@backstage/plugin-auth-backend 0.23.1-next.0 → 0.23.1

package/dist/lib/passport/PassportStrategyHelper.cjs.js

@@ -0,0 +1,48 @@
+'use strict';
+
+require('jose');
+
+const executeRedirectStrategy = async (req, providerStrategy, options) => {
+  return new Promise((resolve) => {
+    const strategy = Object.create(providerStrategy);
+    strategy.redirect = (url, status) => {
+      resolve({ url, status: status ?? void 0 });
+    };
+    strategy.authenticate(req, { ...options });
+  });
+};
+const executeFrameHandlerStrategy = async (req, providerStrategy, options) => {
+  return new Promise(
+    (resolve, reject) => {
+      const strategy = Object.create(providerStrategy);
+      strategy.success = (result, privateInfo) => {
+        resolve({ result, privateInfo });
+      };
+      strategy.fail = (info) => {
+        reject(new Error(`Authentication rejected, ${info.message ?? ""}`));
+      };
+      strategy.error = (error) => {
+        let message = `Authentication failed, ${error.message}`;
+        if (error.oauthError?.data) {
+          try {
+            const errorData = JSON.parse(error.oauthError.data);
+            if (errorData.message) {
+              message += ` - ${errorData.message}`;
+            }
+          } catch (parseError) {
+            message += ` - ${error.oauthError}`;
+          }
+        }
+        reject(new Error(message));
+      };
+      strategy.redirect = () => {
+        reject(new Error("Unexpected redirect"));
+      };
+      strategy.authenticate(req, { ...{} });
+    }
+  );
+};
+
+exports.executeFrameHandlerStrategy = executeFrameHandlerStrategy;
+exports.executeRedirectStrategy = executeRedirectStrategy;
+//# sourceMappingURL=PassportStrategyHelper.cjs.js.map

package/dist/lib/passport/PassportStrategyHelper.cjs.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"PassportStrategyHelper.cjs.js","sources":["../../../src/lib/passport/PassportStrategyHelper.ts"],"sourcesContent":["/*\n * Copyright 2020 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n *     http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport express from 'express';\nimport passport from 'passport';\nimport { decodeJwt } from 'jose';\nimport { InternalOAuthError } from 'passport-oauth2';\nimport { ProfileInfo } from '@backstage/plugin-auth-node';\nimport { PassportProfile } from './types';\nimport { OAuthStartResponse } from '../../providers/types';\n\nexport type PassportDoneCallback<Res, Private = never> = (\n  err?: Error,\n  response?: Res,\n  privateInfo?: Private,\n) => void;\n\nexport const makeProfileInfo = (\n  profile: PassportProfile,\n  idToken?: string,\n): ProfileInfo => {\n  let email: string | undefined = undefined;\n  if (profile.emails && profile.emails.length > 0) {\n    const [firstEmail] = profile.emails;\n    email = firstEmail.value;\n  }\n\n  let picture: string | undefined = undefined;\n  if (profile.avatarUrl) {\n    picture = profile.avatarUrl;\n  } else if (profile.photos && profile.photos.length > 0) {\n    const [firstPhoto] = profile.photos;\n    picture = firstPhoto.value;\n  }\n\n  let displayName: string | undefined =\n    profile.displayName ?? profile.username ?? profile.id;\n\n  if ((!email || !picture || !displayName) && idToken) {\n    try {\n      const decoded = decodeJwt(idToken) as {\n        email?: string;\n        name?: string;\n        picture?: string;\n      };\n      if (!email && decoded.email) {\n        email = decoded.email;\n      }\n      if (!picture && decoded.picture) {\n        picture = decoded.picture;\n      }\n      if (!displayName && decoded.name) {\n        displayName = decoded.name;\n      }\n    } catch (e) {\n      throw new Error(`Failed to parse id token and get profile info, ${e}`);\n    }\n  }\n\n  return {\n    email,\n    picture,\n    displayName,\n  };\n};\n\nexport const executeRedirectStrategy = async (\n  req: express.Request,\n  providerStrategy: passport.Strategy,\n  options: Record<string, string>,\n): Promise<OAuthStartResponse> => {\n  return new Promise(resolve => {\n    const strategy = Object.create(providerStrategy);\n    strategy.redirect = (url: string, status?: number) => {\n      resolve({ url, status: status ?? undefined });\n    };\n\n    strategy.authenticate(req, { ...options });\n  });\n};\n\nexport const executeFrameHandlerStrategy = async <Result, PrivateInfo = never>(\n  req: express.Request,\n  providerStrategy: passport.Strategy,\n  options?: Record<string, string>,\n) => {\n  return new Promise<{ result: Result; privateInfo: PrivateInfo }>(\n    (resolve, reject) => {\n      const strategy = Object.create(providerStrategy);\n      strategy.success = (result: any, privateInfo: any) => {\n        resolve({ result, privateInfo });\n      };\n      strategy.fail = (\n        info: { type: 'success' | 'error'; message?: string },\n        // _status: number,\n      ) => {\n        reject(new Error(`Authentication rejected, ${info.message ?? ''}`));\n      };\n      strategy.error = (error: InternalOAuthError) => {\n        let message = `Authentication failed, ${error.message}`;\n\n        if (error.oauthError?.data) {\n          try {\n            const errorData = JSON.parse(error.oauthError.data);\n\n            if (errorData.message) {\n              message += ` - ${errorData.message}`;\n            }\n          } catch (parseError) {\n            message += ` - ${error.oauthError}`;\n          }\n        }\n\n        reject(new Error(message));\n      };\n      strategy.redirect = () => {\n        reject(new Error('Unexpected redirect'));\n      };\n      strategy.authenticate(req, { ...(options ?? {}) });\n    },\n  );\n};\n\ntype RefreshTokenResponse = {\n  /**\n   * An access token issued for the signed in user.\n   */\n  accessToken: string;\n  /**\n   * Optionally, the server can issue a new Refresh Token for the user\n   */\n  refreshToken?: string;\n  params: any;\n};\n\nexport const executeRefreshTokenStrategy = async (\n  providerStrategy: passport.Strategy,\n  refreshToken: string,\n  scope: string,\n): Promise<RefreshTokenResponse> => {\n  return new Promise((resolve, reject) => {\n    const anyStrategy = providerStrategy as any;\n    const OAuth2 = anyStrategy._oauth2.constructor;\n    const oauth2 = new OAuth2(\n      anyStrategy._oauth2._clientId,\n      anyStrategy._oauth2._clientSecret,\n      anyStrategy._oauth2._baseSite,\n      anyStrategy._oauth2._authorizeUrl,\n      anyStrategy._refreshURL || anyStrategy._oauth2._accessTokenUrl,\n      anyStrategy._oauth2._customHeaders,\n    );\n\n    oauth2.getOAuthAccessToken(\n      refreshToken,\n      {\n        scope,\n        grant_type: 'refresh_token',\n      },\n      (\n        err: Error | null,\n        accessToken: string,\n        newRefreshToken: string,\n        params: any,\n      ) => {\n        if (err) {\n          reject(new Error(`Failed to refresh access token ${err.toString()}`));\n        }\n        if (!accessToken) {\n          reject(\n            new Error(\n              `Failed to refresh access token, no access token received`,\n            ),\n          );\n        }\n\n        resolve({\n          accessToken,\n          refreshToken: newRefreshToken,\n          params,\n        });\n      },\n    );\n  });\n};\n\ntype ProviderStrategy = {\n  userProfile(accessToken: string, callback: Function): void;\n};\n\nexport const executeFetchUserProfileStrategy = async (\n  providerStrategy: passport.Strategy,\n  accessToken: string,\n): Promise<PassportProfile> => {\n  return new Promise((resolve, reject) => {\n    const anyStrategy = providerStrategy as unknown as ProviderStrategy;\n    anyStrategy.userProfile(\n      accessToken,\n      (error: Error, rawProfile: PassportProfile) => {\n        if (error) {\n          reject(error);\n        } else {\n          resolve(rawProfile);\n        }\n      },\n    );\n  });\n};\n"],"names":[],"mappings":";;;;AA+EO,MAAM,uBAA0B,GAAA,OACrC,GACA,EAAA,gBAAA,EACA,OACgC,KAAA;AAChC,EAAO,OAAA,IAAI,QAAQ,CAAW,OAAA,KAAA;AAC5B,IAAM,MAAA,QAAA,GAAW,MAAO,CAAA,MAAA,CAAO,gBAAgB,CAAA,CAAA;AAC/C,IAAS,QAAA,CAAA,QAAA,GAAW,CAAC,GAAA,EAAa,MAAoB,KAAA;AACpD,MAAA,OAAA,CAAQ,EAAE,GAAA,EAAK,MAAQ,EAAA,MAAA,IAAU,QAAW,CAAA,CAAA;AAAA,KAC9C,CAAA;AAEA,IAAA,QAAA,CAAS,YAAa,CAAA,GAAA,EAAK,EAAE,GAAG,SAAS,CAAA,CAAA;AAAA,GAC1C,CAAA,CAAA;AACH,EAAA;AAEO,MAAM,2BAA8B,GAAA,OACzC,GACA,EAAA,gBAAA,EACA,OACG,KAAA;AACH,EAAA,OAAO,IAAI,OAAA;AAAA,IACT,CAAC,SAAS,MAAW,KAAA;AACnB,MAAM,MAAA,QAAA,GAAW,MAAO,CAAA,MAAA,CAAO,gBAAgB,CAAA,CAAA;AAC/C,MAAS,QAAA,CAAA,OAAA,GAAU,CAAC,MAAA,EAAa,WAAqB,KAAA;AACpD,QAAQ,OAAA,CAAA,EAAE,MAAQ,EAAA,WAAA,EAAa,CAAA,CAAA;AAAA,OACjC,CAAA;AACA,MAAS,QAAA,CAAA,IAAA,GAAO,CACd,IAEG,KAAA;AACH,QAAA,MAAA,CAAO,IAAI,KAAM,CAAA,CAAA,yBAAA,EAA4B,KAAK,OAAW,IAAA,EAAE,EAAE,CAAC,CAAA,CAAA;AAAA,OACpE,CAAA;AACA,MAAS,QAAA,CAAA,KAAA,GAAQ,CAAC,KAA8B,KAAA;AAC9C,QAAI,IAAA,OAAA,GAAU,CAA0B,uBAAA,EAAA,KAAA,CAAM,OAAO,CAAA,CAAA,CAAA;AAErD,QAAI,IAAA,KAAA,CAAM,YAAY,IAAM,EAAA;AAC1B,UAAI,IAAA;AACF,YAAA,MAAM,SAAY,GAAA,IAAA,CAAK,KAAM,CAAA,KAAA,CAAM,WAAW,IAAI,CAAA,CAAA;AAElD,YAAA,IAAI,UAAU,OAAS,EAAA;AACrB,cAAW,OAAA,IAAA,CAAA,GAAA,EAAM,UAAU,OAAO,CAAA,CAAA,CAAA;AAAA,aACpC;AAAA,mBACO,UAAY,EAAA;AACnB,YAAW,OAAA,IAAA,CAAA,GAAA,EAAM,MAAM,UAAU,CAAA,CAAA,CAAA;AAAA,WACnC;AAAA,SACF;AAEA,QAAO,MAAA,CAAA,IAAI,KAAM,CAAA,OAAO,CAAC,CAAA,CAAA;AAAA,OAC3B,CAAA;AACA,MAAA,QAAA,CAAS,WAAW,MAAM;AACxB,QAAO,MAAA,CAAA,IAAI,KAAM,CAAA,qBAAqB,CAAC,CAAA,CAAA;AAAA,OACzC,CAAA;AACA,MAAA,QAAA,CAAS,aAAa,GAAK,EAAA,EAAE,GAAe,IAAK,CAAA,CAAA;AAAA,KACnD;AAAA,GACF,CAAA;AACF;;;;;"}

