npm - @backstage/plugin-auth-backend - Versions diffs - 0.24.0-next.1 → 0.24.0-next.2 - Mend

@backstage/plugin-auth-backend 0.24.0-next.1 → 0.24.0-next.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (46) hide show

package/dist/lib/oauth/OAuthAdapter.cjs.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"OAuthAdapter.cjs.js","sources":["../../../src/lib/oauth/OAuthAdapter.ts"],"sourcesContent":["/\n Copyright 2020 The Backstage Authors\n \n Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n \n http://www.apache.org/licenses/LICENSE-2.0\n \n Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n /\n\nimport express, { CookieOptions } from 'express';\nimport crypto from 'crypto';\nimport { URL } from 'url';\nimport {\n AuthProviderConfig,\n AuthProviderRouteHandlers,\n BackstageIdentityResponse,\n BackstageSignInResult,\n CookieConfigurer,\n OAuthState,\n} from '@backstage/plugin-auth-node';\nimport {\n AuthenticationError,\n InputError,\n isError,\n NotAllowedError,\n} from '@backstage/errors';\nimport { defaultCookieConfigurer, readState, verifyNonce } from './helpers';\nimport {\n postMessageResponse,\n ensuresXRequestedWith,\n WebMessageResponse,\n} from '../flow';\nimport {\n OAuthHandlers,\n OAuthStartRequest,\n OAuthRefreshRequest,\n OAuthLogoutRequest,\n} from './types';\nimport { prepareBackstageIdentityResponse } from '../../providers/prepareBackstageIdentityResponse';\n\nexport const THOUSAND_DAYS_MS = 1000 24 * 60 * 60 * 1000;\nexport const TEN_MINUTES_MS = 600 * 1000;\n\n/*\n @public\n * @deprecated Use `createOAuthRouteHandlers` from `@backstage/plugin-auth-node` instead\n /\nexport type OAuthAdapterOptions = {\n providerId: string;\n persistScopes?: boolean;\n appOrigin: string;\n baseUrl: string;\n cookieConfigurer: CookieConfigurer;\n isOriginAllowed: (origin: string) => boolean;\n callbackUrl: string;\n};\n\n/\n @public\n * @deprecated Use `createOAuthRouteHandlers` from `@backstage/plugin-auth-node` instead\n /\nexport class OAuthAdapter implements AuthProviderRouteHandlers {\n static fromConfig(\n config: AuthProviderConfig,\n handlers: OAuthHandlers,\n options: Pick<\n OAuthAdapterOptions,\n 'providerId' \| 'persistScopes' \| 'callbackUrl'\n >,\n ): OAuthAdapter {\n const { appUrl, baseUrl, isOriginAllowed } = config;\n const { origin: appOrigin } = new URL(appUrl);\n\n const cookieConfigurer = config.cookieConfigurer ?? defaultCookieConfigurer;\n\n return new OAuthAdapter(handlers, {\n ...options,\n appOrigin,\n baseUrl,\n cookieConfigurer,\n isOriginAllowed,\n });\n }\n\n private readonly baseCookieOptions: CookieOptions;\n\n constructor(\n private readonly handlers: OAuthHandlers,\n private readonly options: OAuthAdapterOptions,\n ) {\n this.baseCookieOptions = {\n httpOnly: true,\n sameSite: 'lax',\n };\n }\n\n async start(req: express.Request, res: express.Response): Promise<void> {\n // retrieve scopes from request\n const scope = req.query.scope?.toString() ?? '';\n const env = req.query.env?.toString();\n const origin = req.query.origin?.toString();\n const redirectUrl = req.query.redirectUrl?.toString();\n const flow = req.query.flow?.toString();\n\n if (!env) {\n throw new InputError('No env provided in request query parameters');\n }\n\n const cookieConfig = this.getCookieConfig(origin);\n\n const nonce = crypto.randomBytes(16).toString('base64');\n // set a nonce cookie before redirecting to oauth provider\n this.setNonceCookie(res, nonce, cookieConfig);\n\n const state: OAuthState = { nonce, env, origin, redirectUrl, flow };\n\n // If scopes are persisted then we pass them through the state so that we\n // can set the cookie on successful auth\n if (this.options.persistScopes) {\n state.scope = scope;\n }\n const forwardReq = Object.assign(req, { scope, state });\n\n const { url, status } = await this.handlers.start(\n forwardReq as OAuthStartRequest,\n );\n\n res.statusCode = status \|\| 302;\n res.setHeader('Location', url);\n res.setHeader('Content-Length', '0');\n res.end();\n }\n\n async frameHandler(\n req: express.Request,\n res: express.Response,\n ): Promise<void> {\n let appOrigin = this.options.appOrigin;\n\n try {\n const state: OAuthState = readState(req.query.state?.toString() ?? '');\n\n if (state.origin) {\n try {\n appOrigin = new URL(state.origin).origin;\n } catch {\n throw new NotAllowedError('App origin is invalid, failed to parse');\n }\n if (!this.options.isOriginAllowed(appOrigin)) {\n throw new NotAllowedError(`Origin '${appOrigin}' is not allowed`);\n }\n }\n\n // verify nonce cookie and state cookie on callback\n verifyNonce(req, this.options.providerId);\n\n const { response, refreshToken } = await this.handlers.handler(req);\n\n const cookieConfig = this.getCookieConfig(appOrigin);\n\n // Store the scope that we have been granted for this session. This is useful if\n // the provider does not return granted scopes on refresh or if they are normalized.\n if (this.options.persistScopes && state.scope) {\n this.setGrantedScopeCookie(res, state.scope, cookieConfig);\n response.providerInfo.scope = state.scope;\n }\n\n if (refreshToken) {\n // set new refresh token\n this.setRefreshTokenCookie(res, refreshToken, cookieConfig);\n }\n\n const identity = await this.populateIdentity(response.backstageIdentity);\n\n const responseObj: WebMessageResponse = {\n type: 'authorization_response',\n response: { ...response, backstageIdentity: identity },\n };\n\n if (state.flow === 'redirect') {\n if (!state.redirectUrl) {\n throw new InputError(\n 'No redirectUrl provided in request query parameters',\n );\n }\n res.redirect(state.redirectUrl);\n return undefined;\n }\n // post message back to popup if successful\n return postMessageResponse(res, appOrigin, responseObj);\n } catch (error) {\n const { name, message } = isError(error)\n ? error\n : new Error('Encountered invalid error'); // Being a bit safe and not forwarding the bad value\n // post error message back to popup if failure\n return postMessageResponse(res, appOrigin, {\n type: 'authorization_response',\n error: { name, message },\n });\n }\n }\n\n async logout(req: express.Request, res: express.Response): Promise<void> {\n if (!ensuresXRequestedWith(req)) {\n throw new AuthenticationError('Invalid X-Requested-With header');\n }\n\n if (this.handlers.logout) {\n const refreshToken = this.getRefreshTokenFromCookie(req);\n const revokeRequest: OAuthLogoutRequest = Object.assign(req, {\n refreshToken,\n });\n await this.handlers.logout(revokeRequest);\n }\n\n // remove refresh token cookie if it is set\n const origin = req.get('origin');\n const cookieConfig = this.getCookieConfig(origin);\n this.removeRefreshTokenCookie(res, cookieConfig);\n\n res.status(200).end();\n }\n\n async refresh(req: express.Request, res: express.Response): Promise<void> {\n if (!ensuresXRequestedWith(req)) {\n throw new AuthenticationError('Invalid X-Requested-With header');\n }\n\n if (!this.handlers.refresh) {\n throw new InputError(\n `Refresh token is not supported for provider ${this.options.providerId}`,\n );\n }\n\n try {\n const refreshToken = this.getRefreshTokenFromCookie(req);\n\n // throw error if refresh token is missing in the request\n if (!refreshToken) {\n throw new InputError('Missing session cookie');\n }\n\n let scope = req.query.scope?.toString() ?? '';\n if (this.options.persistScopes) {\n scope = this.getGrantedScopeFromCookie(req);\n }\n const forwardReq = Object.assign(req, { scope, refreshToken });\n\n // get new access_token\n const { response, refreshToken: newRefreshToken } =\n await this.handlers.refresh(forwardReq as OAuthRefreshRequest);\n\n const backstageIdentity = await this.populateIdentity(\n response.backstageIdentity,\n );\n\n if (newRefreshToken && newRefreshToken !== refreshToken) {\n const origin = req.get('origin');\n const cookieConfig = this.getCookieConfig(origin);\n this.setRefreshTokenCookie(res, newRefreshToken, cookieConfig);\n }\n\n res.status(200).json({ ...response, backstageIdentity });\n } catch (error) {\n throw new AuthenticationError('Refresh failed', error);\n }\n }\n\n /\n If the response from the OAuth provider includes a Backstage identity, we\n * make sure it's populated with all the information we can derive from the user ID.\n */\n private async populateIdentity(\n identity?: BackstageSignInResult,\n ): Promise<BackstageIdentityResponse \| undefined> {\n if (!identity) {\n return undefined;\n }\n if (!identity.token) {\n throw new InputError(`Identity response must return a token`);\n }\n\n return prepareBackstageIdentityResponse(identity);\n }\n\n private setNonceCookie = (\n res: express.Response,\n nonce: string,\n cookieConfig: ReturnType<CookieConfigurer>,\n ) => {\n res.cookie(`${this.options.providerId}-nonce`, nonce, {\n maxAge: TEN_MINUTES_MS,\n ...this.baseCookieOptions,\n ...cookieConfig,\n path: `${cookieConfig.path}/handler`,\n });\n };\n\n private setGrantedScopeCookie = (\n res: express.Response,\n scope: string,\n cookieConfig: ReturnType<CookieConfigurer>,\n ) => {\n res.cookie(`${this.options.providerId}-granted-scope`, scope, {\n maxAge: THOUSAND_DAYS_MS,\n ...this.baseCookieOptions,\n ...cookieConfig,\n });\n };\n\n private getRefreshTokenFromCookie = (req: express.Request) => {\n return req.cookies[`${this.options.providerId}-refresh-token`];\n };\n\n private getGrantedScopeFromCookie = (req: express.Request) => {\n return req.cookies[`${this.options.providerId}-granted-scope`];\n };\n\n private setRefreshTokenCookie = (\n res: express.Response,\n refreshToken: string,\n cookieConfig: ReturnType<CookieConfigurer>,\n ) => {\n res.cookie(`${this.options.providerId}-refresh-token`, refreshToken, {\n maxAge: THOUSAND_DAYS_MS,\n ...this.baseCookieOptions,\n ...cookieConfig,\n });\n };\n\n private removeRefreshTokenCookie = (\n res: express.Response,\n cookieConfig: ReturnType<CookieConfigurer>,\n ) => {\n res.cookie(`${this.options.providerId}-refresh-token`, '', {\n maxAge: 0,\n ...this.baseCookieOptions,\n ...cookieConfig,\n });\n };\n\n private getCookieConfig = (origin?: string) => {\n return this.options.cookieConfigurer({\n providerId: this.options.providerId,\n baseUrl: this.options.baseUrl,\n callbackUrl: this.options.callbackUrl,\n appOrigin: origin ?? this.options.appOrigin,\n });\n };\n}\n"],"names":["URL","defaultCookieConfigurer","InputError","crypto","readState","NotAllowedError","verifyNonce","postMessageResponse","isError","ensuresXRequestedWith","AuthenticationError","prepareBackstageIdentityResponse"],"mappings":";;;;;;;;;;;;;AA+CO,MAAM,gBAAmB,GAAA,GAAA,GAAO,EAAK,GAAA,EAAA,GAAK,EAAK,GAAA,IAAA;AAC/C,MAAM,iBAAiB,GAAM,GAAA,IAAA;AAoB7B,MAAM,YAAkD,CAAA;AAAA,EAyB7D,WAAA,CACmB,UACA,OACjB,EAAA;AAFiB,IAAA,IAAA,CAAA,QAAA,GAAA,QAAA,CAAA;AACA,IAAA,IAAA,CAAA,OAAA,GAAA,OAAA,CAAA;AAEjB,IAAA,IAAA,CAAK,iBAAoB,GAAA;AAAA,MACvB,QAAU,EAAA,IAAA;AAAA,MACV,QAAU,EAAA,KAAA;AAAA,KACZ,CAAA;AAAA,GACF;AAAA,EAhCA,OAAO,UAAA,CACL,MACA,EAAA,QAAA,EACA,OAIc,EAAA;AACd,IAAA,MAAM,EAAE,MAAA,EAAQ,OAAS,EAAA,eAAA,EAAoB,GAAA,MAAA,CAAA;AAC7C,IAAA,MAAM,EAAE,MAAQ,EAAA,SAAA,EAAc,GAAA,IAAIA,QAAI,MAAM,CAAA,CAAA;AAE5C,IAAM,MAAA,gBAAA,GAAmB,OAAO,gBAAoB,IAAAC,+BAAA,CAAA;AAEpD,IAAO,OAAA,IAAI,aAAa,QAAU,EAAA;AAAA,MAChC,GAAG,OAAA;AAAA,MACH,SAAA;AAAA,MACA,OAAA;AAAA,MACA,gBAAA;AAAA,MACA,eAAA;AAAA,KACD,CAAA,CAAA;AAAA,GACH;AAAA,EAEiB,iBAAA,CAAA;AAAA,EAYjB,MAAM,KAAM,CAAA,GAAA,EAAsB,GAAsC,EAAA;AAEtE,IAAA,MAAM,KAAQ,GAAA,GAAA,CAAI,KAAM,CAAA,KAAA,EAAO,UAAc,IAAA,EAAA,CAAA;AAC7C,IAAA,MAAM,GAAM,GAAA,GAAA,CAAI,KAAM,CAAA,GAAA,EAAK,QAAS,EAAA,CAAA;AACpC,IAAA,MAAM,MAAS,GAAA,GAAA,CAAI,KAAM,CAAA,MAAA,EAAQ,QAAS,EAAA,CAAA;AAC1C,IAAA,MAAM,WAAc,GAAA,GAAA,CAAI,KAAM,CAAA,WAAA,EAAa,QAAS,EAAA,CAAA;AACpD,IAAA,MAAM,IAAO,GAAA,GAAA,CAAI,KAAM,CAAA,IAAA,EAAM,QAAS,EAAA,CAAA;AAEtC,IAAA,IAAI,CAAC,GAAK,EAAA;AACR,MAAM,MAAA,IAAIC,kBAAW,6CAA6C,CAAA,CAAA;AAAA,KACpE;AAEA,IAAM,MAAA,YAAA,GAAe,IAAK,CAAA,eAAA,CAAgB,MAAM,CAAA,CAAA;AAEhD,IAAA,MAAM,QAAQC,uBAAO,CAAA,WAAA,CAAY,EAAE,CAAA,CAAE,SAAS,QAAQ,CAAA,CAAA;AAEtD,IAAK,IAAA,CAAA,cAAA,CAAe,GAAK,EAAA,KAAA,EAAO,YAAY,CAAA,CAAA;AAE5C,IAAA,MAAM,QAAoB,EAAE,KAAA,EAAO,GAAK,EAAA,MAAA,EAAQ,aAAa,IAAK,EAAA,CAAA;AAIlE,IAAI,IAAA,IAAA,CAAK,QAAQ,aAAe,EAAA;AAC9B,MAAA,KAAA,CAAM,KAAQ,GAAA,KAAA,CAAA;AAAA,KAChB;AACA,IAAA,MAAM,aAAa,MAAO,CAAA,MAAA,CAAO,KAAK,EAAE,KAAA,EAAO,OAAO,CAAA,CAAA;AAEtD,IAAA,MAAM,EAAE,GAAK,EAAA,MAAA,EAAW,GAAA,MAAM,KAAK,QAAS,CAAA,KAAA;AAAA,MAC1C,UAAA;AAAA,KACF,CAAA;AAEA,IAAA,GAAA,CAAI,aAAa,MAAU,IAAA,GAAA,CAAA;AAC3B,IAAI,GAAA,CAAA,SAAA,CAAU,YAAY,GAAG,CAAA,CAAA;AAC7B,IAAI,GAAA,CAAA,SAAA,CAAU,kBAAkB,GAAG,CAAA,CAAA;AACnC,IAAA,GAAA,CAAI,GAAI,EAAA,CAAA;AAAA,GACV;AAAA,EAEA,MAAM,YACJ,CAAA,GAAA,EACA,GACe,EAAA;AACf,IAAI,IAAA,SAAA,GAAY,KAAK,OAAQ,CAAA,SAAA,CAAA;AAE7B,IAAI,IAAA;AACF,MAAA,MAAM,QAAoBC,iBAAU,CAAA,GAAA,CAAI,MAAM,KAAO,EAAA,QAAA,MAAc,EAAE,CAAA,CAAA;AAErE,MAAA,IAAI,MAAM,MAAQ,EAAA;AAChB,QAAI,IAAA;AACF,UAAA,SAAA,GAAY,IAAIJ,OAAA,CAAI,KAAM,CAAA,MAAM,CAAE,CAAA,MAAA,CAAA;AAAA,SAC5B,CAAA,MAAA;AACN,UAAM,MAAA,IAAIK,uBAAgB,wCAAwC,CAAA,CAAA;AAAA,SACpE;AACA,QAAA,IAAI,CAAC,IAAA,CAAK,OAAQ,CAAA,eAAA,CAAgB,SAAS,CAAG,EAAA;AAC5C,UAAA,MAAM,IAAIA,sBAAA,CAAgB,CAAW,QAAA,EAAA,SAAS,CAAkB,gBAAA,CAAA,CAAA,CAAA;AAAA,SAClE;AAAA,OACF;AAGA,MAAYC,mBAAA,CAAA,GAAA,EAAK,IAAK,CAAA,OAAA,CAAQ,UAAU,CAAA,CAAA;AAExC,MAAM,MAAA,EAAE,UAAU,YAAa,EAAA,GAAI,MAAM,IAAK,CAAA,QAAA,CAAS,QAAQ,GAAG,CAAA,CAAA;AAElE,MAAM,MAAA,YAAA,GAAe,IAAK,CAAA,eAAA,CAAgB,SAAS,CAAA,CAAA;AAInD,MAAA,IAAI,IAAK,CAAA,OAAA,CAAQ,aAAiB,IAAA,KAAA,CAAM,KAAO,EAAA;AAC7C,QAAA,IAAA,CAAK,qBAAsB,CAAA,GAAA,EAAK,KAAM,CAAA,KAAA,EAAO,YAAY,CAAA,CAAA;AACzD,QAAS,QAAA,CAAA,YAAA,CAAa,QAAQ,KAAM,CAAA,KAAA,CAAA;AAAA,OACtC;AAEA,MAAA,IAAI,YAAc,EAAA;AAEhB,QAAK,IAAA,CAAA,qBAAA,CAAsB,GAAK,EAAA,YAAA,EAAc,YAAY,CAAA,CAAA;AAAA,OAC5D;AAEA,MAAA,MAAM,QAAW,GAAA,MAAM,IAAK,CAAA,gBAAA,CAAiB,SAAS,iBAAiB,CAAA,CAAA;AAEvE,MAAA,MAAM,WAAkC,GAAA;AAAA,QACtC,IAAM,EAAA,wBAAA;AAAA,QACN,QAAU,EAAA,EAAE,GAAG,QAAA,EAAU,mBAAmB,QAAS,EAAA;AAAA,OACvD,CAAA;AAEA,MAAI,IAAA,KAAA,CAAM,SAAS,UAAY,EAAA;AAC7B,QAAI,IAAA,CAAC,MAAM,WAAa,EAAA;AACtB,UAAA,MAAM,IAAIJ,iBAAA;AAAA,YACR,qDAAA;AAAA,WACF,CAAA;AAAA,SACF;AACA,QAAI,GAAA,CAAA,QAAA,CAAS,MAAM,WAAW,CAAA,CAAA;AAC9B,QAAO,OAAA,KAAA,CAAA,CAAA;AAAA,OACT;AAEA,MAAO,OAAAK,mCAAA,CAAoB,GAAK,EAAA,SAAA,EAAW,WAAW,CAAA,CAAA;AAAA,aAC/C,KAAO,EAAA;AACd,MAAM,MAAA,EAAE,IAAM,EAAA,OAAA,EAAY,GAAAC,cAAA,CAAQ,KAAK,CACnC,GAAA,KAAA,GACA,IAAI,KAAA,CAAM,2BAA2B,CAAA,CAAA;AAEzC,MAAO,OAAAD,mCAAA,CAAoB,KAAK,SAAW,EAAA;AAAA,QACzC,IAAM,EAAA,wBAAA;AAAA,QACN,KAAA,EAAO,EAAE,IAAA,EAAM,OAAQ,EAAA;AAAA,OACxB,CAAA,CAAA;AAAA,KACH;AAAA,GACF;AAAA,EAEA,MAAM,MAAO,CAAA,GAAA,EAAsB,GAAsC,EAAA;AACvE,IAAI,IAAA,CAACE,qCAAsB,CAAA,GAAG,CAAG,EAAA;AAC/B,MAAM,MAAA,IAAIC,2BAAoB,iCAAiC,CAAA,CAAA;AAAA,KACjE;AAEA,IAAI,IAAA,IAAA,CAAK,SAAS,MAAQ,EAAA;AACxB,MAAM,MAAA,YAAA,GAAe,IAAK,CAAA,yBAAA,CAA0B,GAAG,CAAA,CAAA;AACvD,MAAM,MAAA,aAAA,GAAoC,MAAO,CAAA,MAAA,CAAO,GAAK,EAAA;AAAA,QAC3D,YAAA;AAAA,OACD,CAAA,CAAA;AACD,MAAM,MAAA,IAAA,CAAK,QAAS,CAAA,MAAA,CAAO,aAAa,CAAA,CAAA;AAAA,KAC1C;AAGA,IAAM,MAAA,MAAA,GAAS,GAAI,CAAA,GAAA,CAAI,QAAQ,CAAA,CAAA;AAC/B,IAAM,MAAA,YAAA,GAAe,IAAK,CAAA,eAAA,CAAgB,MAAM,CAAA,CAAA;AAChD,IAAK,IAAA,CAAA,wBAAA,CAAyB,KAAK,YAAY,CAAA,CAAA;AAE/C,IAAI,GAAA,CAAA,MAAA,CAAO,GAAG,CAAA,CAAE,GAAI,EAAA,CAAA;AAAA,GACtB;AAAA,EAEA,MAAM,OAAQ,CAAA,GAAA,EAAsB,GAAsC,EAAA;AACxE,IAAI,IAAA,CAACD,qCAAsB,CAAA,GAAG,CAAG,EAAA;AAC/B,MAAM,MAAA,IAAIC,2BAAoB,iCAAiC,CAAA,CAAA;AAAA,KACjE;AAEA,IAAI,IAAA,CAAC,IAAK,CAAA,QAAA,CAAS,OAAS,EAAA;AAC1B,MAAA,MAAM,IAAIR,iBAAA;AAAA,QACR,CAAA,4CAAA,EAA+C,IAAK,CAAA,OAAA,CAAQ,UAAU,CAAA,CAAA;AAAA,OACxE,CAAA;AAAA,KACF;AAEA,IAAI,IAAA;AACF,MAAM,MAAA,YAAA,GAAe,IAAK,CAAA,yBAAA,CAA0B,GAAG,CAAA,CAAA;AAGvD,MAAA,IAAI,CAAC,YAAc,EAAA;AACjB,QAAM,MAAA,IAAIA,kBAAW,wBAAwB,CAAA,CAAA;AAAA,OAC/C;AAEA,MAAA,IAAI,KAAQ,GAAA,GAAA,CAAI,KAAM,CAAA,KAAA,EAAO,UAAc,IAAA,EAAA,CAAA;AAC3C,MAAI,IAAA,IAAA,CAAK,QAAQ,aAAe,EAAA;AAC9B,QAAQ,KAAA,GAAA,IAAA,CAAK,0BAA0B,GAAG,CAAA,CAAA;AAAA,OAC5C;AACA,MAAA,MAAM,aAAa,MAAO,CAAA,MAAA,CAAO,KAAK,EAAE,KAAA,EAAO,cAAc,CAAA,CAAA;AAG7D,MAAM,MAAA,EAAE,UAAU,YAAc,EAAA,eAAA,KAC9B,MAAM,IAAA,CAAK,QAAS,CAAA,OAAA,CAAQ,UAAiC,CAAA,CAAA;AAE/D,MAAM,MAAA,iBAAA,GAAoB,MAAM,IAAK,CAAA,gBAAA;AAAA,QACnC,QAAS,CAAA,iBAAA;AAAA,OACX,CAAA;AAEA,MAAI,IAAA,eAAA,IAAmB,oBAAoB,YAAc,EAAA;AACvD,QAAM,MAAA,MAAA,GAAS,GAAI,CAAA,GAAA,CAAI,QAAQ,CAAA,CAAA;AAC/B,QAAM,MAAA,YAAA,GAAe,IAAK,CAAA,eAAA,CAAgB,MAAM,CAAA,CAAA;AAChD,QAAK,IAAA,CAAA,qBAAA,CAAsB,GAAK,EAAA,eAAA,EAAiB,YAAY,CAAA,CAAA;AAAA,OAC/D;AAEA,MAAI,GAAA,CAAA,MAAA,CAAO,GAAG,CAAE,CAAA,IAAA,CAAK,EAAE,GAAG,QAAA,EAAU,mBAAmB,CAAA,CAAA;AAAA,aAChD,KAAO,EAAA;AACd,MAAM,MAAA,IAAIQ,0BAAoB,CAAA,gBAAA,EAAkB,KAAK,CAAA,CAAA;AAAA,KACvD;AAAA,GACF;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,MAAc,iBACZ,QACgD,EAAA;AAChD,IAAA,IAAI,CAAC,QAAU,EAAA;AACb,MAAO,OAAA,KAAA,CAAA,CAAA;AAAA,KACT;AACA,IAAI,IAAA,CAAC,SAAS,KAAO,EAAA;AACnB,MAAM,MAAA,IAAIR,kBAAW,CAAuC,qCAAA,CAAA,CAAA,CAAA;AAAA,KAC9D;AAEA,IAAA,OAAOS,kEAAiC,QAAQ,CAAA,CAAA;AAAA,GAClD;AAAA,EAEQ,cAAiB,GAAA,CACvB,GACA,EAAA,KAAA,EACA,YACG,KAAA;AACH,IAAA,GAAA,CAAI,OAAO,CAAG,EAAA,IAAA,CAAK,OAAQ,CAAA,UAAU,UAAU,KAAO,EAAA;AAAA,MACpD,MAAQ,EAAA,cAAA;AAAA,MACR,GAAG,IAAK,CAAA,iBAAA;AAAA,MACR,GAAG,YAAA;AAAA,MACH,IAAA,EAAM,CAAG,EAAA,YAAA,CAAa,IAAI,CAAA,QAAA,CAAA;AAAA,KAC3B,CAAA,CAAA;AAAA,GACH,CAAA;AAAA,EAEQ,qBAAwB,GAAA,CAC9B,GACA,EAAA,KAAA,EACA,YACG,KAAA;AACH,IAAA,GAAA,CAAI,OAAO,CAAG,EAAA,IAAA,CAAK,OAAQ,CAAA,UAAU,kBAAkB,KAAO,EAAA;AAAA,MAC5D,MAAQ,EAAA,gBAAA;AAAA,MACR,GAAG,IAAK,CAAA,iBAAA;AAAA,MACR,GAAG,YAAA;AAAA,KACJ,CAAA,CAAA;AAAA,GACH,CAAA;AAAA,EAEQ,yBAAA,GAA4B,CAAC,GAAyB,KAAA;AAC5D,IAAA,OAAO,IAAI,OAAQ,CAAA,CAAA,EAAG,IAAK,CAAA,OAAA,CAAQ,UAAU,CAAgB,cAAA,CAAA,CAAA,CAAA;AAAA,GAC/D,CAAA;AAAA,EAEQ,yBAAA,GAA4B,CAAC,GAAyB,KAAA;AAC5D,IAAA,OAAO,IAAI,OAAQ,CAAA,CAAA,EAAG,IAAK,CAAA,OAAA,CAAQ,UAAU,CAAgB,cAAA,CAAA,CAAA,CAAA;AAAA,GAC/D,CAAA;AAAA,EAEQ,qBAAwB,GAAA,CAC9B,GACA,EAAA,YAAA,EACA,YACG,KAAA;AACH,IAAA,GAAA,CAAI,OAAO,CAAG,EAAA,IAAA,CAAK,OAAQ,CAAA,UAAU,kBAAkB,YAAc,EAAA;AAAA,MACnE,MAAQ,EAAA,gBAAA;AAAA,MACR,GAAG,IAAK,CAAA,iBAAA;AAAA,MACR,GAAG,YAAA;AAAA,KACJ,CAAA,CAAA;AAAA,GACH,CAAA;AAAA,EAEQ,wBAAA,GAA2B,CACjC,GAAA,EACA,YACG,KAAA;AACH,IAAA,GAAA,CAAI,OAAO,CAAG,EAAA,IAAA,CAAK,OAAQ,CAAA,UAAU,kBAAkB,EAAI,EAAA;AAAA,MACzD,MAAQ,EAAA,CAAA;AAAA,MACR,GAAG,IAAK,CAAA,iBAAA;AAAA,MACR,GAAG,YAAA;AAAA,KACJ,CAAA,CAAA;AAAA,GACH,CAAA;AAAA,EAEQ,eAAA,GAAkB,CAAC,MAAoB,KAAA;AAC7C,IAAO,OAAA,IAAA,CAAK,QAAQ,gBAAiB,CAAA;AAAA,MACnC,UAAA,EAAY,KAAK,OAAQ,CAAA,UAAA;AAAA,MACzB,OAAA,EAAS,KAAK,OAAQ,CAAA,OAAA;AAAA,MACtB,WAAA,EAAa,KAAK,OAAQ,CAAA,WAAA;AAAA,MAC1B,SAAA,EAAW,MAAU,IAAA,IAAA,CAAK,OAAQ,CAAA,SAAA;AAAA,KACnC,CAAA,CAAA;AAAA,GACH,CAAA;AACF;;;;;;"}
1	+ {"version":3,"file":"OAuthAdapter.cjs.js","sources":["../../../src/lib/oauth/OAuthAdapter.ts"],"sourcesContent":["/\n Copyright 2020 The Backstage Authors\n \n Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n \n http://www.apache.org/licenses/LICENSE-2.0\n \n Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n /\n\nimport express, { CookieOptions } from 'express';\nimport crypto from 'crypto';\nimport { URL } from 'url';\nimport {\n AuthProviderConfig,\n AuthProviderRouteHandlers,\n BackstageIdentityResponse,\n BackstageSignInResult,\n CookieConfigurer,\n OAuthState,\n} from '@backstage/plugin-auth-node';\nimport {\n AuthenticationError,\n InputError,\n isError,\n NotAllowedError,\n} from '@backstage/errors';\nimport { defaultCookieConfigurer, readState, verifyNonce } from './helpers';\nimport {\n postMessageResponse,\n ensuresXRequestedWith,\n WebMessageResponse,\n} from '../flow';\nimport {\n OAuthHandlers,\n OAuthStartRequest,\n OAuthRefreshRequest,\n OAuthLogoutRequest,\n} from './types';\nimport { prepareBackstageIdentityResponse } from '../../providers/prepareBackstageIdentityResponse';\n\nexport const THOUSAND_DAYS_MS = 1000 24 * 60 * 60 * 1000;\nexport const TEN_MINUTES_MS = 600 * 1000;\n\n/*\n @public\n * @deprecated Use `createOAuthRouteHandlers` from `@backstage/plugin-auth-node` instead\n /\nexport type OAuthAdapterOptions = {\n providerId: string;\n persistScopes?: boolean;\n appOrigin: string;\n baseUrl: string;\n cookieConfigurer: CookieConfigurer;\n isOriginAllowed: (origin: string) => boolean;\n callbackUrl: string;\n};\n\n/\n @public\n * @deprecated Use `createOAuthRouteHandlers` from `@backstage/plugin-auth-node` instead\n /\nexport class OAuthAdapter implements AuthProviderRouteHandlers {\n static fromConfig(\n config: AuthProviderConfig,\n handlers: OAuthHandlers,\n options: Pick<\n OAuthAdapterOptions,\n 'providerId' \| 'persistScopes' \| 'callbackUrl'\n >,\n ): OAuthAdapter {\n const { appUrl, baseUrl, isOriginAllowed } = config;\n const { origin: appOrigin } = new URL(appUrl);\n\n const cookieConfigurer = config.cookieConfigurer ?? defaultCookieConfigurer;\n\n return new OAuthAdapter(handlers, {\n ...options,\n appOrigin,\n baseUrl,\n cookieConfigurer,\n isOriginAllowed,\n });\n }\n\n private readonly baseCookieOptions: CookieOptions;\n\n constructor(\n private readonly handlers: OAuthHandlers,\n private readonly options: OAuthAdapterOptions,\n ) {\n this.baseCookieOptions = {\n httpOnly: true,\n sameSite: 'lax',\n };\n }\n\n async start(req: express.Request, res: express.Response): Promise<void> {\n // retrieve scopes from request\n const scope = req.query.scope?.toString() ?? '';\n const env = req.query.env?.toString();\n const origin = req.query.origin?.toString();\n const redirectUrl = req.query.redirectUrl?.toString();\n const flow = req.query.flow?.toString();\n\n if (!env) {\n throw new InputError('No env provided in request query parameters');\n }\n\n const cookieConfig = this.getCookieConfig(origin);\n\n const nonce = crypto.randomBytes(16).toString('base64');\n // set a nonce cookie before redirecting to oauth provider\n this.setNonceCookie(res, nonce, cookieConfig);\n\n const state: OAuthState = { nonce, env, origin, redirectUrl, flow };\n\n // If scopes are persisted then we pass them through the state so that we\n // can set the cookie on successful auth\n if (this.options.persistScopes) {\n state.scope = scope;\n }\n const forwardReq = Object.assign(req, { scope, state });\n\n const { url, status } = await this.handlers.start(\n forwardReq as OAuthStartRequest,\n );\n\n res.statusCode = status \|\| 302;\n res.setHeader('Location', url);\n res.setHeader('Content-Length', '0');\n res.end();\n }\n\n async frameHandler(\n req: express.Request,\n res: express.Response,\n ): Promise<void> {\n let appOrigin = this.options.appOrigin;\n\n try {\n const state: OAuthState = readState(req.query.state?.toString() ?? '');\n\n if (state.origin) {\n try {\n appOrigin = new URL(state.origin).origin;\n } catch {\n throw new NotAllowedError('App origin is invalid, failed to parse');\n }\n if (!this.options.isOriginAllowed(appOrigin)) {\n throw new NotAllowedError(`Origin '${appOrigin}' is not allowed`);\n }\n }\n\n // verify nonce cookie and state cookie on callback\n verifyNonce(req, this.options.providerId);\n\n const { response, refreshToken } = await this.handlers.handler(req);\n\n const cookieConfig = this.getCookieConfig(appOrigin);\n\n // Store the scope that we have been granted for this session. This is useful if\n // the provider does not return granted scopes on refresh or if they are normalized.\n if (this.options.persistScopes && state.scope) {\n this.setGrantedScopeCookie(res, state.scope, cookieConfig);\n response.providerInfo.scope = state.scope;\n }\n\n if (refreshToken) {\n // set new refresh token\n this.setRefreshTokenCookie(res, refreshToken, cookieConfig);\n }\n\n const identity = await this.populateIdentity(response.backstageIdentity);\n\n const responseObj: WebMessageResponse = {\n type: 'authorization_response',\n response: { ...response, backstageIdentity: identity },\n };\n\n if (state.flow === 'redirect') {\n if (!state.redirectUrl) {\n throw new InputError(\n 'No redirectUrl provided in request query parameters',\n );\n }\n res.redirect(state.redirectUrl);\n return undefined;\n }\n // post message back to popup if successful\n return postMessageResponse(res, appOrigin, responseObj);\n } catch (error) {\n const { name, message } = isError(error)\n ? error\n : new Error('Encountered invalid error'); // Being a bit safe and not forwarding the bad value\n // post error message back to popup if failure\n return postMessageResponse(res, appOrigin, {\n type: 'authorization_response',\n error: { name, message },\n });\n }\n }\n\n async logout(req: express.Request, res: express.Response): Promise<void> {\n if (!ensuresXRequestedWith(req)) {\n throw new AuthenticationError('Invalid X-Requested-With header');\n }\n\n if (this.handlers.logout) {\n const refreshToken = this.getRefreshTokenFromCookie(req);\n const revokeRequest: OAuthLogoutRequest = Object.assign(req, {\n refreshToken,\n });\n await this.handlers.logout(revokeRequest);\n }\n\n // remove refresh token cookie if it is set\n const origin = req.get('origin');\n const cookieConfig = this.getCookieConfig(origin);\n this.removeRefreshTokenCookie(res, cookieConfig);\n\n res.status(200).end();\n }\n\n async refresh(req: express.Request, res: express.Response): Promise<void> {\n if (!ensuresXRequestedWith(req)) {\n throw new AuthenticationError('Invalid X-Requested-With header');\n }\n\n if (!this.handlers.refresh) {\n throw new InputError(\n `Refresh token is not supported for provider ${this.options.providerId}`,\n );\n }\n\n try {\n const refreshToken = this.getRefreshTokenFromCookie(req);\n\n // throw error if refresh token is missing in the request\n if (!refreshToken) {\n throw new InputError('Missing session cookie');\n }\n\n let scope = req.query.scope?.toString() ?? '';\n if (this.options.persistScopes) {\n scope = this.getGrantedScopeFromCookie(req);\n }\n const forwardReq = Object.assign(req, { scope, refreshToken });\n\n // get new access_token\n const { response, refreshToken: newRefreshToken } =\n await this.handlers.refresh(forwardReq as OAuthRefreshRequest);\n\n const backstageIdentity = await this.populateIdentity(\n response.backstageIdentity,\n );\n\n if (newRefreshToken && newRefreshToken !== refreshToken) {\n const origin = req.get('origin');\n const cookieConfig = this.getCookieConfig(origin);\n this.setRefreshTokenCookie(res, newRefreshToken, cookieConfig);\n }\n\n res.status(200).json({ ...response, backstageIdentity });\n } catch (error) {\n throw new AuthenticationError('Refresh failed', error);\n }\n }\n\n /\n If the response from the OAuth provider includes a Backstage identity, we\n * make sure it's populated with all the information we can derive from the user ID.\n */\n private async populateIdentity(\n identity?: BackstageSignInResult,\n ): Promise<BackstageIdentityResponse \| undefined> {\n if (!identity) {\n return undefined;\n }\n if (!identity.token) {\n throw new InputError(`Identity response must return a token`);\n }\n\n return prepareBackstageIdentityResponse(identity);\n }\n\n private setNonceCookie = (\n res: express.Response,\n nonce: string,\n cookieConfig: ReturnType<CookieConfigurer>,\n ) => {\n res.cookie(`${this.options.providerId}-nonce`, nonce, {\n maxAge: TEN_MINUTES_MS,\n ...this.baseCookieOptions,\n ...cookieConfig,\n path: `${cookieConfig.path}/handler`,\n });\n };\n\n private setGrantedScopeCookie = (\n res: express.Response,\n scope: string,\n cookieConfig: ReturnType<CookieConfigurer>,\n ) => {\n res.cookie(`${this.options.providerId}-granted-scope`, scope, {\n maxAge: THOUSAND_DAYS_MS,\n ...this.baseCookieOptions,\n ...cookieConfig,\n });\n };\n\n private getRefreshTokenFromCookie = (req: express.Request) => {\n return req.cookies[`${this.options.providerId}-refresh-token`];\n };\n\n private getGrantedScopeFromCookie = (req: express.Request) => {\n return req.cookies[`${this.options.providerId}-granted-scope`];\n };\n\n private setRefreshTokenCookie = (\n res: express.Response,\n refreshToken: string,\n cookieConfig: ReturnType<CookieConfigurer>,\n ) => {\n res.cookie(`${this.options.providerId}-refresh-token`, refreshToken, {\n maxAge: THOUSAND_DAYS_MS,\n ...this.baseCookieOptions,\n ...cookieConfig,\n });\n };\n\n private removeRefreshTokenCookie = (\n res: express.Response,\n cookieConfig: ReturnType<CookieConfigurer>,\n ) => {\n res.cookie(`${this.options.providerId}-refresh-token`, '', {\n maxAge: 0,\n ...this.baseCookieOptions,\n ...cookieConfig,\n });\n };\n\n private getCookieConfig = (origin?: string) => {\n return this.options.cookieConfigurer({\n providerId: this.options.providerId,\n baseUrl: this.options.baseUrl,\n callbackUrl: this.options.callbackUrl,\n appOrigin: origin ?? this.options.appOrigin,\n });\n };\n}\n"],"names":["URL","defaultCookieConfigurer","InputError","crypto","readState","NotAllowedError","verifyNonce","postMessageResponse","isError","ensuresXRequestedWith","AuthenticationError","prepareBackstageIdentityResponse"],"mappings":";;;;;;;;;;;;;AA+CO,MAAM,gBAAmB,GAAA,GAAA,GAAO,EAAK,GAAA,EAAA,GAAK,EAAK,GAAA;AAC/C,MAAM,iBAAiB,GAAM,GAAA;AAoB7B,MAAM,YAAkD,CAAA;AAAA,EAyB7D,WAAA,CACmB,UACA,OACjB,EAAA;AAFiB,IAAA,IAAA,CAAA,QAAA,GAAA,QAAA;AACA,IAAA,IAAA,CAAA,OAAA,GAAA,OAAA;AAEjB,IAAA,IAAA,CAAK,iBAAoB,GAAA;AAAA,MACvB,QAAU,EAAA,IAAA;AAAA,MACV,QAAU,EAAA;AAAA,KACZ;AAAA;AACF,EAhCA,OAAO,UAAA,CACL,MACA,EAAA,QAAA,EACA,OAIc,EAAA;AACd,IAAA,MAAM,EAAE,MAAA,EAAQ,OAAS,EAAA,eAAA,EAAoB,GAAA,MAAA;AAC7C,IAAA,MAAM,EAAE,MAAQ,EAAA,SAAA,EAAc,GAAA,IAAIA,QAAI,MAAM,CAAA;AAE5C,IAAM,MAAA,gBAAA,GAAmB,OAAO,gBAAoB,IAAAC,+BAAA;AAEpD,IAAO,OAAA,IAAI,aAAa,QAAU,EAAA;AAAA,MAChC,GAAG,OAAA;AAAA,MACH,SAAA;AAAA,MACA,OAAA;AAAA,MACA,gBAAA;AAAA,MACA;AAAA,KACD,CAAA;AAAA;AACH,EAEiB,iBAAA;AAAA,EAYjB,MAAM,KAAM,CAAA,GAAA,EAAsB,GAAsC,EAAA;AAEtE,IAAA,MAAM,KAAQ,GAAA,GAAA,CAAI,KAAM,CAAA,KAAA,EAAO,UAAc,IAAA,EAAA;AAC7C,IAAA,MAAM,GAAM,GAAA,GAAA,CAAI,KAAM,CAAA,GAAA,EAAK,QAAS,EAAA;AACpC,IAAA,MAAM,MAAS,GAAA,GAAA,CAAI,KAAM,CAAA,MAAA,EAAQ,QAAS,EAAA;AAC1C,IAAA,MAAM,WAAc,GAAA,GAAA,CAAI,KAAM,CAAA,WAAA,EAAa,QAAS,EAAA;AACpD,IAAA,MAAM,IAAO,GAAA,GAAA,CAAI,KAAM,CAAA,IAAA,EAAM,QAAS,EAAA;AAEtC,IAAA,IAAI,CAAC,GAAK,EAAA;AACR,MAAM,MAAA,IAAIC,kBAAW,6CAA6C,CAAA;AAAA;AAGpE,IAAM,MAAA,YAAA,GAAe,IAAK,CAAA,eAAA,CAAgB,MAAM,CAAA;AAEhD,IAAA,MAAM,QAAQC,uBAAO,CAAA,WAAA,CAAY,EAAE,CAAA,CAAE,SAAS,QAAQ,CAAA;AAEtD,IAAK,IAAA,CAAA,cAAA,CAAe,GAAK,EAAA,KAAA,EAAO,YAAY,CAAA;AAE5C,IAAA,MAAM,QAAoB,EAAE,KAAA,EAAO,GAAK,EAAA,MAAA,EAAQ,aAAa,IAAK,EAAA;AAIlE,IAAI,IAAA,IAAA,CAAK,QAAQ,aAAe,EAAA;AAC9B,MAAA,KAAA,CAAM,KAAQ,GAAA,KAAA;AAAA;AAEhB,IAAA,MAAM,aAAa,MAAO,CAAA,MAAA,CAAO,KAAK,EAAE,KAAA,EAAO,OAAO,CAAA;AAEtD,IAAA,MAAM,EAAE,GAAK,EAAA,MAAA,EAAW,GAAA,MAAM,KAAK,QAAS,CAAA,KAAA;AAAA,MAC1C;AAAA,KACF;AAEA,IAAA,GAAA,CAAI,aAAa,MAAU,IAAA,GAAA;AAC3B,IAAI,GAAA,CAAA,SAAA,CAAU,YAAY,GAAG,CAAA;AAC7B,IAAI,GAAA,CAAA,SAAA,CAAU,kBAAkB,GAAG,CAAA;AACnC,IAAA,GAAA,CAAI,GAAI,EAAA;AAAA;AACV,EAEA,MAAM,YACJ,CAAA,GAAA,EACA,GACe,EAAA;AACf,IAAI,IAAA,SAAA,GAAY,KAAK,OAAQ,CAAA,SAAA;AAE7B,IAAI,IAAA;AACF,MAAA,MAAM,QAAoBC,iBAAU,CAAA,GAAA,CAAI,MAAM,KAAO,EAAA,QAAA,MAAc,EAAE,CAAA;AAErE,MAAA,IAAI,MAAM,MAAQ,EAAA;AAChB,QAAI,IAAA;AACF,UAAA,SAAA,GAAY,IAAIJ,OAAA,CAAI,KAAM,CAAA,MAAM,CAAE,CAAA,MAAA;AAAA,SAC5B,CAAA,MAAA;AACN,UAAM,MAAA,IAAIK,uBAAgB,wCAAwC,CAAA;AAAA;AAEpE,QAAA,IAAI,CAAC,IAAA,CAAK,OAAQ,CAAA,eAAA,CAAgB,SAAS,CAAG,EAAA;AAC5C,UAAA,MAAM,IAAIA,sBAAA,CAAgB,CAAW,QAAA,EAAA,SAAS,CAAkB,gBAAA,CAAA,CAAA;AAAA;AAClE;AAIF,MAAYC,mBAAA,CAAA,GAAA,EAAK,IAAK,CAAA,OAAA,CAAQ,UAAU,CAAA;AAExC,MAAM,MAAA,EAAE,UAAU,YAAa,EAAA,GAAI,MAAM,IAAK,CAAA,QAAA,CAAS,QAAQ,GAAG,CAAA;AAElE,MAAM,MAAA,YAAA,GAAe,IAAK,CAAA,eAAA,CAAgB,SAAS,CAAA;AAInD,MAAA,IAAI,IAAK,CAAA,OAAA,CAAQ,aAAiB,IAAA,KAAA,CAAM,KAAO,EAAA;AAC7C,QAAA,IAAA,CAAK,qBAAsB,CAAA,GAAA,EAAK,KAAM,CAAA,KAAA,EAAO,YAAY,CAAA;AACzD,QAAS,QAAA,CAAA,YAAA,CAAa,QAAQ,KAAM,CAAA,KAAA;AAAA;AAGtC,MAAA,IAAI,YAAc,EAAA;AAEhB,QAAK,IAAA,CAAA,qBAAA,CAAsB,GAAK,EAAA,YAAA,EAAc,YAAY,CAAA;AAAA;AAG5D,MAAA,MAAM,QAAW,GAAA,MAAM,IAAK,CAAA,gBAAA,CAAiB,SAAS,iBAAiB,CAAA;AAEvE,MAAA,MAAM,WAAkC,GAAA;AAAA,QACtC,IAAM,EAAA,wBAAA;AAAA,QACN,QAAU,EAAA,EAAE,GAAG,QAAA,EAAU,mBAAmB,QAAS;AAAA,OACvD;AAEA,MAAI,IAAA,KAAA,CAAM,SAAS,UAAY,EAAA;AAC7B,QAAI,IAAA,CAAC,MAAM,WAAa,EAAA;AACtB,UAAA,MAAM,IAAIJ,iBAAA;AAAA,YACR;AAAA,WACF;AAAA;AAEF,QAAI,GAAA,CAAA,QAAA,CAAS,MAAM,WAAW,CAAA;AAC9B,QAAO,OAAA,KAAA,CAAA;AAAA;AAGT,MAAO,OAAAK,mCAAA,CAAoB,GAAK,EAAA,SAAA,EAAW,WAAW,CAAA;AAAA,aAC/C,KAAO,EAAA;AACd,MAAM,MAAA,EAAE,IAAM,EAAA,OAAA,EAAY,GAAAC,cAAA,CAAQ,KAAK,CACnC,GAAA,KAAA,GACA,IAAI,KAAA,CAAM,2BAA2B,CAAA;AAEzC,MAAO,OAAAD,mCAAA,CAAoB,KAAK,SAAW,EAAA;AAAA,QACzC,IAAM,EAAA,wBAAA;AAAA,QACN,KAAA,EAAO,EAAE,IAAA,EAAM,OAAQ;AAAA,OACxB,CAAA;AAAA;AACH;AACF,EAEA,MAAM,MAAO,CAAA,GAAA,EAAsB,GAAsC,EAAA;AACvE,IAAI,IAAA,CAACE,qCAAsB,CAAA,GAAG,CAAG,EAAA;AAC/B,MAAM,MAAA,IAAIC,2BAAoB,iCAAiC,CAAA;AAAA;AAGjE,IAAI,IAAA,IAAA,CAAK,SAAS,MAAQ,EAAA;AACxB,MAAM,MAAA,YAAA,GAAe,IAAK,CAAA,yBAAA,CAA0B,GAAG,CAAA;AACvD,MAAM,MAAA,aAAA,GAAoC,MAAO,CAAA,MAAA,CAAO,GAAK,EAAA;AAAA,QAC3D;AAAA,OACD,CAAA;AACD,MAAM,MAAA,IAAA,CAAK,QAAS,CAAA,MAAA,CAAO,aAAa,CAAA;AAAA;AAI1C,IAAM,MAAA,MAAA,GAAS,GAAI,CAAA,GAAA,CAAI,QAAQ,CAAA;AAC/B,IAAM,MAAA,YAAA,GAAe,IAAK,CAAA,eAAA,CAAgB,MAAM,CAAA;AAChD,IAAK,IAAA,CAAA,wBAAA,CAAyB,KAAK,YAAY,CAAA;AAE/C,IAAI,GAAA,CAAA,MAAA,CAAO,GAAG,CAAA,CAAE,GAAI,EAAA;AAAA;AACtB,EAEA,MAAM,OAAQ,CAAA,GAAA,EAAsB,GAAsC,EAAA;AACxE,IAAI,IAAA,CAACD,qCAAsB,CAAA,GAAG,CAAG,EAAA;AAC/B,MAAM,MAAA,IAAIC,2BAAoB,iCAAiC,CAAA;AAAA;AAGjE,IAAI,IAAA,CAAC,IAAK,CAAA,QAAA,CAAS,OAAS,EAAA;AAC1B,MAAA,MAAM,IAAIR,iBAAA;AAAA,QACR,CAAA,4CAAA,EAA+C,IAAK,CAAA,OAAA,CAAQ,UAAU,CAAA;AAAA,OACxE;AAAA;AAGF,IAAI,IAAA;AACF,MAAM,MAAA,YAAA,GAAe,IAAK,CAAA,yBAAA,CAA0B,GAAG,CAAA;AAGvD,MAAA,IAAI,CAAC,YAAc,EAAA;AACjB,QAAM,MAAA,IAAIA,kBAAW,wBAAwB,CAAA;AAAA;AAG/C,MAAA,IAAI,KAAQ,GAAA,GAAA,CAAI,KAAM,CAAA,KAAA,EAAO,UAAc,IAAA,EAAA;AAC3C,MAAI,IAAA,IAAA,CAAK,QAAQ,aAAe,EAAA;AAC9B,QAAQ,KAAA,GAAA,IAAA,CAAK,0BAA0B,GAAG,CAAA;AAAA;AAE5C,MAAA,MAAM,aAAa,MAAO,CAAA,MAAA,CAAO,KAAK,EAAE,KAAA,EAAO,cAAc,CAAA;AAG7D,MAAM,MAAA,EAAE,UAAU,YAAc,EAAA,eAAA,KAC9B,MAAM,IAAA,CAAK,QAAS,CAAA,OAAA,CAAQ,UAAiC,CAAA;AAE/D,MAAM,MAAA,iBAAA,GAAoB,MAAM,IAAK,CAAA,gBAAA;AAAA,QACnC,QAAS,CAAA;AAAA,OACX;AAEA,MAAI,IAAA,eAAA,IAAmB,oBAAoB,YAAc,EAAA;AACvD,QAAM,MAAA,MAAA,GAAS,GAAI,CAAA,GAAA,CAAI,QAAQ,CAAA;AAC/B,QAAM,MAAA,YAAA,GAAe,IAAK,CAAA,eAAA,CAAgB,MAAM,CAAA;AAChD,QAAK,IAAA,CAAA,qBAAA,CAAsB,GAAK,EAAA,eAAA,EAAiB,YAAY,CAAA;AAAA;AAG/D,MAAI,GAAA,CAAA,MAAA,CAAO,GAAG,CAAE,CAAA,IAAA,CAAK,EAAE,GAAG,QAAA,EAAU,mBAAmB,CAAA;AAAA,aAChD,KAAO,EAAA;AACd,MAAM,MAAA,IAAIQ,0BAAoB,CAAA,gBAAA,EAAkB,KAAK,CAAA;AAAA;AACvD;AACF;AAAA;AAAA;AAAA;AAAA,EAMA,MAAc,iBACZ,QACgD,EAAA;AAChD,IAAA,IAAI,CAAC,QAAU,EAAA;AACb,MAAO,OAAA,KAAA,CAAA;AAAA;AAET,IAAI,IAAA,CAAC,SAAS,KAAO,EAAA;AACnB,MAAM,MAAA,IAAIR,kBAAW,CAAuC,qCAAA,CAAA,CAAA;AAAA;AAG9D,IAAA,OAAOS,kEAAiC,QAAQ,CAAA;AAAA;AAClD,EAEQ,cAAiB,GAAA,CACvB,GACA,EAAA,KAAA,EACA,YACG,KAAA;AACH,IAAA,GAAA,CAAI,OAAO,CAAG,EAAA,IAAA,CAAK,OAAQ,CAAA,UAAU,UAAU,KAAO,EAAA;AAAA,MACpD,MAAQ,EAAA,cAAA;AAAA,MACR,GAAG,IAAK,CAAA,iBAAA;AAAA,MACR,GAAG,YAAA;AAAA,MACH,IAAA,EAAM,CAAG,EAAA,YAAA,CAAa,IAAI,CAAA,QAAA;AAAA,KAC3B,CAAA;AAAA,GACH;AAAA,EAEQ,qBAAwB,GAAA,CAC9B,GACA,EAAA,KAAA,EACA,YACG,KAAA;AACH,IAAA,GAAA,CAAI,OAAO,CAAG,EAAA,IAAA,CAAK,OAAQ,CAAA,UAAU,kBAAkB,KAAO,EAAA;AAAA,MAC5D,MAAQ,EAAA,gBAAA;AAAA,MACR,GAAG,IAAK,CAAA,iBAAA;AAAA,MACR,GAAG;AAAA,KACJ,CAAA;AAAA,GACH;AAAA,EAEQ,yBAAA,GAA4B,CAAC,GAAyB,KAAA;AAC5D,IAAA,OAAO,IAAI,OAAQ,CAAA,CAAA,EAAG,IAAK,CAAA,OAAA,CAAQ,UAAU,CAAgB,cAAA,CAAA,CAAA;AAAA,GAC/D;AAAA,EAEQ,yBAAA,GAA4B,CAAC,GAAyB,KAAA;AAC5D,IAAA,OAAO,IAAI,OAAQ,CAAA,CAAA,EAAG,IAAK,CAAA,OAAA,CAAQ,UAAU,CAAgB,cAAA,CAAA,CAAA;AAAA,GAC/D;AAAA,EAEQ,qBAAwB,GAAA,CAC9B,GACA,EAAA,YAAA,EACA,YACG,KAAA;AACH,IAAA,GAAA,CAAI,OAAO,CAAG,EAAA,IAAA,CAAK,OAAQ,CAAA,UAAU,kBAAkB,YAAc,EAAA;AAAA,MACnE,MAAQ,EAAA,gBAAA;AAAA,MACR,GAAG,IAAK,CAAA,iBAAA;AAAA,MACR,GAAG;AAAA,KACJ,CAAA;AAAA,GACH;AAAA,EAEQ,wBAAA,GAA2B,CACjC,GAAA,EACA,YACG,KAAA;AACH,IAAA,GAAA,CAAI,OAAO,CAAG,EAAA,IAAA,CAAK,OAAQ,CAAA,UAAU,kBAAkB,EAAI,EAAA;AAAA,MACzD,MAAQ,EAAA,CAAA;AAAA,MACR,GAAG,IAAK,CAAA,iBAAA;AAAA,MACR,GAAG;AAAA,KACJ,CAAA;AAAA,GACH;AAAA,EAEQ,eAAA,GAAkB,CAAC,MAAoB,KAAA;AAC7C,IAAO,OAAA,IAAA,CAAK,QAAQ,gBAAiB,CAAA;AAAA,MACnC,UAAA,EAAY,KAAK,OAAQ,CAAA,UAAA;AAAA,MACzB,OAAA,EAAS,KAAK,OAAQ,CAAA,OAAA;AAAA,MACtB,WAAA,EAAa,KAAK,OAAQ,CAAA,WAAA;AAAA,MAC1B,SAAA,EAAW,MAAU,IAAA,IAAA,CAAK,OAAQ,CAAA;AAAA,KACnC,CAAA;AAAA,GACH;AACF;;;;;;"}

