@backstage/plugin-auth-backend-module-aws-alb-provider 0.4.6-next.0 → 0.4.6

package/CHANGELOG.md

@@ -1,5 +1,14 @@
 # @backstage/plugin-auth-backend-module-aws-alb-provider
 
+## 0.4.6
+
+### Patch Changes
+
+- Updated dependencies
+  - @backstage/plugin-auth-backend@0.25.3
+  - @backstage/plugin-auth-node@0.6.6
+  - @backstage/backend-plugin-api@1.4.2
+
 ## 0.4.6-next.0
 
 ### Patch Changes

package/dist/authenticator.cjs.js.map

@@ -1 +1 @@
-{"version":3,"file":"authenticator.cjs.js","sources":["../src/authenticator.ts"],"sourcesContent":["/*\n * Copyright 2023 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n *     http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { AuthenticationError } from '@backstage/errors';\nimport { AwsAlbClaims, AwsAlbProtectedHeader, AwsAlbResult } from './types';\nimport { jwtVerify } from 'jose';\nimport {\n  createProxyAuthenticator,\n  PassportProfile,\n} from '@backstage/plugin-auth-node';\nimport NodeCache from 'node-cache';\nimport { makeProfileInfo, provisionKeyCache } from './helpers';\n\nexport const ALB_JWT_HEADER = 'x-amzn-oidc-data';\nexport const ALB_ACCESS_TOKEN_HEADER = 'x-amzn-oidc-accesstoken';\n\n/** @public */\nexport const awsAlbAuthenticator = createProxyAuthenticator({\n  defaultProfileTransform: async (result: AwsAlbResult) => {\n    return {\n      profile: makeProfileInfo(result.fullProfile, result.accessToken),\n    };\n  },\n  initialize({ config }) {\n    const issuer = config.getString('issuer');\n    const signer = config.getOptionalString('signer');\n    const region = config.getString('region');\n    const keyCache = new NodeCache({ stdTTL: 3600 });\n    const getKey = provisionKeyCache(region, keyCache);\n    return { issuer, signer, getKey };\n  },\n  async authenticate({ req }, { issuer, signer, getKey }) {\n    const jwt = req.header(ALB_JWT_HEADER);\n    const accessToken = req.header(ALB_ACCESS_TOKEN_HEADER);\n\n    if (jwt === undefined) {\n      throw new AuthenticationError(\n        `Missing ALB OIDC header: ${ALB_JWT_HEADER}`,\n      );\n    }\n\n    if (accessToken === undefined) {\n      throw new AuthenticationError(\n        `Missing ALB OIDC header: ${ALB_ACCESS_TOKEN_HEADER}`,\n      );\n    }\n\n    try {\n      const verifyResult = await jwtVerify(jwt, getKey);\n      const header = verifyResult.protectedHeader as AwsAlbProtectedHeader;\n      const claims = verifyResult.payload as AwsAlbClaims;\n\n      if (claims?.iss !== issuer) {\n        throw new AuthenticationError('Issuer mismatch on JWT token');\n      } else if (signer && header?.signer !== signer) {\n        throw new AuthenticationError('Signer mismatch on JWT token');\n      }\n\n      if (!claims.email) {\n        throw new AuthenticationError(`Missing email in the JWT token`);\n      }\n\n      const fullProfile: PassportProfile = {\n        provider: 'unknown',\n        id: claims.sub,\n        displayName: claims.name,\n        username: claims.email.split('@')[0],\n        name: {\n          familyName: claims.family_name,\n          givenName: claims.given_name,\n        },\n        emails: [{ value: claims.email }],\n        photos: [{ value: claims.picture }],\n      };\n\n      return {\n        result: {\n          fullProfile,\n          accessToken: accessToken,\n          expiresInSeconds: claims.exp,\n        },\n        providerInfo: {\n          accessToken: accessToken,\n          expiresInSeconds: claims.exp,\n        },\n      };\n    } catch (e) {\n      throw new Error(`Exception occurred during JWT processing: ${e}`);\n    }\n  },\n});\n"],"names":["createProxyAuthenticator","makeProfileInfo","NodeCache","provisionKeyCache","AuthenticationError","jwtVerify"],"mappings":";;;;;;;;;;;;AA0BO,MAAM,cAAiB,GAAA;AACvB,MAAM,uBAA0B,GAAA;AAGhC,MAAM,sBAAsBA,uCAAyB,CAAA;AAAA,EAC1D,uBAAA,EAAyB,OAAO,MAAyB,KAAA;AACvD,IAAO,OAAA;AAAA,MACL,OAAS,EAAAC,uBAAA,CAAgB,MAAO,CAAA,WAAA,EAAa,OAAO,WAAW;AAAA,KACjE;AAAA,GACF;AAAA,EACA,UAAA,CAAW,EAAE,MAAA,EAAU,EAAA;AACrB,IAAM,MAAA,MAAA,GAAS,MAAO,CAAA,SAAA,CAAU,QAAQ,CAAA;AACxC,IAAM,MAAA,MAAA,GAAS,MAAO,CAAA,iBAAA,CAAkB,QAAQ,CAAA;AAChD,IAAM,MAAA,MAAA,GAAS,MAAO,CAAA,SAAA,CAAU,QAAQ,CAAA;AACxC,IAAA,MAAM,WAAW,IAAIC,0BAAA,CAAU,EAAE,MAAA,EAAQ,MAAM,CAAA;AAC/C,IAAM,MAAA,MAAA,GAASC,yBAAkB,CAAA,MAAA,EAAQ,QAAQ,CAAA;AACjD,IAAO,OAAA,EAAE,MAAQ,EAAA,MAAA,EAAQ,MAAO,EAAA;AAAA,GAClC;AAAA,EACA,MAAM,aAAa,EAAE,GAAA,IAAO,EAAE,MAAA,EAAQ,MAAQ,EAAA,MAAA,EAAU,EAAA;AACtD,IAAM,MAAA,GAAA,GAAM,GAAI,CAAA,MAAA,CAAO,cAAc,CAAA;AACrC,IAAM,MAAA,WAAA,GAAc,GAAI,CAAA,MAAA,CAAO,uBAAuB,CAAA;AAEtD,IAAA,IAAI,QAAQ,KAAW,CAAA,EAAA;AACrB,MAAA,MAAM,IAAIC,0BAAA;AAAA,QACR,4BAA4B,cAAc,CAAA;AAAA,OAC5C;AAAA;AAGF,IAAA,IAAI,gBAAgB,KAAW,CAAA,EAAA;AAC7B,MAAA,MAAM,IAAIA,0BAAA;AAAA,QACR,4BAA4B,uBAAuB,CAAA;AAAA,OACrD;AAAA;AAGF,IAAI,IAAA;AACF,MAAA,MAAM,YAAe,GAAA,MAAMC,cAAU,CAAA,GAAA,EAAK,MAAM,CAAA;AAChD,MAAA,MAAM,SAAS,YAAa,CAAA,eAAA;AAC5B,MAAA,MAAM,SAAS,YAAa,CAAA,OAAA;AAE5B,MAAI,IAAA,MAAA,EAAQ,QAAQ,MAAQ,EAAA;AAC1B,QAAM,MAAA,IAAID,2BAAoB,8BAA8B,CAAA;AAAA,OACnD,MAAA,IAAA,MAAA,IAAU,MAAQ,EAAA,MAAA,KAAW,MAAQ,EAAA;AAC9C,QAAM,MAAA,IAAIA,2BAAoB,8BAA8B,CAAA;AAAA;AAG9D,MAAI,IAAA,CAAC,OAAO,KAAO,EAAA;AACjB,QAAM,MAAA,IAAIA,2BAAoB,CAAgC,8BAAA,CAAA,CAAA;AAAA;AAGhE,MAAA,MAAM,WAA+B,GAAA;AAAA,QACnC,QAAU,EAAA,SAAA;AAAA,QACV,IAAI,MAAO,CAAA,GAAA;AAAA,QACX,aAAa,MAAO,CAAA,IAAA;AAAA,QACpB,UAAU,MAAO,CAAA,KAAA,CAAM,KAAM,CAAA,GAAG,EAAE,CAAC,CAAA;AAAA,QACnC,IAAM,EAAA;AAAA,UACJ,YAAY,MAAO,CAAA,WAAA;AAAA,UACnB,WAAW,MAAO,CAAA;AAAA,SACpB;AAAA,QACA,QAAQ,CAAC,EAAE,KAAO,EAAA,MAAA,CAAO,OAAO,CAAA;AAAA,QAChC,QAAQ,CAAC,EAAE,KAAO,EAAA,MAAA,CAAO,SAAS;AAAA,OACpC;AAEA,MAAO,OAAA;AAAA,QACL,MAAQ,EAAA;AAAA,UACN,WAAA;AAAA,UACA,WAAA;AAAA,UACA,kBAAkB,MAAO,CAAA;AAAA,SAC3B;AAAA,QACA,YAAc,EAAA;AAAA,UACZ,WAAA;AAAA,UACA,kBAAkB,MAAO,CAAA;AAAA;AAC3B,OACF;AAAA,aACO,CAAG,EAAA;AACV,MAAA,MAAM,IAAI,KAAA,CAAM,CAA6C,0CAAA,EAAA,CAAC,CAAE,CAAA,CAAA;AAAA;AAClE;AAEJ,CAAC;;;;;;"}
+{"version":3,"file":"authenticator.cjs.js","sources":["../src/authenticator.ts"],"sourcesContent":["/*\n * Copyright 2023 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n *     http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { AuthenticationError } from '@backstage/errors';\nimport { AwsAlbClaims, AwsAlbProtectedHeader, AwsAlbResult } from './types';\nimport { jwtVerify } from 'jose';\nimport {\n  createProxyAuthenticator,\n  PassportProfile,\n} from '@backstage/plugin-auth-node';\nimport NodeCache from 'node-cache';\nimport { makeProfileInfo, provisionKeyCache } from './helpers';\n\nexport const ALB_JWT_HEADER = 'x-amzn-oidc-data';\nexport const ALB_ACCESS_TOKEN_HEADER = 'x-amzn-oidc-accesstoken';\n\n/** @public */\nexport const awsAlbAuthenticator = createProxyAuthenticator({\n  defaultProfileTransform: async (result: AwsAlbResult) => {\n    return {\n      profile: makeProfileInfo(result.fullProfile, result.accessToken),\n    };\n  },\n  initialize({ config }) {\n    const issuer = config.getString('issuer');\n    const signer = config.getOptionalString('signer');\n    const region = config.getString('region');\n    const keyCache = new NodeCache({ stdTTL: 3600 });\n    const getKey = provisionKeyCache(region, keyCache);\n    return { issuer, signer, getKey };\n  },\n  async authenticate({ req }, { issuer, signer, getKey }) {\n    const jwt = req.header(ALB_JWT_HEADER);\n    const accessToken = req.header(ALB_ACCESS_TOKEN_HEADER);\n\n    if (jwt === undefined) {\n      throw new AuthenticationError(\n        `Missing ALB OIDC header: ${ALB_JWT_HEADER}`,\n      );\n    }\n\n    if (accessToken === undefined) {\n      throw new AuthenticationError(\n        `Missing ALB OIDC header: ${ALB_ACCESS_TOKEN_HEADER}`,\n      );\n    }\n\n    try {\n      const verifyResult = await jwtVerify(jwt, getKey);\n      const header = verifyResult.protectedHeader as AwsAlbProtectedHeader;\n      const claims = verifyResult.payload as AwsAlbClaims;\n\n      if (claims?.iss !== issuer) {\n        throw new AuthenticationError('Issuer mismatch on JWT token');\n      } else if (signer && header?.signer !