@backstage/plugin-auth-backend-module-oauth2-proxy-provider 0.2.10 → 0.2.11

package/CHANGELOG.md

@@ -1,5 +1,22 @@
 # @backstage/plugin-auth-backend-module-oauth2-proxy-provider
 
+## 0.2.11
+
+### Patch Changes
+
+- Updated dependencies
+  - @backstage/plugin-auth-node@0.6.6
+  - @backstage/backend-plugin-api@1.4.2
+
+## 0.2.11-next.0
+
+### Patch Changes
+
+- Updated dependencies
+  - @backstage/plugin-auth-node@0.6.6-next.0
+  - @backstage/backend-plugin-api@1.4.2-next.0
+  - @backstage/errors@1.2.7
+
 ## 0.2.10
 
 ### Patch Changes

package/dist/authenticator.cjs.js.map

@@ -1 +1 @@
-{"version":3,"file":"authenticator.cjs.js","sources":["../src/authenticator.ts"],"sourcesContent":["/*\n * Copyright 2023 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n *     http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { AuthenticationError } from '@backstage/errors';\nimport { createProxyAuthenticator } from '@backstage/plugin-auth-node';\nimport { decodeJwt } from 'jose';\nimport { OAuth2ProxyResult } from './types';\n\n/**\n * NOTE: This may come in handy if you're doing work on this provider:\n * plugins/auth-backend/examples/docker-compose.oauth2-proxy.yaml\n *\n * @public\n */\nexport const OAUTH2_PROXY_JWT_HEADER = 'X-OAUTH2-PROXY-ID-TOKEN';\n\n/** @public */\nexport const oauth2ProxyAuthenticator = createProxyAuthenticator({\n  defaultProfileTransform: async (result: OAuth2ProxyResult) => {\n    return {\n      profile: {\n        email: result.getHeader('x-forwarded-email'),\n        displayName:\n          result.getHeader('x-forwarded-preferred-username') ||\n          result.getHeader('x-forwarded-user'),\n      },\n    };\n  },\n  async initialize() {},\n  async authenticate({ req }) {\n    try {\n      // This unpacking of the JWT is just a utility provided by the\n      // authenticator to make the fields available to the profile transform and\n      // sign-in resolvers. The JWT is already validated by the upstream OAuth2\n      // Proxy, and since OAuth2 Proxy doesn't provide a way to authenticate\n      // forwarded requests, we don't do any additional validation here but\n      // instead trust that there is no way for attackers to bypass the OAuth2\n      // Proxy. We could validate these individual ID tokens for some of the\n      // upstream providers, but that is currently not in scope for this\n      // authenticator.\n      const authHeader = req.header(OAUTH2_PROXY_JWT_HEADER);\n      const jwt = authHeader?.match(/^Bearer[ ]+(\\S+)$/i)?.