@backstage/plugin-auth-backend 0.24.4-next.0 → 0.24.4-next.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (26) hide show
  1. package/CHANGELOG.md +57 -0
  2. package/dist/index.d.ts +27 -4
  3. package/dist/lib/catalog/CatalogIdentityClient.cjs.js.map +1 -1
  4. package/dist/lib/resolvers/CatalogAuthResolverContext.cjs.js +10 -8
  5. package/dist/lib/resolvers/CatalogAuthResolverContext.cjs.js.map +1 -1
  6. package/dist/providers/atlassian/provider.cjs.js.map +1 -1
  7. package/dist/providers/auth0/provider.cjs.js.map +1 -1
  8. package/dist/providers/aws-alb/provider.cjs.js.map +1 -1
  9. package/dist/providers/azure-easyauth/provider.cjs.js.map +1 -1
  10. package/dist/providers/bitbucket/provider.cjs.js.map +1 -1
  11. package/dist/providers/cloudflare-access/provider.cjs.js.map +1 -1
  12. package/dist/providers/createAuthProviderIntegration.cjs.js.map +1 -1
  13. package/dist/providers/gcp-iap/provider.cjs.js.map +1 -1
  14. package/dist/providers/github/provider.cjs.js.map +1 -1
  15. package/dist/providers/gitlab/provider.cjs.js.map +1 -1
  16. package/dist/providers/google/provider.cjs.js.map +1 -1
  17. package/dist/providers/microsoft/provider.cjs.js.map +1 -1
  18. package/dist/providers/oauth2/provider.cjs.js.map +1 -1
  19. package/dist/providers/oauth2-proxy/provider.cjs.js.map +1 -1
  20. package/dist/providers/oidc/provider.cjs.js.map +1 -1
  21. package/dist/providers/okta/provider.cjs.js.map +1 -1
  22. package/dist/providers/onelogin/provider.cjs.js.map +1 -1
  23. package/dist/providers/providers.cjs.js.map +1 -1
  24. package/dist/providers/router.cjs.js.map +1 -1
  25. package/dist/providers/saml/provider.cjs.js.map +1 -1
  26. package/package.json +24 -24
package/CHANGELOG.md CHANGED
@@ -1,5 +1,62 @@
1
1
  # @backstage/plugin-auth-backend
2
2
 
3
+ ## 0.24.4-next.1
4
+
5
+ ### Patch Changes
6
+
7
+ - 7956beb: Marked the remaining exports related to `createRouter` and the old backend system as deprecated.
8
+
9
+ For more information about migrating to the new backend system, see the [migration guide](https://backstage.io/docs/backend-system/building-backends/migrating#the-auth-plugin).
10
+
11
+ Support for the old backend system will be removed in the next release of this plugin.
12
+
13
+ - b6702ea: Deprecated `getDefaultOwnershipEntityRefs` in favor of the new `.resolveOwnershipEntityRefs(...)` method in the `AuthResolverContext`.
14
+
15
+ The following code in a custom sign-in resolver:
16
+
17
+ ```ts
18
+ import { getDefaultOwnershipEntityRefs } from '@backstage/plugin-auth-backend';
19
+
20
+ // ...
21
+
22
+ const ent = getDefaultOwnershipEntityRefs(entity);
23
+ ```
24
+
25
+ Can be replaced with the following:
26
+
27
+ ```ts
28
+ const { ownershipEntityRefs: ent } = await ctx.resolveOwnershipEntityRefs(
29
+ entity,
30
+ );
31
+ ```
32
+
33
+ - Updated dependencies
34
+ - @backstage/plugin-auth-node@0.6.1-next.1
35
+ - @backstage/backend-plugin-api@1.2.1-next.1
36
+ - @backstage/catalog-client@1.9.1
37
+ - @backstage/catalog-model@1.7.3
38
+ - @backstage/config@1.3.2
39
+ - @backstage/errors@1.2.7
40
+ - @backstage/types@1.2.1
41
+ - @backstage/plugin-auth-backend-module-atlassian-provider@0.4.1-next.1
42
+ - @backstage/plugin-auth-backend-module-auth0-provider@0.2.1-next.1
43
+ - @backstage/plugin-auth-backend-module-aws-alb-provider@0.4.1-next.1
44
+ - @backstage/plugin-auth-backend-module-azure-easyauth-provider@0.2.6-next.1
45
+ - @backstage/plugin-auth-backend-module-bitbucket-provider@0.3.1-next.1
46
+ - @backstage/plugin-auth-backend-module-bitbucket-server-provider@0.2.1-next.1
47
+ - @backstage/plugin-auth-backend-module-cloudflare-access-provider@0.4.1-next.1
48
+ - @backstage/plugin-auth-backend-module-gcp-iap-provider@0.4.1-next.1
49
+ - @backstage/plugin-auth-backend-module-github-provider@0.3.1-next.1
50
+ - @backstage/plugin-auth-backend-module-gitlab-provider@0.3.1-next.1
51
+ - @backstage/plugin-auth-backend-module-google-provider@0.3.1-next.1
52
+ - @backstage/plugin-auth-backend-module-microsoft-provider@0.3.1-next.1
53
+ - @backstage/plugin-auth-backend-module-oauth2-provider@0.4.1-next.1
54
+ - @backstage/plugin-auth-backend-module-oauth2-proxy-provider@0.2.6-next.1
55
+ - @backstage/plugin-auth-backend-module-oidc-provider@0.4.1-next.1
56
+ - @backstage/plugin-auth-backend-module-okta-provider@0.2.1-next.1
57
+ - @backstage/plugin-auth-backend-module-onelogin-provider@0.3.1-next.1
58
+ - @backstage/plugin-catalog-node@1.16.1-next.1
59
+
3
60
  ## 0.24.4-next.0
4
61
 
5
62
  ### Patch Changes
package/dist/index.d.ts CHANGED
@@ -33,11 +33,17 @@ declare const authPlugin: _backstage_backend_plugin_api.BackendFeature;
33
33
  */
34
34
  type TokenParams = TokenParams$1;
35
35
 
36
- /** @public */
36
+ /**
37
+ * @public
38
+ * @deprecated Migrate the auth plugin to the new backend system https://backstage.io/docs/backend-system/building-backends/migrating#the-auth-plugin
39
+ */
37
40
  type ProviderFactories = {
38
41
  [s: string]: AuthProviderFactory$1;
39
42
  };
40
- /** @public */
43
+ /**
44
+ * @public
45
+ * @deprecated this export will be removed
46
+ */
41
47
  declare function createOriginFilter(config: Config): (origin: string) => boolean;
42
48
 
43
49
  /**
@@ -502,7 +508,10 @@ type CloudflareAccessResult = {
502
508
  token: string;
503
509
  };
504
510
 
505
- /** @public */
511
+ /**
512
+ * @public
513
+ * @deprecated Migrate the auth plugin to the new backend system https://backstage.io/docs/backend-system/building-backends/migrating#the-auth-plugin
514
+ */
506
515
  type GithubOAuthResult = {
507
516
  fullProfile: Profile;
508
517
  params: {
@@ -526,7 +535,10 @@ type OAuth2ProxyResult = OAuth2ProxyResult$1;
526
535
  */
527
536
  type OidcAuthResult = OidcAuthResult$1;
528
537
 
529
- /** @public */
538
+ /**
539
+ * @public
540
+ * @deprecated Migrate the auth plugin to the new backend system https://backstage.io/docs/backend-system/building-backends/migrating#the-auth-plugin
541
+ */
530
542
  type SamlAuthResult = {
531
543
  fullProfile: any;
532
544
  };
@@ -551,10 +563,17 @@ type GcpIapResult = GcpIapResult$1;
551
563
  * All built-in auth provider integrations.
552
564
  *
553
565
  * @public
566
+ * @deprecated Migrate the auth plugin to the new backend system https://backstage.io/docs/backend-system/building-backends/migrating#the-auth-plugin
554
567
  */
555
568
  declare const providers: Readonly<{
556
569
  atlassian: Readonly<{
557
570
  create: (options?: {
571
+ /**
572
+ * All built-in auth provider integrations.
573
+ *
574
+ * @public
575
+ * @deprecated Migrate the auth plugin to the new backend system https://backstage.io/docs/backend-system/building-backends/migrating#the-auth-plugin
576
+ */
558
577
  authHandler?: AuthHandler<OAuthResult> | undefined;
559
578
  signIn?: {
560
579
  resolver: _backstage_plugin_auth_node.SignInResolver<OAuthResult>;
@@ -747,6 +766,7 @@ declare const providers: Readonly<{
747
766
  * All auth provider factories that are installed by default.
748
767
  *
749
768
  * @public
769
+ * @deprecated Migrate the auth plugin to the new backend system https://backstage.io/docs/backend-system/building-backends/migrating#the-auth-plugin
750
770
  */
751
771
  declare const defaultAuthProviderFactories: {
752
772
  [providerId: string]: AuthProviderFactory$1;
@@ -760,6 +780,7 @@ declare const defaultAuthProviderFactories: {
760
780
  * supplies built-in sign-in resolvers for the specific provider.
761
781
  *
762
782
  * @public
783
+ * @deprecated Migrate the auth plugin to the new backend system https://backstage.io/docs/backend-system/building-backends/migrating#the-auth-plugin
763
784
  */
764
785
  declare function createAuthProviderIntegration<TCreateOptions extends unknown[], TResolvers extends {
765
786
  [name in string]: (...args: any[]) => SignInResolver$1<any>;
@@ -798,6 +819,7 @@ declare const ensuresXRequestedWith: (req: express.Request) => boolean;
798
819
  * A catalog client tailored for reading out identity data from the catalog.
799
820
  *
800
821
  * @public
822
+ * @deprecated Use the provided `AuthResolverContext` instead, see https://backstage.io/docs/auth/identity-resolver#building-custom-resolvers
801
823
  */
802
824
  declare class CatalogIdentityClient {
803
825
  private readonly catalogApi;
@@ -837,6 +859,7 @@ declare class CatalogIdentityClient {
837
859
  * A reference to the entity itself will also be included in the returned array.
838
860
  *
839
861
  * @public
862
+ * @deprecated use `ctx.resolveOwnershipEntityRefs(entity)` from the provided `AuthResolverContext` instead.
840
863
  */
841
864
  declare function getDefaultOwnershipEntityRefs(entity: Entity): string[];
842
865
 
package/dist/lib/catalog/CatalogIdentityClient.cjs.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"CatalogIdentityClient.cjs.js","sources":["../../../src/lib/catalog/CatalogIdentityClient.ts"],"sourcesContent":["/*\n * Copyright 2020 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport {\n AuthService,\n DiscoveryService,\n HttpAuthService,\n LoggerService,\n} from '@backstage/backend-plugin-api';\nimport { ConflictError, NotFoundError } from '@backstage/errors';\nimport { CatalogApi } from '@backstage/catalog-client';\nimport {\n CompoundEntityRef,\n parseEntityRef,\n RELATION_MEMBER_OF,\n stringifyEntityRef,\n UserEntity,\n} from '@backstage/catalog-model';\nimport {\n TokenManager,\n createLegacyAuthAdapters,\n} from '@backstage/backend-common';\n\n/**\n * A catalog client tailored for reading out identity data from the catalog.\n *\n * @public\n */\nexport class CatalogIdentityClient {\n private readonly catalogApi: CatalogApi;\n private readonly auth: AuthService;\n\n constructor(options: {\n catalogApi: CatalogApi;\n tokenManager?: TokenManager;\n discovery: DiscoveryService;\n auth?: AuthService;\n httpAuth?: HttpAuthService;\n }) {\n this.catalogApi = options.catalogApi;\n\n const { auth } = createLegacyAuthAdapters({\n auth: options.auth,\n httpAuth: options.httpAuth,\n discovery: options.discovery,\n tokenManager: options.tokenManager,\n });\n\n this.auth = auth;\n }\n\n /**\n * Looks up a single user using a query.\n *\n * Throws a NotFoundError or ConflictError if 0 or multiple users are found.\n */\n async findUser(query: {\n annotations: Record<string, string>;\n }): Promise<UserEntity> {\n const filter: Record<string, string> = {\n kind: 'user',\n };\n for (const [key, value] of Object.entries(query.annotations)) {\n filter[`metadata.annotations.${key}`] = value;\n }\n\n const { token } = await this.auth.getPluginRequestToken({\n onBehalfOf: await this.auth.getOwnServiceCredentials(),\n targetPluginId: 'catalog',\n });\n\n const { items } = await this.catalogApi.getEntities({ filter }, { token });\n\n if (items.length !== 1) {\n if (items.length > 1) {\n throw new ConflictError('User lookup resulted in multiple matches');\n } else {\n throw new NotFoundError('User not found');\n }\n }\n\n return items[0] as UserEntity;\n }\n\n /**\n * Resolve additional entity claims from the catalog, using the passed-in entity names. Designed\n * to be used within a `signInResolver` where additional entity claims might be provided, but\n * group membership and transient group membership lean on imported catalog relations.\n *\n * Returns a superset of the entity names that can be passed directly to `issueToken` as `ent`.\n */\n async resolveCatalogMembership(query: {\n entityRefs: string[];\n logger?: LoggerService;\n }): Promise<string[]> {\n const { entityRefs, logger } = query;\n const resolvedEntityRefs = entityRefs\n .map((ref: string) => {\n try {\n const parsedRef = parseEntityRef(ref.toLocaleLowerCase('en-US'), {\n defaultKind: 'user',\n defaultNamespace: 'default',\n });\n return parsedRef;\n } catch {\n logger?.warn(`Failed to parse entityRef from ${ref}, ignoring`);\n return null;\n }\n })\n .filter((ref): ref is CompoundEntityRef => ref !== null);\n\n const filter = resolvedEntityRefs.map(ref => ({\n kind: ref.kind,\n 'metadata.namespace': ref.namespace,\n 'metadata.name': ref.name,\n }));\n\n const { token } = await this.auth.getPluginRequestToken({\n onBehalfOf: await this.auth.getOwnServiceCredentials(),\n targetPluginId: 'catalog',\n });\n\n const entities = await this.catalogApi\n .getEntities({ filter }, { token })\n .then(r => r.items);\n\n if (entityRefs.length !== entities.length) {\n const foundEntityNames = entities.map(stringifyEntityRef);\n const missingEntityNames = resolvedEntityRefs\n .map(stringifyEntityRef)\n .filter(s => !foundEntityNames.includes(s));\n logger?.debug(`Entities not found for refs ${missingEntityNames.join()}`);\n }\n\n const memberOf = entities.flatMap(\n e =>\n e!.relations\n ?.filter(r => r.type === RELATION_MEMBER_OF)\n .map(r => r.targetRef) ?? [],\n );\n\n const newEntityRefs = [\n ...new Set(resolvedEntityRefs.map(stringifyEntityRef).concat(memberOf)),\n ];\n\n logger?.debug(`Found catalog membership: ${newEntityRefs.join()}`);\n return newEntityRefs;\n }\n}\n"],"names":["createLegacyAuthAdapters","ConflictError","NotFoundError","parseEntityRef","stringifyEntityRef","RELATION_MEMBER_OF"],"mappings":";;;;;;AAyCO,MAAM,qBAAsB,CAAA;AAAA,EAChB,UAAA;AAAA,EACA,IAAA;AAAA,EAEjB,YAAY,OAMT,EAAA;AACD,IAAA,IAAA,CAAK,aAAa,OAAQ,CAAA,UAAA;AAE1B,IAAM,MAAA,EAAE,IAAK,EAAA,GAAIA,sCAAyB,CAAA;AAAA,MACxC,MAAM,OAAQ,CAAA,IAAA;AAAA,MACd,UAAU,OAAQ,CAAA,QAAA;AAAA,MAClB,WAAW,OAAQ,CAAA,SAAA;AAAA,MACnB,cAAc,OAAQ,CAAA;AAAA,KACvB,CAAA;AAED,IAAA,IAAA,CAAK,IAAO,GAAA,IAAA;AAAA;AACd;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,MAAM,SAAS,KAES,EAAA;AACtB,IAAA,MAAM,MAAiC,GAAA;AAAA,MACrC,IAAM,EAAA;AAAA,KACR;AACA,IAAW,KAAA,MAAA,CAAC,KAAK,KAAK,CAAA,IAAK,OAAO,OAAQ,CAAA,KAAA,CAAM,WAAW,CAAG,EAAA;AAC5D,MAAO,MAAA,CAAA,CAAA,qBAAA,EAAwB,GAAG,CAAA,CAAE,CAAI,GAAA,KAAA;AAAA;AAG1C,IAAA,MAAM,EAAE,KAAM,EAAA,GAAI,MAAM,IAAA,CAAK,KAAK,qBAAsB,CAAA;AAAA,MACtD,UAAY,EAAA,MAAM,IAAK,CAAA,IAAA,CAAK,wBAAyB,EAAA;AAAA,MACrD,cAAgB,EAAA;AAAA,KACjB,CAAA;AAED,IAAA,MAAM,EAAE,KAAA,EAAU,GAAA,MAAM,IAAK,CAAA,UAAA,CAAW,WAAY,CAAA,EAAE,MAAO,EAAA,EAAG,EAAE,KAAA,EAAO,CAAA;AAEzE,IAAI,IAAA,KAAA,CAAM,WAAW,CAAG,EAAA;AACtB,MAAI,IAAA,KAAA,CAAM,SAAS,CAAG,EAAA;AACpB,QAAM,MAAA,IAAIC,qBAAc,0CAA0C,CAAA;AAAA,OAC7D,MAAA;AACL,QAAM,MAAA,IAAIC,qBAAc,gBAAgB,CAAA;AAAA;AAC1C;AAGF,IAAA,OAAO,MAAM,CAAC,CAAA;AAAA;AAChB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EASA,MAAM,yBAAyB,KAGT,EAAA;AACpB,IAAM,MAAA,EAAE,UAAY,EAAA,MAAA,EAAW,GAAA,KAAA;AAC/B,IAAA,MAAM,kBAAqB,GAAA,UAAA,CACxB,GAAI,CAAA,CAAC,GAAgB,KAAA;AACpB,MAAI,IAAA;AACF,QAAA,MAAM,SAAY,GAAAC,2BAAA,CAAe,GAAI,CAAA,iBAAA,CAAkB,OAAO,CAAG,EAAA;AAAA,UAC/D,WAAa,EAAA,MAAA;AAAA,UACb,gBAAkB,EAAA;AAAA,SACnB,CAAA;AACD,QAAO,OAAA,SAAA;AAAA,OACD,CAAA,MAAA;AACN,QAAQ,MAAA,EAAA,IAAA,CAAK,CAAkC,+BAAA,EAAA,GAAG,CAAY,UAAA,CAAA,CAAA;AAC9D,QAAO,OAAA,IAAA;AAAA;AACT,KACD,CACA,CAAA,MAAA,CAAO,CAAC,GAAA,KAAkC,QAAQ,IAAI,CAAA;AAEzD,IAAM,MAAA,MAAA,GAAS,kBAAmB,CAAA,GAAA,CAAI,CAAQ,GAAA,MAAA;AAAA,MAC5C,MAAM,GAAI,CAAA,IAAA;AAAA,MACV,sBAAsB,GAAI,CAAA,SAAA;AAAA,MAC1B,iBAAiB,GAAI,CAAA;AAAA,KACrB,CAAA,CAAA;AAEF,IAAA,MAAM,EAAE,KAAM,EAAA,GAAI,MAAM,IAAA,CAAK,KAAK,qBAAsB,CAAA;AAAA,MACtD,UAAY,EAAA,MAAM,IAAK,CAAA,IAAA,CAAK,wBAAyB,EAAA;AAAA,MACrD,cAAgB,EAAA;AAAA,KACjB,CAAA;AAED,IAAA,MAAM,QAAW,GAAA,MAAM,IAAK,CAAA,UAAA,CACzB,YAAY,EAAE,MAAA,EAAU,EAAA,EAAE,OAAO,CAAA,CACjC,IAAK,CAAA,CAAA,CAAA,KAAK,EAAE,KAAK,CAAA;AAEpB,IAAI,IAAA,UAAA,CAAW,MAAW,KAAA,QAAA,CAAS,MAAQ,EAAA;AACzC,MAAM,MAAA,gBAAA,GAAmB,QAAS,CAAA,GAAA,CAAIC,+BAAkB,CAAA;AACxD,MAAM,MAAA,kBAAA,GAAqB,kBACxB,CAAA,GAAA,CAAIA,+BAAkB,CAAA,CACtB,MAAO,CAAA,CAAA,CAAA,KAAK,CAAC,gBAAA,CAAiB,QAAS,CAAA,CAAC,CAAC,CAAA;AAC5C,MAAA,MAAA,EAAQ,KAAM,CAAA,CAAA,4BAAA,EAA+B,kBAAmB,CAAA,IAAA,EAAM,CAAE,CAAA,CAAA;AAAA;AAG1E,IAAA,MAAM,WAAW,QAAS,CAAA,OAAA;AAAA,MACxB,CACE,CAAA,KAAA,CAAA,CAAG,SACC,EAAA,MAAA,CAAO,OAAK,CAAE,CAAA,IAAA,KAASC,+BAAkB,CAAA,CAC1C,GAAI,CAAA,CAAA,CAAA,KAAK,CAAE,CAAA,SAAS,KAAK;AAAC,KACjC;AAEA,IAAA,MAAM,aAAgB,GAAA;AAAA,MACpB,GAAG,IAAI,GAAI,CAAA,kBAAA,CAAmB,IAAID,+BAAkB,CAAA,CAAE,MAAO,CAAA,QAAQ,CAAC;AAAA,KACxE;AAEA,IAAA,MAAA,EAAQ,KAAM,CAAA,CAAA,0BAAA,EAA6B,aAAc,CAAA,IAAA,EAAM,CAAE,CAAA,CAAA;AACjE,IAAO,OAAA,aAAA;AAAA;AAEX;;;;"}
1
+ {"version":3,"file":"CatalogIdentityClient.cjs.js","sources":["../../../src/lib/catalog/CatalogIdentityClient.ts"],"sourcesContent":["/*\n * Copyright 2020 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport {\n AuthService,\n DiscoveryService,\n HttpAuthService,\n LoggerService,\n} from '@backstage/backend-plugin-api';\nimport { ConflictError, NotFoundError } from '@backstage/errors';\nimport { CatalogApi } from '@backstage/catalog-client';\nimport {\n CompoundEntityRef,\n parseEntityRef,\n RELATION_MEMBER_OF,\n stringifyEntityRef,\n UserEntity,\n} from '@backstage/catalog-model';\nimport {\n TokenManager,\n createLegacyAuthAdapters,\n} from '@backstage/backend-common';\n\n/**\n * A catalog client tailored for reading out identity data from the catalog.\n *\n * @public\n * @deprecated Use the provided `AuthResolverContext` instead, see https://backstage.io/docs/auth/identity-resolver#building-custom-resolvers\n */\nexport class CatalogIdentityClient {\n private readonly catalogApi: CatalogApi;\n private readonly auth: AuthService;\n\n constructor(options: {\n catalogApi: CatalogApi;\n tokenManager?: TokenManager;\n discovery: DiscoveryService;\n auth?: AuthService;\n httpAuth?: HttpAuthService;\n }) {\n this.catalogApi = options.catalogApi;\n\n const { auth } = createLegacyAuthAdapters({\n auth: options.auth,\n httpAuth: options.httpAuth,\n discovery: options.discovery,\n tokenManager: options.tokenManager,\n });\n\n this.auth = auth;\n }\n\n /**\n * Looks up a single user using a query.\n *\n * Throws a NotFoundError or ConflictError if 0 or multiple users are found.\n */\n async findUser(query: {\n annotations: Record<string, string>;\n }): Promise<UserEntity> {\n const filter: Record<string, string> = {\n kind: 'user',\n };\n for (const [key, value] of Object.entries(query.annotations)) {\n filter[`metadata.annotations.${key}`] = value;\n }\n\n const { token } = await this.auth.getPluginRequestToken({\n onBehalfOf: await this.auth.getOwnServiceCredentials(),\n targetPluginId: 'catalog',\n });\n\n const { items } = await this.catalogApi.getEntities({ filter }, { token });\n\n if (items.length !== 1) {\n if (items.length > 1) {\n throw new ConflictError('User lookup resulted in multiple matches');\n } else {\n throw new NotFoundError('User not found');\n }\n }\n\n return items[0] as UserEntity;\n }\n\n /**\n * Resolve additional entity claims from the catalog, using the passed-in entity names. Designed\n * to be used within a `signInResolver` where additional entity claims might be provided, but\n * group membership and transient group membership lean on imported catalog relations.\n *\n * Returns a superset of the entity names that can be passed directly to `issueToken` as `ent`.\n */\n async resolveCatalogMembership(query: {\n entityRefs: string[];\n logger?: LoggerService;\n }): Promise<string[]> {\n const { entityRefs, logger } = query;\n const resolvedEntityRefs = entityRefs\n .map((ref: string) => {\n try {\n const parsedRef = parseEntityRef(ref.toLocaleLowerCase('en-US'), {\n defaultKind: 'user',\n defaultNamespace: 'default',\n });\n return parsedRef;\n } catch {\n logger?.warn(`Failed to parse entityRef from ${ref}, ignoring`);\n return null;\n }\n })\n .filter((ref): ref is CompoundEntityRef => ref !== null);\n\n const filter = resolvedEntityRefs.map(ref => ({\n kind: ref.kind,\n 'metadata.namespace': ref.namespace,\n 'metadata.name': ref.name,\n }));\n\n const { token } = await this.auth.getPluginRequestToken({\n onBehalfOf: await this.auth.getOwnServiceCredentials(),\n targetPluginId: 'catalog',\n });\n\n const entities = await this.catalogApi\n .getEntities({ filter }, { token })\n .then(r => r.items);\n\n if (entityRefs.length !