package/dist/lib/oauth/helpers.cjs.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"helpers.cjs.js","sources":["../../../src/lib/oauth/helpers.ts"],"sourcesContent":["/\n Copyright 2020 The Backstage Authors\n \n Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n \n http://www.apache.org/licenses/LICENSE-2.0\n \n Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n /\n\nimport express from 'express';\nimport {\n CookieConfigurer,\n OAuthState,\n decodeOAuthState,\n encodeOAuthState,\n} from '@backstage/plugin-auth-node';\n\n/\n @public\n * @deprecated Use `decodeOAuthState` from `@backstage/plugin-auth-node` instead\n /\nexport const readState = decodeOAuthState;\n\n/\n @public\n * @deprecated Use `encodeOAuthState` from `@backstage/plugin-auth-node` instead\n /\nexport const encodeState = encodeOAuthState;\n\n/\n @public\n * @deprecated Use inline logic to make sure the session and state nonce matches instead.\n */\nexport const verifyNonce = (req: express.Request, providerId: string) => {\n const cookieNonce = req.cookies[`${providerId}-nonce`];\n const state: OAuthState = readState(req.query.state?.toString() ?? '');\n const stateNonce = state.nonce;\n\n if (!cookieNonce) {\n throw new Error('Auth response is missing cookie nonce');\n }\n if (stateNonce.length === 0) {\n throw new Error('Auth response is missing state nonce');\n }\n if (cookieNonce !== stateNonce) {\n throw new Error('Invalid nonce');\n }\n};\n\nexport const defaultCookieConfigurer: CookieConfigurer = ({\n callbackUrl,\n providerId,\n appOrigin,\n}) => {\n const { hostname: domain, pathname, protocol } = new URL(callbackUrl);\n const secure = protocol === 'https:';\n\n // For situations where the auth-backend is running on a\n // different domain than the app, we set the SameSite attribute\n // to 'none' to allow third-party access to the cookie, but\n // only if it's in a secure context (https).\n let sameSite: ReturnType<CookieConfigurer>['sameSite'] = 'lax';\n if (new URL(appOrigin).hostname !== domain && secure) {\n sameSite = 'none';\n }\n\n // If the provider supports callbackUrls, the pathname will\n // contain the complete path to the frame handler so we need\n // to slice off the trailing part of the path.\n const path = pathname.endsWith(`${providerId}/handler/frame`)\n ? pathname.slice(0, -'/handler/frame'.length)\n : `${pathname}/${providerId}`;\n\n return { domain, path, secure, sameSite };\n};\n"],"names":["decodeOAuthState","encodeOAuthState"],"mappings":";;;;AA4BO,MAAM,SAAY,GAAAA~~,gCAAA~~;AAMlB,MAAM,WAAc,GAAAC~~,gCAAA~~;AAMd,MAAA,WAAA,GAAc,CAAC,GAAA,EAAsB,UAAuB,KAAA;AACvE,EAAA,MAAM,WAAc,GAAA,GAAA,CAAI,OAAQ,CAAA,CAAA,EAAG,UAAU,CAAQ,MAAA,CAAA,CAAA~~,CAAA~~;AACrD,EAAA,MAAM,QAAoB,SAAU,CAAA,GAAA,CAAI,MAAM,KAAO,EAAA,QAAA,MAAc,EAAE,CAAA~~,CAAA~~;AACrE,EAAA,MAAM,aAAa,KAAM,CAAA,KAAA~~,CAAA~~;AAEzB,EAAA,IAAI,CAAC,WAAa,EAAA;AAChB,IAAM,MAAA,IAAI,MAAM,uCAAuC,CAAA~~,CAAA~~;AAAA~~,GACzD~~;~~AACA~~,EAAI,IAAA,UAAA,CAAW,WAAW,CAAG,EAAA;AAC3B,IAAM,MAAA,IAAI,MAAM,sCAAsC,CAAA~~,CAAA~~;AAAA~~,GACxD~~;~~AACA~~,EAAA,IAAI,gBAAgB,UAAY,EAAA;AAC9B,IAAM,MAAA,IAAI,MAAM,eAAe,CAAA~~,CAAA~~;AAAA~~,GACjC~~;~~AACF,EAAA~~;AAEO,MAAM,0BAA4C,CAAC;AAAA,EACxD,WAAA;AAAA,EACA,UAAA;AAAA,EACA~~,SAAA~~;AACF,CAAM,KAAA;AACJ,EAAM,MAAA,EAAE,UAAU,MAAQ,EAAA,QAAA,EAAU,UAAa,GAAA,IAAI,IAAI,WAAW,CAAA~~,CAAA~~;AACpE,EAAA,MAAM,SAAS,QAAa,KAAA,QAAA~~,CAAA~~;AAM5B,EAAA,IAAI,QAAqD,GAAA,KAAA~~,CAAA~~;AACzD,EAAA,IAAI,IAAI,GAAI,CAAA,SAAS,CAAE,CAAA,QAAA,KAAa,UAAU,MAAQ,EAAA;AACpD,IAAW,QAAA,GAAA,MAAA~~,CAAA~~;AAAA~~,GACb~~;~~AAKA~~,EAAA,MAAM,OAAO,QAAS,CAAA,QAAA,CAAS,CAAG,EAAA,UAAU,gBAAgB,CACxD,GAAA,QAAA,CAAS,KAAM,CAAA,CAAA,EAAG,CAAC,gBAAiB,CAAA,MAAM,IAC1C,CAAG,EAAA,QAAQ,IAAI,UAAU,CAAA,CAAA~~,CAAA~~;AAE7B,EAAA,OAAO,EAAE,MAAA,EAAQ,IAAM,EAAA,MAAA,EAAQ,QAAS,EAAA~~,CAAA~~;AAC1C;;;;;;;"}
1	+ {"version":3,"file":"helpers.cjs.js","sources":["../../../src/lib/oauth/helpers.ts"],"sourcesContent":["/\n Copyright 2020 The Backstage Authors\n \n Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n \n http://www.apache.org/licenses/LICENSE-2.0\n \n Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n /\n\nimport express from 'express';\nimport {\n CookieConfigurer,\n OAuthState,\n decodeOAuthState,\n encodeOAuthState,\n} from '@backstage/plugin-auth-node';\n\n/\n @public\n * @deprecated Use `decodeOAuthState` from `@backstage/plugin-auth-node` instead\n /\nexport const readState = decodeOAuthState;\n\n/\n @public\n * @deprecated Use `encodeOAuthState` from `@backstage/plugin-auth-node` instead\n /\nexport const encodeState = encodeOAuthState;\n\n/\n @public\n * @deprecated Use inline logic to make sure the session and state nonce matches instead.\n */\nexport const verifyNonce = (req: express.Request, providerId: string) => {\n const cookieNonce = req.cookies[`${providerId}-nonce`];\n const state: OAuthState = readState(req.query.state?.toString() ?? '');\n const stateNonce = state.nonce;\n\n if (!cookieNonce) {\n throw new Error('Auth response is missing cookie nonce');\n }\n if (stateNonce.length === 0) {\n throw new Error('Auth response is missing state nonce');\n }\n if (cookieNonce !== stateNonce) {\n throw new Error('Invalid nonce');\n }\n};\n\nexport const defaultCookieConfigurer: CookieConfigurer = ({\n callbackUrl,\n providerId,\n appOrigin,\n}) => {\n const { hostname: domain, pathname, protocol } = new URL(callbackUrl);\n const secure = protocol === 'https:';\n\n // For situations where the auth-backend is running on a\n // different domain than the app, we set the SameSite attribute\n // to 'none' to allow third-party access to the cookie, but\n // only if it's in a secure context (https).\n let sameSite: ReturnType<CookieConfigurer>['sameSite'] = 'lax';\n if (new URL(appOrigin).hostname !== domain && secure) {\n sameSite = 'none';\n }\n\n // If the provider supports callbackUrls, the pathname will\n // contain the complete path to the frame handler so we need\n // to slice off the trailing part of the path.\n const path = pathname.endsWith(`${providerId}/handler/frame`)\n ? pathname.slice(0, -'/handler/frame'.length)\n : `${pathname}/${providerId}`;\n\n return { domain, path, secure, sameSite };\n};\n"],"names":["decodeOAuthState","encodeOAuthState"],"mappings":";;;;AA4BO,MAAM,SAAY,GAAAA;AAMlB,MAAM,WAAc,GAAAC;AAMd,MAAA,WAAA,GAAc,CAAC,GAAA,EAAsB,UAAuB,KAAA;AACvE,EAAA,MAAM,WAAc,GAAA,GAAA,CAAI,OAAQ,CAAA,CAAA,EAAG,UAAU,CAAQ,MAAA,CAAA,CAAA;AACrD,EAAA,MAAM,QAAoB,SAAU,CAAA,GAAA,CAAI,MAAM,KAAO,EAAA,QAAA,MAAc,EAAE,CAAA;AACrE,EAAA,MAAM,aAAa,KAAM,CAAA,KAAA;AAEzB,EAAA,IAAI,CAAC,WAAa,EAAA;AAChB,IAAM,MAAA,IAAI,MAAM,uCAAuC,CAAA;AAAA;AAEzD,EAAI,IAAA,UAAA,CAAW,WAAW,CAAG,EAAA;AAC3B,IAAM,MAAA,IAAI,MAAM,sCAAsC,CAAA;AAAA;AAExD,EAAA,IAAI,gBAAgB,UAAY,EAAA;AAC9B,IAAM,MAAA,IAAI,MAAM,eAAe,CAAA;AAAA;AAEnC;AAEO,MAAM,0BAA4C,CAAC;AAAA,EACxD,WAAA;AAAA,EACA,UAAA;AAAA,EACA;AACF,CAAM,KAAA;AACJ,EAAM,MAAA,EAAE,UAAU,MAAQ,EAAA,QAAA,EAAU,UAAa,GAAA,IAAI,IAAI,WAAW,CAAA;AACpE,EAAA,MAAM,SAAS,QAAa,KAAA,QAAA;AAM5B,EAAA,IAAI,QAAqD,GAAA,KAAA;AACzD,EAAA,IAAI,IAAI,GAAI,CAAA,SAAS,CAAE,CAAA,QAAA,KAAa,UAAU,MAAQ,EAAA;AACpD,IAAW,QAAA,GAAA,MAAA;AAAA;AAMb,EAAA,MAAM,OAAO,QAAS,CAAA,QAAA,CAAS,CAAG,EAAA,UAAU,gBAAgB,CACxD,GAAA,QAAA,CAAS,KAAM,CAAA,CAAA,EAAG,CAAC,gBAAiB,CAAA,MAAM,IAC1C,CAAG,EAAA,QAAQ,IAAI,UAAU,CAAA,CAAA;AAE7B,EAAA,OAAO,EAAE,MAAA,EAAQ,IAAM,EAAA,MAAA,EAAQ,QAAS,EAAA;AAC1C;;;;;;;"}

