@backstage/plugin-auth-backend 0.18.5-next.1 → 0.18.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (4) hide show
  1. package/CHANGELOG.md +14 -0
  2. package/dist/index.cjs.js +259 -25
  3. package/dist/index.cjs.js.map +1 -1
  4. package/package.json +8 -8
package/CHANGELOG.md CHANGED
@@ -1,5 +1,19 @@
1
1
  # @backstage/plugin-auth-backend
2
2
 
3
+ ## 0.18.5
4
+
5
+ ### Patch Changes
6
+
7
+ - c27ae5004fc2: Support for Token Endpoint Auth Method for OIDC Provider
8
+ - Updated dependencies
9
+ - @backstage/errors@1.2.1
10
+ - @backstage/backend-common@0.19.1
11
+ - @backstage/catalog-client@1.4.3
12
+ - @backstage/catalog-model@1.4.1
13
+ - @backstage/config@1.0.8
14
+ - @backstage/types@1.1.0
15
+ - @backstage/plugin-auth-node@0.2.16
16
+
3
17
  ## 0.18.5-next.1
4
18
 
5
19
  ### Patch Changes
package/dist/index.cjs.js CHANGED
@@ -74,6 +74,12 @@ var session__default = /*#__PURE__*/_interopDefaultLegacy(session);
74
74
  var connectSessionKnex__default = /*#__PURE__*/_interopDefaultLegacy(connectSessionKnex);
75
75
  var passport__default = /*#__PURE__*/_interopDefaultLegacy(passport);
76
76
 
77
+ var __defProp$m = Object.defineProperty;
78
+ var __defNormalProp$m = (obj, key, value) => key in obj ? __defProp$m(obj, key, { enumerable: true, configurable: true, writable: true, value }) : obj[key] = value;
79
+ var __publicField$m = (obj, key, value) => {
80
+ __defNormalProp$m(obj, typeof key !== "symbol" ? key + "" : key, value);
81
+ return value;
82
+ };
77
83
  const defaultScopes = ["offline_access", "read:me"];
78
84
  class AtlassianStrategy extends OAuth2Strategy__default["default"] {
79
85
  constructor(options, verify) {
@@ -88,6 +94,7 @@ class AtlassianStrategy extends OAuth2Strategy__default["default"] {
88
94
  scope: Array.from(/* @__PURE__ */ new Set([...defaultScopes, ...scopes]))
89
95
  };
90
96
  super(optionsWithURLs, verify);
97
+ __publicField$m(this, "profileURL");
91
98
  this.profileURL = "https://api.atlassian.com/me";
92
99
  this.name = "atlassian";
93
100
  this._oauth2.useAuthorizationHeaderforGET(true);
@@ -288,55 +295,62 @@ function prepareBackstageIdentityResponse(result) {
288
295
  };
289
296
  }
290
297
 