== entities.length) {\n const foundEntityNames = entities.map(stringifyEntityRef);\n const missingEntityNames = resolvedEntityRefs\n .map(stringifyEntityRef)\n .filter(s => !foundEntityNames.includes(s));\n logger?.debug(`Entities not found for refs ${missingEntityNames.join()}`);\n }\n\n const memberOf = entities.flatMap(\n e =>\n e!.relations\n ?.filter(r => r.type === RELATION_MEMBER_OF)\n .map(r => r.targetRef) ?? [],\n );\n\n const newEntityRefs = [\n ...new Set(resolvedEntityRefs.map(stringifyEntityRef).concat(memberOf)),\n ];\n\n logger?.debug(`Found catalog membership: ${newEntityRefs.join()}`);\n return newEntityRefs;\n }\n}\n"],"names":["createLegacyAuthAdapters","ConflictError","NotFoundError","parseEntityRef","stringifyEntityRef","RELATION_MEMBER_OF"],"mappings":";;;;;;AA0CO,MAAM,qBAAsB,CAAA;AAAA,EAChB,UAAA;AAAA,EACA,IAAA;AAAA,EAEjB,YAAY,OAMT,EAAA;AACD,IAAA,IAAA,CAAK,aAAa,OAAQ,CAAA,UAAA;AAE1B,IAAM,MAAA,EAAE,IAAK,EAAA,GAAIA,sCAAyB,CAAA;AAAA,MACxC,MAAM,OAAQ,CAAA,IAAA;AAAA,MACd,UAAU,OAAQ,CAAA,QAAA;AAAA,MAClB,WAAW,OAAQ,CAAA,SAAA;AAAA,MACnB,cAAc,OAAQ,CAAA;AAAA,KACvB,CAAA;AAED,IAAA,IAAA,CAAK,IAAO,GAAA,IAAA;AAAA;AACd;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,MAAM,SAAS,KAES,EAAA;AACtB,IAAA,MAAM,MAAiC,GAAA;AAAA,MACrC,IAAM,EAAA;AAAA,KACR;AACA,IAAW,KAAA,MAAA,CAAC,KAAK,KAAK,CAAA,IAAK,OAAO,OAAQ,CAAA,KAAA,CAAM,WAAW,CAAG,EAAA;AAC5D,MAAO,MAAA,CAAA,CAAA,qBAAA,EAAwB,GAAG,CAAA,CAAE,CAAI,GAAA,KAAA;AAAA;AAG1C,IAAA,MAAM,EAAE,KAAM,EAAA,GAAI,MAAM,IAAA,CAAK,KAAK,qBAAsB,CAAA;AAAA,MACtD,UAAY,EAAA,MAAM,IAAK,CAAA,IAAA,CAAK,wBAAyB,EAAA;AAAA,MACrD,cAAgB,EAAA;AAAA,KACjB,CAAA;AAED,IAAA,MAAM,EAAE,KAAA,EAAU,GAAA,MAAM,IAAK,CAAA,UAAA,CAAW,WAAY,CAAA,EAAE,MAAO,EAAA,EAAG,EAAE,KAAA,EAAO,CAAA;AAEzE,IAAI,IAAA,KAAA,CAAM,WAAW,CAAG,EAAA;AACtB,MAAI,IAAA,KAAA,CAAM,SAAS,CAAG,EAAA;AACpB,QAAM,MAAA,IAAIC,qBAAc,0CAA0C,CAAA;AAAA,OAC7D,MAAA;AACL,QAAM,MAAA,IAAIC,qBAAc,gBAAgB,CAAA;AAAA;AAC1C;AAGF,IAAA,OAAO,MAAM,CAAC,CAAA;AAAA;AAChB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EASA,MAAM,yBAAyB,KAGT,EAAA;AACpB,IAAM,MAAA,EAAE,UAAY,EAAA,MAAA,EAAW,GAAA,KAAA;AAC/B,IAAA,MAAM,kBAAqB,GAAA,UAAA,CACxB,GAAI,CAAA,CAAC,GAAgB,KAAA;AACpB,MAAI,IAAA;AACF,QAAA,MAAM,SAAY,GAAAC,2BAAA,CAAe,GAAI,CAAA,iBAAA,CAAkB,OAAO,CAAG,EAAA;AAAA,UAC/D,WAAa,EAAA,MAAA;AAAA,UACb,gBAAkB,EAAA;AAAA,SACnB,CAAA;AACD,QAAO,OAAA,SAAA;AAAA,OACD,CAAA,MAAA;AACN,QAAQ,MAAA,EAAA,IAAA,CAAK,CAAkC,+BAAA,EAAA,GAAG,CAAY,UAAA,CAAA,CAAA;AAC9D,QAAO,OAAA,IAAA;AAAA;AACT,KACD,CACA,CAAA,MAAA,CAAO,CAAC,GAAA,KAAkC,QAAQ,IAAI,CAAA;AAEzD,IAAM,MAAA,MAAA,GAAS,kBAAmB,CAAA,GAAA,CAAI,CAAQ,GAAA,MAAA;AAAA,MAC5C,MAAM,GAAI,CAAA,IAAA;AAAA,MACV,sBAAsB,GAAI,CAAA,SAAA;AAAA,MAC1B,iBAAiB,GAAI,CAAA;AAAA,KACrB,CAAA,CAAA;AAEF,IAAA,MAAM,EAAE,KAAM,EAAA,GAAI,MAAM,IAAA,CAAK,KAAK,qBAAsB,CAAA;AAAA,MACtD,UAAY,EAAA,MAAM,IAAK,CAAA,IAAA,CAAK,wBAAyB,EAAA;AAAA,MACrD,cAAgB,EAAA;AAAA,KACjB,CAAA;AAED,IAAA,MAAM,QAAW,GAAA,MAAM,IAAK,CAAA,UAAA,CACzB,YAAY,EAAE,MAAA,EAAU,EAAA,EAAE,OAAO,CAAA,CACjC,IAAK,CAAA,CAAA,CAAA,KAAK,EAAE,KAAK,CAAA;AAEpB,IAAI,IAAA,UAAA,CAAW,MAAW,KAAA,QAAA,CAAS,MAAQ,EAAA;AACzC,MAAM,MAAA,gBAAA,GAAmB,QAAS,CAAA,GAAA,CAAIC,+BAAkB,CAAA;AACxD,MAAM,MAAA,kBAAA,GAAqB,kBACxB,CAAA,GAAA,CAAIA,+BAAkB,CAAA,CACtB,MAAO,CAAA,CAAA,CAAA,KAAK,CAAC,gBAAA,CAAiB,QAAS,CAAA,CAAC,CAAC,CAAA;AAC5C,MAAA,MAAA,EAAQ,KAAM,CAAA,CAAA,4BAAA,EAA+B,kBAAmB,CAAA,IAAA,EAAM,CAAE,CAAA,CAAA;AAAA;AAG1E,IAAA,MAAM,WAAW,QAAS,CAAA,OAAA;AAAA,MACxB,CACE,CAAA,KAAA,CAAA,CAAG,SACC,EAAA,MAAA,CAAO,OAAK,CAAE,CAAA,IAAA,KAASC,+BAAkB,CAAA,CAC1C,GAAI,CAAA,CAAA,CAAA,KAAK,CAAE,CAAA,SAAS,KAAK;AAAC,KACjC;AAEA,IAAA,MAAM,aAAgB,GAAA;AAAA,MACpB,GAAG,IAAI,GAAI,CAAA,kBAAA,CAAmB,IAAID,+BAAkB,CAAA,CAAE,MAAO,CAAA,QAAQ,CAAC;AAAA,KACxE;AAEA,IAAA,MAAA,EAAQ,KAAM,CAAA,CAAA,0BAAA,EAA6B,aAAc,CAAA,IAAA,EAAM,CAAE,CAAA,CAAA;AACjE,IAAO,OAAA,aAAA;AAAA;AAEX;;;;"}
package/dist/lib/resolvers/CatalogAuthResolverContext.cjs.js CHANGED
@@ -94,21 +94,23 @@ class CatalogAuthResolverContext {
94
94
  }
95
95
  async signInWithCatalogUser(query) {
96
96
  const { entity } = await this.findCatalogUser(query);
97
- let ent;
98
- if (this.ownershipResolver) {
99
- const { ownershipEntityRefs } = await this.ownershipResolver.resolveOwnershipEntityRefs(entity);
100
- ent = ownershipEntityRefs;
101
- } else {
102
- ent = getDefaultOwnershipEntityRefs(entity);
103
- }
97
+ const { ownershipEntityRefs } = await this.resolveOwnershipEntityRefs(
98
+ entity
99
+ );
104
100
  const token = await this.tokenIssuer.issueToken({
105
101
  claims: {
106
102
  sub: catalogModel.stringifyEntityRef(entity),
107
- ent
103
+ ent: ownershipEntityRefs
108
104
  }
109
105
  });
110
106
  return { token };
111
107
  }
108
+ async resolveOwnershipEntityRefs(entity) {
109
+ if (this.ownershipResolver) {
110
+ return this.ownershipResolver.resolveOwnershipEntityRefs(entity);
111
+ }
112
+ return { ownershipEntityRefs: getDefaultOwnershipEntityRefs(entity) };
113
+ }
112
114
  }
113
115
 
114
116
  exports.CatalogAuthResolverContext = CatalogAuthResolverContext;
package/dist/lib/resolvers/CatalogAuthResolverContext.cjs.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"CatalogAuthResolverContext.cjs.js","sources":["../../../src/lib/resolvers/CatalogAuthResolverContext.ts"],"sourcesContent":["/*\n * Copyright 2022 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { TokenManager } from '@backstage/backend-common';\nimport { CatalogApi } from '@backstage/catalog-client';\nimport {\n DEFAULT_NAMESPACE,\n Entity,\n parseEntityRef,\n RELATION_MEMBER_OF,\n stringifyEntityRef,\n} from '@backstage/catalog-model';\nimport { ConflictError, InputError, NotFoundError } from '@backstage/errors';\nimport {\n AuthService,\n DiscoveryService,\n HttpAuthService,\n LoggerService,\n} from '@backstage/backend-plugin-api';\nimport { TokenIssuer } from '../../identity/types';\nimport {\n AuthOwnershipResolver,\n AuthResolverCatalogUserQuery,\n AuthResolverContext,\n TokenParams,\n} from '@backstage/plugin-auth-node';\nimport { CatalogIdentityClient } from '../catalog';\n\n/**\n * Uses the default ownership resolution logic to return an array\n * of entity refs that the provided entity claims ownership through.\n *\n * A reference to the entity itself will also be included in the returned array.\n *\n * @public\n */\nexport function getDefaultOwnershipEntityRefs(entity: Entity) {\n const membershipRefs =\n entity.relations\n ?.filter(\n r => r.type === RELATION_MEMBER_OF && r.targetRef.startsWith('group:'),\n )\n .map(r => r.targetRef) ?? [];\n\n return Array.from(new Set([stringifyEntityRef(entity), ...membershipRefs]));\n}\n\n/**\n * @internal\n */\nexport class CatalogAuthResolverContext implements AuthResolverContext {\n static create(options: {\n logger: LoggerService;\n catalogApi: CatalogApi;\n tokenIssuer: TokenIssuer;\n tokenManager?: TokenManager;\n discovery: DiscoveryService;\n auth: AuthService;\n httpAuth: HttpAuthService;\n ownershipResolver?: AuthOwnershipResolver;\n }): CatalogAuthResolverContext {\n const catalogIdentityClient = new CatalogIdentityClient({\n catalogApi: options.catalogApi,\n tokenManager: options.tokenManager,\n discovery: options.discovery,\n auth: options.auth,\n httpAuth: options.httpAuth,\n });\n\n return new CatalogAuthResolverContext(\n options.logger,\n options.tokenIssuer,\n catalogIdentityClient,\n options.catalogApi,\n options.auth,\n options.ownershipResolver,\n );\n }\n\n private constructor(\n public readonly logger: LoggerService,\n public readonly tokenIssuer: TokenIssuer,\n public readonly catalogIdentityClient: CatalogIdentityClient,\n private readonly catalogApi: CatalogApi,\n private readonly auth: AuthService,\n private readonly ownershipResolver?: AuthOwnershipResolver,\n ) {}\n\n async issueToken(params: TokenParams) {\n const token = await this.tokenIssuer.issueToken(params);\n return { token };\n }\n\n async findCatalogUser(query: AuthResolverCatalogUserQuery) {\n let result: Entity[] | Entity | undefined = undefined;\n const { token } = await this.auth.getPluginRequestToken({\n onBehalfOf: await this.auth.getOwnServiceCredentials(),\n targetPluginId: 'catalog',\n });\n\n if ('entityRef' in query) {\n const entityRef = parseEntityRef(query.entityRef, {\n defaultKind: 'User',\n defaultNamespace: DEFAULT_NAMESPACE,\n });\n result = await this.catalogApi.getEntityByRef(entityRef, { token });\n } else if ('annotations' in query) {\n const filter: Record<string, string> = {\n kind: 'user',\n };\n for (const [key, value] of Object.entries(query.annotations)) {\n filter[`metadata.annotations.${key}`] = value;\n }\n const res = await this.catalogApi.getEntities({ filter }, { token });\n result = res.items;\n } else if ('filter' in query) {\n const filter = [query.filter].flat().map(value => {\n if (\n !Object.keys(value).some(\n key => key.toLocaleLowerCase('en-US') === 'kind',\n )\n ) {\n return {\n ...value,\n kind: 'user',\n };\n }\n return value;\n });\n const res = await this.catalogApi.getEntities(\n { filter: filter },\n { token },\n );\n result = res.items;\n } else {\n throw new InputError('Invalid user lookup query');\n }\n\n if (Array.isArray(result)) {\n if (result.length > 1) {\n throw new ConflictError('User lookup resulted in multiple matches');\n }\n result = result[0];\n }\n if (!result) {\n throw new NotFoundError('User not found');\n }\n\n return { entity: result };\n }\n\n async signInWithCatalogUser(query: AuthResolverCatalogUserQuery) {\n const { entity } = await this.findCatalogUser(query);\n let ent: string[];\n if (this.ownershipResolver) {\n const { ownershipEntityRefs } =\n await this.ownershipResolver.resolveOwnershipEntityRefs(entity);\n ent = ownershipEntityRefs;\n } else {\n ent = getDefaultOwnershipEntityRefs(entity);\n }\n\n const token = await this.tokenIssuer.issueToken({\n claims: {\n sub: stringifyEntityRef(entity),\n ent,\n },\n });\n return { token };\n }\n}\n"],"names":["RELATION_MEMBER_OF","stringifyEntityRef","CatalogIdentityClient","parseEntityRef","DEFAULT_NAMESPACE","InputError","ConflictError","NotFoundError"],"mappings":";;;;;;AAiDO,SAAS,8BAA8B,MAAgB,EAAA;AAC5D,EAAM,MAAA,cAAA,GACJ,OAAO,SACH,EAAA,MAAA;AAAA,IACA,OAAK,CAAE,CAAA,IAAA,KAASA,mCAAsB,CAAE,CAAA,SAAA,CAAU,WAAW,QAAQ;AAAA,IAEtE,GAAI,CAAA,CAAA,CAAA,KAAK,CAAE,CAAA,SAAS,KAAK,EAAC;AAE/B,EAAO,OAAA,KAAA,CAAM,IAAK,iBAAA,IAAI,GAAI,CAAA,CAACC,+BAAmB,CAAA,MAAM,CAAG,EAAA,GAAG,cAAc,CAAC,CAAC,CAAA;AAC5E;AAKO,MAAM,0BAA0D,CAAA;AAAA,EA6B7D,YACU,MACA,EAAA,WAAA,EACA,qBACC,EAAA,UAAA,EACA,MACA,iBACjB,EAAA;AANgB,IAAA,IAAA,CAAA,MAAA,GAAA,MAAA;AACA,IAAA,IAAA,CAAA,WAAA,GAAA,WAAA;AACA,IAAA,IAAA,CAAA,qBAAA,GAAA,qBAAA;AACC,IAAA,IAAA,CAAA,UAAA,GAAA,UAAA;AACA,IAAA,IAAA,CAAA,IAAA,GAAA,IAAA;AACA,IAAA,IAAA,CAAA,iBAAA,GAAA,iBAAA;AAAA;AAChB,EAnCH,OAAO,OAAO,OASiB,EAAA;AAC7B,IAAM,MAAA,qBAAA,GAAwB,IAAIC,2CAAsB,CAAA;AAAA,MACtD,YAAY,OAAQ,CAAA,UAAA;AAAA,MACpB,cAAc,OAAQ,CAAA,YAAA;AAAA,MACtB,WAAW,OAAQ,CAAA,SAAA;AAAA,MACnB,MAAM,OAAQ,CAAA,IAAA;AAAA,MACd,UAAU,OAAQ,CAAA;AAAA,KACnB,CAAA;AAED,IAAA,OAAO,IAAI,0BAAA;AAAA,MACT,OAAQ,CAAA,MAAA;AAAA,MACR,OAAQ,CAAA,WAAA;AAAA,MACR,qBAAA;AAAA,MACA,OAAQ,CAAA,UAAA;AAAA,MACR,OAAQ,CAAA,IAAA;AAAA,MACR,OAAQ,CAAA;AAAA,KACV;AAAA;AACF,EAWA,MAAM,WAAW,MAAqB,EAAA;AACpC,IAAA,MAAM,KAAQ,GAAA,MAAM,IAAK,CAAA,WAAA,CAAY,WAAW,MAAM,CAAA;AACtD,IAAA,OAAO,EAAE,KAAM,EAAA;AAAA;AACjB,EAEA,MAAM,gBAAgB,KAAqC,EAAA;AACzD,IAAA,IAAI,MAAwC,GAAA,KAAA,CAAA;AAC5C,IAAA,MAAM,EAAE,KAAM,EAAA,GAAI,MAAM,IAAA,CAAK,KAAK,qBAAsB,CAAA;AAAA,MACtD,UAAY,EAAA,MAAM,IAAK,CAAA,IAAA,CAAK,wBAAyB,EAAA;AAAA,MACrD,cAAgB,EAAA;AAAA,KACjB,CAAA;AAED,IAAA,IAAI,eAAe,KAAO,EAAA;AACxB,MAAM,MAAA,SAAA,GAAYC,2BAAe,CAAA,KAAA,CAAM,SAAW,EAAA;AAAA,QAChD,WAAa,EAAA,MAAA;AAAA,QACb,gBAAkB,EAAAC;AAAA,OACnB,CAAA;AACD,MAAA,MAAA,GAAS,MAAM,IAAK,CAAA,UAAA,CAAW,eAAe,SAAW,EAAA,EAAE,OAAO,CAAA;AAAA,KACpE,MAAA,IAAW,iBAAiB,KAAO,EAAA;AACjC,MAAA,MAAM,MAAiC,GAAA;AAAA,QACrC,IAAM,EAAA;AAAA,OACR;AACA,MAAW,KAAA,MAAA,CAAC,KAAK,KAAK,CAAA,IAAK,OAAO,OAAQ,CAAA,KAAA,CAAM,WAAW,CAAG,EAAA;AAC5D,QAAO,MAAA,CAAA,CAAA,qBAAA,EAAwB,GAAG,CAAA,CAAE,CAAI,GAAA,KAAA;AAAA;AAE1C,MAAM,MAAA,GAAA,GAAM,MAAM,IAAA,CAAK,UAAW,CAAA,WAAA,CAAY,EAAE,MAAO,EAAA,EAAG,EAAE,KAAA,EAAO,CAAA;AACnE,MAAA,MAAA,GAAS,GAAI,CAAA,KAAA;AAAA,KACf,MAAA,IAAW,YAAY,KAAO,EAAA;AAC5B,MAAM,MAAA,MAAA,GAAS,CAAC,KAAM,CAAA,MAAM,EAAE,IAAK,EAAA,CAAE,IAAI,CAAS,KAAA,KAAA;AAChD,QAAA,IACE,CAAC,MAAA,CAAO,IAAK,CAAA,KAAK,CAAE,CAAA,IAAA;AAAA,UAClB,CAAO,GAAA,KAAA,GAAA,CAAI,iBAAkB,CAAA,OAAO,CAAM,KAAA;AAAA,SAE5C,EAAA;AACA,UAAO,OAAA;AAAA,YACL,GAAG,KAAA;AAAA,YACH,IAAM,EAAA;AAAA,WACR;AAAA;AAEF,QAAO,OAAA,KAAA;AAAA,OACR,CAAA;AACD,MAAM,MAAA,GAAA,GAAM,MAAM,IAAA,CAAK,UAAW,CAAA,WAAA;AAAA,QAChC,EAAE,MAAe,EAAA;AAAA,QACjB,EAAE,KAAM;AAAA,OACV;AACA,MAAA,MAAA,GAAS,GAAI,CAAA,KAAA;AAAA,KACR,MAAA;AACL,MAAM,MAAA,IAAIC,kBAAW,2BAA2B,CAAA;AAAA;AAGlD,IAAI,IAAA,KAAA,CAAM,OAAQ,CAAA,MAAM,CAAG,EAAA;AACzB,MAAI,IAAA,MAAA,CAAO,SAAS,CAAG,EAAA;AACrB,QAAM,MAAA,IAAIC,qBAAc,0CAA0C,CAAA;AAAA;AAEpE,MAAA,MAAA,GAAS,OAAO,CAAC,CAAA;AAAA;AAEnB,IAAA,IAAI,CAAC,MAAQ,EAAA;AACX,MAAM,MAAA,IAAIC,qBAAc,gBAAgB,CAAA;AAAA;AAG1C,IAAO,OAAA,EAAE,QAAQ,MAAO,EAAA;AAAA;AAC1B,EAEA,MAAM,sBAAsB,KAAqC,EAAA;AAC/D,IAAA,MAAM,EAAE,MAAO,EAAA,GAAI,MAAM,IAAA,CAAK,gBAAgB,KAAK,CAAA;AACnD,IAAI,IAAA,GAAA;AACJ,IAAA,IAAI,KAAK,iBAAmB,EAAA;AAC1B,MAAA,MAAM,EAAE,mBAAoB,EAAA,GAC1B,MAAM,IAAK,CAAA,iBAAA,CAAkB,2BAA2B,MAAM,CAAA;AAChE,MAAM,GAAA,GAAA,mBAAA;AAAA,KACD,MAAA;AACL,MAAA,GAAA,GAAM,8BAA8B,MAAM,CAAA;AAAA;AAG5C,IAAA,MAAM,KAAQ,GAAA,MAAM,IAAK,CAAA,WAAA,CAAY,UAAW,CAAA;AAAA,MAC9C,MAAQ,EAAA;AAAA,QACN,GAAA,EAAKN,gCAAmB,MAAM,CAAA;AAAA,QAC9B;AAAA;AACF,KACD,CAAA;AACD,IAAA,OAAO,EAAE,KAAM,EAAA;AAAA;AAEnB;;;;;"}
1
+ {"version":3,"file":"CatalogAuthResolverContext.cjs.js","sources":["../../../src/lib/resolvers/CatalogAuthResolverContext.ts"],"sourcesContent":["/*\n * Copyright 2022 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { TokenManager } from '@backstage/backend-common';\nimport { CatalogApi } from '@backstage/catalog-client';\nimport {\n DEFAULT_NAMESPACE,\n Entity,\n parseEntityRef,\n RELATION_MEMBER_OF,\n stringifyEntityRef,\n} from '@backstage/catalog-model';\nimport { ConflictError, InputError, NotFoundError } from '@backstage/errors';\nimport {\n AuthService,\n DiscoveryService,\n HttpAuthService,\n LoggerService,\n} from '@backstage/backend-plugin-api';\nimport { TokenIssuer } from '../../identity/types';\nimport {\n AuthOwnershipResolver,\n AuthResolverCatalogUserQuery,\n AuthResolverContext,\n TokenParams,\n} from '@backstage/plugin-auth-node';\nimport { CatalogIdentityClient } from '../catalog';\n\n/**\n * Uses the default ownership resolution logic to return an array\n * of entity refs that the provided entity claims ownership through.\n *\n * A reference to the entity itself will also be included in the returned array.\n *\n * @public\n * @deprecated use `ctx.resolveOwnershipEntityRefs(entity)` from the provided `AuthResolverContext` instead.\n */\nexport function getDefaultOwnershipEntityRefs(entity: Entity) {\n const membershipRefs =\n entity.relations\n ?.filter(\n r => r.type === RELATION_MEMBER_OF && r.targetRef.startsWith('group:'),\n )\n .map(r => r.targetRef) ?? [];\n\n return Array.from(new Set([stringifyEntityRef(entity), ...membershipRefs]));\n}\n\n/**\n * @internal\n */\nexport class CatalogAuthResolverContext implements AuthResolverContext {\n static create(options: {\n logger: LoggerService;\n catalogApi: CatalogApi;\n tokenIssuer: TokenIssuer;\n tokenManager?: TokenManager;\n discovery: DiscoveryService;\n auth: AuthService;\n httpAuth: HttpAuthService;\n ownershipResolver?: AuthOwnershipResolver;\n }): CatalogAuthResolverContext {\n const catalogIdentityClient = new CatalogIdentityClient({\n catalogApi: options.catalogApi,\n tokenManager: options.tokenManager,\n discovery: options.discovery,\n auth: options.auth,\n httpAuth: options.httpAuth,\n });\n\n return new CatalogAuthResolverContext(\n options.logger,\n options.tokenIssuer,\n catalogIdentityClient,\n options.catalogApi,\n options.auth,\n options.ownershipResolver,\n );\n }\n\n private constructor(\n public readonly logger: LoggerService,\n public readonly tokenIssuer: TokenIssuer,\n public readonly catalogIdentityClient: CatalogIdentityClient,\n private readonly catalogApi: CatalogApi,\n private readonly auth: AuthService,\n private readonly ownershipResolver?: AuthOwnershipResolver,\n ) {}\n\n async issueToken(params: TokenParams) {\n const token = await this.tokenIssuer.issueToken(params);\n return { token };\n }\n\n async findCatalogUser(query: AuthResolverCatalogUserQuery) {\n let result: Entity[] | Entity | undefined = undefined;\n const { token } = await this.auth.getPluginRequestToken({\n onBehalfOf: await this.auth.getOwnServiceCredentials(),\n targetPluginId: 'catalog',\n });\n\n if ('entityRef' in query) {\n const entityRef = parseEntityRef(query.entityRef, {\n defaultKind: 'User',\n defaultNamespace: DEFAULT_NAMESPACE,\n });\n result = await this.catalogApi.getEntityByRef(entityRef, { token });\n } else if ('annotations' in query) {\n const filter: Record<string, string> = {\n kind: 'user',\n };\n for (const [key, value] of Object.entries(query.annotations)) {\n filter[`metadata.annotations.${key}`] = value;\n }\n const res = await this.catalogApi.getEntities({ filter }, { token });\n result = res.items;\n } else if ('filter' in query) {\n const filter = [query.filter].flat().map(value => {\n if (\n !Object.keys(value).some(\n key => key.toLocaleLowerCase('en-US') === 'kind',\n )\n ) {\n return {\n ...value,\n kind: 'user',\n };\n }\n return value;\n });\n const res = await this.catalogApi.getEntities(\n { filter: filter },\n { token },\n );\n result = res.items;\n } else {\n throw new InputError('Invalid user lookup query');\n }\n\n if (Array.isArray(result)) {\n if (result.length > 1) {\n throw new ConflictError('User lookup resulted in multiple matches');\n }\n result = result[0];\n }\n if (!result) {\n throw new NotFoundError('User not found');\n }\n\n return { entity: result };\n }\n\n async signInWithCatalogUser(query: AuthResolverCatalogUserQuery) {\n const { entity } = await this.findCatalogUser(query);\n\n const { ownershipEntityRefs } = await this.resolveOwnershipEntityRefs(\n entity,\n );\n\n const token = await this.tokenIssuer.issueToken({\n claims: {\n sub: stringifyEntityRef(entity),\n ent: ownershipEntityRefs,\n },\n });\n return { token };\n }\n\n async resolveOwnershipEntityRefs(\n entity: Entity,\n ): Promise<{ ownershipEntityRefs: string[] }> {\n if (this.ownershipResolver) {\n return this.ownershipResolver.resolveOwnershipEntityRefs(entity);\n }\n return { ownershipEntityRefs: getDefaultOwnershipEntityRefs(entity) };\n }\n}\n"],"names":["RELATION_MEMBER_OF","stringifyEntityRef","CatalogIdentityClient","parseEntityRef","DEFAULT_NAMESPACE","InputError","ConflictError","NotFoundError"],"mappings":";;;;;;AAkDO,SAAS,8BAA8B,MAAgB,EAAA;AAC5D,EAAM,MAAA,cAAA,GACJ,OAAO,SACH,EAAA,MAAA;AAAA,IACA,OAAK,CAAE,CAAA,IAAA,KAASA,mCAAsB,CAAE,CAAA,SAAA,CAAU,WAAW,QAAQ;AAAA,IAEtE,GAAI,CAAA,CAAA,CAAA,KAAK,CAAE,CAAA,SAAS,KAAK,EAAC;AAE/B,EAAO,OAAA,KAAA,CAAM,IAAK,iBAAA,IAAI,GAAI,CAAA,CAACC,+BAAmB,CAAA,MAAM,CAAG,EAAA,GAAG,cAAc,CAAC,CAAC,CAAA;AAC5E;AAKO,MAAM,0BAA0D,CAAA;AAAA,EA6B7D,YACU,MACA,EAAA,WAAA,EACA,qBACC,EAAA,UAAA,EACA,MACA,iBACjB,EAAA;AANgB,IAAA,IAAA,CAAA,MAAA,GAAA,MAAA;AACA,IAAA,IAAA,CAAA,WAAA,GAAA,WAAA;AACA,IAAA,IAAA,CAAA,qBAAA,GAAA,qBAAA;AACC,IAAA,IAAA,CAAA,UAAA,GAAA,UAAA;AACA,IAAA,IAAA,CAAA,IAAA,GAAA,IAAA;AACA,IAAA,IAAA,CAAA,iBAAA,GAAA,iBAAA;AAAA;AAChB,EAnCH,OAAO,OAAO,OASiB,EAAA;AAC7B,IAAM,MAAA,qBAAA,GAAwB,IAAIC,2CAAsB,CAAA;AAAA,MACtD,YAAY,OAAQ,CAAA,UAAA;AAAA,MACpB,cAAc,OAAQ,CAAA,YAAA;AAAA,MACtB,WAAW,OAAQ,CAAA,SAAA;AAAA,MACnB,MAAM,OAAQ,CAAA,IAAA;AAAA,MACd,UAAU,OAAQ,CAAA;AAAA,KACnB,CAAA;AAED,IAAA,OAAO,IAAI,0BAAA;AAAA,MACT,OAAQ,CAAA,MAAA;AAAA,MACR,OAAQ,CAAA,WAAA;AAAA,MACR,qBAAA;AAAA,MACA,OAAQ,CAAA,UAAA;AAAA,MACR,OAAQ,CAAA,IAAA;AAAA,MACR,OAAQ,CAAA;AAAA,KACV;AAAA;AACF,EAWA,MAAM,WAAW,MAAqB,EAAA;AACpC,IAAA,MAAM,KAAQ,GAAA,MAAM,IAAK,CAAA,WAAA,CAAY,WAAW,MAAM,CAAA;AACtD,IAAA,OAAO,EAAE,KAAM,EAAA;AAAA;AACjB,EAEA,MAAM,gBAAgB,KAAqC,EAAA;AACzD,IAAA,IAAI,MAAwC,GAAA,KAAA,CAAA;AAC5C,IAAA,MAAM,EAAE,KAAM,EAAA,GAAI,MAAM,IAAA,CAAK,KAAK,qBAAsB,CAAA;AAAA,MACtD,UAAY,EAAA,MAAM,IAAK,CAAA,IAAA,CAAK,wBAAyB,EAAA;AAAA,MACrD,cAAgB,EAAA;AAAA,KACjB,CAAA;AAED,IAAA,IAAI,eAAe,KAAO,EAAA;AACxB,MAAM,MAAA,SAAA,GAAYC,2BAAe,CAAA,KAAA,CAAM,SAAW,EAAA;AAAA,QAChD,WAAa,EAAA,MAAA;AAAA,QACb,gBAAkB,EAAAC;AAAA,OACnB,CAAA;AACD,MAAA,MAAA,GAAS,MAAM,IAAK,CAAA,UAAA,CAAW,eAAe,SAAW,EAAA,EAAE,OAAO,CAAA;AAAA,KACpE,MAAA,IAAW,iBAAiB,KAAO,EAAA;AACjC,MAAA,MAAM,MAAiC,GAAA;AAAA,QACrC,IAAM,EAAA;AAAA,OACR;AACA,MAAW,KAAA,MAAA,CAAC,KAAK,KAAK,CAAA,IAAK,OAAO,OAAQ,CAAA,KAAA,CAAM,WAAW,CAAG,EAAA;AAC5D,QAAO,MAAA,CAAA,CAAA,qBAAA,EAAwB,GAAG,CAAA,CAAE,CAAI,GAAA,KAAA;AAAA;AAE1C,MAAM,MAAA,GAAA,GAAM,MAAM,IAAA,CAAK,UAAW,CAAA,WAAA,CAAY,EAAE,MAAO,EAAA,EAAG,EAAE,KAAA,EAAO,CAAA;AACnE,MAAA,MAAA,GAAS,GAAI,CAAA,KAAA;AAAA,KACf,MAAA,IAAW,YAAY,KAAO,EAAA;AAC5B,MAAM,MAAA,MAAA,GAAS,CAAC,KAAM,CAAA,MAAM,EAAE,IAAK,EAAA,CAAE,IAAI,CAAS,KAAA,KAAA;AAChD,QAAA,IACE,CAAC,MAAA,CAAO,IAAK,CAAA,KAAK,CAAE,CAAA,IAAA;AAAA,UAClB,CAAO,GAAA,KAAA,GAAA,CAAI,iBAAkB,CAAA,OAAO,CAAM,KAAA;AAAA,SAE5C,EAAA;AACA,UAAO,OAAA;AAAA,YACL,GAAG,KAAA;AAAA,YACH,IAAM,EAAA;AAAA,WACR;AAAA;AAEF,QAAO,OAAA,KAAA;AAAA,OACR,CAAA;AACD,MAAM,MAAA,GAAA,GAAM,MAAM,IAAA,CAAK,UAAW,CAAA,WAAA;AAAA,QAChC,EAAE,MAAe,EAAA;AAAA,QACjB,EAAE,KAAM;AAAA,OACV;AACA,MAAA,MAAA,GAAS,GAAI,CAAA,KAAA;AAAA,KACR,MAAA;AACL,MAAM,MAAA,IAAIC,kBAAW,2BAA2B,CAAA;AAAA;AAGlD,IAAI,IAAA,KAAA,CAAM,OAAQ,CAAA,MAAM,CAAG,EAAA;AACzB,MAAI,IAAA,MAAA,CAAO,SAAS,CAAG,EAAA;AACrB,QAAM,MAAA,IAAIC,qBAAc,0CAA0C,CAAA;AAAA;AAEpE,MAAA,MAAA,GAAS,OAAO,CAAC,CAAA;AAAA;AAEnB,IAAA,IAAI,CAAC,MAAQ,EAAA;AACX,MAAM,MAAA,IAAIC,qBAAc,gBAAgB,CAAA;AAAA;AAG1C,IAAO,OAAA,EAAE,QAAQ,MAAO,EAAA;AAAA;AAC1B,EAEA,MAAM,sBAAsB,KAAqC,EAAA;AAC/D,IAAA,MAAM,EAAE,MAAO,EAAA,GAAI,MAAM,IAAA,CAAK,gBAAgB,KAAK,CAAA;AAEnD,IAAA,MAAM,EAAE,mBAAA,EAAwB,GAAA,MAAM,IAAK,CAAA,0BAAA;AAAA,MACzC;AAAA,KACF;AAEA,IAAA,MAAM,KAAQ,GAAA,MAAM,IAAK,CAAA,WAAA,CAAY,UAAW,CAAA;AAAA,MAC9C,MAAQ,EAAA;AAAA,QACN,GAAA,EAAKN,gCAAmB,MAAM,CAAA;AAAA,QAC9B,GAAK,EAAA;AAAA;AACP,KACD,CAAA;AACD,IAAA,OAAO,EAAE,KAAM,EAAA;AAAA;AACjB,EAEA,MAAM,2BACJ,MAC4C,EAAA;AAC5C,IAAA,IAAI,KAAK,iBAAmB,EAAA;AAC1B,MAAO,OAAA,IAAA,CAAK,iBAAkB,CAAA,0BAAA,CAA2B,MAAM,CAAA;AAAA;AAEjE,IAAA,OAAO,EAAE,mBAAA,EAAqB,6BAA8B,CAAA,MAAM,CAAE,EAAA;AAAA;AAExE;;;;;"}
