@backstage/plugin-auth-backend 0.23.0 → 0.23.1-next.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +63 -0
- package/dist/authPlugin.cjs.js +75 -0
- package/dist/authPlugin.cjs.js.map +1 -0
- package/dist/database/AuthDatabase.cjs.js +51 -0
- package/dist/database/AuthDatabase.cjs.js.map +1 -0
- package/dist/identity/DatabaseKeyStore.cjs.js +40 -0
- package/dist/identity/DatabaseKeyStore.cjs.js.map +1 -0
- package/dist/identity/FirestoreKeyStore.cjs.js +90 -0
- package/dist/identity/FirestoreKeyStore.cjs.js.map +1 -0
- package/dist/identity/KeyStores.cjs.js +54 -0
- package/dist/identity/KeyStores.cjs.js.map +1 -0
- package/dist/identity/MemoryKeyStore.cjs.js +29 -0
- package/dist/identity/MemoryKeyStore.cjs.js.map +1 -0
- package/dist/identity/StaticKeyStore.cjs.js +91 -0
- package/dist/identity/StaticKeyStore.cjs.js.map +1 -0
- package/dist/identity/StaticTokenIssuer.cjs.js +53 -0
- package/dist/identity/StaticTokenIssuer.cjs.js.map +1 -0
- package/dist/identity/TokenFactory.cjs.js +164 -0
- package/dist/identity/TokenFactory.cjs.js.map +1 -0
- package/dist/identity/UserInfoDatabaseHandler.cjs.js +30 -0
- package/dist/identity/UserInfoDatabaseHandler.cjs.js.map +1 -0
- package/dist/identity/router.cjs.js +77 -0
- package/dist/identity/router.cjs.js.map +1 -0
- package/dist/index.cjs.js +31 -1981
- package/dist/index.cjs.js.map +1 -1
- package/dist/lib/catalog/CatalogIdentityClient.cjs.js +94 -0
- package/dist/lib/catalog/CatalogIdentityClient.cjs.js.map +1 -0
- package/dist/lib/flow/authFlowHelpers.cjs.js +43 -0
- package/dist/lib/flow/authFlowHelpers.cjs.js.map +1 -0
- package/dist/lib/legacy/adaptLegacyOAuthHandler.cjs.js +20 -0
- package/dist/lib/legacy/adaptLegacyOAuthHandler.cjs.js.map +1 -0
- package/dist/lib/legacy/adaptLegacyOAuthSignInResolver.cjs.js +24 -0
- package/dist/lib/legacy/adaptLegacyOAuthSignInResolver.cjs.js.map +1 -0
- package/dist/lib/legacy/adaptOAuthSignInResolverToLegacy.cjs.js +29 -0
- package/dist/lib/legacy/adaptOAuthSignInResolverToLegacy.cjs.js.map +1 -0
- package/dist/lib/oauth/OAuthAdapter.cjs.js +220 -0
- package/dist/lib/oauth/OAuthAdapter.cjs.js.map +1 -0
- package/dist/lib/oauth/OAuthEnvironmentHandler.cjs.js +8 -0
- package/dist/lib/oauth/OAuthEnvironmentHandler.cjs.js.map +1 -0
- package/dist/lib/oauth/helpers.cjs.js +40 -0
- package/dist/lib/oauth/helpers.cjs.js.map +1 -0
- package/dist/lib/passport/PassportStrategyHelper.cjs.js +48 -0
- package/dist/lib/passport/PassportStrategyHelper.cjs.js.map +1 -0
- package/dist/lib/resolvers/CatalogAuthResolverContext.cjs.js +116 -0
- package/dist/lib/resolvers/CatalogAuthResolverContext.cjs.js.map +1 -0
- package/dist/providers/atlassian/provider.cjs.js +20 -0
- package/dist/providers/atlassian/provider.cjs.js.map +1 -0
- package/dist/providers/auth0/provider.cjs.js +20 -0
- package/dist/providers/auth0/provider.cjs.js.map +1 -0
- package/dist/providers/aws-alb/provider.cjs.js +18 -0
- package/dist/providers/aws-alb/provider.cjs.js.map +1 -0
- package/dist/providers/azure-easyauth/provider.cjs.js +18 -0
- package/dist/providers/azure-easyauth/provider.cjs.js.map +1 -0
- package/dist/providers/bitbucket/provider.cjs.js +25 -0
- package/dist/providers/bitbucket/provider.cjs.js.map +1 -0
- package/dist/providers/bitbucketServer/provider.cjs.js +46 -0
- package/dist/providers/bitbucketServer/provider.cjs.js.map +1 -0
- package/dist/providers/cloudflare-access/provider.cjs.js +22 -0
- package/dist/providers/cloudflare-access/provider.cjs.js.map +1 -0
- package/dist/providers/createAuthProviderIntegration.cjs.js +11 -0
- package/dist/providers/createAuthProviderIntegration.cjs.js.map +1 -0
- package/dist/providers/gcp-iap/provider.cjs.js +18 -0
- package/dist/providers/gcp-iap/provider.cjs.js.map +1 -0
- package/dist/providers/github/provider.cjs.js +61 -0
- package/dist/providers/github/provider.cjs.js.map +1 -0
- package/dist/providers/gitlab/provider.cjs.js +20 -0
- package/dist/providers/gitlab/provider.cjs.js.map +1 -0
- package/dist/providers/google/provider.cjs.js +26 -0
- package/dist/providers/google/provider.cjs.js.map +1 -0
- package/dist/providers/microsoft/provider.cjs.js +27 -0
- package/dist/providers/microsoft/provider.cjs.js.map +1 -0
- package/dist/providers/oauth2/provider.cjs.js +20 -0
- package/dist/providers/oauth2/provider.cjs.js.map +1 -0
- package/dist/providers/oauth2-proxy/provider.cjs.js +18 -0
- package/dist/providers/oauth2-proxy/provider.cjs.js.map +1 -0
- package/dist/providers/oidc/provider.cjs.js +37 -0
- package/dist/providers/oidc/provider.cjs.js.map +1 -0
- package/dist/providers/okta/provider.cjs.js +47 -0
- package/dist/providers/okta/provider.cjs.js.map +1 -0
- package/dist/providers/onelogin/provider.cjs.js +20 -0
- package/dist/providers/onelogin/provider.cjs.js.map +1 -0
- package/dist/providers/prepareBackstageIdentityResponse.cjs.js +8 -0
- package/dist/providers/prepareBackstageIdentityResponse.cjs.js.map +1 -0
- package/dist/providers/providers.cjs.js +62 -0
- package/dist/providers/providers.cjs.js.map +1 -0
- package/dist/providers/resolvers.cjs.js +27 -0
- package/dist/providers/resolvers.cjs.js.map +1 -0
- package/dist/providers/router.cjs.js +111 -0
- package/dist/providers/router.cjs.js.map +1 -0
- package/dist/providers/saml/provider.cjs.js +121 -0
- package/dist/providers/saml/provider.cjs.js.map +1 -0
- package/dist/service/readBackstageTokenExpiration.cjs.js +27 -0
- package/dist/service/readBackstageTokenExpiration.cjs.js.map +1 -0
- package/dist/service/router.cjs.js +127 -0
- package/dist/service/router.cjs.js.map +1 -0
- package/package.json +29 -29
|
@@ -0,0 +1,26 @@
|
|
|
1
|
+
'use strict';
|
|
2
|
+
|
|
3
|
+
var pluginAuthBackendModuleGoogleProvider = require('@backstage/plugin-auth-backend-module-google-provider');
|
|
4
|
+
var pluginAuthNode = require('@backstage/plugin-auth-node');
|
|
5
|
+
var adaptLegacyOAuthHandler = require('../../lib/legacy/adaptLegacyOAuthHandler.cjs.js');
|
|
6
|
+
var adaptLegacyOAuthSignInResolver = require('../../lib/legacy/adaptLegacyOAuthSignInResolver.cjs.js');
|
|
7
|
+
var adaptOAuthSignInResolverToLegacy = require('../../lib/legacy/adaptOAuthSignInResolverToLegacy.cjs.js');
|
|
8
|
+
var createAuthProviderIntegration = require('../createAuthProviderIntegration.cjs.js');
|
|
9
|
+
|
|
10
|
+
const google = createAuthProviderIntegration.createAuthProviderIntegration({
|
|
11
|
+
create(options) {
|
|
12
|
+
return pluginAuthNode.createOAuthProviderFactory({
|
|
13
|
+
authenticator: pluginAuthBackendModuleGoogleProvider.googleAuthenticator,
|
|
14
|
+
profileTransform: adaptLegacyOAuthHandler.adaptLegacyOAuthHandler(options?.authHandler),
|
|
15
|
+
signInResolver: adaptLegacyOAuthSignInResolver.adaptLegacyOAuthSignInResolver(options?.signIn?.resolver)
|
|
16
|
+
});
|
|
17
|
+
},
|
|
18
|
+
resolvers: adaptOAuthSignInResolverToLegacy.adaptOAuthSignInResolverToLegacy({
|
|
19
|
+
emailLocalPartMatchingUserEntityName: pluginAuthNode.commonSignInResolvers.emailLocalPartMatchingUserEntityName(),
|
|
20
|
+
emailMatchingUserEntityProfileEmail: pluginAuthNode.commonSignInResolvers.emailMatchingUserEntityProfileEmail(),
|
|
21
|
+
emailMatchingUserEntityAnnotation: pluginAuthBackendModuleGoogleProvider.googleSignInResolvers.emailMatchingUserEntityAnnotation()
|
|
22
|
+
})
|
|
23
|
