@backstage/plugin-auth-backend 0.24.1-next.0 → 0.24.1-next.2

package/CHANGELOG.md

@@ -1,5 +1,70 @@
 # @backstage/plugin-auth-backend
 
+## 0.24.1-next.2
+
+### Patch Changes
+
+- Updated dependencies
+  - @backstage/backend-plugin-api@1.1.0-next.2
+  - @backstage/errors@1.2.6-next.0
+  - @backstage/plugin-auth-backend-module-atlassian-provider@0.3.3-next.2
+  - @backstage/plugin-auth-backend-module-auth0-provider@0.1.3-next.2
+  - @backstage/plugin-auth-backend-module-bitbucket-provider@0.2.3-next.2
+  - @backstage/plugin-auth-backend-module-bitbucket-server-provider@0.1.3-next.2
+  - @backstage/plugin-auth-backend-module-cloudflare-access-provider@0.3.3-next.2
+  - @backstage/plugin-auth-backend-module-github-provider@0.2.3-next.2
+  - @backstage/plugin-auth-backend-module-gitlab-provider@0.2.3-next.2
+  - @backstage/plugin-auth-backend-module-microsoft-provider@0.2.3-next.2
+  - @backstage/plugin-auth-backend-module-oauth2-provider@0.3.3-next.2
+  - @backstage/plugin-auth-backend-module-oidc-provider@0.3.3-next.2
+  - @backstage/plugin-auth-backend-module-okta-provider@0.1.3-next.2
+  - @backstage/plugin-auth-backend-module-onelogin-provider@0.2.3-next.2
+  - @backstage/plugin-auth-backend-module-aws-alb-provider@0.3.1-next.2
+  - @backstage/plugin-auth-backend-module-azure-easyauth-provider@0.2.3-next.2
+  - @backstage/plugin-auth-backend-module-gcp-iap-provider@0.3.3-next.2
+  - @backstage/plugin-auth-backend-module-google-provider@0.2.3-next.2
+  - @backstage/plugin-auth-backend-module-oauth2-proxy-provider@0.2.3-next.2
+  - @backstage/plugin-auth-node@0.5.5-next.2
+  - @backstage/plugin-catalog-node@1.15.0-next.2
+  - @backstage/catalog-client@1.9.0-next.2
+  - @backstage/catalog-model@1.7.2-next.0
+  - @backstage/config@1.3.1-next.0
+  - @backstage/types@1.2.0
+
+## 0.24.1-next.1
+
+### Patch Changes
+
+- c907440: Improved error forwarding for OAuth refresh endpoints
+- 40518ab: Fix issue with `jwks` endpoint returning invalid data with `firestore`
+- 5c9cc05: Use native fetch instead of node-fetch
+- Updated dependencies
+  - @backstage/plugin-auth-node@0.5.5-next.1
+  - @backstage/plugin-catalog-node@1.15.0-next.1
+  - @backstage/catalog-client@1.9.0-next.1
+  - @backstage/plugin-auth-backend-module-cloudflare-access-provider@0.3.3-next.1
+  - @backstage/plugin-auth-backend-module-bitbucket-server-provider@0.1.3-next.1
+  - @backstage/plugin-auth-backend-module-microsoft-provider@0.2.3-next.1
+  - @backstage/plugin-auth-backend-module-aws-alb-provider@0.3.1-next.1
+  - @backstage/plugin-auth-backend-module-google-provider@0.2.3-next.1
+  - @backstage/backend-plugin-api@1.1.0-next.1
+  - @backstage/plugin-auth-backend-module-atlassian-provider@0.3.3-next.1
+  - @backstage/plugin-auth-backend-module-auth0-provider@0.1.3-next.1
+  - @backstage/plugin-auth-backend-module-azure-easyauth-provider@0.2.3-next.1
+  - @backstage/plugin-auth-backend-module-bitbucket-provider@0.2.3-next.1
+  - @backstage/plugin-auth-backend-module-github-provider@0.2.3-next.1
+  - @backstage/plugin-auth-backend-module-gitlab-provider@0.2.3-next.1
+  - @backstage/plugin-auth-backend-module-oauth2-provider@0.3.3-next.1
+  - @backstage/plugin-auth-backend-module-oidc-provider@0.3.3-next.1
+  - @backstage/plugin-auth-backend-module-okta-provider@0.1.3-next.1
+  - @backstage/plugin-auth-backend-module-onelogin-provider@0.2.3-next.1
+  - @backstage/plugin-auth-backend-module-gcp-iap-provider@0.3.3-next.1
+  - @backstage/plugin-auth-backend-module-oauth2-proxy-provider@0.2.3-next.1
+  - @backstage/catalog-model@1.7.1
+  - @backstage/config@1.3.0
+  - @backstage/errors@1.2.5
+  - @backstage/types@1.2.0
+
 ## 0.24.1-next.0
 
 ### Patch Changes

package/dist/identity/FirestoreKeyStore.cjs.js

@@ -37,7 +37,7 @@ class FirestoreKeyStore {
     await this.withTimeout(
       this.database.collection(this.path).doc(key.kid).set({
         kid: key.kid,
-        key: JSON.stringify(key)
+        key
       })
     );
   }
@@ -46,10 +46,13 @@ class FirestoreKeyStore {
       this.database.collection(this.path).get()
     );
     return {
-      items: keys.docs.map((key) => ({
-        key: key.data(),
-        createdAt: key.createTime.toDate()
-      }))
+      items: keys.docs.map((doc) => {
+        const { key } = doc.data();
+        return {
+          createdAt: doc.createTime.toDate(),
+          key: typeof key === "string" ? JSON.parse(key) : key
+        };
+      })
     };
   }
   async removeKeys(kids) {

package/dist/identity/FirestoreKeyStore.cjs.js.map

@@ -1 +1 @@