package/dist/lib/resolvers/CatalogAuthResolverContext.cjs.js

@@ -0,0 +1,116 @@
+'use strict';
+
+var catalogModel = require('@backstage/catalog-model');
+var errors = require('@backstage/errors');
+var CatalogIdentityClient = require('../catalog/CatalogIdentityClient.cjs.js');
+
+function getDefaultOwnershipEntityRefs(entity) {
+  const membershipRefs = entity.relations?.filter(
+    (r) => r.type === catalogModel.RELATION_MEMBER_OF && r.targetRef.startsWith("group:")
+  ).map((r) => r.targetRef) ?? [];
+  return Array.from(/* @__PURE__ */ new Set([catalogModel.stringifyEntityRef(entity), ...membershipRefs]));
+}
+class CatalogAuthResolverContext {
+  constructor(logger, tokenIssuer, catalogIdentityClient, catalogApi, auth, ownershipResolver) {
+    this.logger = logger;
+    this.tokenIssuer = tokenIssuer;
+    this.catalogIdentityClient = catalogIdentityClient;
+    this.catalogApi = catalogApi;
+    this.auth = auth;
+    this.ownershipResolver = ownershipResolver;
+  }
+  static create(options) {
+    const catalogIdentityClient = new CatalogIdentityClient.CatalogIdentityClient({
+      catalogApi: options.catalogApi,
+      tokenManager: options.tokenManager,
+      discovery: options.discovery,
+      auth: options.auth,
+      httpAuth: options.httpAuth
+    });
+    return new CatalogAuthResolverContext(
+      options.logger,
+      options.tokenIssuer,
+      catalogIdentityClient,
+      options.catalogApi,
+      options.auth,
+      options.ownershipResolver
+    );
+  }
+  async issueToken(params) {
+    const token = await this.tokenIssuer.issueToken(params);
+    return { token };
+  }
+  async findCatalogUser(query) {
+    let result = void 0;
+    const { token } = await this.auth.getPluginRequestToken({
+      onBehalfOf: await this.auth.getOwnServiceCredentials(),
+      targetPluginId: "catalog"
+    });
+    if ("entityRef" in query) {
+      const entityRef = catalogModel.parseEntityRef(query.entityRef, {
+        defaultKind: "User",
+        defaultNamespace: catalogModel.DEFAULT_NAMESPACE
+      });
+      result = await this.catalogApi.getEntityByRef(entityRef, { token });
+    } else if ("annotations" in query) {
+      const filter = {
+        kind: "user"
+      };
+      for (const [key, value] of Object.entries(query.annotations)) {
+        filter[`metadata.annotations.${key}`] = value;
+      }
+      const res = await this.catalogApi.getEntities({ filter }, { token });
+      result = res.items;
+    } else if ("filter" in query) {
+      const filter = [query.filter].flat().map((value) => {
+        if (!Object.keys(value).some(
+          (key) => key.toLocaleLowerCase("en-US") === "kind"
+        )) {
+          return {
+            ...value,
+            kind: "user"
+          };
+        }
+        return value;
+      });
+      const res = await this.catalogApi.getEntities(
+        { filter },
+        { token }
+      );
+      result = res.items;
+    } else {
+      throw new errors.InputError("Invalid user lookup query");
+    }
+    if (Array.isArray(result)) {
+      if (result.length > 1) {
+        throw new errors.ConflictError("User lookup resulted in multiple matches");
+      }
+      result = result[0];
+    }
+    if (!result) {
+      throw new errors.NotFoundError("User not found");
+    }
+    return { entity: result };
+  }
+  async signInWithCatalogUser(query) {
+    const { entity } = await this.findCatalogUser(query);
+    let ent;
+    if (this.ownershipResolver) {
+      const { ownershipEntityRefs } = await this.ownershipResolver.resolveOwnershipEntityRefs(entity);
+      ent = ownershipEntityRefs;
+    } else {
+      ent = getDefaultOwnershipEntityRefs(entity);
+    }
+    const token = await this.tokenIssuer.issueToken({
+      claims: {
+        sub: catalogModel.stringifyEntityRef(entity),
+        ent
+      }
+    });
+    return { token };
+  }
+}
+
+exports.CatalogAuthResolverContext = CatalogAuthResolverContext;
+exports.getDefaultOwnershipEntityRefs = getDefaultOwnershipEntityRefs;
+//# sourceMappingURL=CatalogAuthResolverContext.cjs.js.map