+
});
|
|
24
|
+
|
|
25
|
+
exports.google = google;
|
|
26
|
+
//# sourceMappingURL=provider.cjs.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"provider.cjs.js","sources":["../../../src/providers/google/provider.ts"],"sourcesContent":["/*\n * Copyright 2020 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport {\n googleAuthenticator,\n googleSignInResolvers,\n} from '@backstage/plugin-auth-backend-module-google-provider';\nimport {\n SignInResolver,\n commonSignInResolvers,\n createOAuthProviderFactory,\n} from '@backstage/plugin-auth-node';\nimport {\n adaptLegacyOAuthHandler,\n adaptLegacyOAuthSignInResolver,\n adaptOAuthSignInResolverToLegacy,\n} from '../../lib/legacy';\nimport { OAuthResult } from '../../lib/oauth';\nimport { createAuthProviderIntegration } from '../createAuthProviderIntegration';\nimport { AuthHandler } from '../types';\n\n/**\n * Auth provider integration for Google auth\n *\n * @public\n */\nexport const google = createAuthProviderIntegration({\n create(options?: {\n /**\n * The profile transformation function used to verify and convert the auth response\n * into the profile that will be presented to the user.\n */\n authHandler?: AuthHandler<OAuthResult>;\n\n /**\n * Configure sign-in for this provider, without it the provider can not be used to sign users in.\n */\n signIn?: {\n /**\n * Maps an auth result to a Backstage identity for the user.\n */\n resolver: SignInResolver<OAuthResult>;\n };\n }) {\n return createOAuthProviderFactory({\n authenticator: googleAuthenticator,\n profileTransform: adaptLegacyOAuthHandler(options?.authHandler),\n signInResolver: adaptLegacyOAuthSignInResolver(options?.signIn?.resolver),\n });\n },\n resolvers: adaptOAuthSignInResolverToLegacy({\n emailLocalPartMatchingUserEntityName:\n commonSignInResolvers.emailLocalPartMatchingUserEntityName(),\n emailMatchingUserEntityProfileEmail:\n commonSignInResolvers.emailMatchingUserEntityProfileEmail(),\n emailMatchingUserEntityAnnotation:\n googleSignInResolvers.emailMatchingUserEntityAnnotation(),\n }),\n});\n"],"names":["createAuthProviderIntegration","createOAuthProviderFactory","googleAuthenticator","adaptLegacyOAuthHandler","adaptLegacyOAuthSignInResolver","adaptOAuthSignInResolverToLegacy","commonSignInResolvers","googleSignInResolvers"],"mappings":";;;;;;;;;AAuCO,MAAM,SAASA,2DAA8B,CAAA;AAAA,EAClD,OAAO,OAgBJ,EAAA;AACD,IAAA,OAAOC,yCAA2B,CAAA;AAAA,MAChC,aAAe,EAAAC,yDAAA;AAAA,MACf,gBAAA,EAAkBC,+CAAwB,CAAA,OAAA,EAAS,WAAW,CAAA;AAAA,MAC9D,cAAgB,EAAAC,6DAAA,CAA+B,OAAS,EAAA,MAAA,EAAQ,QAAQ,CAAA;AAAA,KACzE,CAAA,CAAA;AAAA,GACH;AAAA,EACA,WAAWC,iEAAiC,CAAA;AAAA,IAC1C,oCAAA,EACEC,qCAAsB,oCAAqC,EAAA;AAAA,IAC7D,mCAAA,EACEA,qCAAsB,mCAAoC,EAAA;AAAA,IAC5D,iCAAA,EACEC,4DAAsB,iCAAkC,EAAA;AAAA,GAC3D,CAAA;AACH,CAAC;;;;"}
|
|
@@ -0,0 +1,27 @@
|
|
|
1
|
+
'use strict';
|
|
2
|
+
|
|
3
|
+
var createAuthProviderIntegration = require('../createAuthProviderIntegration.cjs.js');
|
|
4
|
+
var pluginAuthNode = require('@backstage/plugin-auth-node');
|
|
5
|
+
var adaptLegacyOAuthHandler = require('../../lib/legacy/adaptLegacyOAuthHandler.cjs.js');
|
|
6
|
+
var adaptLegacyOAuthSignInResolver = require('../../lib/legacy/adaptLegacyOAuthSignInResolver.cjs.js');
|
|
7
|
+
var adaptOAuthSignInResolverToLegacy = require('../../lib/legacy/adaptOAuthSignInResolverToLegacy.cjs.js');
|
|
8
|
+
var pluginAuthBackendModuleMicrosoftProvider = require('@backstage/plugin-auth-backend-module-microsoft-provider');
|
|
9
|
+
|
|
10
|
+
const microsoft = createAuthProviderIntegration.createAuthProviderIntegration({
|
|
11
|
+
create(options) {
|
|
12
|
+
return pluginAuthNode.createOAuthProviderFactory({
|
|
13
|
+
authenticator: pluginAuthBackendModuleMicrosoftProvider.microsoftAuthenticator,
|
|
14
|
+
profileTransform: adaptLegacyOAuthHandler.adaptLegacyOAuthHandler(options?.authHandler),
|
|
15
|
+
signInResolver: adaptLegacyOAuthSignInResolver.adaptLegacyOAuthSignInResolver(options?.signIn?.resolver)
|
|
16
|
+
});
|
|
17
|
+
},
|
|
18
|
+
resolvers: adaptOAuthSignInResolverToLegacy.adaptOAuthSignInResolverToLegacy({
|
|
19
|
+
emailLocalPartMatchingUserEntityName: pluginAuthNode.commonSignInResolvers.emailLocalPartMatchingUserEntityName(),
|
|
20
|
+
emailMatchingUserEntityProfileEmail: pluginAuthNode.commonSignInResolvers.emailMatchingUserEntityProfileEmail(),
|
|
21
|
+
emailMatchingUserEntityAnnotation: pluginAuthBackendModuleMicrosoftProvider.microsoftSignInResolvers.emailMatchingUserEntityAnnotation(),
|
|
22
|
+
userIdMatchingUserEntityAnnotation: pluginAuthBackendModuleMicrosoftProvider.microsoftSignInResolvers.userIdMatchingUserEntityAnnotation()
|
|
23
|
+
})
|
|
24
|
+
});
|
|
25
|
+
|
|
26
|
+
exports.microsoft = microsoft;
|
|
27
|
+
//# sourceMappingURL=provider.cjs.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"provider.cjs.js","sources":["../../../src/providers/microsoft/provider.ts"],"sourcesContent":["/*\n * Copyright 2020 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { AuthHandler } from '../types';\nimport { OAuthResult } from '../../lib/oauth';\nimport { createAuthProviderIntegration } from '../createAuthProviderIntegration';\nimport {\n SignInResolver,\n commonSignInResolvers,\n createOAuthProviderFactory,\n} from '@backstage/plugin-auth-node';\nimport {\n adaptLegacyOAuthHandler,\n adaptLegacyOAuthSignInResolver,\n adaptOAuthSignInResolverToLegacy,\n} from '../../lib/legacy';\nimport {\n microsoftAuthenticator,\n microsoftSignInResolvers,\n} from '@backstage/plugin-auth-backend-module-microsoft-provider';\n\n/**\n * Auth provider integration for Microsoft auth\n *\n * @public\n */\nexport const microsoft = createAuthProviderIntegration({\n create(options?: {\n /**\n * The profile transformation function used to verify and convert the auth response\n * into the profile that will be presented to the user.\n */\n authHandler?: AuthHandler<OAuthResult>;\n\n /**\n * Configure sign-in for this provider, without it the provider can not be used to sign users in.\n */\n signIn?: {\n resolver: SignInResolver<OAuthResult>;\n };\n }) {\n return createOAuthProviderFactory({\n authenticator: microsoftAuthenticator,\n profileTransform: adaptLegacyOAuthHandler(options?.authHandler),\n signInResolver: adaptLegacyOAuthSignInResolver(options?.signIn?.resolver),\n });\n },\n resolvers: adaptOAuthSignInResolverToLegacy({\n emailLocalPartMatchingUserEntityName:\n commonSignInResolvers.emailLocalPartMatchingUserEntityName(),\n emailMatchingUserEntityProfileEmail:\n commonSignInResolvers.emailMatchingUserEntityProfileEmail(),\n emailMatchingUserEntityAnnotation:\n microsoftSignInResolvers.emailMatchingUserEntityAnnotation(),\n userIdMatchingUserEntityAnnotation:\n microsoftSignInResolvers.userIdMatchingUserEntityAnnotation(),\n }),\n});\n"],"names":["createAuthProviderIntegration","createOAuthProviderFactory","microsoftAuthenticator","adaptLegacyOAuthHandler","adaptLegacyOAuthSignInResolver","adaptOAuthSignInResolverToLegacy","commonSignInResolvers","microsoftSignInResolvers"],"mappings":";;;;;;;;;AAuCO,MAAM,YAAYA,2DAA8B,CAAA;AAAA,EACrD,OAAO,OAaJ,EAAA;AACD,IAAA,OAAOC,yCAA2B,CAAA;AAAA,MAChC,aAAe,EAAAC,+DAAA;AAAA,MACf,gBAAA,EAAkBC,+CAAwB,CAAA,OAAA,EAAS,WAAW,CAAA;AAAA,MAC9D,cAAgB,EAAAC,6DAAA,CAA+B,OAAS,EAAA,MAAA,EAAQ,QAAQ,CAAA;AAAA,KACzE,CAAA,CAAA;AAAA,GACH;AAAA,EACA,WAAWC,iEAAiC,CAAA;AAAA,IAC1C,oCAAA,EACEC,qCAAsB,oCAAqC,EAAA;AAAA,IAC7D,mCAAA,EACEA,qCAAsB,mCAAoC,EAAA;AAAA,IAC5D,iCAAA,EACEC,kEAAyB,iCAAkC,EAAA;AAAA,IAC7D,kCAAA,EACEA,kEAAyB,kCAAmC,EAAA;AAAA,GAC/D,CAAA;AACH,CAAC;;;;"}