298
+ var __defProp$l = Object.defineProperty;
299
+ var __defNormalProp$l = (obj, key, value) => key in obj ? __defProp$l(obj, key, { enumerable: true, configurable: true, writable: true, value }) : obj[key] = value;
300
+ var __publicField$l = (obj, key, value) => {
301
+ __defNormalProp$l(obj, typeof key !== "symbol" ? key + "" : key, value);
302
+ return value;
303
+ };
291
304
  const THOUSAND_DAYS_MS = 1e3 * 24 * 60 * 60 * 1e3;
292
305
  const TEN_MINUTES_MS = 600 * 1e3;
293
306
  class OAuthAdapter {
294
307
  constructor(handlers, options) {
295
308
  this.handlers = handlers;
296
309
  this.options = options;
297
- this.setNonceCookie = (res, nonce, cookieConfig) => {
310
+ __publicField$l(this, "baseCookieOptions");
311
+ __publicField$l(this, "setNonceCookie", (res, nonce, cookieConfig) => {
298
312
  res.cookie(`${this.options.providerId}-nonce`, nonce, {
299
313
  maxAge: TEN_MINUTES_MS,
300
314
  ...this.baseCookieOptions,
301
315
  ...cookieConfig,
302
316
  path: `${cookieConfig.path}/handler`
303
317
  });
304
- };
305
- this.setGrantedScopeCookie = (res, scope, cookieConfig) => {
318
+ });
319
+ __publicField$l(this, "setGrantedScopeCookie", (res, scope, cookieConfig) => {
306
320
  res.cookie(`${this.options.providerId}-granted-scope`, scope, {
307
321
  maxAge: THOUSAND_DAYS_MS,
308
322
  ...this.baseCookieOptions,
309
323
  ...cookieConfig
310
324
  });
311
- };
312
- this.getRefreshTokenFromCookie = (req) => {
325
+ });
326
+ __publicField$l(this, "getRefreshTokenFromCookie", (req) => {
313
327
  return req.cookies[`${this.options.providerId}-refresh-token`];
314
- };
315
- this.getGrantedScopeFromCookie = (req) => {
328
+ });
329
+ __publicField$l(this, "getGrantedScopeFromCookie", (req) => {
316
330
  return req.cookies[`${this.options.providerId}-granted-scope`];
317
- };
318
- this.setRefreshTokenCookie = (res, refreshToken, cookieConfig) => {
331
+ });
332
+ __publicField$l(this, "setRefreshTokenCookie", (res, refreshToken, cookieConfig) => {
319
333
  res.cookie(`${this.options.providerId}-refresh-token`, refreshToken, {
320
334
  maxAge: THOUSAND_DAYS_MS,
321
335
  ...this.baseCookieOptions,
322
336
  ...cookieConfig
323
337
  });
324
- };
325
- this.removeRefreshTokenCookie = (res, cookieConfig) => {
338
+ });
339
+ __publicField$l(this, "removeRefreshTokenCookie", (res, cookieConfig) => {
326
340
  res.cookie(`${this.options.providerId}-refresh-token`, "", {
327
341
  maxAge: 0,
328
342
  ...this.baseCookieOptions,
329
343
  ...cookieConfig
330
344
  });
331
- };
332
- this.getCookieConfig = (origin) => {
345
+ });
346
+ __publicField$l(this, "getCookieConfig", (origin) => {
333
347
  return this.options.cookieConfigurer({
334
348
  providerId: this.options.providerId,
335
349
  baseUrl: this.options.baseUrl,
336
350
  callbackUrl: this.options.callbackUrl,
337
351
  appOrigin: origin != null ? origin : this.options.appOrigin
338
352
  });
339
- };
353
+ });
340
354
  this.baseCookieOptions = {
341
355
  httpOnly: true,
342
356
  sameSite: "lax"
@@ -634,6 +648,12 @@ function createAuthProviderIntegration(config) {
634
648
  });
635
649
  }
636
650
 
651
+ var __defProp$k = Object.defineProperty;
652
+ var __defNormalProp$k = (obj, key, value) => key in obj ? __defProp$k(obj, key, { enumerable: true, configurable: true, writable: true, value }) : obj[key] = value;
653
+ var __publicField$k = (obj, key, value) => {
654
+ __defNormalProp$k(obj, typeof key !== "symbol" ? key + "" : key, value);
655
+ return value;
656
+ };
637
657
  const atlassianDefaultAuthHandler = async ({
638
658
  fullProfile,
639
659
  params
@@ -642,6 +662,10 @@ const atlassianDefaultAuthHandler = async ({
642
662
  });
643
663
  class AtlassianAuthProvider {
644
664
  constructor(options) {
665
+ __publicField$k(this, "_strategy");
666
+ __publicField$k(this, "signInResolver");
667
+ __publicField$k(this, "authHandler");
668
+ __publicField$k(this, "resolverContext");
645
669
  this.resolverContext = options.resolverContext;
646
670
  this.authHandler = options.authHandler;
647
671
  this.signInResolver = options.signInResolver;
@@ -759,8 +783,21 @@ class Auth0Strategy extends Auth0InternalStrategy__default["default"] {
759
783
  }
760
784
  }
761
785
 