package/dist/providers/atlassian/provider.cjs.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"provider.cjs.js","sources":["../../../src/providers/atlassian/provider.ts"],"sourcesContent":["/*\n * Copyright 2020 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { atlassianAuthenticator } from '@backstage/plugin-auth-backend-module-atlassian-provider';\nimport {\n SignInResolver,\n createOAuthProviderFactory,\n} from '@backstage/plugin-auth-node';\nimport {\n adaptLegacyOAuthHandler,\n adaptLegacyOAuthSignInResolver,\n} from '../../lib/legacy';\nimport { OAuthResult } from '../../lib/oauth';\nimport { createAuthProviderIntegration } from '../createAuthProviderIntegration';\nimport { AuthHandler } from '../types';\n\n/**\n * Auth provider integration for Atlassian auth\n *\n * @public\n */\nexport const atlassian = createAuthProviderIntegration({\n create(options?: {\n /**\n * The profile transformation function used to verify and convert the auth response\n * into the profile that will be presented to the user.\n */\n authHandler?: AuthHandler<OAuthResult>;\n\n /**\n * Configure sign-in for this provider, without it the provider can not be used to sign users in.\n */\n signIn?: {\n resolver: SignInResolver<OAuthResult>;\n };\n }) {\n return createOAuthProviderFactory({\n authenticator: atlassianAuthenticator,\n profileTransform: adaptLegacyOAuthHandler(options?.authHandler),\n signInResolver: adaptLegacyOAuthSignInResolver(options?.signIn?.resolver),\n });\n },\n});\n"],"names":["createAuthProviderIntegration","createOAuthProviderFactory","atlassianAuthenticator","adaptLegacyOAuthHandler","adaptLegacyOAuthSignInResolver"],"mappings":";;;;;;;;AAkCO,MAAM,YAAYA,2DAA8B,CAAA;AAAA,EACrD,OAAO,OAaJ,EAAA;AACD,IAAA,OAAOC,yCAA2B,CAAA;AAAA,MAChC,aAAe,EAAAC,+DAAA;AAAA,MACf,gBAAA,EAAkBC,+CAAwB,CAAA,OAAA,EAAS,WAAW,CAAA;AAAA,MAC9D,cAAgB,EAAAC,6DAAA,CAA+B,OAAS,EAAA,MAAA,EAAQ,QAAQ;AAAA,KACzE,CAAA;AAAA;AAEL,CAAC;;;;"}
1
+ {"version":3,"file":"provider.cjs.js","sources":["../../../src/providers/atlassian/provider.ts"],"sourcesContent":["/*\n * Copyright 2020 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { atlassianAuthenticator } from '@backstage/plugin-auth-backend-module-atlassian-provider';\nimport {\n SignInResolver,\n createOAuthProviderFactory,\n} from '@backstage/plugin-auth-node';\nimport {\n adaptLegacyOAuthHandler,\n adaptLegacyOAuthSignInResolver,\n} from '../../lib/legacy';\nimport { OAuthResult } from '../../lib/oauth';\nimport { createAuthProviderIntegration } from '../createAuthProviderIntegration';\nimport { AuthHandler } from '../types';\n\n/**\n * Auth provider integration for Atlassian auth\n *\n * @public\n * @deprecated Migrate the auth plugin to the new backend system https://backstage.io/docs/backend-system/building-backends/migrating#the-auth-plugin\n */\nexport const atlassian = createAuthProviderIntegration({\n create(options?: {\n /**\n * The profile transformation function used to verify and convert the auth response\n * into the profile that will be presented to the user.\n */\n authHandler?: AuthHandler<OAuthResult>;\n\n /**\n * Configure sign-in for this provider, without it the provider can not be used to sign users in.\n */\n signIn?: {\n resolver: SignInResolver<OAuthResult>;\n };\n }) {\n return createOAuthProviderFactory({\n authenticator: atlassianAuthenticator,\n profileTransform: adaptLegacyOAuthHandler(options?.authHandler),\n signInResolver: adaptLegacyOAuthSignInResolver(options?.signIn?.resolver),\n });\n },\n});\n"],"names":["createAuthProviderIntegration","createOAuthProviderFactory","atlassianAuthenticator","adaptLegacyOAuthHandler","adaptLegacyOAuthSignInResolver"],"mappings":";;;;;;;;AAmCO,MAAM,YAAYA,2DAA8B,CAAA;AAAA,EACrD,OAAO,OAaJ,EAAA;AACD,IAAA,OAAOC,yCAA2B,CAAA;AAAA,MAChC,aAAe,EAAAC,+DAAA;AAAA,MACf,gBAAA,EAAkBC,+CAAwB,CAAA,OAAA,EAAS,WAAW,CAAA;AAAA,MAC9D,cAAgB,EAAAC,6DAAA,CAA+B,OAAS,EAAA,MAAA,EAAQ,QAAQ;AAAA,KACzE,CAAA;AAAA;AAEL,CAAC;;;;"}
package/dist/providers/auth0/provider.cjs.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"provider.cjs.js","sources":["../../../src/providers/auth0/provider.ts"],"sourcesContent":["/*\n * Copyright 2020 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { OAuthProviderOptions, OAuthResult } from '../../lib/oauth';\n\nimport { AuthHandler } from '../types';\nimport { createAuthProviderIntegration } from '../createAuthProviderIntegration';\nimport {\n AuthResolverContext,\n createOAuthProviderFactory,\n SignInResolver,\n} from '@backstage/plugin-auth-node';\nimport {\n adaptLegacyOAuthHandler,\n adaptLegacyOAuthSignInResolver,\n} from '../../lib/legacy';\nimport { auth0Authenticator } from '@backstage/plugin-auth-backend-module-auth0-provider';\n\n/**\n * @public\n * @deprecated The Auth0 auth provider was extracted to `@backstage/plugin-auth-backend-module-auth0-provider`.\n */\nexport type Auth0AuthProviderOptions = OAuthProviderOptions & {\n domain: string;\n signInResolver?: SignInResolver<OAuthResult>;\n authHandler: AuthHandler<OAuthResult>;\n resolverContext: AuthResolverContext;\n audience?: string;\n connection?: string;\n connectionScope?: string;\n};\n\n/**\n * Auth provider integration for auth0 auth\n *\n * @public\n */\nexport const auth0 = createAuthProviderIntegration({\n create(options?: {\n /**\n * The profile transformation function used to verify and convert the auth response\n * into the profile that will be presented to the user.\n */\n authHandler?: AuthHandler<OAuthResult>;\n\n /**\n * Configure sign-in for this provider, without it the provider can not be used to sign users in.\n */\n signIn?: {\n /**\n * Maps an auth result to a Backstage identity for the user.\n */\n resolver: SignInResolver<OAuthResult>;\n };\n }) {\n return createOAuthProviderFactory({\n authenticator: auth0Authenticator,\n profileTransform: adaptLegacyOAuthHandler(options?.authHandler),\n signInResolver: adaptLegacyOAuthSignInResolver(options?.signIn?.resolver),\n });\n },\n});\n"],"names":["createAuthProviderIntegration","createOAuthProviderFactory","auth0Authenticator","adaptLegacyOAuthHandler","adaptLegacyOAuthSignInResolver"],"mappings":";;;;;;;;AAkDO,MAAM,QAAQA,2DAA8B,CAAA;AAAA,EACjD,OAAO,OAgBJ,EAAA;AACD,IAAA,OAAOC,yCAA2B,CAAA;AAAA,MAChC,aAAe,EAAAC,uDAAA;AAAA,MACf,gBAAA,EAAkBC,+CAAwB,CAAA,OAAA,EAAS,WAAW,CAAA;AAAA,MAC9D,cAAgB,EAAAC,6DAAA,CAA+B,OAAS,EAAA,MAAA,EAAQ,QAAQ;AAAA,KACzE,CAAA;AAAA;AAEL,CAAC;;;;"}
1
+ {"version":3,"file":"provider.cjs.js","sources":["../../../src/providers/auth0/provider.ts"],"sourcesContent":["/*\n * Copyright 2020 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { OAuthProviderOptions, OAuthResult } from '../../lib/oauth';\n\nimport { AuthHandler } from '../types';\nimport { createAuthProviderIntegration } from '../createAuthProviderIntegration';\nimport {\n AuthResolverContext,\n createOAuthProviderFactory,\n SignInResolver,\n} from '@backstage/plugin-auth-node';\nimport {\n adaptLegacyOAuthHandler,\n adaptLegacyOAuthSignInResolver,\n} from '../../lib/legacy';\nimport { auth0Authenticator } from '@backstage/plugin-auth-backend-module-auth0-provider';\n\n/**\n * @public\n * @deprecated The Auth0 auth provider was extracted to `@backstage/plugin-auth-backend-module-auth0-provider`.\n */\nexport type Auth0AuthProviderOptions = OAuthProviderOptions & {\n domain: string;\n signInResolver?: SignInResolver<OAuthResult>;\n authHandler: AuthHandler<OAuthResult>;\n resolverContext: AuthResolverContext;\n audience?: string;\n connection?: string;\n connectionScope?: string;\n};\n\n/**\n * Auth provider integration for auth0 auth\n *\n * @public\n * @deprecated Migrate the auth plugin to the new backend system https://backstage.io/docs/backend-system/building-backends/migrating#the-auth-plugin\n */\nexport const auth0 = createAuthProviderIntegration({\n create(options?: {\n /**\n * The profile transformation function used to verify and convert the auth response\n * into the profile that will be presented to the user.\n */\n authHandler?: AuthHandler<OAuthResult>;\n\n /**\n * Configure sign-in for this provider, without it the provider can not be used to sign users in.\n */\n signIn?: {\n /**\n * Maps an auth result to a Backstage identity for the user.\n */\n resolver: SignInResolver<OAuthResult>;\n };\n }) {\n return createOAuthProviderFactory({\n authenticator: auth0Authenticator,\n profileTransform: adaptLegacyOAuthHandler(options?.authHandler),\n signInResolver: adaptLegacyOAuthSignInResolver(options?.signIn?.resolver),\n });\n },\n});\n"],"names":["createAuthProviderIntegration","createOAuthProviderFactory","auth0Authenticator","adaptLegacyOAuthHandler","adaptLegacyOAuthSignInResolver"],"mappings":";;;;;;;;AAmDO,MAAM,QAAQA,2DAA8B,CAAA;AAAA,EACjD,OAAO,OAgBJ,EAAA;AACD,IAAA,OAAOC,yCAA2B,CAAA;AAAA,MAChC,aAAe,EAAAC,uDAAA;AAAA,MACf,gBAAA,EAAkBC,+CAAwB,CAAA,OAAA,EAAS,WAAW,CAAA;AAAA,MAC9D,cAAgB,EAAAC,6DAAA,CAA+B,OAAS,EAAA,MAAA,EAAQ,QAAQ;AAAA,KACzE,CAAA;AAAA;AAEL,CAAC;;;;"}
package/dist/providers/aws-alb/provider.cjs.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"provider.cjs.js","sources":["../../../src/providers/aws-alb/provider.ts"],"sourcesContent":["/*\n * Copyright 2021 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport {\n AwsAlbResult,\n awsAlbAuthenticator,\n} from '@backstage/plugin-auth-backend-module-aws-alb-provider';\nimport {\n SignInResolver,\n createProxyAuthProviderFactory,\n} from '@backstage/plugin-auth-node';\nimport { AuthHandler } from '../types';\nimport { createAuthProviderIntegration } from '../createAuthProviderIntegration';\n\n/**\n * Auth provider integration for AWS ALB auth\n *\n * @public\n */\nexport const awsAlb = createAuthProviderIntegration({\n create(options?: {\n /**\n * The profile transformation function used to verify and convert the auth\n * response into the profile that will be presented to the user. The default\n * implementation just provides the authenticated email that the IAP\n * presented.\n */\n authHandler?: AuthHandler<AwsAlbResult>;\n /**\n * Configures sign-in for this provider.\n */\n signIn: {\n /**\n * Maps an auth result to a Backstage identity for the user.\n */\n resolver: SignInResolver<AwsAlbResult>;\n };\n }) {\n return createProxyAuthProviderFactory({\n authenticator: awsAlbAuthenticator,\n profileTransform: options?.authHandler,\n signInResolver: options?.signIn?.resolver,\n });\n },\n});\n"],"names":["createAuthProviderIntegration","createProxyAuthProviderFactory","awsAlbAuthenticator"],"mappings":";;;;;;AAgCO,MAAM,SAASA,2DAA8B,CAAA;AAAA,EAClD,OAAO,OAiBJ,EAAA;AACD,IAAA,OAAOC,6CAA+B,CAAA;AAAA,MACpC,aAAe,EAAAC,yDAAA;AAAA,MACf,kBAAkB,OAAS,EAAA,WAAA;AAAA,MAC3B,cAAA,EAAgB,SAAS,MAAQ,EAAA;AAAA,KAClC,CAAA;AAAA;AAEL,CAAC;;;;"}
1
+ {"version":3,"file":"provider.cjs.js","sources":["../../../src/providers/aws-alb/provider.ts"],"sourcesContent":["/*\n * Copyright 2021 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport {\n AwsAlbResult,\n awsAlbAuthenticator,\n} from '@backstage/plugin-auth-backend-module-aws-alb-provider';\nimport {\n SignInResolver,\n createProxyAuthProviderFactory,\n} from '@backstage/plugin-auth-node';\nimport { AuthHandler } from '../types';\nimport { createAuthProviderIntegration } from '../createAuthProviderIntegration';\n\n/**\n * Auth provider integration for AWS ALB auth\n *\n * @public\n * @deprecated Migrate the auth plugin to the new backend system https://backstage.io/docs/backend-system/building-backends/migrating#the-auth-plugin\n */\nexport const awsAlb = createAuthProviderIntegration({\n create(options?: {\n /**\n * The profile transformation function used to verify and convert the auth\n * response into the profile that will be presented to the user. The default\n * implementation just provides the authenticated email that the IAP\n * presented.\n */\n authHandler?: AuthHandler<AwsAlbResult>;\n /**\n * Configures sign-in for this provider.\n */\n signIn: {\n /**\n * Maps an auth result to a Backstage identity for the user.\n */\n resolver: SignInResolver<AwsAlbResult>;\n };\n }) {\n return createProxyAuthProviderFactory({\n authenticator: awsAlbAuthenticator,\n profileTransform: options?.authHandler,\n signInResolver: options?.signIn?.resolver,\n });\n },\n});\n"],"names":["createAuthProviderIntegration","createProxyAuthProviderFactory","awsAlbAuthenticator"],"mappings":";;;;;;AAiCO,MAAM,SAASA,2DAA8B,CAAA;AAAA,EAClD,OAAO,OAiBJ,EAAA;AACD,IAAA,OAAOC,6CAA+B,CAAA;AAAA,MACpC,aAAe,EAAAC,yDAAA;AAAA,MACf,kBAAkB,OAAS,EAAA,WAAA;AAAA,MAC3B,cAAA,EAAgB,SAAS,MAAQ,EAAA;AAAA,KAClC,CAAA;AAAA;AAEL,CAAC;;;;"}
package/dist/providers/azure-easyauth/provider.cjs.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"provider.cjs.js","sources":["../../../src/providers/azure-easyauth/provider.ts"],"sourcesContent":["/*\n * Copyright 2020 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport {\n SignInResolver,\n createProxyAuthProviderFactory,\n} from '@backstage/plugin-auth-node';\nimport { AuthHandler } from '../types';\nimport { createAuthProviderIntegration } from '../createAuthProviderIntegration';\nimport {\n AzureEasyAuthResult,\n azureEasyAuthAuthenticator,\n} from '@backstage/plugin-auth-backend-module-azure-easyauth-provider';\n\nexport type EasyAuthResult = AzureEasyAuthResult;\n\n/**\n * Auth provider integration for Azure EasyAuth\n *\n * @public\n */\nexport const easyAuth = createAuthProviderIntegration({\n create(options?: {\n /**\n * The profile transformation function used to verify and convert the auth response\n * into the profile that will be presented to the user.\n */\n authHandler?: AuthHandler<EasyAuthResult>;\n\n /**\n * Configure sign-in for this provider, without it the provider can not be used to sign users in.\n */\n signIn: {\n /**\n * Maps an auth result to a Backstage identity for the user.\n */\n resolver: SignInResolver<EasyAuthResult>;\n };\n }) {\n return createProxyAuthProviderFactory({\n authenticator: azureEasyAuthAuthenticator,\n profileTransform: options?.authHandler,\n signInResolver: options?.signIn?.resolver,\n });\n },\n});\n"],"names":["createAuthProviderIntegration","createProxyAuthProviderFactory","azureEasyAuthAuthenticator"],"mappings":";;;;;;AAkCO,MAAM,WAAWA,2DAA8B,CAAA;AAAA,EACpD,OAAO,OAgBJ,EAAA;AACD,IAAA,OAAOC,6CAA+B,CAAA;AAAA,MACpC,aAAe,EAAAC,uEAAA;AAAA,MACf,kBAAkB,OAAS,EAAA,WAAA;AAAA,MAC3B,cAAA,EAAgB,SAAS,MAAQ,EAAA;AAAA,KAClC,CAAA;AAAA;AAEL,CAAC;;;;"}
1
+ {"version":3,"file":"provider.cjs.js","sources":["../../../src/providers/azure-easyauth/provider.ts"],"sourcesContent":["/*\n * Copyright 2020 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport {\n SignInResolver,\n createProxyAuthProviderFactory,\n} from '@backstage/plugin-auth-node';\nimport { AuthHandler } from '../types';\nimport { createAuthProviderIntegration } from '../createAuthProviderIntegration';\nimport {\n AzureEasyAuthResult,\n azureEasyAuthAuthenticator,\n} from '@backstage/plugin-auth-backend-module-azure-easyauth-provider';\n\nexport type EasyAuthResult = AzureEasyAuthResult;\n\n/**\n * Auth provider integration for Azure EasyAuth\n *\n * @public\n * @deprecated Migrate the auth plugin to the new backend system https://backstage.io/docs/backend-system/building-backends/migrating#the-auth-plugin\n */\nexport const easyAuth = createAuthProviderIntegration({\n create(options?: {\n /**\n * The profile transformation function used to verify and convert the auth response\n * into the profile that will be presented to the user.\n */\n authHandler?: AuthHandler<EasyAuthResult>;\n\n /**\n * Configure sign-in for this provider, without it the provider can not be used to sign users in.\n */\n signIn: {\n /**\n * Maps an auth result to a Backstage identity for the user.\n */\n resolver: SignInResolver<EasyAuthResult>;\n };\n }) {\n return createProxyAuthProviderFactory({\n authenticator: azureEasyAuthAuthenticator,\n profileTransform: options?.authHandler,\n signInResolver: options?.signIn?.resolver,\n });\n },\n});\n"],"names":["createAuthProviderIntegration","createProxyAuthProviderFactory","azureEasyAuthAuthenticator"],"mappings":";;;;;;AAmCO,MAAM,WAAWA,2DAA8B,CAAA;AAAA,EACpD,OAAO,OAgBJ,EAAA;AACD,IAAA,OAAOC,6CAA+B,CAAA;AAAA,MACpC,aAAe,EAAAC,uEAAA;AAAA,MACf,kBAAkB,OAAS,EAAA,WAAA;AAAA,MAC3B,cAAA,EAAgB,SAAS,MAAQ,EAAA;AAAA,KAClC,CAAA;AAAA;AAEL,CAAC;;;;"}
package/dist/providers/bitbucket/provider.cjs.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"provider.cjs.js","sources":["../../../src/providers/bitbucket/provider.ts"],"sourcesContent":["/*\n * Copyright 2020 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport {\n bitbucketAuthenticator,\n bitbucketSignInResolvers,\n} from '@backstage/plugin-auth-backend-module-bitbucket-provider';\nimport {\n SignInResolver,\n createOAuthProviderFactory,\n} from '@backstage/plugin-auth-node';\nimport { Profile as PassportProfile } from 'passport';\nimport {\n adaptLegacyOAuthHandler,\n adaptLegacyOAuthSignInResolver,\n adaptOAuthSignInResolverToLegacy,\n} from '../../lib/legacy';\nimport { OAuthResult } from '../../lib/oauth';\nimport { createAuthProviderIntegration } from '../createAuthProviderIntegration';\nimport { AuthHandler } from '../types';\n\n/**\n * @public\n * @deprecated The Bitbucket auth provider was extracted to `@backstage/plugin-auth-backend-module-bitbucket-provider`.\n */\nexport type BitbucketOAuthResult = {\n fullProfile: BitbucketPassportProfile;\n params: {\n id_token?: string;\n scope: string;\n expires_in: number;\n };\n accessToken: string;\n refreshToken?: string;\n};\n\n/**\n * @public\n * @deprecated The Bitbucket auth provider was extracted to `@backstage/plugin-auth-backend-module-bitbucket-provider`.\n */\nexport type BitbucketPassportProfile = PassportProfile & {\n id?: string;\n displayName?: string;\n username?: string;\n avatarUrl?: string;\n _json?: {\n links?: {\n avatar?: {\n href?: string;\n };\n };\n };\n};\n\n/**\n * Auth provider integration for Bitbucket auth\n *\n * @public\n */\nexport const bitbucket = createAuthProviderIntegration({\n create(options?: {\n /**\n * The profile transformation function used to verify and convert the auth response\n * into the profile that will be presented to the user.\n */\n authHandler?: AuthHandler<OAuthResult>;\n\n /**\n * Configure sign-in for this provider, without it the provider can not be used to sign users in.\n */\n signIn?: {\n resolver: SignInResolver<OAuthResult>;\n };\n }) {\n return createOAuthProviderFactory({\n authenticator: bitbucketAuthenticator,\n profileTransform: adaptLegacyOAuthHandler(options?.authHandler),\n signInResolver: adaptLegacyOAuthSignInResolver(options?.signIn?.resolver),\n });\n },\n resolvers: adaptOAuthSignInResolverToLegacy({\n userIdMatchingUserEntityAnnotation:\n bitbucketSignInResolvers.userIdMatchingUserEntityAnnotation(),\n usernameMatchingUserEntityAnnotation:\n bitbucketSignInResolvers.usernameMatchingUserEntityAnnotation(),\n }),\n});\n"],"names":["createAuthProviderIntegration","createOAuthProviderFactory","bitbucketAuthenticator","adaptLegacyOAuthHandler","adaptLegacyOAuthSignInResolver","adaptOAuthSignInResolverToLegacy","bitbucketSignInResolvers"],"mappings":";;;;;;;;;AAwEO,MAAM,YAAYA,2DAA8B,CAAA;AAAA,EACrD,OAAO,OAaJ,EAAA;AACD,IAAA,OAAOC,yCAA2B,CAAA;AAAA,MAChC,aAAe,EAAAC,+DAAA;AAAA,MACf,gBAAA,EAAkBC,+CAAwB,CAAA,OAAA,EAAS,WAAW,CAAA;AAAA,MAC9D,cAAgB,EAAAC,6DAAA,CAA+B,OAAS,EAAA,MAAA,EAAQ,QAAQ;AAAA,KACzE,CAAA;AAAA,GACH;AAAA,EACA,WAAWC,iEAAiC,CAAA;AAAA,IAC1C,kCAAA,EACEC,kEAAyB,kCAAmC,EAAA;AAAA,IAC9D,oCAAA,EACEA,kEAAyB,oCAAqC;AAAA,GACjE;AACH,CAAC;;;;"}