== signer) {\n        throw new AuthenticationError('Signer mismatch on JWT token');\n      }\n\n      if (!claims.email) {\n        throw new AuthenticationError(`Missing email in the JWT token`);\n      }\n\n      const fullProfile: PassportProfile = {\n        provider: 'unknown',\n        id: claims.sub,\n        displayName: claims.name,\n        username: claims.email.split('@')[0],\n        name: {\n          familyName: claims.family_name,\n          givenName: claims.given_name,\n        },\n        emails: [{ value: claims.email }],\n        photos: [{ value: claims.picture }],\n      };\n\n      return {\n        result: {\n          fullProfile,\n          accessToken: accessToken,\n          expiresInSeconds: claims.exp,\n        },\n        providerInfo: {\n          accessToken: accessToken,\n          expiresInSeconds: claims.exp,\n        },\n      };\n    } catch (e) {\n      throw new Error(`Exception occurred during JWT processing: ${e}`);\n    }\n  },\n});\n"],"names":["createProxyAuthenticator","makeProfileInfo","NodeCache","provisionKeyCache","AuthenticationError","jwtVerify"],"mappings":";;;;;;;;;;;;AA0BO,MAAM,cAAA,GAAiB;AACvB,MAAM,uBAAA,GAA0B;AAGhC,MAAM,sBAAsBA,uCAAA,CAAyB;AAAA,EAC1D,uBAAA,EAAyB,OAAO,MAAA,KAAyB;AACvD,IAAA,OAAO;AAAA,MACL,OAAA,EAASC,uBAAA,CAAgB,MAAA,CAAO,WAAA,EAAa,OAAO,WAAW;AAAA,KACjE;AAAA,EACF,CAAA;AAAA,EACA,UAAA,CAAW,EAAE,MAAA,EAAO,EAAG;AACrB,IAAA,MAAM,MAAA,GAAS,MAAA,CAAO,SAAA,CAAU,QAAQ,CAAA;AACxC,IAAA,MAAM,MAAA,GAAS,MAAA,CAAO,iBAAA,CAAkB,QAAQ,CAAA;AAChD,IAAA,MAAM,MAAA,GAAS,MAAA,CAAO,SAAA,CAAU,QAAQ,CAAA;AACxC,IAAA,MAAM,WAAW,IAAIC,0BAAA,CAAU,EAAE,MAAA,EAAQ,MAAM,CAAA;AAC/C,IAAA,MAAM,MAAA,GAASC,yBAAA,CAAkB,MAAA,EAAQ,QAAQ,CAAA;AACjD,IAAA,OAAO,EAAE,MAAA,EAAQ,MAAA,EAAQ,MAAA,EAAO;AAAA,EAClC,CAAA;AAAA,EACA,MAAM,aAAa,EAAE,GAAA,IAAO,EAAE,MAAA,EAAQ,MAAA,EAAQ,MAAA,EAAO,EAAG;AACtD,IAAA,MAAM,GAAA,GAAM,GAAA,CAAI,MAAA,CAAO,cAAc,CAAA;AACrC,IAAA,MAAM,WAAA,GAAc,GAAA,CAAI,MAAA,CAAO,uBAAuB,CAAA;AAEtD,IAAA,IAAI,QAAQ,MAAA,EAAW;AACrB,MAAA,MAAM,IAAIC,0BAAA;AAAA,QACR,4BAA4B,cAAc,CAAA;AAAA,OAC5C;AAAA,IACF;AAEA,IAAA,IAAI,gBAAgB,MAAA,EAAW;AAC7B,MAAA,MAAM,IAAIA,0BAAA;AAAA,QACR,4BAA4B,uBAAuB,CAAA;AAAA,OACrD;AAAA,IACF;AAEA,IAAA,IAAI;AACF,MAAA,MAAM,YAAA,GAAe,MAAMC,cAAA,CAAU,GAAA,EAAK,MAAM,CAAA;AAChD,MAAA,MAAM,SAAS,YAAA,CAAa,eAAA;AAC5B,MAAA,MAAM,SAAS,YAAA,CAAa,OAAA;AAE5B,MAAA,IAAI,MAAA,EAAQ,QAAQ,MAAA,EAAQ;AAC1B,QAAA,MAAM,IAAID,2BAAoB,8BAA8B,CAAA;AAAA,MAC9D,CAAA,MAAA,IAAW,MAAA,IAAU,MAAA,EAAQ,MAAA,KAAW,MAAA,EAAQ;AAC9C,QAAA,MAAM,IAAIA,2BAAoB,8BAA8B,CAAA;AAAA,MAC9D;AAEA,MAAA,IAAI,CAAC,OAAO,KAAA,EAAO;AACjB,QAAA,MAAM,IAAIA,2BAAoB,CAAA,8BAAA,CAAgC,CAAA;AAAA,MAChE;AAEA,MAAA,MAAM,WAAA,GAA+B;AAAA,QACnC,QAAA,EAAU,SAAA;AAAA,QACV,IAAI,MAAA,CAAO,GAAA;AAAA,QACX,aAAa,MAAA,CAAO,IAAA;AAAA,QACpB,UAAU,MAAA,CAAO,KAAA,CAAM,KAAA,CAAM,GAAG,EAAE,CAAC,CAAA;AAAA,QACnC,IAAA,EAAM;AAAA,UACJ,YAAY,MAAA,CAAO,WAAA;AAAA,UACnB,WAAW,MAAA,CAAO;AAAA,SACpB;AAAA,QACA,QAAQ,CAAC,EAAE,KAAA,EAAO,MAAA,CAAO,OAAO,CAAA;AAAA,QAChC,QAAQ,CAAC,EAAE,KAAA,EAAO,MAAA,CAAO,SAAS;AAAA,OACpC;AAEA,MAAA,OAAO;AAAA,QACL,MAAA,EAAQ;AAAA,UACN,WAAA;AAAA,UACA,WAAA;AAAA,UACA,kBAAkB,MAAA,CAAO;AAAA,SAC3B;AAAA,QACA,YAAA,EAAc;AAAA,UACZ,WAAA;AAAA,UACA,kBAAkB,MAAA,CAAO;AAAA;AAC3B,OACF;AAAA,IACF,SAAS,CAAA,EAAG;AACV,MAAA,MAAM,IAAI,KAAA,CAAM,CAAA,0CAAA,EAA6C,CAAC,CAAA,CAAE,CAAA;AAAA,IAClE;AAAA,EACF;AACF,CAAC;;;;;;"}

package/dist/helpers.cjs.js.map

@@ -1 +1 @@
-{"version":3,"file":"helpers.cjs.js","sources":["../src/helpers.ts"],"sourcesContent":["/*\n * Copyright 2023 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n *     http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { KeyObject } from 'crypto';\nimport * as crypto from 'crypto';\nimport { JWTHeaderParameters, decodeJwt } from 'jose';\nimport NodeCache from 'node-cache';\nimport { PassportProfile, ProfileInfo } from '@backstage/plugin-auth-node';\nimport { AuthenticationError } from '@backstage/errors';\n\nexport const makeProfileInfo = (\n  profile: PassportProfile,\n  idToken?: string,\n): ProfileInfo => {\n  let email: string | undefined = undefined;\n  if (profile.emails && profile.emails.length > 0) {\n    const [firstEmail] = profile.emails;\n    email = firstEmail.value;\n  }\n\n  let picture: string | undefined = undefined;\n  if (profile.avatarUrl) {\n    picture = profile.avatarUrl;\n  } else if (profile.photos && profile.photos.length > 0) {\n    const [firstPhoto] = profile.photos;\n    picture = firstPhoto.value;\n  }\n\n  let displayName: string | undefined =\n    profile.displayName ?? profile.username ?? profile.id;\n\n  if ((!email || !picture || !displayName) && idToken) {\n    try {\n      const decoded: Record<string, string> = decodeJwt(idToken) as {\n        email?: string;\n        picture?: string;\n        name?: string;\n      };\n      if (!email && decoded.email) {\n        email = decoded.email;\n      }\n      if (!picture && decoded.picture) {\n        picture = decoded.picture;\n      }\n      if (!displayName && decoded.name) {\n        displayName = decoded.name;\n      }\n    } catch (e) {\n      throw new Error(`Failed to parse id token and get profile info, ${e}`);\n    }\n  }\n\n  return {\n    email,\n    picture,\n    displayName,\n  };\n};\n\nconst getPublicKeyEndpoint = (region: string) => {\n  if (region.startsWith('us-gov')) {\n    return `https://s3-${encodeURIComponent(\n      region,\n    )}.amazonaws.com/aws-elb-public-keys-prod-${encodeURIComponent(region)}`;\n  }\n\n  return `https://public-keys.auth.elb.${encodeURIComponent(\n    region,\n  )}.amazonaws.com`;\n};\n\nexport const provisionKeyCache = (region: string, keyCache: NodeCache) => {\n  return async (header: JWTHeaderParameters): Promise<KeyObject> => {\n    if (!header.kid) {\n      throw new AuthenticationError('No key id was specified in header');\n    }\n    const optionalCacheKey = keyCache.get<KeyObject>(header.kid);\n    if (optionalCacheKey) {\n      return crypto.createPublicKey(optionalCacheKey);\n    }\n\n    const keyText: string = await fetch(\n      `${getPublicKeyEndpoint(region)}/${encodeURIComponent(header.kid)}`,\n    ).then(response => response.text());\n\n    const keyValue = crypto.createPublicKey(keyText);\n    keyCache.set(header.kid, keyValue.export({ format: 'pem', type: 'spki' }));\n    return keyValue;\n  };\n};\n"],"names":["decodeJwt","AuthenticationError","crypto"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;AAuBa,MAAA,eAAA,GAAkB,CAC7B,OAAA,EACA,OACgB,KAAA;AAChB,EAAA,IAAI,KAA4B,GAAA,KAAA,CAAA;AAChC,EAAA,IAAI,OAAQ,CAAA,MAAA,IAAU,OAAQ,CAAA,MAAA,CAAO,SAAS,CAAG,EAAA;AAC/C,IAAM,MAAA,CAAC,UAAU,CAAA,GAAI,OAAQ,CAAA,MAAA;AAC7B,IAAA,KAAA,GAAQ,UAAW,CAAA,KAAA;AAAA;AAGrB,EAAA,IAAI,OAA8B,GAAA,KAAA,CAAA;AAClC,EAAA,IAAI,QAAQ,SAAW,EAAA;AACrB,IAAA,OAAA,GAAU,OAAQ,CAAA,SAAA;AAAA,aACT,OAAQ,CAAA,MAAA,IAAU,OAAQ,CAAA,MAAA,CAAO,SAAS,CAAG,EAAA;AACtD,IAAM,MAAA,CAAC,UAAU,CAAA,GAAI,OAAQ,CAAA,MAAA;AAC7B,IAAA,OAAA,GAAU,UAAW,CAAA,KAAA;AAAA;AAGvB,EAAA,IAAI,WACF,GAAA,OAAA,CAAQ,WAAe,IAAA,OAAA,CAAQ,YAAY,OAAQ,CAAA,EAAA;AAErD,EAAA,IAAA,CAAK,CAAC,KAAS,IAAA,CAAC,OAAW,IAAA,CAAC,gBAAgB,OAAS,EAAA;AACnD,IAAI,IAAA;AACF,MAAM,MAAA,OAAA,GAAkCA,eAAU,OAAO,CAAA;AAKzD,MAAI,IAAA,CAAC,KAAS,IAAA,OAAA,CAAQ,KAAO,EAAA;AAC3B,QAAA,KAAA,GAAQ,OAAQ,CAAA,KAAA;AAAA;AAElB,MAAI,IAAA,CAAC,OAAW,IAAA,OAAA,CAAQ,OAAS,EAAA;AAC/B,QAAA,OAAA,GAAU,OAAQ,CAAA,OAAA;AAAA;AAEpB,MAAI,IAAA,CAAC,WAAe,IAAA,OAAA,CAAQ,IAAM,EAAA;AAChC,QAAA,WAAA,GAAc,OAAQ,CAAA,IAAA;AAAA;AACxB,aACO,CAAG,EAAA;AACV,MAAA,MAAM,IAAI,KAAA,CAAM,CAAkD,+CAAA,EAAA,CAAC,CAAE,CAAA,CAAA;AAAA;AACvE;AAGF,EAAO,OAAA;AAAA,IACL,KAAA;AAAA,IACA,OAAA;AAAA,IACA;AAAA,GACF;AACF;AAEA,MAAM,oBAAA,GAAuB,CAAC,MAAmB,KAAA;AAC/C,EAAI,IAAA,MAAA,CAAO,UAAW,CAAA,QAAQ,CAAG,EAAA;AAC/B,IAAA,OAAO,CAAc,WAAA,EAAA,kBAAA;AAAA,MACnB;AAAA,KACD,CAAA,wCAAA,EAA2C,kBAAmB,CAAA,MAAM,CAAC,CAAA,CAAA;AAAA;AAGxE,EAAA,OAAO,CAAgC,6BAAA,EAAA,kBAAA;AAAA,IACrC;AAAA,GACD,CAAA,cAAA,CAAA;AACH,CAAA;AAEa,MAAA,iBAAA,GAAoB,CAAC,MAAA,EAAgB,QAAwB,KAAA;AACxE,EAAA,OAAO,OAAO,MAAoD,KAAA;AAChE,IAAI,IAAA,CAAC,OAAO,GAAK,EAAA;AACf,MAAM,MAAA,IAAIC,2BAAoB,mCAAmC,CAAA;AAAA;AAEnE,IAAA,MAAM,gBAAmB,GAAA,QAAA,CAAS,GAAe,CAAA,MAAA,CAAO,GAAG,CAAA;AAC3D,IAAA,IAAI,gBAAkB,EAAA;AACpB,MAAO,OAAAC,iBAAA,CAAO,gBAAgB,gBAAgB,CAAA;AAAA;AAGhD,IAAA,MAAM,UAAkB,MAAM,KAAA;AAAA,MAC5B,CAAA,EAAG,qBAAqB,MAAM,CAAC,IAAI,kBAAmB,CAAA,MAAA,CAAO,GAAG,CAAC,CAAA;AAAA,KACjE,CAAA,IAAA,CAAK,CAAY,QAAA,KAAA,QAAA,CAAS,MAAM,CAAA;AAElC,IAAM,MAAA,QAAA,GAAWA,iBAAO,CAAA,eAAA,CAAgB,OAAO,CAAA;AAC/C,IAAS,QAAA,CAAA,GAAA,CAAI,MAAO,CAAA,GAAA,EAAK,QAAS,CAAA,MAAA,CAAO,EAAE,MAAA,EAAQ,KAAO,EAAA,IAAA,EAAM,MAAO,EAAC,CAAC,CAAA;AACzE,IAAO,OAAA,QAAA;AAAA,GACT;AACF;;;;;"}
