@backstage/plugin-auth-backend-module-azure-easyauth-provider 0.1.1 → 0.1.2-next.1

package/CHANGELOG.md

@@ -1,5 +1,25 @@
 # @backstage/plugin-auth-backend-module-azure-easyauth-provider
 
+## 0.1.2-next.1
+
+### Patch Changes
+
+- Updated dependencies
+  - @backstage/backend-plugin-api@0.6.19-next.2
+  - @backstage/plugin-auth-node@0.4.14-next.2
+  - @backstage/catalog-model@1.5.0
+  - @backstage/errors@1.2.4
+
+## 0.1.2-next.0
+
+### Patch Changes
+
+- Updated dependencies
+  - @backstage/backend-plugin-api@0.6.19-next.0
+  - @backstage/plugin-auth-node@0.4.14-next.0
+  - @backstage/catalog-model@1.5.0
+  - @backstage/errors@1.2.4
+
 ## 0.1.1
 
 ### Patch Changes

package/dist/index.cjs.js

@@ -11,12 +11,11 @@ const ID_TOKEN_HEADER = "x-ms-token-aad-id-token";
 const ACCESS_TOKEN_HEADER = "x-ms-token-aad-access-token";
 const azureEasyAuthAuthenticator = pluginAuthNode.createProxyAuthenticator({
   defaultProfileTransform: async (result) => {
-    var _a, _b;
     return {
       profile: {
         displayName: result.fullProfile.displayName,
-        email: (_a = result.fullProfile.emails) == null ? void 0 : _a[0].value,
-        picture: (_b = result.fullProfile.photos) == null ? void 0 : _b[0].value
+        email: result.fullProfile.emails?.[0].value,
+        picture: result.fullProfile.photos?.[0].value
       }
     };
   },
@@ -103,17 +102,16 @@ const authModuleAzureEasyAuthProvider = backendPluginApi.createBackendModule({
   }
 });
 function validateAppServiceConfiguration(env) {
-  var _a, _b, _c;
   if (env.WEBSITE_SKU === void 0) {
     throw new Error("Backstage is not running on Azure App Services");
   }
-  if (((_a = env.WEBSITE_AUTH_ENABLED) == null ? void 0 : _a.toLocaleLowerCase("en-US")) !== "true") {
+  if (env.WEBSITE_AUTH_ENABLED?.toLocaleLowerCase("en-US") !== "true") {
     throw new Error("Azure App Services does not have authentication enabled");
   }
-  if (((_b = env.WEBSITE_AUTH_DEFAULT_PROVIDER) == null ? void 0 : _b.toLocaleLowerCase("en-US")) !== "azureactivedirectory") {
+  if (env.WEBSITE_AUTH_DEFAULT_PROVIDER?.toLocaleLowerCase("en-US") !== "azureactivedirectory") {
     throw new Error("Authentication provider is not Entra ID");
   }
-  if (((_c = env.WEBSITE_AUTH_TOKEN_STORE) == null ? void 0 : _c.toLocaleLowerCase("en-US")) !== "true") {
+  if (env.WEBSITE_AUTH_TOKEN_STORE?.toLocaleLowerCase("en-US") !== "true") {
     throw new Error("Token Store is not enabled");
   }
 }