1
+ {"version":3,"file":"provider.cjs.js","sources":["../../../src/providers/bitbucket/provider.ts"],"sourcesContent":["/*\n * Copyright 2020 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport {\n bitbucketAuthenticator,\n bitbucketSignInResolvers,\n} from '@backstage/plugin-auth-backend-module-bitbucket-provider';\nimport {\n SignInResolver,\n createOAuthProviderFactory,\n} from '@backstage/plugin-auth-node';\nimport { Profile as PassportProfile } from 'passport';\nimport {\n adaptLegacyOAuthHandler,\n adaptLegacyOAuthSignInResolver,\n adaptOAuthSignInResolverToLegacy,\n} from '../../lib/legacy';\nimport { OAuthResult } from '../../lib/oauth';\nimport { createAuthProviderIntegration } from '../createAuthProviderIntegration';\nimport { AuthHandler } from '../types';\n\n/**\n * @public\n * @deprecated The Bitbucket auth provider was extracted to `@backstage/plugin-auth-backend-module-bitbucket-provider`.\n */\nexport type BitbucketOAuthResult = {\n fullProfile: BitbucketPassportProfile;\n params: {\n id_token?: string;\n scope: string;\n expires_in: number;\n };\n accessToken: string;\n refreshToken?: string;\n};\n\n/**\n * @public\n * @deprecated The Bitbucket auth provider was extracted to `@backstage/plugin-auth-backend-module-bitbucket-provider`.\n */\nexport type BitbucketPassportProfile = PassportProfile & {\n id?: string;\n displayName?: string;\n username?: string;\n avatarUrl?: string;\n _json?: {\n links?: {\n avatar?: {\n href?: string;\n };\n };\n };\n};\n\n/**\n * Auth provider integration for Bitbucket auth\n *\n * @public\n * @deprecated Migrate the auth plugin to the new backend system https://backstage.io/docs/backend-system/building-backends/migrating#the-auth-plugin\n */\nexport const bitbucket = createAuthProviderIntegration({\n create(options?: {\n /**\n * The profile transformation function used to verify and convert the auth response\n * into the profile that will be presented to the user.\n */\n authHandler?: AuthHandler<OAuthResult>;\n\n /**\n * Configure sign-in for this provider, without it the provider can not be used to sign users in.\n */\n signIn?: {\n resolver: SignInResolver<OAuthResult>;\n };\n }) {\n return createOAuthProviderFactory({\n authenticator: bitbucketAuthenticator,\n profileTransform: adaptLegacyOAuthHandler(options?.authHandler),\n signInResolver: adaptLegacyOAuthSignInResolver(options?.signIn?.resolver),\n });\n },\n resolvers: adaptOAuthSignInResolverToLegacy({\n userIdMatchingUserEntityAnnotation:\n bitbucketSignInResolvers.userIdMatchingUserEntityAnnotation(),\n usernameMatchingUserEntityAnnotation:\n bitbucketSignInResolvers.usernameMatchingUserEntityAnnotation(),\n }),\n});\n"],"names":["createAuthProviderIntegration","createOAuthProviderFactory","bitbucketAuthenticator","adaptLegacyOAuthHandler","adaptLegacyOAuthSignInResolver","adaptOAuthSignInResolverToLegacy","bitbucketSignInResolvers"],"mappings":";;;;;;;;;AAyEO,MAAM,YAAYA,2DAA8B,CAAA;AAAA,EACrD,OAAO,OAaJ,EAAA;AACD,IAAA,OAAOC,yCAA2B,CAAA;AAAA,MAChC,aAAe,EAAAC,+DAAA;AAAA,MACf,gBAAA,EAAkBC,+CAAwB,CAAA,OAAA,EAAS,WAAW,CAAA;AAAA,MAC9D,cAAgB,EAAAC,6DAAA,CAA+B,OAAS,EAAA,MAAA,EAAQ,QAAQ;AAAA,KACzE,CAAA;AAAA,GACH;AAAA,EACA,WAAWC,iEAAiC,CAAA;AAAA,IAC1C,kCAAA,EACEC,kEAAyB,kCAAmC,EAAA;AAAA,IAC9D,oCAAA,EACEA,kEAAyB,oCAAqC;AAAA,GACjE;AACH,CAAC;;;;"}
package/dist/providers/cloudflare-access/provider.cjs.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"provider.cjs.js","sources":["../../../src/providers/cloudflare-access/provider.ts"],"sourcesContent":["/*\n * Copyright 2022 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport {\n cloudflareAccessSignInResolvers,\n createCloudflareAccessAuthenticator,\n} from '@backstage/plugin-auth-backend-module-cloudflare-access-provider';\nimport {\n SignInResolver,\n createProxyAuthProviderFactory,\n} from '@backstage/plugin-auth-node';\nimport { createAuthProviderIntegration } from '../createAuthProviderIntegration';\nimport { AuthHandler } from '../types';\nimport { CacheService } from '@backstage/backend-plugin-api';\n\n/**\n * CloudflareAccessClaims\n *\n * Can be used in externally provided auth handler or sign in resolver to\n * enrich user profile for sign-in user entity\n *\n * @public\n * @deprecated import from `@backstage/plugin-auth-backend-module-cloudflare-access-provider` instead\n */\nexport type CloudflareAccessClaims = {\n /**\n * `aud` identifies the application to which the JWT is issued.\n */\n aud: string[];\n /**\n * `email` contains the email address of the authenticated user.\n */\n email: string;\n /**\n * iat and exp are the issuance and expiration timestamps.\n */\n exp: number;\n iat: number;\n /**\n * `nonce` is the session identifier.\n */\n nonce: string;\n /**\n * `identity_nonce` is available in the Application Token and can be used to\n * query all group membership for a given user.\n */\n identity_nonce: string;\n /**\n * `sub` contains the identifier of the authenticated user.\n */\n sub: string;\n /**\n * `iss` the issuer is the application’s Cloudflare Access Domain URL.\n */\n iss: string;\n /**\n * `custom` contains SAML attributes in the Application Token specified by an\n * administrator in the identity provider configuration.\n */\n custom: string;\n};\n\n/**\n * CloudflareAccessGroup\n *\n * @public\n * @deprecated import from `@backstage/plugin-auth-backend-module-cloudflare-access-provider` instead\n */\nexport type CloudflareAccessGroup = {\n /**\n * Group id\n */\n id: string;\n /**\n * Name of group as defined in Cloudflare zero trust dashboard\n */\n name: string;\n /**\n * Access group email address\n */\n email: string;\n};\n\n/**\n * CloudflareAccessIdentityProfile\n *\n * Can be used in externally provided auth handler or sign in resolver to\n * enrich user profile for sign-in user entity\n *\n * @public\n * @deprecated import from `@backstage/plugin-auth-backend-module-cloudflare-access-provider` instead\n */\nexport type CloudflareAccessIdentityProfile = {\n id: string;\n name: string;\n email: string;\n groups: CloudflareAccessGroup[];\n};\n\n/**\n * @public\n * @deprecated import from `@backstage/plugin-auth-backend-module-cloudflare-access-provider` instead\n */\nexport type CloudflareAccessResult = {\n claims: CloudflareAccessClaims;\n cfIdentity: CloudflareAccessIdentityProfile;\n expiresInSeconds?: number;\n token: string;\n};\n\n/**\n * Auth provider integration for Cloudflare Access auth\n *\n * @public\n */\nexport const cfAccess = createAuthProviderIntegration({\n create(options: {\n /**\n * The profile transformation function used to verify and convert the auth response\n * into the profile that will be presented to the user.\n */\n authHandler?: AuthHandler<CloudflareAccessResult>;\n\n /**\n * Configure sign-in for this provider, without it the provider can not be used to sign users in.\n */\n signIn: {\n /**\n * Maps an auth result to a Backstage identity for the user.\n */\n resolver: SignInResolver<CloudflareAccessResult>;\n };\n\n /**\n * Cache service object that was configured for the Backstage backend,\n * should be provided via the backend auth plugin.\n */\n cache?: CacheService;\n }) {\n return createProxyAuthProviderFactory({\n authenticator: createCloudflareAccessAuthenticator({\n cache: options.cache,\n }),\n profileTransform: options?.authHandler,\n signInResolver: options?.signIn?.resolver,\n signInResolverFactories: cloudflareAccessSignInResolvers,\n });\n },\n resolvers: cloudflareAccessSignInResolvers,\n});\n"],"names":["createAuthProviderIntegration","createProxyAuthProviderFactory","createCloudflareAccessAuthenticator","cloudflareAccessSignInResolvers"],"mappings":";;;;;;AAgIO,MAAM,WAAWA,2DAA8B,CAAA;AAAA,EACpD,OAAO,OAsBJ,EAAA;AACD,IAAA,OAAOC,6CAA+B,CAAA;AAAA,MACpC,eAAeC,mFAAoC,CAAA;AAAA,QACjD,OAAO,OAAQ,CAAA;AAAA,OAChB,CAAA;AAAA,MACD,kBAAkB,OAAS,EAAA,WAAA;AAAA,MAC3B,cAAA,EAAgB,SAAS,MAAQ,EAAA,QAAA;AAAA,MACjC,uBAAyB,EAAAC;AAAA,KAC1B,CAAA;AAAA,GACH;AAAA,EACA,SAAW,EAAAA;AACb,CAAC;;;;"}
1
+ {"version":3,"file":"provider.cjs.js","sources":["../../../src/providers/cloudflare-access/provider.ts"],"sourcesContent":["/*\n * Copyright 2022 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport {\n cloudflareAccessSignInResolvers,\n createCloudflareAccessAuthenticator,\n} from '@backstage/plugin-auth-backend-module-cloudflare-access-provider';\nimport {\n SignInResolver,\n createProxyAuthProviderFactory,\n} from '@backstage/plugin-auth-node';\nimport { createAuthProviderIntegration } from '../createAuthProviderIntegration';\nimport { AuthHandler } from '../types';\nimport { CacheService } from '@backstage/backend-plugin-api';\n\n/**\n * CloudflareAccessClaims\n *\n * Can be used in externally provided auth handler or sign in resolver to\n * enrich user profile for sign-in user entity\n *\n * @public\n * @deprecated import from `@backstage/plugin-auth-backend-module-cloudflare-access-provider` instead\n */\nexport type CloudflareAccessClaims = {\n /**\n * `aud` identifies the application to which the JWT is issued.\n */\n aud: string[];\n /**\n * `email` contains the email address of the authenticated user.\n */\n email: string;\n /**\n * iat and exp are the issuance and expiration timestamps.\n */\n exp: number;\n iat: number;\n /**\n * `nonce` is the session identifier.\n */\n nonce: string;\n /**\n * `identity_nonce` is available in the Application Token and can be used to\n * query all group membership for a given user.\n */\n identity_nonce: string;\n /**\n * `sub` contains the identifier of the authenticated user.\n */\n sub: string;\n /**\n * `iss` the issuer is the application’s Cloudflare Access Domain URL.\n */\n iss: string;\n /**\n * `custom` contains SAML attributes in the Application Token specified by an\n * administrator in the identity provider configuration.\n */\n custom: string;\n};\n\n/**\n * CloudflareAccessGroup\n *\n * @public\n * @deprecated import from `@backstage/plugin-auth-backend-module-cloudflare-access-provider` instead\n */\nexport type CloudflareAccessGroup = {\n /**\n * Group id\n */\n id: string;\n /**\n * Name of group as defined in Cloudflare zero trust dashboard\n */\n name: string;\n /**\n * Access group email address\n */\n email: string;\n};\n\n/**\n * CloudflareAccessIdentityProfile\n *\n * Can be used in externally provided auth handler or sign in resolver to\n * enrich user profile for sign-in user entity\n *\n * @public\n * @deprecated import from `@backstage/plugin-auth-backend-module-cloudflare-access-provider` instead\n */\nexport type CloudflareAccessIdentityProfile = {\n id: string;\n name: string;\n email: string;\n groups: CloudflareAccessGroup[];\n};\n\n/**\n * @public\n * @deprecated import from `@backstage/plugin-auth-backend-module-cloudflare-access-provider` instead\n */\nexport type CloudflareAccessResult = {\n claims: CloudflareAccessClaims;\n cfIdentity: CloudflareAccessIdentityProfile;\n expiresInSeconds?: number;\n token: string;\n};\n\n/**\n * Auth provider integration for Cloudflare Access auth\n *\n * @public\n * @deprecated Migrate the auth plugin to the new backend system https://backstage.io/docs/backend-system/building-backends/migrating#the-auth-plugin\n */\nexport const cfAccess = createAuthProviderIntegration({\n create(options: {\n /**\n * The profile transformation function used to verify and convert the auth response\n * into the profile that will be presented to the user.\n */\n authHandler?: AuthHandler<CloudflareAccessResult>;\n\n /**\n * Configure sign-in for this provider, without it the provider can not be used to sign users in.\n */\n signIn: {\n /**\n * Maps an auth result to a Backstage identity for the user.\n */\n resolver: SignInResolver<CloudflareAccessResult>;\n };\n\n /**\n * Cache service object that was configured for the Backstage backend,\n * should be provided via the backend auth plugin.\n */\n cache?: CacheService;\n }) {\n return createProxyAuthProviderFactory({\n authenticator: createCloudflareAccessAuthenticator({\n cache: options.cache,\n }),\n profileTransform: options?.authHandler,\n signInResolver: options?.signIn?.resolver,\n signInResolverFactories: cloudflareAccessSignInResolvers,\n });\n },\n resolvers: cloudflareAccessSignInResolvers,\n});\n"],"names":["createAuthProviderIntegration","createProxyAuthProviderFactory","createCloudflareAccessAuthenticator","cloudflareAccessSignInResolvers"],"mappings":";;;;;;AAiIO,MAAM,WAAWA,2DAA8B,CAAA;AAAA,EACpD,OAAO,OAsBJ,EAAA;AACD,IAAA,OAAOC,6CAA+B,CAAA;AAAA,MACpC,eAAeC,mFAAoC,CAAA;AAAA,QACjD,OAAO,OAAQ,CAAA;AAAA,OAChB,CAAA;AAAA,MACD,kBAAkB,OAAS,EAAA,WAAA;AAAA,MAC3B,cAAA,EAAgB,SAAS,MAAQ,EAAA,QAAA;AAAA,MACjC,uBAAyB,EAAAC;AAAA,KAC1B,CAAA;AAAA,GACH;AAAA,EACA,SAAW,EAAAA;AACb,CAAC;;;;"}
package/dist/providers/createAuthProviderIntegration.cjs.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"createAuthProviderIntegration.cjs.js","sources":["../../src/providers/createAuthProviderIntegration.ts"],"sourcesContent":["/*\n * Copyright 2022 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport {\n AuthProviderFactory,\n SignInResolver,\n} from '@backstage/plugin-auth-node';\n\n/**\n * Creates a standardized representation of an integration with a third-party\n * auth provider.\n *\n * The returned object facilitates the creation of provider instances, and\n * supplies built-in sign-in resolvers for the specific provider.\n *\n * @public\n */\nexport function createAuthProviderIntegration<\n TCreateOptions extends unknown[],\n TResolvers extends\n | {\n [name in string]: (...args: any[]) => SignInResolver<any>;\n },\n>(config: {\n create: (...args: TCreateOptions) => AuthProviderFactory;\n resolvers?: TResolvers;\n}): Readonly<{\n create: (...args: TCreateOptions) => AuthProviderFactory;\n // If no resolvers are defined, this receives the type `never`\n resolvers: Readonly<string extends keyof TResolvers ? never : TResolvers>;\n}> {\n return Object.freeze({\n ...config,\n resolvers: Object.freeze(config.resolvers ?? ({} as any)),\n });\n}\n"],"names":[],"mappings":";;AA8BO,SAAS,8BAMd,MAOC,EAAA;AACD,EAAA,OAAO,OAAO,MAAO,CAAA;AAAA,IACnB,GAAG,MAAA;AAAA,IACH,WAAW,MAAO,CAAA,MAAA,CAAO,MAAO,CAAA,SAAA,IAAc,EAAU;AAAA,GACzD,CAAA;AACH;;;;"}
1
+ {"version":3,"file":"createAuthProviderIntegration.cjs.js","sources":["../../src/providers/createAuthProviderIntegration.ts"],"sourcesContent":["/*\n * Copyright 2022 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport {\n AuthProviderFactory,\n SignInResolver,\n} from '@backstage/plugin-auth-node';\n\n/**\n * Creates a standardized representation of an integration with a third-party\n * auth provider.\n *\n * The returned object facilitates the creation of provider instances, and\n * supplies built-in sign-in resolvers for the specific provider.\n *\n * @public\n * @deprecated Migrate the auth plugin to the new backend system https://backstage.io/docs/backend-system/building-backends/migrating#the-auth-plugin\n */\nexport function createAuthProviderIntegration<\n TCreateOptions extends unknown[],\n TResolvers extends\n | {\n [name in string]: (...args: any[]) => SignInResolver<any>;\n },\n>(config: {\n create: (...args: TCreateOptions) => AuthProviderFactory;\n resolvers?: TResolvers;\n}): Readonly<{\n create: (...args: TCreateOptions) => AuthProviderFactory;\n // If no resolvers are defined, this receives the type `never`\n resolvers: Readonly<string extends keyof TResolvers ? never : TResolvers>;\n}> {\n return Object.freeze({\n ...config,\n resolvers: Object.freeze(config.resolvers ?? ({} as any)),\n });\n}\n"],"names":[],"mappings":";;AA+BO,SAAS,8BAMd,MAOC,EAAA;AACD,EAAA,OAAO,OAAO,MAAO,CAAA;AAAA,IACnB,GAAG,MAAA;AAAA,IACH,WAAW,MAAO,CAAA,MAAA,CAAO,MAAO,CAAA,SAAA,IAAc,EAAU;AAAA,GACzD,CAAA;AACH;;;;"}
package/dist/providers/gcp-iap/provider.cjs.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"provider.cjs.js","sources":["../../../src/providers/gcp-iap/provider.ts"],"sourcesContent":["/*\n * Copyright 2021 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { gcpIapAuthenticator } from '@backstage/plugin-auth-backend-module-gcp-iap-provider';\nimport {\n SignInResolver,\n createProxyAuthProviderFactory,\n} from '@backstage/plugin-auth-node';\nimport { createAuthProviderIntegration } from '../createAuthProviderIntegration';\nimport { AuthHandler } from '../types';\nimport { GcpIapResult } from './types';\n\n/**\n * Auth provider integration for Google Identity-Aware Proxy auth\n *\n * @public\n */\nexport const gcpIap = createAuthProviderIntegration({\n create(options: {\n /**\n * The profile transformation function used to verify and convert the auth\n * response into the profile that will be presented to the user. The default\n * implementation just provides the authenticated email that the IAP\n * presented.\n */\n authHandler?: AuthHandler<GcpIapResult>;\n\n /**\n * Configures sign-in for this provider.\n */\n signIn: {\n /**\n * Maps an auth result to a Backstage identity for the user.\n */\n resolver: SignInResolver<GcpIapResult>;\n };\n }) {\n return createProxyAuthProviderFactory({\n authenticator: gcpIapAuthenticator,\n profileTransform: options?.authHandler,\n signInResolver: options?.signIn?.resolver,\n });\n },\n});\n"],"names":["createAuthProviderIntegration","createProxyAuthProviderFactory","gcpIapAuthenticator"],"mappings":";;;;;;AA8BO,MAAM,SAASA,2DAA8B,CAAA;AAAA,EAClD,OAAO,OAkBJ,EAAA;AACD,IAAA,OAAOC,6CAA+B,CAAA;AAAA,MACpC,aAAe,EAAAC,yDAAA;AAAA,MACf,kBAAkB,OAAS,EAAA,WAAA;AAAA,MAC3B,cAAA,EAAgB,SAAS,MAAQ,EAAA;AAAA,KAClC,CAAA;AAAA;AAEL,CAAC;;;;"}
1