package/dist/lib/passport/PassportStrategyHelper.cjs.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"PassportStrategyHelper.cjs.js","sources":["../../../src/lib/passport/PassportStrategyHelper.ts"],"sourcesContent":["/\n Copyright 2020 The Backstage Authors\n \n Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n \n http://www.apache.org/licenses/LICENSE-2.0\n \n Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n /\n\nimport express from 'express';\nimport passport from 'passport';\nimport { decodeJwt } from 'jose';\nimport { InternalOAuthError } from 'passport-oauth2';\nimport { ProfileInfo } from '@backstage/plugin-auth-node';\nimport { PassportProfile } from './types';\nimport { OAuthStartResponse } from '../../providers/types';\n\nexport type PassportDoneCallback<Res, Private = never> = (\n err?: Error,\n response?: Res,\n privateInfo?: Private,\n) => void;\n\nexport const makeProfileInfo = (\n profile: PassportProfile,\n idToken?: string,\n): ProfileInfo => {\n let email: string \| undefined = undefined;\n if (profile.emails && profile.emails.length > 0) {\n const [firstEmail] = profile.emails;\n email = firstEmail.value;\n }\n\n let picture: string \| undefined = undefined;\n if (profile.avatarUrl) {\n picture = profile.avatarUrl;\n } else if (profile.photos && profile.photos.length > 0) {\n const [firstPhoto] = profile.photos;\n picture = firstPhoto.value;\n }\n\n let displayName: string \| undefined =\n profile.displayName ?? profile.username ?? profile.id;\n\n if ((!email \|\| !picture \|\| !displayName) && idToken) {\n try {\n const decoded = decodeJwt(idToken) as {\n email?: string;\n name?: string;\n picture?: string;\n };\n if (!email && decoded.email) {\n email = decoded.email;\n }\n if (!picture && decoded.picture) {\n picture = decoded.picture;\n }\n if (!displayName && decoded.name) {\n displayName = decoded.name;\n }\n } catch (e) {\n throw new Error(`Failed to parse id token and get profile info, ${e}`);\n }\n }\n\n return {\n email,\n picture,\n displayName,\n };\n};\n\nexport const executeRedirectStrategy = async (\n req: express.Request,\n providerStrategy: passport.Strategy,\n options: Record<string, string>,\n): Promise<OAuthStartResponse> => {\n return new Promise(resolve => {\n const strategy = Object.create(providerStrategy);\n strategy.redirect = (url: string, status?: number) => {\n resolve({ url, status: status ?? undefined });\n };\n\n strategy.authenticate(req, { ...options });\n });\n};\n\nexport const executeFrameHandlerStrategy = async <Result, PrivateInfo = never>(\n req: express.Request,\n providerStrategy: passport.Strategy,\n options?: Record<string, string>,\n) => {\n return new Promise<{ result: Result; privateInfo: PrivateInfo }>(\n (resolve, reject) => {\n const strategy = Object.create(providerStrategy);\n strategy.success = (result: any, privateInfo: any) => {\n resolve({ result, privateInfo });\n };\n strategy.fail = (\n info: { type: 'success' \| 'error'; message?: string },\n // _status: number,\n ) => {\n reject(new Error(`Authentication rejected, ${info.message ?? ''}`));\n };\n strategy.error = (error: InternalOAuthError) => {\n let message = `Authentication failed, ${error.message}`;\n\n if (error.oauthError?.data) {\n try {\n const errorData = JSON.parse(error.oauthError.data);\n\n if (errorData.message) {\n message += ` - ${errorData.message}`;\n }\n } catch (parseError) {\n message += ` - ${error.oauthError}`;\n }\n }\n\n reject(new Error(message));\n };\n strategy.redirect = () => {\n reject(new Error('Unexpected redirect'));\n };\n strategy.authenticate(req, { ...(options ?? {}) });\n },\n );\n};\n\ntype RefreshTokenResponse = {\n /\n An access token issued for the signed in user.\n /\n accessToken: string;\n /\n Optionally, the server can issue a new Refresh Token for the user\n */\n refreshToken?: string;\n params: any;\n};\n\nexport const executeRefreshTokenStrategy = async (\n providerStrategy: passport.Strategy,\n refreshToken: string,\n scope: string,\n): Promise<RefreshTokenResponse> => {\n return new Promise((resolve, reject) => {\n const anyStrategy = providerStrategy as any;\n const OAuth2 = anyStrategy._oauth2.constructor;\n const oauth2 = new OAuth2(\n anyStrategy._oauth2._clientId,\n anyStrategy._oauth2._clientSecret,\n anyStrategy._oauth2._baseSite,\n anyStrategy._oauth2._authorizeUrl,\n anyStrategy._refreshURL \|\| anyStrategy._oauth2._accessTokenUrl,\n anyStrategy._oauth2._customHeaders,\n );\n\n oauth2.getOAuthAccessToken(\n refreshToken,\n {\n scope,\n grant_type: 'refresh_token',\n },\n (\n err: Error \| null,\n accessToken: string,\n newRefreshToken: string,\n params: any,\n ) => {\n if (err) {\n reject(new Error(`Failed to refresh access token ${err.toString()}`));\n }\n if (!accessToken) {\n reject(\n new Error(\n `Failed to refresh access token, no access token received`,\n ),\n );\n }\n\n resolve({\n accessToken,\n refreshToken: newRefreshToken,\n params,\n });\n },\n );\n });\n};\n\ntype ProviderStrategy = {\n userProfile(accessToken: string, callback: Function): void;\n};\n\nexport const executeFetchUserProfileStrategy = async (\n providerStrategy: passport.Strategy,\n accessToken: string,\n): Promise<PassportProfile> => {\n return new Promise((resolve, reject) => {\n const anyStrategy = providerStrategy as unknown as ProviderStrategy;\n anyStrategy.userProfile(\n accessToken,\n (error: Error, rawProfile: PassportProfile) => {\n if (error) {\n reject(error);\n } else {\n resolve(rawProfile);\n }\n },\n );\n });\n};\n"],"names":[],"mappings":";;;;AA+EO,MAAM,uBAA0B,GAAA,OACrC,GACA,EAAA,gBAAA,EACA,OACgC,KAAA;AAChC,EAAO,OAAA,IAAI,QAAQ,CAAW,OAAA,KAAA;AAC5B,IAAM,MAAA,QAAA,GAAW,MAAO,CAAA,MAAA,CAAO,gBAAgB,CAAA~~,CAAA~~;AAC/C,IAAS,QAAA,CAAA,QAAA,GAAW,CAAC,GAAA,EAAa,MAAoB,KAAA;AACpD,MAAA,OAAA,CAAQ,EAAE,GAAA,EAAK,MAAQ,EAAA,MAAA,IAAU,QAAW,CAAA~~,CAAA~~;AAAA,KAC9C~~,CAAA~~;AAEA,IAAA,QAAA,CAAS,YAAa,CAAA,GAAA,EAAK,EAAE,GAAG,SAAS,CAAA~~,CAAA~~;AAAA,GAC1C,CAAA~~,CAAA~~;AACH~~,EAAA~~;AAEO,MAAM,2BAA8B,GAAA,OACzC,GACA,EAAA,gBAAA,EACA,OACG,KAAA;AACH,EAAA,OAAO,IAAI,OAAA;AAAA,IACT,CAAC,SAAS,MAAW,KAAA;AACnB,MAAM,MAAA,QAAA,GAAW,MAAO,CAAA,MAAA,CAAO,gBAAgB,CAAA~~,CAAA~~;AAC/C,MAAS,QAAA,CAAA,OAAA,GAAU,CAAC,MAAA,EAAa,WAAqB,KAAA;AACpD,QAAQ,OAAA,CAAA,EAAE,MAAQ,EAAA,WAAA,EAAa,CAAA~~,CAAA~~;AAAA,OACjC~~,CAAA~~;AACA,MAAS,QAAA,CAAA,IAAA,GAAO,CACd,IAEG,KAAA;AACH,QAAA,MAAA,CAAO,IAAI,KAAM,CAAA,CAAA,yBAAA,EAA4B,KAAK,OAAW,IAAA,EAAE,EAAE,CAAC,CAAA~~,CAAA~~;AAAA,OACpE~~,CAAA~~;AACA,MAAS,QAAA,CAAA,KAAA,GAAQ,CAAC,KAA8B,KAAA;AAC9C,QAAI,IAAA,OAAA,GAAU,CAA0B,uBAAA,EAAA,KAAA,CAAM,OAAO,CAAA,CAAA~~,CAAA~~;AAErD,QAAI,IAAA,KAAA,CAAM,YAAY,IAAM,EAAA;AAC1B,UAAI,IAAA;AACF,YAAA,MAAM,SAAY,GAAA,IAAA,CAAK,KAAM,CAAA,KAAA,CAAM,WAAW,IAAI,CAAA~~,CAAA~~;AAElD,YAAA,IAAI,UAAU,OAAS,EAAA;AACrB,cAAW,OAAA,IAAA,CAAA,GAAA,EAAM,UAAU,OAAO,CAAA,CAAA~~,CAAA~~;AAAA~~,aACpC~~;~~AAAA~~,mBACO,UAAY,EAAA;AACnB,YAAW,OAAA,IAAA,CAAA,GAAA,EAAM,MAAM,UAAU,CAAA,CAAA~~,CAAA~~;AAAA~~,WACnC~~;~~AAAA,SACF~~;~~AAEA~~,QAAO,MAAA,CAAA,IAAI,KAAM,CAAA,OAAO,CAAC,CAAA~~,CAAA~~;AAAA,OAC3B~~,CAAA~~;AACA,MAAA,QAAA,CAAS,WAAW,MAAM;AACxB,QAAO,MAAA,CAAA,IAAI,KAAM,CAAA,qBAAqB,CAAC,CAAA~~,CAAA~~;AAAA,OACzC~~,CAAA~~;AACA,MAAA,QAAA,CAAS,aAAa,GAAK,EAAA,EAAE,GAAe,IAAK,CAAA~~,CAAA~~;AAAA~~,KACnD~~;~~AAAA~~,GACF~~,CAAA~~;AACF;;;;;"}
1	+ {"version":3,"file":"PassportStrategyHelper.cjs.js","sources":["../../../src/lib/passport/PassportStrategyHelper.ts"],"sourcesContent":["/\n Copyright 2020 The Backstage Authors\n \n Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n \n http://www.apache.org/licenses/LICENSE-2.0\n \n Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n /\n\nimport express from 'express';\nimport passport from 'passport';\nimport { decodeJwt } from 'jose';\nimport { InternalOAuthError } from 'passport-oauth2';\nimport { ProfileInfo } from '@backstage/plugin-auth-node';\nimport { PassportProfile } from './types';\nimport { OAuthStartResponse } from '../../providers/types';\n\nexport type PassportDoneCallback<Res, Private = never> = (\n err?: Error,\n response?: Res,\n privateInfo?: Private,\n) => void;\n\nexport const makeProfileInfo = (\n profile: PassportProfile,\n idToken?: string,\n): ProfileInfo => {\n let email: string \| undefined = undefined;\n if (profile.emails && profile.emails.length > 0) {\n const [firstEmail] = profile.emails;\n email = firstEmail.value;\n }\n\n let picture: string \| undefined = undefined;\n if (profile.avatarUrl) {\n picture = profile.avatarUrl;\n } else if (profile.photos && profile.photos.length > 0) {\n const [firstPhoto] = profile.photos;\n picture = firstPhoto.value;\n }\n\n let displayName: string \| undefined =\n profile.displayName ?? profile.username ?? profile.id;\n\n if ((!email \|\| !picture \|\| !displayName) && idToken) {\n try {\n const decoded = decodeJwt(idToken) as {\n email?: string;\n name?: string;\n picture?: string;\n };\n if (!email && decoded.email) {\n email = decoded.email;\n }\n if (!picture && decoded.picture) {\n picture = decoded.picture;\n }\n if (!displayName && decoded.name) {\n displayName = decoded.name;\n }\n } catch (e) {\n throw new Error(`Failed to parse id token and get profile info, ${e}`);\n }\n }\n\n return {\n email,\n picture,\n displayName,\n };\n};\n\nexport const executeRedirectStrategy = async (\n req: express.Request,\n providerStrategy: passport.Strategy,\n options: Record<string, string>,\n): Promise<OAuthStartResponse> => {\n return new Promise(resolve => {\n const strategy = Object.create(providerStrategy);\n strategy.redirect = (url: string, status?: number) => {\n resolve({ url, status: status ?? undefined });\n };\n\n strategy.authenticate(req, { ...options });\n });\n};\n\nexport const executeFrameHandlerStrategy = async <Result, PrivateInfo = never>(\n req: express.Request,\n providerStrategy: passport.Strategy,\n options?: Record<string, string>,\n) => {\n return new Promise<{ result: Result; privateInfo: PrivateInfo }>(\n (resolve, reject) => {\n const strategy = Object.create(providerStrategy);\n strategy.success = (result: any, privateInfo: any) => {\n resolve({ result, privateInfo });\n };\n strategy.fail = (\n info: { type: 'success' \| 'error'; message?: string },\n // _status: number,\n ) => {\n reject(new Error(`Authentication rejected, ${info.message ?? ''}`));\n };\n strategy.error = (error: InternalOAuthError) => {\n let message = `Authentication failed, ${error.message}`;\n\n if (error.oauthError?.data) {\n try {\n const errorData = JSON.parse(error.oauthError.data);\n\n if (errorData.message) {\n message += ` - ${errorData.message}`;\n }\n } catch (parseError) {\n message += ` - ${error.oauthError}`;\n }\n }\n\n reject(new Error(message));\n };\n strategy.redirect = () => {\n reject(new Error('Unexpected redirect'));\n };\n strategy.authenticate(req, { ...(options ?? {}) });\n },\n );\n};\n\ntype RefreshTokenResponse = {\n /\n An access token issued for the signed in user.\n /\n accessToken: string;\n /\n Optionally, the server can issue a new Refresh Token for the user\n */\n refreshToken?: string;\n params: any;\n};\n\nexport const executeRefreshTokenStrategy = async (\n providerStrategy: passport.Strategy,\n refreshToken: string,\n scope: string,\n): Promise<RefreshTokenResponse> => {\n return new Promise((resolve, reject) => {\n const anyStrategy = providerStrategy as any;\n const OAuth2 = anyStrategy._oauth2.constructor;\n const oauth2 = new OAuth2(\n anyStrategy._oauth2._clientId,\n anyStrategy._oauth2._clientSecret,\n anyStrategy._oauth2._baseSite,\n anyStrategy._oauth2._authorizeUrl,\n anyStrategy._refreshURL \|\| anyStrategy._oauth2._accessTokenUrl,\n anyStrategy._oauth2._customHeaders,\n );\n\n oauth2.getOAuthAccessToken(\n refreshToken,\n {\n scope,\n grant_type: 'refresh_token',\n },\n (\n err: Error \| null,\n accessToken: string,\n newRefreshToken: string,\n params: any,\n ) => {\n if (err) {\n reject(new Error(`Failed to refresh access token ${err.toString()}`));\n }\n if (!accessToken) {\n reject(\n new Error(\n `Failed to refresh access token, no access token received`,\n ),\n );\n }\n\n resolve({\n accessToken,\n refreshToken: newRefreshToken,\n params,\n });\n },\n );\n });\n};\n\ntype ProviderStrategy = {\n userProfile(accessToken: string, callback: Function): void;\n};\n\nexport const executeFetchUserProfileStrategy = async (\n providerStrategy: passport.Strategy,\n accessToken: string,\n): Promise<PassportProfile> => {\n return new Promise((resolve, reject) => {\n const anyStrategy = providerStrategy as unknown as ProviderStrategy;\n anyStrategy.userProfile(\n accessToken,\n (error: Error, rawProfile: PassportProfile) => {\n if (error) {\n reject(error);\n } else {\n resolve(rawProfile);\n }\n },\n );\n });\n};\n"],"names":[],"mappings":";;;;AA+EO,MAAM,uBAA0B,GAAA,OACrC,GACA,EAAA,gBAAA,EACA,OACgC,KAAA;AAChC,EAAO,OAAA,IAAI,QAAQ,CAAW,OAAA,KAAA;AAC5B,IAAM,MAAA,QAAA,GAAW,MAAO,CAAA,MAAA,CAAO,gBAAgB,CAAA;AAC/C,IAAS,QAAA,CAAA,QAAA,GAAW,CAAC,GAAA,EAAa,MAAoB,KAAA;AACpD,MAAA,OAAA,CAAQ,EAAE,GAAA,EAAK,MAAQ,EAAA,MAAA,IAAU,QAAW,CAAA;AAAA,KAC9C;AAEA,IAAA,QAAA,CAAS,YAAa,CAAA,GAAA,EAAK,EAAE,GAAG,SAAS,CAAA;AAAA,GAC1C,CAAA;AACH;AAEO,MAAM,2BAA8B,GAAA,OACzC,GACA,EAAA,gBAAA,EACA,OACG,KAAA;AACH,EAAA,OAAO,IAAI,OAAA;AAAA,IACT,CAAC,SAAS,MAAW,KAAA;AACnB,MAAM,MAAA,QAAA,GAAW,MAAO,CAAA,MAAA,CAAO,gBAAgB,CAAA;AAC/C,MAAS,QAAA,CAAA,OAAA,GAAU,CAAC,MAAA,EAAa,WAAqB,KAAA;AACpD,QAAQ,OAAA,CAAA,EAAE,MAAQ,EAAA,WAAA,EAAa,CAAA;AAAA,OACjC;AACA,MAAS,QAAA,CAAA,IAAA,GAAO,CACd,IAEG,KAAA;AACH,QAAA,MAAA,CAAO,IAAI,KAAM,CAAA,CAAA,yBAAA,EAA4B,KAAK,OAAW,IAAA,EAAE,EAAE,CAAC,CAAA;AAAA,OACpE;AACA,MAAS,QAAA,CAAA,KAAA,GAAQ,CAAC,KAA8B,KAAA;AAC9C,QAAI,IAAA,OAAA,GAAU,CAA0B,uBAAA,EAAA,KAAA,CAAM,OAAO,CAAA,CAAA;AAErD,QAAI,IAAA,KAAA,CAAM,YAAY,IAAM,EAAA;AAC1B,UAAI,IAAA;AACF,YAAA,MAAM,SAAY,GAAA,IAAA,CAAK,KAAM,CAAA,KAAA,CAAM,WAAW,IAAI,CAAA;AAElD,YAAA,IAAI,UAAU,OAAS,EAAA;AACrB,cAAW,OAAA,IAAA,CAAA,GAAA,EAAM,UAAU,OAAO,CAAA,CAAA;AAAA;AACpC,mBACO,UAAY,EAAA;AACnB,YAAW,OAAA,IAAA,CAAA,GAAA,EAAM,MAAM,UAAU,CAAA,CAAA;AAAA;AACnC;AAGF,QAAO,MAAA,CAAA,IAAI,KAAM,CAAA,OAAO,CAAC,CAAA;AAAA,OAC3B;AACA,MAAA,QAAA,CAAS,WAAW,MAAM;AACxB,QAAO,MAAA,CAAA,IAAI,KAAM,CAAA,qBAAqB,CAAC,CAAA;AAAA,OACzC;AACA,MAAA,QAAA,CAAS,aAAa,GAAK,EAAA,EAAE,GAAe,IAAK,CAAA;AAAA;AACnD,GACF;AACF;;;;;"}