package/dist/lib/resolvers/CatalogAuthResolverContext.cjs.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"CatalogAuthResolverContext.cjs.js","sources":["../../../src/lib/resolvers/CatalogAuthResolverContext.ts"],"sourcesContent":["/*\n * Copyright 2022 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n *     http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { TokenManager } from '@backstage/backend-common';\nimport { CatalogApi } from '@backstage/catalog-client';\nimport {\n  DEFAULT_NAMESPACE,\n  Entity,\n  parseEntityRef,\n  RELATION_MEMBER_OF,\n  stringifyEntityRef,\n} from '@backstage/catalog-model';\nimport { ConflictError, InputError, NotFoundError } from '@backstage/errors';\nimport {\n  AuthService,\n  DiscoveryService,\n  HttpAuthService,\n  LoggerService,\n} from '@backstage/backend-plugin-api';\nimport { TokenIssuer } from '../../identity/types';\nimport {\n  AuthOwnershipResolver,\n  AuthResolverCatalogUserQuery,\n  AuthResolverContext,\n  TokenParams,\n} from '@backstage/plugin-auth-node';\nimport { CatalogIdentityClient } from '../catalog';\n\n/**\n * Uses the default ownership resolution logic to return an array\n * of entity refs that the provided entity claims ownership through.\n *\n * A reference to the entity itself will also be included in the returned array.\n *\n * @public\n */\nexport function getDefaultOwnershipEntityRefs(entity: Entity) {\n  const membershipRefs =\n    entity.relations\n      ?.filter(\n        r => r.type === RELATION_MEMBER_OF && r.targetRef.startsWith('group:'),\n      )\n      .map(r => r.targetRef) ?? [];\n\n  return Array.from(new Set([stringifyEntityRef(entity), ...membershipRefs]));\n}\n\n/**\n * @internal\n */\nexport class CatalogAuthResolverContext implements AuthResolverContext {\n  static create(options: {\n    logger: LoggerService;\n    catalogApi: CatalogApi;\n    tokenIssuer: TokenIssuer;\n    tokenManager?: TokenManager;\n    discovery: DiscoveryService;\n    auth: AuthService;\n    httpAuth: HttpAuthService;\n    ownershipResolver?: AuthOwnershipResolver;\n  }): CatalogAuthResolverContext {\n    const catalogIdentityClient = new CatalogIdentityClient({\n      catalogApi: options.catalogApi,\n      tokenManager: options.tokenManager,\n      discovery: options.discovery,\n      auth: options.auth,\n      httpAuth: options.httpAuth,\n    });\n\n    return new CatalogAuthResolverContext(\n      options.logger,\n      options.tokenIssuer,\n      catalogIdentityClient,\n      options.catalogApi,\n      options.auth,\n      options.ownershipResolver,\n    );\n  }\n\n  private constructor(\n    public readonly logger: LoggerService,\n    public readonly tokenIssuer: TokenIssuer,\n    public readonly catalogIdentityClient: CatalogIdentityClient,\n    private readonly catalogApi: CatalogApi,\n    private readonly auth: AuthService,\n    private readonly ownershipResolver?: AuthOwnershipResolver,\n  ) {}\n\n  async issueToken(params: TokenParams) {\n    const token = await this.tokenIssuer.issueToken(params);\n    return { token };\n  }\n\n  async findCatalogUser(query: AuthResolverCatalogUserQuery) {\n    let result: Entity[] | Entity | undefined = undefined;\n    const { token } = await this.auth.getPluginRequestToken({\n      onBehalfOf: await this.auth.getOwnServiceCredentials(),\n      targetPluginId: 'catalog',\n    });\n\n    if ('entityRef' in query) {\n      const entityRef = parseEntityRef(query.entityRef, {\n        defaultKind: 'User',\n        defaultNamespace: DEFAULT_NAMESPACE,\n      });\n      result = await this.catalogApi.getEntityByRef(entityRef, { token });\n    } else if ('annotations' in query) {\n      const filter: Record<string, string> = {\n        kind: 'user',\n      };\n      for (const [key, value] of Object.entries(query.annotations)) {\n        filter[`metadata.annotations.${key}`] = value;\n      }\n      const res = await this.catalogApi.getEntities({ filter }, { token });\n      result = res.items;\n    } else if ('filter' in query) {\n      const filter = [query.filter].flat().map(value => {\n        if (\n          !Object.keys(value).some(\n            key => key.toLocaleLowerCase('en-US') === 'kind',\n          )\n        ) {\n          return {\n            ...value,\n            kind: 'user',\n          };\n        }\n        return value;\n      });\n      const res = await this.catalogApi.getEntities(\n        { filter: filter },\n        { token },\n      );\n      result = res.items;\n    } else {\n      throw new InputError('Invalid user lookup query');\n    }\n\n    if (Array.isArray(result)) {\n      if (result.length > 1) {\n        throw new ConflictError('User lookup resulted in multiple matches');\n      }\n      result = result[0];\n    }\n    if (!result) {\n      throw new NotFoundError('User not found');\n    }\n\n    return { entity: result };\n  }\n\n  async signInWithCatalogUser(query: AuthResolverCatalogUserQuery) {\n    const { entity } = await this.findCatalogUser(query);\n    let ent: string[];\n    if (this.ownershipResolver) {\n      const { ownershipEntityRefs } =\n        await this.ownershipResolver.resolveOwnershipEntityRefs(entity);\n      ent = ownershipEntityRefs;\n    } else {\n      ent = getDefaultOwnershipEntityRefs(entity);\n    }\n\n    const token = await this.tokenIssuer.issueToken({\n      claims: {\n        sub: stringifyEntityRef(entity),\n        ent,\n      },\n    });\n    return { token };\n  }\n}\n"],"names":["RELATION_MEMBER_OF","stringifyEntityRef","CatalogIdentityClient","parseEntityRef","DEFAULT_NAMESPACE","InputError","ConflictError","NotFoundError"],"mappings":";;;;;;AAiDO,SAAS,8BAA8B,MAAgB,EAAA;AAC5D,EAAM,MAAA,cAAA,GACJ,OAAO,SACH,EAAA,MAAA;AAAA,IACA,OAAK,CAAE,CAAA,IAAA,KAASA,mCAAsB,CAAE,CAAA,SAAA,CAAU,WAAW,QAAQ,CAAA;AAAA,IAEtE,GAAI,CAAA,CAAA,CAAA,KAAK,CAAE,CAAA,SAAS,KAAK,EAAC,CAAA;AAE/B,EAAO,OAAA,KAAA,CAAM,IAAK,iBAAA,IAAI,GAAI,CAAA,CAACC,+BAAmB,CAAA,MAAM,CAAG,EAAA,GAAG,cAAc,CAAC,CAAC,CAAA,CAAA;AAC5E,CAAA;AAKO,MAAM,0BAA0D,CAAA;AAAA,EA6B7D,YACU,MACA,EAAA,WAAA,EACA,qBACC,EAAA,UAAA,EACA,MACA,iBACjB,EAAA;AANgB,IAAA,IAAA,CAAA,MAAA,GAAA,MAAA,CAAA;AACA,IAAA,IAAA,CAAA,WAAA,GAAA,WAAA,CAAA;AACA,IAAA,IAAA,CAAA,qBAAA,GAAA,qBAAA,CAAA;AACC,IAAA,IAAA,CAAA,UAAA,GAAA,UAAA,CAAA;AACA,IAAA,IAAA,CAAA,IAAA,GAAA,IAAA,CAAA;AACA,IAAA,IAAA,CAAA,iBAAA,GAAA,iBAAA,CAAA;AAAA,GAChB;AAAA,EAnCH,OAAO,OAAO,OASiB,EAAA;AAC7B,IAAM,MAAA,qBAAA,GAAwB,IAAIC,2CAAsB,CAAA;AAAA,MACtD,YAAY,OAAQ,CAAA,UAAA;AAAA,MACpB,cAAc,OAAQ,CAAA,YAAA;AAAA,MACtB,WAAW,OAAQ,CAAA,SAAA;AAAA,MACnB,MAAM,OAAQ,CAAA,IAAA;AAAA,MACd,UAAU,OAAQ,CAAA,QAAA;AAAA,KACnB,CAAA,CAAA;AAED,IAAA,OAAO,IAAI,0BAAA;AAAA,MACT,OAAQ,CAAA,MAAA;AAAA,MACR,OAAQ,CAAA,WAAA;AAAA,MACR,qBAAA;AAAA,MACA,OAAQ,CAAA,UAAA;AAAA,MACR,OAAQ,CAAA,IAAA;AAAA,MACR,OAAQ,CAAA,iBAAA;AAAA,KACV,CAAA;AAAA,GACF;AAAA,EAWA,MAAM,WAAW,MAAqB,EAAA;AACpC,IAAA,MAAM,KAAQ,GAAA,MAAM,IAAK,CAAA,WAAA,CAAY,WAAW,MAAM,CAAA,CAAA;AACtD,IAAA,OAAO,EAAE,KAAM,EAAA,CAAA;AAAA,GACjB;AAAA,EAEA,MAAM,gBAAgB,KAAqC,EAAA;AACzD,IAAA,IAAI,MAAwC,GAAA,KAAA,CAAA,CAAA;AAC5C,IAAA,MAAM,EAAE,KAAM,EAAA,GAAI,MAAM,IAAA,CAAK,KAAK,qBAAsB,CAAA;AAAA,MACtD,UAAY,EAAA,MAAM,IAAK,CAAA,IAAA,CAAK,wBAAyB,EAAA;AAAA,MACrD,cAAgB,EAAA,SAAA;AAAA,KACjB,CAAA,CAAA;AAED,IAAA,IAAI,eAAe,KAAO,EAAA;AACxB,MAAM,MAAA,SAAA,GAAYC,2BAAe,CAAA,KAAA,CAAM,SAAW,EAAA;AAAA,QAChD,WAAa,EAAA,MAAA;AAAA,QACb,gBAAkB,EAAAC,8BAAA;AAAA,OACnB,CAAA,CAAA;AACD,MAAA,MAAA,GAAS,MAAM,IAAK,CAAA,UAAA,CAAW,eAAe,SAAW,EAAA,EAAE,OAAO,CAAA,CAAA;AAAA,KACpE,MAAA,IAAW,iBAAiB,KAAO,EAAA;AACjC,MAAA,MAAM,MAAiC,GAAA;AAAA,QACrC,IAAM,EAAA,MAAA;AAAA,OACR,CAAA;AACA,MAAW,KAAA,MAAA,CAAC,KAAK,KAAK,CAAA,IAAK,OAAO,OAAQ,CAAA,KAAA,CAAM,WAAW,CAAG,EAAA;AAC5D,QAAO,MAAA,CAAA,CAAA,qBAAA,EAAwB,GAAG,CAAA,CAAE,CAAI,GAAA,KAAA,CAAA;AAAA,OAC1C;AACA,MAAM,MAAA,GAAA,GAAM,MAAM,IAAA,CAAK,UAAW,CAAA,WAAA,CAAY,EAAE,MAAO,EAAA,EAAG,EAAE,KAAA,EAAO,CAAA,CAAA;AACnE,MAAA,MAAA,GAAS,GAAI,CAAA,KAAA,CAAA;AAAA,KACf,MAAA,IAAW,YAAY,KAAO,EAAA;AAC5B,MAAM,MAAA,MAAA,GAAS,CAAC,KAAM,CAAA,MAAM,EAAE,IAAK,EAAA,CAAE,IAAI,CAAS,KAAA,KAAA;AAChD,QAAA,IACE,CAAC,MAAA,CAAO,IAAK,CAAA,KAAK,CAAE,CAAA,IAAA;AAAA,UAClB,CAAO,GAAA,KAAA,GAAA,CAAI,iBAAkB,CAAA,OAAO,CAAM,KAAA,MAAA;AAAA,SAE5C,EAAA;AACA,UAAO,OAAA;AAAA,YACL,GAAG,KAAA;AAAA,YACH,IAAM,EAAA,MAAA;AAAA,WACR,CAAA;AAAA,SACF;AACA,QAAO,OAAA,KAAA,CAAA;AAAA,OACR,CAAA,CAAA;AACD,MAAM,MAAA,GAAA,GAAM,MAAM,IAAA,CAAK,UAAW,CAAA,WAAA;AAAA,QAChC,EAAE,MAAe,EAAA;AAAA,QACjB,EAAE,KAAM,EAAA;AAAA,OACV,CAAA;AACA,MAAA,MAAA,GAAS,GAAI,CAAA,KAAA,CAAA;AAAA,KACR,MAAA;AACL,MAAM,MAAA,IAAIC,kBAAW,2BAA2B,CAAA,CAAA;AAAA,KAClD;AAEA,IAAI,IAAA,KAAA,CAAM,OAAQ,CAAA,MAAM,CAAG,EAAA;AACzB,MAAI,IAAA,MAAA,CAAO,SAAS,CAAG,EAAA;AACrB,QAAM,MAAA,IAAIC,qBAAc,0CAA0C,CAAA,CAAA;AAAA,OACpE;AACA,MAAA,MAAA,GAAS,OAAO,CAAC,CAAA,CAAA;AAAA,KACnB;AACA,IAAA,IAAI,CAAC,MAAQ,EAAA;AACX,MAAM,MAAA,IAAIC,qBAAc,gBAAgB,CAAA,CAAA;AAAA,KAC1C;AAEA,IAAO,OAAA,EAAE,QAAQ,MAAO,EAAA,CAAA;AAAA,GAC1B;AAAA,EAEA,MAAM,sBAAsB,KAAqC,EAAA;AAC/D,IAAA,MAAM,EAAE,MAAO,EAAA,GAAI,MAAM,IAAA,CAAK,gBAAgB,KAAK,CAAA,CAAA;AACnD,IAAI,IAAA,GAAA,CAAA;AACJ,IAAA,IAAI,KAAK,iBAAmB,EAAA;AAC1B,MAAA,MAAM,EAAE,mBAAoB,EAAA,GAC1B,MAAM,IAAK,CAAA,iBAAA,CAAkB,2BAA2B,MAAM,CAAA,CAAA;AAChE,MAAM,GAAA,GAAA,mBAAA,CAAA;AAAA,KACD,MAAA;AACL,MAAA,GAAA,GAAM,8BAA8B,MAAM,CAAA,CAAA;AAAA,KAC5C;AAEA,IAAA,MAAM,KAAQ,GAAA,MAAM,IAAK,CAAA,WAAA,CAAY,UAAW,CAAA;AAAA,MAC9C,MAAQ,EAAA;AAAA,QACN,GAAA,EAAKN,gCAAmB,MAAM,CAAA;AAAA,QAC9B,GAAA;AAAA,OACF;AAAA,KACD,CAAA,CAAA;AACD,IAAA,OAAO,EAAE,KAAM,EAAA,CAAA;AAAA,GACjB;AACF;;;;;"}

package/dist/providers/atlassian/provider.cjs.js

@@ -0,0 +1,20 @@
+'use strict';
+
+var pluginAuthBackendModuleAtlassianProvider = require('@backstage/plugin-auth-backend-module-atlassian-provider');
+var pluginAuthNode = require('@backstage/plugin-auth-node');
+var adaptLegacyOAuthHandler = require('../../lib/legacy/adaptLegacyOAuthHandler.cjs.js');
+var adaptLegacyOAuthSignInResolver = require('../../lib/legacy/adaptLegacyOAuthSignInResolver.cjs.js');
+var createAuthProviderIntegration = require('../createAuthProviderIntegration.cjs.js');
+
+const atlassian = createAuthProviderIntegration.createAuthProviderIntegration({
+  create(options) {
+    return pluginAuthNode.createOAuthProviderFactory({
+      authenticator: pluginAuthBackendModuleAtlassianProvider.atlassianAuthenticator,
+      profileTransform: adaptLegacyOAuthHandler.adaptLegacyOAuthHandler(options?.authHandler),
+      signInResolver: adaptLegacyOAuthSignInResolver.adaptLegacyOAuthSignInResolver(options?.signIn?.resolver)
+    });
+  }
+});
+
+exports.atlassian = atlassian;
+//# sourceMappingURL=provider.cjs.js.map