786
+ var __defProp$j = Object.defineProperty;
787
+ var __defNormalProp$j = (obj, key, value) => key in obj ? __defProp$j(obj, key, { enumerable: true, configurable: true, writable: true, value }) : obj[key] = value;
788
+ var __publicField$j = (obj, key, value) => {
789
+ __defNormalProp$j(obj, typeof key !== "symbol" ? key + "" : key, value);
790
+ return value;
791
+ };
762
792
  class Auth0AuthProvider {
763
793
  constructor(options) {
794
+ __publicField$j(this, "_strategy");
795
+ __publicField$j(this, "signInResolver");
796
+ __publicField$j(this, "authHandler");
797
+ __publicField$j(this, "resolverContext");
798
+ __publicField$j(this, "audience");
799
+ __publicField$j(this, "connection");
800
+ __publicField$j(this, "connectionScope");
764
801
  /**
765
802
  * Due to passport-auth0 forcing options.state = true,
766
803
  * passport-oauth2 requires express-session to be installed
@@ -769,14 +806,14 @@ class Auth0AuthProvider {
769
806
  * passport-oauth2, which is the StateStore implementation used when options.state = false,
770
807
  * allowing us to avoid using express-session in order to integrate with auth0.
771
808
  */
772
- this.store = {
809
+ __publicField$j(this, "store", {
773
810
  store(_req, cb) {
774
811
  cb(null, null);
775
812
  },
776
813
  verify(_req, _state, cb) {
777
814
  cb(null, true);
778
815
  }
779
- };
816
+ });
780
817
  this.signInResolver = options.signInResolver;
781
818
  this.authHandler = options.authHandler;
782
819
  this.resolverContext = options.resolverContext;
@@ -910,11 +947,23 @@ const auth0 = createAuthProviderIntegration({
910
947
  }
911
948
  });
912
949
 
950
+ var __defProp$i = Object.defineProperty;
951
+ var __defNormalProp$i = (obj, key, value) => key in obj ? __defProp$i(obj, key, { enumerable: true, configurable: true, writable: true, value }) : obj[key] = value;
952
+ var __publicField$i = (obj, key, value) => {
953
+ __defNormalProp$i(obj, typeof key !== "symbol" ? key + "" : key, value);
954
+ return value;
955
+ };
913
956
  const ALB_JWT_HEADER = "x-amzn-oidc-data";
914
957
  const ALB_ACCESS_TOKEN_HEADER = "x-amzn-oidc-accesstoken";
915
958
  class AwsAlbAuthProvider {
916
959
  constructor(options) {
917
- this.getKey = async (header) => {
960
+ __publicField$i(this, "region");
961
+ __publicField$i(this, "issuer");
962
+ __publicField$i(this, "resolverContext");
963
+ __publicField$i(this, "keyCache");
964
+ __publicField$i(this, "authHandler");
965
+ __publicField$i(this, "signInResolver");
966
+ __publicField$i(this, "getKey", async (header) => {
918
967
  if (!header.kid) {
919
968
  throw new errors.AuthenticationError("No key id was specified in header");
920
969
  }
@@ -933,7 +982,7 @@ class AwsAlbAuthProvider {
933
982
  keyValue.export({ format: "pem", type: "spki" })
934
983
  );
935
984
  return keyValue;
936
- };
985
+ });
937
986
  this.region = options.region;
938
987
  this.issuer = options.issuer;
939
988
  this.authHandler = options.authHandler;
@@ -1042,8 +1091,18 @@ const awsAlb = createAuthProviderIntegration({
1042
1091
  }
1043
1092
  });
1044
1093
 
1094
+ var __defProp$h = Object.defineProperty;
1095
+ var __defNormalProp$h = (obj, key, value) => key in obj ? __defProp$h(obj, key, { enumerable: true, configurable: true, writable: true, value }) : obj[key] = value;
1096
+ var __publicField$h = (obj, key, value) => {
1097
+ __defNormalProp$h(obj, typeof key !== "symbol" ? key + "" : key, value);
1098
+ return value;
1099
+ };
1045
1100
  class BitbucketAuthProvider {
1046
1101
  constructor(options) {
1102
+ __publicField$h(this, "_strategy");
1103
+ __publicField$h(this, "signInResolver");
1104
+ __publicField$h(this, "authHandler");
1105
+ __publicField$h(this, "resolverContext");
1047
1106
  this.signInResolver = options.signInResolver;
1048
1107
  this.authHandler = options.authHandler;
1049
1108
  this.resolverContext = options.resolverContext;
@@ -1211,11 +1270,23 @@ const commonByEmailResolver = async (info, ctx) => {
1211
1270
  });
1212
1271
  };
1213
1272
 