package/dist/lib/resolvers/CatalogAuthResolverContext.cjs.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"CatalogAuthResolverContext.cjs.js","sources":["../../../src/lib/resolvers/CatalogAuthResolverContext.ts"],"sourcesContent":["/\n Copyright 2022 The Backstage Authors\n \n Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n \n http://www.apache.org/licenses/LICENSE-2.0\n \n Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n /\n\nimport { TokenManager } from '@backstage/backend-common';\nimport { CatalogApi } from '@backstage/catalog-client';\nimport {\n DEFAULT_NAMESPACE,\n Entity,\n parseEntityRef,\n RELATION_MEMBER_OF,\n stringifyEntityRef,\n} from '@backstage/catalog-model';\nimport { ConflictError, InputError, NotFoundError } from '@backstage/errors';\nimport {\n AuthService,\n DiscoveryService,\n HttpAuthService,\n LoggerService,\n} from '@backstage/backend-plugin-api';\nimport { TokenIssuer } from '../../identity/types';\nimport {\n AuthOwnershipResolver,\n AuthResolverCatalogUserQuery,\n AuthResolverContext,\n TokenParams,\n} from '@backstage/plugin-auth-node';\nimport { CatalogIdentityClient } from '../catalog';\n\n/\n Uses the default ownership resolution logic to return an array\n * of entity refs that the provided entity claims ownership through.\n \n A reference to the entity itself will also be included in the returned array.\n \n @public\n /\nexport function getDefaultOwnershipEntityRefs(entity: Entity) {\n const membershipRefs =\n entity.relations\n ?.filter(\n r => r.type === RELATION_MEMBER_OF && r.targetRef.startsWith('group:'),\n )\n .map(r => r.targetRef) ?? [];\n\n return Array.from(new Set([stringifyEntityRef(entity), ...membershipRefs]));\n}\n\n/\n @internal\n */\nexport class CatalogAuthResolverContext implements AuthResolverContext {\n static create(options: {\n logger: LoggerService;\n catalogApi: CatalogApi;\n tokenIssuer: TokenIssuer;\n tokenManager?: TokenManager;\n discovery: DiscoveryService;\n auth: AuthService;\n httpAuth: HttpAuthService;\n ownershipResolver?: AuthOwnershipResolver;\n }): CatalogAuthResolverContext {\n const catalogIdentityClient = new CatalogIdentityClient({\n catalogApi: options.catalogApi,\n tokenManager: options.tokenManager,\n discovery: options.discovery,\n auth: options.auth,\n httpAuth: options.httpAuth,\n });\n\n return new CatalogAuthResolverContext(\n options.logger,\n options.tokenIssuer,\n catalogIdentityClient,\n options.catalogApi,\n options.auth,\n options.ownershipResolver,\n );\n }\n\n private constructor(\n public readonly logger: LoggerService,\n public readonly tokenIssuer: TokenIssuer,\n public readonly catalogIdentityClient: CatalogIdentityClient,\n private readonly catalogApi: CatalogApi,\n private readonly auth: AuthService,\n private readonly ownershipResolver?: AuthOwnershipResolver,\n ) {}\n\n async issueToken(params: TokenParams) {\n const token = await this.tokenIssuer.issueToken(params);\n return { token };\n }\n\n async findCatalogUser(query: AuthResolverCatalogUserQuery) {\n let result: Entity[] \| Entity \| undefined = undefined;\n const { token } = await this.auth.getPluginRequestToken({\n onBehalfOf: await this.auth.getOwnServiceCredentials(),\n targetPluginId: 'catalog',\n });\n\n if ('entityRef' in query) {\n const entityRef = parseEntityRef(query.entityRef, {\n defaultKind: 'User',\n defaultNamespace: DEFAULT_NAMESPACE,\n });\n result = await this.catalogApi.getEntityByRef(entityRef, { token });\n } else if ('annotations' in query) {\n const filter: Record<string, string> = {\n kind: 'user',\n };\n for (const [key, value] of Object.entries(query.annotations)) {\n filter[`metadata.annotations.${key}`] = value;\n }\n const res = await this.catalogApi.getEntities({ filter }, { token });\n result = res.items;\n } else if ('filter' in query) {\n const filter = [query.filter].flat().map(value => {\n if (\n !Object.keys(value).some(\n key => key.toLocaleLowerCase('en-US') === 'kind',\n )\n ) {\n return {\n ...value,\n kind: 'user',\n };\n }\n return value;\n });\n const res = await this.catalogApi.getEntities(\n { filter: filter },\n { token },\n );\n result = res.items;\n } else {\n throw new InputError('Invalid user lookup query');\n }\n\n if (Array.isArray(result)) {\n if (result.length > 1) {\n throw new ConflictError('User lookup resulted in multiple matches');\n }\n result = result[0];\n }\n if (!result) {\n throw new NotFoundError('User not found');\n }\n\n return { entity: result };\n }\n\n async signInWithCatalogUser(query: AuthResolverCatalogUserQuery) {\n const { entity } = await this.findCatalogUser(query);\n let ent: string[];\n if (this.ownershipResolver) {\n const { ownershipEntityRefs } =\n await this.ownershipResolver.resolveOwnershipEntityRefs(entity);\n ent = ownershipEntityRefs;\n } else {\n ent = getDefaultOwnershipEntityRefs(entity);\n }\n\n const token = await this.tokenIssuer.issueToken({\n claims: {\n sub: stringifyEntityRef(entity),\n ent,\n },\n });\n return { token };\n }\n}\n"],"names":["RELATION_MEMBER_OF","stringifyEntityRef","CatalogIdentityClient","parseEntityRef","DEFAULT_NAMESPACE","InputError","ConflictError","NotFoundError"],"mappings":";;;;;;AAiDO,SAAS,8BAA8B,MAAgB,EAAA;AAC5D,EAAM,MAAA,cAAA,GACJ,OAAO,SACH,EAAA,MAAA;AAAA,IACA,OAAK,CAAE,CAAA,IAAA,KAASA,mCAAsB,CAAE,CAAA,SAAA,CAAU,WAAW,QAAQ~~,CAAA~~;AAAA,IAEtE,GAAI,CAAA,CAAA,CAAA,KAAK,CAAE,CAAA,SAAS,KAAK,EAAC~~,CAAA~~;AAE/B,EAAO,OAAA,KAAA,CAAM,IAAK,iBAAA,IAAI,GAAI,CAAA,CAACC,+BAAmB,CAAA,MAAM,CAAG,EAAA,GAAG,cAAc,CAAC,CAAC,CAAA~~,CAAA~~;AAC5E~~,CAAA~~;AAKO,MAAM,0BAA0D,CAAA;AAAA,EA6B7D,YACU,MACA,EAAA,WAAA,EACA,qBACC,EAAA,UAAA,EACA,MACA,iBACjB,EAAA;AANgB,IAAA,IAAA,CAAA,MAAA,GAAA,MAAA~~,CAAA~~;AACA,IAAA,IAAA,CAAA,WAAA,GAAA,WAAA~~,CAAA~~;AACA,IAAA,IAAA,CAAA,qBAAA,GAAA,qBAAA~~,CAAA~~;AACC,IAAA,IAAA,CAAA,UAAA,GAAA,UAAA~~,CAAA~~;AACA,IAAA,IAAA,CAAA,IAAA,GAAA,IAAA~~,CAAA~~;AACA,IAAA,IAAA,CAAA,iBAAA,GAAA,iBAAA~~,CAAA~~;AAAA~~,GAChB~~;~~AAAA~~,EAnCH,OAAO,OAAO,OASiB,EAAA;AAC7B,IAAM,MAAA,qBAAA,GAAwB,IAAIC,2CAAsB,CAAA;AAAA,MACtD,YAAY,OAAQ,CAAA,UAAA;AAAA,MACpB,cAAc,OAAQ,CAAA,YAAA;AAAA,MACtB,WAAW,OAAQ,CAAA,SAAA;AAAA,MACnB,MAAM,OAAQ,CAAA,IAAA;AAAA,MACd,UAAU,OAAQ,CAAA~~,QAAA~~;AAAA,KACnB,CAAA~~,CAAA~~;AAED,IAAA,OAAO,IAAI,0BAAA;AAAA,MACT,OAAQ,CAAA,MAAA;AAAA,MACR,OAAQ,CAAA,WAAA;AAAA,MACR,qBAAA;AAAA,MACA,OAAQ,CAAA,UAAA;AAAA,MACR,OAAQ,CAAA,IAAA;AAAA,MACR,OAAQ,CAAA~~,iBAAA~~;AAAA,KACV~~,CAAA~~;AAAA~~,GACF~~;~~AAAA~~,EAWA,MAAM,WAAW,MAAqB,EAAA;AACpC,IAAA,MAAM,KAAQ,GAAA,MAAM,IAAK,CAAA,WAAA,CAAY,WAAW,MAAM,CAAA~~,CAAA~~;AACtD,IAAA,OAAO,EAAE,KAAM,EAAA~~,CAAA~~;AAAA~~,GACjB~~;~~AAAA~~,EAEA,MAAM,gBAAgB,KAAqC,EAAA;AACzD,IAAA,IAAI,MAAwC,GAAA,KAAA,CAAA~~,CAAA~~;AAC5C,IAAA,MAAM,EAAE,KAAM,EAAA,GAAI,MAAM,IAAA,CAAK,KAAK,qBAAsB,CAAA;AAAA,MACtD,UAAY,EAAA,MAAM,IAAK,CAAA,IAAA,CAAK,wBAAyB,EAAA;AAAA,MACrD,cAAgB,EAAA~~,SAAA~~;AAAA,KACjB,CAAA~~,CAAA~~;AAED,IAAA,IAAI,eAAe,KAAO,EAAA;AACxB,MAAM,MAAA,SAAA,GAAYC,2BAAe,CAAA,KAAA,CAAM,SAAW,EAAA;AAAA,QAChD,WAAa,EAAA,MAAA;AAAA,QACb,gBAAkB,EAAAC~~,8BAAA~~;AAAA,OACnB,CAAA~~,CAAA~~;AACD,MAAA,MAAA,GAAS,MAAM,IAAK,CAAA,UAAA,CAAW,eAAe,SAAW,EAAA,EAAE,OAAO,CAAA~~,CAAA~~;AAAA,KACpE,MAAA,IAAW,iBAAiB,KAAO,EAAA;AACjC,MAAA,MAAM,MAAiC,GAAA;AAAA,QACrC,IAAM,EAAA~~,MAAA~~;AAAA,OACR~~,CAAA~~;AACA,MAAW,KAAA,MAAA,CAAC,KAAK,KAAK,CAAA,IAAK,OAAO,OAAQ,CAAA,KAAA,CAAM,WAAW,CAAG,EAAA;AAC5D,QAAO,MAAA,CAAA,CAAA,qBAAA,EAAwB,GAAG,CAAA,CAAE,CAAI,GAAA,KAAA~~,CAAA~~;AAAA~~,OAC1C~~;~~AACA~~,MAAM,MAAA,GAAA,GAAM,MAAM,IAAA,CAAK,UAAW,CAAA,WAAA,CAAY,EAAE,MAAO,EAAA,EAAG,EAAE,KAAA,EAAO,CAAA~~,CAAA~~;AACnE,MAAA,MAAA,GAAS,GAAI,CAAA,KAAA~~,CAAA~~;AAAA,KACf,MAAA,IAAW,YAAY,KAAO,EAAA;AAC5B,MAAM,MAAA,MAAA,GAAS,CAAC,KAAM,CAAA,MAAM,EAAE,IAAK,EAAA,CAAE,IAAI,CAAS,KAAA,KAAA;AAChD,QAAA,IACE,CAAC,MAAA,CAAO,IAAK,CAAA,KAAK,CAAE,CAAA,IAAA;AAAA,UAClB,CAAO,GAAA,KAAA,GAAA,CAAI,iBAAkB,CAAA,OAAO,CAAM,KAAA~~,MAAA~~;AAAA,SAE5C,EAAA;AACA,UAAO,OAAA;AAAA,YACL,GAAG,KAAA;AAAA,YACH,IAAM,EAAA~~,MAAA~~;AAAA,WACR~~,CAAA~~;AAAA~~,SACF~~;~~AACA~~,QAAO,OAAA,KAAA~~,CAAA~~;AAAA,OACR,CAAA~~,CAAA~~;AACD,MAAM,MAAA,GAAA,GAAM,MAAM,IAAA,CAAK,UAAW,CAAA,WAAA;AAAA,QAChC,EAAE,MAAe,EAAA;AAAA,QACjB,EAAE,KAAM~~,EAAA~~;AAAA,OACV~~,CAAA~~;AACA,MAAA,MAAA,GAAS,GAAI,CAAA,KAAA~~,CAAA~~;AAAA,KACR,MAAA;AACL,MAAM,MAAA,IAAIC,kBAAW,2BAA2B,CAAA~~,CAAA~~;AAAA~~,KAClD~~;~~AAEA~~,IAAI,IAAA,KAAA,CAAM,OAAQ,CAAA,MAAM,CAAG,EAAA;AACzB,MAAI,IAAA,MAAA,CAAO,SAAS,CAAG,EAAA;AACrB,QAAM,MAAA,IAAIC,qBAAc,0CAA0C,CAAA~~,CAAA~~;AAAA~~,OACpE~~;~~AACA~~,MAAA,MAAA,GAAS,OAAO,CAAC,CAAA~~,CAAA~~;AAAA~~,KACnB~~;~~AACA~~,IAAA,IAAI,CAAC,MAAQ,EAAA;AACX,MAAM,MAAA,IAAIC,qBAAc,gBAAgB,CAAA~~,CAAA~~;AAAA~~,KAC1C~~;~~AAEA~~,IAAO,OAAA,EAAE,QAAQ,MAAO,EAAA~~,CAAA~~;AAAA~~,GAC1B~~;~~AAAA~~,EAEA,MAAM,sBAAsB,KAAqC,EAAA;AAC/D,IAAA,MAAM,EAAE,MAAO,EAAA,GAAI,MAAM,IAAA,CAAK,gBAAgB,KAAK,CAAA~~,CAAA~~;AACnD,IAAI,IAAA,GAAA~~,CAAA~~;AACJ,IAAA,IAAI,KAAK,iBAAmB,EAAA;AAC1B,MAAA,MAAM,EAAE,mBAAoB,EAAA,GAC1B,MAAM,IAAK,CAAA,iBAAA,CAAkB,2BAA2B,MAAM,CAAA~~,CAAA~~;AAChE,MAAM,GAAA,GAAA,mBAAA~~,CAAA~~;AAAA,KACD,MAAA;AACL,MAAA,GAAA,GAAM,8BAA8B,MAAM,CAAA~~,CAAA~~;AAAA~~,KAC5C~~;~~AAEA~~,IAAA,MAAM,KAAQ,GAAA,MAAM,IAAK,CAAA,WAAA,CAAY,UAAW,CAAA;AAAA,MAC9C,MAAQ,EAAA;AAAA,QACN,GAAA,EAAKN,gCAAmB,MAAM,CAAA;AAAA,QAC9B~~,GAAA~~;AAAA~~,OACF~~;~~AAAA~~,KACD,CAAA~~,CAAA~~;AACD,IAAA,OAAO,EAAE,KAAM,EAAA~~,CAAA~~;AAAA~~,GACjB~~;~~AACF~~;;;;;"}
1	+ {"version":3,"file":"CatalogAuthResolverContext.cjs.js","sources":["../../../src/lib/resolvers/CatalogAuthResolverContext.ts"],"sourcesContent":["/\n Copyright 2022 The Backstage Authors\n \n Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n \n http://www.apache.org/licenses/LICENSE-2.0\n \n Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n /\n\nimport { TokenManager } from '@backstage/backend-common';\nimport { CatalogApi } from '@backstage/catalog-client';\nimport {\n DEFAULT_NAMESPACE,\n Entity,\n parseEntityRef,\n RELATION_MEMBER_OF,\n stringifyEntityRef,\n} from '@backstage/catalog-model';\nimport { ConflictError, InputError, NotFoundError } from '@backstage/errors';\nimport {\n AuthService,\n DiscoveryService,\n HttpAuthService,\n LoggerService,\n} from '@backstage/backend-plugin-api';\nimport { TokenIssuer } from '../../identity/types';\nimport {\n AuthOwnershipResolver,\n AuthResolverCatalogUserQuery,\n AuthResolverContext,\n TokenParams,\n} from '@backstage/plugin-auth-node';\nimport { CatalogIdentityClient } from '../catalog';\n\n/\n Uses the default ownership resolution logic to return an array\n * of entity refs that the provided entity claims ownership through.\n \n A reference to the entity itself will also be included in the returned array.\n \n @public\n /\nexport function getDefaultOwnershipEntityRefs(entity: Entity) {\n const membershipRefs =\n entity.relations\n ?.filter(\n r => r.type === RELATION_MEMBER_OF && r.targetRef.startsWith('group:'),\n )\n .map(r => r.targetRef) ?? [];\n\n return Array.from(new Set([stringifyEntityRef(entity), ...membershipRefs]));\n}\n\n/\n @internal\n */\nexport class CatalogAuthResolverContext implements AuthResolverContext {\n static create(options: {\n logger: LoggerService;\n catalogApi: CatalogApi;\n tokenIssuer: TokenIssuer;\n tokenManager?: TokenManager;\n discovery: DiscoveryService;\n auth: AuthService;\n httpAuth: HttpAuthService;\n ownershipResolver?: AuthOwnershipResolver;\n }): CatalogAuthResolverContext {\n const catalogIdentityClient = new CatalogIdentityClient({\n catalogApi: options.catalogApi,\n tokenManager: options.tokenManager,\n discovery: options.discovery,\n auth: options.auth,\n httpAuth: options.httpAuth,\n });\n\n return new CatalogAuthResolverContext(\n options.logger,\n options.tokenIssuer,\n catalogIdentityClient,\n options.catalogApi,\n options.auth,\n options.ownershipResolver,\n );\n }\n\n private constructor(\n public readonly logger: LoggerService,\n public readonly tokenIssuer: TokenIssuer,\n public readonly catalogIdentityClient: CatalogIdentityClient,\n private readonly catalogApi: CatalogApi,\n private readonly auth: AuthService,\n private readonly ownershipResolver?: AuthOwnershipResolver,\n ) {}\n\n async issueToken(params: TokenParams) {\n const token = await this.tokenIssuer.issueToken(params);\n return { token };\n }\n\n async findCatalogUser(query: AuthResolverCatalogUserQuery) {\n let result: Entity[] \| Entity \| undefined = undefined;\n const { token } = await this.auth.getPluginRequestToken({\n onBehalfOf: await this.auth.getOwnServiceCredentials(),\n targetPluginId: 'catalog',\n });\n\n if ('entityRef' in query) {\n const entityRef = parseEntityRef(query.entityRef, {\n defaultKind: 'User',\n defaultNamespace: DEFAULT_NAMESPACE,\n });\n result = await this.catalogApi.getEntityByRef(entityRef, { token });\n } else if ('annotations' in query) {\n const filter: Record<string, string> = {\n kind: 'user',\n };\n for (const [key, value] of Object.entries(query.annotations)) {\n filter[`metadata.annotations.${key}`] = value;\n }\n const res = await this.catalogApi.getEntities({ filter }, { token });\n result = res.items;\n } else if ('filter' in query) {\n const filter = [query.filter].flat().map(value => {\n if (\n !Object.keys(value).some(\n key => key.toLocaleLowerCase('en-US') === 'kind',\n )\n ) {\n return {\n ...value,\n kind: 'user',\n };\n }\n return value;\n });\n const res = await this.catalogApi.getEntities(\n { filter: filter },\n { token },\n );\n result = res.items;\n } else {\n throw new InputError('Invalid user lookup query');\n }\n\n if (Array.isArray(result)) {\n if (result.length > 1) {\n throw new ConflictError('User lookup resulted in multiple matches');\n }\n result = result[0];\n }\n if (!result) {\n throw new NotFoundError('User not found');\n }\n\n return { entity: result };\n }\n\n async signInWithCatalogUser(query: AuthResolverCatalogUserQuery) {\n const { entity } = await this.findCatalogUser(query);\n let ent: string[];\n if (this.ownershipResolver) {\n const { ownershipEntityRefs } =\n await this.ownershipResolver.resolveOwnershipEntityRefs(entity);\n ent = ownershipEntityRefs;\n } else {\n ent = getDefaultOwnershipEntityRefs(entity);\n }\n\n const token = await this.tokenIssuer.issueToken({\n claims: {\n sub: stringifyEntityRef(entity),\n ent,\n },\n });\n return { token };\n }\n}\n"],"names":["RELATION_MEMBER_OF","stringifyEntityRef","CatalogIdentityClient","parseEntityRef","DEFAULT_NAMESPACE","InputError","ConflictError","NotFoundError"],"mappings":";;;;;;AAiDO,SAAS,8BAA8B,MAAgB,EAAA;AAC5D,EAAM,MAAA,cAAA,GACJ,OAAO,SACH,EAAA,MAAA;AAAA,IACA,OAAK,CAAE,CAAA,IAAA,KAASA,mCAAsB,CAAE,CAAA,SAAA,CAAU,WAAW,QAAQ;AAAA,IAEtE,GAAI,CAAA,CAAA,CAAA,KAAK,CAAE,CAAA,SAAS,KAAK,EAAC;AAE/B,EAAO,OAAA,KAAA,CAAM,IAAK,iBAAA,IAAI,GAAI,CAAA,CAACC,+BAAmB,CAAA,MAAM,CAAG,EAAA,GAAG,cAAc,CAAC,CAAC,CAAA;AAC5E;AAKO,MAAM,0BAA0D,CAAA;AAAA,EA6B7D,YACU,MACA,EAAA,WAAA,EACA,qBACC,EAAA,UAAA,EACA,MACA,iBACjB,EAAA;AANgB,IAAA,IAAA,CAAA,MAAA,GAAA,MAAA;AACA,IAAA,IAAA,CAAA,WAAA,GAAA,WAAA;AACA,IAAA,IAAA,CAAA,qBAAA,GAAA,qBAAA;AACC,IAAA,IAAA,CAAA,UAAA,GAAA,UAAA;AACA,IAAA,IAAA,CAAA,IAAA,GAAA,IAAA;AACA,IAAA,IAAA,CAAA,iBAAA,GAAA,iBAAA;AAAA;AAChB,EAnCH,OAAO,OAAO,OASiB,EAAA;AAC7B,IAAM,MAAA,qBAAA,GAAwB,IAAIC,2CAAsB,CAAA;AAAA,MACtD,YAAY,OAAQ,CAAA,UAAA;AAAA,MACpB,cAAc,OAAQ,CAAA,YAAA;AAAA,MACtB,WAAW,OAAQ,CAAA,SAAA;AAAA,MACnB,MAAM,OAAQ,CAAA,IAAA;AAAA,MACd,UAAU,OAAQ,CAAA;AAAA,KACnB,CAAA;AAED,IAAA,OAAO,IAAI,0BAAA;AAAA,MACT,OAAQ,CAAA,MAAA;AAAA,MACR,OAAQ,CAAA,WAAA;AAAA,MACR,qBAAA;AAAA,MACA,OAAQ,CAAA,UAAA;AAAA,MACR,OAAQ,CAAA,IAAA;AAAA,MACR,OAAQ,CAAA;AAAA,KACV;AAAA;AACF,EAWA,MAAM,WAAW,MAAqB,EAAA;AACpC,IAAA,MAAM,KAAQ,GAAA,MAAM,IAAK,CAAA,WAAA,CAAY,WAAW,MAAM,CAAA;AACtD,IAAA,OAAO,EAAE,KAAM,EAAA;AAAA;AACjB,EAEA,MAAM,gBAAgB,KAAqC,EAAA;AACzD,IAAA,IAAI,MAAwC,GAAA,KAAA,CAAA;AAC5C,IAAA,MAAM,EAAE,KAAM,EAAA,GAAI,MAAM,IAAA,CAAK,KAAK,qBAAsB,CAAA;AAAA,MACtD,UAAY,EAAA,MAAM,IAAK,CAAA,IAAA,CAAK,wBAAyB,EAAA;AAAA,MACrD,cAAgB,EAAA;AAAA,KACjB,CAAA;AAED,IAAA,IAAI,eAAe,KAAO,EAAA;AACxB,MAAM,MAAA,SAAA,GAAYC,2BAAe,CAAA,KAAA,CAAM,SAAW,EAAA;AAAA,QAChD,WAAa,EAAA,MAAA;AAAA,QACb,gBAAkB,EAAAC;AAAA,OACnB,CAAA;AACD,MAAA,MAAA,GAAS,MAAM,IAAK,CAAA,UAAA,CAAW,eAAe,SAAW,EAAA,EAAE,OAAO,CAAA;AAAA,KACpE,MAAA,IAAW,iBAAiB,KAAO,EAAA;AACjC,MAAA,MAAM,MAAiC,GAAA;AAAA,QACrC,IAAM,EAAA;AAAA,OACR;AACA,MAAW,KAAA,MAAA,CAAC,KAAK,KAAK,CAAA,IAAK,OAAO,OAAQ,CAAA,KAAA,CAAM,WAAW,CAAG,EAAA;AAC5D,QAAO,MAAA,CAAA,CAAA,qBAAA,EAAwB,GAAG,CAAA,CAAE,CAAI,GAAA,KAAA;AAAA;AAE1C,MAAM,MAAA,GAAA,GAAM,MAAM,IAAA,CAAK,UAAW,CAAA,WAAA,CAAY,EAAE,MAAO,EAAA,EAAG,EAAE,KAAA,EAAO,CAAA;AACnE,MAAA,MAAA,GAAS,GAAI,CAAA,KAAA;AAAA,KACf,MAAA,IAAW,YAAY,KAAO,EAAA;AAC5B,MAAM,MAAA,MAAA,GAAS,CAAC,KAAM,CAAA,MAAM,EAAE,IAAK,EAAA,CAAE,IAAI,CAAS,KAAA,KAAA;AAChD,QAAA,IACE,CAAC,MAAA,CAAO,IAAK,CAAA,KAAK,CAAE,CAAA,IAAA;AAAA,UAClB,CAAO,GAAA,KAAA,GAAA,CAAI,iBAAkB,CAAA,OAAO,CAAM,KAAA;AAAA,SAE5C,EAAA;AACA,UAAO,OAAA;AAAA,YACL,GAAG,KAAA;AAAA,YACH,IAAM,EAAA;AAAA,WACR;AAAA;AAEF,QAAO,OAAA,KAAA;AAAA,OACR,CAAA;AACD,MAAM,MAAA,GAAA,GAAM,MAAM,IAAA,CAAK,UAAW,CAAA,WAAA;AAAA,QAChC,EAAE,MAAe,EAAA;AAAA,QACjB,EAAE,KAAM;AAAA,OACV;AACA,MAAA,MAAA,GAAS,GAAI,CAAA,KAAA;AAAA,KACR,MAAA;AACL,MAAM,MAAA,IAAIC,kBAAW,2BAA2B,CAAA;AAAA;AAGlD,IAAI,IAAA,KAAA,CAAM,OAAQ,CAAA,MAAM,CAAG,EAAA;AACzB,MAAI,IAAA,MAAA,CAAO,SAAS,CAAG,EAAA;AACrB,QAAM,MAAA,IAAIC,qBAAc,0CAA0C,CAAA;AAAA;AAEpE,MAAA,MAAA,GAAS,OAAO,CAAC,CAAA;AAAA;AAEnB,IAAA,IAAI,CAAC,MAAQ,EAAA;AACX,MAAM,MAAA,IAAIC,qBAAc,gBAAgB,CAAA;AAAA;AAG1C,IAAO,OAAA,EAAE,QAAQ,MAAO,EAAA;AAAA;AAC1B,EAEA,MAAM,sBAAsB,KAAqC,EAAA;AAC/D,IAAA,MAAM,EAAE,MAAO,EAAA,GAAI,MAAM,IAAA,CAAK,gBAAgB,KAAK,CAAA;AACnD,IAAI,IAAA,GAAA;AACJ,IAAA,IAAI,KAAK,iBAAmB,EAAA;AAC1B,MAAA,MAAM,EAAE,mBAAoB,EAAA,GAC1B,MAAM,IAAK,CAAA,iBAAA,CAAkB,2BAA2B,MAAM,CAAA;AAChE,MAAM,GAAA,GAAA,mBAAA;AAAA,KACD,MAAA;AACL,MAAA,GAAA,GAAM,8BAA8B,MAAM,CAAA;AAAA;AAG5C,IAAA,MAAM,KAAQ,GAAA,MAAM,IAAK,CAAA,WAAA,CAAY,UAAW,CAAA;AAAA,MAC9C,MAAQ,EAAA;AAAA,QACN,GAAA,EAAKN,gCAAmB,MAAM,CAAA;AAAA,QAC9B;AAAA;AACF,KACD,CAAA;AACD,IAAA,OAAO,EAAE,KAAM,EAAA;AAAA;AAEnB;;;;;"}