|
|
@@ -0,0 +1,20 @@
|
|
|
1
|
+
'use strict';
|
|
2
|
+
|
|
3
|
+
var createAuthProviderIntegration = require('../createAuthProviderIntegration.cjs.js');
|
|
4
|
+
var adaptLegacyOAuthHandler = require('../../lib/legacy/adaptLegacyOAuthHandler.cjs.js');
|
|
5
|
+
var adaptLegacyOAuthSignInResolver = require('../../lib/legacy/adaptLegacyOAuthSignInResolver.cjs.js');
|
|
6
|
+
var pluginAuthNode = require('@backstage/plugin-auth-node');
|
|
7
|
+
var pluginAuthBackendModuleOauth2Provider = require('@backstage/plugin-auth-backend-module-oauth2-provider');
|
|
8
|
+
|
|
9
|
+
const oauth2 = createAuthProviderIntegration.createAuthProviderIntegration({
|
|
10
|
+
create(options) {
|
|
11
|
+
return pluginAuthNode.createOAuthProviderFactory({
|
|
12
|
+
authenticator: pluginAuthBackendModuleOauth2Provider.oauth2Authenticator,
|
|
13
|
+
profileTransform: adaptLegacyOAuthHandler.adaptLegacyOAuthHandler(options?.authHandler),
|
|
14
|
+
signInResolver: adaptLegacyOAuthSignInResolver.adaptLegacyOAuthSignInResolver(options?.signIn?.resolver)
|
|
15
|
+
});
|
|
16
|
+
}
|
|
17
|
+
});
|
|
18
|
+
|
|
19
|
+
exports.oauth2 = oauth2;
|
|
20
|
+
//# sourceMappingURL=provider.cjs.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"provider.cjs.js","sources":["../../../src/providers/oauth2/provider.ts"],"sourcesContent":["/*\n * Copyright 2020 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { OAuthResult } from '../../lib/oauth';\nimport { AuthHandler } from '../types';\nimport { createAuthProviderIntegration } from '../createAuthProviderIntegration';\nimport {\n adaptLegacyOAuthHandler,\n adaptLegacyOAuthSignInResolver,\n} from '../../lib/legacy';\nimport {\n SignInResolver,\n createOAuthProviderFactory,\n} from '@backstage/plugin-auth-node';\nimport { oauth2Authenticator } from '@backstage/plugin-auth-backend-module-oauth2-provider';\n\n/**\n * Auth provider integration for generic OAuth2 auth\n *\n * @public\n */\nexport const oauth2 = createAuthProviderIntegration({\n create(options?: {\n authHandler?: AuthHandler<OAuthResult>;\n\n signIn?: {\n resolver: SignInResolver<OAuthResult>;\n };\n }) {\n return createOAuthProviderFactory({\n authenticator: oauth2Authenticator,\n profileTransform: adaptLegacyOAuthHandler(options?.authHandler),\n signInResolver: adaptLegacyOAuthSignInResolver(options?.signIn?.resolver),\n });\n },\n});\n"],"names":["createAuthProviderIntegration","createOAuthProviderFactory","oauth2Authenticator","adaptLegacyOAuthHandler","adaptLegacyOAuthSignInResolver"],"mappings":";;;;;;;;AAkCO,MAAM,SAASA,2DAA8B,CAAA;AAAA,EAClD,OAAO,OAMJ,EAAA;AACD,IAAA,OAAOC,yCAA2B,CAAA;AAAA,MAChC,aAAe,EAAAC,yDAAA;AAAA,MACf,gBAAA,EAAkBC,+CAAwB,CAAA,OAAA,EAAS,WAAW,CAAA;AAAA,MAC9D,cAAgB,EAAAC,6DAAA,CAA+B,OAAS,EAAA,MAAA,EAAQ,QAAQ,CAAA;AAAA,KACzE,CAAA,CAAA;AAAA,GACH;AACF,CAAC;;;;"}
|
|
@@ -0,0 +1,18 @@
|
|
|
1
|
+
'use strict';
|
|
2
|
+
|
|
3
|
+
var pluginAuthNode = require('@backstage/plugin-auth-node');
|
|
4
|
+
var createAuthProviderIntegration = require('../createAuthProviderIntegration.cjs.js');
|
|
5
|
+
var pluginAuthBackendModuleOauth2ProxyProvider = require('@backstage/plugin-auth-backend-module-oauth2-proxy-provider');
|
|
6
|
+
|
|
7
|
+
const oauth2Proxy = createAuthProviderIntegration.createAuthProviderIntegration({
|
|
8
|
+
create(options) {
|
|
9
|
+
return pluginAuthNode.createProxyAuthProviderFactory({
|
|
10
|
+
authenticator: pluginAuthBackendModuleOauth2ProxyProvider.oauth2ProxyAuthenticator,
|
|
11
|
+
profileTransform: options?.authHandler,
|
|
12
|
+
signInResolver: options?.signIn?.resolver
|
|
13
|
+
});
|
|
14
|
+
}
|
|
15
|
+
});
|
|
16
|
+
|
|
17
|
+
exports.oauth2Proxy = oauth2Proxy;
|
|
18
|
+
//# sourceMappingURL=provider.cjs.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"provider.cjs.js","sources":["../../../src/providers/oauth2-proxy/provider.ts"],"sourcesContent":["/*\n * Copyright 2021 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport {\n SignInResolver,\n createProxyAuthProviderFactory,\n} from '@backstage/plugin-auth-node';\nimport { AuthHandler } from '../types';\nimport { createAuthProviderIntegration } from '../createAuthProviderIntegration';\nimport {\n type OAuth2ProxyResult,\n oauth2ProxyAuthenticator,\n} from '@backstage/plugin-auth-backend-module-oauth2-proxy-provider';\n\n/**\n * Auth provider integration for oauth2-proxy auth\n *\n * @public\n */\nexport const oauth2Proxy = createAuthProviderIntegration({\n create(options: {\n /**\n * Configure an auth handler to generate a profile for the user.\n *\n * The default implementation uses the value of the `X-Forwarded-Preferred-Username`\n * header as the display name, falling back to `X-Forwarded-User`, and the value of\n * the `X-Forwarded-Email` header as the email address.\n */\n authHandler?: AuthHandler<OAuth2ProxyResult>;\n\n /**\n * Configure sign-in for this provider, without it the provider can not be used to sign users in.\n */\n signIn: {\n /**\n * Maps an auth result to a Backstage identity for the user.\n */\n resolver: SignInResolver<OAuth2ProxyResult>;\n };\n }) {\n return createProxyAuthProviderFactory({\n authenticator: oauth2ProxyAuthenticator,\n profileTransform: options?.authHandler,\n signInResolver: options?.signIn?.resolver,\n });\n },\n});\n"],"names":["createAuthProviderIntegration","createProxyAuthProviderFactory","oauth2ProxyAuthenticator"],"mappings":";;;;;;AAgCO,MAAM,cAAcA,2DAA8B,CAAA;AAAA,EACvD,OAAO,OAmBJ,EAAA;AACD,IAAA,OAAOC,6CAA+B,CAAA;AAAA,MACpC,aAAe,EAAAC,mEAAA;AAAA,MACf,kBAAkB,OAAS,EAAA,WAAA;AAAA,MAC3B,cAAA,EAAgB,SAAS,MAAQ,EAAA,QAAA;AAAA,KAClC,CAAA,CAAA;AAAA,GACH;AACF,CAAC;;;;"}
|
|
@@ -0,0 +1,37 @@
|
|
|
1
|
+
'use strict';
|
|
2
|
+
|
|
3
|
+
var createAuthProviderIntegration = require('../createAuthProviderIntegration.cjs.js');
|
|
4
|
+
var pluginAuthNode = require('@backstage/plugin-auth-node');
|
|
5
|
+
var pluginAuthBackendModuleOidcProvider = require('@backstage/plugin-auth-backend-module-oidc-provider');
|
|
6
|
+
var resolvers = require('../resolvers.cjs.js');
|
|
7
|
+
|
|
8
|
+
const oidc = createAuthProviderIntegration.createAuthProviderIntegration({
|
|
9
|
+
create(options) {
|
|
10
|
+
const authHandler = options?.authHandler;
|
|
11
|
+
const signInResolver = options?.signIn?.resolver;
|
|
12
|
+
return pluginAuthNode.createOAuthProviderFactory({
|
|
13
|
+
authenticator: pluginAuthBackendModuleOidcProvider.oidcAuthenticator,
|
|
14
|
+
profileTransform: authHandler && ((result, context) => authHandler(result.fullProfile, context)),
|
|
15
|
+
signInResolver: signInResolver && ((info, context) => signInResolver(
|
|
16
|
+
{
|
|
17
|
+
result: info.result.fullProfile,
|
|
18
|
+
profile: info.profile
|
|
19
|
+
},
|
|
20
|
+
context
|
|
21
|
+
))
|
|
22
|
+
});
|
|
23
|
+
},
|
|
24
|
+
resolvers: {
|
|
25
|
+
/**
|
|
26
|
+
* Looks up the user by matching their email local part to the entity name.
|
|
27
|
+
*/
|
|
28
|
+
emailLocalPartMatchingUserEntityName: () => resolvers.commonByEmailLocalPartResolver,
|
|
29
|
+
/**
|
|
30
|
+
* Looks up the user by matching their email to the entity email.