+ {"version":3,"file":"provider.cjs.js","sources":["../../../src/providers/gcp-iap/provider.ts"],"sourcesContent":["/*\n * Copyright 2021 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { gcpIapAuthenticator } from '@backstage/plugin-auth-backend-module-gcp-iap-provider';\nimport {\n SignInResolver,\n createProxyAuthProviderFactory,\n} from '@backstage/plugin-auth-node';\nimport { createAuthProviderIntegration } from '../createAuthProviderIntegration';\nimport { AuthHandler } from '../types';\nimport { GcpIapResult } from './types';\n\n/**\n * Auth provider integration for Google Identity-Aware Proxy auth\n *\n * @public\n * @deprecated Migrate the auth plugin to the new backend system https://backstage.io/docs/backend-system/building-backends/migrating#the-auth-plugin\n */\nexport const gcpIap = createAuthProviderIntegration({\n create(options: {\n /**\n * The profile transformation function used to verify and convert the auth\n * response into the profile that will be presented to the user. The default\n * implementation just provides the authenticated email that the IAP\n * presented.\n */\n authHandler?: AuthHandler<GcpIapResult>;\n\n /**\n * Configures sign-in for this provider.\n */\n signIn: {\n /**\n * Maps an auth result to a Backstage identity for the user.\n */\n resolver: SignInResolver<GcpIapResult>;\n };\n }) {\n return createProxyAuthProviderFactory({\n authenticator: gcpIapAuthenticator,\n profileTransform: options?.authHandler,\n signInResolver: options?.signIn?.resolver,\n });\n },\n});\n"],"names":["createAuthProviderIntegration","createProxyAuthProviderFactory","gcpIapAuthenticator"],"mappings":";;;;;;AA+BO,MAAM,SAASA,2DAA8B,CAAA;AAAA,EAClD,OAAO,OAkBJ,EAAA;AACD,IAAA,OAAOC,6CAA+B,CAAA;AAAA,MACpC,aAAe,EAAAC,yDAAA;AAAA,MACf,kBAAkB,OAAS,EAAA,WAAA;AAAA,MAC3B,cAAA,EAAgB,SAAS,MAAQ,EAAA;AAAA,KAClC,CAAA;AAAA;AAEL,CAAC;;;;"}
package/dist/providers/github/provider.cjs.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"provider.cjs.js","sources":["../../../src/providers/github/provider.ts"],"sourcesContent":["/*\n * Copyright 2020 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { Profile as PassportProfile } from 'passport';\nimport { AuthHandler, StateEncoder } from '../types';\nimport { createAuthProviderIntegration } from '../createAuthProviderIntegration';\nimport {\n createOAuthProviderFactory,\n OAuthAuthenticatorResult,\n ProfileTransform,\n SignInResolver,\n} from '@backstage/plugin-auth-node';\nimport { githubAuthenticator } from '@backstage/plugin-auth-backend-module-github-provider';\n\n/** @public */\nexport type GithubOAuthResult = {\n fullProfile: PassportProfile;\n params: {\n scope: string;\n expires_in?: string;\n refresh_token_expires_in?: string;\n };\n accessToken: string;\n refreshToken?: string;\n};\n\n/**\n * Auth provider integration for GitHub auth\n *\n * @public\n */\nexport const github = createAuthProviderIntegration({\n create(options?: {\n /**\n * The profile transformation function used to verify and convert the auth response\n * into the profile that will be presented to the user.\n */\n authHandler?: AuthHandler<GithubOAuthResult>;\n\n /**\n * Configure sign-in for this provider, without it the provider can not be used to sign users in.\n */\n signIn?: {\n /**\n * Maps an auth result to a Backstage identity for the user.\n */\n resolver: SignInResolver<GithubOAuthResult>;\n };\n\n /**\n * The state encoder used to encode the 'state' parameter on the OAuth request.\n *\n * It should return a string that takes the state params (from the request), url encodes the params\n * and finally base64 encodes them.\n *\n * Providing your own stateEncoder will allow you to add addition parameters to the state field.\n *\n * It is typed as follows:\n * `export type StateEncoder = (input: OAuthState) => Promise<{encodedState: string}>;`\n *\n * Note: the stateEncoder must encode a 'nonce' value and an 'env' value. Without this, the OAuth flow will fail\n * (These two values will be set by the req.state by default)\n *\n * For more information, please see the helper module in ../../oauth/helpers #readState\n */\n stateEncoder?: StateEncoder;\n }) {\n const authHandler = options?.authHandler;\n const signInResolver = options?.signIn?.resolver;\n return createOAuthProviderFactory({\n authenticator: githubAuthenticator,\n profileTransform:\n authHandler &&\n ((async (result, ctx) =>\n authHandler!(\n {\n fullProfile: result.fullProfile,\n accessToken: result.session.accessToken,\n params: {\n scope: result.session.scope,\n expires_in: result.session.expiresInSeconds\n ? String(result.session.expiresInSeconds)\n : '',\n refresh_token_expires_in: result.session\n .refreshTokenExpiresInSeconds\n ? String(result.session.refreshTokenExpiresInSeconds)\n : '',\n },\n },\n ctx,\n )) as ProfileTransform<OAuthAuthenticatorResult<PassportProfile>>),\n signInResolver:\n signInResolver &&\n ((async ({ profile, result }, ctx) =>\n signInResolver(\n {\n profile: profile,\n result: {\n fullProfile: result.fullProfile,\n accessToken: result.session.accessToken,\n refreshToken: result.session.refreshToken,\n params: {\n scope: result.session.scope,\n expires_in: result.session.expiresInSeconds\n ? String(result.session.expiresInSeconds)\n : '',\n refresh_token_expires_in: result.session\n .refreshTokenExpiresInSeconds\n ? String(result.session.refreshTokenExpiresInSeconds)\n : '',\n },\n },\n },\n ctx,\n )) as SignInResolver<OAuthAuthenticatorResult<PassportProfile>>),\n });\n },\n resolvers: {\n /**\n * Looks up the user by matching their GitHub username to the entity name.\n */\n usernameMatchingUserEntityName: (): SignInResolver<GithubOAuthResult> => {\n return async (info, ctx) => {\n const { fullProfile } = info.result;\n\n const userId = fullProfile.username;\n if (!userId) {\n throw new Error(`GitHub user profile does not contain a username`);\n }\n\n return ctx.signInWithCatalogUser({ entityRef: { name: userId } });\n };\n },\n },\n});\n"],"names":["createAuthProviderIntegration","createOAuthProviderFactory","githubAuthenticator"],"mappings":";;;;;;AA4CO,MAAM,SAASA,2DAA8B,CAAA;AAAA,EAClD,OAAO,OAkCJ,EAAA;AACD,IAAA,MAAM,cAAc,OAAS,EAAA,WAAA;AAC7B,IAAM,MAAA,cAAA,GAAiB,SAAS,MAAQ,EAAA,QAAA;AACxC,IAAA,OAAOC,yCAA2B,CAAA;AAAA,MAChC,aAAe,EAAAC,yDAAA;AAAA,MACf,gBACE,EAAA,WAAA,KACE,OAAO,MAAA,EAAQ,GACf,KAAA,WAAA;AAAA,QACE;AAAA,UACE,aAAa,MAAO,CAAA,WAAA;AAAA,UACpB,WAAA,EAAa,OAAO,OAAQ,CAAA,WAAA;AAAA,UAC5B,MAAQ,EAAA;AAAA,YACN,KAAA,EAAO,OAAO,OAAQ,CAAA,KAAA;AAAA,YACtB,UAAA,EAAY,OAAO,OAAQ,CAAA,gBAAA,GACvB,OAAO,MAAO,CAAA,OAAA,CAAQ,gBAAgB,CACtC,GAAA,EAAA;AAAA,YACJ,wBAAA,EAA0B,OAAO,OAC9B,CAAA,4BAAA,GACC,OAAO,MAAO,CAAA,OAAA,CAAQ,4BAA4B,CAClD,GAAA;AAAA;AACN,SACF;AAAA,QACA;AAAA,OACF,CAAA;AAAA,MACJ,gBACE,cACE,KAAA,OAAO,EAAE,OAAS,EAAA,MAAA,IAAU,GAC5B,KAAA,cAAA;AAAA,QACE;AAAA,UACE,OAAA;AAAA,UACA,MAAQ,EAAA;AAAA,YACN,aAAa,MAAO,CAAA,WAAA;AAAA,YACpB,WAAA,EAAa,OAAO,OAAQ,CAAA,WAAA;AAAA,YAC5B,YAAA,EAAc,OAAO,OAAQ,CAAA,YAAA;AAAA,YAC7B,MAAQ,EAAA;AAAA,cACN,KAAA,EAAO,OAAO,OAAQ,CAAA,KAAA;AAAA,cACtB,UAAA,EAAY,OAAO,OAAQ,CAAA,gBAAA,GACvB,OAAO,MAAO,CAAA,OAAA,CAAQ,gBAAgB,CACtC,GAAA,EAAA;AAAA,cACJ,wBAAA,EAA0B,OAAO,OAC9B,CAAA,4BAAA,GACC,OAAO,MAAO,CAAA,OAAA,CAAQ,4BAA4B,CAClD,GAAA;AAAA;AACN;AACF,SACF;AAAA,QACA;AAAA,OACF;AAAA,KACL,CAAA;AAAA,GACH;AAAA,EACA,SAAW,EAAA;AAAA;AAAA;AAAA;AAAA,IAIT,gCAAgC,MAAyC;AACvE,MAAO,OAAA,OAAO,MAAM,GAAQ,KAAA;AAC1B,QAAM,MAAA,EAAE,WAAY,EAAA,GAAI,IAAK,CAAA,MAAA;AAE7B,QAAA,MAAM,SAAS,WAAY,CAAA,QAAA;AAC3B,QAAA,IAAI,CAAC,MAAQ,EAAA;AACX,UAAM,MAAA,IAAI,MAAM,CAAiD,+CAAA,CAAA,CAAA;AAAA;AAGnE,QAAO,OAAA,GAAA,CAAI,sBAAsB,EAAE,SAAA,EAAW,EAAE,IAAM,EAAA,MAAA,IAAU,CAAA;AAAA,OAClE;AAAA;AACF;AAEJ,CAAC;;;;"}
1
+ {"version":3,"file":"provider.cjs.js","sources":["../../../src/providers/github/provider.ts"],"sourcesContent":["/*\n * Copyright 2020 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { Profile as PassportProfile } from 'passport';\nimport { AuthHandler, StateEncoder } from '../types';\nimport { createAuthProviderIntegration } from '../createAuthProviderIntegration';\nimport {\n createOAuthProviderFactory,\n OAuthAuthenticatorResult,\n ProfileTransform,\n SignInResolver,\n} from '@backstage/plugin-auth-node';\nimport { githubAuthenticator } from '@backstage/plugin-auth-backend-module-github-provider';\n\n/**\n * @public\n * @deprecated Migrate the auth plugin to the new backend system https://backstage.io/docs/backend-system/building-backends/migrating#the-auth-plugin\n */\nexport type GithubOAuthResult = {\n fullProfile: PassportProfile;\n params: {\n scope: string;\n expires_in?: string;\n refresh_token_expires_in?: string;\n };\n accessToken: string;\n refreshToken?: string;\n};\n\n/**\n * Auth provider integration for GitHub auth\n *\n * @public\n * @deprecated Migrate the auth plugin to the new backend system https://backstage.io/docs/backend-system/building-backends/migrating#the-auth-plugin\n */\nexport const github = createAuthProviderIntegration({\n create(options?: {\n /**\n * The profile transformation function used to verify and convert the auth response\n * into the profile that will be presented to the user.\n */\n authHandler?: AuthHandler<GithubOAuthResult>;\n\n /**\n * Configure sign-in for this provider, without it the provider can not be used to sign users in.\n */\n signIn?: {\n /**\n * Maps an auth result to a Backstage identity for the user.\n */\n resolver: SignInResolver<GithubOAuthResult>;\n };\n\n /**\n * The state encoder used to encode the 'state' parameter on the OAuth request.\n *\n * It should return a string that takes the state params (from the request), url encodes the params\n * and finally base64 encodes them.\n *\n * Providing your own stateEncoder will allow you to add addition parameters to the state field.\n *\n * It is typed as follows:\n * `export type StateEncoder = (input: OAuthState) => Promise<{encodedState: string}>;`\n *\n * Note: the stateEncoder must encode a 'nonce' value and an 'env' value. Without this, the OAuth flow will fail\n * (These two values will be set by the req.state by default)\n *\n * For more information, please see the helper module in ../../oauth/helpers #readState\n */\n stateEncoder?: StateEncoder;\n }) {\n const authHandler = options?.authHandler;\n const signInResolver = options?.signIn?.resolver;\n return createOAuthProviderFactory({\n authenticator: githubAuthenticator,\n profileTransform:\n authHandler &&\n ((async (result, ctx) =>\n authHandler!(\n {\n fullProfile: result.fullProfile,\n accessToken: result.session.accessToken,\n params: {\n scope: result.session.scope,\n expires_in: result.session.expiresInSeconds\n ? String(result.session.expiresInSeconds)\n : '',\n refresh_token_expires_in: result.session\n .refreshTokenExpiresInSeconds\n ? String(result.session.refreshTokenExpiresInSeconds)\n : '',\n },\n },\n ctx,\n )) as ProfileTransform<OAuthAuthenticatorResult<PassportProfile>>),\n signInResolver:\n signInResolver &&\n ((async ({ profile, result }, ctx) =>\n signInResolver(\n {\n profile: profile,\n result: {\n fullProfile: result.fullProfile,\n accessToken: result.session.accessToken,\n refreshToken: result.session.refreshToken,\n params: {\n scope: result.session.scope,\n expires_in: result.session.expiresInSeconds\n ? String(result.session.expiresInSeconds)\n : '',\n refresh_token_expires_in: result.session\n .refreshTokenExpiresInSeconds\n ? String(result.session.refreshTokenExpiresInSeconds)\n : '',\n },\n },\n },\n ctx,\n )) as SignInResolver<OAuthAuthenticatorResult<PassportProfile>>),\n });\n },\n resolvers: {\n /**\n * Looks up the user by matching their GitHub username to the entity name.\n */\n usernameMatchingUserEntityName: (): SignInResolver<GithubOAuthResult> => {\n return async (info, ctx) => {\n const { fullProfile } = info.result;\n\n const userId = fullProfile.username;\n if (!userId) {\n throw new Error(`GitHub user profile does not contain a username`);\n }\n\n return ctx.signInWithCatalogUser({ entityRef: { name: userId } });\n };\n },\n },\n});\n"],"names":["createAuthProviderIntegration","createOAuthProviderFactory","githubAuthenticator"],"mappings":";;;;;;AAgDO,MAAM,SAASA,2DAA8B,CAAA;AAAA,EAClD,OAAO,OAkCJ,EAAA;AACD,IAAA,MAAM,cAAc,OAAS,EAAA,WAAA;AAC7B,IAAM,MAAA,cAAA,GAAiB,SAAS,MAAQ,EAAA,QAAA;AACxC,IAAA,OAAOC,yCAA2B,CAAA;AAAA,MAChC,aAAe,EAAAC,yDAAA;AAAA,MACf,gBACE,EAAA,WAAA,KACE,OAAO,MAAA,EAAQ,GACf,KAAA,WAAA;AAAA,QACE;AAAA,UACE,aAAa,MAAO,CAAA,WAAA;AAAA,UACpB,WAAA,EAAa,OAAO,OAAQ,CAAA,WAAA;AAAA,UAC5B,MAAQ,EAAA;AAAA,YACN,KAAA,EAAO,OAAO,OAAQ,CAAA,KAAA;AAAA,YACtB,UAAA,EAAY,OAAO,OAAQ,CAAA,gBAAA,GACvB,OAAO,MAAO,CAAA,OAAA,CAAQ,gBAAgB,CACtC,GAAA,EAAA;AAAA,YACJ,wBAAA,EAA0B,OAAO,OAC9B,CAAA,4BAAA,GACC,OAAO,MAAO,CAAA,OAAA,CAAQ,4BAA4B,CAClD,GAAA;AAAA;AACN,SACF;AAAA,QACA;AAAA,OACF,CAAA;AAAA,MACJ,gBACE,cACE,KAAA,OAAO,EAAE,OAAS,EAAA,MAAA,IAAU,GAC5B,KAAA,cAAA;AAAA,QACE;AAAA,UACE,OAAA;AAAA,UACA,MAAQ,EAAA;AAAA,YACN,aAAa,MAAO,CAAA,WAAA;AAAA,YACpB,WAAA,EAAa,OAAO,OAAQ,CAAA,WAAA;AAAA,YAC5B,YAAA,EAAc,OAAO,OAAQ,CAAA,YAAA;AAAA,YAC7B,MAAQ,EAAA;AAAA,cACN,KAAA,EAAO,OAAO,OAAQ,CAAA,KAAA;AAAA,cACtB,UAAA,EAAY,OAAO,OAAQ,CAAA,gBAAA,GACvB,OAAO,MAAO,CAAA,OAAA,CAAQ,gBAAgB,CACtC,GAAA,EAAA;AAAA,cACJ,wBAAA,EAA0B,OAAO,OAC9B,CAAA,4BAAA,GACC,OAAO,MAAO,CAAA,OAAA,CAAQ,4BAA4B,CAClD,GAAA;AAAA;AACN;AACF,SACF;AAAA,QACA;AAAA,OACF;AAAA,KACL,CAAA;AAAA,GACH;AAAA,EACA,SAAW,EAAA;AAAA;AAAA;AAAA;AAAA,IAIT,gCAAgC,MAAyC;AACvE,MAAO,OAAA,OAAO,MAAM,GAAQ,KAAA;AAC1B,QAAM,MAAA,EAAE,WAAY,EAAA,GAAI,IAAK,CAAA,MAAA;AAE7B,QAAA,MAAM,SAAS,WAAY,CAAA,QAAA;AAC3B,QAAA,IAAI,CAAC,MAAQ,EAAA;AACX,UAAM,MAAA,IAAI,MAAM,CAAiD,+CAAA,CAAA,CAAA;AAAA;AAGnE,QAAO,OAAA,GAAA,CAAI,sBAAsB,EAAE,SAAA,EAAW,EAAE,IAAM,EAAA,MAAA,IAAU,CAAA;AAAA,OAClE;AAAA;AACF;AAEJ,CAAC;;;;"}
package/dist/providers/gitlab/provider.cjs.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"provider.cjs.js","sources":["../../../src/providers/gitlab/provider.ts"],"sourcesContent":["/*\n * Copyright 2020 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { AuthHandler } from '../types';\nimport { OAuthResult } from '../../lib/oauth';\nimport { createAuthProviderIntegration } from '../createAuthProviderIntegration';\nimport {\n SignInResolver,\n createOAuthProviderFactory,\n} from '@backstage/plugin-auth-node';\nimport {\n adaptLegacyOAuthHandler,\n adaptLegacyOAuthSignInResolver,\n} from '../../lib/legacy';\nimport { gitlabAuthenticator } from '@backstage/plugin-auth-backend-module-gitlab-provider';\n\n/**\n * Auth provider integration for GitLab auth\n *\n * @public\n */\nexport const gitlab = createAuthProviderIntegration({\n create(options?: {\n /**\n * The profile transformation function used to verify and convert the auth response\n * into the profile that will be presented to the user.\n */\n authHandler?: AuthHandler<OAuthResult>;\n\n /**\n * Configure sign-in for this provider, without it the provider can not be used to sign users in.\n */\n signIn?: {\n resolver: SignInResolver<OAuthResult>;\n };\n }) {\n return createOAuthProviderFactory({\n authenticator: gitlabAuthenticator,\n profileTransform: adaptLegacyOAuthHandler(options?.authHandler),\n signInResolver: adaptLegacyOAuthSignInResolver(options?.signIn?.resolver),\n });\n },\n});\n"],"names":["createAuthProviderIntegration","createOAuthProviderFactory","gitlabAuthenticator","adaptLegacyOAuthHandler","adaptLegacyOAuthSignInResolver"],"mappings":";;;;;;;;AAkCO,MAAM,SAASA,2DAA8B,CAAA;AAAA,EAClD,OAAO,OAaJ,EAAA;AACD,IAAA,OAAOC,yCAA2B,CAAA;AAAA,MAChC,aAAe,EAAAC,yDAAA;AAAA,MACf,gBAAA,EAAkBC,+CAAwB,CAAA,OAAA,EAAS,WAAW,CAAA;AAAA,MAC9D,cAAgB,EAAAC,6DAAA,CAA+B,OAAS,EAAA,MAAA,EAAQ,QAAQ;AAAA,KACzE,CAAA;AAAA;AAEL,CAAC;;;;"}
1
+ {"version":3,"file":"provider.cjs.js","sources":["../../../src/providers/gitlab/provider.ts"],"sourcesContent":["/*\n * Copyright 2020 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { AuthHandler } from '../types';\nimport { OAuthResult } from '../../lib/oauth';\nimport { createAuthProviderIntegration } from '../createAuthProviderIntegration';\nimport {\n SignInResolver,\n createOAuthProviderFactory,\n} from '@backstage/plugin-auth-node';\nimport {\n adaptLegacyOAuthHandler,\n adaptLegacyOAuthSignInResolver,\n} from '../../lib/legacy';\nimport { gitlabAuthenticator } from '@backstage/plugin-auth-backend-module-gitlab-provider';\n\n/**\n * Auth provider integration for GitLab auth\n *\n * @public\n * @deprecated Migrate the auth plugin to the new backend system https://backstage.io/docs/backend-system/building-backends/migrating#the-auth-plugin\n */\nexport const gitlab = createAuthProviderIntegration({\n create(options?: {\n /**\n * The profile transformation function used to verify and convert the auth response\n * into the profile that will be presented to the user.\n */\n authHandler?: AuthHandler<OAuthResult>;\n\n /**\n * Configure sign-in for this provider, without it the provider can not be used to sign users in.\n */\n signIn?: {\n resolver: SignInResolver<OAuthResult>;\n };\n }) {\n return createOAuthProviderFactory({\n authenticator: gitlabAuthenticator,\n profileTransform: adaptLegacyOAuthHandler(options?.authHandler),\n signInResolver: adaptLegacyOAuthSignInResolver(options?.signIn?.resolver),\n });\n },\n});\n"],"names":["createAuthProviderIntegration","createOAuthProviderFactory","gitlabAuthenticator","adaptLegacyOAuthHandler","adaptLegacyOAuthSignInResolver"],"mappings":";;;;;;;;AAmCO,MAAM,SAASA,2DAA8B,CAAA;AAAA,EAClD,OAAO,OAaJ,EAAA;AACD,IAAA,OAAOC,yCAA2B,CAAA;AAAA,MAChC,aAAe,EAAAC,yDAAA;AAAA,MACf,gBAAA,EAAkBC,+CAAwB,CAAA,OAAA,EAAS,WAAW,CAAA;AAAA,MAC9D,cAAgB,EAAAC,6DAAA,CAA+B,OAAS,EAAA,MAAA,EAAQ,QAAQ;AAAA,KACzE,CAAA;AAAA;AAEL,CAAC;;;;"}
package/dist/providers/google/provider.cjs.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"provider.cjs.js","sources":["../../../src/providers/google/provider.ts"],"sourcesContent":["/*\n * Copyright 2020 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport {\n googleAuthenticator,\n googleSignInResolvers,\n} from '@backstage/plugin-auth-backend-module-google-provider';\nimport {\n SignInResolver,\n commonSignInResolvers,\n createOAuthProviderFactory,\n} from '@backstage/plugin-auth-node';\nimport {\n adaptLegacyOAuthHandler,\n adaptLegacyOAuthSignInResolver,\n adaptOAuthSignInResolverToLegacy,\n} from '../../lib/legacy';\nimport { OAuthResult } from '../../lib/oauth';\nimport { createAuthProviderIntegration } from '../createAuthProviderIntegration';\nimport { AuthHandler } from '../types';\n\n/**\n * Auth provider integration for Google auth\n *\n * @public\n */\nexport const google = createAuthProviderIntegration({\n create(options?: {\n /**\n * The profile transformation function used to verify and convert the auth response\n * into the profile that will be presented to the user.\n */\n authHandler?: AuthHandler<OAuthResult>;\n\n /**\n * Configure sign-in for this provider, without it the provider can not be used to sign users in.\n */\n signIn?: {\n /**\n * Maps an auth result to a Backstage identity for the user.\n */\n resolver: SignInResolver<OAuthResult>;\n };\n }) {\n return createOAuthProviderFactory({\n authenticator: googleAuthenticator,\n profileTransform: adaptLegacyOAuthHandler(options?.authHandler),\n signInResolver: adaptLegacyOAuthSignInResolver(options?.signIn?.resolver),\n });\n },\n resolvers: adaptOAuthSignInResolverToLegacy({\n emailLocalPartMatchingUserEntityName:\n commonSignInResolvers.emailLocalPartMatchingUserEntityName(),\n emailMatchingUserEntityProfileEmail:\n commonSignInResolvers.emailMatchingUserEntityProfileEmail(),\n emailMatchingUserEntityAnnotation:\n googleSignInResolvers.emailMatchingUserEntityAnnotation(),\n }),\n});\n"],"names":["createAuthProviderIntegration","createOAuthProviderFactory","googleAuthenticator","adaptLegacyOAuthHandler","adaptLegacyOAuthSignInResolver","adaptOAuthSignInResolverToLegacy","commonSignInResolvers","googleSignInResolvers"],"mappings":";;;;;;;;;AAuCO,MAAM,SAASA,2DAA8B,CAAA;AAAA,EAClD,OAAO,OAgBJ,EAAA;AACD,IAAA,OAAOC,yCAA2B,CAAA;AAAA,MAChC,aAAe,EAAAC,yDAAA;AAAA,MACf,gBAAA,EAAkBC,+CAAwB,CAAA,OAAA,EAAS,WAAW,CAAA;AAAA,MAC9D,cAAgB,EAAAC,6DAAA,CAA+B,OAAS,EAAA,MAAA,EAAQ,QAAQ;AAAA,KACzE,CAAA;AAAA,GACH;AAAA,EACA,WAAWC,iEAAiC,CAAA;AAAA,IAC1C,oCAAA,EACEC,qCAAsB,oCAAqC,EAAA;AAAA,IAC7D,mCAAA,EACEA,qCAAsB,mCAAoC,EAAA;AAAA,IAC5D,iCAAA,EACEC,4DAAsB,iCAAkC;AAAA,GAC3D;AACH,CAAC;;;;"}
1