-{"version":3,"file":"FirestoreKeyStore.cjs.js","sources":["../../src/identity/FirestoreKeyStore.ts"],"sourcesContent":["/*\n * Copyright 2021 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n *     http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { LoggerService } from '@backstage/backend-plugin-api';\nimport {\n  DocumentData,\n  Firestore,\n  QuerySnapshot,\n  Settings,\n  WriteResult,\n} from '@google-cloud/firestore';\n\nimport { AnyJWK, KeyStore, StoredKey } from './types';\n\nexport type FirestoreKeyStoreSettings = Settings & Options;\n\ntype Options = {\n  path?: string;\n  timeout?: number;\n};\n\nexport const DEFAULT_TIMEOUT_MS = 10000;\nexport const DEFAULT_DOCUMENT_PATH = 'sessions';\n\nexport class FirestoreKeyStore implements KeyStore {\n  static async create(\n    settings?: FirestoreKeyStoreSettings,\n  ): Promise<FirestoreKeyStore> {\n    const { path, timeout, ...firestoreSettings } = settings ?? {};\n    const database = new Firestore(firestoreSettings);\n\n    return new FirestoreKeyStore(\n      database,\n      path ?? DEFAULT_DOCUMENT_PATH,\n      timeout ?? DEFAULT_TIMEOUT_MS,\n    );\n  }\n\n  private constructor(\n    private readonly database: Firestore,\n    private readonly path: string,\n    private readonly timeout: number,\n  ) {}\n\n  static async verifyConnection(\n    keyStore: FirestoreKeyStore,\n    logger?: LoggerService,\n  ): Promise<void> {\n    try {\n      await keyStore.verify();\n    } catch (error) {\n      if (process.env.NODE_ENV !== 'development') {\n        throw new Error(\n          `Failed to connect to database: ${(error as Error).message}`,\n        );\n      }\n      logger?.warn(\n        `Failed to connect to database: ${(error as Error).message}`,\n      );\n    }\n  }\n\n  async addKey(key: AnyJWK): Promise<void> {\n    await this.withTimeout<WriteResult>(\n      this.database\n        .collection(this.path)\n        .doc(key.kid)\n        .set({\n          kid: key.kid,\n          key: JSON.stringify(key),\n        }),\n    );\n  }\n\n  async listKeys(): Promise<{ items: StoredKey[] }> {\n    const keys = await this.withTimeout<QuerySnapshot<DocumentData>>(\n      this.database.collection(this.path).get(),\n    );\n\n    return {\n      items: keys.docs.map(key => ({\n        key: key.data() as AnyJWK,\n        createdAt: key.createTime.toDate(),\n      })),\n    };\n  }\n\n  async removeKeys(kids: string[]): Promise<void> {\n    // This is probably really slow, but it's done async in the background\n    for (const kid of kids) {\n      await this.withTimeout<WriteResult>(\n        this.database.collection(this.path).doc(kid).delete(),\n      );\n    }\n\n    /**\n     * This could be achieved with batching but there's a couple of limitations with that:\n     *\n     * - A batched write can contain a maximum of 500 operations\n     *  https://firebase.google.com/docs/firestore/manage-data/transactions#batched-writes\n     *\n     * - The \"in\" operator can combine a maximum of 10 equality clauses\n     *  https://firebase.google.com/docs/firestore/query-data/queries#in_not-in_and_array-contains-any\n     *\n     * Example:\n     *\n     *  const batch = this.database.batch();\n     *  const docs = await this.database\n     *    .collection(this.path)\n     *    .where('kid', 'in', kids)\n     *    .get();\n     *  docs.forEach(doc => {\n     *    batch.delete(doc.ref);\n     *  });\n     *  await batch.commit();\n     *\n     */\n  }\n\n  /**\n   * Helper function to allow us to modify the timeout used when\n   * performing Firestore database operations.\n   *\n   * The reason for this is that it seems that there's no other\n   * practical solution to change the default timeout of 10mins\n   * that Firestore has.\n   *\n   */\n  private async withTimeout<T>(operation: Promise<T>): Promise<T> {\n    const timer = new Promise<never>((_, reject) =>\n      setTimeout(() => {\n        reject(new Error(`Operation timed out after ${this.timeout}ms`));\n      }, this.timeout),\n    );\n    return Promise.race<T>([operation, timer]);\n  }\n\n  /**\n   * Used to verify that the database is reachable.\n   */\n  private async verify(): Promise<void> {\n    await this.withTimeout(this.database.collection(this.path).limit(1).get());\n  }\n}\n"],"names":["Firestore"],"mappings":";;;;AAkCO,MAAM,kBAAqB,GAAA;AAC3B,MAAM,qBAAwB,GAAA;AAE9B,MAAM,iBAAsC,CAAA;AAAA,EAczC,WAAA,CACW,QACA,EAAA,IAAA,EACA,OACjB,EAAA;AAHiB,IAAA,IAAA,CAAA,QAAA,GAAA,QAAA;AACA,IAAA,IAAA,CAAA,IAAA,GAAA,IAAA;AACA,IAAA,IAAA,CAAA,OAAA,GAAA,OAAA;AAAA;AAChB,EAjBH,aAAa,OACX,QAC4B,EAAA;AAC5B,IAAA,MAAM,EAAE,IAAM,EAAA,OAAA,EAAS,GAAG,iBAAkB,EAAA,GAAI,YAAY,EAAC;AAC7D,IAAM,MAAA,QAAA,GAAW,IAAIA,mBAAA,CAAU,iBAAiB,CAAA;AAEhD,IAAA,OAAO,IAAI,iBAAA;AAAA,MACT,QAAA;AAAA,MACA,IAAQ,IAAA,qBAAA;AAAA,MACR,OAAW,IAAA;AAAA,KACb;AAAA;AACF,EAQA,aAAa,gBACX,CAAA,QAAA,EACA,MACe,EAAA;AACf,IAAI,IAAA;AACF,MAAA,MAAM,SAAS,MAAO,EAAA;AAAA,aACf,KAAO,EAAA;AACd,MAAI,IAAA,OAAA,CAAQ,GAAI,CAAA,QAAA,KAAa,aAAe,EAAA;AAC1C,QAAA,MAAM,IAAI,KAAA;AAAA,UACR,CAAA,+BAAA,EAAmC,MAAgB,OAAO,CAAA;AAAA,SAC5D;AAAA;AAEF,MAAQ,MAAA,EAAA,IAAA;AAAA,QACN,CAAA,+BAAA,EAAmC,MAAgB,OAAO,CAAA;AAAA,OAC5D;AAAA;AACF;AACF,EAEA,MAAM,OAAO,GAA4B,EAAA;AACvC,IAAA,MAAM,IAAK,CAAA,WAAA;AAAA,MACT,IAAA,CAAK,QACF,CAAA,UAAA,CAAW,IAAK,CAAA,IAAI,EACpB,GAAI,CAAA,GAAA,CAAI,GAAG,CAAA,CACX,GAAI,CAAA;AAAA,QACH,KAAK,GAAI,CAAA,GAAA;AAAA,QACT,GAAA,EAAK,IAAK,CAAA,SAAA,CAAU,GAAG;AAAA,OACxB;AAAA,KACL;AAAA;AACF,EAEA,MAAM,QAA4C,GAAA;AAChD,IAAM,MAAA,IAAA,GAAO,MAAM,IAAK,CAAA,WAAA;AAAA,MACtB,KAAK,QAAS,CAAA,UAAA,CAAW,IAAK,CAAA,IAAI,EAAE,GAAI;AAAA,KAC1C;AAEA,IAAO,OAAA;AAAA,MACL,KAAO,EAAA,IAAA,CAAK,IAAK,CAAA,GAAA,CAAI,CAAQ,GAAA,MAAA;AAAA,QAC3B,GAAA,EAAK,IAAI,IAAK,EAAA;AAAA,QACd,SAAA,EAAW,GAAI,CAAA,UAAA,CAAW,MAAO;AAAA,OACjC,CAAA;AAAA,KACJ;AAAA;AACF,EAEA,MAAM,WAAW,IAA+B,EAAA;AAE9C,IAAA,KAAA,MAAW,OAAO,IAAM,EAAA;AACtB,MAAA,MAAM,IAAK,CAAA,WAAA;AAAA,QACT,IAAA,CAAK,SAAS,UAAW,CAAA,IAAA,CAAK,IAAI,CAAE,CAAA,GAAA,CAAI,GAAG,CAAA,CAAE,MAAO;AAAA,OACtD;AAAA;AACF;AAwBF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAWA,MAAc,YAAe,SAAmC,EAAA;AAC9D,IAAA,MAAM,QAAQ,IAAI,OAAA;AAAA,MAAe,CAAC,CAAA,EAAG,MACnC,KAAA,UAAA,CAAW,MAAM;AACf,QAAA,MAAA,CAAO,IAAI,KAAM,CAAA,CAAA,0BAAA,EAA6B,IAAK,CAAA,OAAO,IAAI,CAAC,CAAA;AAAA,OACjE,EAAG,KAAK,OAAO;AAAA,KACjB;AACA,IAAA,OAAO,OAAQ,CAAA,IAAA,CAAQ,CAAC,SAAA,EAAW,KAAK,CAAC,CAAA;AAAA;AAC3C;AAAA;AAAA;AAAA,EAKA,MAAc,MAAwB,GAAA;AACpC,IAAA,MAAM,IAAK,CAAA,WAAA,CAAY,IAAK,CAAA,QAAA,CAAS,UAAW,CAAA,IAAA,CAAK,IAAI,CAAA,CAAE,KAAM,CAAA,CAAC,CAAE,CAAA,GAAA,EAAK,CAAA;AAAA;AAE7E;;;;;;"}
+{"version":3,"file":"FirestoreKeyStore.cjs.js","sources":["../../src/identity/FirestoreKeyStore.ts"],"sourcesContent":["/*\n * Copyright 2021 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n *     http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { LoggerService } from '@backstage/backend-plugin-api';\nimport {\n  DocumentData,\n  Firestore,\n  QuerySnapshot,\n  Settings,\n  WriteResult,\n} from '@google-cloud/firestore';\n\nimport { AnyJWK, KeyStore, StoredKey } from './types';\n\nexport type FirestoreKeyStoreSettings = Settings & Options;\n\ntype Options = {\n  path?: string;\n  timeout?: number;\n};\n\nexport const DEFAULT_TIMEOUT_MS = 10000;\nexport const DEFAULT_DOCUMENT_PATH = 'sessions';\n\nexport class FirestoreKeyStore implements KeyStore {\n  static async create(\n    settings?: FirestoreKeyStoreSettings,\n  ): Promise<FirestoreKeyStore> {\n    const { path, timeout, ...firestoreSettings } = settings ?? {};\n    const database = new Firestore(firestoreSettings);\n\n    return new FirestoreKeyStore(\n      database,\n      path ?? DEFAULT_DOCUMENT_PATH,\n      timeout ?? DEFAULT_TIMEOUT_MS,\n    );\n  }\n\n  private constructor(\n    private readonly database: Firestore,\n    private readonly path: string,\n    private readonly timeout: number,\n  ) {}\n\n  static async verifyConnection(\n    keyStore: FirestoreKeyStore,\n    logger?: LoggerService,\n  ): Promise<void> {\n    try {\n      await keyStore.verify();\n    } catch (error) {\n      if (process.env.NODE_ENV !== 'development') {\n        throw new Error(\n          `Failed to connect to database: ${(error as Error).message}`,\n        );\n      }\n      logger?.warn(\n        `Failed to connect to database: ${(error as Error).message}`,\n      );\n    }\n  }\n\n  async addKey(key: AnyJWK): Promise<void> {\n    await this.withTimeout<WriteResult>(\n      this.database.collection(this.path).doc(key.kid).set({\n        kid: key.kid,\n        key: key,\n      }),\n    );\n  }\n\n  async listKeys(): Promise<{ items: StoredKey[] }> {\n    const keys = await this.withTimeout<QuerySnapshot<DocumentData>>(\n      this.database.collection(this.path).get(),\n    );\n\n    return {\n      items: keys.docs.map(doc => {\n        const { key } = doc.data();\n\n        return {\n          createdAt: doc.createTime.toDate(),\n          key: typeof key === 'string' ? JSON.parse(key) : key,\n        };\n      }),\n    };\n  }\n\n  async removeKeys(kids: string[]): Promise<void> {\n    // This is probably really slow, but it's done async in the background\n    for (const kid of kids) {\n      await this.withTimeout<WriteResult>(\n        this.database.collection(this.path).doc(kid).delete(),\n      );\n    }\n\n    /**\n     * This could be achieved with batching but there's a couple of limitations with that:\n     *\n     * - A batched write can contain a maximum of 500 operations\n     *  https://firebase.google.com/docs/firestore/manage-data/transactions#batched-writes\n     *\n     * - The \"in\" operator can combine a maximum of 10 equality clauses\n     *  https://firebase.google.com/docs/firestore/query-data/queries#in_not-in_and_array-contains-any\n     *\n     * Example:\n     *\n     *  const batch = this.database.batch();\n     *  const docs = await this.database\n     *    .collection(this.path)\n     *    .where('kid', 'in', kids)\n     *    .get();\n     *  docs.forEach(doc => {\n     *    batch.delete(doc.ref);\n     *  });\n     *  await batch.commit();\n     *\n     */\n  }\n\n  /**\n   * Helper function to allow us to modify the timeout used when\n   * performing Firestore database operations.