[1];\n      const decodedJWT = jwt && decodeJwt(jwt);\n\n      const result = {\n        fullProfile: decodedJWT || {},\n        accessToken: jwt || '',\n        headers: req.headers,\n        getHeader(name: string) {\n          if (name.toLocaleLowerCase('en-US') === 'set-cookie') {\n            throw new Error('Access Set-Cookie via the headers object instead');\n          }\n          return req.get(name);\n        },\n      };\n\n      return {\n        result,\n        providerInfo: {\n          accessToken: result.accessToken,\n        },\n      };\n    } catch (e) {\n      throw new AuthenticationError('Authentication failed', e);\n    }\n  },\n});\n"],"names":["createProxyAuthenticator","decodeJwt","AuthenticationError"],"mappings":";;;;;;AA2BO,MAAM,uBAA0B,GAAA;AAGhC,MAAM,2BAA2BA,uCAAyB,CAAA;AAAA,EAC/D,uBAAA,EAAyB,OAAO,MAA8B,KAAA;AAC5D,IAAO,OAAA;AAAA,MACL,OAAS,EAAA;AAAA,QACP,KAAA,EAAO,MAAO,CAAA,SAAA,CAAU,mBAAmB,CAAA;AAAA,QAC3C,aACE,MAAO,CAAA,SAAA,CAAU,gCAAgC,CACjD,IAAA,MAAA,CAAO,UAAU,kBAAkB;AAAA;AACvC,KACF;AAAA,GACF;AAAA,EACA,MAAM,UAAa,GAAA;AAAA,GAAC;AAAA,EACpB,MAAM,YAAA,CAAa,EAAE,GAAA,EAAO,EAAA;AAC1B,IAAI,IAAA;AAUF,MAAM,MAAA,UAAA,GAAa,GAAI,CAAA,MAAA,CAAO,uBAAuB,CAAA;AACrD,MAAA,MAAM,GAAM,GAAA,UAAA,EAAY,KAAM,CAAA,oBAAoB,IAAI,CAAC,CAAA;AACvD,MAAM,MAAA,UAAA,GAAa,GAAO,IAAAC,cAAA,CAAU,GAAG,CAAA;AAEvC,MAAA,MAAM,MAAS,GAAA;AAAA,QACb,WAAA,EAAa,cAAc,EAAC;AAAA,QAC5B,aAAa,GAAO,IAAA,EAAA;AAAA,QACpB,SAAS,GAAI,CAAA,OAAA;AAAA,QACb,UAAU,IAAc,EAAA;AACtB,UAAA,IAAI,IAAK,CAAA,iBAAA,CAAkB,OAAO,CAAA,KAAM,YAAc,EAAA;AACpD,YAAM,MAAA,IAAI,MAAM,kDAAkD,CAAA;AAAA;AAEpE,UAAO,OAAA,GAAA,CAAI,IAAI,IAAI,CAAA;AAAA;AACrB,OACF;AAEA,MAAO,OAAA;AAAA,QACL,MAAA;AAAA,QACA,YAAc,EAAA;AAAA,UACZ,aAAa,MAAO,CAAA;AAAA;AACtB,OACF;AAAA,aACO,CAAG,EAAA;AACV,MAAM,MAAA,IAAIC,0BAAoB,CAAA,uBAAA,EAAyB,CAAC,CAAA;AAAA;AAC1D;AAEJ,CAAC;;;;;"}
+{"version":3,"file":"authenticator.cjs.js","sources":["../src/authenticator.ts"],"sourcesContent":["/*\n * Copyright 2023 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n *     http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { AuthenticationError } from '@backstage/errors';\nimport { createProxyAuthenticator } from '@backstage/plugin-auth-node';\nimport { decodeJwt } from 'jose';\nimport { OAuth2ProxyResult } from './types';\n\n/**\n * NOTE: This may come in handy if you're doing work on this provider:\n * plugins/auth-backend/examples/docker-compose.oauth2-proxy.yaml\n *\n * @public\n */\nexport const OAUTH2_PROXY_JWT_HEADER = 'X-OAUTH2-PROXY-ID-TOKEN';\n\n/** @public */\nexport const oauth2ProxyAuthenticator = createProxyAuthenticator({\n  defaultProfileTransform: async (result: OAuth2ProxyResult) => {\n    return {\n      profile: {\n        email: result.getHeader('x-forwarded-email'),\n        displayName:\n          result.getHeader('x-forwarded-preferred-username') ||\n          result.getHeader('x-forwarded-user'),\n      },\n    };\n  },\n  async initialize() {},\n  async authenticate({ req }) {\n    try {\n      // This unpacking of the JWT is just a utility provided by the\n      // authenticator to make the fields available to the profile transform and\n      // sign-in resolvers. The JWT is already validated by the upstream OAuth2\n      // Proxy, and since OAuth2 Proxy doesn't provide a way to authenticate\n      // forwarded requests, we don't do any additional validation here but\n      // instead trust that there is no way for attackers to bypass the OAuth2\n      // Proxy. We could validate these individual ID tokens for some of the\n      // upstream providers, but that is currently not in scope for this\n      // authenticator.