package/dist/index.cjs.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.cjs.js","sources":["../src/authenticator.ts","../src/resolvers.ts","../src/module.ts"],"sourcesContent":["/*\n * Copyright 2024 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n *     http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { AuthenticationError } from '@backstage/errors';\nimport { createProxyAuthenticator } from '@backstage/plugin-auth-node';\nimport { AzureEasyAuthResult } from './types';\nimport { Request } from 'express';\nimport { Profile } from 'passport';\nimport { decodeJwt } from 'jose';\n\nexport const ID_TOKEN_HEADER = 'x-ms-token-aad-id-token';\nexport const ACCESS_TOKEN_HEADER = 'x-ms-token-aad-access-token';\n\n/** @public */\nexport const azureEasyAuthAuthenticator = createProxyAuthenticator({\n  defaultProfileTransform: async (result: AzureEasyAuthResult) => {\n    return {\n      profile: {\n        displayName: result.fullProfile.displayName,\n        email: result.fullProfile.emails?.[0].value,\n        picture: result.fullProfile.photos?.[0].value,\n      },\n    };\n  },\n  initialize() {},\n  async authenticate({ req }) {\n    const result = await getResult(req);\n    return {\n      result,\n      providerInfo: {\n        accessToken: result.accessToken,\n      },\n    };\n  },\n});\n\nasync function getResult(req: Request): Promise<AzureEasyAuthResult> {\n  const idToken = req.header(ID_TOKEN_HEADER);\n  const accessToken = req.header(ACCESS_TOKEN_HEADER);\n  if (idToken === undefined) {\n    throw new AuthenticationError(`Missing ${ID_TOKEN_HEADER} header`);\n  }\n\n  return {\n    fullProfile: idTokenToProfile(idToken),\n    accessToken: accessToken,\n  };\n}\n\nfunction idTokenToProfile(idToken: string) {\n  const claims = decodeJwt(idToken);\n\n  if (claims.ver !== '2.0') {\n    throw new Error('id_token is not version 2.0 ');\n  }\n\n  return {\n    id: claims.oid,\n    displayName: claims.name,\n    provider: 'easyauth',\n    emails: [{ value: claims.email }],\n    username: claims.preferred_username,\n  } as Profile;\n}\n","/*\n * Copyright 2024 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n *     http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport {\n  createSignInResolverFactory,\n  SignInInfo,\n} from '@backstage/plugin-auth-node';\nimport { AzureEasyAuthResult } from './types';\n\n/** @public */\nexport namespace azureEasyAuthSignInResolvers {\n  export const idMatchingUserEntityAnnotation = createSignInResolverFactory({\n    create() {\n      return async (info: SignInInfo<AzureEasyAuthResult>, ctx) => {\n        const {\n          fullProfile: { id },\n        } = info.result;\n\n        if (!id) {\n          throw new Error('User profile contained no id');\n        }\n\n        return await ctx.signInWithCatalogUser({\n          annotations: {\n            'graph.microsoft.com/user-id': id,\n          },\n        });\n      };\n    },\n  });\n}\n","/*\n * Copyright 2024 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n *     http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { createBackendModule } from '@backstage/backend-plugin-api';\nimport {\n  authProvidersExtensionPoint,\n  commonSignInResolvers,\n  createProxyAuthProviderFactory,\n} from '@backstage/plugin-auth-node';\nimport { azureEasyAuthAuthenticator } from './authenticator';\nimport { azureEasyAuthSignInResolvers } from './resolvers';\n\n/** @public */\nexport const authModuleAzureEasyAuthProvider = createBackendModule({\n  pluginId: 'auth',\n  moduleId: 'azure-easyauth-provider',\n  register(reg) {\n    reg.registerInit({\n      deps: {\n        providers: authProvidersExtensionPoint,\n      },\n      async init({ providers }) {\n        validateAppServiceConfiguration(process.env);\n        providers.registerProvider({\n          providerId: 'azureEasyAuth',\n          factory: createProxyAuthProviderFactory({\n            authenticator: azureEasyAuthAuthenticator,\n            signInResolverFactories: {\n              ...commonSignInResolvers,\n              ...azureEasyAuthSignInResolvers,\n            },\n          }),\n        });\n      },\n    });\n  },\n});\n\nfunction validateAppServiceConfiguration(env: NodeJS.ProcessEnv) {\n  // Based on https://github.com/AzureAD/microsoft-identity-web/blob/f7403779d1a91f4a3fec0ed0993bd82f50f299e1/src/Microsoft.Identity.Web/AppServicesAuth/AppServicesAuthenticationInformation.cs#L38-L59\n  //\n  // It's critical to validate we're really running in a correctly configured Azure App Services,\n  // As we rely on App Services to manage & validate the ID and Access Token headers\n  // Without that, this users can be trivially impersonated.\n  if (env.WEBSITE_SKU === undefined) {\n    throw new Error('Backstage is not running on Azure App Services');\n  }\n  if (env.WEBSITE_AUTH_ENABLED?.toLocaleLowerCase('en-US') !== 'true') {\n    throw new Error('Azure App Services does not have authentication enabled');\n  }\n  if (\n    env.WEBSITE_AUTH_DEFAULT_PROVIDER?.toLocaleLowerCase('en-US') !==\n    'azureactivedirectory'\n  ) {\n    throw new Error('Authentication provider is not Entra ID');\n  }\n  if (env.WEBSITE_AUTH_TOKEN_STORE?.toLocaleLowerCase('en-US') !