package/dist/providers/atlassian/provider.cjs.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"provider.cjs.js","sources":["../../../src/providers/atlassian/provider.ts"],"sourcesContent":["/*\n * Copyright 2020 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n *     http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { atlassianAuthenticator } from '@backstage/plugin-auth-backend-module-atlassian-provider';\nimport {\n  SignInResolver,\n  createOAuthProviderFactory,\n} from '@backstage/plugin-auth-node';\nimport {\n  adaptLegacyOAuthHandler,\n  adaptLegacyOAuthSignInResolver,\n} from '../../lib/legacy';\nimport { OAuthResult } from '../../lib/oauth';\nimport { createAuthProviderIntegration } from '../createAuthProviderIntegration';\nimport { AuthHandler } from '../types';\n\n/**\n * Auth provider integration for Atlassian auth\n *\n * @public\n */\nexport const atlassian = createAuthProviderIntegration({\n  create(options?: {\n    /**\n     * The profile transformation function used to verify and convert the auth response\n     * into the profile that will be presented to the user.\n     */\n    authHandler?: AuthHandler<OAuthResult>;\n\n    /**\n     * Configure sign-in for this provider, without it the provider can not be used to sign users in.\n     */\n    signIn?: {\n      resolver: SignInResolver<OAuthResult>;\n    };\n  }) {\n    return createOAuthProviderFactory({\n      authenticator: atlassianAuthenticator,\n      profileTransform: adaptLegacyOAuthHandler(options?.authHandler),\n      signInResolver: adaptLegacyOAuthSignInResolver(options?.signIn?.resolver),\n    });\n  },\n});\n"],"names":["createAuthProviderIntegration","createOAuthProviderFactory","atlassianAuthenticator","adaptLegacyOAuthHandler","adaptLegacyOAuthSignInResolver"],"mappings":";;;;;;;;AAkCO,MAAM,YAAYA,2DAA8B,CAAA;AAAA,EACrD,OAAO,OAaJ,EAAA;AACD,IAAA,OAAOC,yCAA2B,CAAA;AAAA,MAChC,aAAe,EAAAC,+DAAA;AAAA,MACf,gBAAA,EAAkBC,+CAAwB,CAAA,OAAA,EAAS,WAAW,CAAA;AAAA,MAC9D,cAAgB,EAAAC,6DAAA,CAA+B,OAAS,EAAA,MAAA,EAAQ,QAAQ,CAAA;AAAA,KACzE,CAAA,CAAA;AAAA,GACH;AACF,CAAC;;;;"}

package/dist/providers/auth0/provider.cjs.js

@@ -0,0 +1,20 @@
+'use strict';
+
+var createAuthProviderIntegration = require('../createAuthProviderIntegration.cjs.js');
+var pluginAuthNode = require('@backstage/plugin-auth-node');
+var adaptLegacyOAuthHandler = require('../../lib/legacy/adaptLegacyOAuthHandler.cjs.js');
+var adaptLegacyOAuthSignInResolver = require('../../lib/legacy/adaptLegacyOAuthSignInResolver.cjs.js');
+var pluginAuthBackendModuleAuth0Provider = require('@backstage/plugin-auth-backend-module-auth0-provider');
+
+const auth0 = createAuthProviderIntegration.createAuthProviderIntegration({
+  create(options) {
+    return pluginAuthNode.createOAuthProviderFactory({
+      authenticator: pluginAuthBackendModuleAuth0Provider.auth0Authenticator,
+      profileTransform: adaptLegacyOAuthHandler.adaptLegacyOAuthHandler(options?.authHandler),
+      signInResolver: adaptLegacyOAuthSignInResolver.adaptLegacyOAuthSignInResolver(options?.signIn?.resolver)
+    });
+  }
+});
+
+exports.auth0 = auth0;
+//# sourceMappingURL=provider.cjs.js.map

package/dist/providers/auth0/provider.cjs.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"provider.cjs.js","sources":["../../../src/providers/auth0/provider.ts"],"sourcesContent":["/*\n * Copyright 2020 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n *     http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { OAuthProviderOptions, OAuthResult } from '../../lib/oauth';\n\nimport { AuthHandler } from '../types';\nimport { createAuthProviderIntegration } from '../createAuthProviderIntegration';\nimport {\n  AuthResolverContext,\n  createOAuthProviderFactory,\n  SignInResolver,\n} from '@backstage/plugin-auth-node';\nimport {\n  adaptLegacyOAuthHandler,\n  adaptLegacyOAuthSignInResolver,\n} from '../../lib/legacy';\nimport { auth0Authenticator } from '@backstage/plugin-auth-backend-module-auth0-provider';\n\n/**\n * @public\n * @deprecated The Auth0 auth provider was extracted to `@backstage/plugin-auth-backend-module-auth0-provider`.\n */\nexport type Auth0AuthProviderOptions = OAuthProviderOptions & {\n  domain: string;\n  signInResolver?: SignInResolver<OAuthResult>;\n  authHandler: AuthHandler<OAuthResult>;\n  resolverContext: AuthResolverContext;\n  audience?: string;\n  connection?: string;\n  connectionScope?: string;\n};\n\n/**\n * Auth provider integration for auth0 auth\n *\n * @public\n */\nexport const auth0 = createAuthProviderIntegration({\n  create(options?: {\n    /**\n     * The profile transformation function used to verify and convert the auth response\n     * into the profile that will be presented to the user.\n     */\n    authHandler?: AuthHandler<OAuthResult>;\n\n    /**\n     * Configure sign-in for this provider, without it the provider can not be used to sign users in.\n     */\n    signIn?: {\n      /**\n       * Maps an auth result to a Backstage identity for the user.\n       */\n      resolver: SignInResolver<OAuthResult>;\n    };\n  }) {\n    return createOAuthProviderFactory({\n      authenticator: auth0Authenticator,\n      profileTransform: adaptLegacyOAuthHandler(options?.authHandler),\n      signInResolver: adaptLegacyOAuthSignInResolver(options?.signIn?.resolver),\n    });\n  },\n});\n"],"names":["createAuthProviderIntegration","createOAuthProviderFactory","auth0Authenticator","adaptLegacyOAuthHandler","adaptLegacyOAuthSignInResolver"],"mappings":";;;;;;;;AAkDO,MAAM,QAAQA,2DAA8B,CAAA;AAAA,EACjD,OAAO,OAgBJ,EAAA;AACD,IAAA,OAAOC,yCAA2B,CAAA;AAAA,MAChC,aAAe,EAAAC,uDAAA;AAAA,MACf,gBAAA,EAAkBC,+CAAwB,CAAA,OAAA,EAAS,WAAW,CAAA;AAAA,MAC9D,cAAgB,EAAAC,6DAAA,CAA+B,OAAS,EAAA,MAAA,EAAQ,QAAQ,CAAA;AAAA,KACzE,CAAA,CAAA;AAAA,GACH;AACF,CAAC;;;;"}

package/dist/providers/aws-alb/provider.cjs.js

@@ -0,0 +1,18 @@
+'use strict';
+
+var pluginAuthBackendModuleAwsAlbProvider = require('@backstage/plugin-auth-backend-module-aws-alb-provider');
+var pluginAuthNode = require('@backstage/plugin-auth-node');
+var createAuthProviderIntegration = require('../createAuthProviderIntegration.cjs.js');
+
+const awsAlb = createAuthProviderIntegration.createAuthProviderIntegration({
+  create(options) {
+    return pluginAuthNode.createProxyAuthProviderFactory({
+      authenticator: pluginAuthBackendModuleAwsAlbProvider.awsAlbAuthenticator,
+      profileTransform: options?.authHandler,
+      signInResolver: options?.signIn?.resolver
+    });
+  }
+});
+
+exports.awsAlb = awsAlb;
+//# sourceMappingURL=provider.cjs.js.map

package/dist/providers/aws-alb/provider.cjs.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"provider.cjs.js","sources":["../../../src/providers/aws-alb/provider.ts"],"sourcesContent":["/*\n * Copyright 2021 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n *     http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport {\n  AwsAlbResult,\n  awsAlbAuthenticator,\n} from '@backstage/plugin-auth-backend-module-aws-alb-provider';\nimport {\n  SignInResolver,\n  createProxyAuthProviderFactory,\n} from '@backstage/plugin-auth-node';\nimport { AuthHandler } from '../types';\nimport { createAuthProviderIntegration } from '../createAuthProviderIntegration';\n\n/**\n * Auth provider integration for AWS ALB auth\n *\n * @public\n */\nexport const awsAlb = createAuthProviderIntegration({\n  create(options?: {\n    /**\n     * The profile transformation function used to verify and convert the auth\n     * response into the profile that will be presented to the user. The default\n     * implementation just provides the authenticated email that the IAP\n     * presented.\n     */\n    authHandler?: AuthHandler<AwsAlbResult>;\n    /**\n     * Configures sign-in for this provider.\n     */\n    signIn: {\n      /**\n       * Maps an auth result to a Backstage identity for the user.\n       */\n      resolver: SignInResolver<AwsAlbResult>;\n    };\n  }) {\n    return createProxyAuthProviderFactory({\n      authenticator: awsAlbAuthenticator,\n      profileTransform: options?.authHandler,\n      signInResolver: options?.signIn?.resolver,\n    });\n  },\n});\n"],"names":["createAuthProviderIntegration","createProxyAuthProviderFactory","awsAlbAuthenticator"],"mappings":";;;;;;AAgCO,MAAM,SAASA,2DAA8B,CAAA;AAAA,EAClD,OAAO,OAiBJ,EAAA;AACD,IAAA,OAAOC,6CAA+B,CAAA;AAAA,MACpC,aAAe,EAAAC,yDAAA;AAAA,MACf,kBAAkB,OAAS,EAAA,WAAA;AAAA,MAC3B,cAAA,EAAgB,SAAS,MAAQ,EAAA,QAAA;AAAA,KAClC,CAAA,CAAA;AAAA,GACH;AACF,CAAC;;;;"}

package/dist/providers/azure-easyauth/provider.cjs.js

@@ -0,0 +1,18 @@
+'use strict';
+
+var pluginAuthNode = require('@backstage/plugin-auth-node');
+var createAuthProviderIntegration = require('../createAuthProviderIntegration.cjs.js');
+var pluginAuthBackendModuleAzureEasyauthProvider = require('@backstage/plugin-auth-backend-module-azure-easyauth-provider');
+
+const easyAuth = createAuthProviderIntegration.createAuthProviderIntegration({
+  create(options) {
+    return pluginAuthNode.createProxyAuthProviderFactory({
+      authenticator: pluginAuthBackendModuleAzureEasyauthProvider.azureEasyAuthAuthenticator,
+      profileTransform: options?.authHandler,
+      signInResolver: options?.signIn?.resolver
+    });
+  }
+});
+
+exports.easyAuth = easyAuth;
+//# sourceMappingURL=provider.cjs.js.map