\n      const authHeader = req.header(OAUTH2_PROXY_JWT_HEADER);\n      const jwt = authHeader?.match(/^Bearer[ ]+(\\S+)$/i)?.[1];\n      const decodedJWT = jwt && decodeJwt(jwt);\n\n      const result = {\n        fullProfile: decodedJWT || {},\n        accessToken: jwt || '',\n        headers: req.headers,\n        getHeader(name: string) {\n          if (name.toLocaleLowerCase('en-US') === 'set-cookie') {\n            throw new Error('Access Set-Cookie via the headers object instead');\n          }\n          return req.get(name);\n        },\n      };\n\n      return {\n        result,\n        providerInfo: {\n          accessToken: result.accessToken,\n        },\n      };\n    } catch (e) {\n      throw new AuthenticationError('Authentication failed', e);\n    }\n  },\n});\n"],"names":["createProxyAuthenticator","decodeJwt","AuthenticationError"],"mappings":";;;;;;AA2BO,MAAM,uBAAA,GAA0B;AAGhC,MAAM,2BAA2BA,uCAAA,CAAyB;AAAA,EAC/D,uBAAA,EAAyB,OAAO,MAAA,KAA8B;AAC5D,IAAA,OAAO;AAAA,MACL,OAAA,EAAS;AAAA,QACP,KAAA,EAAO,MAAA,CAAO,SAAA,CAAU,mBAAmB,CAAA;AAAA,QAC3C,aACE,MAAA,CAAO,SAAA,CAAU,gCAAgC,CAAA,IACjD,MAAA,CAAO,UAAU,kBAAkB;AAAA;AACvC,KACF;AAAA,EACF,CAAA;AAAA,EACA,MAAM,UAAA,GAAa;AAAA,EAAC,CAAA;AAAA,EACpB,MAAM,YAAA,CAAa,EAAE,GAAA,EAAI,EAAG;AAC1B,IAAA,IAAI;AAUF,MAAA,MAAM,UAAA,GAAa,GAAA,CAAI,MAAA,CAAO,uBAAuB,CAAA;AACrD,MAAA,MAAM,GAAA,GAAM,UAAA,EAAY,KAAA,CAAM,oBAAoB,IAAI,CAAC,CAAA;AACvD,MAAA,MAAM,UAAA,GAAa,GAAA,IAAOC,cAAA,CAAU,GAAG,CAAA;AAEvC,MAAA,MAAM,MAAA,GAAS;AAAA,QACb,WAAA,EAAa,cAAc,EAAC;AAAA,QAC5B,aAAa,GAAA,IAAO,EAAA;AAAA,QACpB,SAAS,GAAA,CAAI,OAAA;AAAA,QACb,UAAU,IAAA,EAAc;AACtB,UAAA,IAAI,IAAA,CAAK,iBAAA,CAAkB,OAAO,CAAA,KAAM,YAAA,EAAc;AACpD,YAAA,MAAM,IAAI,MAAM,kDAAkD,CAAA;AAAA,UACpE;AACA,UAAA,OAAO,GAAA,CAAI,IAAI,IAAI,CAAA;AAAA,QACrB;AAAA,OACF;AAEA,MAAA,OAAO;AAAA,QACL,MAAA;AAAA,QACA,YAAA,EAAc;AAAA,UACZ,aAAa,MAAA,CAAO;AAAA;AACtB,OACF;AAAA,IACF,SAAS,CAAA,EAAG;AACV,MAAA,MAAM,IAAIC,0BAAA,CAAoB,uBAAA,EAAyB,CAAC,CAAA;AAAA,IAC1D;AAAA,EACF;AACF,CAAC;;;;;"}

package/dist/module.cjs.js.map

@@ -1 +1 @@
-{"version":3,"file":"module.cjs.js","sources":["../src/module.ts"],"sourcesContent":["/*\n * Copyright 2023 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n *     http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { createBackendModule } from '@backstage/backend-plugin-api';\nimport {\n  authProvidersExtensionPoint,\n  createProxyAuthProviderFactory,\n  commonSignInResolvers,\n} from '@backstage/plugin-auth-node';\nimport { oauth2ProxyAuthenticator } from './authenticator';\nimport { oauth2ProxySignInResolvers } from './resolvers';\n\n/** @public */\nexport const authModuleOauth2ProxyProvider = createBackendModule({\n  pluginId: 'auth',\n  moduleId: 'oauth2-proxy-provider',\n  register(reg) {\n    reg.registerInit({\n      deps: {\n        providers: authProvidersExtensionPoint,\n      },\n      async init({ providers }) {\n        providers.registerProvider({\n          providerId: 'oauth2Proxy',\n          factory: createProxyAuthProviderFactory({\n            authenticator: oauth2ProxyAuthenticator,\n            signInResolverFactories: {\n              ...commonSignInResolvers,\n              ...oauth2ProxySignInResolvers,\n            },\n          }),\n        });\n      },\n    });\n  },\n});\n"],"names":["createBackendModule","authProvidersExtensionPoint","createProxyAuthProviderFactory","oauth2ProxyAuthenticator","commonSignInResolvers","oauth2ProxySignInResolvers"],"mappings":";;;;;;;AA0BO,MAAM,gCAAgCA,oCAAoB,CAAA;AAAA,EAC/D,QAAU,EAAA,MAAA;AAAA,EACV,QAAU,EAAA,uBAAA;AAAA,EACV,SAAS,GAAK,EAAA;AACZ,IAAA,GAAA,CAAI,YAAa,CAAA;AAAA,MACf,IAAM,EAAA;AAAA,QACJ,SAAW,EAAAC;AAAA,OACb;AAAA,MACA,MAAM,IAAA,CAAK,EAAE,SAAA,EAAa,EAAA;AACxB,QAAA,SAAA,CAAU,gBAAiB,CAAA;AAAA,UACzB,UAAY,EAAA,aAAA;AAAA,UACZ,SAASC,6CAA+B,CAAA;AAAA,YACtC,aAAe,EAAAC,sCAAA;AAAA,YACf,uBAAyB,EAAA;AAAA,cACvB,GAAGC,oCAAA;AAAA,cACH,GAAGC;AAAA;AACL,WACD;AAAA,SACF,CAAA;AAAA;AACH,KACD,CAAA;AAAA;AAEL,CAAC;;;;"}
+{"version":3,"file":"module.cjs.js","sources":["../src/module.ts"],"sourcesContent":["/*\n * Copyright 2023 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n *     http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { createBackendModule } from '@backstage/backend-plugin-api';\nimport {\n  authProvidersExtensionPoint,\n  createProxyAuthProviderFactory,\n  commonSignInResolvers,\n} from '@backstage/plugin-auth-node';\nimport { oauth2ProxyAuthenticator } from './authenticator';\nimport { oauth2ProxySignInResolvers } from './resolvers';\n\n/** @public */\nexport const authModuleOauth2ProxyProvider = createBackendModule({\n  pluginId: 'auth',\n  moduleId: 'oauth2-proxy-provider',\n  register(reg) {\n    reg.registerInit({\n      deps: {\n        providers: authProvidersExtensionPoint,\n      },\n      async init({ providers }) {\n        providers.registerProvider({\n          providerId: 'oauth2Proxy',\n          factory: createProxyAuthProviderFactory({\n            authenticator: oauth2ProxyAuthenticator,\n            signInResolverFactories: {\n              ...commonSignInResolvers,\n              ...oauth2ProxySignInResolvers,\n            },\n          }),\n        });\n      },\n    });\n  },\n});\n"],"names":["createBackendModule","authProvidersExtensionPoint","createProxyAuthProviderFactory","oauth2ProxyAuthenticator","commonSignInResolvers","oauth2ProxySignInResolvers"],"mappings":";;;;;;;AA0BO,MAAM,gCAAgCA,oCAAA,CAAoB;AAAA,EAC/D,QAAA,EAAU,MAAA;AAAA,EACV,QAAA,EAAU,uBAAA;AAAA,EACV,SAAS,GAAA,EAAK;AACZ,IAAA,GAAA,CAAI,YAAA,CAAa;AAAA,MACf,IAAA,EAAM;AAAA,QACJ,SAAA,EAAWC;AAAA,OACb;AAAA,MACA,MAAM,IAAA,CAAK,EAAE,SAAA,EAAU,EAAG;AACxB,QAAA,SAAA,CAAU,gBAAA,CAAiB;AAAA,UACzB,UAAA,EAAY,aAAA;AAAA,UACZ,SAASC,6CAAA,CAA+B;AAAA,YACtC,aAAA,EAAeC,sCAAA;AAAA,YACf,uBAAA,EAAyB;AAAA,cACvB,GAAGC,oCAAA;AAAA,cACH,GAAGC;AAAA;AACL,WACD;AAAA,SACF,CAAA;AAAA,MACH;AAAA,KACD,CAAA;AAAA,EACH;AACF,CAAC;;;;"}

package/dist/resolvers.cjs.js.map

@@ -1 +1 @@
-{"version":3,"file":"resolvers.cjs.js","sources":["../src/resolvers.ts"],"sourcesContent":["/*\n * Copyright 2023 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n *     http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport {\n  createSignInResolverFactory,\n  SignInInfo,\n} from '@backstage/plugin-auth-node';\nimport { OAuth2ProxyResult } from './types';\nimport { z } from 'zod';\n\n/**\n * @public\n */\nexport namespace oauth2ProxySignInResolvers {\n  export const forwardedUserMatchingUserEntityName =\n    createSignInResolverFactory({\n      optionsSchema: z\n        .object({\n          dangerouslyAllowSignInWithoutUserInCatalog: z.boolean().optional(),\n        })\n        .optional(),\n      create(options = {}) {\n        return async (info: SignInInfo<OAuth2ProxyResult>, ctx) => {\n          const name = info.result.getHeader('x-forwarded-user');\n          if (!name) {\n            throw new Error('Request did not contain a user');\n          }\n\n          return ctx.signInWithCatalogUser(\n            {\n              entityRef: { name },\n            },\n            {\n              dangerousEntityRefFallback:\n                options?.dangerouslyAllowSignInWithoutUserInCatalog\n                  ? { entityRef: { name } }\n                  : undefined,\n            },\n          );\n        };\n      },\n    });\n}\n"],"names":["oauth2ProxySignInResolvers","createSignInResolverFactory","z"],"mappings":";;;;;AA0BiBA;AAAA,CAAV,CAAUA,2BAAV,KAAA;AACE,EAAMA,2BAAAA,CAAA,sCACXC,0CAA4B,CAAA;AAAA,IAC1B,aAAA,EAAeC,MACZ,MAAO,CAAA;AAAA,MACN,0CAA4C,EAAAA,KAAA,CAAE,OAAQ,EAAA,CAAE,QAAS;AAAA,KAClE,EACA,QAAS,EAAA;AAAA,IACZ,MAAA,CAAO,OAAU,GAAA,EAAI,EAAA;AACnB,MAAO,OAAA,OAAO,MAAqC,GAAQ,KAAA;AACzD,QAAA,MAAM,IAAO,GAAA,IAAA,CAAK,MAAO,CAAA,SAAA,CAAU,kBAAkB,CAAA;AACrD,QAAA,IAAI,CAAC,IAAM,EAAA;AACT,UAAM,MAAA,IAAI,MAAM,gCAAgC,CAAA;AAAA;AAGlD,QAAA,OAAO,GAAI,CAAA,qBAAA;AAAA,UACT;AAAA,YACE,SAAA,EAAW,EAAE,IAAK;AAAA,WACpB;AAAA,UACA;AAAA,YACE,0BAAA,EACE,SAAS,0CACL,GAAA,EAAE,WAAW,EAAE,IAAA,IACf,GAAA,KAAA;AAAA;AACR,SACF;AAAA,OACF;AAAA;AACF,GACD,CAAA;AAAA,CA5BY,EAAAF,kCAAA,KAAAA,kCAAA,GAAA,EAAA,CAAA,CAAA;;"}