1273
+ var __defProp$g = Object.defineProperty;
1274
+ var __defNormalProp$g = (obj, key, value) => key in obj ? __defProp$g(obj, key, { enumerable: true, configurable: true, writable: true, value }) : obj[key] = value;
1275
+ var __publicField$g = (obj, key, value) => {
1276
+ __defNormalProp$g(obj, typeof key !== "symbol" ? key + "" : key, value);
1277
+ return value;
1278
+ };
1214
1279
  const CF_JWT_HEADER = "cf-access-jwt-assertion";
1215
1280
  const COOKIE_AUTH_NAME = "CF_Authorization";
1216
1281
  const CACHE_PREFIX = "providers/cloudflare-access/profile-v1";
1217
1282
  class CloudflareAccessAuthProvider {
1218
1283
  constructor(options) {
1284
+ __publicField$g(this, "teamName");
1285
+ __publicField$g(this, "resolverContext");
1286
+ __publicField$g(this, "authHandler");
1287
+ __publicField$g(this, "signInResolver");
1288
+ __publicField$g(this, "jwtKeySet");
1289
+ __publicField$g(this, "cache");
1219
1290
  this.teamName = options.teamName;
1220
1291
  this.authHandler = options.authHandler;
1221
1292
  this.signInResolver = options.signInResolver;
@@ -1399,8 +1470,19 @@ const defaultAuthHandler$1 = async ({
1399
1470
 
1400
1471
  const DEFAULT_IAP_JWT_HEADER = "x-goog-iap-jwt-assertion";
1401
1472
 
1473
+ var __defProp$f = Object.defineProperty;
1474
+ var __defNormalProp$f = (obj, key, value) => key in obj ? __defProp$f(obj, key, { enumerable: true, configurable: true, writable: true, value }) : obj[key] = value;
1475
+ var __publicField$f = (obj, key, value) => {
1476
+ __defNormalProp$f(obj, typeof key !== "symbol" ? key + "" : key, value);
1477
+ return value;
1478
+ };
1402
1479
  class GcpIapProvider {
1403
1480
  constructor(options) {
1481
+ __publicField$f(this, "authHandler");
1482
+ __publicField$f(this, "signInResolver");
1483
+ __publicField$f(this, "tokenValidator");
1484
+ __publicField$f(this, "resolverContext");
1485
+ __publicField$f(this, "jwtHeader");
1404
1486
  this.authHandler = options.authHandler;
1405
1487
  this.signInResolver = options.signInResolver;
1406
1488
  this.tokenValidator = options.tokenValidator;
@@ -1451,9 +1533,20 @@ const gcpIap = createAuthProviderIntegration({
1451
1533
 
1452
1534
  const BACKSTAGE_SESSION_EXPIRATION = 3600;
1453
1535
 
1536
+ var __defProp$e = Object.defineProperty;
1537
+ var __defNormalProp$e = (obj, key, value) => key in obj ? __defProp$e(obj, key, { enumerable: true, configurable: true, writable: true, value }) : obj[key] = value;
1538
+ var __publicField$e = (obj, key, value) => {
1539
+ __defNormalProp$e(obj, typeof key !== "symbol" ? key + "" : key, value);
1540
+ return value;
1541
+ };
1454
1542
  const ACCESS_TOKEN_PREFIX = "access-token.";
1455
1543
  class GithubAuthProvider {
1456
1544
  constructor(options) {
1545
+ __publicField$e(this, "_strategy");
1546
+ __publicField$e(this, "signInResolver");
1547
+ __publicField$e(this, "authHandler");
1548
+ __publicField$e(this, "resolverContext");
1549
+ __publicField$e(this, "stateEncoder");
1457
1550
  this.signInResolver = options.signInResolver;
1458
1551
  this.authHandler = options.authHandler;
1459
1552
  this.stateEncoder = options.stateEncoder;
@@ -1616,6 +1709,12 @@ const github = createAuthProviderIntegration({
1616
1709
  }
1617
1710
  });
1618
1711
 