+ {"version":3,"file":"provider.cjs.js","sources":["../../../src/providers/google/provider.ts"],"sourcesContent":["/*\n * Copyright 2020 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport {\n googleAuthenticator,\n googleSignInResolvers,\n} from '@backstage/plugin-auth-backend-module-google-provider';\nimport {\n SignInResolver,\n commonSignInResolvers,\n createOAuthProviderFactory,\n} from '@backstage/plugin-auth-node';\nimport {\n adaptLegacyOAuthHandler,\n adaptLegacyOAuthSignInResolver,\n adaptOAuthSignInResolverToLegacy,\n} from '../../lib/legacy';\nimport { OAuthResult } from '../../lib/oauth';\nimport { createAuthProviderIntegration } from '../createAuthProviderIntegration';\nimport { AuthHandler } from '../types';\n\n/**\n * Auth provider integration for Google auth\n *\n * @public\n * @deprecated Migrate the auth plugin to the new backend system https://backstage.io/docs/backend-system/building-backends/migrating#the-auth-plugin\n */\nexport const google = createAuthProviderIntegration({\n create(options?: {\n /**\n * The profile transformation function used to verify and convert the auth response\n * into the profile that will be presented to the user.\n */\n authHandler?: AuthHandler<OAuthResult>;\n\n /**\n * Configure sign-in for this provider, without it the provider can not be used to sign users in.\n */\n signIn?: {\n /**\n * Maps an auth result to a Backstage identity for the user.\n */\n resolver: SignInResolver<OAuthResult>;\n };\n }) {\n return createOAuthProviderFactory({\n authenticator: googleAuthenticator,\n profileTransform: adaptLegacyOAuthHandler(options?.authHandler),\n signInResolver: adaptLegacyOAuthSignInResolver(options?.signIn?.resolver),\n });\n },\n resolvers: adaptOAuthSignInResolverToLegacy({\n emailLocalPartMatchingUserEntityName:\n commonSignInResolvers.emailLocalPartMatchingUserEntityName(),\n emailMatchingUserEntityProfileEmail:\n commonSignInResolvers.emailMatchingUserEntityProfileEmail(),\n emailMatchingUserEntityAnnotation:\n googleSignInResolvers.emailMatchingUserEntityAnnotation(),\n }),\n});\n"],"names":["createAuthProviderIntegration","createOAuthProviderFactory","googleAuthenticator","adaptLegacyOAuthHandler","adaptLegacyOAuthSignInResolver","adaptOAuthSignInResolverToLegacy","commonSignInResolvers","googleSignInResolvers"],"mappings":";;;;;;;;;AAwCO,MAAM,SAASA,2DAA8B,CAAA;AAAA,EAClD,OAAO,OAgBJ,EAAA;AACD,IAAA,OAAOC,yCAA2B,CAAA;AAAA,MAChC,aAAe,EAAAC,yDAAA;AAAA,MACf,gBAAA,EAAkBC,+CAAwB,CAAA,OAAA,EAAS,WAAW,CAAA;AAAA,MAC9D,cAAgB,EAAAC,6DAAA,CAA+B,OAAS,EAAA,MAAA,EAAQ,QAAQ;AAAA,KACzE,CAAA;AAAA,GACH;AAAA,EACA,WAAWC,iEAAiC,CAAA;AAAA,IAC1C,oCAAA,EACEC,qCAAsB,oCAAqC,EAAA;AAAA,IAC7D,mCAAA,EACEA,qCAAsB,mCAAoC,EAAA;AAAA,IAC5D,iCAAA,EACEC,4DAAsB,iCAAkC;AAAA,GAC3D;AACH,CAAC;;;;"}
package/dist/providers/microsoft/provider.cjs.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"provider.cjs.js","sources":["../../../src/providers/microsoft/provider.ts"],"sourcesContent":["/*\n * Copyright 2020 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { AuthHandler } from '../types';\nimport { OAuthResult } from '../../lib/oauth';\nimport { createAuthProviderIntegration } from '../createAuthProviderIntegration';\nimport {\n SignInResolver,\n commonSignInResolvers,\n createOAuthProviderFactory,\n} from '@backstage/plugin-auth-node';\nimport {\n adaptLegacyOAuthHandler,\n adaptLegacyOAuthSignInResolver,\n adaptOAuthSignInResolverToLegacy,\n} from '../../lib/legacy';\nimport {\n microsoftAuthenticator,\n microsoftSignInResolvers,\n} from '@backstage/plugin-auth-backend-module-microsoft-provider';\n\n/**\n * Auth provider integration for Microsoft auth\n *\n * @public\n */\nexport const microsoft = createAuthProviderIntegration({\n create(options?: {\n /**\n * The profile transformation function used to verify and convert the auth response\n * into the profile that will be presented to the user.\n */\n authHandler?: AuthHandler<OAuthResult>;\n\n /**\n * Configure sign-in for this provider, without it the provider can not be used to sign users in.\n */\n signIn?: {\n resolver: SignInResolver<OAuthResult>;\n };\n }) {\n return createOAuthProviderFactory({\n authenticator: microsoftAuthenticator,\n profileTransform: adaptLegacyOAuthHandler(options?.authHandler),\n signInResolver: adaptLegacyOAuthSignInResolver(options?.signIn?.resolver),\n });\n },\n resolvers: adaptOAuthSignInResolverToLegacy({\n emailLocalPartMatchingUserEntityName:\n commonSignInResolvers.emailLocalPartMatchingUserEntityName(),\n emailMatchingUserEntityProfileEmail:\n commonSignInResolvers.emailMatchingUserEntityProfileEmail(),\n emailMatchingUserEntityAnnotation:\n microsoftSignInResolvers.emailMatchingUserEntityAnnotation(),\n userIdMatchingUserEntityAnnotation:\n microsoftSignInResolvers.userIdMatchingUserEntityAnnotation(),\n }),\n});\n"],"names":["createAuthProviderIntegration","createOAuthProviderFactory","microsoftAuthenticator","adaptLegacyOAuthHandler","adaptLegacyOAuthSignInResolver","adaptOAuthSignInResolverToLegacy","commonSignInResolvers","microsoftSignInResolvers"],"mappings":";;;;;;;;;AAuCO,MAAM,YAAYA,2DAA8B,CAAA;AAAA,EACrD,OAAO,OAaJ,EAAA;AACD,IAAA,OAAOC,yCAA2B,CAAA;AAAA,MAChC,aAAe,EAAAC,+DAAA;AAAA,MACf,gBAAA,EAAkBC,+CAAwB,CAAA,OAAA,EAAS,WAAW,CAAA;AAAA,MAC9D,cAAgB,EAAAC,6DAAA,CAA+B,OAAS,EAAA,MAAA,EAAQ,QAAQ;AAAA,KACzE,CAAA;AAAA,GACH;AAAA,EACA,WAAWC,iEAAiC,CAAA;AAAA,IAC1C,oCAAA,EACEC,qCAAsB,oCAAqC,EAAA;AAAA,IAC7D,mCAAA,EACEA,qCAAsB,mCAAoC,EAAA;AAAA,IAC5D,iCAAA,EACEC,kEAAyB,iCAAkC,EAAA;AAAA,IAC7D,kCAAA,EACEA,kEAAyB,kCAAmC;AAAA,GAC/D;AACH,CAAC;;;;"}
1
+ {"version":3,"file":"provider.cjs.js","sources":["../../../src/providers/microsoft/provider.ts"],"sourcesContent":["/*\n * Copyright 2020 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { AuthHandler } from '../types';\nimport { OAuthResult } from '../../lib/oauth';\nimport { createAuthProviderIntegration } from '../createAuthProviderIntegration';\nimport {\n SignInResolver,\n commonSignInResolvers,\n createOAuthProviderFactory,\n} from '@backstage/plugin-auth-node';\nimport {\n adaptLegacyOAuthHandler,\n adaptLegacyOAuthSignInResolver,\n adaptOAuthSignInResolverToLegacy,\n} from '../../lib/legacy';\nimport {\n microsoftAuthenticator,\n microsoftSignInResolvers,\n} from '@backstage/plugin-auth-backend-module-microsoft-provider';\n\n/**\n * Auth provider integration for Microsoft auth\n *\n * @public\n * @deprecated Migrate the auth plugin to the new backend system https://backstage.io/docs/backend-system/building-backends/migrating#the-auth-plugin\n */\nexport const microsoft = createAuthProviderIntegration({\n create(options?: {\n /**\n * The profile transformation function used to verify and convert the auth response\n * into the profile that will be presented to the user.\n */\n authHandler?: AuthHandler<OAuthResult>;\n\n /**\n * Configure sign-in for this provider, without it the provider can not be used to sign users in.\n */\n signIn?: {\n resolver: SignInResolver<OAuthResult>;\n };\n }) {\n return createOAuthProviderFactory({\n authenticator: microsoftAuthenticator,\n profileTransform: adaptLegacyOAuthHandler(options?.authHandler),\n signInResolver: adaptLegacyOAuthSignInResolver(options?.signIn?.resolver),\n });\n },\n resolvers: adaptOAuthSignInResolverToLegacy({\n emailLocalPartMatchingUserEntityName:\n commonSignInResolvers.emailLocalPartMatchingUserEntityName(),\n emailMatchingUserEntityProfileEmail:\n commonSignInResolvers.emailMatchingUserEntityProfileEmail(),\n emailMatchingUserEntityAnnotation:\n microsoftSignInResolvers.emailMatchingUserEntityAnnotation(),\n userIdMatchingUserEntityAnnotation:\n microsoftSignInResolvers.userIdMatchingUserEntityAnnotation(),\n }),\n});\n"],"names":["createAuthProviderIntegration","createOAuthProviderFactory","microsoftAuthenticator","adaptLegacyOAuthHandler","adaptLegacyOAuthSignInResolver","adaptOAuthSignInResolverToLegacy","commonSignInResolvers","microsoftSignInResolvers"],"mappings":";;;;;;;;;AAwCO,MAAM,YAAYA,2DAA8B,CAAA;AAAA,EACrD,OAAO,OAaJ,EAAA;AACD,IAAA,OAAOC,yCAA2B,CAAA;AAAA,MAChC,aAAe,EAAAC,+DAAA;AAAA,MACf,gBAAA,EAAkBC,+CAAwB,CAAA,OAAA,EAAS,WAAW,CAAA;AAAA,MAC9D,cAAgB,EAAAC,6DAAA,CAA+B,OAAS,EAAA,MAAA,EAAQ,QAAQ;AAAA,KACzE,CAAA;AAAA,GACH;AAAA,EACA,WAAWC,iEAAiC,CAAA;AAAA,IAC1C,oCAAA,EACEC,qCAAsB,oCAAqC,EAAA;AAAA,IAC7D,mCAAA,EACEA,qCAAsB,mCAAoC,EAAA;AAAA,IAC5D,iCAAA,EACEC,kEAAyB,iCAAkC,EAAA;AAAA,IAC7D,kCAAA,EACEA,kEAAyB,kCAAmC;AAAA,GAC/D;AACH,CAAC;;;;"}
package/dist/providers/oauth2/provider.cjs.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"provider.cjs.js","sources":["../../../src/providers/oauth2/provider.ts"],"sourcesContent":["/*\n * Copyright 2020 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { OAuthResult } from '../../lib/oauth';\nimport { AuthHandler } from '../types';\nimport { createAuthProviderIntegration } from '../createAuthProviderIntegration';\nimport {\n adaptLegacyOAuthHandler,\n adaptLegacyOAuthSignInResolver,\n} from '../../lib/legacy';\nimport {\n SignInResolver,\n createOAuthProviderFactory,\n} from '@backstage/plugin-auth-node';\nimport { oauth2Authenticator } from '@backstage/plugin-auth-backend-module-oauth2-provider';\n\n/**\n * Auth provider integration for generic OAuth2 auth\n *\n * @public\n */\nexport const oauth2 = createAuthProviderIntegration({\n create(options?: {\n authHandler?: AuthHandler<OAuthResult>;\n\n signIn?: {\n resolver: SignInResolver<OAuthResult>;\n };\n }) {\n return createOAuthProviderFactory({\n authenticator: oauth2Authenticator,\n profileTransform: adaptLegacyOAuthHandler(options?.authHandler),\n signInResolver: adaptLegacyOAuthSignInResolver(options?.signIn?.resolver),\n });\n },\n});\n"],"names":["createAuthProviderIntegration","createOAuthProviderFactory","oauth2Authenticator","adaptLegacyOAuthHandler","adaptLegacyOAuthSignInResolver"],"mappings":";;;;;;;;AAkCO,MAAM,SAASA,2DAA8B,CAAA;AAAA,EAClD,OAAO,OAMJ,EAAA;AACD,IAAA,OAAOC,yCAA2B,CAAA;AAAA,MAChC,aAAe,EAAAC,yDAAA;AAAA,MACf,gBAAA,EAAkBC,+CAAwB,CAAA,OAAA,EAAS,WAAW,CAAA;AAAA,MAC9D,cAAgB,EAAAC,6DAAA,CAA+B,OAAS,EAAA,MAAA,EAAQ,QAAQ;AAAA,KACzE,CAAA;AAAA;AAEL,CAAC;;;;"}
1
+ {"version":3,"file":"provider.cjs.js","sources":["../../../src/providers/oauth2/provider.ts"],"sourcesContent":["/*\n * Copyright 2020 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { OAuthResult } from '../../lib/oauth';\nimport { AuthHandler } from '../types';\nimport { createAuthProviderIntegration } from '../createAuthProviderIntegration';\nimport {\n adaptLegacyOAuthHandler,\n adaptLegacyOAuthSignInResolver,\n} from '../../lib/legacy';\nimport {\n SignInResolver,\n createOAuthProviderFactory,\n} from '@backstage/plugin-auth-node';\nimport { oauth2Authenticator } from '@backstage/plugin-auth-backend-module-oauth2-provider';\n\n/**\n * Auth provider integration for generic OAuth2 auth\n *\n * @public\n * @deprecated Migrate the auth plugin to the new backend system https://backstage.io/docs/backend-system/building-backends/migrating#the-auth-plugin\n */\nexport const oauth2 = createAuthProviderIntegration({\n create(options?: {\n authHandler?: AuthHandler<OAuthResult>;\n\n signIn?: {\n resolver: SignInResolver<OAuthResult>;\n };\n }) {\n return createOAuthProviderFactory({\n authenticator: oauth2Authenticator,\n profileTransform: adaptLegacyOAuthHandler(options?.authHandler),\n signInResolver: adaptLegacyOAuthSignInResolver(options?.signIn?.resolver),\n });\n },\n});\n"],"names":["createAuthProviderIntegration","createOAuthProviderFactory","oauth2Authenticator","adaptLegacyOAuthHandler","adaptLegacyOAuthSignInResolver"],"mappings":";;;;;;;;AAmCO,MAAM,SAASA,2DAA8B,CAAA;AAAA,EAClD,OAAO,OAMJ,EAAA;AACD,IAAA,OAAOC,yCAA2B,CAAA;AAAA,MAChC,aAAe,EAAAC,yDAAA;AAAA,MACf,gBAAA,EAAkBC,+CAAwB,CAAA,OAAA,EAAS,WAAW,CAAA;AAAA,MAC9D,cAAgB,EAAAC,6DAAA,CAA+B,OAAS,EAAA,MAAA,EAAQ,QAAQ;AAAA,KACzE,CAAA;AAAA;AAEL,CAAC;;;;"}
package/dist/providers/oauth2-proxy/provider.cjs.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"provider.cjs.js","sources":["../../../src/providers/oauth2-proxy/provider.ts"],"sourcesContent":["/*\n * Copyright 2021 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport {\n SignInResolver,\n createProxyAuthProviderFactory,\n} from '@backstage/plugin-auth-node';\nimport { AuthHandler } from '../types';\nimport { createAuthProviderIntegration } from '../createAuthProviderIntegration';\nimport {\n type OAuth2ProxyResult,\n oauth2ProxyAuthenticator,\n} from '@backstage/plugin-auth-backend-module-oauth2-proxy-provider';\n\n/**\n * Auth provider integration for oauth2-proxy auth\n *\n * @public\n */\nexport const oauth2Proxy = createAuthProviderIntegration({\n create(options: {\n /**\n * Configure an auth handler to generate a profile for the user.\n *\n * The default implementation uses the value of the `X-Forwarded-Preferred-Username`\n * header as the display name, falling back to `X-Forwarded-User`, and the value of\n * the `X-Forwarded-Email` header as the email address.\n */\n authHandler?: AuthHandler<OAuth2ProxyResult>;\n\n /**\n * Configure sign-in for this provider, without it the provider can not be used to sign users in.\n */\n signIn: {\n /**\n * Maps an auth result to a Backstage identity for the user.\n */\n resolver: SignInResolver<OAuth2ProxyResult>;\n };\n }) {\n return createProxyAuthProviderFactory({\n authenticator: oauth2ProxyAuthenticator,\n profileTransform: options?.authHandler,\n signInResolver: options?.signIn?.resolver,\n });\n },\n});\n"],"names":["createAuthProviderIntegration","createProxyAuthProviderFactory","oauth2ProxyAuthenticator"],"mappings":";;;;;;AAgCO,MAAM,cAAcA,2DAA8B,CAAA;AAAA,EACvD,OAAO,OAmBJ,EAAA;AACD,IAAA,OAAOC,6CAA+B,CAAA;AAAA,MACpC,aAAe,EAAAC,mEAAA;AAAA,MACf,kBAAkB,OAAS,EAAA,WAAA;AAAA,MAC3B,cAAA,EAAgB,SAAS,MAAQ,EAAA;AAAA,KAClC,CAAA;AAAA;AAEL,CAAC;;;;"}
1
+ {"version":3,"file":"provider.cjs.js","sources":["../../../src/providers/oauth2-proxy/provider.ts"],"sourcesContent":["/*\n * Copyright 2021 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport {\n SignInResolver,\n createProxyAuthProviderFactory,\n} from '@backstage/plugin-auth-node';\nimport { AuthHandler } from '../types';\nimport { createAuthProviderIntegration } from '../createAuthProviderIntegration';\nimport {\n type OAuth2ProxyResult,\n oauth2ProxyAuthenticator,\n} from '@backstage/plugin-auth-backend-module-oauth2-proxy-provider';\n\n/**\n * Auth provider integration for oauth2-proxy auth\n *\n * @public\n * @deprecated Migrate the auth plugin to the new backend system https://backstage.io/docs/backend-system/building-backends/migrating#the-auth-plugin\n */\nexport const oauth2Proxy = createAuthProviderIntegration({\n create(options: {\n /**\n * Configure an auth handler to generate a profile for the user.\n *\n * The default implementation uses the value of the `X-Forwarded-Preferred-Username`\n * header as the display name, falling back to `X-Forwarded-User`, and the value of\n * the `X-Forwarded-Email` header as the email address.\n */\n authHandler?: AuthHandler<OAuth2ProxyResult>;\n\n /**\n * Configure sign-in for this provider, without it the provider can not be used to sign users in.\n */\n signIn: {\n /**\n * Maps an auth result to a Backstage identity for the user.\n */\n resolver: SignInResolver<OAuth2ProxyResult>;\n };\n }) {\n return createProxyAuthProviderFactory({\n authenticator: oauth2ProxyAuthenticator,\n profileTransform: options?.authHandler,\n signInResolver: options?.signIn?.resolver,\n });\n },\n});\n"],"names":["createAuthProviderIntegration","createProxyAuthProviderFactory","oauth2ProxyAuthenticator"],"mappings":";;;;;;AAiCO,MAAM,cAAcA,2DAA8B,CAAA;AAAA,EACvD,OAAO,OAmBJ,EAAA;AACD,IAAA,OAAOC,6CAA+B,CAAA;AAAA,MACpC,aAAe,EAAAC,mEAAA;AAAA,MACf,kBAAkB,OAAS,EAAA,WAAA;AAAA,MAC3B,cAAA,EAAgB,SAAS,MAAQ,EAAA;AAAA,KAClC,CAAA;AAAA;AAEL,CAAC;;;;"}
package/dist/providers/oidc/provider.cjs.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"provider.cjs.js","sources":["../../../src/providers/oidc/provider.ts"],"sourcesContent":["/*\n * Copyright 2020 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { AuthHandler } from '../types';\nimport { createAuthProviderIntegration } from '../createAuthProviderIntegration';\nimport {\n createOAuthProviderFactory,\n AuthResolverContext,\n BackstageSignInResult,\n OAuthAuthenticatorResult,\n SignInInfo,\n SignInResolver,\n} from '@backstage/plugin-auth-node';\nimport {\n oidcAuthenticator,\n OidcAuthResult,\n} from '@backstage/plugin-auth-backend-module-oidc-provider';\nimport {\n commonByEmailLocalPartResolver,\n commonByEmailResolver,\n} from '../resolvers';\n\n/**\n * Auth provider integration for generic OpenID Connect auth\n *\n * @public\n */\nexport const oidc = createAuthProviderIntegration({\n create(options?: {\n /**\n * The profile transformation function used to verify and convert the auth response\n * into the profile that will be presented to the user.\n */\n authHandler?: AuthHandler<OidcAuthResult>;\n\n /**\n * Configure sign-in for this provider; convert user profile respones into\n * Backstage identities.\n */\n signIn?: {\n resolver: SignInResolver<OidcAuthResult>;\n };\n }) {\n const authHandler = options?.authHandler;\n const signInResolver = options?.signIn?.resolver;\n return createOAuthProviderFactory({\n authenticator: oidcAuthenticator,\n profileTransform:\n authHandler &&\n ((\n result: OAuthAuthenticatorResult<OidcAuthResult>,\n context: AuthResolverContext,\n ) => authHandler(result.fullProfile, context)),\n signInResolver:\n signInResolver &&\n ((\n info: SignInInfo<OAuthAuthenticatorResult<OidcAuthResult>>,\n context: AuthResolverContext,\n ): Promise<BackstageSignInResult> =>\n signInResolver(\n {\n result: info.result.fullProfile,\n profile: info.profile,\n },\n context,\n )),\n });\n },\n resolvers: {\n /**\n * Looks up the user by matching their email local part to the entity name.\n */\n emailLocalPartMatchingUserEntityName: () => commonByEmailLocalPartResolver,\n /**\n * Looks up the user by matching their email to the entity email.\n */\n emailMatchingUserEntityProfileEmail: () => commonByEmailResolver,\n },\n});\n"],"names":["createAuthProviderIntegration","createOAuthProviderFactory","oidcAuthenticator","commonByEmailLocalPartResolver","commonByEmailResolver"],"mappings":";;;;;;;AAwCO,MAAM,OAAOA,2DAA8B,CAAA;AAAA,EAChD,OAAO,OAcJ,EAAA;AACD,IAAA,MAAM,cAAc,OAAS,EAAA,WAAA;AAC7B,IAAM,MAAA,cAAA,GAAiB,SAAS,MAAQ,EAAA,QAAA;AACxC,IAAA,OAAOC,yCAA2B,CAAA;AAAA,MAChC,aAAe,EAAAC,qDAAA;AAAA,MACf,gBAAA,EACE,gBACC,CACC,MAAA,EACA,YACG,WAAY,CAAA,MAAA,CAAO,aAAa,OAAO,CAAA,CAAA;AAAA,MAC9C,cACE,EAAA,cAAA,KACC,CACC,IAAA,EACA,OAEA,KAAA,cAAA;AAAA,QACE;AAAA,UACE,MAAA,EAAQ,KAAK,MAAO,CAAA,WAAA;AAAA,UACpB,SAAS,IAAK,CAAA;AAAA,SAChB;AAAA,QACA;AAAA,OACF;AAAA,KACL,CAAA;AAAA,GACH;AAAA,EACA,SAAW,EAAA;AAAA;AAAA;AAAA;AAAA,IAIT,sCAAsC,MAAMC,wCAAA;AAAA;AAAA;AAAA;AAAA,IAI5C,qCAAqC,MAAMC;AAAA;AAE/C,CAAC;;;;"}
1
+ {"version":3,"file":"provider.cjs.js","sources":["../../../src/providers/oidc/provider.ts"],"sourcesContent":["/*\n * Copyright 2020 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { AuthHandler } from '../types';\nimport { createAuthProviderIntegration } from '../createAuthProviderIntegration';\nimport {\n createOAuthProviderFactory,\n AuthResolverContext,\n BackstageSignInResult,\n OAuthAuthenticatorResult,\n SignInInfo,\n SignInResolver,\n} from '@backstage/plugin-auth-node';\nimport {\n oidcAuthenticator,\n OidcAuthResult,\n} from '@backstage/plugin-auth-backend-module-oidc-provider';\nimport {\n commonByEmailLocalPartResolver,\n commonByEmailResolver,\n} from '../resolvers';\n\n/**\n * Auth provider integration for generic OpenID Connect auth\n *\n * @public\n * @deprecated Migrate the auth plugin to the new backend system https://backstage.io/docs/backend-system/building-backends/migrating#the-auth-plugin\n */\nexport const oidc = createAuthProviderIntegration({\n create(options?: {\n /**\n * The profile transformation function used to verify and convert the auth response\n * into the profile that will be presented to the user.\n */\n authHandler?: AuthHandler<OidcAuthResult>;\n\n /**\n * Configure sign-in for this provider; convert user profile respones into\n * Backstage identities.\n */\n signIn?: {\n resolver: SignInResolver<OidcAuthResult>;\n };\n }) {\n const authHandler = options?.authHandler;\n const signInResolver = options?.signIn?.resolver;\n return createOAuthProviderFactory({\n authenticator: oidcAuthenticator,\n profileTransform:\n authHandler &&\n ((\n result: OAuthAuthenticatorResult<OidcAuthResult>,\n context: AuthResolverContext,\n ) => authHandler(result.fullProfile, context)),\n signInResolver:\n signInResolver &&\n ((\n info: SignInInfo<OAuthAuthenticatorResult<OidcAuthResult>>,\n context: AuthResolverContext,\n ): Promise<BackstageSignInResult> =>\n signInResolver(\n {\n result: info.result.fullProfile,\n profile: info.profile,\n },\n context,\n )),\n });\n },\n resolvers: {\n /**\n * Looks up the user by matching their email local part to the entity name.\n */\n emailLocalPartMatchingUserEntityName: () => commonByEmailLocalPartResolver,\n /**\n * Looks up the user by matching their email to the entity email.\n */\n emailMatchingUserEntityProfileEmail: () => commonByEmailResolver,\n },\n});\n"],"names":["createAuthProviderIntegration","createOAuthProviderFactory","oidcAuthenticator","commonByEmailLocalPartResolver","commonByEmailResolver"],"mappings":";;;;;;;AAyCO,MAAM,OAAOA,2DAA8B,CAAA;AAAA,EAChD,OAAO,OAcJ,EAAA;AACD,IAAA,MAAM,cAAc,OAAS,EAAA,WAAA;AAC7B,IAAM,MAAA,cAAA,GAAiB,SAAS,MAAQ,EAAA,QAAA;AACxC,IAAA,OAAOC,yCAA2B,CAAA;AAAA,MAChC,aAAe,EAAAC,qDAAA;AAAA,MACf,gBAAA,EACE,gBACC,CACC,MAAA,EACA,YACG,WAAY,CAAA,MAAA,CAAO,aAAa,OAAO,CAAA,CAAA;AAAA,MAC9C,cACE,EAAA,cAAA,KACC,CACC,IAAA,EACA,OAEA,KAAA,cAAA;AAAA,QACE;AAAA,UACE,MAAA,EAAQ,KAAK,MAAO,CAAA,WAAA;AAAA,UACpB,SAAS,IAAK,CAAA;AAAA,SAChB;AAAA,QACA;AAAA,OACF;AAAA,KACL,CAAA;AAAA,GACH;AAAA,EACA,SAAW,EAAA;AAAA;AAAA;AAAA;AAAA,IAIT,sCAAsC,MAAMC,wCAAA;AAAA;AAAA;AAAA;AAAA,IAI5C,qCAAqC,MAAMC;AAAA;AAE/C,CAAC;;;;"}