+{"version":3,"file":"resolvers.cjs.js","sources":["../src/resolvers.ts"],"sourcesContent":["/*\n * Copyright 2023 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n *     http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport {\n  createSignInResolverFactory,\n  SignInInfo,\n} from '@backstage/plugin-auth-node';\nimport { OAuth2ProxyResult } from './types';\nimport { z } from 'zod';\n\n/**\n * @public\n */\nexport namespace oauth2ProxySignInResolvers {\n  export const forwardedUserMatchingUserEntityName =\n    createSignInResolverFactory({\n      optionsSchema: z\n        .object({\n          dangerouslyAllowSignInWithoutUserInCatalog: z.boolean().optional(),\n        })\n        .optional(),\n      create(options = {}) {\n        return async (info: SignInInfo<OAuth2ProxyResult>, ctx) => {\n          const name = info.result.getHeader('x-forwarded-user');\n          if (!name) {\n            throw new Error('Request did not contain a user');\n          }\n\n          return ctx.signInWithCatalogUser(\n            {\n              entityRef: { name },\n            },\n            {\n              dangerousEntityRefFallback:\n                options?.dangerouslyAllowSignInWithoutUserInCatalog\n                  ? { entityRef: { name } }\n                  : undefined,\n            },\n          );\n        };\n      },\n    });\n}\n"],"names":["oauth2ProxySignInResolvers","createSignInResolverFactory","z"],"mappings":";;;;;AA0BiBA;AAAA,CAAV,CAAUA,2BAAAA,KAAV;AACE,EAAMA,2BAAAA,CAAA,sCACXC,0CAAA,CAA4B;AAAA,IAC1B,aAAA,EAAeC,MACZ,MAAA,CAAO;AAAA,MACN,0CAAA,EAA4CA,KAAA,CAAE,OAAA,EAAQ,CAAE,QAAA;AAAS,KAClE,EACA,QAAA,EAAS;AAAA,IACZ,MAAA,CAAO,OAAA,GAAU,EAAC,EAAG;AACnB,MAAA,OAAO,OAAO,MAAqC,GAAA,KAAQ;AACzD,QAAA,MAAM,IAAA,GAAO,IAAA,CAAK,MAAA,CAAO,SAAA,CAAU,kBAAkB,CAAA;AACrD,QAAA,IAAI,CAAC,IAAA,EAAM;AACT,UAAA,MAAM,IAAI,MAAM,gCAAgC,CAAA;AAAA,QAClD;AAEA,QAAA,OAAO,GAAA,CAAI,qBAAA;AAAA,UACT;AAAA,YACE,SAAA,EAAW,EAAE,IAAA;AAAK,WACpB;AAAA,UACA;AAAA,YACE,0BAAA,EACE,SAAS,0CAAA,GACL,EAAE,WAAW,EAAE,IAAA,IAAO,GACtB;AAAA;AACR,SACF;AAAA,MACF,CAAA;AAAA,IACF;AAAA,GACD,CAAA;AAAA,CAAA,EA5BYF,kCAAA,KAAAA,kCAAA,GAAA,EAAA,CAAA,CAAA;;"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@backstage/plugin-auth-backend-module-oauth2-proxy-provider",
-  "version": "0.2.10",
+  "version": "0.2.11",
   "description": "The oauth2-proxy-provider backend module for the auth plugin.",
   "backstage": {
     "role": "backend-plugin-module",
@@ -36,15 +36,15 @@
     "test": "backstage-cli package test"
   },
   "dependencies": {
-    "@backstage/backend-plugin-api": "^1.4.1",
+    "@backstage/backend-plugin-api": "^1.4.2",
     "@backstage/errors": "^1.2.7",
-    "@backstage/plugin-auth-node": "^0.6.5",
+    "@backstage/plugin-auth-node": "^0.6.6",
     "jose": "^5.0.0",
     "zod": "^3.22.4"
   },
   "devDependencies": {
-    "@backstage/backend-test-utils": "^1.7.0",
-    "@backstage/cli": "^0.33.1"
+    "@backstage/backend-test-utils": "^1.8.0",
+    "@backstage/cli": "^0.34.0"
   },
   "typesVersions": {
     "*": {