package/dist/providers/azure-easyauth/provider.cjs.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"provider.cjs.js","sources":["../../../src/providers/azure-easyauth/provider.ts"],"sourcesContent":["/*\n * Copyright 2020 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n *     http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport {\n  SignInResolver,\n  createProxyAuthProviderFactory,\n} from '@backstage/plugin-auth-node';\nimport { AuthHandler } from '../types';\nimport { createAuthProviderIntegration } from '../createAuthProviderIntegration';\nimport {\n  AzureEasyAuthResult,\n  azureEasyAuthAuthenticator,\n} from '@backstage/plugin-auth-backend-module-azure-easyauth-provider';\n\nexport type EasyAuthResult = AzureEasyAuthResult;\n\n/**\n * Auth provider integration for Azure EasyAuth\n *\n * @public\n */\nexport const easyAuth = createAuthProviderIntegration({\n  create(options?: {\n    /**\n     * The profile transformation function used to verify and convert the auth response\n     * into the profile that will be presented to the user.\n     */\n    authHandler?: AuthHandler<EasyAuthResult>;\n\n    /**\n     * Configure sign-in for this provider, without it the provider can not be used to sign users in.\n     */\n    signIn: {\n      /**\n       * Maps an auth result to a Backstage identity for the user.\n       */\n      resolver: SignInResolver<EasyAuthResult>;\n    };\n  }) {\n    return createProxyAuthProviderFactory({\n      authenticator: azureEasyAuthAuthenticator,\n      profileTransform: options?.authHandler,\n      signInResolver: options?.signIn?.resolver,\n    });\n  },\n});\n"],"names":["createAuthProviderIntegration","createProxyAuthProviderFactory","azureEasyAuthAuthenticator"],"mappings":";;;;;;AAkCO,MAAM,WAAWA,2DAA8B,CAAA;AAAA,EACpD,OAAO,OAgBJ,EAAA;AACD,IAAA,OAAOC,6CAA+B,CAAA;AAAA,MACpC,aAAe,EAAAC,uEAAA;AAAA,MACf,kBAAkB,OAAS,EAAA,WAAA;AAAA,MAC3B,cAAA,EAAgB,SAAS,MAAQ,EAAA,QAAA;AAAA,KAClC,CAAA,CAAA;AAAA,GACH;AACF,CAAC;;;;"}

package/dist/providers/bitbucket/provider.cjs.js

@@ -0,0 +1,25 @@
+'use strict';
+
+var pluginAuthBackendModuleBitbucketProvider = require('@backstage/plugin-auth-backend-module-bitbucket-provider');
+var pluginAuthNode = require('@backstage/plugin-auth-node');
+var adaptLegacyOAuthHandler = require('../../lib/legacy/adaptLegacyOAuthHandler.cjs.js');
+var adaptLegacyOAuthSignInResolver = require('../../lib/legacy/adaptLegacyOAuthSignInResolver.cjs.js');
+var adaptOAuthSignInResolverToLegacy = require('../../lib/legacy/adaptOAuthSignInResolverToLegacy.cjs.js');
+var createAuthProviderIntegration = require('../createAuthProviderIntegration.cjs.js');
+
+const bitbucket = createAuthProviderIntegration.createAuthProviderIntegration({
+  create(options) {
+    return pluginAuthNode.createOAuthProviderFactory({
+      authenticator: pluginAuthBackendModuleBitbucketProvider.bitbucketAuthenticator,
+      profileTransform: adaptLegacyOAuthHandler.adaptLegacyOAuthHandler(options?.authHandler),
+      signInResolver: adaptLegacyOAuthSignInResolver.adaptLegacyOAuthSignInResolver(options?.signIn?.resolver)
+    });
+  },
+  resolvers: adaptOAuthSignInResolverToLegacy.adaptOAuthSignInResolverToLegacy({
+    userIdMatchingUserEntityAnnotation: pluginAuthBackendModuleBitbucketProvider.bitbucketSignInResolvers.userIdMatchingUserEntityAnnotation(),
+    usernameMatchingUserEntityAnnotation: pluginAuthBackendModuleBitbucketProvider.bitbucketSignInResolvers.usernameMatchingUserEntityAnnotation()
+  })
+});
+
+exports.bitbucket = bitbucket;
+//# sourceMappingURL=provider.cjs.js.map

package/dist/providers/bitbucket/provider.cjs.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"provider.cjs.js","sources":["../../../src/providers/bitbucket/provider.ts"],"sourcesContent":["/*\n * Copyright 2020 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n *     http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport {\n  bitbucketAuthenticator,\n  bitbucketSignInResolvers,\n} from '@backstage/plugin-auth-backend-module-bitbucket-provider';\nimport {\n  SignInResolver,\n  createOAuthProviderFactory,\n} from '@backstage/plugin-auth-node';\nimport { Profile as PassportProfile } from 'passport';\nimport {\n  adaptLegacyOAuthHandler,\n  adaptLegacyOAuthSignInResolver,\n  adaptOAuthSignInResolverToLegacy,\n} from '../../lib/legacy';\nimport { OAuthResult } from '../../lib/oauth';\nimport { createAuthProviderIntegration } from '../createAuthProviderIntegration';\nimport { AuthHandler } from '../types';\n\n/**\n * @public\n * @deprecated The Bitbucket auth provider was extracted to `@backstage/plugin-auth-backend-module-bitbucket-provider`.\n */\nexport type BitbucketOAuthResult = {\n  fullProfile: BitbucketPassportProfile;\n  params: {\n    id_token?: string;\n    scope: string;\n    expires_in: number;\n  };\n  accessToken: string;\n  refreshToken?: string;\n};\n\n/**\n * @public\n * @deprecated The Bitbucket auth provider was extracted to `@backstage/plugin-auth-backend-module-bitbucket-provider`.\n */\nexport type BitbucketPassportProfile = PassportProfile & {\n  id?: string;\n  displayName?: string;\n  username?: string;\n  avatarUrl?: string;\n  _json?: {\n    links?: {\n      avatar?: {\n        href?: string;\n      };\n    };\n  };\n};\n\n/**\n * Auth provider integration for Bitbucket auth\n *\n * @public\n */\nexport const bitbucket = createAuthProviderIntegration({\n  create(options?: {\n    /**\n     * The profile transformation function used to verify and convert the auth response\n     * into the profile that will be presented to the user.\n     */\n    authHandler?: AuthHandler<OAuthResult>;\n\n    /**\n     * Configure sign-in for this provider, without it the provider can not be used to sign users in.\n     */\n    signIn?: {\n      resolver: SignInResolver<OAuthResult>;\n    };\n  }) {\n    return createOAuthProviderFactory({\n      authenticator: bitbucketAuthenticator,\n      profileTransform: adaptLegacyOAuthHandler(options?.authHandler),\n      signInResolver: adaptLegacyOAuthSignInResolver(options?.signIn?.resolver),\n    });\n  },\n  resolvers: adaptOAuthSignInResolverToLegacy({\n    userIdMatchingUserEntityAnnotation:\n      bitbucketSignInResolvers.userIdMatchingUserEntityAnnotation(),\n    usernameMatchingUserEntityAnnotation:\n      bitbucketSignInResolvers.usernameMatchingUserEntityAnnotation(),\n  }),\n});\n"],"names":["createAuthProviderIntegration","createOAuthProviderFactory","bitbucketAuthenticator","adaptLegacyOAuthHandler","adaptLegacyOAuthSignInResolver","adaptOAuthSignInResolverToLegacy","bitbucketSignInResolvers"],"mappings":";;;;;;;;;AAwEO,MAAM,YAAYA,2DAA8B,CAAA;AAAA,EACrD,OAAO,OAaJ,EAAA;AACD,IAAA,OAAOC,yCAA2B,CAAA;AAAA,MAChC,aAAe,EAAAC,+DAAA;AAAA,MACf,gBAAA,EAAkBC,+CAAwB,CAAA,OAAA,EAAS,WAAW,CAAA;AAAA,MAC9D,cAAgB,EAAAC,6DAAA,CAA+B,OAAS,EAAA,MAAA,EAAQ,QAAQ,CAAA;AAAA,KACzE,CAAA,CAAA;AAAA,GACH;AAAA,EACA,WAAWC,iEAAiC,CAAA;AAAA,IAC1C,kCAAA,EACEC,kEAAyB,kCAAmC,EAAA;AAAA,IAC9D,oCAAA,EACEA,kEAAyB,oCAAqC,EAAA;AAAA,GACjE,CAAA;AACH,CAAC;;;;"}

package/dist/providers/bitbucketServer/provider.cjs.js

@@ -0,0 +1,46 @@
+'use strict';
+
+var pluginAuthNode = require('@backstage/plugin-auth-node');
+var pluginAuthBackendModuleBitbucketServerProvider = require('@backstage/plugin-auth-backend-module-bitbucket-server-provider');
+var adaptLegacyOAuthHandler = require('../../lib/legacy/adaptLegacyOAuthHandler.cjs.js');
+var adaptLegacyOAuthSignInResolver = require('../../lib/legacy/adaptLegacyOAuthSignInResolver.cjs.js');
+var createAuthProviderIntegration = require('../createAuthProviderIntegration.cjs.js');
+
+const bitbucketServer = createAuthProviderIntegration.createAuthProviderIntegration({
+  create(options) {
+    return pluginAuthNode.createOAuthProviderFactory({
+      authenticator: pluginAuthBackendModuleBitbucketServerProvider.bitbucketServerAuthenticator,
+      profileTransform: adaptLegacyOAuthHandler.adaptLegacyOAuthHandler(options?.authHandler),
+      signInResolver: adaptLegacyOAuthSignInResolver.adaptLegacyOAuthSignInResolver(options?.signIn?.resolver)
+    });
+  },
+  resolvers: {
+    /**
+     * Looks up the user by matching their email to the entity email.
+     */
+    emailMatchingUserEntityProfileEmail: () => {
+      const resolver = pluginAuthBackendModuleBitbucketServerProvider.bitbucketServerSignInResolvers.emailMatchingUserEntityProfileEmail();
+      return async (info, ctx) => {
+        return resolver(
+          {
+            profile: info.profile,
+            result: {
+              fullProfile: info.result.fullProfile,
+              session: {
+                accessToken: info.result.accessToken,
+                tokenType: info.result.params.token_type ?? "bearer",
+                scope: info.result.params.scope,
+                expiresInSeconds: info.result.params.expires_in,
+                refreshToken: info.result.refreshToken
+              }
+            }
+          },
+          ctx
+        );
+      };
+    }
+  }
+});
+
+exports.bitbucketServer = bitbucketServer;
+//# sourceMappingURL=provider.cjs.js.map