package/dist/providers/okta/provider.cjs.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"provider.cjs.js","sources":["../../../src/providers/okta/provider.ts"],"sourcesContent":["/*\n * Copyright 2020 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { AuthHandler } from '../types';\nimport { OAuthResult } from '../../lib/oauth';\n\nimport { createAuthProviderIntegration } from '../createAuthProviderIntegration';\nimport {\n SignInResolver,\n createOAuthProviderFactory,\n} from '@backstage/plugin-auth-node';\nimport {\n adaptLegacyOAuthHandler,\n adaptLegacyOAuthSignInResolver,\n} from '../../lib/legacy';\nimport { oktaAuthenticator } from '@backstage/plugin-auth-backend-module-okta-provider';\nimport {\n commonByEmailLocalPartResolver,\n commonByEmailResolver,\n} from '../resolvers';\n\n/**\n * Auth provider integration for Okta auth\n *\n * @public\n */\nexport const okta = createAuthProviderIntegration({\n create(options?: {\n /**\n * The profile transformation function used to verify and convert the auth response\n * into the profile that will be presented to the user.\n */\n authHandler?: AuthHandler<OAuthResult>;\n /**\n * Configure sign-in for this provider, without it the provider can not be used to sign users in.\n */\n signIn?: {\n resolver: SignInResolver<OAuthResult>;\n };\n }) {\n return createOAuthProviderFactory({\n authenticator: oktaAuthenticator,\n profileTransform: adaptLegacyOAuthHandler(options?.authHandler),\n signInResolver: adaptLegacyOAuthSignInResolver(options?.signIn?.resolver),\n });\n },\n resolvers: {\n /**\n * Looks up the user by matching their email local part to the entity name.\n */\n emailLocalPartMatchingUserEntityName: () => commonByEmailLocalPartResolver,\n /**\n * Looks up the user by matching their email to the entity email.\n */\n emailMatchingUserEntityProfileEmail: () => commonByEmailResolver,\n /**\n * Looks up the user by matching their email to the `okta.com/email` annotation.\n */\n emailMatchingUserEntityAnnotation(): SignInResolver<OAuthResult> {\n return async (info, ctx) => {\n const { profile } = info;\n\n if (!profile.email) {\n throw new Error('Okta profile contained no email');\n }\n\n return ctx.signInWithCatalogUser({\n annotations: {\n 'okta.com/email': profile.email,\n },\n });\n };\n },\n },\n});\n"],"names":["createAuthProviderIntegration","createOAuthProviderFactory","oktaAuthenticator","adaptLegacyOAuthHandler","adaptLegacyOAuthSignInResolver","commonByEmailLocalPartResolver","commonByEmailResolver"],"mappings":";;;;;;;;;AAuCO,MAAM,OAAOA,2DAA8B,CAAA;AAAA,EAChD,OAAO,OAYJ,EAAA;AACD,IAAA,OAAOC,yCAA2B,CAAA;AAAA,MAChC,aAAe,EAAAC,qDAAA;AAAA,MACf,gBAAA,EAAkBC,+CAAwB,CAAA,OAAA,EAAS,WAAW,CAAA;AAAA,MAC9D,cAAgB,EAAAC,6DAAA,CAA+B,OAAS,EAAA,MAAA,EAAQ,QAAQ;AAAA,KACzE,CAAA;AAAA,GACH;AAAA,EACA,SAAW,EAAA;AAAA;AAAA;AAAA;AAAA,IAIT,sCAAsC,MAAMC,wCAAA;AAAA;AAAA;AAAA;AAAA,IAI5C,qCAAqC,MAAMC,+BAAA;AAAA;AAAA;AAAA;AAAA,IAI3C,iCAAiE,GAAA;AAC/D,MAAO,OAAA,OAAO,MAAM,GAAQ,KAAA;AAC1B,QAAM,MAAA,EAAE,SAAY,GAAA,IAAA;AAEpB,QAAI,IAAA,CAAC,QAAQ,KAAO,EAAA;AAClB,UAAM,MAAA,IAAI,MAAM,iCAAiC,CAAA;AAAA;AAGnD,QAAA,OAAO,IAAI,qBAAsB,CAAA;AAAA,UAC/B,WAAa,EAAA;AAAA,YACX,kBAAkB,OAAQ,CAAA;AAAA;AAC5B,SACD,CAAA;AAAA,OACH;AAAA;AACF;AAEJ,CAAC;;;;"}
1
+ {"version":3,"file":"provider.cjs.js","sources":["../../../src/providers/okta/provider.ts"],"sourcesContent":["/*\n * Copyright 2020 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { AuthHandler } from '../types';\nimport { OAuthResult } from '../../lib/oauth';\n\nimport { createAuthProviderIntegration } from '../createAuthProviderIntegration';\nimport {\n SignInResolver,\n createOAuthProviderFactory,\n} from '@backstage/plugin-auth-node';\nimport {\n adaptLegacyOAuthHandler,\n adaptLegacyOAuthSignInResolver,\n} from '../../lib/legacy';\nimport { oktaAuthenticator } from '@backstage/plugin-auth-backend-module-okta-provider';\nimport {\n commonByEmailLocalPartResolver,\n commonByEmailResolver,\n} from '../resolvers';\n\n/**\n * Auth provider integration for Okta auth\n *\n * @public\n * @deprecated Migrate the auth plugin to the new backend system https://backstage.io/docs/backend-system/building-backends/migrating#the-auth-plugin\n */\nexport const okta = createAuthProviderIntegration({\n create(options?: {\n /**\n * The profile transformation function used to verify and convert the auth response\n * into the profile that will be presented to the user.\n */\n authHandler?: AuthHandler<OAuthResult>;\n /**\n * Configure sign-in for this provider, without it the provider can not be used to sign users in.\n */\n signIn?: {\n resolver: SignInResolver<OAuthResult>;\n };\n }) {\n return createOAuthProviderFactory({\n authenticator: oktaAuthenticator,\n profileTransform: adaptLegacyOAuthHandler(options?.authHandler),\n signInResolver: adaptLegacyOAuthSignInResolver(options?.signIn?.resolver),\n });\n },\n resolvers: {\n /**\n * Looks up the user by matching their email local part to the entity name.\n */\n emailLocalPartMatchingUserEntityName: () => commonByEmailLocalPartResolver,\n /**\n * Looks up the user by matching their email to the entity email.\n */\n emailMatchingUserEntityProfileEmail: () => commonByEmailResolver,\n /**\n * Looks up the user by matching their email to the `okta.com/email` annotation.\n */\n emailMatchingUserEntityAnnotation(): SignInResolver<OAuthResult> {\n return async (info, ctx) => {\n const { profile } = info;\n\n if (!profile.email) {\n throw new Error('Okta profile contained no email');\n }\n\n return ctx.signInWithCatalogUser({\n annotations: {\n 'okta.com/email': profile.email,\n },\n });\n };\n },\n },\n});\n"],"names":["createAuthProviderIntegration","createOAuthProviderFactory","oktaAuthenticator","adaptLegacyOAuthHandler","adaptLegacyOAuthSignInResolver","commonByEmailLocalPartResolver","commonByEmailResolver"],"mappings":";;;;;;;;;AAwCO,MAAM,OAAOA,2DAA8B,CAAA;AAAA,EAChD,OAAO,OAYJ,EAAA;AACD,IAAA,OAAOC,yCAA2B,CAAA;AAAA,MAChC,aAAe,EAAAC,qDAAA;AAAA,MACf,gBAAA,EAAkBC,+CAAwB,CAAA,OAAA,EAAS,WAAW,CAAA;AAAA,MAC9D,cAAgB,EAAAC,6DAAA,CAA+B,OAAS,EAAA,MAAA,EAAQ,QAAQ;AAAA,KACzE,CAAA;AAAA,GACH;AAAA,EACA,SAAW,EAAA;AAAA;AAAA;AAAA;AAAA,IAIT,sCAAsC,MAAMC,wCAAA;AAAA;AAAA;AAAA;AAAA,IAI5C,qCAAqC,MAAMC,+BAAA;AAAA;AAAA;AAAA;AAAA,IAI3C,iCAAiE,GAAA;AAC/D,MAAO,OAAA,OAAO,MAAM,GAAQ,KAAA;AAC1B,QAAM,MAAA,EAAE,SAAY,GAAA,IAAA;AAEpB,QAAI,IAAA,CAAC,QAAQ,KAAO,EAAA;AAClB,UAAM,MAAA,IAAI,MAAM,iCAAiC,CAAA;AAAA;AAGnD,QAAA,OAAO,IAAI,qBAAsB,CAAA;AAAA,UAC/B,WAAa,EAAA;AAAA,YACX,kBAAkB,OAAQ,CAAA;AAAA;AAC5B,SACD,CAAA;AAAA,OACH;AAAA;AACF;AAEJ,CAAC;;;;"}
package/dist/providers/onelogin/provider.cjs.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"provider.cjs.js","sources":["../../../src/providers/onelogin/provider.ts"],"sourcesContent":["/*\n * Copyright 2020 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { oneLoginAuthenticator } from '@backstage/plugin-auth-backend-module-onelogin-provider';\nimport {\n SignInResolver,\n createOAuthProviderFactory,\n} from '@backstage/plugin-auth-node';\nimport {\n adaptLegacyOAuthHandler,\n adaptLegacyOAuthSignInResolver,\n} from '../../lib/legacy';\nimport { OAuthResult } from '../../lib/oauth';\nimport { createAuthProviderIntegration } from '../createAuthProviderIntegration';\nimport { AuthHandler } from '../types';\n\n/**\n * Auth provider integration for OneLogin auth\n *\n * @public\n */\nexport const onelogin = createAuthProviderIntegration({\n create(options?: {\n /**\n * The profile transformation function used to verify and convert the auth response\n * into the profile that will be presented to the user.\n */\n authHandler?: AuthHandler<OAuthResult>;\n\n /**\n * Configure sign-in for this provider, without it the provider can not be used to sign users in.\n */\n signIn?: {\n /**\n * Maps an auth result to a Backstage identity for the user.\n */\n resolver: SignInResolver<OAuthResult>;\n };\n }) {\n return createOAuthProviderFactory({\n authenticator: oneLoginAuthenticator,\n profileTransform: adaptLegacyOAuthHandler(options?.authHandler),\n signInResolver: adaptLegacyOAuthSignInResolver(options?.signIn?.resolver),\n });\n },\n});\n"],"names":["createAuthProviderIntegration","createOAuthProviderFactory","oneLoginAuthenticator","adaptLegacyOAuthHandler","adaptLegacyOAuthSignInResolver"],"mappings":";;;;;;;;AAkCO,MAAM,WAAWA,2DAA8B,CAAA;AAAA,EACpD,OAAO,OAgBJ,EAAA;AACD,IAAA,OAAOC,yCAA2B,CAAA;AAAA,MAChC,aAAe,EAAAC,6DAAA;AAAA,MACf,gBAAA,EAAkBC,+CAAwB,CAAA,OAAA,EAAS,WAAW,CAAA;AAAA,MAC9D,cAAgB,EAAAC,6DAAA,CAA+B,OAAS,EAAA,MAAA,EAAQ,QAAQ;AAAA,KACzE,CAAA;AAAA;AAEL,CAAC;;;;"}
1
+ {"version":3,"file":"provider.cjs.js","sources":["../../../src/providers/onelogin/provider.ts"],"sourcesContent":["/*\n * Copyright 2020 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { oneLoginAuthenticator } from '@backstage/plugin-auth-backend-module-onelogin-provider';\nimport {\n SignInResolver,\n createOAuthProviderFactory,\n} from '@backstage/plugin-auth-node';\nimport {\n adaptLegacyOAuthHandler,\n adaptLegacyOAuthSignInResolver,\n} from '../../lib/legacy';\nimport { OAuthResult } from '../../lib/oauth';\nimport { createAuthProviderIntegration } from '../createAuthProviderIntegration';\nimport { AuthHandler } from '../types';\n\n/**\n * Auth provider integration for OneLogin auth\n *\n * @public\n * @deprecated Migrate the auth plugin to the new backend system https://backstage.io/docs/backend-system/building-backends/migrating#the-auth-plugin\n */\nexport const onelogin = createAuthProviderIntegration({\n create(options?: {\n /**\n * The profile transformation function used to verify and convert the auth response\n * into the profile that will be presented to the user.\n */\n authHandler?: AuthHandler<OAuthResult>;\n\n /**\n * Configure sign-in for this provider, without it the provider can not be used to sign users in.\n */\n signIn?: {\n /**\n * Maps an auth result to a Backstage identity for the user.\n */\n resolver: SignInResolver<OAuthResult>;\n };\n }) {\n return createOAuthProviderFactory({\n authenticator: oneLoginAuthenticator,\n profileTransform: adaptLegacyOAuthHandler(options?.authHandler),\n signInResolver: adaptLegacyOAuthSignInResolver(options?.signIn?.resolver),\n });\n },\n});\n"],"names":["createAuthProviderIntegration","createOAuthProviderFactory","oneLoginAuthenticator","adaptLegacyOAuthHandler","adaptLegacyOAuthSignInResolver"],"mappings":";;;;;;;;AAmCO,MAAM,WAAWA,2DAA8B,CAAA;AAAA,EACpD,OAAO,OAgBJ,EAAA;AACD,IAAA,OAAOC,yCAA2B,CAAA;AAAA,MAChC,aAAe,EAAAC,6DAAA;AAAA,MACf,gBAAA,EAAkBC,+CAAwB,CAAA,OAAA,EAAS,WAAW,CAAA;AAAA,MAC9D,cAAgB,EAAAC,6DAAA,CAA+B,OAAS,EAAA,MAAA,EAAQ,QAAQ;AAAA,KACzE,CAAA;AAAA;AAEL,CAAC;;;;"}
package/dist/providers/providers.cjs.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"providers.cjs.js","sources":["../../src/providers/providers.ts"],"sourcesContent":["/*\n * Copyright 2022 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { atlassian } from './atlassian';\nimport { auth0 } from './auth0';\nimport { awsAlb } from './aws-alb';\nimport { bitbucket } from './bitbucket';\nimport { cfAccess } from './cloudflare-access';\nimport { gcpIap } from './gcp-iap';\nimport { github } from './github';\nimport { gitlab } from './gitlab';\nimport { google } from './google';\nimport { microsoft } from './microsoft';\nimport { oauth2 } from './oauth2';\nimport { oauth2Proxy } from './oauth2-proxy';\nimport { oidc } from './oidc';\nimport { okta } from './okta';\nimport { onelogin } from './onelogin';\nimport { saml } from './saml';\nimport { bitbucketServer } from './bitbucketServer';\nimport { easyAuth } from './azure-easyauth';\nimport { AuthProviderFactory } from '@backstage/plugin-auth-node';\n\n/**\n * All built-in auth provider integrations.\n *\n * @public\n */\nexport const providers = Object.freeze({\n atlassian,\n auth0,\n awsAlb,\n bitbucket,\n bitbucketServer,\n cfAccess,\n gcpIap,\n github,\n gitlab,\n google,\n microsoft,\n oauth2,\n oauth2Proxy,\n oidc,\n okta,\n onelogin,\n saml,\n easyAuth,\n});\n\n/**\n * All auth provider factories that are installed by default.\n *\n * @public\n */\nexport const defaultAuthProviderFactories: {\n [providerId: string]: AuthProviderFactory;\n} = {\n google: google.create(),\n github: github.create(),\n gitlab: gitlab.create(),\n saml: saml.create(),\n okta: okta.create(),\n auth0: auth0.create(),\n microsoft: microsoft.create(),\n easyAuth: easyAuth.create(),\n oauth2: oauth2.create(),\n oidc: oidc.create(),\n onelogin: onelogin.create(),\n awsalb: awsAlb.create(),\n bitbucket: bitbucket.create(),\n bitbucketServer: bitbucketServer.create(),\n atlassian: atlassian.create(),\n};\n"],"names":["atlassian","auth0","awsAlb","bitbucket","bitbucketServer","cfAccess","gcpIap","github","gitlab","google","microsoft","oauth2","oauth2Proxy","oidc","okta","onelogin","saml","easyAuth"],"mappings":";;;;;;;;;;;;;;;;;;;;;AAyCa,MAAA,SAAA,GAAY,OAAO,MAAO,CAAA;AAAA,aACrCA,oBAAA;AAAA,SACAC,gBAAA;AAAA,UACAC,iBAAA;AAAA,aACAC,oBAAA;AAAA,mBACAC,0BAAA;AAAA,YACAC,mBAAA;AAAA,UACAC,iBAAA;AAAA,UACAC,iBAAA;AAAA,UACAC,iBAAA;AAAA,UACAC,eAAA;AAAA,aACAC,oBAAA;AAAA,UACAC,iBAAA;AAAA,eACAC,sBAAA;AAAA,QACAC,eAAA;AAAA,QACAC,eAAA;AAAA,YACAC,mBAAA;AAAA,QACAC,eAAA;AAAA,YACAC;AACF,CAAC;AAOM,MAAM,4BAET,GAAA;AAAA,EACF,MAAA,EAAQR,gBAAO,MAAO,EAAA;AAAA,EACtB,MAAA,EAAQF,kBAAO,MAAO,EAAA;AAAA,EACtB,MAAA,EAAQC,kBAAO,MAAO,EAAA;AAAA,EACtB,IAAA,EAAMQ,gBAAK,MAAO,EAAA;AAAA,EAClB,IAAA,EAAMF,gBAAK,MAAO,EAAA;AAAA,EAClB,KAAA,EAAOb,iBAAM,MAAO,EAAA;AAAA,EACpB,SAAA,EAAWS,qBAAU,MAAO,EAAA;AAAA,EAC5B,QAAA,EAAUO,oBAAS,MAAO,EAAA;AAAA,EAC1B,MAAA,EAAQN,kBAAO,MAAO,EAAA;AAAA,EACtB,IAAA,EAAME,gBAAK,MAAO,EAAA;AAAA,EAClB,QAAA,EAAUE,oBAAS,MAAO,EAAA;AAAA,EAC1B,MAAA,EAAQb,kBAAO,MAAO,EAAA;AAAA,EACtB,SAAA,EAAWC,qBAAU,MAAO,EAAA;AAAA,EAC5B,eAAA,EAAiBC,2BAAgB,MAAO,EAAA;AAAA,EACxC,SAAA,EAAWJ,qBAAU,MAAO;AAC9B;;;;;"}
1
+ {"version":3,"file":"providers.cjs.js","sources":["../../src/providers/providers.ts"],"sourcesContent":["/*\n * Copyright 2022 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { atlassian } from './atlassian';\nimport { auth0 } from './auth0';\nimport { awsAlb } from './aws-alb';\nimport { bitbucket } from './bitbucket';\nimport { cfAccess } from './cloudflare-access';\nimport { gcpIap } from './gcp-iap';\nimport { github } from './github';\nimport { gitlab } from './gitlab';\nimport { google } from './google';\nimport { microsoft } from './microsoft';\nimport { oauth2 } from './oauth2';\nimport { oauth2Proxy } from './oauth2-proxy';\nimport { oidc } from './oidc';\nimport { okta } from './okta';\nimport { onelogin } from './onelogin';\nimport { saml } from './saml';\nimport { bitbucketServer } from './bitbucketServer';\nimport { easyAuth } from './azure-easyauth';\nimport { AuthProviderFactory } from '@backstage/plugin-auth-node';\n\n/**\n * All built-in auth provider integrations.\n *\n * @public\n * @deprecated Migrate the auth plugin to the new backend system https://backstage.io/docs/backend-system/building-backends/migrating#the-auth-plugin\n */\nexport const providers = Object.freeze({\n atlassian,\n auth0,\n awsAlb,\n bitbucket,\n bitbucketServer,\n cfAccess,\n gcpIap,\n github,\n gitlab,\n google,\n microsoft,\n oauth2,\n oauth2Proxy,\n oidc,\n okta,\n onelogin,\n saml,\n easyAuth,\n});\n\n/**\n * All auth provider factories that are installed by default.\n *\n * @public\n * @deprecated Migrate the auth plugin to the new backend system https://backstage.io/docs/backend-system/building-backends/migrating#the-auth-plugin\n */\nexport const defaultAuthProviderFactories: {\n [providerId: string]: AuthProviderFactory;\n} = {\n google: google.create(),\n github: github.create(),\n gitlab: gitlab.create(),\n saml: saml.create(),\n okta: okta.create(),\n auth0: auth0.create(),\n microsoft: microsoft.create(),\n easyAuth: easyAuth.create(),\n oauth2: oauth2.create(),\n oidc: oidc.create(),\n onelogin: onelogin.create(),\n awsalb: awsAlb.create(),\n bitbucket: bitbucket.create(),\n bitbucketServer: bitbucketServer.create(),\n atlassian: atlassian.create(),\n};\n"],"names":["atlassian","auth0","awsAlb","bitbucket","bitbucketServer","cfAccess","gcpIap","github","gitlab","google","microsoft","oauth2","oauth2Proxy","oidc","okta","onelogin","saml","easyAuth"],"mappings":";;;;;;;;;;;;;;;;;;;;;AA0Ca,MAAA,SAAA,GAAY,OAAO,MAAO,CAAA;AAAA,aACrCA,oBAAA;AAAA,SACAC,gBAAA;AAAA,UACAC,iBAAA;AAAA,aACAC,oBAAA;AAAA,mBACAC,0BAAA;AAAA,YACAC,mBAAA;AAAA,UACAC,iBAAA;AAAA,UACAC,iBAAA;AAAA,UACAC,iBAAA;AAAA,UACAC,eAAA;AAAA,aACAC,oBAAA;AAAA,UACAC,iBAAA;AAAA,eACAC,sBAAA;AAAA,QACAC,eAAA;AAAA,QACAC,eAAA;AAAA,YACAC,mBAAA;AAAA,QACAC,eAAA;AAAA,YACAC;AACF,CAAC;AAQM,MAAM,4BAET,GAAA;AAAA,EACF,MAAA,EAAQR,gBAAO,MAAO,EAAA;AAAA,EACtB,MAAA,EAAQF,kBAAO,MAAO,EAAA;AAAA,EACtB,MAAA,EAAQC,kBAAO,MAAO,EAAA;AAAA,EACtB,IAAA,EAAMQ,gBAAK,MAAO,EAAA;AAAA,EAClB,IAAA,EAAMF,gBAAK,MAAO,EAAA;AAAA,EAClB,KAAA,EAAOb,iBAAM,MAAO,EAAA;AAAA,EACpB,SAAA,EAAWS,qBAAU,MAAO,EAAA;AAAA,EAC5B,QAAA,EAAUO,oBAAS,MAAO,EAAA;AAAA,EAC1B,MAAA,EAAQN,kBAAO,MAAO,EAAA;AAAA,EACtB,IAAA,EAAME,gBAAK,MAAO,EAAA;AAAA,EAClB,QAAA,EAAUE,oBAAS,MAAO,EAAA;AAAA,EAC1B,MAAA,EAAQb,kBAAO,MAAO,EAAA;AAAA,EACtB,SAAA,EAAWC,qBAAU,MAAO,EAAA;AAAA,EAC5B,eAAA,EAAiBC,2BAAgB,MAAO,EAAA;AAAA,EACxC,SAAA,EAAWJ,qBAAU,MAAO;AAC9B;;;;;"}