package/dist/providers/atlassian/provider.cjs.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"provider.cjs.js","sources":["../../../src/providers/atlassian/provider.ts"],"sourcesContent":["/\n Copyright 2020 The Backstage Authors\n \n Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n \n http://www.apache.org/licenses/LICENSE-2.0\n \n Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n /\n\nimport { atlassianAuthenticator } from '@backstage/plugin-auth-backend-module-atlassian-provider';\nimport {\n SignInResolver,\n createOAuthProviderFactory,\n} from '@backstage/plugin-auth-node';\nimport {\n adaptLegacyOAuthHandler,\n adaptLegacyOAuthSignInResolver,\n} from '../../lib/legacy';\nimport { OAuthResult } from '../../lib/oauth';\nimport { createAuthProviderIntegration } from '../createAuthProviderIntegration';\nimport { AuthHandler } from '../types';\n\n/\n Auth provider integration for Atlassian auth\n \n @public\n /\nexport const atlassian = createAuthProviderIntegration({\n create(options?: {\n /\n The profile transformation function used to verify and convert the auth response\n * into the profile that will be presented to the user.\n /\n authHandler?: AuthHandler<OAuthResult>;\n\n /\n Configure sign-in for this provider, without it the provider can not be used to sign users in.\n */\n signIn?: {\n resolver: SignInResolver<OAuthResult>;\n };\n }) {\n return createOAuthProviderFactory({\n authenticator: atlassianAuthenticator,\n profileTransform: adaptLegacyOAuthHandler(options?.authHandler),\n signInResolver: adaptLegacyOAuthSignInResolver(options?.signIn?.resolver),\n });\n },\n});\n"],"names":["createAuthProviderIntegration","createOAuthProviderFactory","atlassianAuthenticator","adaptLegacyOAuthHandler","adaptLegacyOAuthSignInResolver"],"mappings":";;;;;;;;AAkCO,MAAM,YAAYA,2DAA8B,CAAA;AAAA,EACrD,OAAO,OAaJ,EAAA;AACD,IAAA,OAAOC,yCAA2B,CAAA;AAAA,MAChC,aAAe,EAAAC,+DAAA;AAAA,MACf,gBAAA,EAAkBC,+CAAwB,CAAA,OAAA,EAAS,WAAW,CAAA;AAAA,MAC9D,cAAgB,EAAAC,6DAAA,CAA+B,OAAS,EAAA,MAAA,EAAQ,QAAQ~~,CAAA~~;AAAA,KACzE,CAAA~~,CAAA~~;AAAA~~,GACH~~;~~AACF~~,CAAC;;;;"}
1	+ {"version":3,"file":"provider.cjs.js","sources":["../../../src/providers/atlassian/provider.ts"],"sourcesContent":["/\n Copyright 2020 The Backstage Authors\n \n Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n \n http://www.apache.org/licenses/LICENSE-2.0\n \n Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n /\n\nimport { atlassianAuthenticator } from '@backstage/plugin-auth-backend-module-atlassian-provider';\nimport {\n SignInResolver,\n createOAuthProviderFactory,\n} from '@backstage/plugin-auth-node';\nimport {\n adaptLegacyOAuthHandler,\n adaptLegacyOAuthSignInResolver,\n} from '../../lib/legacy';\nimport { OAuthResult } from '../../lib/oauth';\nimport { createAuthProviderIntegration } from '../createAuthProviderIntegration';\nimport { AuthHandler } from '../types';\n\n/\n Auth provider integration for Atlassian auth\n \n @public\n /\nexport const atlassian = createAuthProviderIntegration({\n create(options?: {\n /\n The profile transformation function used to verify and convert the auth response\n * into the profile that will be presented to the user.\n /\n authHandler?: AuthHandler<OAuthResult>;\n\n /\n Configure sign-in for this provider, without it the provider can not be used to sign users in.\n */\n signIn?: {\n resolver: SignInResolver<OAuthResult>;\n };\n }) {\n return createOAuthProviderFactory({\n authenticator: atlassianAuthenticator,\n profileTransform: adaptLegacyOAuthHandler(options?.authHandler),\n signInResolver: adaptLegacyOAuthSignInResolver(options?.signIn?.resolver),\n });\n },\n});\n"],"names":["createAuthProviderIntegration","createOAuthProviderFactory","atlassianAuthenticator","adaptLegacyOAuthHandler","adaptLegacyOAuthSignInResolver"],"mappings":";;;;;;;;AAkCO,MAAM,YAAYA,2DAA8B,CAAA;AAAA,EACrD,OAAO,OAaJ,EAAA;AACD,IAAA,OAAOC,yCAA2B,CAAA;AAAA,MAChC,aAAe,EAAAC,+DAAA;AAAA,MACf,gBAAA,EAAkBC,+CAAwB,CAAA,OAAA,EAAS,WAAW,CAAA;AAAA,MAC9D,cAAgB,EAAAC,6DAAA,CAA+B,OAAS,EAAA,MAAA,EAAQ,QAAQ;AAAA,KACzE,CAAA;AAAA;AAEL,CAAC;;;;"}

package/dist/providers/auth0/provider.cjs.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"provider.cjs.js","sources":["../../../src/providers/auth0/provider.ts"],"sourcesContent":["/\n Copyright 2020 The Backstage Authors\n \n Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n \n http://www.apache.org/licenses/LICENSE-2.0\n \n Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n /\n\nimport { OAuthProviderOptions, OAuthResult } from '../../lib/oauth';\n\nimport { AuthHandler } from '../types';\nimport { createAuthProviderIntegration } from '../createAuthProviderIntegration';\nimport {\n AuthResolverContext,\n createOAuthProviderFactory,\n SignInResolver,\n} from '@backstage/plugin-auth-node';\nimport {\n adaptLegacyOAuthHandler,\n adaptLegacyOAuthSignInResolver,\n} from '../../lib/legacy';\nimport { auth0Authenticator } from '@backstage/plugin-auth-backend-module-auth0-provider';\n\n/\n @public\n * @deprecated The Auth0 auth provider was extracted to `@backstage/plugin-auth-backend-module-auth0-provider`.\n /\nexport type Auth0AuthProviderOptions = OAuthProviderOptions & {\n domain: string;\n signInResolver?: SignInResolver<OAuthResult>;\n authHandler: AuthHandler<OAuthResult>;\n resolverContext: AuthResolverContext;\n audience?: string;\n connection?: string;\n connectionScope?: string;\n};\n\n/\n Auth provider integration for auth0 auth\n \n @public\n /\nexport const auth0 = createAuthProviderIntegration({\n create(options?: {\n /\n The profile transformation function used to verify and convert the auth response\n * into the profile that will be presented to the user.\n /\n authHandler?: AuthHandler<OAuthResult>;\n\n /\n Configure sign-in for this provider, without it the provider can not be used to sign users in.\n /\n signIn?: {\n /\n Maps an auth result to a Backstage identity for the user.\n */\n resolver: SignInResolver<OAuthResult>;\n };\n }) {\n return createOAuthProviderFactory({\n authenticator: auth0Authenticator,\n profileTransform: adaptLegacyOAuthHandler(options?.authHandler),\n signInResolver: adaptLegacyOAuthSignInResolver(options?.signIn?.resolver),\n });\n },\n});\n"],"names":["createAuthProviderIntegration","createOAuthProviderFactory","auth0Authenticator","adaptLegacyOAuthHandler","adaptLegacyOAuthSignInResolver"],"mappings":";;;;;;;;AAkDO,MAAM,QAAQA,2DAA8B,CAAA;AAAA,EACjD,OAAO,OAgBJ,EAAA;AACD,IAAA,OAAOC,yCAA2B,CAAA;AAAA,MAChC,aAAe,EAAAC,uDAAA;AAAA,MACf,gBAAA,EAAkBC,+CAAwB,CAAA,OAAA,EAAS,WAAW,CAAA;AAAA,MAC9D,cAAgB,EAAAC,6DAAA,CAA+B,OAAS,EAAA,MAAA,EAAQ,QAAQ~~,CAAA~~;AAAA,KACzE,CAAA~~,CAAA~~;AAAA~~,GACH~~;~~AACF~~,CAAC;;;;"}
1	+ {"version":3,"file":"provider.cjs.js","sources":["../../../src/providers/auth0/provider.ts"],"sourcesContent":["/\n Copyright 2020 The Backstage Authors\n \n Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n \n http://www.apache.org/licenses/LICENSE-2.0\n \n Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n /\n\nimport { OAuthProviderOptions, OAuthResult } from '../../lib/oauth';\n\nimport { AuthHandler } from '../types';\nimport { createAuthProviderIntegration } from '../createAuthProviderIntegration';\nimport {\n AuthResolverContext,\n createOAuthProviderFactory,\n SignInResolver,\n} from '@backstage/plugin-auth-node';\nimport {\n adaptLegacyOAuthHandler,\n adaptLegacyOAuthSignInResolver,\n} from '../../lib/legacy';\nimport { auth0Authenticator } from '@backstage/plugin-auth-backend-module-auth0-provider';\n\n/\n @public\n * @deprecated The Auth0 auth provider was extracted to `@backstage/plugin-auth-backend-module-auth0-provider`.\n /\nexport type Auth0AuthProviderOptions = OAuthProviderOptions & {\n domain: string;\n signInResolver?: SignInResolver<OAuthResult>;\n authHandler: AuthHandler<OAuthResult>;\n resolverContext: AuthResolverContext;\n audience?: string;\n connection?: string;\n connectionScope?: string;\n};\n\n/\n Auth provider integration for auth0 auth\n \n @public\n /\nexport const auth0 = createAuthProviderIntegration({\n create(options?: {\n /\n The profile transformation function used to verify and convert the auth response\n * into the profile that will be presented to the user.\n /\n authHandler?: AuthHandler<OAuthResult>;\n\n /\n Configure sign-in for this provider, without it the provider can not be used to sign users in.\n /\n signIn?: {\n /\n Maps an auth result to a Backstage identity for the user.\n */\n resolver: SignInResolver<OAuthResult>;\n };\n }) {\n return createOAuthProviderFactory({\n authenticator: auth0Authenticator,\n profileTransform: adaptLegacyOAuthHandler(options?.authHandler),\n signInResolver: adaptLegacyOAuthSignInResolver(options?.signIn?.resolver),\n });\n },\n});\n"],"names":["createAuthProviderIntegration","createOAuthProviderFactory","auth0Authenticator","adaptLegacyOAuthHandler","adaptLegacyOAuthSignInResolver"],"mappings":";;;;;;;;AAkDO,MAAM,QAAQA,2DAA8B,CAAA;AAAA,EACjD,OAAO,OAgBJ,EAAA;AACD,IAAA,OAAOC,yCAA2B,CAAA;AAAA,MAChC,aAAe,EAAAC,uDAAA;AAAA,MACf,gBAAA,EAAkBC,+CAAwB,CAAA,OAAA,EAAS,WAAW,CAAA;AAAA,MAC9D,cAAgB,EAAAC,6DAAA,CAA+B,OAAS,EAAA,MAAA,EAAQ,QAAQ;AAAA,KACzE,CAAA;AAAA;AAEL,CAAC;;;;"}

package/dist/providers/aws-alb/provider.cjs.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"provider.cjs.js","sources":["../../../src/providers/aws-alb/provider.ts"],"sourcesContent":["/\n Copyright 2021 The Backstage Authors\n \n Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n \n http://www.apache.org/licenses/LICENSE-2.0\n \n Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n /\n\nimport {\n AwsAlbResult,\n awsAlbAuthenticator,\n} from '@backstage/plugin-auth-backend-module-aws-alb-provider';\nimport {\n SignInResolver,\n createProxyAuthProviderFactory,\n} from '@backstage/plugin-auth-node';\nimport { AuthHandler } from '../types';\nimport { createAuthProviderIntegration } from '../createAuthProviderIntegration';\n\n/\n Auth provider integration for AWS ALB auth\n \n @public\n /\nexport const awsAlb = createAuthProviderIntegration({\n create(options?: {\n /\n The profile transformation function used to verify and convert the auth\n * response into the profile that will be presented to the user. The default\n * implementation just provides the authenticated email that the IAP\n * presented.\n /\n authHandler?: AuthHandler<AwsAlbResult>;\n /\n Configures sign-in for this provider.\n /\n signIn: {\n /\n Maps an auth result to a Backstage identity for the user.\n */\n resolver: SignInResolver<AwsAlbResult>;\n };\n }) {\n return createProxyAuthProviderFactory({\n authenticator: awsAlbAuthenticator,\n profileTransform: options?.authHandler,\n signInResolver: options?.signIn?.resolver,\n });\n },\n});\n"],"names":["createAuthProviderIntegration","createProxyAuthProviderFactory","awsAlbAuthenticator"],"mappings":";;;;;;AAgCO,MAAM,SAASA,2DAA8B,CAAA;AAAA,EAClD,OAAO,OAiBJ,EAAA;AACD,IAAA,OAAOC,6CAA+B,CAAA;AAAA,MACpC,aAAe,EAAAC,yDAAA;AAAA,MACf,kBAAkB,OAAS,EAAA,WAAA;AAAA,MAC3B,cAAA,EAAgB,SAAS,MAAQ,EAAA~~,QAAA~~;AAAA,KAClC,CAAA~~,CAAA~~;AAAA~~,GACH~~;~~AACF~~,CAAC;;;;"}
1	+ {"version":3,"file":"provider.cjs.js","sources":["../../../src/providers/aws-alb/provider.ts"],"sourcesContent":["/\n Copyright 2021 The Backstage Authors\n \n Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n \n http://www.apache.org/licenses/LICENSE-2.0\n \n Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n /\n\nimport {\n AwsAlbResult,\n awsAlbAuthenticator,\n} from '@backstage/plugin-auth-backend-module-aws-alb-provider';\nimport {\n SignInResolver,\n createProxyAuthProviderFactory,\n} from '@backstage/plugin-auth-node';\nimport { AuthHandler } from '../types';\nimport { createAuthProviderIntegration } from '../createAuthProviderIntegration';\n\n/\n Auth provider integration for AWS ALB auth\n \n @public\n /\nexport const awsAlb = createAuthProviderIntegration({\n create(options?: {\n /\n The profile transformation function used to verify and convert the auth\n * response into the profile that will be presented to the user. The default\n * implementation just provides the authenticated email that the IAP\n * presented.\n /\n authHandler?: AuthHandler<AwsAlbResult>;\n /\n Configures sign-in for this provider.\n /\n signIn: {\n /\n Maps an auth result to a Backstage identity for the user.\n */\n resolver: SignInResolver<AwsAlbResult>;\n };\n }) {\n return createProxyAuthProviderFactory({\n authenticator: awsAlbAuthenticator,\n profileTransform: options?.authHandler,\n signInResolver: options?.signIn?.resolver,\n });\n },\n});\n"],"names":["createAuthProviderIntegration","createProxyAuthProviderFactory","awsAlbAuthenticator"],"mappings":";;;;;;AAgCO,MAAM,SAASA,2DAA8B,CAAA;AAAA,EAClD,OAAO,OAiBJ,EAAA;AACD,IAAA,OAAOC,6CAA+B,CAAA;AAAA,MACpC,aAAe,EAAAC,yDAAA;AAAA,MACf,kBAAkB,OAAS,EAAA,WAAA;AAAA,MAC3B,cAAA,EAAgB,SAAS,MAAQ,EAAA;AAAA,KAClC,CAAA;AAAA;AAEL,CAAC;;;;"}

package/dist/providers/azure-easyauth/provider.cjs.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"provider.cjs.js","sources":["../../../src/providers/azure-easyauth/provider.ts"],"sourcesContent":["/\n Copyright 2020 The Backstage Authors\n \n Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n \n http://www.apache.org/licenses/LICENSE-2.0\n \n Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n /\n\nimport {\n SignInResolver,\n createProxyAuthProviderFactory,\n} from '@backstage/plugin-auth-node';\nimport { AuthHandler } from '../types';\nimport { createAuthProviderIntegration } from '../createAuthProviderIntegration';\nimport {\n AzureEasyAuthResult,\n azureEasyAuthAuthenticator,\n} from '@backstage/plugin-auth-backend-module-azure-easyauth-provider';\n\nexport type EasyAuthResult = AzureEasyAuthResult;\n\n/\n Auth provider integration for Azure EasyAuth\n \n @public\n /\nexport const easyAuth = createAuthProviderIntegration({\n create(options?: {\n /\n The profile transformation function used to verify and convert the auth response\n * into the profile that will be presented to the user.\n /\n authHandler?: AuthHandler<EasyAuthResult>;\n\n /\n Configure sign-in for this provider, without it the provider can not be used to sign users in.\n /\n signIn: {\n /\n Maps an auth result to a Backstage identity for the user.\n */\n resolver: SignInResolver<EasyAuthResult>;\n };\n }) {\n return createProxyAuthProviderFactory({\n authenticator: azureEasyAuthAuthenticator,\n profileTransform: options?.authHandler,\n signInResolver: options?.signIn?.resolver,\n });\n },\n});\n"],"names":["createAuthProviderIntegration","createProxyAuthProviderFactory","azureEasyAuthAuthenticator"],"mappings":";;;;;;AAkCO,MAAM,WAAWA,2DAA8B,CAAA;AAAA,EACpD,OAAO,OAgBJ,EAAA;AACD,IAAA,OAAOC,6CAA+B,CAAA;AAAA,MACpC,aAAe,EAAAC,uEAAA;AAAA,MACf,kBAAkB,OAAS,EAAA,WAAA;AAAA,MAC3B,cAAA,EAAgB,SAAS,MAAQ,EAAA~~,QAAA~~;AAAA,KAClC,CAAA~~,CAAA~~;AAAA~~,GACH~~;~~AACF~~,CAAC;;;;"}
1	+ {"version":3,"file":"provider.cjs.js","sources":["../../../src/providers/azure-easyauth/provider.ts"],"sourcesContent":["/\n Copyright 2020 The Backstage Authors\n \n Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n \n http://www.apache.org/licenses/LICENSE-2.0\n \n Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n /\n\nimport {\n SignInResolver,\n createProxyAuthProviderFactory,\n} from '@backstage/plugin-auth-node';\nimport { AuthHandler } from '../types';\nimport { createAuthProviderIntegration } from '../createAuthProviderIntegration';\nimport {\n AzureEasyAuthResult,\n azureEasyAuthAuthenticator,\n} from '@backstage/plugin-auth-backend-module-azure-easyauth-provider';\n\nexport type EasyAuthResult = AzureEasyAuthResult;\n\n/\n Auth provider integration for Azure EasyAuth\n \n @public\n /\nexport const easyAuth = createAuthProviderIntegration({\n create(options?: {\n /\n The profile transformation function used to verify and convert the auth response\n * into the profile that will be presented to the user.\n /\n authHandler?: AuthHandler<EasyAuthResult>;\n\n /\n Configure sign-in for this provider, without it the provider can not be used to sign users in.\n /\n signIn: {\n /\n Maps an auth result to a Backstage identity for the user.\n */\n resolver: SignInResolver<EasyAuthResult>;\n };\n }) {\n return createProxyAuthProviderFactory({\n authenticator: azureEasyAuthAuthenticator,\n profileTransform: options?.authHandler,\n signInResolver: options?.signIn?.resolver,\n });\n },\n});\n"],"names":["createAuthProviderIntegration","createProxyAuthProviderFactory","azureEasyAuthAuthenticator"],"mappings":";;;;;;AAkCO,MAAM,WAAWA,2DAA8B,CAAA;AAAA,EACpD,OAAO,OAgBJ,EAAA;AACD,IAAA,OAAOC,6CAA+B,CAAA;AAAA,MACpC,aAAe,EAAAC,uEAAA;AAAA,MACf,kBAAkB,OAAS,EAAA,WAAA;AAAA,MAC3B,cAAA,EAAgB,SAAS,MAAQ,EAAA;AAAA,KAClC,CAAA;AAAA;AAEL,CAAC;;;;"}

package/dist/providers/bitbucket/provider.cjs.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"provider.cjs.js","sources":["../../../src/providers/bitbucket/provider.ts"],"sourcesContent":["/\n Copyright 2020 The Backstage Authors\n \n Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n \n http://www.apache.org/licenses/LICENSE-2.0\n \n Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n /\n\nimport {\n bitbucketAuthenticator,\n bitbucketSignInResolvers,\n} from '@backstage/plugin-auth-backend-module-bitbucket-provider';\nimport {\n SignInResolver,\n createOAuthProviderFactory,\n} from '@backstage/plugin-auth-node';\nimport { Profile as PassportProfile } from 'passport';\nimport {\n adaptLegacyOAuthHandler,\n adaptLegacyOAuthSignInResolver,\n adaptOAuthSignInResolverToLegacy,\n} from '../../lib/legacy';\nimport { OAuthResult } from '../../lib/oauth';\nimport { createAuthProviderIntegration } from '../createAuthProviderIntegration';\nimport { AuthHandler } from '../types';\n\n/\n @public\n * @deprecated The Bitbucket auth provider was extracted to `@backstage/plugin-auth-backend-module-bitbucket-provider`.\n /\nexport type BitbucketOAuthResult = {\n fullProfile: BitbucketPassportProfile;\n params: {\n id_token?: string;\n scope: string;\n expires_in: number;\n };\n accessToken: string;\n refreshToken?: string;\n};\n\n/\n @public\n * @deprecated The Bitbucket auth provider was extracted to `@backstage/plugin-auth-backend-module-bitbucket-provider`.\n /\nexport type BitbucketPassportProfile = PassportProfile & {\n id?: string;\n displayName?: string;\n username?: string;\n avatarUrl?: string;\n _json?: {\n links?: {\n avatar?: {\n href?: string;\n };\n };\n };\n};\n\n/\n Auth provider integration for Bitbucket auth\n \n @public\n /\nexport const bitbucket = createAuthProviderIntegration({\n create(options?: {\n /\n The profile transformation function used to verify and convert the auth response\n * into the profile that will be presented to the user.\n /\n authHandler?: AuthHandler<OAuthResult>;\n\n /\n Configure sign-in for this provider, without it the provider can not be used to sign users in.\n */\n signIn?: {\n resolver: SignInResolver<OAuthResult>;\n };\n }) {\n return createOAuthProviderFactory({\n authenticator: bitbucketAuthenticator,\n profileTransform: adaptLegacyOAuthHandler(options?.authHandler),\n signInResolver: adaptLegacyOAuthSignInResolver(options?.signIn?.resolver),\n });\n },\n resolvers: adaptOAuthSignInResolverToLegacy({\n userIdMatchingUserEntityAnnotation:\n bitbucketSignInResolvers.userIdMatchingUserEntityAnnotation(),\n usernameMatchingUserEntityAnnotation:\n bitbucketSignInResolvers.usernameMatchingUserEntityAnnotation(),\n }),\n});\n"],"names":["createAuthProviderIntegration","createOAuthProviderFactory","bitbucketAuthenticator","adaptLegacyOAuthHandler","adaptLegacyOAuthSignInResolver","adaptOAuthSignInResolverToLegacy","bitbucketSignInResolvers"],"mappings":";;;;;;;;;AAwEO,MAAM,YAAYA,2DAA8B,CAAA;AAAA,EACrD,OAAO,OAaJ,EAAA;AACD,IAAA,OAAOC,yCAA2B,CAAA;AAAA,MAChC,aAAe,EAAAC,+DAAA;AAAA,MACf,gBAAA,EAAkBC,+CAAwB,CAAA,OAAA,EAAS,WAAW,CAAA;AAAA,MAC9D,cAAgB,EAAAC,6DAAA,CAA+B,OAAS,EAAA,MAAA,EAAQ,QAAQ~~,CAAA~~;AAAA,KACzE,CAAA~~,CAAA~~;AAAA,GACH;AAAA,EACA,WAAWC,iEAAiC,CAAA;AAAA,IAC1C,kCAAA,EACEC,kEAAyB,kCAAmC,EAAA;AAAA,IAC9D,oCAAA,EACEA,kEAAyB,oCAAqC~~,EAAA~~;AAAA,GACjE~~,CAAA~~;AACH,CAAC;;;;"}
1	+ {"version":3,"file":"provider.cjs.js","sources":["../../../src/providers/bitbucket/provider.ts"],"sourcesContent":["/\n Copyright 2020 The Backstage Authors\n \n Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n \n http://www.apache.org/licenses/LICENSE-2.0\n \n Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n /\n\nimport {\n bitbucketAuthenticator,\n bitbucketSignInResolvers,\n} from '@backstage/plugin-auth-backend-module-bitbucket-provider';\nimport {\n SignInResolver,\n createOAuthProviderFactory,\n} from '@backstage/plugin-auth-node';\nimport { Profile as PassportProfile } from 'passport';\nimport {\n adaptLegacyOAuthHandler,\n adaptLegacyOAuthSignInResolver,\n adaptOAuthSignInResolverToLegacy,\n} from '../../lib/legacy';\nimport { OAuthResult } from '../../lib/oauth';\nimport { createAuthProviderIntegration } from '../createAuthProviderIntegration';\nimport { AuthHandler } from '../types';\n\n/\n @public\n * @deprecated The Bitbucket auth provider was extracted to `@backstage/plugin-auth-backend-module-bitbucket-provider`.\n /\nexport type BitbucketOAuthResult = {\n fullProfile: BitbucketPassportProfile;\n params: {\n id_token?: string;\n scope: string;\n expires_in: number;\n };\n accessToken: string;\n refreshToken?: string;\n};\n\n/\n @public\n * @deprecated The Bitbucket auth provider was extracted to `@backstage/plugin-auth-backend-module-bitbucket-provider`.\n /\nexport type BitbucketPassportProfile = PassportProfile & {\n id?: string;\n displayName?: string;\n username?: string;\n avatarUrl?: string;\n _json?: {\n links?: {\n avatar?: {\n href?: string;\n };\n };\n };\n};\n\n/\n Auth provider integration for Bitbucket auth\n \n @public\n /\nexport const bitbucket = createAuthProviderIntegration({\n create(options?: {\n /\n The profile transformation function used to verify and convert the auth response\n * into the profile that will be presented to the user.\n /\n authHandler?: AuthHandler<OAuthResult>;\n\n /\n Configure sign-in for this provider, without it the provider can not be used to sign users in.\n */\n signIn?: {\n resolver: SignInResolver<OAuthResult>;\n };\n }) {\n return createOAuthProviderFactory({\n authenticator: bitbucketAuthenticator,\n profileTransform: adaptLegacyOAuthHandler(options?.authHandler),\n signInResolver: adaptLegacyOAuthSignInResolver(options?.signIn?.resolver),\n });\n },\n resolvers: adaptOAuthSignInResolverToLegacy({\n userIdMatchingUserEntityAnnotation:\n bitbucketSignInResolvers.userIdMatchingUserEntityAnnotation(),\n usernameMatchingUserEntityAnnotation:\n bitbucketSignInResolvers.usernameMatchingUserEntityAnnotation(),\n }),\n});\n"],"names":["createAuthProviderIntegration","createOAuthProviderFactory","bitbucketAuthenticator","adaptLegacyOAuthHandler","adaptLegacyOAuthSignInResolver","adaptOAuthSignInResolverToLegacy","bitbucketSignInResolvers"],"mappings":";;;;;;;;;AAwEO,MAAM,YAAYA,2DAA8B,CAAA;AAAA,EACrD,OAAO,OAaJ,EAAA;AACD,IAAA,OAAOC,yCAA2B,CAAA;AAAA,MAChC,aAAe,EAAAC,+DAAA;AAAA,MACf,gBAAA,EAAkBC,+CAAwB,CAAA,OAAA,EAAS,WAAW,CAAA;AAAA,MAC9D,cAAgB,EAAAC,6DAAA,CAA+B,OAAS,EAAA,MAAA,EAAQ,QAAQ;AAAA,KACzE,CAAA;AAAA,GACH;AAAA,EACA,WAAWC,iEAAiC,CAAA;AAAA,IAC1C,kCAAA,EACEC,kEAAyB,kCAAmC,EAAA;AAAA,IAC9D,oCAAA,EACEA,kEAAyB,oCAAqC;AAAA,GACjE;AACH,CAAC;;;;"}