+{"version":3,"file":"helpers.cjs.js","sources":["../src/helpers.ts"],"sourcesContent":["/*\n * Copyright 2023 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n *     http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { KeyObject } from 'crypto';\nimport * as crypto from 'crypto';\nimport { JWTHeaderParameters, decodeJwt } from 'jose';\nimport NodeCache from 'node-cache';\nimport { PassportProfile, ProfileInfo } from '@backstage/plugin-auth-node';\nimport { AuthenticationError } from '@backstage/errors';\n\nexport const makeProfileInfo = (\n  profile: PassportProfile,\n  idToken?: string,\n): ProfileInfo => {\n  let email: string | undefined = undefined;\n  if (profile.emails && profile.emails.length > 0) {\n    const [firstEmail] = profile.emails;\n    email = firstEmail.value;\n  }\n\n  let picture: string | undefined = undefined;\n  if (profile.avatarUrl) {\n    picture = profile.avatarUrl;\n  } else if (profile.photos && profile.photos.length > 0) {\n    const [firstPhoto] = profile.photos;\n    picture = firstPhoto.value;\n  }\n\n  let displayName: string | undefined =\n    profile.displayName ?? profile.username ?? profile.id;\n\n  if ((!email || !picture || !displayName) && idToken) {\n    try {\n      const decoded: Record<string, string> = decodeJwt(idToken) as {\n        email?: string;\n        picture?: string;\n        name?: string;\n      };\n      if (!email && decoded.email) {\n        email = decoded.email;\n      }\n      if (!picture && decoded.picture) {\n        picture = decoded.picture;\n      }\n      if (!displayName && decoded.name) {\n        displayName = decoded.name;\n      }\n    } catch (e) {\n      throw new Error(`Failed to parse id token and get profile info, ${e}`);\n    }\n  }\n\n  return {\n    email,\n    picture,\n    displayName,\n  };\n};\n\nconst getPublicKeyEndpoint = (region: string) => {\n  if (region.startsWith('us-gov')) {\n    return `https://s3-${encodeURIComponent(\n      region,\n    )}.amazonaws.com/aws-elb-public-keys-prod-${encodeURIComponent(region)}`;\n  }\n\n  return `https://public-keys.auth.elb.${encodeURIComponent(\n    region,\n  )}.amazonaws.com`;\n};\n\nexport const provisionKeyCache = (region: string, keyCache: NodeCache) => {\n  return async (header: JWTHeaderParameters): Promise<KeyObject> => {\n    if (!header.kid) {\n      throw new AuthenticationError('No key id was specified in header');\n    }\n    const optionalCacheKey = keyCache.get<KeyObject>(header.kid);\n    if (optionalCacheKey) {\n      return crypto.createPublicKey(optionalCacheKey);\n    }\n\n    const keyText: string = await fetch(\n      `${getPublicKeyEndpoint(region)}/${encodeURIComponent(header.kid)}`,\n    ).then(response => response.text());\n\n    const keyValue = crypto.createPublicKey(keyText);\n    keyCache.set(header.kid, keyValue.export({ format: 'pem', type: 'spki' }));\n    return keyValue;\n  };\n};\n"],"names":["decodeJwt","AuthenticationError","crypto"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;AAuBO,MAAM,eAAA,GAAkB,CAC7B,OAAA,EACA,OAAA,KACgB;AAChB,EAAA,IAAI,KAAA,GAA4B,MAAA;AAChC,EAAA,IAAI,OAAA,CAAQ,MAAA,IAAU,OAAA,CAAQ,MAAA,CAAO,SAAS,CAAA,EAAG;AAC/C,IAAA,MAAM,CAAC,UAAU,CAAA,GAAI,OAAA,CAAQ,MAAA;AAC7B,IAAA,KAAA,GAAQ,UAAA,CAAW,KAAA;AAAA,EACrB;AAEA,EAAA,IAAI,OAAA,GAA8B,MAAA;AAClC,EAAA,IAAI,QAAQ,SAAA,EAAW;AACrB,IAAA,OAAA,GAAU,OAAA,CAAQ,SAAA;AAAA,EACpB,WAAW,OAAA,CAAQ,MAAA,IAAU,OAAA,CAAQ,MAAA,CAAO,SAAS,CAAA,EAAG;AACtD,IAAA,MAAM,CAAC,UAAU,CAAA,GAAI,OAAA,CAAQ,MAAA;AAC7B,IAAA,OAAA,GAAU,UAAA,CAAW