({\n authenticator: awsAlbAuthenticator,\n signInResolverFactories: {\n ...commonSignInResolvers,\n ...awsAlbSignInResolvers,\n },\n }),\n });\n },\n });\n },\n});\n"],"names":["decodeJwt","AuthenticationError","crypto","fetch","createProxyAuthenticator","NodeCache","jwtVerify","awsAlbSignInResolvers","createSignInResolverFactory","createBackendModule","authProvidersExtensionPoint","createProxyAuthProviderFactory","commonSignInResolvers"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAuBa,MAAA,eAAA,GAAkB,CAC7B,OAAA,EACA,OACgB,KAAA;AAChB,EAAA,IAAI,KAA4B,GAAA,KAAA,CAAA,CAAA;AAChC,EAAA,IAAI,OAAQ,CAAA,MAAA,IAAU,OAAQ,CAAA,MAAA,CAAO,SAAS,CAAG,EAAA;AAC/C,IAAM,MAAA,CAAC,UAAU,CAAA,GAAI,OAAQ,CAAA,MAAA,CAAA;AAC7B,IAAA,KAAA,GAAQ,UAAW,CAAA,KAAA,CAAA;AAAA,GACrB;AAEA,EAAA,IAAI,OAA8B,GAAA,KAAA,CAAA,CAAA;AAClC,EAAA,IAAI,QAAQ,SAAW,EAAA;AACrB,IAAA,OAAA,GAAU,OAAQ,CAAA,SAAA,CAAA;AAAA,aACT,OAAQ,CAAA,MAAA,IAAU,OAAQ,CAAA,MAAA,CAAO,SAAS,CAAG,EAAA;AACtD,IAAM,MAAA,CAAC,UAAU,CAAA,GAAI,OAAQ,CAAA,MAAA,CAAA;AAC7B,IAAA,OAAA,GAAU,UAAW,CAAA,KAAA,CAAA;AAAA,GACvB;AAEA,EAAA,IAAI,WACF,GAAA,OAAA,CAAQ,WAAe,IAAA,OAAA,CAAQ,YAAY,OAAQ,CAAA,EAAA,CAAA;AAErD,EAAA,IAAA,CAAK,CAAC,KAAS,IAAA,CAAC,OAAW,IAAA,CAAC,gBAAgB,OAAS,EAAA;AACnD,IAAI,IAAA;AACF,MAAM,MAAA,OAAA,GAAkCA,eAAU,OAAO,CAAA,CAAA;AAKzD,MAAI,IAAA,CAAC,KAAS,IAAA,OAAA,CAAQ,KAAO,EAAA;AAC3B,QAAA,KAAA,GAAQ,OAAQ,CAAA,KAAA,CAAA;AAAA,OAClB;AACA,MAAI,IAAA,CAAC,OAAW,IAAA,OAAA,CAAQ,OAAS,EAAA;AAC/B,QAAA,OAAA,GAAU,OAAQ,CAAA,OAAA,CAAA;AAAA,OACpB;AACA,MAAI,IAAA,CAAC,WAAe,IAAA,OAAA,CAAQ,IAAM,EAAA;AAChC,QAAA,WAAA,GAAc,OAAQ,CAAA,IAAA,CAAA;AAAA,OACxB;AAAA,aACO,CAAG,EAAA;AACV,MAAA,MAAM,IAAI,KAAA,CAAM,CAAkD,+CAAA,EAAA,CAAC,CAAE,CAAA,CAAA,CAAA;AAAA,KACvE;AAAA,GACF;AAEA,EAAO,OAAA;AAAA,IACL,KAAA;AAAA,IACA,OAAA;AAAA,IACA,WAAA;AAAA,GACF,CAAA;AACF,CAAA,CAAA;AAEA,MAAM,oBAAA,GAAuB,CAAC,MAAmB,KAAA;AAC/C,EAAI,IAAA,MAAA,CAAO,UAAW,CAAA,QAAQ,CAAG,EAAA;AAC/B,IAAA,OAAO,CAAc,WAAA,EAAA,kBAAA;AAAA,MACnB,MAAA;AAAA,KACD,CAAA,wCAAA