|
|
31
|
+
*/
|
|
32
|
+
emailMatchingUserEntityProfileEmail: () => resolvers.commonByEmailResolver
|
|
33
|
+
}
|
|
34
|
+
});
|
|
35
|
+
|
|
36
|
+
exports.oidc = oidc;
|
|
37
|
+
//# sourceMappingURL=provider.cjs.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"provider.cjs.js","sources":["../../../src/providers/oidc/provider.ts"],"sourcesContent":["/*\n * Copyright 2020 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { AuthHandler } from '../types';\nimport { createAuthProviderIntegration } from '../createAuthProviderIntegration';\nimport {\n createOAuthProviderFactory,\n AuthResolverContext,\n BackstageSignInResult,\n OAuthAuthenticatorResult,\n SignInInfo,\n SignInResolver,\n} from '@backstage/plugin-auth-node';\nimport {\n oidcAuthenticator,\n OidcAuthResult,\n} from '@backstage/plugin-auth-backend-module-oidc-provider';\nimport {\n commonByEmailLocalPartResolver,\n commonByEmailResolver,\n} from '../resolvers';\n\n/**\n * Auth provider integration for generic OpenID Connect auth\n *\n * @public\n */\nexport const oidc = createAuthProviderIntegration({\n create(options?: {\n /**\n * The profile transformation function used to verify and convert the auth response\n * into the profile that will be presented to the user.\n */\n authHandler?: AuthHandler<OidcAuthResult>;\n\n /**\n * Configure sign-in for this provider; convert user profile respones into\n * Backstage identities.\n */\n signIn?: {\n resolver: SignInResolver<OidcAuthResult>;\n };\n }) {\n const authHandler = options?.authHandler;\n const signInResolver = options?.signIn?.resolver;\n return createOAuthProviderFactory({\n authenticator: oidcAuthenticator,\n profileTransform:\n authHandler &&\n ((\n result: OAuthAuthenticatorResult<OidcAuthResult>,\n context: AuthResolverContext,\n ) => authHandler(result.fullProfile, context)),\n signInResolver:\n signInResolver &&\n ((\n info: SignInInfo<OAuthAuthenticatorResult<OidcAuthResult>>,\n context: AuthResolverContext,\n ): Promise<BackstageSignInResult> =>\n signInResolver(\n {\n result: info.result.fullProfile,\n profile: info.profile,\n },\n context,\n )),\n });\n },\n resolvers: {\n /**\n * Looks up the user by matching their email local part to the entity name.\n */\n emailLocalPartMatchingUserEntityName: () => commonByEmailLocalPartResolver,\n /**\n * Looks up the user by matching their email to the entity email.\n */\n emailMatchingUserEntityProfileEmail: () => commonByEmailResolver,\n },\n});\n"],"names":["createAuthProviderIntegration","createOAuthProviderFactory","oidcAuthenticator","commonByEmailLocalPartResolver","commonByEmailResolver"],"mappings":";;;;;;;AAwCO,MAAM,OAAOA,2DAA8B,CAAA;AAAA,EAChD,OAAO,OAcJ,EAAA;AACD,IAAA,MAAM,cAAc,OAAS,EAAA,WAAA,CAAA;AAC7B,IAAM,MAAA,cAAA,GAAiB,SAAS,MAAQ,EAAA,QAAA,CAAA;AACxC,IAAA,OAAOC,yCAA2B,CAAA;AAAA,MAChC,aAAe,EAAAC,qDAAA;AAAA,MACf,gBAAA,EACE,gBACC,CACC,MAAA,EACA,YACG,WAAY,CAAA,MAAA,CAAO,aAAa,OAAO,CAAA,CAAA;AAAA,MAC9C,cACE,EAAA,cAAA,KACC,CACC,IAAA,EACA,OAEA,KAAA,cAAA;AAAA,QACE;AAAA,UACE,MAAA,EAAQ,KAAK,MAAO,CAAA,WAAA;AAAA,UACpB,SAAS,IAAK,CAAA,OAAA;AAAA,SAChB;AAAA,QACA,OAAA;AAAA,OACF,CAAA;AAAA,KACL,CAAA,CAAA;AAAA,GACH;AAAA,EACA,SAAW,EAAA;AAAA;AAAA;AAAA;AAAA,IAIT,sCAAsC,MAAMC,wCAAA;AAAA;AAAA;AAAA;AAAA,IAI5C,qCAAqC,MAAMC,+BAAA;AAAA,GAC7C;AACF,CAAC;;;;"}
|
|
@@ -0,0 +1,47 @@
|
|
|
1
|
+
'use strict';
|
|
2
|
+
|
|
3
|
+
var createAuthProviderIntegration = require('../createAuthProviderIntegration.cjs.js');
|
|
4
|
+
var pluginAuthNode = require('@backstage/plugin-auth-node');
|
|
5
|
+
var adaptLegacyOAuthHandler = require('../../lib/legacy/adaptLegacyOAuthHandler.cjs.js');
|
|
6
|
+
var adaptLegacyOAuthSignInResolver = require('../../lib/legacy/adaptLegacyOAuthSignInResolver.cjs.js');
|
|
7
|
+
var pluginAuthBackendModuleOktaProvider = require('@backstage/plugin-auth-backend-module-okta-provider');
|
|
8
|
+
var resolvers = require('../resolvers.cjs.js');
|
|
9
|
+
|
|
10
|
+
const okta = createAuthProviderIntegration.createAuthProviderIntegration({
|
|
11
|
+
create(options) {
|
|
12
|
+
return pluginAuthNode.createOAuthProviderFactory({
|
|
13
|
+
authenticator: pluginAuthBackendModuleOktaProvider.oktaAuthenticator,
|
|
14
|
+
profileTransform: adaptLegacyOAuthHandler.adaptLegacyOAuthHandler(options?.authHandler),
|
|
15
|
+
signInResolver: adaptLegacyOAuthSignInResolver.adaptLegacyOAuthSignInResolver(options?.signIn?.resolver)
|
|
16
|
+
});
|
|
17
|
+
},
|
|
18
|
+
resolvers: {
|
|
19
|
+
/**
|
|
20
|
+
* Looks up the user by matching their email local part to the entity name.
|
|
21
|
+
*/
|
|
22
|
+
emailLocalPartMatchingUserEntityName: () => resolvers.commonByEmailLocalPartResolver,
|
|
23
|
+
/**
|
|
24
|
+
* Looks up the user by matching their email to the entity email.
|
|
25
|
+
*/
|
|
26
|
+
emailMatchingUserEntityProfileEmail: () => resolvers.commonByEmailResolver,
|
|
27
|
+
/**
|
|
28
|
+
* Looks up the user by matching their email to the `okta.com/email` annotation.
|
|
29
|
+
*/
|
|
30
|
+
emailMatchingUserEntityAnnotation() {
|
|
31
|
+
return async (info, ctx) => {
|
|
32
|
+
const { profile } = info;
|
|
33
|
+
if (!profile.email) {
|
|
34
|
+
throw new Error("Okta profile contained no email");
|
|
35
|
+
}
|
|
36
|
+
return ctx.signInWithCatalogUser({
|
|
37
|
+
annotations: {
|
|
38
|
+
"okta.com/email": profile.email
|
|
39
|
+
}
|
|
40
|
+
});
|
|
41
|
+
};
|
|
42
|
+
}
|
|
43
|
+
}
|
|
44
|
+
});
|
|
45
|
+
|
|
46
|
+
exports.okta = okta;
|
|
47
|
+
//# sourceMappingURL=provider.cjs.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"provider.cjs.js","sources":["../../../src/providers/okta/provider.ts"],"sourcesContent":["/*\n * Copyright 2020 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { AuthHandler } from '../types';\nimport { OAuthResult } from '../../lib/oauth';\n\nimport { createAuthProviderIntegration } from '../createAuthProviderIntegration';\nimport {\n SignInResolver,\n createOAuthProviderFactory,\n} from '@backstage/plugin-auth-node';\nimport {\n adaptLegacyOAuthHandler,\n adaptLegacyOAuthSignInResolver,\n} from '../../lib/legacy';\nimport { oktaAuthenticator } from '@backstage/plugin-auth-backend-module-okta-provider';\nimport {\n commonByEmailLocalPartResolver,\n commonByEmailResolver,\n} from '../resolvers';\n\n/**\n * Auth provider integration for Okta auth\n *\n * @public\n */\nexport const okta = createAuthProviderIntegration({\n create(options?: {\n /**\n * The profile transformation function used to verify and convert the auth response\n * into the profile that will be presented to the user.\n */\n authHandler?: AuthHandler<OAuthResult>;\n /**\n * Configure sign-in for this provider, without it the provider can not be used to sign users in.