package/dist/providers/bitbucketServer/provider.cjs.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"provider.cjs.js","sources":["../../../src/providers/bitbucketServer/provider.ts"],"sourcesContent":["/*\n * Copyright 2023 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n *     http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { Profile as PassportProfile } from 'passport';\nimport {\n  AuthResolverContext,\n  createOAuthProviderFactory,\n  SignInResolver,\n} from '@backstage/plugin-auth-node';\nimport {\n  bitbucketServerAuthenticator,\n  bitbucketServerSignInResolvers,\n} from '@backstage/plugin-auth-backend-module-bitbucket-server-provider';\nimport { OAuthProviderOptions } from '../../lib/oauth';\nimport {\n  adaptLegacyOAuthHandler,\n  adaptLegacyOAuthSignInResolver,\n} from '../../lib/legacy';\nimport { AuthHandler } from '../types';\nimport { createAuthProviderIntegration } from '../createAuthProviderIntegration';\n\n/**\n * @public\n * @deprecated The Bitbucket Server auth provider was extracted to `@backstage/plugin-auth-backend-module-bitbucket-server-provider`.\n */\nexport type BitbucketServerOAuthResult = {\n  fullProfile: PassportProfile;\n  params: {\n    scope: string;\n    access_token?: string;\n    token_type?: string;\n    expires_in?: number;\n  };\n  accessToken: string;\n  refreshToken?: string;\n};\n\n/**\n * @public\n * @deprecated The Bitbucket Server auth provider was extracted to `@backstage/plugin-auth-backend-module-bitbucket-server-provider`.\n */\nexport type BitbucketServerAuthProviderOptions = OAuthProviderOptions & {\n  host: string;\n  authorizationUrl: string;\n  tokenUrl: string;\n  authHandler: AuthHandler<BitbucketServerOAuthResult>;\n  signInResolver?: SignInResolver<BitbucketServerOAuthResult>;\n  resolverContext: AuthResolverContext;\n};\n\nexport const bitbucketServer = createAuthProviderIntegration({\n  create(options?: {\n    /**\n     * The profile transformation function used to verify and convert the auth response\n     * into the profile that will be presented to the user.\n     */\n    authHandler?: AuthHandler<BitbucketServerOAuthResult>;\n\n    /**\n     * Configure sign-in for this provider, without it the provider can not be used to sign users in.\n     */\n    signIn?: {\n      /**\n       * Maps an auth result to a Backstage identity for the user.\n       */\n      resolver: SignInResolver<BitbucketServerOAuthResult>;\n    };\n  }) {\n    return createOAuthProviderFactory({\n      authenticator: bitbucketServerAuthenticator,\n      profileTransform: adaptLegacyOAuthHandler(options?.authHandler),\n      signInResolver: adaptLegacyOAuthSignInResolver(options?.signIn?.resolver),\n    });\n  },\n  resolvers: {\n    /**\n     * Looks up the user by matching their email to the entity email.\n     */\n    emailMatchingUserEntityProfileEmail:\n      (): SignInResolver<BitbucketServerOAuthResult> => {\n        const resolver =\n          bitbucketServerSignInResolvers.emailMatchingUserEntityProfileEmail();\n        return async (info, ctx) => {\n          return resolver(\n            {\n              profile: info.profile,\n              result: {\n                fullProfile: info.result.fullProfile,\n                session: {\n                  accessToken: info.result.accessToken,\n                  tokenType: info.result.params.token_type ?? 'bearer',\n                  scope: info.result.params.scope,\n                  expiresInSeconds: info.result.params.expires_in,\n                  refreshToken: info.result.refreshToken,\n                },\n              },\n            },\n            ctx,\n          );\n        };\n      },\n  },\n});\n"],"names":["createAuthProviderIntegration","createOAuthProviderFactory","bitbucketServerAuthenticator","adaptLegacyOAuthHandler","adaptLegacyOAuthSignInResolver","bitbucketServerSignInResolvers"],"mappings":";;;;;;;;AA+DO,MAAM,kBAAkBA,2DAA8B,CAAA;AAAA,EAC3D,OAAO,OAgBJ,EAAA;AACD,IAAA,OAAOC,yCAA2B,CAAA;AAAA,MAChC,aAAe,EAAAC,2EAAA;AAAA,MACf,gBAAA,EAAkBC,+CAAwB,CAAA,OAAA,EAAS,WAAW,CAAA;AAAA,MAC9D,cAAgB,EAAAC,6DAAA,CAA+B,OAAS,EAAA,MAAA,EAAQ,QAAQ,CAAA;AAAA,KACzE,CAAA,CAAA;AAAA,GACH;AAAA,EACA,SAAW,EAAA;AAAA;AAAA;AAAA;AAAA,IAIT,qCACE,MAAkD;AAChD,MAAM,MAAA,QAAA,GACJC,8EAA+B,mCAAoC,EAAA,CAAA;AACrE,MAAO,OAAA,OAAO,MAAM,GAAQ,KAAA;AAC1B,QAAO,OAAA,QAAA;AAAA,UACL;AAAA,YACE,SAAS,IAAK,CAAA,OAAA;AAAA,YACd,MAAQ,EAAA;AAAA,cACN,WAAA,EAAa,KAAK,MAAO,CAAA,WAAA;AAAA,cACzB,OAAS,EAAA;AAAA,gBACP,WAAA,EAAa,KAAK,MAAO,CAAA,WAAA;AAAA,gBACzB,SAAW,EAAA,IAAA,CAAK,MAAO,CAAA,MAAA,CAAO,UAAc,IAAA,QAAA;AAAA,gBAC5C,KAAA,EAAO,IAAK,CAAA,MAAA,CAAO,MAAO,CAAA,KAAA;AAAA,gBAC1B,gBAAA,EAAkB,IAAK,CAAA,MAAA,CAAO,MAAO,CAAA,UAAA;AAAA,gBACrC,YAAA,EAAc,KAAK,MAAO,CAAA,YAAA;AAAA,eAC5B;AAAA,aACF;AAAA,WACF;AAAA,UACA,GAAA;AAAA,SACF,CAAA;AAAA,OACF,CAAA;AAAA,KACF;AAAA,GACJ;AACF,CAAC;;;;"}

package/dist/providers/cloudflare-access/provider.cjs.js

@@ -0,0 +1,22 @@
+'use strict';
+
+var pluginAuthBackendModuleCloudflareAccessProvider = require('@backstage/plugin-auth-backend-module-cloudflare-access-provider');
+var pluginAuthNode = require('@backstage/plugin-auth-node');
+var createAuthProviderIntegration = require('../createAuthProviderIntegration.cjs.js');
+
+const cfAccess = createAuthProviderIntegration.createAuthProviderIntegration({
+  create(options) {
+    return pluginAuthNode.createProxyAuthProviderFactory({
+      authenticator: pluginAuthBackendModuleCloudflareAccessProvider.createCloudflareAccessAuthenticator({
+        cache: options.cache
+      }),
+      profileTransform: options?.authHandler,
+      signInResolver: options?.signIn?.resolver,
+      signInResolverFactories: pluginAuthBackendModuleCloudflareAccessProvider.cloudflareAccessSignInResolvers
+    });
+  },
+  resolvers: pluginAuthBackendModuleCloudflareAccessProvider.cloudflareAccessSignInResolvers
+});
+
+exports.cfAccess = cfAccess;
+//# sourceMappingURL=provider.cjs.js.map

package/dist/providers/cloudflare-access/provider.cjs.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"provider.cjs.js","sources":["../../../src/providers/cloudflare-access/provider.ts"],"sourcesContent":["/*\n * Copyright 2022 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n *     http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport {\n  cloudflareAccessSignInResolvers,\n  createCloudflareAccessAuthenticator,\n} from '@backstage/plugin-auth-backend-module-cloudflare-access-provider';\nimport {\n  SignInResolver,\n  createProxyAuthProviderFactory,\n} from '@backstage/plugin-auth-node';\nimport { createAuthProviderIntegration } from '../createAuthProviderIntegration';\nimport { AuthHandler } from '../types';\nimport { CacheService } from '@backstage/backend-plugin-api';\n\n/**\n * CloudflareAccessClaims\n *\n * Can be used in externally provided auth handler or sign in resolver to\n * enrich user profile for sign-in user entity\n *\n * @public\n * @deprecated import from `@backstage/plugin-auth-backend-module-cloudflare-access-provider` instead\n */\nexport type CloudflareAccessClaims = {\n  /**\n   * `aud` identifies the application to which the JWT is issued.\n   */\n  aud: string[];\n  /**\n   * `email` contains the email address of the authenticated user.\n   */\n  email: string;\n  /**\n   * iat and exp are the issuance and expiration timestamps.\n   */\n  exp: number;\n  iat: number;\n  /**\n   * `nonce` is the session identifier.\n   */\n  nonce: string;\n  /**\n   * `identity_nonce` is available in the Application Token and can be used to\n   * query all group membership for a given user.\n   */\n  identity_nonce: string;\n  /**\n   * `sub` contains the identifier of the authenticated user.\n   */\n  sub: string;\n  /**\n   * `iss` the issuer is the application’s Cloudflare Access Domain URL.\n   */\n  iss: string;\n  /**\n   * `custom` contains SAML attributes in the Application Token specified by an\n   * administrator in the identity provider configuration.\n   */\n  custom: string;\n};\n\n/**\n * CloudflareAccessGroup\n *\n * @public\n * @deprecated import from `@backstage/plugin-auth-backend-module-cloudflare-access-provider` instead\n */\nexport type CloudflareAccessGroup = {\n  /**\n   * Group id\n   */\n  id: string;\n  /**\n   * Name of group as defined in Cloudflare zero trust dashboard\n   */\n  name: string;\n  /**\n   * Access group email address\n   */\n  email: string;\n};\n\n/**\n * CloudflareAccessIdentityProfile\n *\n * Can be used in externally provided auth handler or sign in resolver to\n * enrich user profile for sign-in user entity\n *\n * @public\n * @deprecated import from `@backstage/plugin-auth-backend-module-cloudflare-access-provider` instead\n */\nexport type CloudflareAccessIdentityProfile = {\n  id: string;\n  name: string;\n  email: string;\n  groups: CloudflareAccessGroup[];\n};\n\n/**\n * @public\n * @deprecated import from `@backstage/plugin-auth-backend-module-cloudflare-access-provider` instead\n */\nexport type CloudflareAccessResult = {\n  claims: CloudflareAccessClaims;\n  cfIdentity: CloudflareAccessIdentityProfile;\n  expiresInSeconds?: number;\n  token: string;\n};\n\n/**\n * Auth provider integration for Cloudflare Access auth\n *\n * @public\n */\nexport const cfAccess = createAuthProviderIntegration({\n  create(options: {\n    /**\n     * The profile transformation function used to verify and convert the auth response\n     * into the profile that will be presented to the user.\n     */\n    authHandler?: AuthHandler<CloudflareAccessResult>;\n\n    /**\n     * Configure sign-in for this provider, without it the provider can not be used to sign users in.\n     */\n    signIn: {\n      /**\n       * Maps an auth result to a Backstage identity for the user.\n       */\n      resolver: SignInResolver<CloudflareAccessResult>;\n    };\n\n    /**\n     * Cache service object that was configured for the Backstage backend,\n     * should be provided via the backend auth plugin.\n     */\n    cache?: CacheService;\n  }) {\n    return createProxyAuthProviderFactory({\n      authenticator: createCloudflareAccessAuthenticator({\n        cache: options.cache,\n      }),\n      profileTransform: options?.authHandler,\n      signInResolver: options?.signIn?.resolver,\n      signInResolverFactories: cloudflareAccessSignInResolvers,\n    });\n  },\n  resolvers: cloudflareAccessSignInResolvers,\n});\n"],"names":["createAuthProviderIntegration","createProxyAuthProviderFactory","createCloudflareAccessAuthenticator","cloudflareAccessSignInResolvers"],"mappings":";;;;;;AAgIO,MAAM,WAAWA,2DAA8B,CAAA;AAAA,EACpD,OAAO,OAsBJ,EAAA;AACD,IAAA,OAAOC,6CAA+B,CAAA;AAAA,MACpC,eAAeC,mFAAoC,CAAA;AAAA,QACjD,OAAO,OAAQ,CAAA,KAAA;AAAA,OAChB,CAAA;AAAA,MACD,kBAAkB,OAAS,EAAA,WAAA;AAAA,MAC3B,cAAA,EAAgB,SAAS,MAAQ,EAAA,QAAA;AAAA,MACjC,uBAAyB,EAAAC,+EAAA;AAAA,KAC1B,CAAA,CAAA;AAAA,GACH;AAAA,EACA,SAAW,EAAAA,+EAAA;AACb,CAAC;;;;"}