1712
+ var __defProp$d = Object.defineProperty;
1713
+ var __defNormalProp$d = (obj, key, value) => key in obj ? __defProp$d(obj, key, { enumerable: true, configurable: true, writable: true, value }) : obj[key] = value;
1714
+ var __publicField$d = (obj, key, value) => {
1715
+ __defNormalProp$d(obj, typeof key !== "symbol" ? key + "" : key, value);
1716
+ return value;
1717
+ };
1619
1718
  const gitlabDefaultAuthHandler = async ({
1620
1719
  fullProfile,
1621
1720
  params
@@ -1624,6 +1723,10 @@ const gitlabDefaultAuthHandler = async ({
1624
1723
  });
1625
1724
  class GitlabAuthProvider {
1626
1725
  constructor(options) {
1726
+ __publicField$d(this, "_strategy");
1727
+ __publicField$d(this, "signInResolver");
1728
+ __publicField$d(this, "authHandler");
1729
+ __publicField$d(this, "resolverContext");
1627
1730
  this.resolverContext = options.resolverContext;
1628
1731
  this.authHandler = options.authHandler;
1629
1732
  this.signInResolver = options.signInResolver;
@@ -1731,8 +1834,18 @@ const gitlab = createAuthProviderIntegration({
1731
1834
  }
1732
1835
  });
1733
1836
 
1837
+ var __defProp$c = Object.defineProperty;
1838
+ var __defNormalProp$c = (obj, key, value) => key in obj ? __defProp$c(obj, key, { enumerable: true, configurable: true, writable: true, value }) : obj[key] = value;
1839
+ var __publicField$c = (obj, key, value) => {
1840
+ __defNormalProp$c(obj, typeof key !== "symbol" ? key + "" : key, value);
1841
+ return value;
1842
+ };
1734
1843
  class GoogleAuthProvider {
1735
1844
  constructor(options) {
1845
+ __publicField$c(this, "strategy");
1846
+ __publicField$c(this, "signInResolver");
1847
+ __publicField$c(this, "authHandler");
1848
+ __publicField$c(this, "resolverContext");
1736
1849
  this.authHandler = options.authHandler;
1737
1850
  this.signInResolver = options.signInResolver;
1738
1851
  this.resolverContext = options.resolverContext;
@@ -1873,13 +1986,24 @@ const google = createAuthProviderIntegration({
1873
1986
  }
1874
1987
  });
1875
1988
 
1989
+ var __defProp$b = Object.defineProperty;
1990
+ var __defNormalProp$b = (obj, key, value) => key in obj ? __defProp$b(obj, key, { enumerable: true, configurable: true, writable: true, value }) : obj[key] = value;
1991
+ var __publicField$b = (obj, key, value) => {
1992
+ __defNormalProp$b(obj, typeof key !== "symbol" ? key + "" : key, value);
1993
+ return value;
1994
+ };
1876
1995
  class MicrosoftAuthProvider {
1877
1996
  constructor(options) {
1878
- this.skipUserProfile = (accessToken) => {
1997
+ __publicField$b(this, "_strategy");
1998
+ __publicField$b(this, "signInResolver");
1999
+ __publicField$b(this, "authHandler");
2000
+ __publicField$b(this, "logger");
2001
+ __publicField$b(this, "resolverContext");
2002
+ __publicField$b(this, "skipUserProfile", (accessToken) => {
1879
2003
  const { aud, scp } = jose.decodeJwt(accessToken);
1880
2004
  const hasGraphReadScope = aud === "00000003-0000-0000-c000-000000000000" && scp.split(" ").map((s) => s.toLowerCase()).includes("user.read");
1881
2005
  return !hasGraphReadScope;
1882
- };
2006
+ });
1883
2007
  this.signInResolver = options.signInResolver;
1884
2008
  this.authHandler = options.authHandler;
1885
2009
  this.logger = options.logger;
@@ -2040,8 +2164,19 @@ const microsoft = createAuthProviderIntegration({
2040
2164
  }
2041
2165
  });
2042
2166
 
2167
+ var __defProp$a = Object.defineProperty;
2168
+ var __defNormalProp$a = (obj, key, value) => key in obj ? __defProp$a(obj, key, { enumerable: true, configurable: true, writable: true, value }) : obj[key] = value;
2169
+ var __publicField$a = (obj, key, value) => {
2170
+ __defNormalProp$a(obj, typeof key !== "symbol" ? key + "" : key, value);
2171
+ return value;
2172
+ };
2043
2173
  class OAuth2AuthProvider {
2044
2174
  constructor(options) {
2175
+ __publicField$a(this, "_strategy");
2176
+ __publicField$a(this, "signInResolver");
2177
+ __publicField$a(this, "authHandler");
2178
+ __publicField$a(this, "resolverContext");
2179
+ __publicField$a(this, "disableRefresh");
2045
2180
  var _a;
2046
2181
  this.signInResolver = options.signInResolver;
2047
2182
  this.authHandler = options.authHandler;
@@ -2180,9 +2315,18 @@ const oauth2 = createAuthProviderIntegration({
2180
2315
  }
2181
2316
  });
2182
2317
 