== 'true') {\n    throw new Error('Token Store is not enabled');\n  }\n}\n"],"names":["createProxyAuthenticator","AuthenticationError","decodeJwt","azureEasyAuthSignInResolvers","createSignInResolverFactory","createBackendModule","authProvidersExtensionPoint","createProxyAuthProviderFactory","commonSignInResolvers"],"mappings":";;;;;;;;;AAuBO,MAAM,eAAkB,GAAA,yBAAA,CAAA;AACxB,MAAM,mBAAsB,GAAA,6BAAA,CAAA;AAG5B,MAAM,6BAA6BA,uCAAyB,CAAA;AAAA,EACjE,uBAAA,EAAyB,OAAO,MAAgC,KAAA;AA5BlE,IAAA,IAAA,EAAA,EAAA,EAAA,CAAA;AA6BI,IAAO,OAAA;AAAA,MACL,OAAS,EAAA;AAAA,QACP,WAAA,EAAa,OAAO,WAAY,CAAA,WAAA;AAAA,QAChC,KAAO,EAAA,CAAA,EAAA,GAAA,MAAA,CAAO,WAAY,CAAA,MAAA,KAAnB,mBAA4B,CAAG,CAAA,CAAA,KAAA;AAAA,QACtC,OAAS,EAAA,CAAA,EAAA,GAAA,MAAA,CAAO,WAAY,CAAA,MAAA,KAAnB,mBAA4B,CAAG,CAAA,CAAA,KAAA;AAAA,OAC1C;AAAA,KACF,CAAA;AAAA,GACF;AAAA,EACA,UAAa,GAAA;AAAA,GAAC;AAAA,EACd,MAAM,YAAA,CAAa,EAAE,GAAA,EAAO,EAAA;AAC1B,IAAM,MAAA,MAAA,GAAS,MAAM,SAAA,CAAU,GAAG,CAAA,CAAA;AAClC,IAAO,OAAA;AAAA,MACL,MAAA;AAAA,MACA,YAAc,EAAA;AAAA,QACZ,aAAa,MAAO,CAAA,WAAA;AAAA,OACtB;AAAA,KACF,CAAA;AAAA,GACF;AACF,CAAC,EAAA;AAED,eAAe,UAAU,GAA4C,EAAA;AACnE,EAAM,MAAA,OAAA,GAAU,GAAI,CAAA,MAAA,CAAO,eAAe,CAAA,CAAA;AAC1C,EAAM,MAAA,WAAA,GAAc,GAAI,CAAA,MAAA,CAAO,mBAAmB,CAAA,CAAA;AAClD,EAAA,IAAI,YAAY,KAAW,CAAA,EAAA;AACzB,IAAA,MAAM,IAAIC,0BAAA,CAAoB,CAAW,QAAA,EAAA,eAAe,CAAS,OAAA,CAAA,CAAA,CAAA;AAAA,GACnE;AAEA,EAAO,OAAA;AAAA,IACL,WAAA,EAAa,iBAAiB,OAAO,CAAA;AAAA,IACrC,WAAA;AAAA,GACF,CAAA;AACF,CAAA;AAEA,SAAS,iBAAiB,OAAiB,EAAA;AACzC,EAAM,MAAA,MAAA,GAASC,eAAU,OAAO,CAAA,CAAA;AAEhC,EAAI,IAAA,MAAA,CAAO,QAAQ,KAAO,EAAA;AACxB,IAAM,MAAA,IAAI,MAAM,8BAA8B,CAAA,CAAA;AAAA,GAChD;AAEA,EAAO,OAAA;AAAA,IACL,IAAI,MAAO,CAAA,GAAA;AAAA,IACX,aAAa,MAAO,CAAA,IAAA;AAAA,IACpB,QAAU,EAAA,UAAA;AAAA,IACV,QAAQ,CAAC,EAAE,KAAO,EAAA,MAAA,CAAO,OAAO,CAAA;AAAA,IAChC,UAAU,MAAO,CAAA,kBAAA;AAAA,GACnB,CAAA;AACF;;ACrDiBC,8CAAA;AAAA,CAAV,CAAUA,6BAAV,KAAA;AACE,EAAMA,6BAAAA,CAAA,iCAAiCC,0CAA4B,CAAA;AAAA,IACxE,MAAS,GAAA;AACP,MAAO,OAAA,OAAO,MAAuC,GAAQ,KAAA;AAC3D,QAAM,MAAA;AAAA,UACJ,WAAA,EAAa,EAAE,EAAG,EAAA;AAAA,YAChB,IAAK,CAAA,MAAA,CAAA;AAET,QAAA,IAAI,CAAC,EAAI,EAAA;AACP,UAAM,MAAA,IAAI,MAAM,8BAA8B,CAAA,CAAA;AAAA,SAChD;AAEA,QAAO,OAAA,MAAM,IAAI,qBAAsB,CAAA;AAAA,UACrC,WAAa,EAAA;AAAA,YACX,6BAA+B,EAAA,EAAA;AAAA,WACjC;AAAA,SACD,CAAA,CAAA;AAAA,OACH,CAAA;AAAA,KACF;AAAA,GACD,CAAA,CAAA;AAAA,CAnBc,EAAAD,oCAAA,KAAAA,oCAAA,GAAA,EAAA,CAAA,CAAA;;ACGV,MAAM,kCAAkCE,oCAAoB,CAAA;AAAA,EACjE,QAAU,EAAA,MAAA;AAAA,EACV,QAAU,EAAA,yBAAA;AAAA,EACV,SAAS,GAAK,EAAA;AACZ,IAAA,GAAA,CAAI,YAAa,CAAA;AAAA,MACf,IAAM,EAAA;AAAA,QACJ,SAAW,EAAAC,0CAAA;AAAA,OACb;AAAA,MACA,MAAM,IAAA,CAAK,EAAE,SAAA,EAAa,EAAA;AACxB,QAAA,+BAAA,CAAgC,QAAQ,GAAG,CAAA,CAAA;AAC3C,QAAA,SAAA,CAAU,gBAAiB,CAAA;AAAA,UACzB,UAAY,EAAA,eAAA;AAAA,UACZ,SAASC,6CAA+B,CAAA;AAAA,YACtC,aAAe,EAAA,0BAAA;AAAA,YACf,uBAAyB,EAAA;AAAA,cACvB,GAAGC