,EAA2C,kBAAmB,CAAA,MAAM,CAAC,CAAA,CAAA,CAAA;AAAA,GACxE;AAEA,EAAA,OAAO,CAAgC,6BAAA,EAAA,kBAAA;AAAA,IACrC,MAAA;AAAA,GACD,CAAA,cAAA,CAAA,CAAA;AACH,CAAA,CAAA;AAEa,MAAA,iBAAA,GAAoB,CAAC,MAAA,EAAgB,QAAwB,KAAA;AACxE,EAAA,OAAO,OAAO,MAAoD,KAAA;AAChE,IAAI,IAAA,CAAC,OAAO,GAAK,EAAA;AACf,MAAM,MAAA,IAAIC,2BAAoB,mCAAmC,CAAA,CAAA;AAAA,KACnE;AACA,IAAA,MAAM,gBAAmB,GAAA,QAAA,CAAS,GAAe,CAAA,MAAA,CAAO,GAAG,CAAA,CAAA;AAC3D,IAAA,IAAI,gBAAkB,EAAA;AACpB,MAAO,OAAAC,iBAAA,CAAO,gBAAgB,gBAAgB,CAAA,CAAA;AAAA,KAChD;AAEA,IAAA,MAAM,UAAkB,MAAMC,sBAAA;AAAA,MAC5B,CAAA,EAAG,qBAAqB,MAAM,CAAC,IAAI,kBAAmB,CAAA,MAAA,CAAO,GAAG,CAAC,CAAA,CAAA;AAAA,KACjE,CAAA,IAAA,CAAK,CAAY,QAAA,KAAA,QAAA,CAAS,MAAM,CAAA,CAAA;AAElC,IAAM,MAAA,QAAA,GAAWD,iBAAO,CAAA,eAAA,CAAgB,OAAO,CAAA,CAAA;AAC/C,IAAS,QAAA,CAAA,GAAA,CAAI,MAAO,CAAA,GAAA,EAAK,QAAS,CAAA,MAAA,CAAO,EAAE,MAAA,EAAQ,KAAO,EAAA,IAAA,EAAM,MAAO,EAAC,CAAC,CAAA,CAAA;AACzE,IAAO,OAAA,QAAA,CAAA;AAAA,GACT,CAAA;AACF,CAAA;;AC5EO,MAAM,cAAiB,GAAA,kBAAA,CAAA;AACvB,MAAM,uBAA0B,GAAA,yBAAA,CAAA;AAGhC,MAAM,sBAAsBE,uCAAyB,CAAA;AAAA,EAC1D,uBAAA,EAAyB,OAAO,MAAyB,KAAA;AACvD,IAAO,OAAA;AAAA,MACL,OAAS,EAAA,eAAA,CAAgB,MAAO,CAAA,WAAA,EAAa,OAAO,WAAW,CAAA;AAAA,KACjE,CAAA;AAAA,GACF;AAAA,EACA,UAAA,CAAW,EAAE,MAAA,EAAU,EAAA;AACrB,IAAM,MAAA,MAAA,GAAS,MAAO,CAAA,SAAA,CAAU,QAAQ,CAAA,CAAA;AACxC,IAAM,MAAA,MAAA,GAAS,MAAO,CAAA,iBAAA,CAAkB,QAAQ,CAAA,CAAA;AAChD,IAAM,MAAA,MAAA,GAAS,MAAO,CAAA,SAAA,CAAU,QAAQ,CAAA,CAAA;AACxC,IAAA,MAAM,WAAW,IAAIC,0BAAA,CAAU,EAAE,MAAA,EAAQ,MAAM,CAAA,CAAA;AAC/C,IAAM,MAAA,MAAA,GAAS,iBAAkB,CAAA,MAAA,EAAQ,QAAQ,CAAA,CAAA;AACjD,IAAO,OAAA,EAAE,MAAQ,EAAA,MAAA,EAAQ,MAAO,EAAA,CAAA;AAAA,GAClC;AAAA,EACA,MAAM,aAAa,EAAE,GAAA,IAAO,EAAE,MAAA,EAAQ,MAAQ,EAAA,MAAA,EAAU,EAAA;AACtD,IAAM,MAAA,GAAA,GAAM,GAAI,CAAA,MAAA,CAAO,cAAc,CAAA,CAAA;AACrC,IAAM,MAAA,WAAA,GAAc,GAAI,CAAA,MAAA,CAAO,uBAAuB,CAAA,CAAA;AAEtD,IAAA,IAAI,QAAQ,KAAW,CAAA,EAAA;AACrB,MAAA,MAAM,IAAIJ,0BAAA;AAAA,QACR,4BAA4B,cAAc,CAAA,CAAA;AAAA,OAC5C,CAAA;AAAA,KACF;AAEA,IAAA,IAAI,gBAAgB,KAAW,