,KAAA;AAAA,EACvB;AAEA,EAAA,IAAI,WAAA,GACF,OAAA,CAAQ,WAAA,IAAe,OAAA,CAAQ,YAAY,OAAA,CAAQ,EAAA;AAErD,EAAA,IAAA,CAAK,CAAC,KAAA,IAAS,CAAC,OAAA,IAAW,CAAC,gBAAgB,OAAA,EAAS;AACnD,IAAA,IAAI;AACF,MAAA,MAAM,OAAA,GAAkCA,eAAU,OAAO,CAAA;AAKzD,MAAA,IAAI,CAAC,KAAA,IAAS,OAAA,CAAQ,KAAA,EAAO;AAC3B,QAAA,KAAA,GAAQ,OAAA,CAAQ,KAAA;AAAA,MAClB;AACA,MAAA,IAAI,CAAC,OAAA,IAAW,OAAA,CAAQ,OAAA,EAAS;AAC/B,QAAA,OAAA,GAAU,OAAA,CAAQ,OAAA;AAAA,MACpB;AACA,MAAA,IAAI,CAAC,WAAA,IAAe,OAAA,CAAQ,IAAA,EAAM;AAChC,QAAA,WAAA,GAAc,OAAA,CAAQ,IAAA;AAAA,MACxB;AAAA,IACF,SAAS,CAAA,EAAG;AACV,MAAA,MAAM,IAAI,KAAA,CAAM,CAAA,+CAAA,EAAkD,CAAC,CAAA,CAAE,CAAA;AAAA,IACvE;AAAA,EACF;AAEA,EAAA,OAAO;AAAA,IACL,KAAA;AAAA,IACA,OAAA;AAAA,IACA;AAAA,GACF;AACF;AAEA,MAAM,oBAAA,GAAuB,CAAC,MAAA,KAAmB;AAC/C,EAAA,IAAI,MAAA,CAAO,UAAA,CAAW,QAAQ,CAAA,EAAG;AAC/B,IAAA,OAAO,CAAA,WAAA,EAAc,kBAAA;AAAA,MACnB;AAAA,KACD,CAAA,wCAAA,EAA2C,kBAAA,CAAmB,MAAM,CAAC,CAAA,CAAA;AAAA,EACxE;AAEA,EAAA,OAAO,CAAA,6BAAA,EAAgC,kBAAA;AAAA,IACrC;AAAA,GACD,CAAA,cAAA,CAAA;AACH,CAAA;AAEO,MAAM,iBAAA,GAAoB,CAAC,MAAA,EAAgB,QAAA,KAAwB;AACxE,EAAA,OAAO,OAAO,MAAA,KAAoD;AAChE,IAAA,IAAI,CAAC,OAAO,GAAA,EAAK;AACf,MAAA,MAAM,IAAIC,2BAAoB,mCAAmC,CAAA;AAAA,IACnE;AACA,IAAA,MAAM,gBAAA,GAAmB,QAAA,CAAS,GAAA,CAAe,MAAA,CAAO,GAAG,CAAA;AAC3D,IAAA,IAAI,gBAAA,EAAkB;AACpB,MAAA,OAAOC,iBAAA,CAAO,gBAAgB,gBAAgB,CAAA;AAAA,IAChD;AAEA,IAAA,MAAM,UAAkB,MAAM,KAAA;AAAA,MAC5B,CAAA,EAAG,qBAAqB,MAAM,CAAC,IAAI,kBAAA,CAAmB,MAAA,CAAO,GAAG,CAAC,CAAA;AAAA,KACnE,CAAE,IAAA,CAAK,CAAA,QAAA,KAAY,QAAA,CAAS,MAAM,CAAA;AAElC,IAAA,MAAM,QAAA,GAAWA,iBAAA,CAAO,eAAA,CAAgB,OAAO,CAAA;AAC/C,IAAA,QAAA,CAAS,GAAA,CAAI,MAAA,CAAO,GAAA,EAAK,QAAA,CAAS,MAAA,CAAO,EAAE,MAAA,EAAQ,KAAA,EAAO,IAAA,EAAM,MAAA,EAAQ,CAAC,CAAA;AACzE,IAAA,OAAO,QAAA;AAAA,EACT,CAAA;AACF;;;;;"}

package/dist/module.cjs.js.map

@@ -1 +1 @@
-{"version":3,"file":"module.cjs.js","sources":["../src/module.ts"],"sourcesContent":["/*\n * Copyright 2023 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n *     http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\nimport { createBackendModule } from '@backstage/backend-plugin-api';\nimport {\n  authProvidersExtensionPoint,\n  commonSignInResolvers,\n  createProxyAuthProviderFactory,\n} from '@backstage/plugin-auth-node';\nimport { awsAlbAuthenticator } from './authenticator';\nimport { awsAlbSignInResolvers } from './resolvers';\n\n/** @public */\nexport const authModuleAwsAlbProvider = createBackendModule({\n  pluginId: 'auth',\n  moduleId: 'awsAlbProvider',\n  register(reg) {\n    reg.registerInit({\n      deps: {\n        providers: authProvidersExtensionPoint,\n      },\n      async init({ providers }) {\n        providers.registerProvider({\n          providerId: 'awsalb',\n          factory: createProxyAuthProviderFactory({\n            authenticator: awsAlbAuthenticator,\n            signInResolverFactories: {\n              ...commonSignInResolvers,\n              ...awsAlbSignInResolvers,\n            },\n          }),\n        });\n      },\n    });\n  },\n});\n"],"names":["createBackendModule","authProvidersExtensionPoint","createProxyAuthProviderFactory","awsAlbAuthenticator","commonSignInResolvers","awsAlbSignInResolvers"],"mappings":";;;;;;;AAyBO,MAAM,2BAA2BA,oCAAoB,CAAA;AAAA,EAC1D,QAAU,EAAA,MAAA;AAAA,EACV,QAAU,EAAA,gBAAA;AAAA,EACV,SAAS,GAAK,EAAA;AACZ,IAAA,GAAA,CAAI,YAAa,CAAA;AAAA,MACf,IAAM,EAAA;AAAA,QACJ,SAAW,EAAAC;AAAA,OACb;AAAA,MACA,MAAM,IAAA,CAAK,EAAE,SAAA,EAAa,EAAA;AACxB,QAAA,SAAA,CAAU,gBAAiB,CAAA;AAAA,UACzB,UAAY,EAAA,QAAA;AAAA,UACZ,SAASC,6CAA+B,CAAA;AAAA,YACtC,aAAe,EAAAC,iCAAA;AAAA,YACf,uBAAyB,EAAA;AAAA,cACvB,GAAGC,oCAAA;AAAA,cACH,GAAGC;AAAA;AACL,WACD;AAAA,SACF,CAAA;AAAA;AACH,KACD,CAAA;AAAA;AAEL,CAAC;;;;"}