2318
+ var __defProp$9 = Object.defineProperty;
2319
+ var __defNormalProp$9 = (obj, key, value) => key in obj ? __defProp$9(obj, key, { enumerable: true, configurable: true, writable: true, value }) : obj[key] = value;
2320
+ var __publicField$9 = (obj, key, value) => {
2321
+ __defNormalProp$9(obj, typeof key !== "symbol" ? key + "" : key, value);
2322
+ return value;
2323
+ };
2183
2324
  const OAUTH2_PROXY_JWT_HEADER = "X-OAUTH2-PROXY-ID-TOKEN";
2184
2325
  class Oauth2ProxyAuthProvider {
2185
2326
  constructor(options) {
2327
+ __publicField$9(this, "resolverContext");
2328
+ __publicField$9(this, "signInResolver");
2329
+ __publicField$9(this, "authHandler");
2186
2330
  this.resolverContext = options.resolverContext;
2187
2331
  this.signInResolver = options.signInResolver;
2188
2332
  this.authHandler = options.authHandler;
@@ -2257,8 +2401,20 @@ const oauth2Proxy = createAuthProviderIntegration({
2257
2401
  }
2258
2402
  });
2259
2403
 
2404
+ var __defProp$8 = Object.defineProperty;
2405
+ var __defNormalProp$8 = (obj, key, value) => key in obj ? __defProp$8(obj, key, { enumerable: true, configurable: true, writable: true, value }) : obj[key] = value;
2406
+ var __publicField$8 = (obj, key, value) => {
2407
+ __defNormalProp$8(obj, typeof key !== "symbol" ? key + "" : key, value);
2408
+ return value;
2409
+ };
2260
2410
  class OidcAuthProvider {
2261
2411
  constructor(options) {
2412
+ __publicField$8(this, "implementation");
2413
+ __publicField$8(this, "scope");
2414
+ __publicField$8(this, "prompt");
2415
+ __publicField$8(this, "signInResolver");
2416
+ __publicField$8(this, "authHandler");
2417
+ __publicField$8(this, "resolverContext");
2262
2418
  this.implementation = this.setupStrategy(options);
2263
2419
  this.scope = options.scope;
2264
2420
  this.prompt = options.prompt;
@@ -2416,8 +2572,18 @@ const oidc = createAuthProviderIntegration({
2416
2572
  }
2417
2573
  });
2418
2574
 
2575
+ var __defProp$7 = Object.defineProperty;
2576
+ var __defNormalProp$7 = (obj, key, value) => key in obj ? __defProp$7(obj, key, { enumerable: true, configurable: true, writable: true, value }) : obj[key] = value;
2577
+ var __publicField$7 = (obj, key, value) => {
2578
+ __defNormalProp$7(obj, typeof key !== "symbol" ? key + "" : key, value);
2579
+ return value;
2580
+ };
2419
2581
  class OktaAuthProvider {
2420
2582
  constructor(options) {
2583
+ __publicField$7(this, "strategy");
2584
+ __publicField$7(this, "signInResolver");
2585
+ __publicField$7(this, "authHandler");
2586
+ __publicField$7(this, "resolverContext");
2421
2587
  /**
2422
2588
  * Due to passport-okta-oauth forcing options.state = true,
2423
2589
  * passport-oauth2 requires express-session to be installed
@@ -2426,14 +2592,14 @@ class OktaAuthProvider {
2426
2592
  * passport-oauth2, which is the StateStore implementation used when options.state = false,
2427
2593
  * allowing us to avoid using express-session in order to integrate with Okta.
2428
2594
  */
2429
- this.store = {
2595
+ __publicField$7(this, "store", {
2430
2596
  store(_req, cb) {
2431
2597
  cb(null, null);
2432
2598
  },
2433
2599
  verify(_req, _state, cb) {
2434
2600
  cb(null, true);
2435
2601
  }
2436
- };
2602
+ });
2437
2603
  this.signInResolver = options.signInResolver;
2438
2604
  this.authHandler = options.authHandler;
2439
2605
  this.resolverContext = options.resolverContext;
@@ -2584,8 +2750,18 @@ const okta = createAuthProviderIntegration({
2584
2750
  }
2585
2751
  });
2586
2752
 