package/dist/providers/createAuthProviderIntegration.cjs.js

@@ -0,0 +1,11 @@
+'use strict';
+
+function createAuthProviderIntegration(config) {
+  return Object.freeze({
+    ...config,
+    resolvers: Object.freeze(config.resolvers ?? {})
+  });
+}
+
+exports.createAuthProviderIntegration = createAuthProviderIntegration;
+//# sourceMappingURL=createAuthProviderIntegration.cjs.js.map

package/dist/providers/createAuthProviderIntegration.cjs.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"createAuthProviderIntegration.cjs.js","sources":["../../src/providers/createAuthProviderIntegration.ts"],"sourcesContent":["/*\n * Copyright 2022 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n *     http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport {\n  AuthProviderFactory,\n  SignInResolver,\n} from '@backstage/plugin-auth-node';\n\n/**\n * Creates a standardized representation of an integration with a third-party\n * auth provider.\n *\n * The returned object facilitates the creation of provider instances, and\n * supplies built-in sign-in resolvers for the specific provider.\n *\n * @public\n */\nexport function createAuthProviderIntegration<\n  TCreateOptions extends unknown[],\n  TResolvers extends\n    | {\n        [name in string]: (...args: any[]) => SignInResolver<any>;\n      },\n>(config: {\n  create: (...args: TCreateOptions) => AuthProviderFactory;\n  resolvers?: TResolvers;\n}): Readonly<{\n  create: (...args: TCreateOptions) => AuthProviderFactory;\n  // If no resolvers are defined, this receives the type `never`\n  resolvers: Readonly<string extends keyof TResolvers ? never : TResolvers>;\n}> {\n  return Object.freeze({\n    ...config,\n    resolvers: Object.freeze(config.resolvers ?? ({} as any)),\n  });\n}\n"],"names":[],"mappings":";;AA8BO,SAAS,8BAMd,MAOC,EAAA;AACD,EAAA,OAAO,OAAO,MAAO,CAAA;AAAA,IACnB,GAAG,MAAA;AAAA,IACH,WAAW,MAAO,CAAA,MAAA,CAAO,MAAO,CAAA,SAAA,IAAc,EAAU,CAAA;AAAA,GACzD,CAAA,CAAA;AACH;;;;"}

package/dist/providers/gcp-iap/provider.cjs.js

@@ -0,0 +1,18 @@
+'use strict';
+
+var pluginAuthBackendModuleGcpIapProvider = require('@backstage/plugin-auth-backend-module-gcp-iap-provider');
+var pluginAuthNode = require('@backstage/plugin-auth-node');
+var createAuthProviderIntegration = require('../createAuthProviderIntegration.cjs.js');
+
+const gcpIap = createAuthProviderIntegration.createAuthProviderIntegration({
+  create(options) {
+    return pluginAuthNode.createProxyAuthProviderFactory({
+      authenticator: pluginAuthBackendModuleGcpIapProvider.gcpIapAuthenticator,
+      profileTransform: options?.authHandler,
+      signInResolver: options?.signIn?.resolver
+    });
+  }
+});
+
+exports.gcpIap = gcpIap;
+//# sourceMappingURL=provider.cjs.js.map

package/dist/providers/gcp-iap/provider.cjs.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"provider.cjs.js","sources":["../../../src/providers/gcp-iap/provider.ts"],"sourcesContent":["/*\n * Copyright 2021 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n *     http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { gcpIapAuthenticator } from '@backstage/plugin-auth-backend-module-gcp-iap-provider';\nimport {\n  SignInResolver,\n  createProxyAuthProviderFactory,\n} from '@backstage/plugin-auth-node';\nimport { createAuthProviderIntegration } from '../createAuthProviderIntegration';\nimport { AuthHandler } from '../types';\nimport { GcpIapResult } from './types';\n\n/**\n * Auth provider integration for Google Identity-Aware Proxy auth\n *\n * @public\n */\nexport const gcpIap = createAuthProviderIntegration({\n  create(options: {\n    /**\n     * The profile transformation function used to verify and convert the auth\n     * response into the profile that will be presented to the user. The default\n     * implementation just provides the authenticated email that the IAP\n     * presented.\n     */\n    authHandler?: AuthHandler<GcpIapResult>;\n\n    /**\n     * Configures sign-in for this provider.\n     */\n    signIn: {\n      /**\n       * Maps an auth result to a Backstage identity for the user.\n       */\n      resolver: SignInResolver<GcpIapResult>;\n    };\n  }) {\n    return createProxyAuthProviderFactory({\n      authenticator: gcpIapAuthenticator,\n      profileTransform: options?.authHandler,\n      signInResolver: options?.signIn?.resolver,\n    });\n  },\n});\n"],"names":["createAuthProviderIntegration","createProxyAuthProviderFactory","gcpIapAuthenticator"],"mappings":";;;;;;AA8BO,MAAM,SAASA,2DAA8B,CAAA;AAAA,EAClD,OAAO,OAkBJ,EAAA;AACD,IAAA,OAAOC,6CAA+B,CAAA;AAAA,MACpC,aAAe,EAAAC,yDAAA;AAAA,MACf,kBAAkB,OAAS,EAAA,WAAA;AAAA,MAC3B,cAAA,EAAgB,SAAS,MAAQ,EAAA,QAAA;AAAA,KAClC,CAAA,CAAA;AAAA,GACH;AACF,CAAC;;;;"}

package/dist/providers/github/provider.cjs.js

@@ -0,0 +1,61 @@
+'use strict';
+
+var createAuthProviderIntegration = require('../createAuthProviderIntegration.cjs.js');
+var pluginAuthNode = require('@backstage/plugin-auth-node');
+var pluginAuthBackendModuleGithubProvider = require('@backstage/plugin-auth-backend-module-github-provider');
+
+const github = createAuthProviderIntegration.createAuthProviderIntegration({
+  create(options) {
+    const authHandler = options?.authHandler;
+    const signInResolver = options?.signIn?.resolver;
+    return pluginAuthNode.createOAuthProviderFactory({
+      authenticator: pluginAuthBackendModuleGithubProvider.githubAuthenticator,
+      profileTransform: authHandler && (async (result, ctx) => authHandler(
+        {
+          fullProfile: result.fullProfile,
+          accessToken: result.session.accessToken,
+          params: {
+            scope: result.session.scope,
+            expires_in: result.session.expiresInSeconds ? String(result.session.expiresInSeconds) : "",
+            refresh_token_expires_in: result.session.refreshTokenExpiresInSeconds ? String(result.session.refreshTokenExpiresInSeconds) : ""
+          }
+        },
+        ctx
+      )),
+      signInResolver: signInResolver && (async ({ profile, result }, ctx) => signInResolver(
+        {
+          profile,
+          result: {
+            fullProfile: result.fullProfile,
+            accessToken: result.session.accessToken,
+            refreshToken: result.session.refreshToken,
+            params: {
+              scope: result.session.scope,
+              expires_in: result.session.expiresInSeconds ? String(result.session.expiresInSeconds) : "",
+              refresh_token_expires_in: result.session.refreshTokenExpiresInSeconds ? String(result.session.refreshTokenExpiresInSeconds) : ""
+            }
+          }
+        },
+        ctx
+      ))
+    });
+  },
+  resolvers: {
+    /**
+     * Looks up the user by matching their GitHub username to the entity name.
+     */
+    usernameMatchingUserEntityName: () => {
+      return async (info, ctx) => {
+        const { fullProfile } = info.result;
+        const userId = fullProfile.username;
+        if (!userId) {
+          throw new Error(`GitHub user profile does not contain a username`);
+        }
+        return ctx.signInWithCatalogUser({ entityRef: { name: userId } });
+      };
+    }
+  }
+});
+
+exports.github = github;
+//# sourceMappingURL=provider.cjs.js.map