\n */\n signIn?: {\n resolver: SignInResolver<OAuthResult>;\n };\n }) {\n return createOAuthProviderFactory({\n authenticator: oktaAuthenticator,\n profileTransform: adaptLegacyOAuthHandler(options?.authHandler),\n signInResolver: adaptLegacyOAuthSignInResolver(options?.signIn?.resolver),\n });\n },\n resolvers: {\n /**\n * Looks up the user by matching their email local part to the entity name.\n */\n emailLocalPartMatchingUserEntityName: () => commonByEmailLocalPartResolver,\n /**\n * Looks up the user by matching their email to the entity email.\n */\n emailMatchingUserEntityProfileEmail: () => commonByEmailResolver,\n /**\n * Looks up the user by matching their email to the `okta.com/email` annotation.\n */\n emailMatchingUserEntityAnnotation(): SignInResolver<OAuthResult> {\n return async (info, ctx) => {\n const { profile } = info;\n\n if (!profile.email) {\n throw new Error('Okta profile contained no email');\n }\n\n return ctx.signInWithCatalogUser({\n annotations: {\n 'okta.com/email': profile.email,\n },\n });\n };\n },\n },\n});\n"],"names":["createAuthProviderIntegration","createOAuthProviderFactory","oktaAuthenticator","adaptLegacyOAuthHandler","adaptLegacyOAuthSignInResolver","commonByEmailLocalPartResolver","commonByEmailResolver"],"mappings":";;;;;;;;;AAuCO,MAAM,OAAOA,2DAA8B,CAAA;AAAA,EAChD,OAAO,OAYJ,EAAA;AACD,IAAA,OAAOC,yCAA2B,CAAA;AAAA,MAChC,aAAe,EAAAC,qDAAA;AAAA,MACf,gBAAA,EAAkBC,+CAAwB,CAAA,OAAA,EAAS,WAAW,CAAA;AAAA,MAC9D,cAAgB,EAAAC,6DAAA,CAA+B,OAAS,EAAA,MAAA,EAAQ,QAAQ,CAAA;AAAA,KACzE,CAAA,CAAA;AAAA,GACH;AAAA,EACA,SAAW,EAAA;AAAA;AAAA;AAAA;AAAA,IAIT,sCAAsC,MAAMC,wCAAA;AAAA;AAAA;AAAA;AAAA,IAI5C,qCAAqC,MAAMC,+BAAA;AAAA;AAAA;AAAA;AAAA,IAI3C,iCAAiE,GAAA;AAC/D,MAAO,OAAA,OAAO,MAAM,GAAQ,KAAA;AAC1B,QAAM,MAAA,EAAE,SAAY,GAAA,IAAA,CAAA;AAEpB,QAAI,IAAA,CAAC,QAAQ,KAAO,EAAA;AAClB,UAAM,MAAA,IAAI,MAAM,iCAAiC,CAAA,CAAA;AAAA,SACnD;AAEA,QAAA,OAAO,IAAI,qBAAsB,CAAA;AAAA,UAC/B,WAAa,EAAA;AAAA,YACX,kBAAkB,OAAQ,CAAA,KAAA;AAAA,WAC5B;AAAA,SACD,CAAA,CAAA;AAAA,OACH,CAAA;AAAA,KACF;AAAA,GACF;AACF,CAAC;;;;"}
|
|
@@ -0,0 +1,20 @@
|
|
|
1
|
+
'use strict';
|
|
2
|
+
|
|
3
|
+
var pluginAuthBackendModuleOneloginProvider = require('@backstage/plugin-auth-backend-module-onelogin-provider');
|
|
4
|
+
var pluginAuthNode = require('@backstage/plugin-auth-node');
|
|
5
|
+
var adaptLegacyOAuthHandler = require('../../lib/legacy/adaptLegacyOAuthHandler.cjs.js');
|
|
6
|
+
var adaptLegacyOAuthSignInResolver = require('../../lib/legacy/adaptLegacyOAuthSignInResolver.cjs.js');
|
|
7
|
+
var createAuthProviderIntegration = require('../createAuthProviderIntegration.cjs.js');
|
|
8
|
+
|
|
9
|
+
const onelogin = createAuthProviderIntegration.createAuthProviderIntegration({
|
|
10
|
+
create(options) {
|
|
11
|
+
return pluginAuthNode.createOAuthProviderFactory({
|
|
12
|
+
authenticator: pluginAuthBackendModuleOneloginProvider.oneLoginAuthenticator,
|
|
13
|
+
profileTransform: adaptLegacyOAuthHandler.adaptLegacyOAuthHandler(options?.authHandler),
|
|
14
|
+
signInResolver: adaptLegacyOAuthSignInResolver.adaptLegacyOAuthSignInResolver(options?.signIn?.resolver)
|
|
15
|
+
});
|
|
16
|
+
}
|
|
17
|
+
});
|
|
18
|
+
|
|
19
|
+
exports.onelogin = onelogin;
|
|
20
|
+
//# sourceMappingURL=provider.cjs.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"provider.cjs.js","sources":["../../../src/providers/onelogin/provider.ts"],"sourcesContent":["/*\n * Copyright 2020 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { oneLoginAuthenticator } from '@backstage/plugin-auth-backend-module-onelogin-provider';\nimport {\n SignInResolver,\n createOAuthProviderFactory,\n} from '@backstage/plugin-auth-node';\nimport {\n adaptLegacyOAuthHandler,\n adaptLegacyOAuthSignInResolver,\n} from '../../lib/legacy';\nimport { OAuthResult } from '../../lib/oauth';\nimport { createAuthProviderIntegration } from '../createAuthProviderIntegration';\nimport { AuthHandler } from '../types';\n\n/**\n * Auth provider integration for OneLogin auth\n *\n * @public\n */\nexport const onelogin = createAuthProviderIntegration({\n create(options?: {\n /**\n * The profile transformation function used to verify and convert the auth response\n * into the profile that will be presented to the user.\n */\n authHandler?: AuthHandler<OAuthResult>;\n\n /**\n * Configure sign-in for this provider, without it the provider can not be used to sign users in.\n */\n signIn?: {\n /**\n * Maps an auth result to a Backstage identity for the user.\n */\n resolver: SignInResolver<OAuthResult>;\n };\n }) {\n return createOAuthProviderFactory({\n authenticator: oneLoginAuthenticator,\n profileTransform: adaptLegacyOAuthHandler(options?.authHandler),\n signInResolver: adaptLegacyOAuthSignInResolver(options?.signIn?.resolver),\n });\n },\n});\n"],"names":["createAuthProviderIntegration","createOAuthProviderFactory","oneLoginAuthenticator","adaptLegacyOAuthHandler","adaptLegacyOAuthSignInResolver"],"mappings":";;;;;;;;AAkCO,MAAM,WAAWA,2DAA8B,CAAA;AAAA,EACpD,OAAO,OAgBJ,EAAA;AACD,IAAA,OAAOC,yCAA2B,CAAA;AAAA,MAChC,aAAe,EAAAC,6DAAA;AAAA,MACf,gBAAA,EAAkBC,+CAAwB,CAAA,OAAA,EAAS,WAAW,CAAA;AAAA,MAC9D,cAAgB,EAAAC,6DAAA,CAA+B,OAAS,EAAA,MAAA,EAAQ,QAAQ,CAAA;AAAA,KACzE,CAAA,CAAA;AAAA,GACH;AACF,CAAC;;;;"}
|
|
@@ -0,0 +1,8 @@
|
|
|
1
|
+
'use strict';
|
|
2
|
+
|
|
3
|
+
var pluginAuthNode = require('@backstage/plugin-auth-node');
|
|
4
|
+
|
|
5
|
+
const prepareBackstageIdentityResponse = pluginAuthNode.prepareBackstageIdentityResponse;
|
|
6
|
+
|
|
7
|
+
exports.prepareBackstageIdentityResponse = prepareBackstageIdentityResponse;
|
|
8
|
+
//# sourceMappingURL=prepareBackstageIdentityResponse.cjs.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"prepareBackstageIdentityResponse.cjs.js","sources":["../../src/providers/prepareBackstageIdentityResponse.ts"],"sourcesContent":["/*\n * Copyright 2020 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { prepareBackstageIdentityResponse as _prepareBackstageIdentityResponse } from '@backstage/plugin-auth-node';\n\n/**\n * @public\n * @deprecated import from `@backstage/plugin-auth-node` instead\n */\nexport const prepareBackstageIdentityResponse =\n _prepareBackstageIdentityResponse;\n"],"names":["_prepareBackstageIdentityResponse"],"mappings":";;;;AAsBO,MAAM,gCACX,GAAAA;;;;"}
|
|
@@ -0,0 +1,62 @@
|
|
|
1
|
+
'use strict';
|
|
2
|
+
|
|
3
|
+
var provider$e = require('./atlassian/provider.cjs.js');
|
|
4
|
+
var provider$5 = require('./auth0/provider.cjs.js');
|
|
5
|
+
var provider$b = require('./aws-alb/provider.cjs.js');
|
|
6
|
+
var provider$c = require('./bitbucket/provider.cjs.js');
|
|
7
|
+
var provider$f = require('./cloudflare-access/provider.cjs.js');
|
|
8
|
+
var provider$g = require('./gcp-iap/provider.cjs.js');
|
|
9
|
+
var provider$1 = require('./github/provider.cjs.js');
|
|
10
|
+
var provider$2 = require('./gitlab/provider.cjs.js');
|
|
11
|
+
var provider = require('./google/provider.cjs.js');
|
|
12
|
+
var provider$6 = require('./microsoft/provider.cjs.js');
|
|
13
|
+
var provider$8 = require('./oauth2/provider.cjs.js');