2753
+ var __defProp$6 = Object.defineProperty;
2754
+ var __defNormalProp$6 = (obj, key, value) => key in obj ? __defProp$6(obj, key, { enumerable: true, configurable: true, writable: true, value }) : obj[key] = value;
2755
+ var __publicField$6 = (obj, key, value) => {
2756
+ __defNormalProp$6(obj, typeof key !== "symbol" ? key + "" : key, value);
2757
+ return value;
2758
+ };
2587
2759
  class OneLoginProvider {
2588
2760
  constructor(options) {
2761
+ __publicField$6(this, "_strategy");
2762
+ __publicField$6(this, "signInResolver");
2763
+ __publicField$6(this, "authHandler");
2764
+ __publicField$6(this, "resolverContext");
2589
2765
  this.signInResolver = options.signInResolver;
2590
2766
  this.authHandler = options.authHandler;
2591
2767
  this.resolverContext = options.resolverContext;
@@ -2699,8 +2875,19 @@ const onelogin = createAuthProviderIntegration({
2699
2875
  }
2700
2876
  });
2701
2877
 
2878
+ var __defProp$5 = Object.defineProperty;
2879
+ var __defNormalProp$5 = (obj, key, value) => key in obj ? __defProp$5(obj, key, { enumerable: true, configurable: true, writable: true, value }) : obj[key] = value;
2880
+ var __publicField$5 = (obj, key, value) => {
2881
+ __defNormalProp$5(obj, typeof key !== "symbol" ? key + "" : key, value);
2882
+ return value;
2883
+ };
2702
2884
  class SamlAuthProvider {
2703
2885
  constructor(options) {
2886
+ __publicField$5(this, "strategy");
2887
+ __publicField$5(this, "signInResolver");
2888
+ __publicField$5(this, "authHandler");
2889
+ __publicField$5(this, "resolverContext");
2890
+ __publicField$5(this, "appUrl");
2704
2891
  this.appUrl = options.appUrl;
2705
2892
  this.signInResolver = options.signInResolver;
2706
2893
  this.authHandler = options.authHandler;
@@ -2799,8 +2986,19 @@ const saml = createAuthProviderIntegration({
2799
2986
  }
2800
2987
  });
2801
2988
 
2989
+ var __defProp$4 = Object.defineProperty;
2990
+ var __defNormalProp$4 = (obj, key, value) => key in obj ? __defProp$4(obj, key, { enumerable: true, configurable: true, writable: true, value }) : obj[key] = value;
2991
+ var __publicField$4 = (obj, key, value) => {
2992
+ __defNormalProp$4(obj, typeof key !== "symbol" ? key + "" : key, value);
2993
+ return value;
2994
+ };
2802
2995
  class BitbucketServerAuthProvider {
2803
2996
  constructor(options) {
2997
+ __publicField$4(this, "signInResolver");
2998
+ __publicField$4(this, "authHandler");
2999
+ __publicField$4(this, "resolverContext");
3000
+ __publicField$4(this, "strategy");
3001
+ __publicField$4(this, "host");
2804
3002
  this.signInResolver = options.signInResolver;
2805
3003
  this.authHandler = options.authHandler;
2806
3004
  this.resolverContext = options.resolverContext;
@@ -2965,10 +3163,19 @@ const bitbucketServer = createAuthProviderIntegration({
2965
3163
  }
2966
3164
  });
2967
3165
 
3166
+ var __defProp$3 = Object.defineProperty;
3167
+ var __defNormalProp$3 = (obj, key, value) => key in obj ? __defProp$3(obj, key, { enumerable: true, configurable: true, writable: true, value }) : obj[key] = value;
3168
+ var __publicField$3 = (obj, key, value) => {
3169
+ __defNormalProp$3(obj, typeof key !== "symbol" ? key + "" : key, value);
3170
+ return value;
3171
+ };
2968
3172
  const ID_TOKEN_HEADER = "x-ms-token-aad-id-token";
2969
3173
  const ACCESS_TOKEN_HEADER = "x-ms-token-aad-access-token";
2970
3174
  class EasyAuthAuthProvider {
2971
3175
  constructor(options) {
3176
+ __publicField$3(this, "resolverContext");
3177
+ __publicField$3(this, "authHandler");
3178
+ __publicField$3(this, "signInResolver");
2972
3179
  this.authHandler = options.authHandler;
2973
3180
  this.signInResolver = options.signInResolver;
2974
3181
  this.resolverContext = options.resolverContext;
@@ -3133,9 +3340,22 @@ function createOidcRouter(options) {
3133
3340
  return router;
3134
3341
  }
3135
3342
 