package/dist/providers/bitbucketServer/provider.cjs.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"provider.cjs.js","sources":["../../../src/providers/bitbucketServer/provider.ts"],"sourcesContent":["/\n Copyright 2023 The Backstage Authors\n \n Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n \n http://www.apache.org/licenses/LICENSE-2.0\n \n Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n /\n\nimport { Profile as PassportProfile } from 'passport';\nimport {\n AuthResolverContext,\n createOAuthProviderFactory,\n SignInResolver,\n} from '@backstage/plugin-auth-node';\nimport {\n bitbucketServerAuthenticator,\n bitbucketServerSignInResolvers,\n} from '@backstage/plugin-auth-backend-module-bitbucket-server-provider';\nimport { OAuthProviderOptions } from '../../lib/oauth';\nimport {\n adaptLegacyOAuthHandler,\n adaptLegacyOAuthSignInResolver,\n} from '../../lib/legacy';\nimport { AuthHandler } from '../types';\nimport { createAuthProviderIntegration } from '../createAuthProviderIntegration';\n\n/\n @public\n * @deprecated The Bitbucket Server auth provider was extracted to `@backstage/plugin-auth-backend-module-bitbucket-server-provider`.\n /\nexport type BitbucketServerOAuthResult = {\n fullProfile: PassportProfile;\n params: {\n scope: string;\n access_token?: string;\n token_type?: string;\n expires_in?: number;\n };\n accessToken: string;\n refreshToken?: string;\n};\n\n/\n @public\n * @deprecated The Bitbucket Server auth provider was extracted to `@backstage/plugin-auth-backend-module-bitbucket-server-provider`.\n /\nexport type BitbucketServerAuthProviderOptions = OAuthProviderOptions & {\n host: string;\n authorizationUrl: string;\n tokenUrl: string;\n authHandler: AuthHandler<BitbucketServerOAuthResult>;\n signInResolver?: SignInResolver<BitbucketServerOAuthResult>;\n resolverContext: AuthResolverContext;\n};\n\nexport const bitbucketServer = createAuthProviderIntegration({\n create(options?: {\n /\n The profile transformation function used to verify and convert the auth response\n * into the profile that will be presented to the user.\n /\n authHandler?: AuthHandler<BitbucketServerOAuthResult>;\n\n /\n Configure sign-in for this provider, without it the provider can not be used to sign users in.\n /\n signIn?: {\n /\n Maps an auth result to a Backstage identity for the user.\n /\n resolver: SignInResolver<BitbucketServerOAuthResult>;\n };\n }) {\n return createOAuthProviderFactory({\n authenticator: bitbucketServerAuthenticator,\n profileTransform: adaptLegacyOAuthHandler(options?.authHandler),\n signInResolver: adaptLegacyOAuthSignInResolver(options?.signIn?.resolver),\n });\n },\n resolvers: {\n /\n Looks up the user by matching their email to the entity email.\n */\n emailMatchingUserEntityProfileEmail:\n (): SignInResolver<BitbucketServerOAuthResult> => {\n const resolver =\n bitbucketServerSignInResolvers.emailMatchingUserEntityProfileEmail();\n return async (info, ctx) => {\n return resolver(\n {\n profile: info.profile,\n result: {\n fullProfile: info.result.fullProfile,\n session: {\n accessToken: info.result.accessToken,\n tokenType: info.result.params.token_type ?? 'bearer',\n scope: info.result.params.scope,\n expiresInSeconds: info.result.params.expires_in,\n refreshToken: info.result.refreshToken,\n },\n },\n },\n ctx,\n );\n };\n },\n },\n});\n"],"names":["createAuthProviderIntegration","createOAuthProviderFactory","bitbucketServerAuthenticator","adaptLegacyOAuthHandler","adaptLegacyOAuthSignInResolver","bitbucketServerSignInResolvers"],"mappings":";;;;;;;;AA+DO,MAAM,kBAAkBA,2DAA8B,CAAA;AAAA,EAC3D,OAAO,OAgBJ,EAAA;AACD,IAAA,OAAOC,yCAA2B,CAAA;AAAA,MAChC,aAAe,EAAAC,2EAAA;AAAA,MACf,gBAAA,EAAkBC,+CAAwB,CAAA,OAAA,EAAS,WAAW,CAAA;AAAA,MAC9D,cAAgB,EAAAC,6DAAA,CAA+B,OAAS,EAAA,MAAA,EAAQ,QAAQ~~,CAAA~~;AAAA,KACzE,CAAA~~,CAAA~~;AAAA,GACH;AAAA,EACA,SAAW,EAAA;AAAA;AAAA;AAAA;AAAA,IAIT,qCACE,MAAkD;AAChD,MAAM,MAAA,QAAA,GACJC,8EAA+B,mCAAoC,EAAA~~,CAAA~~;AACrE,MAAO,OAAA,OAAO,MAAM,GAAQ,KAAA;AAC1B,QAAO,OAAA,QAAA;AAAA,UACL;AAAA,YACE,SAAS,IAAK,CAAA,OAAA;AAAA,YACd,MAAQ,EAAA;AAAA,cACN,WAAA,EAAa,KAAK,MAAO,CAAA,WAAA;AAAA,cACzB,OAAS,EAAA;AAAA,gBACP,WAAA,EAAa,KAAK,MAAO,CAAA,WAAA;AAAA,gBACzB,SAAW,EAAA,IAAA,CAAK,MAAO,CAAA,MAAA,CAAO,UAAc,IAAA,QAAA;AAAA,gBAC5C,KAAA,EAAO,IAAK,CAAA,MAAA,CAAO,MAAO,CAAA,KAAA;AAAA,gBAC1B,gBAAA,EAAkB,IAAK,CAAA,MAAA,CAAO,MAAO,CAAA,UAAA;AAAA,gBACrC,YAAA,EAAc,KAAK,MAAO,CAAA~~,YAAA~~;AAAA~~,eAC5B~~;~~AAAA,aACF~~;~~AAAA~~,WACF;AAAA,UACA~~,GAAA~~;AAAA,SACF~~,CAAA~~;AAAA,OACF~~,CAAA~~;AAAA~~,KACF~~;~~AAAA,GACJ~~;~~AACF~~,CAAC;;;;"}
1	+ {"version":3,"file":"provider.cjs.js","sources":["../../../src/providers/bitbucketServer/provider.ts"],"sourcesContent":["/\n Copyright 2023 The Backstage Authors\n \n Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n \n http://www.apache.org/licenses/LICENSE-2.0\n \n Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n /\n\nimport { Profile as PassportProfile } from 'passport';\nimport {\n AuthResolverContext,\n createOAuthProviderFactory,\n SignInResolver,\n} from '@backstage/plugin-auth-node';\nimport {\n bitbucketServerAuthenticator,\n bitbucketServerSignInResolvers,\n} from '@backstage/plugin-auth-backend-module-bitbucket-server-provider';\nimport { OAuthProviderOptions } from '../../lib/oauth';\nimport {\n adaptLegacyOAuthHandler,\n adaptLegacyOAuthSignInResolver,\n} from '../../lib/legacy';\nimport { AuthHandler } from '../types';\nimport { createAuthProviderIntegration } from '../createAuthProviderIntegration';\n\n/\n @public\n * @deprecated The Bitbucket Server auth provider was extracted to `@backstage/plugin-auth-backend-module-bitbucket-server-provider`.\n /\nexport type BitbucketServerOAuthResult = {\n fullProfile: PassportProfile;\n params: {\n scope: string;\n access_token?: string;\n token_type?: string;\n expires_in?: number;\n };\n accessToken: string;\n refreshToken?: string;\n};\n\n/\n @public\n * @deprecated The Bitbucket Server auth provider was extracted to `@backstage/plugin-auth-backend-module-bitbucket-server-provider`.\n /\nexport type BitbucketServerAuthProviderOptions = OAuthProviderOptions & {\n host: string;\n authorizationUrl: string;\n tokenUrl: string;\n authHandler: AuthHandler<BitbucketServerOAuthResult>;\n signInResolver?: SignInResolver<BitbucketServerOAuthResult>;\n resolverContext: AuthResolverContext;\n};\n\nexport const bitbucketServer = createAuthProviderIntegration({\n create(options?: {\n /\n The profile transformation function used to verify and convert the auth response\n * into the profile that will be presented to the user.\n /\n authHandler?: AuthHandler<BitbucketServerOAuthResult>;\n\n /\n Configure sign-in for this provider, without it the provider can not be used to sign users in.\n /\n signIn?: {\n /\n Maps an auth result to a Backstage identity for the user.\n /\n resolver: SignInResolver<BitbucketServerOAuthResult>;\n };\n }) {\n return createOAuthProviderFactory({\n authenticator: bitbucketServerAuthenticator,\n profileTransform: adaptLegacyOAuthHandler(options?.authHandler),\n signInResolver: adaptLegacyOAuthSignInResolver(options?.signIn?.resolver),\n });\n },\n resolvers: {\n /\n Looks up the user by matching their email to the entity email.\n */\n emailMatchingUserEntityProfileEmail:\n (): SignInResolver<BitbucketServerOAuthResult> => {\n const resolver =\n bitbucketServerSignInResolvers.emailMatchingUserEntityProfileEmail();\n return async (info, ctx) => {\n return resolver(\n {\n profile: info.profile,\n result: {\n fullProfile: info.result.fullProfile,\n session: {\n accessToken: info.result.accessToken,\n tokenType: info.result.params.token_type ?? 'bearer',\n scope: info.result.params.scope,\n expiresInSeconds: info.result.params.expires_in,\n refreshToken: info.result.refreshToken,\n },\n },\n },\n ctx,\n );\n };\n },\n },\n});\n"],"names":["createAuthProviderIntegration","createOAuthProviderFactory","bitbucketServerAuthenticator","adaptLegacyOAuthHandler","adaptLegacyOAuthSignInResolver","bitbucketServerSignInResolvers"],"mappings":";;;;;;;;AA+DO,MAAM,kBAAkBA,2DAA8B,CAAA;AAAA,EAC3D,OAAO,OAgBJ,EAAA;AACD,IAAA,OAAOC,yCAA2B,CAAA;AAAA,MAChC,aAAe,EAAAC,2EAAA;AAAA,MACf,gBAAA,EAAkBC,+CAAwB,CAAA,OAAA,EAAS,WAAW,CAAA;AAAA,MAC9D,cAAgB,EAAAC,6DAAA,CAA+B,OAAS,EAAA,MAAA,EAAQ,QAAQ;AAAA,KACzE,CAAA;AAAA,GACH;AAAA,EACA,SAAW,EAAA;AAAA;AAAA;AAAA;AAAA,IAIT,qCACE,MAAkD;AAChD,MAAM,MAAA,QAAA,GACJC,8EAA+B,mCAAoC,EAAA;AACrE,MAAO,OAAA,OAAO,MAAM,GAAQ,KAAA;AAC1B,QAAO,OAAA,QAAA;AAAA,UACL;AAAA,YACE,SAAS,IAAK,CAAA,OAAA;AAAA,YACd,MAAQ,EAAA;AAAA,cACN,WAAA,EAAa,KAAK,MAAO,CAAA,WAAA;AAAA,cACzB,OAAS,EAAA;AAAA,gBACP,WAAA,EAAa,KAAK,MAAO,CAAA,WAAA;AAAA,gBACzB,SAAW,EAAA,IAAA,CAAK,MAAO,CAAA,MAAA,CAAO,UAAc,IAAA,QAAA;AAAA,gBAC5C,KAAA,EAAO,IAAK,CAAA,MAAA,CAAO,MAAO,CAAA,KAAA;AAAA,gBAC1B,gBAAA,EAAkB,IAAK,CAAA,MAAA,CAAO,MAAO,CAAA,UAAA;AAAA,gBACrC,YAAA,EAAc,KAAK,MAAO,CAAA;AAAA;AAC5B;AACF,WACF;AAAA,UACA;AAAA,SACF;AAAA,OACF;AAAA;AACF;AAEN,CAAC;;;;"}

package/dist/providers/cloudflare-access/provider.cjs.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"provider.cjs.js","sources":["../../../src/providers/cloudflare-access/provider.ts"],"sourcesContent":["/\n Copyright 2022 The Backstage Authors\n \n Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n \n http://www.apache.org/licenses/LICENSE-2.0\n \n Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n /\n\nimport {\n cloudflareAccessSignInResolvers,\n createCloudflareAccessAuthenticator,\n} from '@backstage/plugin-auth-backend-module-cloudflare-access-provider';\nimport {\n SignInResolver,\n createProxyAuthProviderFactory,\n} from '@backstage/plugin-auth-node';\nimport { createAuthProviderIntegration } from '../createAuthProviderIntegration';\nimport { AuthHandler } from '../types';\nimport { CacheService } from '@backstage/backend-plugin-api';\n\n/\n CloudflareAccessClaims\n \n Can be used in externally provided auth handler or sign in resolver to\n * enrich user profile for sign-in user entity\n \n @public\n * @deprecated import from `@backstage/plugin-auth-backend-module-cloudflare-access-provider` instead\n /\nexport type CloudflareAccessClaims = {\n /\n `aud` identifies the application to which the JWT is issued.\n /\n aud: string[];\n /\n `email` contains the email address of the authenticated user.\n /\n email: string;\n /\n iat and exp are the issuance and expiration timestamps.\n /\n exp: number;\n iat: number;\n /\n `nonce` is the session identifier.\n /\n nonce: string;\n /\n `identity_nonce` is available in the Application Token and can be used to\n * query all group membership for a given user.\n /\n identity_nonce: string;\n /\n `sub` contains the identifier of the authenticated user.\n /\n sub: string;\n /\n `iss` the issuer is the application’s Cloudflare Access Domain URL.\n /\n iss: string;\n /\n `custom` contains SAML attributes in the Application Token specified by an\n * administrator in the identity provider configuration.\n /\n custom: string;\n};\n\n/\n CloudflareAccessGroup\n \n @public\n * @deprecated import from `@backstage/plugin-auth-backend-module-cloudflare-access-provider` instead\n /\nexport type CloudflareAccessGroup = {\n /\n Group id\n /\n id: string;\n /\n Name of group as defined in Cloudflare zero trust dashboard\n /\n name: string;\n /\n Access group email address\n /\n email: string;\n};\n\n/\n CloudflareAccessIdentityProfile\n \n Can be used in externally provided auth handler or sign in resolver to\n * enrich user profile for sign-in user entity\n \n @public\n * @deprecated import from `@backstage/plugin-auth-backend-module-cloudflare-access-provider` instead\n /\nexport type CloudflareAccessIdentityProfile = {\n id: string;\n name: string;\n email: string;\n groups: CloudflareAccessGroup[];\n};\n\n/\n @public\n * @deprecated import from `@backstage/plugin-auth-backend-module-cloudflare-access-provider` instead\n /\nexport type CloudflareAccessResult = {\n claims: CloudflareAccessClaims;\n cfIdentity: CloudflareAccessIdentityProfile;\n expiresInSeconds?: number;\n token: string;\n};\n\n/\n Auth provider integration for Cloudflare Access auth\n \n @public\n /\nexport const cfAccess = createAuthProviderIntegration({\n create(options: {\n /\n The profile transformation function used to verify and convert the auth response\n * into the profile that will be presented to the user.\n /\n authHandler?: AuthHandler<CloudflareAccessResult>;\n\n /\n Configure sign-in for this provider, without it the provider can not be used to sign users in.\n /\n signIn: {\n /\n Maps an auth result to a Backstage identity for the user.\n /\n resolver: SignInResolver<CloudflareAccessResult>;\n };\n\n /\n Cache service object that was configured for the Backstage backend,\n * should be provided via the backend auth plugin.\n */\n cache?: CacheService;\n }) {\n return createProxyAuthProviderFactory({\n authenticator: createCloudflareAccessAuthenticator({\n cache: options.cache,\n }),\n profileTransform: options?.authHandler,\n signInResolver: options?.signIn?.resolver,\n signInResolverFactories: cloudflareAccessSignInResolvers,\n });\n },\n resolvers: cloudflareAccessSignInResolvers,\n});\n"],"names":["createAuthProviderIntegration","createProxyAuthProviderFactory","createCloudflareAccessAuthenticator","cloudflareAccessSignInResolvers"],"mappings":";;;;;;AAgIO,MAAM,WAAWA,2DAA8B,CAAA;AAAA,EACpD,OAAO,OAsBJ,EAAA;AACD,IAAA,OAAOC,6CAA+B,CAAA;AAAA,MACpC,eAAeC,mFAAoC,CAAA;AAAA,QACjD,OAAO,OAAQ,CAAA~~,KAAA~~;AAAA,OAChB,CAAA;AAAA,MACD,kBAAkB,OAAS,EAAA,WAAA;AAAA,MAC3B,cAAA,EAAgB,SAAS,MAAQ,EAAA,QAAA;AAAA,MACjC,uBAAyB,EAAAC~~,+EAAA~~;AAAA,KAC1B,CAAA~~,CAAA~~;AAAA,GACH;AAAA,EACA,SAAW,EAAAA~~,+EAAA~~;AACb,CAAC;;;;"}
1	+ {"version":3,"file":"provider.cjs.js","sources":["../../../src/providers/cloudflare-access/provider.ts"],"sourcesContent":["/\n Copyright 2022 The Backstage Authors\n \n Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n \n http://www.apache.org/licenses/LICENSE-2.0\n \n Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n /\n\nimport {\n cloudflareAccessSignInResolvers,\n createCloudflareAccessAuthenticator,\n} from '@backstage/plugin-auth-backend-module-cloudflare-access-provider';\nimport {\n SignInResolver,\n createProxyAuthProviderFactory,\n} from '@backstage/plugin-auth-node';\nimport { createAuthProviderIntegration } from '../createAuthProviderIntegration';\nimport { AuthHandler } from '../types';\nimport { CacheService } from '@backstage/backend-plugin-api';\n\n/\n CloudflareAccessClaims\n \n Can be used in externally provided auth handler or sign in resolver to\n * enrich user profile for sign-in user entity\n \n @public\n * @deprecated import from `@backstage/plugin-auth-backend-module-cloudflare-access-provider` instead\n /\nexport type CloudflareAccessClaims = {\n /\n `aud` identifies the application to which the JWT is issued.\n /\n aud: string[];\n /\n `email` contains the email address of the authenticated user.\n /\n email: string;\n /\n iat and exp are the issuance and expiration timestamps.\n /\n exp: number;\n iat: number;\n /\n `nonce` is the session identifier.\n /\n nonce: string;\n /\n `identity_nonce` is available in the Application Token and can be used to\n * query all group membership for a given user.\n /\n identity_nonce: string;\n /\n `sub` contains the identifier of the authenticated user.\n /\n sub: string;\n /\n `iss` the issuer is the application’s Cloudflare Access Domain URL.\n /\n iss: string;\n /\n `custom` contains SAML attributes in the Application Token specified by an\n * administrator in the identity provider configuration.\n /\n custom: string;\n};\n\n/\n CloudflareAccessGroup\n \n @public\n * @deprecated import from `@backstage/plugin-auth-backend-module-cloudflare-access-provider` instead\n /\nexport type CloudflareAccessGroup = {\n /\n Group id\n /\n id: string;\n /\n Name of group as defined in Cloudflare zero trust dashboard\n /\n name: string;\n /\n Access group email address\n /\n email: string;\n};\n\n/\n CloudflareAccessIdentityProfile\n \n Can be used in externally provided auth handler or sign in resolver to\n * enrich user profile for sign-in user entity\n \n @public\n * @deprecated import from `@backstage/plugin-auth-backend-module-cloudflare-access-provider` instead\n /\nexport type CloudflareAccessIdentityProfile = {\n id: string;\n name: string;\n email: string;\n groups: CloudflareAccessGroup[];\n};\n\n/\n @public\n * @deprecated import from `@backstage/plugin-auth-backend-module-cloudflare-access-provider` instead\n /\nexport type CloudflareAccessResult = {\n claims: CloudflareAccessClaims;\n cfIdentity: CloudflareAccessIdentityProfile;\n expiresInSeconds?: number;\n token: string;\n};\n\n/\n Auth provider integration for Cloudflare Access auth\n \n @public\n /\nexport const cfAccess = createAuthProviderIntegration({\n create(options: {\n /\n The profile transformation function used to verify and convert the auth response\n * into the profile that will be presented to the user.\n /\n authHandler?: AuthHandler<CloudflareAccessResult>;\n\n /\n Configure sign-in for this provider, without it the provider can not be used to sign users in.\n /\n signIn: {\n /\n Maps an auth result to a Backstage identity for the user.\n /\n resolver: SignInResolver<CloudflareAccessResult>;\n };\n\n /\n Cache service object that was configured for the Backstage backend,\n * should be provided via the backend auth plugin.\n */\n cache?: CacheService;\n }) {\n return createProxyAuthProviderFactory({\n authenticator: createCloudflareAccessAuthenticator({\n cache: options.cache,\n }),\n profileTransform: options?.authHandler,\n signInResolver: options?.signIn?.resolver,\n signInResolverFactories: cloudflareAccessSignInResolvers,\n });\n },\n resolvers: cloudflareAccessSignInResolvers,\n});\n"],"names":["createAuthProviderIntegration","createProxyAuthProviderFactory","createCloudflareAccessAuthenticator","cloudflareAccessSignInResolvers"],"mappings":";;;;;;AAgIO,MAAM,WAAWA,2DAA8B,CAAA;AAAA,EACpD,OAAO,OAsBJ,EAAA;AACD,IAAA,OAAOC,6CAA+B,CAAA;AAAA,MACpC,eAAeC,mFAAoC,CAAA;AAAA,QACjD,OAAO,OAAQ,CAAA;AAAA,OAChB,CAAA;AAAA,MACD,kBAAkB,OAAS,EAAA,WAAA;AAAA,MAC3B,cAAA,EAAgB,SAAS,MAAQ,EAAA,QAAA;AAAA,MACjC,uBAAyB,EAAAC;AAAA,KAC1B,CAAA;AAAA,GACH;AAAA,EACA,SAAW,EAAAA;AACb,CAAC;;;;"}

package/dist/providers/createAuthProviderIntegration.cjs.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"createAuthProviderIntegration.cjs.js","sources":["../../src/providers/createAuthProviderIntegration.ts"],"sourcesContent":["/\n Copyright 2022 The Backstage Authors\n \n Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n \n http://www.apache.org/licenses/LICENSE-2.0\n \n Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n /\n\nimport {\n AuthProviderFactory,\n SignInResolver,\n} from '@backstage/plugin-auth-node';\n\n/\n Creates a standardized representation of an integration with a third-party\n * auth provider.\n \n The returned object facilitates the creation of provider instances, and\n * supplies built-in sign-in resolvers for the specific provider.\n \n @public\n */\nexport function createAuthProviderIntegration<\n TCreateOptions extends unknown[],\n TResolvers extends\n \| {\n [name in string]: (...args: any[]) => SignInResolver<any>;\n },\n>(config: {\n create: (...args: TCreateOptions) => AuthProviderFactory;\n resolvers?: TResolvers;\n}): Readonly<{\n create: (...args: TCreateOptions) => AuthProviderFactory;\n // If no resolvers are defined, this receives the type `never`\n resolvers: Readonly<string extends keyof TResolvers ? never : TResolvers>;\n}> {\n return Object.freeze({\n ...config,\n resolvers: Object.freeze(config.resolvers ?? ({} as any)),\n });\n}\n"],"names":[],"mappings":";;AA8BO,SAAS,8BAMd,MAOC,EAAA;AACD,EAAA,OAAO,OAAO,MAAO,CAAA;AAAA,IACnB,GAAG,MAAA;AAAA,IACH,WAAW,MAAO,CAAA,MAAA,CAAO,MAAO,CAAA,SAAA,IAAc,EAAU~~,CAAA~~;AAAA,GACzD,CAAA~~,CAAA~~;AACH;;;;"}
1	+ {"version":3,"file":"createAuthProviderIntegration.cjs.js","sources":["../../src/providers/createAuthProviderIntegration.ts"],"sourcesContent":["/\n Copyright 2022 The Backstage Authors\n \n Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n \n http://www.apache.org/licenses/LICENSE-2.0\n \n Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n /\n\nimport {\n AuthProviderFactory,\n SignInResolver,\n} from '@backstage/plugin-auth-node';\n\n/\n Creates a standardized representation of an integration with a third-party\n * auth provider.\n \n The returned object facilitates the creation of provider instances, and\n * supplies built-in sign-in resolvers for the specific provider.\n \n @public\n */\nexport function createAuthProviderIntegration<\n TCreateOptions extends unknown[],\n TResolvers extends\n \| {\n [name in string]: (...args: any[]) => SignInResolver<any>;\n },\n>(config: {\n create: (...args: TCreateOptions) => AuthProviderFactory;\n resolvers?: TResolvers;\n}): Readonly<{\n create: (...args: TCreateOptions) => AuthProviderFactory;\n // If no resolvers are defined, this receives the type `never`\n resolvers: Readonly<string extends keyof TResolvers ? never : TResolvers>;\n}> {\n return Object.freeze({\n ...config,\n resolvers: Object.freeze(config.resolvers ?? ({} as any)),\n });\n}\n"],"names":[],"mappings":";;AA8BO,SAAS,8BAMd,MAOC,EAAA;AACD,EAAA,OAAO,OAAO,MAAO,CAAA;AAAA,IACnB,GAAG,MAAA;AAAA,IACH,WAAW,MAAO,CAAA,MAAA,CAAO,MAAO,CAAA,SAAA,IAAc,EAAU;AAAA,GACzD,CAAA;AACH;;;;"}

package/dist/providers/gcp-iap/provider.cjs.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"provider.cjs.js","sources":["../../../src/providers/gcp-iap/provider.ts"],"sourcesContent":["/\n Copyright 2021 The Backstage Authors\n \n Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n \n http://www.apache.org/licenses/LICENSE-2.0\n \n Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n /\n\nimport { gcpIapAuthenticator } from '@backstage/plugin-auth-backend-module-gcp-iap-provider';\nimport {\n SignInResolver,\n createProxyAuthProviderFactory,\n} from '@backstage/plugin-auth-node';\nimport { createAuthProviderIntegration } from '../createAuthProviderIntegration';\nimport { AuthHandler } from '../types';\nimport { GcpIapResult } from './types';\n\n/\n Auth provider integration for Google Identity-Aware Proxy auth\n \n @public\n /\nexport const gcpIap = createAuthProviderIntegration({\n create(options: {\n /\n The profile transformation function used to verify and convert the auth\n * response into the profile that will be presented to the user. The default\n * implementation just provides the authenticated email that the IAP\n * presented.\n /\n authHandler?: AuthHandler<GcpIapResult>;\n\n /\n Configures sign-in for this provider.\n /\n signIn: {\n /\n Maps an auth result to a Backstage identity for the user.\n */\n resolver: SignInResolver<GcpIapResult>;\n };\n }) {\n return createProxyAuthProviderFactory({\n authenticator: gcpIapAuthenticator,\n profileTransform: options?.authHandler,\n signInResolver: options?.signIn?.resolver,\n });\n },\n});\n"],"names":["createAuthProviderIntegration","createProxyAuthProviderFactory","gcpIapAuthenticator"],"mappings":";;;;;;AA8BO,MAAM,SAASA,2DAA8B,CAAA;AAAA,EAClD,OAAO,OAkBJ,EAAA;AACD,IAAA,OAAOC,6CAA+B,CAAA;AAAA,MACpC,aAAe,EAAAC,yDAAA;AAAA,MACf,kBAAkB,OAAS,EAAA,WAAA;AAAA,MAC3B,cAAA,EAAgB,SAAS,MAAQ,EAAA~~,QAAA~~;AAAA,KAClC,CAAA~~,CAAA~~;AAAA~~,GACH~~;~~AACF~~,CAAC;;;;"}
1	+ {"version":3,"file":"provider.cjs.js","sources":["../../../src/providers/gcp-iap/provider.ts"],"sourcesContent":["/\n Copyright 2021 The Backstage Authors\n \n Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n \n http://www.apache.org/licenses/LICENSE-2.0\n \n Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n /\n\nimport { gcpIapAuthenticator } from '@backstage/plugin-auth-backend-module-gcp-iap-provider';\nimport {\n SignInResolver,\n createProxyAuthProviderFactory,\n} from '@backstage/plugin-auth-node';\nimport { createAuthProviderIntegration } from '../createAuthProviderIntegration';\nimport { AuthHandler } from '../types';\nimport { GcpIapResult } from './types';\n\n/\n Auth provider integration for Google Identity-Aware Proxy auth\n \n @public\n /\nexport const gcpIap = createAuthProviderIntegration({\n create(options: {\n /\n The profile transformation function used to verify and convert the auth\n * response into the profile that will be presented to the user. The default\n * implementation just provides the authenticated email that the IAP\n * presented.\n /\n authHandler?: AuthHandler<GcpIapResult>;\n\n /\n Configures sign-in for this provider.\n /\n signIn: {\n /\n Maps an auth result to a Backstage identity for the user.\n */\n resolver: SignInResolver<GcpIapResult>;\n };\n }) {\n return createProxyAuthProviderFactory({\n authenticator: gcpIapAuthenticator,\n profileTransform: options?.authHandler,\n signInResolver: options?.signIn?.resolver,\n });\n },\n});\n"],"names":["createAuthProviderIntegration","createProxyAuthProviderFactory","gcpIapAuthenticator"],"mappings":";;;;;;AA8BO,MAAM,SAASA,2DAA8B,CAAA;AAAA,EAClD,OAAO,OAkBJ,EAAA;AACD,IAAA,OAAOC,6CAA+B,CAAA;AAAA,MACpC,aAAe,EAAAC,yDAAA;AAAA,MACf,kBAAkB,OAAS,EAAA,WAAA;AAAA,MAC3B,cAAA,EAAgB,SAAS,MAAQ,EAAA;AAAA,KAClC,CAAA;AAAA;AAEL,CAAC;;;;"}