|
|
14
|
+
var provider$h = require('./oauth2-proxy/provider.cjs.js');
|
|
15
|
+
var provider$9 = require('./oidc/provider.cjs.js');
|
|
16
|
+
var provider$4 = require('./okta/provider.cjs.js');
|
|
17
|
+
var provider$a = require('./onelogin/provider.cjs.js');
|
|
18
|
+
var provider$3 = require('./saml/provider.cjs.js');
|
|
19
|
+
var provider$d = require('./bitbucketServer/provider.cjs.js');
|
|
20
|
+
var provider$7 = require('./azure-easyauth/provider.cjs.js');
|
|
21
|
+
|
|
22
|
+
const providers = Object.freeze({
|
|
23
|
+
atlassian: provider$e.atlassian,
|
|
24
|
+
auth0: provider$5.auth0,
|
|
25
|
+
awsAlb: provider$b.awsAlb,
|
|
26
|
+
bitbucket: provider$c.bitbucket,
|
|
27
|
+
bitbucketServer: provider$d.bitbucketServer,
|
|
28
|
+
cfAccess: provider$f.cfAccess,
|
|
29
|
+
gcpIap: provider$g.gcpIap,
|
|
30
|
+
github: provider$1.github,
|
|
31
|
+
gitlab: provider$2.gitlab,
|
|
32
|
+
google: provider.google,
|
|
33
|
+
microsoft: provider$6.microsoft,
|
|
34
|
+
oauth2: provider$8.oauth2,
|
|
35
|
+
oauth2Proxy: provider$h.oauth2Proxy,
|
|
36
|
+
oidc: provider$9.oidc,
|
|
37
|
+
okta: provider$4.okta,
|
|
38
|
+
onelogin: provider$a.onelogin,
|
|
39
|
+
saml: provider$3.saml,
|
|
40
|
+
easyAuth: provider$7.easyAuth
|
|
41
|
+
});
|
|
42
|
+
const defaultAuthProviderFactories = {
|
|
43
|
+
google: provider.google.create(),
|
|
44
|
+
github: provider$1.github.create(),
|
|
45
|
+
gitlab: provider$2.gitlab.create(),
|
|
46
|
+
saml: provider$3.saml.create(),
|
|
47
|
+
okta: provider$4.okta.create(),
|
|
48
|
+
auth0: provider$5.auth0.create(),
|
|
49
|
+
microsoft: provider$6.microsoft.create(),
|
|
50
|
+
easyAuth: provider$7.easyAuth.create(),
|
|
51
|
+
oauth2: provider$8.oauth2.create(),
|
|
52
|
+
oidc: provider$9.oidc.create(),
|
|
53
|
+
onelogin: provider$a.onelogin.create(),
|
|
54
|
+
awsalb: provider$b.awsAlb.create(),
|
|
55
|
+
bitbucket: provider$c.bitbucket.create(),
|
|
56
|
+
bitbucketServer: provider$d.bitbucketServer.create(),
|
|
57
|
+
atlassian: provider$e.atlassian.create()
|
|
58
|
+
};
|
|
59
|
+
|
|
60
|
+
exports.defaultAuthProviderFactories = defaultAuthProviderFactories;
|
|
61
|
+
exports.providers = providers;
|
|
62
|
+
//# sourceMappingURL=providers.cjs.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"providers.cjs.js","sources":["../../src/providers/providers.ts"],"sourcesContent":["/*\n * Copyright 2022 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { atlassian } from './atlassian';\nimport { auth0 } from './auth0';\nimport { awsAlb } from './aws-alb';\nimport { bitbucket } from './bitbucket';\nimport { cfAccess } from './cloudflare-access';\nimport { gcpIap } from './gcp-iap';\nimport { github } from './github';\nimport { gitlab } from './gitlab';\nimport { google } from './google';\nimport { microsoft } from './microsoft';\nimport { oauth2 } from './oauth2';\nimport { oauth2Proxy } from './oauth2-proxy';\nimport { oidc } from './oidc';\nimport { okta } from './okta';\nimport { onelogin } from './onelogin';\nimport { saml } from './saml';\nimport { bitbucketServer } from './bitbucketServer';\nimport { easyAuth } from './azure-easyauth';\nimport { AuthProviderFactory } from '@backstage/plugin-auth-node';\n\n/**\n * All built-in auth provider integrations.\n *\n * @public\n */\nexport const providers = Object.freeze({\n atlassian,\n auth0,\n awsAlb,\n bitbucket,\n bitbucketServer,\n cfAccess,\n gcpIap,\n github,\n gitlab,\n google,\n microsoft,\n oauth2,\n oauth2Proxy,\n oidc,\n okta,\n onelogin,\n saml,\n easyAuth,\n});\n\n/**\n * All auth provider factories that are installed by default.\n *\n * @public\n */\nexport const defaultAuthProviderFactories: {\n [providerId: string]: AuthProviderFactory;\n} = {\n google: google.create(),\n github: github.create(),\n gitlab: gitlab.create(),\n saml: saml.create(),\n okta: okta.create(),\n auth0: auth0.create(),\n microsoft: microsoft.create(),\n easyAuth: easyAuth.create(),\n oauth2: oauth2.create(),\n oidc: oidc.create(),\n onelogin: onelogin.create(),\n awsalb: awsAlb.create(),\n bitbucket: bitbucket.create(),\n bitbucketServer: bitbucketServer.create(),\n atlassian: atlassian.create(),\n};\n"],"names":["atlassian","auth0","awsAlb","bitbucket","bitbucketServer","cfAccess","gcpIap","github","gitlab","google","microsoft","oauth2","oauth2Proxy","oidc","okta","onelogin","saml","easyAuth"],"mappings":";;;;;;;;;;;;;;;;;;;;;AAyCa,MAAA,SAAA,GAAY,OAAO,MAAO,CAAA;AAAA,aACrCA,oBAAA;AAAA,SACAC,gBAAA;AAAA,UACAC,iBAAA;AAAA,aACAC,oBAAA;AAAA,mBACAC,0BAAA;AAAA,YACAC,mBAAA;AAAA,UACAC,iBAAA;AAAA,UACAC,iBAAA;AAAA,UACAC,iBAAA;AAAA,UACAC,eAAA;AAAA,aACAC,oBAAA;AAAA,UACAC,iBAAA;AAAA,eACAC,sBAAA;AAAA,QACAC,eAAA;AAAA,QACAC,eAAA;AAAA,YACAC,mBAAA;AAAA,QACAC,eAAA;AAAA,YACAC,mBAAA;AACF,CAAC,EAAA;AAOM,MAAM,4BAET,GAAA;AAAA,EACF,MAAA,EAAQR,gBAAO,MAAO,EAAA;AAAA,EACtB,MAAA,EAAQF,kBAAO,MAAO,EAAA;AAAA,EACtB,MAAA,EAAQC,kBAAO,MAAO,EAAA;AAAA,EACtB,IAAA,EAAMQ,gBAAK,MAAO,EAAA;AAAA,EAClB,IAAA,EAAMF,gBAAK,MAAO,EAAA;AAAA,EAClB,KAAA,EAAOb,iBAAM,MAAO,EAAA;AAAA,EACpB,SAAA,EAAWS,qBAAU,MAAO,EAAA;AAAA,EAC5B,QAAA,EAAUO,oBAAS,MAAO,EAAA;AAAA,EAC1B,MAAA,EAAQN,kBAAO,MAAO,EAAA;AAAA,EACtB,IAAA,EAAME,gBAAK,MAAO,EAAA;AAAA,EAClB,QAAA,EAAUE,oBAAS,MAAO,EAAA;AAAA,EAC1B,MAAA,EAAQb,kBAAO,MAAO,EAAA;AAAA,EACtB,SAAA,EAAWC,qBAAU,MAAO,EAAA;AAAA,EAC5B,eAAA,EAAiBC,2BAAgB,MAAO,EAAA;AAAA,EACxC,SAAA,EAAWJ,qBAAU,MAAO,EAAA;AAC9B;;;;;"}
|
|
@@ -0,0 +1,27 @@
|
|
|
1
|
+
'use strict';
|
|
2
|
+
|
|
3
|
+
const commonByEmailLocalPartResolver = async (info, ctx) => {
|
|
4
|
+
const { profile } = info;
|
|
5
|
+
if (!profile.email) {
|
|
6
|
+
throw new Error("Login failed, user profile does not contain an email");
|
|
7
|
+
}
|
|
8
|
+
const [localPart] = profile.email.split("@");
|
|
9
|
+
return ctx.signInWithCatalogUser({
|
|
10
|
+
entityRef: { name: localPart }
|
|
11
|
+
});
|
|
12
|
+
};
|
|
13
|
+
const commonByEmailResolver = async (info, ctx) => {
|
|
14
|
+
const { profile } = info;
|
|
15
|
+
if (!profile.email) {
|
|
16
|
+
throw new Error("Login failed, user profile does not contain an email");
|
|
17
|
+
}
|
|
18
|
+
return ctx.signInWithCatalogUser({
|
|
19
|
+
filter: {
|
|
20
|
+
"spec.profile.email": profile.email
|
|
21
|
+
}
|
|
22
|
+
});
|
|
23
|
+
};
|
|
24
|
+
|
|
25
|
+
exports.commonByEmailLocalPartResolver = commonByEmailLocalPartResolver;
|
|
26
|
+
exports.commonByEmailResolver = commonByEmailResolver;
|
|
27
|
+