3343
+ var __defProp$2 = Object.defineProperty;
3344
+ var __defNormalProp$2 = (obj, key, value) => key in obj ? __defProp$2(obj, key, { enumerable: true, configurable: true, writable: true, value }) : obj[key] = value;
3345
+ var __publicField$2 = (obj, key, value) => {
3346
+ __defNormalProp$2(obj, typeof key !== "symbol" ? key + "" : key, value);
3347
+ return value;
3348
+ };
3136
3349
  const MS_IN_S = 1e3;
3137
3350
  class TokenFactory {
3138
3351
  constructor(options) {
3352
+ __publicField$2(this, "issuer");
3353
+ __publicField$2(this, "logger");
3354
+ __publicField$2(this, "keyStore");
3355
+ __publicField$2(this, "keyDurationSeconds");
3356
+ __publicField$2(this, "algorithm");
3357
+ __publicField$2(this, "keyExpiry");
3358
+ __publicField$2(this, "privateKeyPromise");
3139
3359
  var _a;
3140
3360
  this.issuer = options.issuer;
3141
3361
  this.logger = options.logger;
@@ -3256,9 +3476,15 @@ class DatabaseKeyStore {
3256
3476
  }
3257
3477
  }
3258
3478
 
3479
+ var __defProp$1 = Object.defineProperty;
3480
+ var __defNormalProp$1 = (obj, key, value) => key in obj ? __defProp$1(obj, key, { enumerable: true, configurable: true, writable: true, value }) : obj[key] = value;
3481
+ var __publicField$1 = (obj, key, value) => {
3482
+ __defNormalProp$1(obj, typeof key !== "symbol" ? key + "" : key, value);
3483
+ return value;
3484
+ };
3259
3485
  class MemoryKeyStore {
3260
3486
  constructor() {
3261
- this.keys = /* @__PURE__ */ new Map();
3487
+ __publicField$1(this, "keys", /* @__PURE__ */ new Map());
3262
3488
  }
3263
3489
  async addKey(key) {
3264
3490
  this.keys.set(key.kid, {
@@ -3405,8 +3631,16 @@ class KeyStores {
3405
3631
  }
3406
3632
  }
3407
3633
 
3634
+ var __defProp = Object.defineProperty;
3635
+ var __defNormalProp = (obj, key, value) => key in obj ? __defProp(obj, key, { enumerable: true, configurable: true, writable: true, value }) : obj[key] = value;
3636
+ var __publicField = (obj, key, value) => {
3637
+ __defNormalProp(obj, typeof key !== "symbol" ? key + "" : key, value);
3638
+ return value;
3639
+ };
3408
3640
  class CatalogIdentityClient {
3409
3641
  constructor(options) {
3642
+ __publicField(this, "catalogApi");
3643
+ __publicField(this, "tokenManager");
3410
3644
  this.catalogApi = options.catalogApi;
3411
3645
  this.tokenManager = options.tokenManager;
3412
3646
  }
@@ -3586,7 +3820,7 @@ const migrationsDir = backendCommon.resolvePackagePath(
3586
3820
  "@backstage/plugin-auth-backend",
3587
3821
  "migrations"
3588
3822
  );
3589
- const _AuthDatabase = class {
3823
+ const _AuthDatabase = class _AuthDatabase {
3590
3824
  constructor(database) {
3591
3825
  __privateAdd(this, _database, void 0);
3592
3826
  __privateAdd(this, _promise, void 0);
@@ -3626,9 +3860,9 @@ const _AuthDatabase = class {
3626
3860
  return __privateGet(this, _promise);
3627
3861
  }
3628
3862
  };
3629
- let AuthDatabase = _AuthDatabase;
3630
3863
  _database = new WeakMap();
3631
3864
  _promise = new WeakMap();
3865
+ let AuthDatabase = _AuthDatabase;
3632
3866
 
3633
3867
  async function createRouter(options) {
3634
3868
  const {