CAAA,EAAA;AAC7B,MAAA,MAAM,IAAIA,0BAAA;AAAA,QACR,4BAA4B,uBAAuB,CAAA,CAAA;AAAA,OACrD,CAAA;AAAA,KACF;AAEA,IAAI,IAAA;AACF,MAAA,MAAM,YAAe,GAAA,MAAMK,cAAU,CAAA,GAAA,EAAK,MAAM,CAAA,CAAA;AAChD,MAAA,MAAM,SAAS,YAAa,CAAA,eAAA,CAAA;AAC5B,MAAA,MAAM,SAAS,YAAa,CAAA,OAAA,CAAA;AAE5B,MAAI,IAAA,MAAA,EAAQ,QAAQ,MAAQ,EAAA;AAC1B,QAAM,MAAA,IAAIL,2BAAoB,8BAA8B,CAAA,CAAA;AAAA,OACnD,MAAA,IAAA,MAAA,IAAU,MAAQ,EAAA,MAAA,KAAW,MAAQ,EAAA;AAC9C,QAAM,MAAA,IAAIA,2BAAoB,8BAA8B,CAAA,CAAA;AAAA,OAC9D;AAEA,MAAA,MAAM,WAA+B,GAAA;AAAA,QACnC,QAAU,EAAA,SAAA;AAAA,QACV,IAAI,MAAO,CAAA,GAAA;AAAA,QACX,aAAa,MAAO,CAAA,IAAA;AAAA,QACpB,QAAA,EAAU,OAAO,KAAM,CAAA,KAAA,CAAM,GAAG,CAAE,CAAA,CAAC,EAAE,WAAY,EAAA;AAAA,QACjD,IAAM,EAAA;AAAA,UACJ,YAAY,MAAO,CAAA,WAAA;AAAA,UACnB,WAAW,MAAO,CAAA,UAAA;AAAA,SACpB;AAAA,QACA,MAAA,EAAQ,CAAC,EAAE,KAAA,EAAO,OAAO,KAAM,CAAA,WAAA,IAAe,CAAA;AAAA,QAC9C,QAAQ,CAAC,EAAE,KAAO,EAAA,MAAA,CAAO,SAAS,CAAA;AAAA,OACpC,CAAA;AAEA,MAAO,OAAA;AAAA,QACL,MAAQ,EAAA;AAAA,UACN,WAAA;AAAA,UACA,WAAA;AAAA,UACA,kBAAkB,MAAO,CAAA,GAAA;AAAA,SAC3B;AAAA,QACA,YAAc,EAAA;AAAA,UACZ,WAAA;AAAA,UACA,kBAAkB,MAAO,CAAA,GAAA;AAAA,SAC3B;AAAA,OACF,CAAA;AAAA,aACO,CAAG,EAAA;AACV,MAAA,MAAM,IAAI,KAAA,CAAM,CAA6C,0CAAA,EAAA,CAAC,CAAE,CAAA,CAAA,CAAA;AAAA,KAClE;AAAA,GACF;AACF,CAAC;;ACzEgBM,uCAAA;AAAA,CAAV,CAAUA,sBAAV,KAAA;AACE,EAAMA,sBAAAA,CAAA,sCACXC,0CAA4B,CAAA;AAAA,IAC1B,MAAS,GAAA;AACP,MAAO,OAAA,OAAO,MAAgC,GAAQ,KAAA;AACpD,QAAA,IAAI,CAAC,IAAA,CAAK,MAAO,CAAA,WAAA,CAAY,MAAQ,EAAA;AACnC,UAAA,MAAM,IAAI,KAAA;AAAA,YACR,sDAAA;AAAA,WACF,CAAA;AAAA,SACF;AACA,QAAA,OAAO,IAAI,qBAAsB,CAAA;AAAA,UAC/B,MAAQ,EAAA;AAAA,YACN,IAAA,EAAM,CAAC,MAAM,CAAA;AAAA,YACb,sBAAsB,IAAK,CAAA,MAAA,CAAO,WAAY,CAAA,MAAA,CAAO,CAAC,CAAE,CAAA,KAAA;AAAA,WAC1D;AAAA,SACD,CAAA,CAAA;AAAA,OACH,CAAA;AAAA,KACF;AAAA,GACD,CAAA,CAAA;AAAA,CAlBY,EAAAD,6BAAA,KAAAA,6BAAA,GAAA,EAAA,CAAA,CAAA;;ACDV,MAAM,2BAA2BE,oCAAoB,CAAA;AAAA,EAC1D,QAAU,EAAA,MAAA;AAAA,EACV,QAAU,EAAA,gBAAA;AAAA,EACV,SAAS,GAAK,EAAA;AACZ,IAAA,GAAA,CAAI,YAAa,CAAA;AAAA,MACf,IAAM,EAAA;AAAA,QACJ,SAAW,EAAAC,0CAAA;AAAA,OACb;AAAA,MACA,MAAM,IAAA,CAAK,EAAE,SAAA,EAAa,EAAA;AACxB,QAAA,SAAA,CAAU,gBAAiB,CAAA;AAAA,UACzB,UAAY,EAAA,QAAA;AAAA,UACZ,SAASC,6CAA+B,CAAA;AAAA,YACtC,aAAe,EAAA,mBAAA;AAAA,YACf,uBAAyB,EAAA;AAAA,cACvB,GAAGC,oCAAA;AAAA,cACH,GAAGL,6BAAA;AAAA,aACL;AAAA,WACD,CAAA;AAAA,SACF,CAAA,CAAA;AAAA,OACH;AAAA,KACD,CAAA,CAAA;AAAA,GACH;AACF,CAAC;;;;;;"}

package/dist/index.d.ts CHANGED Viewed

@@ -20,6 +20,7 @@ type AwsAlbResult = {
 /** @public */
 declare const awsAlbAuthenticator: _backstage_plugin_auth_node.ProxyAuthenticator<{
     issuer: string;
+    signer: string | undefined;
     getKey: (header: jose.JWTHeaderParameters) => Promise<crypto.KeyObject>;
 }, AwsAlbResult, {
     accessToken: string;

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@backstage/plugin-auth-backend-module-aws-alb-provider",
-  "version": "0.1.15-next.3",
+  "version": "0.1.16",
   "description": "The aws-alb provider module for the Backstage auth backend.",
   "backstage": {
     "role": "backend-plugin-module",
@@ -37,18 +37,18 @@
     "test": "backstage-cli package test"
   },
   "dependencies": {
-    "@backstage/backend-common": "^0.23.4-next.3",
-    "@backstage/backend-plugin-api": "^0.8.0-next.3",
+    "@backstage/backend-common": "^0.24.0",
+    "@backstage/backend-plugin-api": "^0.8.0",
     "@backstage/errors": "^1.2.4",
-    "@backstage/plugin-auth-backend": "^0.22.10-next.3",
-    "@backstage/plugin-auth-node": "^0.5.0-next.3",
+    "@backstage/plugin-auth-backend": "^0.22.11",
+    "@backstage/plugin-auth-node": "^0.5.0",
     "jose": "^5.0.0",
     "node-cache": "^5.1.2",
     "node-fetch": "^2.7.0"
   },
   "devDependencies": {
-    "@backstage/backend-test-utils": "^0.4.5-next.3",
-    "@backstage/cli": "^0.27.0-next.4",
+    "@backstage/backend-test-utils": "^0.5.0",
+    "@backstage/cli": "^0.27.0",
     "@backstage/config": "^1.2.0",
     "express": "^4.18.2",
     "msw": "^2.0.8"