//# sourceMappingURL=resolvers.cjs.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"resolvers.cjs.js","sources":["../../src/providers/resolvers.ts"],"sourcesContent":["/*\n * Copyright 2022 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { SignInResolver } from '@backstage/plugin-auth-node';\n\n/**\n * A common sign-in resolver that looks up the user using the local part of\n * their email address as the entity name.\n */\nexport const commonByEmailLocalPartResolver: SignInResolver<unknown> = async (\n info,\n ctx,\n) => {\n const { profile } = info;\n\n if (!profile.email) {\n throw new Error('Login failed, user profile does not contain an email');\n }\n const [localPart] = profile.email.split('@');\n\n return ctx.signInWithCatalogUser({\n entityRef: { name: localPart },\n });\n};\n\n/**\n * A common sign-in resolver that looks up the user using their email address\n * as email of the entity.\n */\nexport const commonByEmailResolver: SignInResolver<unknown> = async (\n info,\n ctx,\n) => {\n const { profile } = info;\n\n if (!profile.email) {\n throw new Error('Login failed, user profile does not contain an email');\n }\n\n return ctx.signInWithCatalogUser({\n filter: {\n 'spec.profile.email': profile.email,\n },\n });\n};\n"],"names":[],"mappings":";;AAsBa,MAAA,8BAAA,GAA0D,OACrE,IAAA,EACA,GACG,KAAA;AACH,EAAM,MAAA,EAAE,SAAY,GAAA,IAAA,CAAA;AAEpB,EAAI,IAAA,CAAC,QAAQ,KAAO,EAAA;AAClB,IAAM,MAAA,IAAI,MAAM,sDAAsD,CAAA,CAAA;AAAA,GACxE;AACA,EAAA,MAAM,CAAC,SAAS,CAAA,GAAI,OAAQ,CAAA,KAAA,CAAM,MAAM,GAAG,CAAA,CAAA;AAE3C,EAAA,OAAO,IAAI,qBAAsB,CAAA;AAAA,IAC/B,SAAA,EAAW,EAAE,IAAA,EAAM,SAAU,EAAA;AAAA,GAC9B,CAAA,CAAA;AACH,EAAA;AAMa,MAAA,qBAAA,GAAiD,OAC5D,IAAA,EACA,GACG,KAAA;AACH,EAAM,MAAA,EAAE,SAAY,GAAA,IAAA,CAAA;AAEpB,EAAI,IAAA,CAAC,QAAQ,KAAO,EAAA;AAClB,IAAM,MAAA,IAAI,MAAM,sDAAsD,CAAA,CAAA;AAAA,GACxE;AAEA,EAAA,OAAO,IAAI,qBAAsB,CAAA;AAAA,IAC/B,MAAQ,EAAA;AAAA,MACN,sBAAsB,OAAQ,CAAA,KAAA;AAAA,KAChC;AAAA,GACD,CAAA,CAAA;AACH;;;;;"}
|
|
@@ -0,0 +1,111 @@
|
|
|
1
|
+
'use strict';
|
|
2
|
+
|
|
3
|
+
var catalogClient = require('@backstage/catalog-client');
|
|
4
|
+
var errors = require('@backstage/errors');
|
|
5
|
+
var Router = require('express-promise-router');
|
|
6
|
+
var minimatch = require('minimatch');
|
|
7
|
+
var CatalogAuthResolverContext = require('../lib/resolvers/CatalogAuthResolverContext.cjs.js');
|
|
8
|
+
|
|
9
|
+
function _interopDefaultCompat (e) { return e && typeof e === 'object' && 'default' in e ? e : { default: e }; }
|
|
10
|
+
|
|
11
|
+
var Router__default = /*#__PURE__*/_interopDefaultCompat(Router);
|
|
12
|
+
|
|
13
|
+
function bindProviderRouters(targetRouter, options) {
|
|
14
|
+
const {
|
|
15
|
+
providers,
|
|
16
|
+
appUrl,
|
|
17
|
+
baseUrl,
|
|
18
|
+
config,
|
|
19
|
+
logger,
|
|
20
|
+
discovery,
|
|
21
|
+
auth,
|
|
22
|
+
httpAuth,
|
|
23
|
+
tokenManager,
|
|
24
|
+
tokenIssuer,
|
|
25
|
+
catalogApi,
|
|
26
|
+
ownershipResolver
|
|
27
|
+
} = options;
|
|
28
|
+
const providersConfig = config.getOptionalConfig("auth.providers");
|
|
29
|
+
const isOriginAllowed = createOriginFilter(config);
|
|
30
|
+
for (const [providerId, providerFactory] of Object.entries(providers)) {
|
|
31
|
+
if (providersConfig?.has(providerId)) {
|
|
32
|
+
logger.info(`Configuring auth provider: ${providerId}`);
|
|
33
|
+
try {
|
|
34
|
+
const provider = providerFactory({
|
|
35
|
+
providerId,
|
|
36
|
+
appUrl,
|
|
37
|
+
baseUrl,
|
|
38
|
+
isOriginAllowed,
|
|
39
|
+
globalConfig: {
|
|
40
|
+
baseUrl,
|
|
41
|
+
appUrl,
|
|
42
|
+
isOriginAllowed
|
|
43
|
+
},
|
|
44
|
+
config: providersConfig.getConfig(providerId),
|
|
45
|
+
logger,
|
|
46
|
+
resolverContext: CatalogAuthResolverContext.CatalogAuthResolverContext.create({
|
|
47
|
+
logger,
|
|
48
|
+
catalogApi: catalogApi ?? new catalogClient.CatalogClient({ discoveryApi: discovery }),
|
|
49
|
+
tokenIssuer,
|
|
50
|
+
tokenManager,
|
|
51
|
+
discovery,
|
|
52
|
+
auth,
|
|
53
|
+
httpAuth,
|
|
54
|
+
ownershipResolver
|
|
55
|
+
})
|
|
56
|
+
});
|
|
57
|
+
const r = Router__default.default();
|
|
58
|
+
r.get("/start", provider.start.bind(provider));
|
|
59
|
+
r.get("/handler/frame", provider.frameHandler.bind(provider));
|
|
60
|
+
r.post("/handler/frame", provider.frameHandler.bind(provider));
|
|
61
|
+
if (provider.logout) {
|
|
62
|
+
r.post("/logout", provider.logout.bind(provider));
|
|
63
|
+
}
|
|
64
|
+
if (provider.refresh) {
|
|
65
|
+
r.get("/refresh", provider.refresh.bind(provider));
|
|
66
|
+
r.post("/refresh", provider.refresh.bind(provider));
|
|
67
|
+
}
|
|
68
|
+
targetRouter.use(`/${providerId}`, r);
|
|
69
|
+
} catch (e) {
|
|
70
|
+
errors.assertError(e);
|
|
71
|
+
if (process.env.NODE_ENV !== "development") {
|
|
72
|
+
throw new Error(
|
|
73
|
+
`Failed to initialize ${providerId} auth provider, ${e.message}`
|
|
74
|
+
);
|
|
75
|
+
}
|
|
76
|
+
logger.warn(`Skipping ${providerId} auth provider, ${e.message}`);
|
|
77
|
+
targetRouter.use(`/${providerId}`, () => {
|
|
78
|
+
throw new errors.NotFoundError(
|
|
79
|
+
`Auth provider registered for '${providerId}' is misconfigured. This could mean the configs under auth.providers.${providerId} are missing or the environment variables used are not defined. Check the auth backend plugin logs when the backend starts to see more details.`
|
|
80
|
+
);
|
|
81
|
+
});
|
|
82
|
+
}
|
|
83
|
+
} else {
|
|
84
|
+
targetRouter.use(`/${providerId}`, () => {
|
|
85
|
+
throw new errors.NotFoundError(
|
|
86
|
+
`No auth provider registered for '${providerId}'`
|
|
87
|
+
);
|
|
88
|
+
});
|
|
89
|
+
}
|
|
90
|
+
}
|
|
91
|
+
}
|
|
92
|
+
function createOriginFilter(config) {
|
|
93
|
+
const appUrl = config.getString("app.baseUrl");
|
|
94
|
+
const { origin: appOrigin } = new URL(appUrl);
|
|
95
|
+
const allowedOrigins = config.getOptionalStringArray(
|
|
96
|
+
"auth.experimentalExtraAllowedOrigins"
|
|
97
|
+
);
|
|
98
|
+
const allowedOriginPatterns = allowedOrigins?.map(
|
|
99
|
+
(pattern) => new minimatch.Minimatch(pattern, { nocase: true, noglobstar: true })
|
|
100
|
+
) ?? [];
|
|
101
|
+
return (origin) => {
|
|
102
|
+
if (origin === appOrigin) {
|
|
103
|
+
return true;
|
|
104
|
+
}
|
|
105
|
+
return allowedOriginPatterns.some((pattern) => pattern.match(origin));
|
|
106
|
+
};
|
|
107
|
+
}
|
|
108
|
+
|
|
109
|
+
exports.bindProviderRouters = bindProviderRouters;
|
|
110
|
+
exports.createOriginFilter = createOriginFilter;
|
|
111
|
+