+{"version":3,"file":"module.cjs.js","sources":["../src/module.ts"],"sourcesContent":["/*\n * Copyright 2023 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n *     http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\nimport { createBackendModule } from '@backstage/backend-plugin-api';\nimport {\n  authProvidersExtensionPoint,\n  commonSignInResolvers,\n  createProxyAuthProviderFactory,\n} from '@backstage/plugin-auth-node';\nimport { awsAlbAuthenticator } from './authenticator';\nimport { awsAlbSignInResolvers } from './resolvers';\n\n/** @public */\nexport const authModuleAwsAlbProvider = createBackendModule({\n  pluginId: 'auth',\n  moduleId: 'awsAlbProvider',\n  register(reg) {\n    reg.registerInit({\n      deps: {\n        providers: authProvidersExtensionPoint,\n      },\n      async init({ providers }) {\n        providers.registerProvider({\n          providerId: 'awsalb',\n          factory: createProxyAuthProviderFactory({\n            authenticator: awsAlbAuthenticator,\n            signInResolverFactories: {\n              ...commonSignInResolvers,\n              ...awsAlbSignInResolvers,\n            },\n          }),\n        });\n      },\n    });\n  },\n});\n"],"names":["createBackendModule","authProvidersExtensionPoint","createProxyAuthProviderFactory","awsAlbAuthenticator","commonSignInResolvers","awsAlbSignInResolvers"],"mappings":";;;;;;;AAyBO,MAAM,2BAA2BA,oCAAA,CAAoB;AAAA,EAC1D,QAAA,EAAU,MAAA;AAAA,EACV,QAAA,EAAU,gBAAA;AAAA,EACV,SAAS,GAAA,EAAK;AACZ,IAAA,GAAA,CAAI,YAAA,CAAa;AAAA,MACf,IAAA,EAAM;AAAA,QACJ,SAAA,EAAWC;AAAA,OACb;AAAA,MACA,MAAM,IAAA,CAAK,EAAE,SAAA,EAAU,EAAG;AACxB,QAAA,SAAA,CAAU,gBAAA,CAAiB;AAAA,UACzB,UAAA,EAAY,QAAA;AAAA,UACZ,SAASC,6CAAA,CAA+B;AAAA,YACtC,aAAA,EAAeC,iCAAA;AAAA,YACf,uBAAA,EAAyB;AAAA,cACvB,GAAGC,oCAAA;AAAA,cACH,GAAGC;AAAA;AACL,WACD;AAAA,SACF,CAAA;AAAA,MACH;AAAA,KACD,CAAA;AAAA,EACH;AACF,CAAC;;;;"}

package/dist/resolvers.cjs.js.map

@@ -1 +1 @@
-{"version":3,"file":"resolvers.cjs.js","sources":["../src/resolvers.ts"],"sourcesContent":["/*\n * Copyright 2023 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n *     http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport {\n  createSignInResolverFactory,\n  SignInInfo,\n} from '@backstage/plugin-auth-node';\nimport { AwsAlbResult } from './types';\nimport { z } from 'zod';\n\n/**\n * Available sign-in resolvers for the AWS ALB auth provider.\n *\n * @public\n */\nexport namespace awsAlbSignInResolvers {\n  export const emailMatchingUserEntityProfileEmail =\n    createSignInResolverFactory({\n      optionsSchema: z\n        .object({\n          dangerouslyAllowSignInWithoutUserInCatalog: z.boolean().optional(),\n        })\n        .optional(),\n      create(options = {}) {\n        return async (info: SignInInfo<AwsAlbResult>, ctx) => {\n          if (!info.result.fullProfile.emails) {\n            throw new Error(\n              'Login failed, user profile does not contain an email',\n            );\n          }\n\n          return ctx.signInWithCatalogUser(\n            {\n              filter: {\n                kind: ['User'],\n                'spec.profile.email': info.result.fullProfile.emails[0].value,\n              },\n            },\n            {\n              dangerousEntityRefFallback:\n                options?.dangerouslyAllowSignInWithoutUserInCatalog\n                  ? {\n                      entityRef: {\n                        name: info.result.fullProfile.emails[0].value,\n                      },\n                    }\n                  : undefined,\n            },\n          );\n        };\n      },\n    });\n}\n"],"names":["awsAlbSignInResolvers","createSignInResolverFactory","z"],"mappings":";;;;;AA4BiBA;AAAA,CAAV,CAAUA,sBAAV,KAAA;AACE,EAAMA,sBAAAA,CAAA,sCACXC,0CAA4B,CAAA;AAAA,IAC1B,aAAA,EAAeC,MACZ,MAAO,CAAA;AAAA,MACN,0CAA4C,EAAAA,KAAA,CAAE,OAAQ,EAAA,CAAE,QAAS;AAAA,KAClE,EACA,QAAS,EAAA;AAAA,IACZ,MAAA,CAAO,OAAU,GAAA,EAAI,EAAA;AACnB,MAAO,OAAA,OAAO,MAAgC,GAAQ,KAAA;AACpD,QAAA,IAAI,CAAC,IAAA,CAAK,MAAO,CAAA,WAAA,CAAY,MAAQ,EAAA;AACnC,UAAA,MAAM,IAAI,KAAA;AAAA,YACR;AAAA,WACF;AAAA;AAGF,QAAA,OAAO,GAAI,CAAA,qBAAA;AAAA,UACT;AAAA,YACE,MAAQ,EAAA;AAAA,cACN,IAAA,EAAM,CAAC,MAAM,CAAA;AAAA,cACb,sBAAsB,IAAK,CAAA,MAAA,CAAO,WAAY,CAAA,MAAA,CAAO,CAAC,CAAE,CAAA;AAAA;AAC1D,WACF;AAAA,UACA;AAAA,YACE,0BAAA,EACE,SAAS,0CACL,GAAA;AAAA,cACE,SAAW,EAAA;AAAA,gBACT,MAAM,IAAK,CAAA,MAAA,CAAO,WAAY,CAAA,MAAA,CAAO,CAAC,CAAE,CAAA;AAAA;AAC1C,aAEF,GAAA,KAAA;AAAA;AACR,SACF;AAAA,OACF;AAAA;AACF,GACD,CAAA;AAAA,CApCY,EAAAF,6BAAA,KAAAA,6BAAA,GAAA,EAAA,CAAA,CAAA;;"}