package/dist/providers/github/provider.cjs.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"provider.cjs.js","sources":["../../../src/providers/github/provider.ts"],"sourcesContent":["/\n Copyright 2020 The Backstage Authors\n \n Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n \n http://www.apache.org/licenses/LICENSE-2.0\n \n Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n /\n\nimport { Profile as PassportProfile } from 'passport';\nimport { AuthHandler, StateEncoder } from '../types';\nimport { createAuthProviderIntegration } from '../createAuthProviderIntegration';\nimport {\n createOAuthProviderFactory,\n OAuthAuthenticatorResult,\n ProfileTransform,\n SignInResolver,\n} from '@backstage/plugin-auth-node';\nimport { githubAuthenticator } from '@backstage/plugin-auth-backend-module-github-provider';\n\n/* @public /\nexport type GithubOAuthResult = {\n fullProfile: PassportProfile;\n params: {\n scope: string;\n expires_in?: string;\n refresh_token_expires_in?: string;\n };\n accessToken: string;\n refreshToken?: string;\n};\n\n/\n Auth provider integration for GitHub auth\n \n @public\n /\nexport const github = createAuthProviderIntegration({\n create(options?: {\n /\n The profile transformation function used to verify and convert the auth response\n * into the profile that will be presented to the user.\n /\n authHandler?: AuthHandler<GithubOAuthResult>;\n\n /\n Configure sign-in for this provider, without it the provider can not be used to sign users in.\n /\n signIn?: {\n /\n Maps an auth result to a Backstage identity for the user.\n /\n resolver: SignInResolver<GithubOAuthResult>;\n };\n\n /\n The state encoder used to encode the 'state' parameter on the OAuth request.\n \n It should return a string that takes the state params (from the request), url encodes the params\n * and finally base64 encodes them.\n \n Providing your own stateEncoder will allow you to add addition parameters to the state field.\n \n It is typed as follows:\n * `export type StateEncoder = (input: OAuthState) => Promise<{encodedState: string}>;`\n \n Note: the stateEncoder must encode a 'nonce' value and an 'env' value. Without this, the OAuth flow will fail\n * (These two values will be set by the req.state by default)\n \n For more information, please see the helper module in ../../oauth/helpers #readState\n /\n stateEncoder?: StateEncoder;\n }) {\n const authHandler = options?.authHandler;\n const signInResolver = options?.signIn?.resolver;\n return createOAuthProviderFactory({\n authenticator: githubAuthenticator,\n profileTransform:\n authHandler &&\n ((async (result, ctx) =>\n authHandler!(\n {\n fullProfile: result.fullProfile,\n accessToken: result.session.accessToken,\n params: {\n scope: result.session.scope,\n expires_in: result.session.expiresInSeconds\n ? String(result.session.expiresInSeconds)\n : '',\n refresh_token_expires_in: result.session\n .refreshTokenExpiresInSeconds\n ? String(result.session.refreshTokenExpiresInSeconds)\n : '',\n },\n },\n ctx,\n )) as ProfileTransform<OAuthAuthenticatorResult<PassportProfile>>),\n signInResolver:\n signInResolver &&\n ((async ({ profile, result }, ctx) =>\n signInResolver(\n {\n profile: profile,\n result: {\n fullProfile: result.fullProfile,\n accessToken: result.session.accessToken,\n refreshToken: result.session.refreshToken,\n params: {\n scope: result.session.scope,\n expires_in: result.session.expiresInSeconds\n ? String(result.session.expiresInSeconds)\n : '',\n refresh_token_expires_in: result.session\n .refreshTokenExpiresInSeconds\n ? String(result.session.refreshTokenExpiresInSeconds)\n : '',\n },\n },\n },\n ctx,\n )) as SignInResolver<OAuthAuthenticatorResult<PassportProfile>>),\n });\n },\n resolvers: {\n /\n Looks up the user by matching their GitHub username to the entity name.\n */\n usernameMatchingUserEntityName: (): SignInResolver<GithubOAuthResult> => {\n return async (info, ctx) => {\n const { fullProfile } = info.result;\n\n const userId = fullProfile.username;\n if (!userId) {\n throw new Error(`GitHub user profile does not contain a username`);\n }\n\n return ctx.signInWithCatalogUser({ entityRef: { name: userId } });\n };\n },\n },\n});\n"],"names":["createAuthProviderIntegration","createOAuthProviderFactory","githubAuthenticator"],"mappings":";;;;;;AA4CO,MAAM,SAASA,2DAA8B,CAAA;AAAA,EAClD,OAAO,OAkCJ,EAAA;AACD,IAAA,MAAM,cAAc,OAAS,EAAA,WAAA~~,CAAA~~;AAC7B,IAAM,MAAA,cAAA,GAAiB,SAAS,MAAQ,EAAA,QAAA~~,CAAA~~;AACxC,IAAA,OAAOC,yCAA2B,CAAA;AAAA,MAChC,aAAe,EAAAC,yDAAA;AAAA,MACf,gBACE,EAAA,WAAA,KACE,OAAO,MAAA,EAAQ,GACf,KAAA,WAAA;AAAA,QACE;AAAA,UACE,aAAa,MAAO,CAAA,WAAA;AAAA,UACpB,WAAA,EAAa,OAAO,OAAQ,CAAA,WAAA;AAAA,UAC5B,MAAQ,EAAA;AAAA,YACN,KAAA,EAAO,OAAO,OAAQ,CAAA,KAAA;AAAA,YACtB,UAAA,EAAY,OAAO,OAAQ,CAAA,gBAAA,GACvB,OAAO,MAAO,CAAA,OAAA,CAAQ,gBAAgB,CACtC,GAAA,EAAA;AAAA,YACJ,wBAAA,EAA0B,OAAO,OAC9B,CAAA,4BAAA,GACC,OAAO,MAAO,CAAA,OAAA,CAAQ,4BAA4B,CAClD,GAAA~~,EAAA~~;AAAA~~,WACN~~;~~AAAA~~,SACF;AAAA,QACA~~,GAAA~~;AAAA,OACF,CAAA;AAAA,MACJ,gBACE,cACE,KAAA,OAAO,EAAE,OAAS,EAAA,MAAA,IAAU,GAC5B,KAAA,cAAA;AAAA,QACE;AAAA,UACE,OAAA;AAAA,UACA,MAAQ,EAAA;AAAA,YACN,aAAa,MAAO,CAAA,WAAA;AAAA,YACpB,WAAA,EAAa,OAAO,OAAQ,CAAA,WAAA;AAAA,YAC5B,YAAA,EAAc,OAAO,OAAQ,CAAA,YAAA;AAAA,YAC7B,MAAQ,EAAA;AAAA,cACN,KAAA,EAAO,OAAO,OAAQ,CAAA,KAAA;AAAA,cACtB,UAAA,EAAY,OAAO,OAAQ,CAAA,gBAAA,GACvB,OAAO,MAAO,CAAA,OAAA,CAAQ,gBAAgB,CACtC,GAAA,EAAA;AAAA,cACJ,wBAAA,EAA0B,OAAO,OAC9B,CAAA,4BAAA,GACC,OAAO,MAAO,CAAA,OAAA,CAAQ,4BAA4B,CAClD,GAAA~~,EAAA~~;AAAA~~,aACN~~;~~AAAA,WACF~~;~~AAAA~~,SACF;AAAA,QACA~~,GAAA~~;AAAA,OACF~~,CAAA~~;AAAA,KACL,CAAA~~,CAAA~~;AAAA,GACH;AAAA,EACA,SAAW,EAAA;AAAA;AAAA;AAAA;AAAA,IAIT,gCAAgC,MAAyC;AACvE,MAAO,OAAA,OAAO,MAAM,GAAQ,KAAA;AAC1B,QAAM,MAAA,EAAE,WAAY,EAAA,GAAI,IAAK,CAAA,MAAA~~,CAAA~~;AAE7B,QAAA,MAAM,SAAS,WAAY,CAAA,QAAA~~,CAAA~~;AAC3B,QAAA,IAAI,CAAC,MAAQ,EAAA;AACX,UAAM,MAAA,IAAI,MAAM,CAAiD,+CAAA,CAAA,CAAA~~,CAAA~~;AAAA~~,SACnE~~;~~AAEA~~,QAAO,OAAA,GAAA,CAAI,sBAAsB,EAAE,SAAA,EAAW,EAAE,IAAM,EAAA,MAAA,IAAU,CAAA~~,CAAA~~;AAAA,OAClE~~,CAAA~~;AAAA~~,KACF~~;~~AAAA,GACF~~;~~AACF~~,CAAC;;;;"}
1	+ {"version":3,"file":"provider.cjs.js","sources":["../../../src/providers/github/provider.ts"],"sourcesContent":["/\n Copyright 2020 The Backstage Authors\n \n Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n \n http://www.apache.org/licenses/LICENSE-2.0\n \n Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n /\n\nimport { Profile as PassportProfile } from 'passport';\nimport { AuthHandler, StateEncoder } from '../types';\nimport { createAuthProviderIntegration } from '../createAuthProviderIntegration';\nimport {\n createOAuthProviderFactory,\n OAuthAuthenticatorResult,\n ProfileTransform,\n SignInResolver,\n} from '@backstage/plugin-auth-node';\nimport { githubAuthenticator } from '@backstage/plugin-auth-backend-module-github-provider';\n\n/* @public /\nexport type GithubOAuthResult = {\n fullProfile: PassportProfile;\n params: {\n scope: string;\n expires_in?: string;\n refresh_token_expires_in?: string;\n };\n accessToken: string;\n refreshToken?: string;\n};\n\n/\n Auth provider integration for GitHub auth\n \n @public\n /\nexport const github = createAuthProviderIntegration({\n create(options?: {\n /\n The profile transformation function used to verify and convert the auth response\n * into the profile that will be presented to the user.\n /\n authHandler?: AuthHandler<GithubOAuthResult>;\n\n /\n Configure sign-in for this provider, without it the provider can not be used to sign users in.\n /\n signIn?: {\n /\n Maps an auth result to a Backstage identity for the user.\n /\n resolver: SignInResolver<GithubOAuthResult>;\n };\n\n /\n The state encoder used to encode the 'state' parameter on the OAuth request.\n \n It should return a string that takes the state params (from the request), url encodes the params\n * and finally base64 encodes them.\n \n Providing your own stateEncoder will allow you to add addition parameters to the state field.\n \n It is typed as follows:\n * `export type StateEncoder = (input: OAuthState) => Promise<{encodedState: string}>;`\n \n Note: the stateEncoder must encode a 'nonce' value and an 'env' value. Without this, the OAuth flow will fail\n * (These two values will be set by the req.state by default)\n \n For more information, please see the helper module in ../../oauth/helpers #readState\n /\n stateEncoder?: StateEncoder;\n }) {\n const authHandler = options?.authHandler;\n const signInResolver = options?.signIn?.resolver;\n return createOAuthProviderFactory({\n authenticator: githubAuthenticator,\n profileTransform:\n authHandler &&\n ((async (result, ctx) =>\n authHandler!(\n {\n fullProfile: result.fullProfile,\n accessToken: result.session.accessToken,\n params: {\n scope: result.session.scope,\n expires_in: result.session.expiresInSeconds\n ? String(result.session.expiresInSeconds)\n : '',\n refresh_token_expires_in: result.session\n .refreshTokenExpiresInSeconds\n ? String(result.session.refreshTokenExpiresInSeconds)\n : '',\n },\n },\n ctx,\n )) as ProfileTransform<OAuthAuthenticatorResult<PassportProfile>>),\n signInResolver:\n signInResolver &&\n ((async ({ profile, result }, ctx) =>\n signInResolver(\n {\n profile: profile,\n result: {\n fullProfile: result.fullProfile,\n accessToken: result.session.accessToken,\n refreshToken: result.session.refreshToken,\n params: {\n scope: result.session.scope,\n expires_in: result.session.expiresInSeconds\n ? String(result.session.expiresInSeconds)\n : '',\n refresh_token_expires_in: result.session\n .refreshTokenExpiresInSeconds\n ? String(result.session.refreshTokenExpiresInSeconds)\n : '',\n },\n },\n },\n ctx,\n )) as SignInResolver<OAuthAuthenticatorResult<PassportProfile>>),\n });\n },\n resolvers: {\n /\n Looks up the user by matching their GitHub username to the entity name.\n */\n usernameMatchingUserEntityName: (): SignInResolver<GithubOAuthResult> => {\n return async (info, ctx) => {\n const { fullProfile } = info.result;\n\n const userId = fullProfile.username;\n if (!userId) {\n throw new Error(`GitHub user profile does not contain a username`);\n }\n\n return ctx.signInWithCatalogUser({ entityRef: { name: userId } });\n };\n },\n },\n});\n"],"names":["createAuthProviderIntegration","createOAuthProviderFactory","githubAuthenticator"],"mappings":";;;;;;AA4CO,MAAM,SAASA,2DAA8B,CAAA;AAAA,EAClD,OAAO,OAkCJ,EAAA;AACD,IAAA,MAAM,cAAc,OAAS,EAAA,WAAA;AAC7B,IAAM,MAAA,cAAA,GAAiB,SAAS,MAAQ,EAAA,QAAA;AACxC,IAAA,OAAOC,yCAA2B,CAAA;AAAA,MAChC,aAAe,EAAAC,yDAAA;AAAA,MACf,gBACE,EAAA,WAAA,KACE,OAAO,MAAA,EAAQ,GACf,KAAA,WAAA;AAAA,QACE;AAAA,UACE,aAAa,MAAO,CAAA,WAAA;AAAA,UACpB,WAAA,EAAa,OAAO,OAAQ,CAAA,WAAA;AAAA,UAC5B,MAAQ,EAAA;AAAA,YACN,KAAA,EAAO,OAAO,OAAQ,CAAA,KAAA;AAAA,YACtB,UAAA,EAAY,OAAO,OAAQ,CAAA,gBAAA,GACvB,OAAO,MAAO,CAAA,OAAA,CAAQ,gBAAgB,CACtC,GAAA,EAAA;AAAA,YACJ,wBAAA,EAA0B,OAAO,OAC9B,CAAA,4BAAA,GACC,OAAO,MAAO,CAAA,OAAA,CAAQ,4BAA4B,CAClD,GAAA;AAAA;AACN,SACF;AAAA,QACA;AAAA,OACF,CAAA;AAAA,MACJ,gBACE,cACE,KAAA,OAAO,EAAE,OAAS,EAAA,MAAA,IAAU,GAC5B,KAAA,cAAA;AAAA,QACE;AAAA,UACE,OAAA;AAAA,UACA,MAAQ,EAAA;AAAA,YACN,aAAa,MAAO,CAAA,WAAA;AAAA,YACpB,WAAA,EAAa,OAAO,OAAQ,CAAA,WAAA;AAAA,YAC5B,YAAA,EAAc,OAAO,OAAQ,CAAA,YAAA;AAAA,YAC7B,MAAQ,EAAA;AAAA,cACN,KAAA,EAAO,OAAO,OAAQ,CAAA,KAAA;AAAA,cACtB,UAAA,EAAY,OAAO,OAAQ,CAAA,gBAAA,GACvB,OAAO,MAAO,CAAA,OAAA,CAAQ,gBAAgB,CACtC,GAAA,EAAA;AAAA,cACJ,wBAAA,EAA0B,OAAO,OAC9B,CAAA,4BAAA,GACC,OAAO,MAAO,CAAA,OAAA,CAAQ,4BAA4B,CAClD,GAAA;AAAA;AACN;AACF,SACF;AAAA,QACA;AAAA,OACF;AAAA,KACL,CAAA;AAAA,GACH;AAAA,EACA,SAAW,EAAA;AAAA;AAAA;AAAA;AAAA,IAIT,gCAAgC,MAAyC;AACvE,MAAO,OAAA,OAAO,MAAM,GAAQ,KAAA;AAC1B,QAAM,MAAA,EAAE,WAAY,EAAA,GAAI,IAAK,CAAA,MAAA;AAE7B,QAAA,MAAM,SAAS,WAAY,CAAA,QAAA;AAC3B,QAAA,IAAI,CAAC,MAAQ,EAAA;AACX,UAAM,MAAA,IAAI,MAAM,CAAiD,+CAAA,CAAA,CAAA;AAAA;AAGnE,QAAO,OAAA,GAAA,CAAI,sBAAsB,EAAE,SAAA,EAAW,EAAE,IAAM,EAAA,MAAA,IAAU,CAAA;AAAA,OAClE;AAAA;AACF;AAEJ,CAAC;;;;"}

package/dist/providers/gitlab/provider.cjs.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"provider.cjs.js","sources":["../../../src/providers/gitlab/provider.ts"],"sourcesContent":["/\n Copyright 2020 The Backstage Authors\n \n Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n \n http://www.apache.org/licenses/LICENSE-2.0\n \n Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n /\n\nimport { AuthHandler } from '../types';\nimport { OAuthResult } from '../../lib/oauth';\nimport { createAuthProviderIntegration } from '../createAuthProviderIntegration';\nimport {\n SignInResolver,\n createOAuthProviderFactory,\n} from '@backstage/plugin-auth-node';\nimport {\n adaptLegacyOAuthHandler,\n adaptLegacyOAuthSignInResolver,\n} from '../../lib/legacy';\nimport { gitlabAuthenticator } from '@backstage/plugin-auth-backend-module-gitlab-provider';\n\n/\n Auth provider integration for GitLab auth\n \n @public\n /\nexport const gitlab = createAuthProviderIntegration({\n create(options?: {\n /\n The profile transformation function used to verify and convert the auth response\n * into the profile that will be presented to the user.\n /\n authHandler?: AuthHandler<OAuthResult>;\n\n /\n Configure sign-in for this provider, without it the provider can not be used to sign users in.\n */\n signIn?: {\n resolver: SignInResolver<OAuthResult>;\n };\n }) {\n return createOAuthProviderFactory({\n authenticator: gitlabAuthenticator,\n profileTransform: adaptLegacyOAuthHandler(options?.authHandler),\n signInResolver: adaptLegacyOAuthSignInResolver(options?.signIn?.resolver),\n });\n },\n});\n"],"names":["createAuthProviderIntegration","createOAuthProviderFactory","gitlabAuthenticator","adaptLegacyOAuthHandler","adaptLegacyOAuthSignInResolver"],"mappings":";;;;;;;;AAkCO,MAAM,SAASA,2DAA8B,CAAA;AAAA,EAClD,OAAO,OAaJ,EAAA;AACD,IAAA,OAAOC,yCAA2B,CAAA;AAAA,MAChC,aAAe,EAAAC,yDAAA;AAAA,MACf,gBAAA,EAAkBC,+CAAwB,CAAA,OAAA,EAAS,WAAW,CAAA;AAAA,MAC9D,cAAgB,EAAAC,6DAAA,CAA+B,OAAS,EAAA,MAAA,EAAQ,QAAQ~~,CAAA~~;AAAA,KACzE,CAAA~~,CAAA~~;AAAA~~,GACH~~;~~AACF~~,CAAC;;;;"}
1	+ {"version":3,"file":"provider.cjs.js","sources":["../../../src/providers/gitlab/provider.ts"],"sourcesContent":["/\n Copyright 2020 The Backstage Authors\n \n Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n \n http://www.apache.org/licenses/LICENSE-2.0\n \n Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n /\n\nimport { AuthHandler } from '../types';\nimport { OAuthResult } from '../../lib/oauth';\nimport { createAuthProviderIntegration } from '../createAuthProviderIntegration';\nimport {\n SignInResolver,\n createOAuthProviderFactory,\n} from '@backstage/plugin-auth-node';\nimport {\n adaptLegacyOAuthHandler,\n adaptLegacyOAuthSignInResolver,\n} from '../../lib/legacy';\nimport { gitlabAuthenticator } from '@backstage/plugin-auth-backend-module-gitlab-provider';\n\n/\n Auth provider integration for GitLab auth\n \n @public\n /\nexport const gitlab = createAuthProviderIntegration({\n create(options?: {\n /\n The profile transformation function used to verify and convert the auth response\n * into the profile that will be presented to the user.\n /\n authHandler?: AuthHandler<OAuthResult>;\n\n /\n Configure sign-in for this provider, without it the provider can not be used to sign users in.\n */\n signIn?: {\n resolver: SignInResolver<OAuthResult>;\n };\n }) {\n return createOAuthProviderFactory({\n authenticator: gitlabAuthenticator,\n profileTransform: adaptLegacyOAuthHandler(options?.authHandler),\n signInResolver: adaptLegacyOAuthSignInResolver(options?.signIn?.resolver),\n });\n },\n});\n"],"names":["createAuthProviderIntegration","createOAuthProviderFactory","gitlabAuthenticator","adaptLegacyOAuthHandler","adaptLegacyOAuthSignInResolver"],"mappings":";;;;;;;;AAkCO,MAAM,SAASA,2DAA8B,CAAA;AAAA,EAClD,OAAO,OAaJ,EAAA;AACD,IAAA,OAAOC,yCAA2B,CAAA;AAAA,MAChC,aAAe,EAAAC,yDAAA;AAAA,MACf,gBAAA,EAAkBC,+CAAwB,CAAA,OAAA,EAAS,WAAW,CAAA;AAAA,MAC9D,cAAgB,EAAAC,6DAAA,CAA+B,OAAS,EAAA,MAAA,EAAQ,QAAQ;AAAA,KACzE,CAAA;AAAA;AAEL,CAAC;;;;"}

package/dist/providers/google/provider.cjs.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"provider.cjs.js","sources":["../../../src/providers/google/provider.ts"],"sourcesContent":["/\n Copyright 2020 The Backstage Authors\n \n Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n \n http://www.apache.org/licenses/LICENSE-2.0\n \n Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n /\n\nimport {\n googleAuthenticator,\n googleSignInResolvers,\n} from '@backstage/plugin-auth-backend-module-google-provider';\nimport {\n SignInResolver,\n commonSignInResolvers,\n createOAuthProviderFactory,\n} from '@backstage/plugin-auth-node';\nimport {\n adaptLegacyOAuthHandler,\n adaptLegacyOAuthSignInResolver,\n adaptOAuthSignInResolverToLegacy,\n} from '../../lib/legacy';\nimport { OAuthResult } from '../../lib/oauth';\nimport { createAuthProviderIntegration } from '../createAuthProviderIntegration';\nimport { AuthHandler } from '../types';\n\n/\n Auth provider integration for Google auth\n \n @public\n /\nexport const google = createAuthProviderIntegration({\n create(options?: {\n /\n The profile transformation function used to verify and convert the auth response\n * into the profile that will be presented to the user.\n /\n authHandler?: AuthHandler<OAuthResult>;\n\n /\n Configure sign-in for this provider, without it the provider can not be used to sign users in.\n /\n signIn?: {\n /\n Maps an auth result to a Backstage identity for the user.\n */\n resolver: SignInResolver<OAuthResult>;\n };\n }) {\n return createOAuthProviderFactory({\n authenticator: googleAuthenticator,\n profileTransform: adaptLegacyOAuthHandler(options?.authHandler),\n signInResolver: adaptLegacyOAuthSignInResolver(options?.signIn?.resolver),\n });\n },\n resolvers: adaptOAuthSignInResolverToLegacy({\n emailLocalPartMatchingUserEntityName:\n commonSignInResolvers.emailLocalPartMatchingUserEntityName(),\n emailMatchingUserEntityProfileEmail:\n commonSignInResolvers.emailMatchingUserEntityProfileEmail(),\n emailMatchingUserEntityAnnotation:\n googleSignInResolvers.emailMatchingUserEntityAnnotation(),\n }),\n});\n"],"names":["createAuthProviderIntegration","createOAuthProviderFactory","googleAuthenticator","adaptLegacyOAuthHandler","adaptLegacyOAuthSignInResolver","adaptOAuthSignInResolverToLegacy","commonSignInResolvers","googleSignInResolvers"],"mappings":";;;;;;;;;AAuCO,MAAM,SAASA,2DAA8B,CAAA;AAAA,EAClD,OAAO,OAgBJ,EAAA;AACD,IAAA,OAAOC,yCAA2B,CAAA;AAAA,MAChC,aAAe,EAAAC,yDAAA;AAAA,MACf,gBAAA,EAAkBC,+CAAwB,CAAA,OAAA,EAAS,WAAW,CAAA;AAAA,MAC9D,cAAgB,EAAAC,6DAAA,CAA+B,OAAS,EAAA,MAAA,EAAQ,QAAQ~~,CAAA~~;AAAA,KACzE,CAAA~~,CAAA~~;AAAA,GACH;AAAA,EACA,WAAWC,iEAAiC,CAAA;AAAA,IAC1C,oCAAA,EACEC,qCAAsB,oCAAqC,EAAA;AAAA,IAC7D,mCAAA,EACEA,qCAAsB,mCAAoC,EAAA;AAAA,IAC5D,iCAAA,EACEC,4DAAsB,iCAAkC~~,EAAA~~;AAAA,GAC3D~~,CAAA~~;AACH,CAAC;;;;"}
1	+ {"version":3,"file":"provider.cjs.js","sources":["../../../src/providers/google/provider.ts"],"sourcesContent":["/\n Copyright 2020 The Backstage Authors\n \n Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n \n http://www.apache.org/licenses/LICENSE-2.0\n \n Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n /\n\nimport {\n googleAuthenticator,\n googleSignInResolvers,\n} from '@backstage/plugin-auth-backend-module-google-provider';\nimport {\n SignInResolver,\n commonSignInResolvers,\n createOAuthProviderFactory,\n} from '@backstage/plugin-auth-node';\nimport {\n adaptLegacyOAuthHandler,\n adaptLegacyOAuthSignInResolver,\n adaptOAuthSignInResolverToLegacy,\n} from '../../lib/legacy';\nimport { OAuthResult } from '../../lib/oauth';\nimport { createAuthProviderIntegration } from '../createAuthProviderIntegration';\nimport { AuthHandler } from '../types';\n\n/\n Auth provider integration for Google auth\n \n @public\n /\nexport const google = createAuthProviderIntegration({\n create(options?: {\n /\n The profile transformation function used to verify and convert the auth response\n * into the profile that will be presented to the user.\n /\n authHandler?: AuthHandler<OAuthResult>;\n\n /\n Configure sign-in for this provider, without it the provider can not be used to sign users in.\n /\n signIn?: {\n /\n Maps an auth result to a Backstage identity for the user.\n */\n resolver: SignInResolver<OAuthResult>;\n };\n }) {\n return createOAuthProviderFactory({\n authenticator: googleAuthenticator,\n profileTransform: adaptLegacyOAuthHandler(options?.authHandler),\n signInResolver: adaptLegacyOAuthSignInResolver(options?.signIn?.resolver),\n });\n },\n resolvers: adaptOAuthSignInResolverToLegacy({\n emailLocalPartMatchingUserEntityName:\n commonSignInResolvers.emailLocalPartMatchingUserEntityName(),\n emailMatchingUserEntityProfileEmail:\n commonSignInResolvers.emailMatchingUserEntityProfileEmail(),\n emailMatchingUserEntityAnnotation:\n googleSignInResolvers.emailMatchingUserEntityAnnotation(),\n }),\n});\n"],"names":["createAuthProviderIntegration","createOAuthProviderFactory","googleAuthenticator","adaptLegacyOAuthHandler","adaptLegacyOAuthSignInResolver","adaptOAuthSignInResolverToLegacy","commonSignInResolvers","googleSignInResolvers"],"mappings":";;;;;;;;;AAuCO,MAAM,SAASA,2DAA8B,CAAA;AAAA,EAClD,OAAO,OAgBJ,EAAA;AACD,IAAA,OAAOC,yCAA2B,CAAA;AAAA,MAChC,aAAe,EAAAC,yDAAA;AAAA,MACf,gBAAA,EAAkBC,+CAAwB,CAAA,OAAA,EAAS,WAAW,CAAA;AAAA,MAC9D,cAAgB,EAAAC,6DAAA,CAA+B,OAAS,EAAA,MAAA,EAAQ,QAAQ;AAAA,KACzE,CAAA;AAAA,GACH;AAAA,EACA,WAAWC,iEAAiC,CAAA;AAAA,IAC1C,oCAAA,EACEC,qCAAsB,oCAAqC,EAAA;AAAA,IAC7D,mCAAA,EACEA,qCAAsB,mCAAoC,EAAA;AAAA,IAC5D,iCAAA,EACEC,4DAAsB,iCAAkC;AAAA,GAC3D;AACH,CAAC;;;;"}

package/dist/providers/microsoft/provider.cjs.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"provider.cjs.js","sources":["../../../src/providers/microsoft/provider.ts"],"sourcesContent":["/\n Copyright 2020 The Backstage Authors\n \n Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n \n http://www.apache.org/licenses/LICENSE-2.0\n \n Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n /\n\nimport { AuthHandler } from '../types';\nimport { OAuthResult } from '../../lib/oauth';\nimport { createAuthProviderIntegration } from '../createAuthProviderIntegration';\nimport {\n SignInResolver,\n commonSignInResolvers,\n createOAuthProviderFactory,\n} from '@backstage/plugin-auth-node';\nimport {\n adaptLegacyOAuthHandler,\n adaptLegacyOAuthSignInResolver,\n adaptOAuthSignInResolverToLegacy,\n} from '../../lib/legacy';\nimport {\n microsoftAuthenticator,\n microsoftSignInResolvers,\n} from '@backstage/plugin-auth-backend-module-microsoft-provider';\n\n/\n Auth provider integration for Microsoft auth\n \n @public\n /\nexport const microsoft = createAuthProviderIntegration({\n create(options?: {\n /\n The profile transformation function used to verify and convert the auth response\n * into the profile that will be presented to the user.\n /\n authHandler?: AuthHandler<OAuthResult>;\n\n /\n Configure sign-in for this provider, without it the provider can not be used to sign users in.\n */\n signIn?: {\n resolver: SignInResolver<OAuthResult>;\n };\n }) {\n return createOAuthProviderFactory({\n authenticator: microsoftAuthenticator,\n profileTransform: adaptLegacyOAuthHandler(options?.authHandler),\n signInResolver: adaptLegacyOAuthSignInResolver(options?.signIn?.resolver),\n });\n },\n resolvers: adaptOAuthSignInResolverToLegacy({\n emailLocalPartMatchingUserEntityName:\n commonSignInResolvers.emailLocalPartMatchingUserEntityName(),\n emailMatchingUserEntityProfileEmail:\n commonSignInResolvers.emailMatchingUserEntityProfileEmail(),\n emailMatchingUserEntityAnnotation:\n microsoftSignInResolvers.emailMatchingUserEntityAnnotation(),\n userIdMatchingUserEntityAnnotation:\n microsoftSignInResolvers.userIdMatchingUserEntityAnnotation(),\n }),\n});\n"],"names":["createAuthProviderIntegration","createOAuthProviderFactory","microsoftAuthenticator","adaptLegacyOAuthHandler","adaptLegacyOAuthSignInResolver","adaptOAuthSignInResolverToLegacy","commonSignInResolvers","microsoftSignInResolvers"],"mappings":";;;;;;;;;AAuCO,MAAM,YAAYA,2DAA8B,CAAA;AAAA,EACrD,OAAO,OAaJ,EAAA;AACD,IAAA,OAAOC,yCAA2B,CAAA;AAAA,MAChC,aAAe,EAAAC,+DAAA;AAAA,MACf,gBAAA,EAAkBC,+CAAwB,CAAA,OAAA,EAAS,WAAW,CAAA;AAAA,MAC9D,cAAgB,EAAAC,6DAAA,CAA+B,OAAS,EAAA,MAAA,EAAQ,QAAQ~~,CAAA~~;AAAA,KACzE,CAAA~~,CAAA~~;AAAA,GACH;AAAA,EACA,WAAWC,iEAAiC,CAAA;AAAA,IAC1C,oCAAA,EACEC,qCAAsB,oCAAqC,EAAA;AAAA,IAC7D,mCAAA,EACEA,qCAAsB,mCAAoC,EAAA;AAAA,IAC5D,iCAAA,EACEC,kEAAyB,iCAAkC,EAAA;AAAA,IAC7D,kCAAA,EACEA,kEAAyB,kCAAmC~~,EAAA~~;AAAA,GAC/D~~,CAAA~~;AACH,CAAC;;;;"}
1	+ {"version":3,"file":"provider.cjs.js","sources":["../../../src/providers/microsoft/provider.ts"],"sourcesContent":["/\n Copyright 2020 The Backstage Authors\n \n Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n \n http://www.apache.org/licenses/LICENSE-2.0\n \n Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n /\n\nimport { AuthHandler } from '../types';\nimport { OAuthResult } from '../../lib/oauth';\nimport { createAuthProviderIntegration } from '../createAuthProviderIntegration';\nimport {\n SignInResolver,\n commonSignInResolvers,\n createOAuthProviderFactory,\n} from '@backstage/plugin-auth-node';\nimport {\n adaptLegacyOAuthHandler,\n adaptLegacyOAuthSignInResolver,\n adaptOAuthSignInResolverToLegacy,\n} from '../../lib/legacy';\nimport {\n microsoftAuthenticator,\n microsoftSignInResolvers,\n} from '@backstage/plugin-auth-backend-module-microsoft-provider';\n\n/\n Auth provider integration for Microsoft auth\n \n @public\n /\nexport const microsoft = createAuthProviderIntegration({\n create(options?: {\n /\n The profile transformation function used to verify and convert the auth response\n * into the profile that will be presented to the user.\n /\n authHandler?: AuthHandler<OAuthResult>;\n\n /\n Configure sign-in for this provider, without it the provider can not be used to sign users in.\n */\n signIn?: {\n resolver: SignInResolver<OAuthResult>;\n };\n }) {\n return createOAuthProviderFactory({\n authenticator: microsoftAuthenticator,\n profileTransform: adaptLegacyOAuthHandler(options?.authHandler),\n signInResolver: adaptLegacyOAuthSignInResolver(options?.signIn?.resolver),\n });\n },\n resolvers: adaptOAuthSignInResolverToLegacy({\n emailLocalPartMatchingUserEntityName:\n commonSignInResolvers.emailLocalPartMatchingUserEntityName(),\n emailMatchingUserEntityProfileEmail:\n commonSignInResolvers.emailMatchingUserEntityProfileEmail(),\n emailMatchingUserEntityAnnotation:\n microsoftSignInResolvers.emailMatchingUserEntityAnnotation(),\n userIdMatchingUserEntityAnnotation:\n microsoftSignInResolvers.userIdMatchingUserEntityAnnotation(),\n }),\n});\n"],"names":["createAuthProviderIntegration","createOAuthProviderFactory","microsoftAuthenticator","adaptLegacyOAuthHandler","adaptLegacyOAuthSignInResolver","adaptOAuthSignInResolverToLegacy","commonSignInResolvers","microsoftSignInResolvers"],"mappings":";;;;;;;;;AAuCO,MAAM,YAAYA,2DAA8B,CAAA;AAAA,EACrD,OAAO,OAaJ,EAAA;AACD,IAAA,OAAOC,yCAA2B,CAAA;AAAA,MAChC,aAAe,EAAAC,+DAAA;AAAA,MACf,gBAAA,EAAkBC,+CAAwB,CAAA,OAAA,EAAS,WAAW,CAAA;AAAA,MAC9D,cAAgB,EAAAC,6DAAA,CAA+B,OAAS,EAAA,MAAA,EAAQ,QAAQ;AAAA,KACzE,CAAA;AAAA,GACH;AAAA,EACA,WAAWC,iEAAiC,CAAA;AAAA,IAC1C,oCAAA,EACEC,qCAAsB,oCAAqC,EAAA;AAAA,IAC7D,mCAAA,EACEA,qCAAsB,mCAAoC,EAAA;AAAA,IAC5D,iCAAA,EACEC,kEAAyB,iCAAkC,EAAA;AAAA,IAC7D,kCAAA,EACEA,kEAAyB,kCAAmC;AAAA,GAC/D;AACH,CAAC;;;;"}