package/dist/providers/github/provider.cjs.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"provider.cjs.js","sources":["../../../src/providers/github/provider.ts"],"sourcesContent":["/*\n * Copyright 2020 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n *     http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { Profile as PassportProfile } from 'passport';\nimport { AuthHandler, StateEncoder } from '../types';\nimport { createAuthProviderIntegration } from '../createAuthProviderIntegration';\nimport {\n  createOAuthProviderFactory,\n  OAuthAuthenticatorResult,\n  ProfileTransform,\n  SignInResolver,\n} from '@backstage/plugin-auth-node';\nimport { githubAuthenticator } from '@backstage/plugin-auth-backend-module-github-provider';\n\n/** @public */\nexport type GithubOAuthResult = {\n  fullProfile: PassportProfile;\n  params: {\n    scope: string;\n    expires_in?: string;\n    refresh_token_expires_in?: string;\n  };\n  accessToken: string;\n  refreshToken?: string;\n};\n\n/**\n * Auth provider integration for GitHub auth\n *\n * @public\n */\nexport const github = createAuthProviderIntegration({\n  create(options?: {\n    /**\n     * The profile transformation function used to verify and convert the auth response\n     * into the profile that will be presented to the user.\n     */\n    authHandler?: AuthHandler<GithubOAuthResult>;\n\n    /**\n     * Configure sign-in for this provider, without it the provider can not be used to sign users in.\n     */\n    signIn?: {\n      /**\n       * Maps an auth result to a Backstage identity for the user.\n       */\n      resolver: SignInResolver<GithubOAuthResult>;\n    };\n\n    /**\n     * The state encoder used to encode the 'state' parameter on the OAuth request.\n     *\n     * It should return a string that takes the state params (from the request), url encodes the params\n     * and finally base64 encodes them.\n     *\n     * Providing your own stateEncoder will allow you to add addition parameters to the state field.\n     *\n     * It is typed as follows:\n     *   `export type StateEncoder = (input: OAuthState) => Promise<{encodedState: string}>;`\n     *\n     * Note: the stateEncoder must encode a 'nonce' value and an 'env' value. Without this, the OAuth flow will fail\n     * (These two values will be set by the req.state by default)\n     *\n     * For more information, please see the helper module in ../../oauth/helpers #readState\n     */\n    stateEncoder?: StateEncoder;\n  }) {\n    const authHandler = options?.authHandler;\n    const signInResolver = options?.signIn?.resolver;\n    return createOAuthProviderFactory({\n      authenticator: githubAuthenticator,\n      profileTransform:\n        authHandler &&\n        ((async (result, ctx) =>\n          authHandler!(\n            {\n              fullProfile: result.fullProfile,\n              accessToken: result.session.accessToken,\n              params: {\n                scope: result.session.scope,\n                expires_in: result.session.expiresInSeconds\n                  ? String(result.session.expiresInSeconds)\n                  : '',\n                refresh_token_expires_in: result.session\n                  .refreshTokenExpiresInSeconds\n                  ? String(result.session.refreshTokenExpiresInSeconds)\n                  : '',\n              },\n            },\n            ctx,\n          )) as ProfileTransform<OAuthAuthenticatorResult<PassportProfile>>),\n      signInResolver:\n        signInResolver &&\n        ((async ({ profile, result }, ctx) =>\n          signInResolver(\n            {\n              profile: profile,\n              result: {\n                fullProfile: result.fullProfile,\n                accessToken: result.session.accessToken,\n                refreshToken: result.session.refreshToken,\n                params: {\n                  scope: result.session.scope,\n                  expires_in: result.session.expiresInSeconds\n                    ? String(result.session.expiresInSeconds)\n                    : '',\n                  refresh_token_expires_in: result.session\n                    .refreshTokenExpiresInSeconds\n                    ? String(result.session.refreshTokenExpiresInSeconds)\n                    : '',\n                },\n              },\n            },\n            ctx,\n          )) as SignInResolver<OAuthAuthenticatorResult<PassportProfile>>),\n    });\n  },\n  resolvers: {\n    /**\n     * Looks up the user by matching their GitHub username to the entity name.\n     */\n    usernameMatchingUserEntityName: (): SignInResolver<GithubOAuthResult> => {\n      return async (info, ctx) => {\n        const { fullProfile } = info.result;\n\n        const userId = fullProfile.username;\n        if (!userId) {\n          throw new Error(`GitHub user profile does not contain a username`);\n        }\n\n        return ctx.signInWithCatalogUser({ entityRef: { name: userId } });\n      };\n    },\n  },\n});\n"],"names":["createAuthProviderIntegration","createOAuthProviderFactory","githubAuthenticator"],"mappings":";;;;;;AA4CO,MAAM,SAASA,2DAA8B,CAAA;AAAA,EAClD,OAAO,OAkCJ,EAAA;AACD,IAAA,MAAM,cAAc,OAAS,EAAA,WAAA,CAAA;AAC7B,IAAM,MAAA,cAAA,GAAiB,SAAS,MAAQ,EAAA,QAAA,CAAA;AACxC,IAAA,OAAOC,yCAA2B,CAAA;AAAA,MAChC,aAAe,EAAAC,yDAAA;AAAA,MACf,gBACE,EAAA,WAAA,KACE,OAAO,MAAA,EAAQ,GACf,KAAA,WAAA;AAAA,QACE;AAAA,UACE,aAAa,MAAO,CAAA,WAAA;AAAA,UACpB,WAAA,EAAa,OAAO,OAAQ,CAAA,WAAA;AAAA,UAC5B,MAAQ,EAAA;AAAA,YACN,KAAA,EAAO,OAAO,OAAQ,CAAA,KAAA;AAAA,YACtB,UAAA,EAAY,OAAO,OAAQ,CAAA,gBAAA,GACvB,OAAO,MAAO,CAAA,OAAA,CAAQ,gBAAgB,CACtC,GAAA,EAAA;AAAA,YACJ,wBAAA,EAA0B,OAAO,OAC9B,CAAA,4BAAA,GACC,OAAO,MAAO,CAAA,OAAA,CAAQ,4BAA4B,CAClD,GAAA,EAAA;AAAA,WACN;AAAA,SACF;AAAA,QACA,GAAA;AAAA,OACF,CAAA;AAAA,MACJ,gBACE,cACE,KAAA,OAAO,EAAE,OAAS,EAAA,MAAA,IAAU,GAC5B,KAAA,cAAA;AAAA,QACE;AAAA,UACE,OAAA;AAAA,UACA,MAAQ,EAAA;AAAA,YACN,aAAa,MAAO,CAAA,WAAA;AAAA,YACpB,WAAA,EAAa,OAAO,OAAQ,CAAA,WAAA;AAAA,YAC5B,YAAA,EAAc,OAAO,OAAQ,CAAA,YAAA;AAAA,YAC7B,MAAQ,EAAA;AAAA,cACN,KAAA,EAAO,OAAO,OAAQ,CAAA,KAAA;AAAA,cACtB,UAAA,EAAY,OAAO,OAAQ,CAAA,gBAAA,GACvB,OAAO,MAAO,CAAA,OAAA,CAAQ,gBAAgB,CACtC,GAAA,EAAA;AAAA,cACJ,wBAAA,EAA0B,OAAO,OAC9B,CAAA,4BAAA,GACC,OAAO,MAAO,CAAA,OAAA,CAAQ,4BAA4B,CAClD,GAAA,EAAA;AAAA,aACN;AAAA,WACF;AAAA,SACF;AAAA,QACA,GAAA;AAAA,OACF,CAAA;AAAA,KACL,CAAA,CAAA;AAAA,GACH;AAAA,EACA,SAAW,EAAA;AAAA;AAAA;AAAA;AAAA,IAIT,gCAAgC,MAAyC;AACvE,MAAO,OAAA,OAAO,MAAM,GAAQ,KAAA;AAC1B,QAAM,MAAA,EAAE,WAAY,EAAA,GAAI,IAAK,CAAA,MAAA,CAAA;AAE7B,QAAA,MAAM,SAAS,WAAY,CAAA,QAAA,CAAA;AAC3B,QAAA,IAAI,CAAC,MAAQ,EAAA;AACX,UAAM,MAAA,IAAI,MAAM,CAAiD,+CAAA,CAAA,CAAA,CAAA;AAAA,SACnE;AAEA,QAAO,OAAA,GAAA,CAAI,sBAAsB,EAAE,SAAA,EAAW,EAAE,IAAM,EAAA,MAAA,IAAU,CAAA,CAAA;AAAA,OAClE,CAAA;AAAA,KACF;AAAA,GACF;AACF,CAAC;;;;"}

package/dist/providers/gitlab/provider.cjs.js

@@ -0,0 +1,20 @@
+'use strict';
+
+var createAuthProviderIntegration = require('../createAuthProviderIntegration.cjs.js');
+var pluginAuthNode = require('@backstage/plugin-auth-node');
+var adaptLegacyOAuthHandler = require('../../lib/legacy/adaptLegacyOAuthHandler.cjs.js');
+var adaptLegacyOAuthSignInResolver = require('../../lib/legacy/adaptLegacyOAuthSignInResolver.cjs.js');
+var pluginAuthBackendModuleGitlabProvider = require('@backstage/plugin-auth-backend-module-gitlab-provider');
+
+const gitlab = createAuthProviderIntegration.createAuthProviderIntegration({
+  create(options) {
+    return pluginAuthNode.createOAuthProviderFactory({
+      authenticator: pluginAuthBackendModuleGitlabProvider.gitlabAuthenticator,
+      profileTransform: adaptLegacyOAuthHandler.adaptLegacyOAuthHandler(options?.authHandler),
+      signInResolver: adaptLegacyOAuthSignInResolver.adaptLegacyOAuthSignInResolver(options?.signIn?.resolver)
+    });
+  }
+});
+
+exports.gitlab = gitlab;
+//# sourceMappingURL=provider.cjs.js.map

package/dist/providers/gitlab/provider.cjs.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"provider.cjs.js","sources":["../../../src/providers/gitlab/provider.ts"],"sourcesContent":["/*\n * Copyright 2020 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n *     http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { AuthHandler } from '../types';\nimport { OAuthResult } from '../../lib/oauth';\nimport { createAuthProviderIntegration } from '../createAuthProviderIntegration';\nimport {\n  SignInResolver,\n  createOAuthProviderFactory,\n} from '@backstage/plugin-auth-node';\nimport {\n  adaptLegacyOAuthHandler,\n  adaptLegacyOAuthSignInResolver,\n} from '../../lib/legacy';\nimport { gitlabAuthenticator } from '@backstage/plugin-auth-backend-module-gitlab-provider';\n\n/**\n * Auth provider integration for GitLab auth\n *\n * @public\n */\nexport const gitlab = createAuthProviderIntegration({\n  create(options?: {\n    /**\n     * The profile transformation function used to verify and convert the auth response\n     * into the profile that will be presented to the user.\n     */\n    authHandler?: AuthHandler<OAuthResult>;\n\n    /**\n     * Configure sign-in for this provider, without it the provider can not be used to sign users in.\n     */\n    signIn?: {\n      resolver: SignInResolver<OAuthResult>;\n    };\n  }) {\n    return createOAuthProviderFactory({\n      authenticator: gitlabAuthenticator,\n      profileTransform: adaptLegacyOAuthHandler(options?.authHandler),\n      signInResolver: adaptLegacyOAuthSignInResolver(options?.signIn?.resolver),\n    });\n  },\n});\n"],"names":["createAuthProviderIntegration","createOAuthProviderFactory","gitlabAuthenticator","adaptLegacyOAuthHandler","adaptLegacyOAuthSignInResolver"],"mappings":";;;;;;;;AAkCO,MAAM,SAASA,2DAA8B,CAAA;AAAA,EAClD,OAAO,OAaJ,EAAA;AACD,IAAA,OAAOC,yCAA2B,CAAA;AAAA,MAChC,aAAe,EAAAC,yDAAA;AAAA,MACf,gBAAA,EAAkBC,+CAAwB,CAAA,OAAA,EAAS,WAAW,CAAA;AAAA,MAC9D,cAAgB,EAAAC,6DAAA,CAA+B,OAAS,EAAA,MAAA,EAAQ,QAAQ,CAAA;AAAA,KACzE,CAAA,CAAA;AAAA,GACH;AACF,CAAC;;;;"}