,oCAAA;AAAA,cACH,GAAGL,oCAAA;AAAA,aACL;AAAA,WACD,CAAA;AAAA,SACF,CAAA,CAAA;AAAA,OACH;AAAA,KACD,CAAA,CAAA;AAAA,GACH;AACF,CAAC,EAAA;AAED,SAAS,gCAAgC,GAAwB,EAAA;AAnDjE,EAAA,IAAA,EAAA,EAAA,EAAA,EAAA,EAAA,CAAA;AAyDE,EAAI,IAAA,GAAA,CAAI,gBAAgB,KAAW,CAAA,EAAA;AACjC,IAAM,MAAA,IAAI,MAAM,gDAAgD,CAAA,CAAA;AAAA,GAClE;AACA,EAAA,IAAA,CAAA,CAAI,EAAI,GAAA,GAAA,CAAA,oBAAA,KAAJ,IAA0B,GAAA,KAAA,CAAA,GAAA,EAAA,CAAA,iBAAA,CAAkB,cAAa,MAAQ,EAAA;AACnE,IAAM,MAAA,IAAI,MAAM,yDAAyD,CAAA,CAAA;AAAA,GAC3E;AACA,EAAA,IAAA,CAAA,CACE,EAAI,GAAA,GAAA,CAAA,6BAAA,KAAJ,IAAmC,GAAA,KAAA,CAAA,GAAA,EAAA,CAAA,iBAAA,CAAkB,cACrD,sBACA,EAAA;AACA,IAAM,MAAA,IAAI,MAAM,yCAAyC,CAAA,CAAA;AAAA,GAC3D;AACA,EAAA,IAAA,CAAA,CAAI,EAAI,GAAA,GAAA,CAAA,wBAAA,KAAJ,IAA8B,GAAA,KAAA,CAAA,GAAA,EAAA,CAAA,iBAAA,CAAkB,cAAa,MAAQ,EAAA;AACvE,IAAM,MAAA,IAAI,MAAM,4BAA4B,CAAA,CAAA;AAAA,GAC9C;AACF;;;;;"}
+{"version":3,"file":"index.cjs.js","sources":["../src/authenticator.ts","../src/resolvers.ts","../src/module.ts"],"sourcesContent":["/*\n * Copyright 2024 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n *     http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { AuthenticationError } from '@backstage/errors';\nimport { createProxyAuthenticator } from '@backstage/plugin-auth-node';\nimport { AzureEasyAuthResult } from './types';\nimport { Request } from 'express';\nimport { Profile } from 'passport';\nimport { decodeJwt } from 'jose';\n\nexport const ID_TOKEN_HEADER = 'x-ms-token-aad-id-token';\nexport const ACCESS_TOKEN_HEADER = 'x-ms-token-aad-access-token';\n\n/** @public */\nexport const azureEasyAuthAuthenticator = createProxyAuthenticator({\n  defaultProfileTransform: async (result: AzureEasyAuthResult) => {\n    return {\n      profile: {\n        displayName: result.fullProfile.displayName,\n        email: result.fullProfile.emails?.[0].value,\n        picture: result.fullProfile.photos?.[0].value,\n      },\n    };\n  },\n  initialize() {},\n  async authenticate({ req }) {\n    const result = await getResult(req);\n    return {\n      result,\n      providerInfo: {\n        accessToken: result.accessToken,\n      },\n    };\n  },\n});\n\nasync function getResult(req: Request): Promise<AzureEasyAuthResult> {\n  const idToken = req.header(ID_TOKEN_HEADER);\n  const accessToken = req.header(ACCESS_TOKEN_HEADER);\n  if (idToken === undefined) {\n    throw new AuthenticationError(`Missing ${ID_TOKEN_HEADER} header`);\n  }\n\n  return {\n    fullProfile: idTokenToProfile(idToken),\n    accessToken: accessToken,\n  };\n}\n\nfunction idTokenToProfile(idToken: string) {\n  const claims = decodeJwt(idToken);\n\n  if (claims.ver !