//# sourceMappingURL=router.cjs.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"router.cjs.js","sources":["../../src/providers/router.ts"],"sourcesContent":["/*\n * Copyright 2024 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport {\n PluginEndpointDiscovery,\n TokenManager,\n} from '@backstage/backend-common';\nimport {\n AuthService,\n HttpAuthService,\n LoggerService,\n} from '@backstage/backend-plugin-api';\nimport { CatalogApi, CatalogClient } from '@backstage/catalog-client';\nimport { Config } from '@backstage/config';\nimport { assertError, NotFoundError } from '@backstage/errors';\nimport {\n AuthOwnershipResolver,\n AuthProviderFactory,\n} from '@backstage/plugin-auth-node';\nimport express from 'express';\nimport Router from 'express-promise-router';\nimport { Minimatch } from 'minimatch';\nimport { CatalogAuthResolverContext } from '../lib/resolvers/CatalogAuthResolverContext';\nimport { TokenIssuer } from '../identity/types';\n\n/** @public */\nexport type ProviderFactories = { [s: string]: AuthProviderFactory };\n\nexport function bindProviderRouters(\n targetRouter: express.Router,\n options: {\n providers: ProviderFactories;\n appUrl: string;\n baseUrl: string;\n config: Config;\n logger: LoggerService;\n discovery: PluginEndpointDiscovery;\n auth: AuthService;\n httpAuth: HttpAuthService;\n tokenManager?: TokenManager;\n tokenIssuer: TokenIssuer;\n ownershipResolver?: AuthOwnershipResolver;\n catalogApi?: CatalogApi;\n },\n) {\n const {\n providers,\n appUrl,\n baseUrl,\n config,\n logger,\n discovery,\n auth,\n httpAuth,\n tokenManager,\n tokenIssuer,\n catalogApi,\n ownershipResolver,\n } = options;\n\n const providersConfig = config.getOptionalConfig('auth.providers');\n\n const isOriginAllowed = createOriginFilter(config);\n\n for (const [providerId, providerFactory] of Object.entries(providers)) {\n if (providersConfig?.has(providerId)) {\n logger.info(`Configuring auth provider: ${providerId}`);\n try {\n const provider = providerFactory({\n providerId,\n appUrl,\n baseUrl,\n isOriginAllowed,\n globalConfig: {\n baseUrl,\n appUrl,\n isOriginAllowed,\n },\n config: providersConfig.getConfig(providerId),\n logger,\n resolverContext: CatalogAuthResolverContext.create({\n logger,\n catalogApi:\n catalogApi ?? new CatalogClient({ discoveryApi: discovery }),\n tokenIssuer,\n tokenManager,\n discovery,\n auth,\n httpAuth,\n ownershipResolver,\n }),\n });\n\n const r = Router();\n\n r.get('/start', provider.start.bind(provider));\n r.get('/handler/frame', provider.frameHandler.bind(provider));\n r.post('/handler/frame', provider.frameHandler.bind(provider));\n if (provider.logout) {\n r.post('/logout', provider.logout.bind(provider));\n }\n if (provider.refresh) {\n r.get('/refresh', provider.refresh.bind(provider));\n r.post('/refresh', provider.refresh.bind(provider));\n }\n\n targetRouter.use(`/${providerId}`, r);\n } catch (e) {\n assertError(e);\n if (process.env.NODE_ENV !== 'development') {\n throw new Error(\n `Failed to initialize ${providerId} auth provider, ${e.message}`,\n );\n }\n\n logger.warn(`Skipping ${providerId} auth provider, ${e.message}`);\n\n targetRouter.use(`/${providerId}`, () => {\n // If the user added the provider under auth.providers but the clientId and clientSecret etc. were not found.\n throw new NotFoundError(\n `Auth provider registered for '${providerId}' is misconfigured. This could mean the configs under ` +\n `auth.providers.${providerId} are missing or the environment variables used are not defined. ` +\n `Check the auth backend plugin logs when the backend starts to see more details.`,\n );\n });\n }\n } else {\n targetRouter.use(`/${providerId}`, () => {\n throw new NotFoundError(\n `No auth provider registered for '${providerId}'`,\n );\n });\n }\n }\n}\n\n/** @public */\nexport function createOriginFilter(\n config: Config,\n): (origin: string) => boolean {\n const appUrl = config.getString('app.baseUrl');\n const { origin: appOrigin } = new URL(appUrl);\n\n const allowedOrigins = config.getOptionalStringArray(\n 'auth.experimentalExtraAllowedOrigins',\n );\n\n const allowedOriginPatterns =\n allowedOrigins?.map(\n pattern => new Minimatch(pattern, { nocase: true, noglobstar: true }),\n ) ?? [];\n\n return origin => {\n if (origin === appOrigin) {\n return true;\n }\n return allowedOriginPatterns.some(pattern => pattern.match(origin));\n };\n}\n"],"names":["CatalogAuthResolverContext","CatalogClient","Router","assertError","NotFoundError","Minimatch"],"mappings":";;;;;;;;;;;;AAyCgB,SAAA,mBAAA,CACd,cACA,OAcA,EAAA;AACA,EAAM,MAAA;AAAA,IACJ,SAAA;AAAA,IACA,MAAA;AAAA,IACA,OAAA;AAAA,IACA,MAAA;AAAA,IACA,MAAA;AAAA,IACA,SAAA;AAAA,IACA,IAAA;AAAA,IACA,QAAA;AAAA,IACA,YAAA;AAAA,IACA,WAAA;AAAA,IACA,UAAA;AAAA,IACA,iBAAA;AAAA,GACE,GAAA,OAAA,CAAA;AAEJ,EAAM,MAAA,eAAA,GAAkB,MAAO,CAAA,iBAAA,CAAkB,gBAAgB,CAAA,CAAA;AAEjE,EAAM,MAAA,eAAA,GAAkB,mBAAmB,MAAM,CAAA,CAAA;AAEjD,EAAA,KAAA,MAAW,CAAC,UAAY,EAAA,eAAe,KAAK,MAAO,CAAA,OAAA,CAAQ,SAAS,CAAG,EAAA;AACrE,IAAI,IAAA,eAAA,EAAiB,GAAI,CAAA,UAAU,CAAG,EAAA;AACpC,MAAO,MAAA,CAAA,IAAA,CAAK,CAA8B,2BAAA,EAAA,UAAU,CAAE,CAAA,CAAA,CAAA;AACtD,MAAI,IAAA;AACF,QAAA,MAAM,WAAW,eAAgB,CAAA;AAAA,UAC/B,UAAA;AAAA,UACA,MAAA;AAAA,UACA,OAAA;AAAA,UACA,eAAA;AAAA,UACA,YAAc,EAAA;AAAA,YACZ,OAAA;AAAA,YACA,MAAA;AAAA,YACA,eAAA;AAAA,WACF;AAAA,UACA,MAAA,EAAQ,eAAgB,CAAA,SAAA,CAAU,UAAU,CAAA;AAAA,UAC5C,MAAA;AAAA,UACA,eAAA,EAAiBA,sDAA2B,MAAO,CAAA;AAAA,YACjD,MAAA;AAAA,YACA,YACE,UAAc,IAAA,IAAIC,4BAAc,EAAE,YAAA,EAAc,WAAW,CAAA;AAAA,YAC7D,WAAA;AAAA,YACA,YAAA;AAAA,YACA,SAAA;AAAA,YACA,IAAA;AAAA,YACA,QAAA;AAAA,YACA,iBAAA;AAAA,WACD,CAAA;AAAA,SACF,CAAA,CAAA;AAED,QAAA,MAAM,IAAIC,uBAAO,EAAA,CAAA;AAEjB,QAAA,CAAA,CAAE,IAAI,QAAU,EAAA,QAAA,CAAS,KAAM,CAAA,IAAA,CAAK,QAAQ,CAAC,CAAA,CAAA;AAC7C,QAAA,CAAA,CAAE,IAAI,gBAAkB,EAAA,QAAA,CAAS,YAAa,CAAA,IAAA,CAAK,QAAQ,CAAC,CAAA,CAAA;AAC5D,QAAA,CAAA,CAAE,KAAK,gBAAkB,EAAA,QAAA,CAAS,YAAa,CAAA,IAAA,CAAK,QAAQ,CAAC,CAAA,CAAA;AAC7D,QAAA,IAAI,SAAS,MAAQ,EAAA;AACnB,UAAA,CAAA,CAAE,KAAK,SAAW,EAAA,QAAA,CAAS,MAAO,CAAA,IAAA,CAAK,QAAQ,CAAC,CAAA,CAAA;AAAA,SAClD;AACA,QAAA,IAAI,SAAS,OAAS,EAAA;AACpB,UAAA,CAAA,CAAE,IAAI,UAAY,EAAA,QAAA,CAAS,OAAQ,CAAA,IAAA,CAAK,QAAQ,CAAC,CAAA,CAAA;AACjD,UAAA,CAAA,CAAE,KAAK,UAAY,EAAA,QAAA,CAAS,OAAQ,CAAA,IAAA,CAAK,QAAQ,CAAC,CAAA,CAAA;AAAA,SACpD;AAEA,QAAA,YAAA,CAAa,GAAI,CAAA,CAAA,CAAA,EAAI,UAAU,CAAA,CAAA,EAAI,CAAC,CAAA,CAAA;AAAA,eAC7B,CAAG,EAAA;AACV,QAAAC,kBAAA,CAAY,CAAC,CAAA,CAAA;AACb,QAAI,IAAA,OAAA,CAAQ,GAAI,CAAA,QAAA,KAAa,aAAe,EAAA;AAC1C,UAAA,MAAM,IAAI,KAAA;AAAA,YACR,CAAwB,qBAAA,EAAA,UAAU,CAAmB,gBAAA,EAAA,CAAA,CAAE,OAAO,CAAA,CAAA;AAAA,WAChE,CAAA;AAAA,SACF;AAEA,QAAA,MAAA,CAAO,KAAK,CAAY,SAAA,EAAA,UAAU,CAAmB,gBAAA,EAAA,CAAA,CAAE,OAAO,CAAE,CAAA,CAAA,CAAA;AAEhE,QAAA,YAAA,CAAa,GAAI,CAAA,CAAA,CAAA,EAAI,UAAU,CAAA,CAAA,EAAI,MAAM;AAEvC,UAAA,MAAM,IAAIC,oBAAA;AAAA,YACR,CAAA,8BAAA,EAAiC,UAAU,CAAA,qEAAA,EACvB,UAAU,CAAA,+IAAA,CAAA;AAAA,WAEhC,CAAA;AAAA,SACD,CAAA,CAAA;AAAA,OACH;AAAA,KACK,MAAA;AACL,MAAA,YAAA,CAAa,GAAI,CAAA,CAAA,CAAA,EAAI,UAAU,CAAA,CAAA,EAAI,MAAM;AACvC,QAAA,MAAM,IAAIA,oBAAA;AAAA,UACR,oCAAoC,UAAU,CAAA,CAAA,CAAA;AAAA,SAChD,CAAA;AAAA,OACD,CAAA,CAAA;AAAA,KACH;AAAA,GACF;AACF,CAAA;AAGO,SAAS,mBACd,MAC6B,EAAA;AAC7B,EAAM,MAAA,MAAA,GAAS,MAAO,CAAA,SAAA,CAAU,aAAa,CAAA,CAAA;AAC7C,EAAA,MAAM,EAAE,MAAQ,EAAA,SAAA,EAAc,GAAA,IAAI,IAAI,MAAM,CAAA,CAAA;AAE5C,EAAA,MAAM,iBAAiB,MAAO,CAAA,sBAAA;AAAA,IAC5B,sCAAA;AAAA,GACF,CAAA;AAEA,EAAA,MAAM,wBACJ,cAAgB,EAAA,GAAA;AAAA,IACd,CAAA,OAAA,KAAW,IAAIC,mBAAU,CAAA,OAAA,EAAS,EAAE,MAAQ,EAAA,IAAA,EAAM,UAAY,EAAA,IAAA,EAAM,CAAA;AAAA,OACjE,EAAC,CAAA;AAER,EAAA,OAAO,CAAU,MAAA,KAAA;AACf,IAAA,IAAI,WAAW,SAAW,EAAA;AACxB,MAAO,OAAA,IAAA,CAAA;AAAA,KACT;AACA,IAAA,OAAO,sBAAsB,IAAK,CAAA,CAAA,OAAA,KAAW,OAAQ,CAAA,KAAA,CAAM,MAAM,CAAC,CAAA,CAAA;AAAA,GACpE,CAAA;AACF;;;;;"}
|