\n   *\n   * The reason for this is that it seems that there's no other\n   * practical solution to change the default timeout of 10mins\n   * that Firestore has.\n   *\n   */\n  private async withTimeout<T>(operation: Promise<T>): Promise<T> {\n    const timer = new Promise<never>((_, reject) =>\n      setTimeout(() => {\n        reject(new Error(`Operation timed out after ${this.timeout}ms`));\n      }, this.timeout),\n    );\n    return Promise.race<T>([operation, timer]);\n  }\n\n  /**\n   * Used to verify that the database is reachable.\n   */\n  private async verify(): Promise<void> {\n    await this.withTimeout(this.database.collection(this.path).limit(1).get());\n  }\n}\n"],"names":["Firestore"],"mappings":";;;;AAkCO,MAAM,kBAAqB,GAAA;AAC3B,MAAM,qBAAwB,GAAA;AAE9B,MAAM,iBAAsC,CAAA;AAAA,EAczC,WAAA,CACW,QACA,EAAA,IAAA,EACA,OACjB,EAAA;AAHiB,IAAA,IAAA,CAAA,QAAA,GAAA,QAAA;AACA,IAAA,IAAA,CAAA,IAAA,GAAA,IAAA;AACA,IAAA,IAAA,CAAA,OAAA,GAAA,OAAA;AAAA;AAChB,EAjBH,aAAa,OACX,QAC4B,EAAA;AAC5B,IAAA,MAAM,EAAE,IAAM,EAAA,OAAA,EAAS,GAAG,iBAAkB,EAAA,GAAI,YAAY,EAAC;AAC7D,IAAM,MAAA,QAAA,GAAW,IAAIA,mBAAA,CAAU,iBAAiB,CAAA;AAEhD,IAAA,OAAO,IAAI,iBAAA;AAAA,MACT,QAAA;AAAA,MACA,IAAQ,IAAA,qBAAA;AAAA,MACR,OAAW,IAAA;AAAA,KACb;AAAA;AACF,EAQA,aAAa,gBACX,CAAA,QAAA,EACA,MACe,EAAA;AACf,IAAI,IAAA;AACF,MAAA,MAAM,SAAS,MAAO,EAAA;AAAA,aACf,KAAO,EAAA;AACd,MAAI,IAAA,OAAA,CAAQ,GAAI,CAAA,QAAA,KAAa,aAAe,EAAA;AAC1C,QAAA,MAAM,IAAI,KAAA;AAAA,UACR,CAAA,+BAAA,EAAmC,MAAgB,OAAO,CAAA;AAAA,SAC5D;AAAA;AAEF,MAAQ,MAAA,EAAA,IAAA;AAAA,QACN,CAAA,+BAAA,EAAmC,MAAgB,OAAO,CAAA;AAAA,OAC5D;AAAA;AACF;AACF,EAEA,MAAM,OAAO,GAA4B,EAAA;AACvC,IAAA,MAAM,IAAK,CAAA,WAAA;AAAA,MACT,IAAA,CAAK,QAAS,CAAA,UAAA,CAAW,IAAK,CAAA,IAAI,EAAE,GAAI,CAAA,GAAA,CAAI,GAAG,CAAA,CAAE,GAAI,CAAA;AAAA,QACnD,KAAK,GAAI,CAAA,GAAA;AAAA,QACT;AAAA,OACD;AAAA,KACH;AAAA;AACF,EAEA,MAAM,QAA4C,GAAA;AAChD,IAAM,MAAA,IAAA,GAAO,MAAM,IAAK,CAAA,WAAA;AAAA,MACtB,KAAK,QAAS,CAAA,UAAA,CAAW,IAAK,CAAA,IAAI,EAAE,GAAI;AAAA,KAC1C;AAEA,IAAO,OAAA;AAAA,MACL,KAAO,EAAA,IAAA,CAAK,IAAK,CAAA,GAAA,CAAI,CAAO,GAAA,KAAA;AAC1B,QAAA,MAAM,EAAE,GAAA,EAAQ,GAAA,GAAA,CAAI,IAAK,EAAA;AAEzB,QAAO,OAAA;AAAA,UACL,SAAA,EAAW,GAAI,CAAA,UAAA,CAAW,MAAO,EAAA;AAAA,UACjC,KAAK,OAAO,GAAA,KAAQ,WAAW,IAAK,CAAA,KAAA,CAAM,GAAG,CAAI,GAAA;AAAA,SACnD;AAAA,OACD;AAAA,KACH;AAAA;AACF,EAEA,MAAM,WAAW,IAA+B,EAAA;AAE9C,IAAA,KAAA,MAAW,OAAO,IAAM,EAAA;AACtB,MAAA,MAAM,IAAK,CAAA,WAAA;AAAA,QACT,IAAA,CAAK,SAAS,UAAW,CAAA,IAAA,CAAK,IAAI,CAAE,CAAA,GAAA,CAAI,GAAG,CAAA,CAAE,MAAO;AAAA,OACtD;AAAA;AACF;AAwBF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAWA,MAAc,YAAe,SAAmC,EAAA;AAC9D,IAAA,MAAM,QAAQ,IAAI,OAAA;AAAA,MAAe,CAAC,CAAA,EAAG,MACnC,KAAA,UAAA,CAAW,MAAM;AACf,QAAA,MAAA,CAAO,IAAI,KAAM,CAAA,CAAA,0BAAA,EAA6B,IAAK,CAAA,OAAO,IAAI,CAAC,CAAA;AAAA,OACjE,EAAG,KAAK,OAAO;AAAA,KACjB;AACA,IAAA,OAAO,OAAQ,CAAA,IAAA,CAAQ,CAAC,SAAA,EAAW,KAAK,CAAC,CAAA;AAAA;AAC3C;AAAA;AAAA;AAAA,EAKA,MAAc,MAAwB,GAAA;AACpC,IAAA,MAAM,IAAK,CAAA,WAAA,CAAY,IAAK,CAAA,QAAA,CAAS,UAAW,CAAA,IAAA,CAAK,IAAI,CAAA,CAAE,KAAM,CAAA,CAAC,CAAE,CAAA,GAAA,EAAK,CAAA;AAAA;AAE7E;;;;;;"}

package/dist/lib/passport/PassportStrategyHelper.cjs.js

@@ -1,6 +1,7 @@
 'use strict';
 
 require('jose');
+require('@backstage/errors');
 
 const executeRedirectStrategy = async (req, providerStrategy, options) => {
   return new Promise((resolve) => {

package/dist/lib/passport/PassportStrategyHelper.cjs.js.map

@@ -1 +1 @@
-{"version":3,"file":"PassportStrategyHelper.cjs.js","sources":["../../../src/lib/passport/PassportStrategyHelper.ts"],"sourcesContent":["/*\n * Copyright 2020 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n *     http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport express from 'express';\nimport passport from 'passport';\nimport { decodeJwt } from 'jose';\nimport { InternalOAuthError } from 'passport-oauth2';\nimport { ProfileInfo } from '@backstage/plugin-auth-node';\nimport { PassportProfile } from './types';\nimport { OAuthStartResponse } from '../../providers/types';\n\nexport type PassportDoneCallback<Res, Private = never> = (\n  err?: Error,\n  response?: Res,\n  privateInfo?: Private,\n) => void;\n\nexport const makeProfileInfo = (\n  profile: PassportProfile,\n  idToken?: string,\n): ProfileInfo => {\n  let email: string | undefined = undefined;\n  