== '2.0') {\n    throw new Error('id_token is not version 2.0 ');\n  }\n\n  return {\n    id: claims.oid,\n    displayName: claims.name,\n    provider: 'easyauth',\n    emails: [{ value: claims.email }],\n    username: claims.preferred_username,\n  } as Profile;\n}\n","/*\n * Copyright 2024 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n *     http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport {\n  createSignInResolverFactory,\n  SignInInfo,\n} from '@backstage/plugin-auth-node';\nimport { AzureEasyAuthResult } from './types';\n\n/** @public */\nexport namespace azureEasyAuthSignInResolvers {\n  export const idMatchingUserEntityAnnotation = createSignInResolverFactory({\n    create() {\n      return async (info: SignInInfo<AzureEasyAuthResult>, ctx) => {\n        const {\n          fullProfile: { id },\n        } = info.result;\n\n        if (!id) {\n          throw new Error('User profile contained no id');\n        }\n\n        return await ctx.signInWithCatalogUser({\n          annotations: {\n            'graph.microsoft.com/user-id': id,\n          },\n        });\n      };\n    },\n  });\n}\n","/*\n * Copyright 2024 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n *     http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { createBackendModule } from '@backstage/backend-plugin-api';\nimport {\n  authProvidersExtensionPoint,\n  commonSignInResolvers,\n  createProxyAuthProviderFactory,\n} from '@backstage/plugin-auth-node';\nimport { azureEasyAuthAuthenticator } from './authenticator';\nimport { azureEasyAuthSignInResolvers } from './resolvers';\n\n/** @public */\nexport const authModuleAzureEasyAuthProvider = createBackendModule({\n  pluginId: 'auth',\n  moduleId: 'azure-easyauth-provider',\n  register(reg) {\n    reg.registerInit({\n      deps: {\n        providers: authProvidersExtensionPoint,\n      },\n      async init({ providers }) {\n        validateAppServiceConfiguration(process.env);\n        providers.registerProvider({\n          providerId: 'azureEasyAuth',\n          factory: createProxyAuthProviderFactory({\n            authenticator: azureEasyAuthAuthenticator,\n            signInResolverFactories: {\n              ...commonSignInResolvers,\n              ...azureEasyAuthSignInResolvers,\n            },\n          }),\n        });\n      },\n    });\n  },\n});\n\nfunction validateAppServiceConfiguration(env: NodeJS.ProcessEnv) {\n  // Based on https://github.com/AzureAD/microsoft-identity-web/blob/f7403779d1a91f4a3fec0ed0993bd82f50f299e1/src/Microsoft.Identity.Web/AppServicesAuth/AppServicesAuthenticationInformation.cs#L38-L59\n  //\n  // It's critical to validate we're really running in a correctly configured Azure App Services,\n  // As we rely on App Services to manage & validate the ID and Access Token headers\n  // Without that, this users can be trivially impersonated.