package/dist/providers/oauth2/provider.cjs.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"provider.cjs.js","sources":["../../../src/providers/oauth2/provider.ts"],"sourcesContent":["/\n Copyright 2020 The Backstage Authors\n \n Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n \n http://www.apache.org/licenses/LICENSE-2.0\n \n Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n /\n\nimport { OAuthResult } from '../../lib/oauth';\nimport { AuthHandler } from '../types';\nimport { createAuthProviderIntegration } from '../createAuthProviderIntegration';\nimport {\n adaptLegacyOAuthHandler,\n adaptLegacyOAuthSignInResolver,\n} from '../../lib/legacy';\nimport {\n SignInResolver,\n createOAuthProviderFactory,\n} from '@backstage/plugin-auth-node';\nimport { oauth2Authenticator } from '@backstage/plugin-auth-backend-module-oauth2-provider';\n\n/\n Auth provider integration for generic OAuth2 auth\n \n @public\n */\nexport const oauth2 = createAuthProviderIntegration({\n create(options?: {\n authHandler?: AuthHandler<OAuthResult>;\n\n signIn?: {\n resolver: SignInResolver<OAuthResult>;\n };\n }) {\n return createOAuthProviderFactory({\n authenticator: oauth2Authenticator,\n profileTransform: adaptLegacyOAuthHandler(options?.authHandler),\n signInResolver: adaptLegacyOAuthSignInResolver(options?.signIn?.resolver),\n });\n },\n});\n"],"names":["createAuthProviderIntegration","createOAuthProviderFactory","oauth2Authenticator","adaptLegacyOAuthHandler","adaptLegacyOAuthSignInResolver"],"mappings":";;;;;;;;AAkCO,MAAM,SAASA,2DAA8B,CAAA;AAAA,EAClD,OAAO,OAMJ,EAAA;AACD,IAAA,OAAOC,yCAA2B,CAAA;AAAA,MAChC,aAAe,EAAAC,yDAAA;AAAA,MACf,gBAAA,EAAkBC,+CAAwB,CAAA,OAAA,EAAS,WAAW,CAAA;AAAA,MAC9D,cAAgB,EAAAC,6DAAA,CAA+B,OAAS,EAAA,MAAA,EAAQ,QAAQ~~,CAAA~~;AAAA,KACzE,CAAA~~,CAAA~~;AAAA~~,GACH~~;~~AACF~~,CAAC;;;;"}
1	+ {"version":3,"file":"provider.cjs.js","sources":["../../../src/providers/oauth2/provider.ts"],"sourcesContent":["/\n Copyright 2020 The Backstage Authors\n \n Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n \n http://www.apache.org/licenses/LICENSE-2.0\n \n Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n /\n\nimport { OAuthResult } from '../../lib/oauth';\nimport { AuthHandler } from '../types';\nimport { createAuthProviderIntegration } from '../createAuthProviderIntegration';\nimport {\n adaptLegacyOAuthHandler,\n adaptLegacyOAuthSignInResolver,\n} from '../../lib/legacy';\nimport {\n SignInResolver,\n createOAuthProviderFactory,\n} from '@backstage/plugin-auth-node';\nimport { oauth2Authenticator } from '@backstage/plugin-auth-backend-module-oauth2-provider';\n\n/\n Auth provider integration for generic OAuth2 auth\n \n @public\n */\nexport const oauth2 = createAuthProviderIntegration({\n create(options?: {\n authHandler?: AuthHandler<OAuthResult>;\n\n signIn?: {\n resolver: SignInResolver<OAuthResult>;\n };\n }) {\n return createOAuthProviderFactory({\n authenticator: oauth2Authenticator,\n profileTransform: adaptLegacyOAuthHandler(options?.authHandler),\n signInResolver: adaptLegacyOAuthSignInResolver(options?.signIn?.resolver),\n });\n },\n});\n"],"names":["createAuthProviderIntegration","createOAuthProviderFactory","oauth2Authenticator","adaptLegacyOAuthHandler","adaptLegacyOAuthSignInResolver"],"mappings":";;;;;;;;AAkCO,MAAM,SAASA,2DAA8B,CAAA;AAAA,EAClD,OAAO,OAMJ,EAAA;AACD,IAAA,OAAOC,yCAA2B,CAAA;AAAA,MAChC,aAAe,EAAAC,yDAAA;AAAA,MACf,gBAAA,EAAkBC,+CAAwB,CAAA,OAAA,EAAS,WAAW,CAAA;AAAA,MAC9D,cAAgB,EAAAC,6DAAA,CAA+B,OAAS,EAAA,MAAA,EAAQ,QAAQ;AAAA,KACzE,CAAA;AAAA;AAEL,CAAC;;;;"}

package/dist/providers/oauth2-proxy/provider.cjs.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"provider.cjs.js","sources":["../../../src/providers/oauth2-proxy/provider.ts"],"sourcesContent":["/\n Copyright 2021 The Backstage Authors\n \n Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n \n http://www.apache.org/licenses/LICENSE-2.0\n \n Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n /\n\nimport {\n SignInResolver,\n createProxyAuthProviderFactory,\n} from '@backstage/plugin-auth-node';\nimport { AuthHandler } from '../types';\nimport { createAuthProviderIntegration } from '../createAuthProviderIntegration';\nimport {\n type OAuth2ProxyResult,\n oauth2ProxyAuthenticator,\n} from '@backstage/plugin-auth-backend-module-oauth2-proxy-provider';\n\n/\n Auth provider integration for oauth2-proxy auth\n \n @public\n /\nexport const oauth2Proxy = createAuthProviderIntegration({\n create(options: {\n /\n Configure an auth handler to generate a profile for the user.\n \n The default implementation uses the value of the `X-Forwarded-Preferred-Username`\n * header as the display name, falling back to `X-Forwarded-User`, and the value of\n * the `X-Forwarded-Email` header as the email address.\n /\n authHandler?: AuthHandler<OAuth2ProxyResult>;\n\n /\n Configure sign-in for this provider, without it the provider can not be used to sign users in.\n /\n signIn: {\n /\n Maps an auth result to a Backstage identity for the user.\n */\n resolver: SignInResolver<OAuth2ProxyResult>;\n };\n }) {\n return createProxyAuthProviderFactory({\n authenticator: oauth2ProxyAuthenticator,\n profileTransform: options?.authHandler,\n signInResolver: options?.signIn?.resolver,\n });\n },\n});\n"],"names":["createAuthProviderIntegration","createProxyAuthProviderFactory","oauth2ProxyAuthenticator"],"mappings":";;;;;;AAgCO,MAAM,cAAcA,2DAA8B,CAAA;AAAA,EACvD,OAAO,OAmBJ,EAAA;AACD,IAAA,OAAOC,6CAA+B,CAAA;AAAA,MACpC,aAAe,EAAAC,mEAAA;AAAA,MACf,kBAAkB,OAAS,EAAA,WAAA;AAAA,MAC3B,cAAA,EAAgB,SAAS,MAAQ,EAAA~~,QAAA~~;AAAA,KAClC,CAAA~~,CAAA~~;AAAA~~,GACH~~;~~AACF~~,CAAC;;;;"}
1	+ {"version":3,"file":"provider.cjs.js","sources":["../../../src/providers/oauth2-proxy/provider.ts"],"sourcesContent":["/\n Copyright 2021 The Backstage Authors\n \n Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n \n http://www.apache.org/licenses/LICENSE-2.0\n \n Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n /\n\nimport {\n SignInResolver,\n createProxyAuthProviderFactory,\n} from '@backstage/plugin-auth-node';\nimport { AuthHandler } from '../types';\nimport { createAuthProviderIntegration } from '../createAuthProviderIntegration';\nimport {\n type OAuth2ProxyResult,\n oauth2ProxyAuthenticator,\n} from '@backstage/plugin-auth-backend-module-oauth2-proxy-provider';\n\n/\n Auth provider integration for oauth2-proxy auth\n \n @public\n /\nexport const oauth2Proxy = createAuthProviderIntegration({\n create(options: {\n /\n Configure an auth handler to generate a profile for the user.\n \n The default implementation uses the value of the `X-Forwarded-Preferred-Username`\n * header as the display name, falling back to `X-Forwarded-User`, and the value of\n * the `X-Forwarded-Email` header as the email address.\n /\n authHandler?: AuthHandler<OAuth2ProxyResult>;\n\n /\n Configure sign-in for this provider, without it the provider can not be used to sign users in.\n /\n signIn: {\n /\n Maps an auth result to a Backstage identity for the user.\n */\n resolver: SignInResolver<OAuth2ProxyResult>;\n };\n }) {\n return createProxyAuthProviderFactory({\n authenticator: oauth2ProxyAuthenticator,\n profileTransform: options?.authHandler,\n signInResolver: options?.signIn?.resolver,\n });\n },\n});\n"],"names":["createAuthProviderIntegration","createProxyAuthProviderFactory","oauth2ProxyAuthenticator"],"mappings":";;;;;;AAgCO,MAAM,cAAcA,2DAA8B,CAAA;AAAA,EACvD,OAAO,OAmBJ,EAAA;AACD,IAAA,OAAOC,6CAA+B,CAAA;AAAA,MACpC,aAAe,EAAAC,mEAAA;AAAA,MACf,kBAAkB,OAAS,EAAA,WAAA;AAAA,MAC3B,cAAA,EAAgB,SAAS,MAAQ,EAAA;AAAA,KAClC,CAAA;AAAA;AAEL,CAAC;;;;"}

package/dist/providers/oidc/provider.cjs.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"provider.cjs.js","sources":["../../../src/providers/oidc/provider.ts"],"sourcesContent":["/\n Copyright 2020 The Backstage Authors\n \n Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n \n http://www.apache.org/licenses/LICENSE-2.0\n \n Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n /\n\nimport { AuthHandler } from '../types';\nimport { createAuthProviderIntegration } from '../createAuthProviderIntegration';\nimport {\n createOAuthProviderFactory,\n AuthResolverContext,\n BackstageSignInResult,\n OAuthAuthenticatorResult,\n SignInInfo,\n SignInResolver,\n} from '@backstage/plugin-auth-node';\nimport {\n oidcAuthenticator,\n OidcAuthResult,\n} from '@backstage/plugin-auth-backend-module-oidc-provider';\nimport {\n commonByEmailLocalPartResolver,\n commonByEmailResolver,\n} from '../resolvers';\n\n/\n Auth provider integration for generic OpenID Connect auth\n \n @public\n /\nexport const oidc = createAuthProviderIntegration({\n create(options?: {\n /\n The profile transformation function used to verify and convert the auth response\n * into the profile that will be presented to the user.\n /\n authHandler?: AuthHandler<OidcAuthResult>;\n\n /\n Configure sign-in for this provider; convert user profile respones into\n * Backstage identities.\n /\n signIn?: {\n resolver: SignInResolver<OidcAuthResult>;\n };\n }) {\n const authHandler = options?.authHandler;\n const signInResolver = options?.signIn?.resolver;\n return createOAuthProviderFactory({\n authenticator: oidcAuthenticator,\n profileTransform:\n authHandler &&\n ((\n result: OAuthAuthenticatorResult<OidcAuthResult>,\n context: AuthResolverContext,\n ) => authHandler(result.fullProfile, context)),\n signInResolver:\n signInResolver &&\n ((\n info: SignInInfo<OAuthAuthenticatorResult<OidcAuthResult>>,\n context: AuthResolverContext,\n ): Promise<BackstageSignInResult> =>\n signInResolver(\n {\n result: info.result.fullProfile,\n profile: info.profile,\n },\n context,\n )),\n });\n },\n resolvers: {\n /\n Looks up the user by matching their email local part to the entity name.\n /\n emailLocalPartMatchingUserEntityName: () => commonByEmailLocalPartResolver,\n /\n Looks up the user by matching their email to the entity email.\n */\n emailMatchingUserEntityProfileEmail: () => commonByEmailResolver,\n },\n});\n"],"names":["createAuthProviderIntegration","createOAuthProviderFactory","oidcAuthenticator","commonByEmailLocalPartResolver","commonByEmailResolver"],"mappings":";;;;;;;AAwCO,MAAM,OAAOA,2DAA8B,CAAA;AAAA,EAChD,OAAO,OAcJ,EAAA;AACD,IAAA,MAAM,cAAc,OAAS,EAAA,WAAA~~,CAAA~~;AAC7B,IAAM,MAAA,cAAA,GAAiB,SAAS,MAAQ,EAAA,QAAA~~,CAAA~~;AACxC,IAAA,OAAOC,yCAA2B,CAAA;AAAA,MAChC,aAAe,EAAAC,qDAAA;AAAA,MACf,gBAAA,EACE,gBACC,CACC,MAAA,EACA,YACG,WAAY,CAAA,MAAA,CAAO,aAAa,OAAO,CAAA,CAAA;AAAA,MAC9C,cACE,EAAA,cAAA,KACC,CACC,IAAA,EACA,OAEA,KAAA,cAAA;AAAA,QACE;AAAA,UACE,MAAA,EAAQ,KAAK,MAAO,CAAA,WAAA;AAAA,UACpB,SAAS,IAAK,CAAA~~,OAAA~~;AAAA,SAChB;AAAA,QACA~~,OAAA~~;AAAA,OACF~~,CAAA~~;AAAA,KACL,CAAA~~,CAAA~~;AAAA,GACH;AAAA,EACA,SAAW,EAAA;AAAA;AAAA;AAAA;AAAA,IAIT,sCAAsC,MAAMC,wCAAA;AAAA;AAAA;AAAA;AAAA,IAI5C,qCAAqC,MAAMC~~,+BAAA~~;AAAA~~,GAC7C~~;~~AACF~~,CAAC;;;;"}
1	+ {"version":3,"file":"provider.cjs.js","sources":["../../../src/providers/oidc/provider.ts"],"sourcesContent":["/\n Copyright 2020 The Backstage Authors\n \n Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n \n http://www.apache.org/licenses/LICENSE-2.0\n \n Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n /\n\nimport { AuthHandler } from '../types';\nimport { createAuthProviderIntegration } from '../createAuthProviderIntegration';\nimport {\n createOAuthProviderFactory,\n AuthResolverContext,\n BackstageSignInResult,\n OAuthAuthenticatorResult,\n SignInInfo,\n SignInResolver,\n} from '@backstage/plugin-auth-node';\nimport {\n oidcAuthenticator,\n OidcAuthResult,\n} from '@backstage/plugin-auth-backend-module-oidc-provider';\nimport {\n commonByEmailLocalPartResolver,\n commonByEmailResolver,\n} from '../resolvers';\n\n/\n Auth provider integration for generic OpenID Connect auth\n \n @public\n /\nexport const oidc = createAuthProviderIntegration({\n create(options?: {\n /\n The profile transformation function used to verify and convert the auth response\n * into the profile that will be presented to the user.\n /\n authHandler?: AuthHandler<OidcAuthResult>;\n\n /\n Configure sign-in for this provider; convert user profile respones into\n * Backstage identities.\n /\n signIn?: {\n resolver: SignInResolver<OidcAuthResult>;\n };\n }) {\n const authHandler = options?.authHandler;\n const signInResolver = options?.signIn?.resolver;\n return createOAuthProviderFactory({\n authenticator: oidcAuthenticator,\n profileTransform:\n authHandler &&\n ((\n result: OAuthAuthenticatorResult<OidcAuthResult>,\n context: AuthResolverContext,\n ) => authHandler(result.fullProfile, context)),\n signInResolver:\n signInResolver &&\n ((\n info: SignInInfo<OAuthAuthenticatorResult<OidcAuthResult>>,\n context: AuthResolverContext,\n ): Promise<BackstageSignInResult> =>\n signInResolver(\n {\n result: info.result.fullProfile,\n profile: info.profile,\n },\n context,\n )),\n });\n },\n resolvers: {\n /\n Looks up the user by matching their email local part to the entity name.\n /\n emailLocalPartMatchingUserEntityName: () => commonByEmailLocalPartResolver,\n /\n Looks up the user by matching their email to the entity email.\n */\n emailMatchingUserEntityProfileEmail: () => commonByEmailResolver,\n },\n});\n"],"names":["createAuthProviderIntegration","createOAuthProviderFactory","oidcAuthenticator","commonByEmailLocalPartResolver","commonByEmailResolver"],"mappings":";;;;;;;AAwCO,MAAM,OAAOA,2DAA8B,CAAA;AAAA,EAChD,OAAO,OAcJ,EAAA;AACD,IAAA,MAAM,cAAc,OAAS,EAAA,WAAA;AAC7B,IAAM,MAAA,cAAA,GAAiB,SAAS,MAAQ,EAAA,QAAA;AACxC,IAAA,OAAOC,yCAA2B,CAAA;AAAA,MAChC,aAAe,EAAAC,qDAAA;AAAA,MACf,gBAAA,EACE,gBACC,CACC,MAAA,EACA,YACG,WAAY,CAAA,MAAA,CAAO,aAAa,OAAO,CAAA,CAAA;AAAA,MAC9C,cACE,EAAA,cAAA,KACC,CACC,IAAA,EACA,OAEA,KAAA,cAAA;AAAA,QACE;AAAA,UACE,MAAA,EAAQ,KAAK,MAAO,CAAA,WAAA;AAAA,UACpB,SAAS,IAAK,CAAA;AAAA,SAChB;AAAA,QACA;AAAA,OACF;AAAA,KACL,CAAA;AAAA,GACH;AAAA,EACA,SAAW,EAAA;AAAA;AAAA;AAAA;AAAA,IAIT,sCAAsC,MAAMC,wCAAA;AAAA;AAAA;AAAA;AAAA,IAI5C,qCAAqC,MAAMC;AAAA;AAE/C,CAAC;;;;"}

package/dist/providers/okta/provider.cjs.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"provider.cjs.js","sources":["../../../src/providers/okta/provider.ts"],"sourcesContent":["/\n Copyright 2020 The Backstage Authors\n \n Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n \n http://www.apache.org/licenses/LICENSE-2.0\n \n Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n /\n\nimport { AuthHandler } from '../types';\nimport { OAuthResult } from '../../lib/oauth';\n\nimport { createAuthProviderIntegration } from '../createAuthProviderIntegration';\nimport {\n SignInResolver,\n createOAuthProviderFactory,\n} from '@backstage/plugin-auth-node';\nimport {\n adaptLegacyOAuthHandler,\n adaptLegacyOAuthSignInResolver,\n} from '../../lib/legacy';\nimport { oktaAuthenticator } from '@backstage/plugin-auth-backend-module-okta-provider';\nimport {\n commonByEmailLocalPartResolver,\n commonByEmailResolver,\n} from '../resolvers';\n\n/\n Auth provider integration for Okta auth\n \n @public\n /\nexport const okta = createAuthProviderIntegration({\n create(options?: {\n /\n The profile transformation function used to verify and convert the auth response\n * into the profile that will be presented to the user.\n /\n authHandler?: AuthHandler<OAuthResult>;\n /\n Configure sign-in for this provider, without it the provider can not be used to sign users in.\n /\n signIn?: {\n resolver: SignInResolver<OAuthResult>;\n };\n }) {\n return createOAuthProviderFactory({\n authenticator: oktaAuthenticator,\n profileTransform: adaptLegacyOAuthHandler(options?.authHandler),\n signInResolver: adaptLegacyOAuthSignInResolver(options?.signIn?.resolver),\n });\n },\n resolvers: {\n /\n Looks up the user by matching their email local part to the entity name.\n /\n emailLocalPartMatchingUserEntityName: () => commonByEmailLocalPartResolver,\n /\n Looks up the user by matching their email to the entity email.\n /\n emailMatchingUserEntityProfileEmail: () => commonByEmailResolver,\n /\n Looks up the user by matching their email to the `okta.com/email` annotation.\n */\n emailMatchingUserEntityAnnotation(): SignInResolver<OAuthResult> {\n return async (info, ctx) => {\n const { profile } = info;\n\n if (!profile.email) {\n throw new Error('Okta profile contained no email');\n }\n\n return ctx.signInWithCatalogUser({\n annotations: {\n 'okta.com/email': profile.email,\n },\n });\n };\n },\n },\n});\n"],"names":["createAuthProviderIntegration","createOAuthProviderFactory","oktaAuthenticator","adaptLegacyOAuthHandler","adaptLegacyOAuthSignInResolver","commonByEmailLocalPartResolver","commonByEmailResolver"],"mappings":";;;;;;;;;AAuCO,MAAM,OAAOA,2DAA8B,CAAA;AAAA,EAChD,OAAO,OAYJ,EAAA;AACD,IAAA,OAAOC,yCAA2B,CAAA;AAAA,MAChC,aAAe,EAAAC,qDAAA;AAAA,MACf,gBAAA,EAAkBC,+CAAwB,CAAA,OAAA,EAAS,WAAW,CAAA;AAAA,MAC9D,cAAgB,EAAAC,6DAAA,CAA+B,OAAS,EAAA,MAAA,EAAQ,QAAQ~~,CAAA~~;AAAA,KACzE,CAAA~~,CAAA~~;AAAA,GACH;AAAA,EACA,SAAW,EAAA;AAAA;AAAA;AAAA;AAAA,IAIT,sCAAsC,MAAMC,wCAAA;AAAA;AAAA;AAAA;AAAA,IAI5C,qCAAqC,MAAMC,+BAAA;AAAA;AAAA;AAAA;AAAA,IAI3C,iCAAiE,GAAA;AAC/D,MAAO,OAAA,OAAO,MAAM,GAAQ,KAAA;AAC1B,QAAM,MAAA,EAAE,SAAY,GAAA,IAAA~~,CAAA~~;AAEpB,QAAI,IAAA,CAAC,QAAQ,KAAO,EAAA;AAClB,UAAM,MAAA,IAAI,MAAM,iCAAiC,CAAA~~,CAAA~~;AAAA~~,SACnD~~;~~AAEA~~,QAAA,OAAO,IAAI,qBAAsB,CAAA;AAAA,UAC/B,WAAa,EAAA;AAAA,YACX,kBAAkB,OAAQ,CAAA~~,KAAA~~;AAAA~~,WAC5B~~;~~AAAA~~,SACD,CAAA~~,CAAA~~;AAAA,OACH~~,CAAA~~;AAAA~~,KACF~~;~~AAAA,GACF~~;~~AACF~~,CAAC;;;;"}
1	+ {"version":3,"file":"provider.cjs.js","sources":["../../../src/providers/okta/provider.ts"],"sourcesContent":["/\n Copyright 2020 The Backstage Authors\n \n Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n \n http://www.apache.org/licenses/LICENSE-2.0\n \n Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n /\n\nimport { AuthHandler } from '../types';\nimport { OAuthResult } from '../../lib/oauth';\n\nimport { createAuthProviderIntegration } from '../createAuthProviderIntegration';\nimport {\n SignInResolver,\n createOAuthProviderFactory,\n} from '@backstage/plugin-auth-node';\nimport {\n adaptLegacyOAuthHandler,\n adaptLegacyOAuthSignInResolver,\n} from '../../lib/legacy';\nimport { oktaAuthenticator } from '@backstage/plugin-auth-backend-module-okta-provider';\nimport {\n commonByEmailLocalPartResolver,\n commonByEmailResolver,\n} from '../resolvers';\n\n/\n Auth provider integration for Okta auth\n \n @public\n /\nexport const okta = createAuthProviderIntegration({\n create(options?: {\n /\n The profile transformation function used to verify and convert the auth response\n * into the profile that will be presented to the user.\n /\n authHandler?: AuthHandler<OAuthResult>;\n /\n Configure sign-in for this provider, without it the provider can not be used to sign users in.\n /\n signIn?: {\n resolver: SignInResolver<OAuthResult>;\n };\n }) {\n return createOAuthProviderFactory({\n authenticator: oktaAuthenticator,\n profileTransform: adaptLegacyOAuthHandler(options?.authHandler),\n signInResolver: adaptLegacyOAuthSignInResolver(options?.signIn?.resolver),\n });\n },\n resolvers: {\n /\n Looks up the user by matching their email local part to the entity name.\n /\n emailLocalPartMatchingUserEntityName: () => commonByEmailLocalPartResolver,\n /\n Looks up the user by matching their email to the entity email.\n /\n emailMatchingUserEntityProfileEmail: () => commonByEmailResolver,\n /\n Looks up the user by matching their email to the `okta.com/email` annotation.\n */\n emailMatchingUserEntityAnnotation(): SignInResolver<OAuthResult> {\n return async (info, ctx) => {\n const { profile } = info;\n\n if (!profile.email) {\n throw new Error('Okta profile contained no email');\n }\n\n return ctx.signInWithCatalogUser({\n annotations: {\n 'okta.com/email': profile.email,\n },\n });\n };\n },\n },\n});\n"],"names":["createAuthProviderIntegration","createOAuthProviderFactory","oktaAuthenticator","adaptLegacyOAuthHandler","adaptLegacyOAuthSignInResolver","commonByEmailLocalPartResolver","commonByEmailResolver"],"mappings":";;;;;;;;;AAuCO,MAAM,OAAOA,2DAA8B,CAAA;AAAA,EAChD,OAAO,OAYJ,EAAA;AACD,IAAA,OAAOC,yCAA2B,CAAA;AAAA,MAChC,aAAe,EAAAC,qDAAA;AAAA,MACf,gBAAA,EAAkBC,+CAAwB,CAAA,OAAA,EAAS,WAAW,CAAA;AAAA,MAC9D,cAAgB,EAAAC,6DAAA,CAA+B,OAAS,EAAA,MAAA,EAAQ,QAAQ;AAAA,KACzE,CAAA;AAAA,GACH;AAAA,EACA,SAAW,EAAA;AAAA;AAAA;AAAA;AAAA,IAIT,sCAAsC,MAAMC,wCAAA;AAAA;AAAA;AAAA;AAAA,IAI5C,qCAAqC,MAAMC,+BAAA;AAAA;AAAA;AAAA;AAAA,IAI3C,iCAAiE,GAAA;AAC/D,MAAO,OAAA,OAAO,MAAM,GAAQ,KAAA;AAC1B,QAAM,MAAA,EAAE,SAAY,GAAA,IAAA;AAEpB,QAAI,IAAA,CAAC,QAAQ,KAAO,EAAA;AAClB,UAAM,MAAA,IAAI,MAAM,iCAAiC,CAAA;AAAA;AAGnD,QAAA,OAAO,IAAI,qBAAsB,CAAA;AAAA,UAC/B,WAAa,EAAA;AAAA,YACX,kBAAkB,OAAQ,CAAA;AAAA;AAC5B,SACD,CAAA;AAAA,OACH;AAAA;AACF;AAEJ,CAAC;;;;"}