if (profile.emails && profile.emails.length > 0) {\n    const [firstEmail] = profile.emails;\n    email = firstEmail.value;\n  }\n\n  let picture: string | undefined = undefined;\n  if (profile.avatarUrl) {\n    picture = profile.avatarUrl;\n  } else if (profile.photos && profile.photos.length > 0) {\n    const [firstPhoto] = profile.photos;\n    picture = firstPhoto.value;\n  }\n\n  let displayName: string | undefined =\n    profile.displayName ?? profile.username ?? profile.id;\n\n  if ((!email || !picture || !displayName) && idToken) {\n    try {\n      const decoded = decodeJwt(idToken) as {\n        email?: string;\n        name?: string;\n        picture?: string;\n      };\n      if (!email && decoded.email) {\n        email = decoded.email;\n      }\n      if (!picture && decoded.picture) {\n        picture = decoded.picture;\n      }\n      if (!displayName && decoded.name) {\n        displayName = decoded.name;\n      }\n    } catch (e) {\n      throw new Error(`Failed to parse id token and get profile info, ${e}`);\n    }\n  }\n\n  return {\n    email,\n    picture,\n    displayName,\n  };\n};\n\nexport const executeRedirectStrategy = async (\n  req: express.Request,\n  providerStrategy: passport.Strategy,\n  options: Record<string, string>,\n): Promise<OAuthStartResponse> => {\n  return new Promise(resolve => {\n    const strategy = Object.create(providerStrategy);\n    strategy.redirect = (url: string, status?: number) => {\n      resolve({ url, status: status ?? undefined });\n    };\n\n    strategy.authenticate(req, { ...options });\n  });\n};\n\nexport const executeFrameHandlerStrategy = async <Result, PrivateInfo = never>(\n  req: express.Request,\n  providerStrategy: passport.Strategy,\n  options?: Record<string, string>,\n) => {\n  return new Promise<{ result: Result; privateInfo: PrivateInfo }>(\n    (resolve, reject) => {\n      const strategy = Object.create(providerStrategy);\n      strategy.success = (result: any, privateInfo: any) => {\n        resolve({ result, privateInfo });\n      };\n      strategy.fail = (\n        info: { type: 'success' | 'error'; message?: string },\n        // _status: number,\n      ) => {\n        reject(new Error(`Authentication rejected, ${info.message ?? ''}`));\n      };\n      strategy.error = (error: InternalOAuthError) => {\n        let message = `Authentication failed, ${error.message}`;\n\n        if (error.oauthError?.data) {\n          try {\n            const errorData = JSON.parse(error.oauthError.data);\n\n            if (errorData.message) {\n              message += ` - ${errorData.message}`;\n            }\n          } catch (parseError) {\n            message += ` - ${error.oauthError}`;\n          }\n        }\n\n        reject(new Error(message));\n      };\n      strategy.redirect = () => {\n        reject(new Error('Unexpected redirect'));\n      };\n      strategy.authenticate(req, { ...(options ?? {}) });\n    },\n  );\n};\n\ntype RefreshTokenResponse = {\n  /**\n   * An access token issued for the signed in user.\n   */\n  accessToken: string;\n  /**\n   * Optionally, the server can issue a new Refresh Token for the user\n   */\n  refreshToken?: string;\n  params: any;\n};\n\nexport const executeRefreshTokenStrategy = async (\n  providerStrategy: passport.Strategy,\n  refreshToken: string,\n  scope: string,\n): Promise<RefreshTokenResponse> => {\n  return new Promise((resolve, reject) => {\n    const anyStrategy = providerStrategy as any;\n    const OAuth2 = anyStrategy._oauth2.constructor;\n    const oauth2 = new OAuth2(\n      anyStrategy._oauth2._clientId,\n      anyStrategy._oauth2._clientSecret,\n      anyStrategy._oauth2._baseSite,\n      anyStrategy._oauth2._authorizeUrl,\n      anyStrategy._refreshURL || anyStrategy._oauth2._accessTokenUrl,\n      anyStrategy._oauth2._customHeaders,\n    );\n\n    oauth2.getOAuthAccessToken(\n      refreshToken,\n      {\n        scope,\n        grant_type: 'refresh_token',\n      },\n      (\n        err: Error | null,\n        accessToken: string,\n        newRefreshToken: string,\n        params: any,\n      ) => {\n        if (err) {\n          reject(new Error(`Failed to refresh access token ${err.toString()}`));\n        }\n        if (!accessToken) {\n          reject(\n            new Error(\n              `Failed to refresh access token, no access token received`,\n            ),\n          );\n        }\n\n        resolve({\n          accessToken,\n          refreshToken: newRefreshToken,\n          params,\n        });\n      },\n    );\n  });\n};\n\ntype ProviderStrategy = {\n  userProfile(accessToken: string, callback: Function): void;\n};\n\nexport const executeFetchUserProfileStrategy = async (\n  providerStrategy: passport.Strategy,\n  accessToken: string,\n): Promise<PassportProfile> => {\n  return new Promise((resolve, reject) => {\n    const anyStrategy = providerStrategy as unknown as ProviderStrategy;\n    anyStrategy.userProfile(\n      accessToken,\n      (error: Error, rawProfile: PassportProfile) => {\n        if (error) {\n          reject(error);\n        } else {\n          resolve(rawProfile);\n        }\n      },\n    );\n  });\n};\n"],"names":[],"mappings":";;;;AA+EO,MAAM,uBAA0B,GAAA,OACrC,GACA,EAAA,gBAAA,EACA,OACgC,KAAA;AAChC,EAAO,OAAA,IAAI,QAAQ,CAAW,OAAA,KAAA;AAC5B,IAAM,MAAA,QAAA,GAAW,MAAO,CAAA,MAAA,CAAO,gBAAgB,CAAA;AAC/C,IAAS,QAAA,CAAA,QAAA,GAAW,CAAC,GAAA,EAAa,MAAoB,KAAA;AACpD,MAAA,OAAA,CAAQ,EAAE,GAAA,EAAK,MAAQ,EAAA,MAAA,IAAU,QAAW,CAAA;AAAA,KAC9C;AAEA,IAAA,QAAA,CAAS,YAAa,CAAA,GAAA,EAAK,EAAE,GAAG,SAAS,CAAA;AAAA,GAC1C,CAAA;AACH;AAEO,MAAM,2BAA8B,GAAA,OACzC,GACA,EAAA,gBAAA,EACA,OACG,KAAA;AACH,EAAA,OAAO,IAAI,OAAA;AAAA,IACT,CAAC,SAAS,MAAW,KAAA;AACnB,MAAM,MAAA,QAAA,GAAW,MAAO,CAAA,MAAA,CAAO,gBAAgB,CAAA;AAC/C,MAAS,QAAA,CAAA,OAAA,GAAU,CAAC,MAAA,EAAa,WAAqB,KAAA;AACpD,QAAQ,OAAA,CAAA,EAAE,MAAQ,EAAA,WAAA,EAAa,CAAA;AAAA,OACjC;AACA,MAAS,QAAA,CAAA,IAAA,GAAO,CACd,IAEG,KAAA;AACH,QAAA,MAAA,CAAO,IAAI,KAAM,CAAA,CAAA,yBAAA,EAA4B,KAAK,OAAW,IAAA,EAAE,EAAE,CAAC,CAAA;AAAA,OACpE;AACA,MAAS,QAAA,CAAA,KAAA,GAAQ,CAAC,KAA8B,KAAA;AAC9C,QAAI,IAAA,OAAA,GAAU,CAA0B,uBAAA,EAAA,KAAA,CAAM,OAAO,CAAA,CAAA;AAErD,QAAI,IAAA,KAAA,CAAM,YAAY,IAAM,EAAA;AAC1B,UAAI,IAAA;AACF,YAAA,MAAM,SAAY,GAAA,IAAA,CAAK,KAAM,CAAA,KAAA,CAAM,WAAW,IAAI,CAAA;AAElD,YAAA,IAAI,UAAU,OAAS,EAAA;AACrB,cAAW,OAAA,IAAA,CAAA,GAAA,EAAM,UAAU,OAAO,CAAA,CAAA;AAAA;AACpC,mBACO,UAAY,EAAA;AACnB,YAAW,OAAA,IAAA,CAAA,GAAA,EAAM,MAAM,UAAU,CAAA,CAAA;AAAA;AACnC;AAGF,QAAO,MAAA,CAAA,IAAI,KAAM,CAAA,OAAO,CAAC,CAAA;AAAA,OAC3B;AACA,MAAA,QAAA,CAAS,WAAW,MAAM;AACxB,QAAO,MAAA,CAAA,IAAI,KAAM,CAAA,qBAAqB,CAAC,CAAA;AAAA,OACzC;AACA,MAAA,QAAA,CAAS,aAAa,GAAK,EAAA,EAAE,GAAe,IAAK,CAAA;AAAA;AACnD,GACF;AACF;;;;;"}
+{"version":3,"file":"PassportStrategyHelper.cjs.js","sources":["../../../src/lib/passport/PassportStrategyHelper.ts"],"sourcesContent":["/*\n * Copyright 2020 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n *     http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport express from 'express';\nimport passport from 'passport';\nimport { decodeJwt } from 'jose';\nimport { InternalOAuthError } from 'passport-oauth2';\nimport { ProfileInfo } from '@backstage/plugin-auth-node';\nimport { PassportProfile } from './types';\nimport { OAuthStartResponse } from '../../providers/types';\nimport { ForwardedError } from '@backstage/errors';\n\nexport type PassportDoneCallback<Res, Private = never> = (\n  err?: Error,\n  response?: Res,\n  privateInfo?: Private,\n) => void;\n\nexport const makeProfileInfo = (\n  profile: PassportProfile,\n  idToken?: string,\n): ProfileInfo => {\n  let email: string | undefined = undefined;\n  if (profile.emails && profile.emails.length > 0) {\n    const [firstEmail] = profile.emails;\n    email = firstEmail.value;\n  }\n\n  let picture: string | undefined = undefined;\n  if (profile.avatarUrl) {\n    picture = profile.avatarUrl;\n  } else if (profile.photos && profile.photos.length > 0) {\n    const [firstPhoto] = profile.photos;\n    picture = firstPhoto.value;\n  }\n\n  let displayName: string | undefined =\n    profile.displayName ?? profile.username ?? profile.id;\n\n  if ((!email || !picture || !displayName) && idToken) {\n    try {\n      const decoded = decodeJwt(idToken) as {\n        email?: string;\n        name?: string;\n        picture?: string;\n      };\n      if (!email && decoded.email) {\n        email = decoded.email;\n      }\n      if (!picture && decoded.picture) {\n        picture = decoded.picture;\n      }\n      if (!displayName && decoded.name) {\n        displayName = decoded.name;\n      }\n    } catch (e) {\n      throw new ForwardedError(\n        `Failed to parse id token and get profile info`,\n        e,\n      );\n    }\n  }\n\n  return {\n    email,\n    picture,\n    displayName,\n  };\n};\n\nexport const executeRedirectStrategy = async (\n  req: express.Request,\n  providerStrategy: passport.Strategy,\n  options: Record<string, string>,\n): Promise<OAuthStartResponse> => {\n  return new Promise(resolve => {\n    const strategy = Object.create(providerStrategy);\n    strategy.redirect = (url: string, status?: number) => {\n      resolve({ url, status: status ?? undefined });\n    };\n\n    strategy.authenticate(req, { ...options });\n  });\n};\n\nexport const executeFrameHandlerStrategy = async <Result, PrivateInfo = never>(\n  req: express.Request,\n  providerStrategy: passport.Strategy,\n  options?: Record<string, string>,\n) => {\n  return new Promise<{ result: Result; privateInfo: PrivateInfo }>(\n    (resolve, reject) => {\n      const strategy = Object.create(providerStrategy);\n      strategy.success = (result: any, privateInfo: any) => {\n        resolve({ result, privateInfo });\n      };\n      strategy.fail = (\n        info: { type: 'success' | 'error'; message?: string },\n        // _status: number,\n      ) => {\n        reject(new Error(`Authentication rejected, ${info.message ?? ''}`));\n      };\n      strategy.error = (error: InternalOAuthError) => {\n        let message = `Authentication failed, ${error.message}`;\n\n        if (error.oauthError?.data) {\n          try {\n            const errorData = JSON.parse(error.oauthError.data);\n\n            if (errorData.message) {\n              message += ` - ${errorData.message}`;\n            }\n          } catch (parseError) {\n            message += ` - ${error.oauthError}`;\n          }\n        }\n\n        reject(new Error(message));\n      };\n      strategy.redirect = () => {\n        reject(new Error('Unexpected redirect'));\n      };\n      strategy.authenticate(req, { ...(options ?? {}) });\n    },\n  );\n};\n\ntype RefreshTokenResponse = {\n  /**\n   * An access token issued for the signed in user.\n   */\n  accessToken: string;\n  /**\n   * Optionally, the server can issue a new Refresh Token for the user\n   */\n  refreshToken?: string;\n  params: any;\n};\n\nexport const executeRefreshTokenStrategy = async (\n  providerStrategy: passport.Strategy,\n  refreshToken: string,\n  scope: string,\n): Promise<RefreshTokenResponse> => {\n  return new Promise((resolve, reject) => {\n    const anyStrategy = providerStrategy as any;\n    const OAuth2 = anyStrategy._oauth2.constructor;\n    const oauth2 = new OAuth2(\n      anyStrategy._oauth2._clientId,\n      anyStrategy._oauth2._clientSecret,\n      anyStrategy._oauth2._baseSite,\n      anyStrategy._oauth2._authorizeUrl,\n      anyStrategy._refreshURL || anyStrategy._oauth2._accessTokenUrl,\n      anyStrategy._oauth2._customHeaders,\n    );\n\n    oauth2.getOAuthAccessToken(\n      refreshToken,\n      {\n        scope,\n        grant_type: 'refresh_token',\n      },\n      (\n        err: Error | null,\n        accessToken: string,\n        newRefreshToken: string,\n        params: any,\n      ) => {\n        if (err) {\n          reject(new ForwardedError(`Failed to refresh access token`, err));\n        }\n        if (!accessToken) {\n          reject(\n            new Error(\n              `Failed to refresh access token, no access token received`,\n            ),\n          );\n        }\n\n        resolve({\n          accessToken,\n          refreshToken: newRefreshToken,\n          params,\n        });\n      },\n    );\n  });\n};\n\ntype ProviderStrategy = {\n  userProfile(accessToken: string, callback: Function): void;\n};\n\nexport const executeFetchUserProfileStrategy = async (\n  providerStrategy: passport.Strategy,\n  accessToken: string,\n): Promise<PassportProfile> => {\n  return new Promise((resolve, reject) => {\n    const anyStrategy = providerStrategy as unknown as ProviderStrategy;\n    anyStrategy.userProfile(\n      accessToken,\n      (error: Error, rawProfile: PassportProfile) => {\n        if (error) {\n          reject(error);\n        } else {\n          resolve(rawProfile);\n        }\n      },\n    );\n  });\n};\n"],"names":[],"mappings":";;;;;AAmFO,MAAM,uBAA0B,GAAA,OACrC,GACA,EAAA,gBAAA,EACA,OACgC,KAAA;AAChC,EAAO,OAAA,IAAI,QAAQ,CAAW,OAAA,KAAA;AAC5B,IAAM,MAAA,QAAA,GAAW,MAAO,CAAA,MAAA,CAAO,gBAAgB,CAAA;AAC/C,IAAS,QAAA,CAAA,QAAA,GAAW,CAAC,GAAA,EAAa,MAAoB,KAAA;AACpD,MAAA,OAAA,CAAQ,EAAE,GAAA,EAAK,MAAQ,EAAA,MAAA,IAAU,QAAW,CAAA;AAAA,KAC9C;AAEA,IAAA,QAAA,CAAS,YAAa,CAAA,GAAA,EAAK,EAAE,GAAG,SAAS,CAAA;AAAA,GAC1C,CAAA;AACH;AAEO,MAAM,2BAA8B,GAAA,OACzC,GACA,EAAA,gBAAA,EACA,OACG,KAAA;AACH,EAAA,OAAO,IAAI,OAAA;AAAA,IACT,CAAC,SAAS,MAAW,KAAA;AACnB,MAAM,MAAA,QAAA,GAAW,MAAO,CAAA,MAAA,CAAO,gBAAgB,CAAA;AAC/C,MAAS,QAAA,CAAA,OAAA,GAAU,CAAC,MAAA,EAAa,WAAqB,KAAA;AACpD,QAAQ,OAAA,CAAA,EAAE,MAAQ,EAAA,WAAA,EAAa,CAAA;AAAA,OACjC;AACA,MAAS,QAAA,CAAA,IAAA,GAAO,CACd,IAEG,KAAA;AACH,QAAA,MAAA,CAAO,IAAI,KAAM,CAAA,CAAA,yBAAA,EAA4B,KAAK,OAAW,IAAA,EAAE,EAAE,CAAC,CAAA;AAAA,OACpE;AACA,MAAS,QAAA,CAAA,KAAA,GAAQ,CAAC,KAA8B,KAAA;AAC9C,QAAI,IAAA,OAAA,GAAU,CAA0B,uBAAA,EAAA,KAAA,CAAM,OAAO,CAAA,CAAA;AAErD,QAAI,IAAA,KAAA,CAAM,YAAY,IAAM,EAAA;AAC1B,UAAI,IAAA;AACF,YAAA,MAAM,SAAY,GAAA,IAAA,CAAK,KAAM,CAAA,KAAA,CAAM,WAAW,IAAI,CAAA;AAElD,YAAA,IAAI,UAAU,OAAS,EAAA;AACrB,cAAW,OAAA,IAAA,CAAA,GAAA,EAAM,UAAU,OAAO,CAAA,CAAA;AAAA;AACpC,mBACO,UAAY,EAAA;AACnB,YAAW,OAAA,IAAA,CAAA,GAAA,EAAM,MAAM,UAAU,CAAA,CAAA;AAAA;AACnC;AAGF,QAAO,MAAA,CAAA,IAAI,KAAM,CAAA,OAAO,CAAC,CAAA;AAAA,OAC3B;AACA,MAAA,QAAA,CAAS,WAAW,MAAM;AACxB,QAAO,MAAA,CAAA,IAAI,KAAM,CAAA,qBAAqB,CAAC,CAAA;AAAA,OACzC;AACA,MAAA,QAAA,CAAS,aAAa,GAAK,EAAA,EAAE,GAAe,IAAK,CAAA;AAAA;AACnD,GACF;AACF;;;;;"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@backstage/plugin-auth-backend",