\n  if (env.WEBSITE_SKU === undefined) {\n    throw new Error('Backstage is not running on Azure App Services');\n  }\n  if (env.WEBSITE_AUTH_ENABLED?.toLocaleLowerCase('en-US') !== 'true') {\n    throw new Error('Azure App Services does not have authentication enabled');\n  }\n  if (\n    env.WEBSITE_AUTH_DEFAULT_PROVIDER?.toLocaleLowerCase('en-US') !==\n    'azureactivedirectory'\n  ) {\n    throw new Error('Authentication provider is not Entra ID');\n  }\n  if (env.WEBSITE_AUTH_TOKEN_STORE?.toLocaleLowerCase('en-US') !== 'true') {\n    throw new Error('Token Store is not enabled');\n  }\n}\n"],"names":["createProxyAuthenticator","AuthenticationError","decodeJwt","azureEasyAuthSignInResolvers","createSignInResolverFactory","createBackendModule","authProvidersExtensionPoint","createProxyAuthProviderFactory","commonSignInResolvers"],"mappings":";;;;;;;;;AAuBO,MAAM,eAAkB,GAAA,yBAAA,CAAA;AACxB,MAAM,mBAAsB,GAAA,6BAAA,CAAA;AAG5B,MAAM,6BAA6BA,uCAAyB,CAAA;AAAA,EACjE,uBAAA,EAAyB,OAAO,MAAgC,KAAA;AAC9D,IAAO,OAAA;AAAA,MACL,OAAS,EAAA;AAAA,QACP,WAAA,EAAa,OAAO,WAAY,CAAA,WAAA;AAAA,QAChC,KAAO,EAAA,MAAA,CAAO,WAAY,CAAA,MAAA,GAAS,CAAC,CAAE,CAAA,KAAA;AAAA,QACtC,OAAS,EAAA,MAAA,CAAO,WAAY,CAAA,MAAA,GAAS,CAAC,CAAE,CAAA,KAAA;AAAA,OAC1C;AAAA,KACF,CAAA;AAAA,GACF;AAAA,EACA,UAAa,GAAA;AAAA,GAAC;AAAA,EACd,MAAM,YAAA,CAAa,EAAE,GAAA,EAAO,EAAA;AAC1B,IAAM,MAAA,MAAA,GAAS,MAAM,SAAA,CAAU,GAAG,CAAA,CAAA;AAClC,IAAO,OAAA;AAAA,MACL,MAAA;AAAA,MACA,YAAc,EAAA;AAAA,QACZ,aAAa,MAAO,CAAA,WAAA;AAAA,OACtB;AAAA,KACF,CAAA;AAAA,GACF;AACF,CAAC,EAAA;AAED,eAAe,UAAU,GAA4C,EAAA;AACnE,EAAM,MAAA,OAAA,GAAU,GAAI,CAAA,MAAA,CAAO,eAAe,CAAA,CAAA;AAC1C,EAAM,MAAA,WAAA,GAAc,GAAI,CAAA,MAAA,CAAO,mBAAmB,CAAA,CAAA;AAClD,EAAA,IAAI,YAAY,KAAW,CAAA,EAAA;AACzB,IAAA,MAAM,IAAIC,0BAAA,CAAoB,CAAW,QAAA,EAAA,eAAe,CAAS,OAAA,CAAA,CAAA,CAAA;AAAA,GACnE;AAEA,EAAO,OAAA;AAAA,IACL,WAAA,EAAa,iBAAiB,OAAO,CAAA;AAAA,IACrC,WAAA;AAAA,GACF,CAAA;AACF,CAAA;AAEA,SAAS,iBAAiB,OAAiB,EAAA;AACzC,EAAM,MAAA,MAAA,GAASC,eAAU,OAAO,CAAA,CAAA;AAEhC,EAAI,IAAA,MAAA,CAAO,QAAQ,KAAO,EAAA;AACxB,IAAM,MAAA,IAAI,MAAM,8BAA8B,CAAA,CAAA;AAAA,GAChD;AAEA,EAAO,OAAA;AAAA,IACL,IAAI,MAAO,CAAA,GAAA;AAAA,IACX,aAAa,MAAO,CAAA,IAAA;AAAA,IACpB,QAAU,EAAA,UAAA;AAAA,IACV,QAAQ,CAAC,EAAE,KAAO,EAAA,MAAA,CAAO,OAAO,CAAA;AAAA,IAChC,UAAU,MAAO,CAAA,kBAAA;AAAA,GACnB,CAAA;AACF;;ACrDiBC,8CAAA;AAAA,CAAV,CAAUA,6BAAV,KAAA;AACE,EAAMA,6BAAAA,CAAA,iCAAiCC,0CAA4B,CAAA;AAAA,IACxE,