+{"version":3,"file":"resolvers.cjs.js","sources":["../src/resolvers.ts"],"sourcesContent":["/*\n * Copyright 2023 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n *     http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport {\n  createSignInResolverFactory,\n  SignInInfo,\n} from '@backstage/plugin-auth-node';\nimport { AwsAlbResult } from './types';\nimport { z } from 'zod';\n\n/**\n * Available sign-in resolvers for the AWS ALB auth provider.\n *\n * @public\n */\nexport namespace awsAlbSignInResolvers {\n  export const emailMatchingUserEntityProfileEmail =\n    createSignInResolverFactory({\n      optionsSchema: z\n        .object({\n          dangerouslyAllowSignInWithoutUserInCatalog: z.boolean().optional(),\n        })\n        .optional(),\n      create(options = {}) {\n        return async (info: SignInInfo<AwsAlbResult>, ctx) => {\n          if (!info.result.fullProfile.emails) {\n            throw new Error(\n              'Login failed, user profile does not contain an email',\n            );\n          }\n\n          return ctx.signInWithCatalogUser(\n            {\n              filter: {\n                kind: ['User'],\n                'spec.profile.email': info.result.fullProfile.emails[0].value,\n              },\n            },\n            {\n              dangerousEntityRefFallback:\n                options?.dangerouslyAllowSignInWithoutUserInCatalog\n                  ? {\n                      entityRef: {\n                        name: info.result.fullProfile.emails[0].value,\n                      },\n                    }\n                  : undefined,\n            },\n          );\n        };\n      },\n    });\n}\n"],"names":["awsAlbSignInResolvers","createSignInResolverFactory","z"],"mappings":";;;;;AA4BiBA;AAAA,CAAV,CAAUA,sBAAAA,KAAV;AACE,EAAMA,sBAAAA,CAAA,sCACXC,0CAAA,CAA4B;AAAA,IAC1B,aAAA,EAAeC,MACZ,MAAA,CAAO;AAAA,MACN,0CAAA,EAA4CA,KAAA,CAAE,OAAA,EAAQ,CAAE,QAAA;AAAS,KAClE,EACA,QAAA,EAAS;AAAA,IACZ,MAAA,CAAO,OAAA,GAAU,EAAC,EAAG;AACnB,MAAA,OAAO,OAAO,MAAgC,GAAA,KAAQ;AACpD,QAAA,IAAI,CAAC,IAAA,CAAK,MAAA,CAAO,WAAA,CAAY,MAAA,EAAQ;AACnC,UAAA,MAAM,IAAI,KAAA;AAAA,YACR;AAAA,WACF;AAAA,QACF;AAEA,QAAA,OAAO,GAAA,CAAI,qBAAA;AAAA,UACT;AAAA,YACE,MAAA,EAAQ;AAAA,cACN,IAAA,EAAM,CAAC,MAAM,CAAA;AAAA,cACb,sBAAsB,IAAA,CAAK,MAAA,CAAO,WAAA,CAAY,MAAA,CAAO,CAAC,CAAA,CAAE;AAAA;AAC1D,WACF;AAAA,UACA;AAAA,YACE,0BAAA,EACE,SAAS,0CAAA,GACL;AAAA,cACE,SAAA,EAAW;AAAA,gBACT,MAAM,IAAA,CAAK,MAAA,CAAO,WAAA,CAAY,MAAA,CAAO,CAAC,CAAA,CAAE;AAAA;AAC1C,aACF,GACA;AAAA;AACR,SACF;AAAA,MACF,CAAA;AAAA,IACF;AAAA,GACD,CAAA;AAAA,CAAA,EApCYF,6BAAA,KAAAA,6BAAA,GAAA,EAAA,CAAA,CAAA;;"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@backstage/plugin-auth-backend-module-aws-alb-provider",
-  "version": "0.4.6-next.0",
+  "version": "0.4.6",
   "description": "The aws-alb provider module for the Backstage auth backend.",
   "backstage": {
     "role": "backend-plugin-module",
@@ -40,19 +40,19 @@
     "test": "backstage-cli package test"
   },
   "dependencies": {
-    "@backstage/backend-plugin-api": "1.4.2-next.0",
-    "@backstage/errors": "1.2.7",
-    "@backstage/plugin-auth-backend": "0.25.3-next.0",
-    "@backstage/plugin-auth-node": "0.6.6-next.0",
+    "@backstage/backend-plugin-api": "^1.4.2",
+    "@backstage/errors": "^1.2.7",
+    "@backstage/plugin-auth-backend": "^0.25.3",
+    "@backstage/plugin-auth-node": "^0.6.6",
     "jose": "^5.0.0",
     "node-cache": "^5.1.2",
     "zod": "^3.22.4"
   },
   "devDependencies": {
-    "@backstage/backend-test-utils": "1.7.1-next.0",
-    "@backstage/cli": "0.33.2-next.0",
-    "@backstage/config": "1.3.3",
-    "@backstage/types": "1.2.1",
+    "@backstage/backend-test-utils": "^1.8.0",
+    "@backstage/cli": "^0.34.0",
+    "@backstage/config": "^1.3.3",
+    "@backstage/types": "^1.2.1",
     "express": "^4.18.2",
     "msw": "^2.0.8"
   },