-  "version": "0.24.1-next.0",
+  "version": "0.24.1-next.2",
   "description": "A Backstage backend plugin that handles authentication",
   "backstage": {
     "role": "backend-plugin",
@@ -44,30 +44,30 @@
   },
   "dependencies": {
     "@backstage/backend-common": "^0.25.0",
-    "@backstage/backend-plugin-api": "1.0.3-next.0",
-    "@backstage/catalog-client": "1.8.1-next.0",
-    "@backstage/catalog-model": "1.7.1",
-    "@backstage/config": "1.3.0",
-    "@backstage/errors": "1.2.5",
-    "@backstage/plugin-auth-backend-module-atlassian-provider": "0.3.3-next.0",
-    "@backstage/plugin-auth-backend-module-auth0-provider": "0.1.3-next.0",
-    "@backstage/plugin-auth-backend-module-aws-alb-provider": "0.3.1-next.0",
-    "@backstage/plugin-auth-backend-module-azure-easyauth-provider": "0.2.3-next.0",
-    "@backstage/plugin-auth-backend-module-bitbucket-provider": "0.2.3-next.0",
-    "@backstage/plugin-auth-backend-module-bitbucket-server-provider": "0.1.3-next.0",
-    "@backstage/plugin-auth-backend-module-cloudflare-access-provider": "0.3.3-next.0",
-    "@backstage/plugin-auth-backend-module-gcp-iap-provider": "0.3.3-next.0",
-    "@backstage/plugin-auth-backend-module-github-provider": "0.2.3-next.0",
-    "@backstage/plugin-auth-backend-module-gitlab-provider": "0.2.3-next.0",
-    "@backstage/plugin-auth-backend-module-google-provider": "0.2.3-next.0",
-    "@backstage/plugin-auth-backend-module-microsoft-provider": "0.2.3-next.0",
-    "@backstage/plugin-auth-backend-module-oauth2-provider": "0.3.3-next.0",
-    "@backstage/plugin-auth-backend-module-oauth2-proxy-provider": "0.2.3-next.0",
-    "@backstage/plugin-auth-backend-module-oidc-provider": "0.3.3-next.0",
-    "@backstage/plugin-auth-backend-module-okta-provider": "0.1.3-next.0",
-    "@backstage/plugin-auth-backend-module-onelogin-provider": "0.2.3-next.0",
-    "@backstage/plugin-auth-node": "0.5.5-next.0",
-    "@backstage/plugin-catalog-node": "1.14.1-next.0",
+    "@backstage/backend-plugin-api": "1.1.0-next.2",
+    "@backstage/catalog-client": "1.9.0-next.2",
+    "@backstage/catalog-model": "1.7.2-next.0",
+    "@backstage/config": "1.3.1-next.0",
+    "@backstage/errors": "1.2.6-next.0",
+    "@backstage/plugin-auth-backend-module-atlassian-provider": "0.3.3-next.2",
+    "@backstage/plugin-auth-backend-module-auth0-provider": "0.1.3-next.2",
+    "@backstage/plugin-auth-backend-module-aws-alb-provider": "0.3.1-next.2",
+    "@backstage/plugin-auth-backend-module-azure-easyauth-provider": "0.2.3-next.2",
+    "@backstage/plugin-auth-backend-module-bitbucket-provider": "0.2.3-next.2",
+    "@backstage/plugin-auth-backend-module-bitbucket-server-provider": "0.1.3-next.2",
+    "@backstage/plugin-auth-backend-module-cloudflare-access-provider": "0.3.3-next.2",
+    "@backstage/plugin-auth-backend-module-gcp-iap-provider": "0.3.3-next.2",
+    "@backstage/plugin-auth-backend-module-github-provider": "0.2.3-next.2",
+    "@backstage/plugin-auth-backend-module-gitlab-provider": "0.2.3-next.2",
+    "@backstage/plugin-auth-backend-module-google-provider": "0.2.3-next.2",
+    "@backstage/plugin-auth-backend-module-microsoft-provider": "0.2.3-next.2",
+    "@backstage/plugin-auth-backend-module-oauth2-provider": "0.3.3-next.2",
+    "@backstage/plugin-auth-backend-module-oauth2-proxy-provider": "0.2.3-next.2",
+    "@backstage/plugin-auth-backend-module-oidc-provider": "0.3.3-next.2",
+    "@backstage/plugin-auth-backend-module-okta-provider": "0.1.3-next.2",
+    "@backstage/plugin-auth-backend-module-onelogin-provider": "0.2.3-next.2",
+    "@backstage/plugin-auth-node": "0.5.5-next.2",
+    "@backstage/plugin-catalog-node": "1.15.0-next.2",
     "@backstage/types": "1.2.0",
     "@google-cloud/firestore": "^7.0.0",
     "@node-saml/passport-saml": "^5.0.0",
@@ -89,7 +89,6 @@
     "minimatch": "^9.0.0",
     "morgan": "^1.10.0",
     "node-cache": "^5.1.2",
-    "node-fetch": "^2.7.0",
     "openid-client": "^5.2.1",
     "passport": "^0.7.0",
     "passport-auth0": "^1.4.3",
@@ -103,9 +102,9 @@
     "yn": "^4.0.0"
   },
   "devDependencies": {
-    "@backstage/backend-defaults": "0.6.0-next.0",
-    "@backstage/backend-test-utils": "1.2.0-next.0",
-    "@backstage/cli": "0.29.3-next.0",
+    "@backstage/backend-defaults": "0.6.0-next.2",
+    "@backstage/backend-test-utils": "1.2.0-next.2",
+    "@backstage/cli": "0.29.3-next.2",
     "@types/body-parser": "^1.19.0",
     "@types/cookie-parser": "^1.4.2",
     "@types/express-session": "^1.17.2",