MAAS,GAAA;AACP,MAAO,OAAA,OAAO,MAAuC,GAAQ,KAAA;AAC3D,QAAM,MAAA;AAAA,UACJ,WAAA,EAAa,EAAE,EAAG,EAAA;AAAA,YAChB,IAAK,CAAA,MAAA,CAAA;AAET,QAAA,IAAI,CAAC,EAAI,EAAA;AACP,UAAM,MAAA,IAAI,MAAM,8BAA8B,CAAA,CAAA;AAAA,SAChD;AAEA,QAAO,OAAA,MAAM,IAAI,qBAAsB,CAAA;AAAA,UACrC,WAAa,EAAA;AAAA,YACX,6BAA+B,EAAA,EAAA;AAAA,WACjC;AAAA,SACD,CAAA,CAAA;AAAA,OACH,CAAA;AAAA,KACF;AAAA,GACD,CAAA,CAAA;AAAA,CAnBc,EAAAD,oCAAA,KAAAA,oCAAA,GAAA,EAAA,CAAA,CAAA;;ACGV,MAAM,kCAAkCE,oCAAoB,CAAA;AAAA,EACjE,QAAU,EAAA,MAAA;AAAA,EACV,QAAU,EAAA,yBAAA;AAAA,EACV,SAAS,GAAK,EAAA;AACZ,IAAA,GAAA,CAAI,YAAa,CAAA;AAAA,MACf,IAAM,EAAA;AAAA,QACJ,SAAW,EAAAC,0CAAA;AAAA,OACb;AAAA,MACA,MAAM,IAAA,CAAK,EAAE,SAAA,EAAa,EAAA;AACxB,QAAA,+BAAA,CAAgC,QAAQ,GAAG,CAAA,CAAA;AAC3C,QAAA,SAAA,CAAU,gBAAiB,CAAA;AAAA,UACzB,UAAY,EAAA,eAAA;AAAA,UACZ,SAASC,6CAA+B,CAAA;AAAA,YACtC,aAAe,EAAA,0BAAA;AAAA,YACf,uBAAyB,EAAA;AAAA,cACvB,GAAGC,oCAAA;AAAA,cACH,GAAGL,oCAAA;AAAA,aACL;AAAA,WACD,CAAA;AAAA,SACF,CAAA,CAAA;AAAA,OACH;AAAA,KACD,CAAA,CAAA;AAAA,GACH;AACF,CAAC,EAAA;AAED,SAAS,gCAAgC,GAAwB,EAAA;AAM/D,EAAI,IAAA,GAAA,CAAI,gBAAgB,KAAW,CAAA,EAAA;AACjC,IAAM,MAAA,IAAI,MAAM,gDAAgD,CAAA,CAAA;AAAA,GAClE;AACA,EAAA,IAAI,GAAI,CAAA,oBAAA,EAAsB,iBAAkB,CAAA,OAAO,MAAM,MAAQ,EAAA;AACnE,IAAM,MAAA,IAAI,MAAM,yDAAyD,CAAA,CAAA;AAAA,GAC3E;AACA,EAAA,IACE,GAAI,CAAA,6BAAA,EAA+B,iBAAkB,CAAA,OAAO,MAC5D,sBACA,EAAA;AACA,IAAM,MAAA,IAAI,MAAM,yCAAyC,CAAA,CAAA;AAAA,GAC3D;AACA,EAAA,IAAI,GAAI,CAAA,wBAAA,EAA0B,iBAAkB,CAAA,OAAO,MAAM,MAAQ,EAAA;AACvE,IAAM,MAAA,IAAI,MAAM,4BAA4B,CAAA,CAAA;AAAA,GAC9C;AACF;;;;;"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@backstage/plugin-auth-backend-module-azure-easyauth-provider",
-  "version": "0.1.1",
+  "version": "0.1.2-next.1",
   "description": "The azure-easyauth-provider backend module for the auth plugin.",
   "backstage": {
     "role": "backend-plugin-module"
@@ -31,18 +31,18 @@
     "test": "backstage-cli package test"
   },
   "dependencies": {
-    "@backstage/backend-plugin-api": "^0.6.18",
+    "@backstage/backend-plugin-api": "^0.6.19-next.2",
     "@backstage/catalog-model": "^1.5.0",
     "@backstage/errors": "^1.2.4",
-    "@backstage/plugin-auth-node": "^0.4.13",
+    "@backstage/plugin-auth-node": "^0.4.14-next.2",
     "@types/passport": "^1.0.16",
     "express": "^4.19.2",
     "jose": "^5.0.0",
     "passport": "^0.7.0"
   },
   "devDependencies": {
-    "@backstage/backend-test-utils": "^0.3.8",
-    "@backstage/cli": "^0.26.5",
-    "@backstage/plugin-auth-backend": "^0.22.5"
+    "@backstage/backend-test-utils": "^0.4.0-next.2",
+    "@backstage/cli": "^0.26.7-next.2",
+    "@backstage/plugin-auth-backend": "^0.22.6-next.2"
   }
 }