package/dist/providers/router.cjs.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"router.cjs.js","sources":["../../src/providers/router.ts"],"sourcesContent":["/*\n * Copyright 2024 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { TokenManager } from '@backstage/backend-common';\nimport {\n AuthService,\n DiscoveryService,\n HttpAuthService,\n LoggerService,\n} from '@backstage/backend-plugin-api';\nimport { CatalogApi, CatalogClient } from '@backstage/catalog-client';\nimport { Config } from '@backstage/config';\nimport { assertError, NotFoundError } from '@backstage/errors';\nimport {\n AuthOwnershipResolver,\n AuthProviderFactory,\n} from '@backstage/plugin-auth-node';\nimport express from 'express';\nimport Router from 'express-promise-router';\nimport { Minimatch } from 'minimatch';\nimport { CatalogAuthResolverContext } from '../lib/resolvers/CatalogAuthResolverContext';\nimport { TokenIssuer } from '../identity/types';\n\n/** @public */\nexport type ProviderFactories = { [s: string]: AuthProviderFactory };\n\nexport function bindProviderRouters(\n targetRouter: express.Router,\n options: {\n providers: ProviderFactories;\n appUrl: string;\n baseUrl: string;\n config: Config;\n logger: LoggerService;\n discovery: DiscoveryService;\n auth: AuthService;\n httpAuth: HttpAuthService;\n tokenManager?: TokenManager;\n tokenIssuer: TokenIssuer;\n ownershipResolver?: AuthOwnershipResolver;\n catalogApi?: CatalogApi;\n },\n) {\n const {\n providers,\n appUrl,\n baseUrl,\n config,\n logger,\n discovery,\n auth,\n httpAuth,\n tokenManager,\n tokenIssuer,\n catalogApi,\n ownershipResolver,\n } = options;\n\n const providersConfig = config.getOptionalConfig('auth.providers');\n\n const isOriginAllowed = createOriginFilter(config);\n\n for (const [providerId, providerFactory] of Object.entries(providers)) {\n if (providersConfig?.has(providerId)) {\n logger.info(`Configuring auth provider: ${providerId}`);\n try {\n const provider = providerFactory({\n providerId,\n appUrl,\n baseUrl,\n isOriginAllowed,\n globalConfig: {\n baseUrl,\n appUrl,\n isOriginAllowed,\n },\n config: providersConfig.getConfig(providerId),\n logger,\n resolverContext: CatalogAuthResolverContext.create({\n logger,\n catalogApi:\n catalogApi ?? new CatalogClient({ discoveryApi: discovery }),\n tokenIssuer,\n tokenManager,\n discovery,\n auth,\n httpAuth,\n ownershipResolver,\n }),\n });\n\n const r = Router();\n\n r.get('/start', provider.start.bind(provider));\n r.get('/handler/frame', provider.frameHandler.bind(provider));\n r.post('/handler/frame', provider.frameHandler.bind(provider));\n if (provider.logout) {\n r.post('/logout', provider.logout.bind(provider));\n }\n if (provider.refresh) {\n r.get('/refresh', provider.refresh.bind(provider));\n r.post('/refresh', provider.refresh.bind(provider));\n }\n\n targetRouter.use(`/${providerId}`, r);\n } catch (e) {\n assertError(e);\n if (process.env.NODE_ENV !== 'development') {\n throw new Error(\n `Failed to initialize ${providerId} auth provider, ${e.message}`,\n );\n }\n\n logger.warn(`Skipping ${providerId} auth provider, ${e.message}`);\n\n targetRouter.use(`/${providerId}`, () => {\n // If the user added the provider under auth.providers but the clientId and clientSecret etc. were not found.\n throw new NotFoundError(\n `Auth provider registered for '${providerId}' is misconfigured. This could mean the configs under ` +\n `auth.providers.${providerId} are missing or the environment variables used are not defined. ` +\n `Check the auth backend plugin logs when the backend starts to see more details.`,\n );\n });\n }\n } else {\n targetRouter.use(`/${providerId}`, () => {\n throw new NotFoundError(\n `No auth provider registered for '${providerId}'`,\n );\n });\n }\n }\n}\n\n/** @public */\nexport function createOriginFilter(\n config: Config,\n): (origin: string) => boolean {\n const appUrl = config.getString('app.baseUrl');\n const { origin: appOrigin } = new URL(appUrl);\n\n const allowedOrigins = config.getOptionalStringArray(\n 'auth.experimentalExtraAllowedOrigins',\n );\n\n const allowedOriginPatterns =\n allowedOrigins?.map(\n pattern => new Minimatch(pattern, { nocase: true, noglobstar: true }),\n ) ?? [];\n\n return origin => {\n if (origin === appOrigin) {\n return true;\n }\n return allowedOriginPatterns.some(pattern => pattern.match(origin));\n };\n}\n"],"names":["CatalogAuthResolverContext","CatalogClient","Router","assertError","NotFoundError","Minimatch"],"mappings":";;;;;;;;;;;;AAuCgB,SAAA,mBAAA,CACd,cACA,OAcA,EAAA;AACA,EAAM,MAAA;AAAA,IACJ,SAAA;AAAA,IACA,MAAA;AAAA,IACA,OAAA;AAAA,IACA,MAAA;AAAA,IACA,MAAA;AAAA,IACA,SAAA;AAAA,IACA,IAAA;AAAA,IACA,QAAA;AAAA,IACA,YAAA;AAAA,IACA,WAAA;AAAA,IACA,UAAA;AAAA,IACA;AAAA,GACE,GAAA,OAAA;AAEJ,EAAM,MAAA,eAAA,GAAkB,MAAO,CAAA,iBAAA,CAAkB,gBAAgB,CAAA;AAEjE,EAAM,MAAA,eAAA,GAAkB,mBAAmB,MAAM,CAAA;AAEjD,EAAA,KAAA,MAAW,CAAC,UAAY,EAAA,eAAe,KAAK,MAAO,CAAA,OAAA,CAAQ,SAAS,CAAG,EAAA;AACrE,IAAI,IAAA,eAAA,EAAiB,GAAI,CAAA,UAAU,CAAG,EAAA;AACpC,MAAO,MAAA,CAAA,IAAA,CAAK,CAA8B,2BAAA,EAAA,UAAU,CAAE,CAAA,CAAA;AACtD,MAAI,IAAA;AACF,QAAA,MAAM,WAAW,eAAgB,CAAA;AAAA,UAC/B,UAAA;AAAA,UACA,MAAA;AAAA,UACA,OAAA;AAAA,UACA,eAAA;AAAA,UACA,YAAc,EAAA;AAAA,YACZ,OAAA;AAAA,YACA,MAAA;AAAA,YACA;AAAA,WACF;AAAA,UACA,MAAA,EAAQ,eAAgB,CAAA,SAAA,CAAU,UAAU,CAAA;AAAA,UAC5C,MAAA;AAAA,UACA,eAAA,EAAiBA,sDAA2B,MAAO,CAAA;AAAA,YACjD,MAAA;AAAA,YACA,YACE,UAAc,IAAA,IAAIC,4BAAc,EAAE,YAAA,EAAc,WAAW,CAAA;AAAA,YAC7D,WAAA;AAAA,YACA,YAAA;AAAA,YACA,SAAA;AAAA,YACA,IAAA;AAAA,YACA,QAAA;AAAA,YACA;AAAA,WACD;AAAA,SACF,CAAA;AAED,QAAA,MAAM,IAAIC,uBAAO,EAAA;AAEjB,QAAA,CAAA,CAAE,IAAI,QAAU,EAAA,QAAA,CAAS,KAAM,CAAA,IAAA,CAAK,QAAQ,CAAC,CAAA;AAC7C,QAAA,CAAA,CAAE,IAAI,gBAAkB,EAAA,QAAA,CAAS,YAAa,CAAA,IAAA,CAAK,QAAQ,CAAC,CAAA;AAC5D,QAAA,CAAA,CAAE,KAAK,gBAAkB,EAAA,QAAA,CAAS,YAAa,CAAA,IAAA,CAAK,QAAQ,CAAC,CAAA;AAC7D,QAAA,IAAI,SAAS,MAAQ,EAAA;AACnB,UAAA,CAAA,CAAE,KAAK,SAAW,EAAA,QAAA,CAAS,MAAO,CAAA,IAAA,CAAK,QAAQ,CAAC,CAAA;AAAA;AAElD,QAAA,IAAI,SAAS,OAAS,EAAA;AACpB,UAAA,CAAA,CAAE,IAAI,UAAY,EAAA,QAAA,CAAS,OAAQ,CAAA,IAAA,CAAK,QAAQ,CAAC,CAAA;AACjD,UAAA,CAAA,CAAE,KAAK,UAAY,EAAA,QAAA,CAAS,OAAQ,CAAA,IAAA,CAAK,QAAQ,CAAC,CAAA;AAAA;AAGpD,QAAA,YAAA,CAAa,GAAI,CAAA,CAAA,CAAA,EAAI,UAAU,CAAA,CAAA,EAAI,CAAC,CAAA;AAAA,eAC7B,CAAG,EAAA;AACV,QAAAC,kBAAA,CAAY,CAAC,CAAA;AACb,QAAI,IAAA,OAAA,CAAQ,GAAI,CAAA,QAAA,KAAa,aAAe,EAAA;AAC1C,UAAA,MAAM,IAAI,KAAA;AAAA,YACR,CAAwB,qBAAA,EAAA,UAAU,CAAmB,gBAAA,EAAA,CAAA,CAAE,OAAO,CAAA;AAAA,WAChE;AAAA;AAGF,QAAA,MAAA,CAAO,KAAK,CAAY,SAAA,EAAA,UAAU,CAAmB,gBAAA,EAAA,CAAA,CAAE,OAAO,CAAE,CAAA,CAAA;AAEhE,QAAA,YAAA,CAAa,GAAI,CAAA,CAAA,CAAA,EAAI,UAAU,CAAA,CAAA,EAAI,MAAM;AAEvC,UAAA,MAAM,IAAIC,oBAAA;AAAA,YACR,CAAA,8BAAA,EAAiC,UAAU,CAAA,qEAAA,EACvB,UAAU,CAAA,+IAAA;AAAA,WAEhC;AAAA,SACD,CAAA;AAAA;AACH,KACK,MAAA;AACL,MAAA,YAAA,CAAa,GAAI,CAAA,CAAA,CAAA,EAAI,UAAU,CAAA,CAAA,EAAI,MAAM;AACvC,QAAA,MAAM,IAAIA,oBAAA;AAAA,UACR,oCAAoC,UAAU,CAAA,CAAA;AAAA,SAChD;AAAA,OACD,CAAA;AAAA;AACH;AAEJ;AAGO,SAAS,mBACd,MAC6B,EAAA;AAC7B,EAAM,MAAA,MAAA,GAAS,MAAO,CAAA,SAAA,CAAU,aAAa,CAAA;AAC7C,EAAA,MAAM,EAAE,MAAQ,EAAA,SAAA,EAAc,GAAA,IAAI,IAAI,MAAM,CAAA;AAE5C,EAAA,MAAM,iBAAiB,MAAO,CAAA,sBAAA;AAAA,IAC5B;AAAA,GACF;AAEA,EAAA,MAAM,wBACJ,cAAgB,EAAA,GAAA;AAAA,IACd,CAAA,OAAA,KAAW,IAAIC,mBAAU,CAAA,OAAA,EAAS,EAAE,MAAQ,EAAA,IAAA,EAAM,UAAY,EAAA,IAAA,EAAM;AAAA,OACjE,EAAC;AAER,EAAA,OAAO,CAAU,MAAA,KAAA;AACf,IAAA,IAAI,WAAW,SAAW,EAAA;AACxB,MAAO,OAAA,IAAA;AAAA;AAET,IAAA,OAAO,sBAAsB,IAAK,CAAA,CAAA,OAAA,KAAW,OAAQ,CAAA,KAAA,CAAM,MAAM,CAAC,CAAA;AAAA,GACpE;AACF;;;;;"}
1
+ {"version":3,"file":"router.cjs.js","sources":["../../src/providers/router.ts"],"sourcesContent":["/*\n * Copyright 2024 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { TokenManager } from '@backstage/backend-common';\nimport {\n AuthService,\n DiscoveryService,\n HttpAuthService,\n LoggerService,\n} from '@backstage/backend-plugin-api';\nimport { CatalogApi, CatalogClient } from '@backstage/catalog-client';\nimport { Config } from '@backstage/config';\nimport { assertError, NotFoundError } from '@backstage/errors';\nimport {\n AuthOwnershipResolver,\n AuthProviderFactory,\n} from '@backstage/plugin-auth-node';\nimport express from 'express';\nimport Router from 'express-promise-router';\nimport { Minimatch } from 'minimatch';\nimport { CatalogAuthResolverContext } from '../lib/resolvers/CatalogAuthResolverContext';\nimport { TokenIssuer } from '../identity/types';\n\n/**\n * @public\n * @deprecated Migrate the auth plugin to the new backend system https://backstage.io/docs/backend-system/building-backends/migrating#the-auth-plugin\n */\nexport type ProviderFactories = { [s: string]: AuthProviderFactory };\n\nexport function bindProviderRouters(\n targetRouter: express.Router,\n options: {\n providers: ProviderFactories;\n appUrl: string;\n baseUrl: string;\n config: Config;\n logger: LoggerService;\n discovery: DiscoveryService;\n auth: AuthService;\n httpAuth: HttpAuthService;\n tokenManager?: TokenManager;\n tokenIssuer: TokenIssuer;\n ownershipResolver?: AuthOwnershipResolver;\n catalogApi?: CatalogApi;\n },\n) {\n const {\n providers,\n appUrl,\n baseUrl,\n config,\n logger,\n discovery,\n auth,\n httpAuth,\n tokenManager,\n tokenIssuer,\n catalogApi,\n ownershipResolver,\n } = options;\n\n const providersConfig = config.getOptionalConfig('auth.providers');\n\n const isOriginAllowed = createOriginFilter(config);\n\n for (const [providerId, providerFactory] of Object.entries(providers)) {\n if (providersConfig?.has(providerId)) {\n logger.info(`Configuring auth provider: ${providerId}`);\n try {\n const provider = providerFactory({\n providerId,\n appUrl,\n baseUrl,\n isOriginAllowed,\n globalConfig: {\n baseUrl,\n appUrl,\n isOriginAllowed,\n },\n config: providersConfig.getConfig(providerId),\n logger,\n resolverContext: CatalogAuthResolverContext.create({\n logger,\n catalogApi:\n catalogApi ?? new CatalogClient({ discoveryApi: discovery }),\n tokenIssuer,\n tokenManager,\n discovery,\n auth,\n httpAuth,\n ownershipResolver,\n }),\n });\n\n const r = Router();\n\n r.get('/start', provider.start.bind(provider));\n r.get('/handler/frame', provider.frameHandler.bind(provider));\n r.post('/handler/frame', provider.frameHandler.bind(provider));\n if (provider.logout) {\n r.post('/logout', provider.logout.bind(provider));\n }\n if (provider.refresh) {\n r.get('/refresh', provider.refresh.bind(provider));\n r.post('/refresh', provider.refresh.bind(provider));\n }\n\n targetRouter.use(`/${providerId}`, r);\n } catch (e) {\n assertError(e);\n if (process.env.NODE_ENV !== 'development') {\n throw new Error(\n `Failed to initialize ${providerId} auth provider, ${e.message}`,\n );\n }\n\n logger.warn(`Skipping ${providerId} auth provider, ${e.message}`);\n\n targetRouter.use(`/${providerId}`, () => {\n // If the user added the provider under auth.providers but the clientId and clientSecret etc. were not found.\n throw new NotFoundError(\n `Auth provider registered for '${providerId}' is misconfigured. This could mean the configs under ` +\n `auth.providers.${providerId} are missing or the environment variables used are not defined. ` +\n `Check the auth backend plugin logs when the backend starts to see more details.`,\n );\n });\n }\n } else {\n targetRouter.use(`/${providerId}`, () => {\n throw new NotFoundError(\n `No auth provider registered for '${providerId}'`,\n );\n });\n }\n }\n}\n\n/**\n * @public\n * @deprecated this export will be removed\n */\nexport function createOriginFilter(\n config: Config,\n): (origin: string) => boolean {\n const appUrl = config.getString('app.baseUrl');\n const { origin: appOrigin } = new URL(appUrl);\n\n const allowedOrigins = config.getOptionalStringArray(\n 'auth.experimentalExtraAllowedOrigins',\n );\n\n const allowedOriginPatterns =\n allowedOrigins?.map(\n pattern => new Minimatch(pattern, { nocase: true, noglobstar: true }),\n ) ?? [];\n\n return origin => {\n if (origin === appOrigin) {\n return true;\n }\n return allowedOriginPatterns.some(pattern => pattern.match(origin));\n };\n}\n"],"names":["CatalogAuthResolverContext","CatalogClient","Router","assertError","NotFoundError","Minimatch"],"mappings":";;;;;;;;;;;;AA0CgB,SAAA,mBAAA,CACd,cACA,OAcA,EAAA;AACA,EAAM,MAAA;AAAA,IACJ,SAAA;AAAA,IACA,MAAA;AAAA,IACA,OAAA;AAAA,IACA,MAAA;AAAA,IACA,MAAA;AAAA,IACA,SAAA;AAAA,IACA,IAAA;AAAA,IACA,QAAA;AAAA,IACA,YAAA;AAAA,IACA,WAAA;AAAA,IACA,UAAA;AAAA,IACA;AAAA,GACE,GAAA,OAAA;AAEJ,EAAM,MAAA,eAAA,GAAkB,MAAO,CAAA,iBAAA,CAAkB,gBAAgB,CAAA;AAEjE,EAAM,MAAA,eAAA,GAAkB,mBAAmB,MAAM,CAAA;AAEjD,EAAA,KAAA,MAAW,CAAC,UAAY,EAAA,eAAe,KAAK,MAAO,CAAA,OAAA,CAAQ,SAAS,CAAG,EAAA;AACrE,IAAI,IAAA,eAAA,EAAiB,GAAI,CAAA,UAAU,CAAG,EAAA;AACpC,MAAO,MAAA,CAAA,IAAA,CAAK,CAA8B,2BAAA,EAAA,UAAU,CAAE,CAAA,CAAA;AACtD,MAAI,IAAA;AACF,QAAA,MAAM,WAAW,eAAgB,CAAA;AAAA,UAC/B,UAAA;AAAA,UACA,MAAA;AAAA,UACA,OAAA;AAAA,UACA,eAAA;AAAA,UACA,YAAc,EAAA;AAAA,YACZ,OAAA;AAAA,YACA,MAAA;AAAA,YACA;AAAA,WACF;AAAA,UACA,MAAA,EAAQ,eAAgB,CAAA,SAAA,CAAU,UAAU,CAAA;AAAA,UAC5C,MAAA;AAAA,UACA,eAAA,EAAiBA,sDAA2B,MAAO,CAAA;AAAA,YACjD,MAAA;AAAA,YACA,YACE,UAAc,IAAA,IAAIC,4BAAc,EAAE,YAAA,EAAc,WAAW,CAAA;AAAA,YAC7D,WAAA;AAAA,YACA,YAAA;AAAA,YACA,SAAA;AAAA,YACA,IAAA;AAAA,YACA,QAAA;AAAA,YACA;AAAA,WACD;AAAA,SACF,CAAA;AAED,QAAA,MAAM,IAAIC,uBAAO,EAAA;AAEjB,QAAA,CAAA,CAAE,IAAI,QAAU,EAAA,QAAA,CAAS,KAAM,CAAA,IAAA,CAAK,QAAQ,CAAC,CAAA;AAC7C,QAAA,CAAA,CAAE,IAAI,gBAAkB,EAAA,QAAA,CAAS,YAAa,CAAA,IAAA,CAAK,QAAQ,CAAC,CAAA;AAC5D,QAAA,CAAA,CAAE,KAAK,gBAAkB,EAAA,QAAA,CAAS,YAAa,CAAA,IAAA,CAAK,QAAQ,CAAC,CAAA;AAC7D,QAAA,IAAI,SAAS,MAAQ,EAAA;AACnB,UAAA,CAAA,CAAE,KAAK,SAAW,EAAA,QAAA,CAAS,MAAO,CAAA,IAAA,CAAK,QAAQ,CAAC,CAAA;AAAA;AAElD,QAAA,IAAI,SAAS,OAAS,EAAA;AACpB,UAAA,CAAA,CAAE,IAAI,UAAY,EAAA,QAAA,CAAS,OAAQ,CAAA,IAAA,CAAK,QAAQ,CAAC,CAAA;AACjD,UAAA,CAAA,CAAE,KAAK,UAAY,EAAA,QAAA,CAAS,OAAQ,CAAA,IAAA,CAAK,QAAQ,CAAC,CAAA;AAAA;AAGpD,QAAA,YAAA,CAAa,GAAI,CAAA,CAAA,CAAA,EAAI,UAAU,CAAA,CAAA,EAAI,CAAC,CAAA;AAAA,eAC7B,CAAG,EAAA;AACV,QAAAC,kBAAA,CAAY,CAAC,CAAA;AACb,QAAI,IAAA,OAAA,CAAQ,GAAI,CAAA,QAAA,KAAa,aAAe,EAAA;AAC1C,UAAA,MAAM,IAAI,KAAA;AAAA,YACR,CAAwB,qBAAA,EAAA,UAAU,CAAmB,gBAAA,EAAA,CAAA,CAAE,OAAO,CAAA;AAAA,WAChE;AAAA;AAGF,QAAA,MAAA,CAAO,KAAK,CAAY,SAAA,EAAA,UAAU,CAAmB,gBAAA,EAAA,CAAA,CAAE,OAAO,CAAE,CAAA,CAAA;AAEhE,QAAA,YAAA,CAAa,GAAI,CAAA,CAAA,CAAA,EAAI,UAAU,CAAA,CAAA,EAAI,MAAM;AAEvC,UAAA,MAAM,IAAIC,oBAAA;AAAA,YACR,CAAA,8BAAA,EAAiC,UAAU,CAAA,qEAAA,EACvB,UAAU,CAAA,+IAAA;AAAA,WAEhC;AAAA,SACD,CAAA;AAAA;AACH,KACK,MAAA;AACL,MAAA,YAAA,CAAa,GAAI,CAAA,CAAA,CAAA,EAAI,UAAU,CAAA,CAAA,EAAI,MAAM;AACvC,QAAA,MAAM,IAAIA,oBAAA;AAAA,UACR,oCAAoC,UAAU,CAAA,CAAA;AAAA,SAChD;AAAA,OACD,CAAA;AAAA;AACH;AAEJ;AAMO,SAAS,mBACd,MAC6B,EAAA;AAC7B,EAAM,MAAA,MAAA,GAAS,MAAO,CAAA,SAAA,CAAU,aAAa,CAAA;AAC7C,EAAA,MAAM,EAAE,MAAQ,EAAA,SAAA,EAAc,GAAA,IAAI,IAAI,MAAM,CAAA;AAE5C,EAAA,MAAM,iBAAiB,MAAO,CAAA,sBAAA;AAAA,IAC5B;AAAA,GACF;AAEA,EAAA,MAAM,wBACJ,cAAgB,EAAA,GAAA;AAAA,IACd,CAAA,OAAA,KAAW,IAAIC,mBAAU,CAAA,OAAA,EAAS,EAAE,MAAQ,EAAA,IAAA,EAAM,UAAY,EAAA,IAAA,EAAM;AAAA,OACjE,EAAC;AAER,EAAA,OAAO,CAAU,MAAA,KAAA;AACf,IAAA,IAAI,WAAW,SAAW,EAAA;AACxB,MAAO,OAAA,IAAA;AAAA;AAET,IAAA,OAAO,sBAAsB,IAAK,CAAA,CAAA,OAAA,KAAW,OAAQ,CAAA,KAAA,CAAM,MAAM,CAAC,CAAA;AAAA,GACpE;AACF;;;;;"}
package/dist/providers/saml/provider.cjs.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"provider.cjs.js","sources":["../../../src/providers/saml/provider.ts"],"sourcesContent":["/*\n * Copyright 2020 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport express from 'express';\nimport { SamlConfig, VerifiedCallback } from '@node-saml/passport-saml';\nimport {\n Strategy as SamlStrategy,\n Profile as SamlProfile,\n VerifyWithoutRequest,\n} from '@node-saml/passport-saml';\nimport {\n executeFrameHandlerStrategy,\n executeRedirectStrategy,\n} from '../../lib/passport';\nimport { AuthHandler } from '../types';\nimport { postMessageResponse } from '../../lib/flow';\nimport { createAuthProviderIntegration } from '../createAuthProviderIntegration';\nimport { AuthenticationError, isError } from '@backstage/errors';\nimport { prepareBackstageIdentityResponse } from '../prepareBackstageIdentityResponse';\nimport {\n AuthProviderRouteHandlers,\n AuthResolverContext,\n ClientAuthResponse,\n SignInResolver,\n} from '@backstage/plugin-auth-node';\n\n/** @public */\nexport type SamlAuthResult = {\n fullProfile: any;\n};\n\ntype Options = SamlConfig & {\n signInResolver?: SignInResolver<SamlAuthResult>;\n authHandler: AuthHandler<SamlAuthResult>;\n resolverContext: AuthResolverContext;\n appUrl: string;\n};\n\nexport class SamlAuthProvider implements AuthProviderRouteHandlers {\n private readonly strategy: SamlStrategy;\n private readonly signInResolver?: SignInResolver<SamlAuthResult>;\n private readonly authHandler: AuthHandler<SamlAuthResult>;\n private readonly resolverContext: AuthResolverContext;\n private readonly appUrl: string;\n\n constructor(options: Options) {\n this.appUrl = options.appUrl;\n this.signInResolver = options.signInResolver;\n this.authHandler = options.authHandler;\n this.resolverContext = options.resolverContext;\n\n const verifier: VerifyWithoutRequest = (\n profile: SamlProfile | null,\n done: VerifiedCallback,\n ) => {\n // TODO: There's plenty more validation and profile handling to do here,\n // this provider is currently only intended to validate the provider pattern\n // for non-oauth auth flows.\n // TODO: This flow doesn't issue an identity token that can be used to validate\n // the identity of the user in other backends, which we need in some form.\n done(null, { fullProfile: profile });\n };\n this.strategy = new SamlStrategy(options, verifier, verifier);\n }\n\n async start(req: express.Request, res: express.Response): Promise<void> {\n const { url } = await executeRedirectStrategy(req, this.strategy, {});\n res.redirect(url);\n }\n\n async frameHandler(\n req: express.Request,\n res: express.Response,\n ): Promise<void> {\n try {\n const { result } = await executeFrameHandlerStrategy<SamlAuthResult>(\n req,\n this.strategy,\n );\n\n const { profile } = await this.authHandler(result, this.resolverContext);\n\n const response: ClientAuthResponse<{}> = {\n profile,\n providerInfo: {},\n };\n\n if (this.signInResolver) {\n const signInResponse = await this.signInResolver(\n {\n result,\n profile,\n },\n this.resolverContext,\n );\n\n response.backstageIdentity =\n prepareBackstageIdentityResponse(signInResponse);\n }\n\n return postMessageResponse(res, this.appUrl, {\n type: 'authorization_response',\n response,\n });\n } catch (error) {\n const { name, message } = isError(error)\n ? error\n : new Error('Encountered invalid error'); // Being a bit safe and not forwarding the bad value\n return postMessageResponse(res, this.appUrl, {\n type: 'authorization_response',\n error: { name, message },\n });\n }\n }\n\n async logout(_req: express.Request, res: express.Response): Promise<void> {\n res.end();\n }\n}\n\ntype SignatureAlgorithm = 'sha1' | 'sha256' | 'sha512';\n\n/**\n * Auth provider integration for SAML auth\n *\n * @public\n */\nexport const saml = createAuthProviderIntegration({\n create(options?: {\n /**\n * The profile transformation function used to verify and convert the auth response\n * into the profile that will be presented to the user.\n */\n authHandler?: AuthHandler<SamlAuthResult>;\n\n /**\n * Configure sign-in for this provider, without it the provider can not be used to sign users in.\n */\n signIn?: {\n /**\n * Maps an auth result to a Backstage identity for the user.\n */\n resolver: SignInResolver<SamlAuthResult>;\n };\n }) {\n return ({ providerId, globalConfig, config, resolverContext }) => {\n const authHandler: AuthHandler<SamlAuthResult> = options?.authHandler\n ? options.authHandler\n : async ({ fullProfile }) => ({\n profile: {\n email: fullProfile.email,\n displayName: fullProfile.displayName,\n },\n });\n\n return new SamlAuthProvider({\n callbackUrl: `${globalConfig.baseUrl}/${providerId}/handler/frame`,\n entryPoint: config.getString('entryPoint'),\n logoutUrl: config.getOptionalString('logoutUrl'),\n audience: config.getString('audience'),\n issuer: config.getString('issuer'),\n idpCert: config.getString('cert'),\n privateKey: config.getOptionalString('privateKey'),\n authnContext: config.getOptionalStringArray('authnContext'),\n identifierFormat: config.getOptionalString('identifierFormat'),\n decryptionPvk: config.getOptionalString('decryptionPvk'),\n signatureAlgorithm: config.getOptionalString('signatureAlgorithm') as\n | SignatureAlgorithm\n | undefined,\n digestAlgorithm: config.getOptionalString('digestAlgorithm'),\n acceptedClockSkewMs: config.getOptionalNumber('acceptedClockSkewMs'),\n wantAuthnResponseSigned: config.getOptionalBoolean(\n 'wantAuthnResponseSigned',\n ),\n wantAssertionsSigned: config.getOptionalBoolean('wantAssertionsSigned'),\n appUrl: globalConfig.appUrl,\n authHandler,\n signInResolver: options?.signIn?.resolver,\n resolverContext,\n });\n };\n },\n resolvers: {\n /**\n * Looks up the user by matching their nameID to the entity name.\n */\n nameIdMatchingUserEntityName(): SignInResolver<SamlAuthResult> {\n return async (info, ctx) => {\n const id = info.result.fullProfile.nameID;\n\n if (!id) {\n throw new AuthenticationError('No nameID found in SAML response');\n }\n\n return ctx.signInWithCatalogUser({\n entityRef: { name: id },\n });\n };\n },\n },\n});\n"],"names":["SamlStrategy","executeRedirectStrategy","executeFrameHandlerStrategy","prepareBackstageIdentityResponse","postMessageResponse","isError","createAuthProviderIntegration","AuthenticationError"],"mappings":";;;;;;;;;AAmDO,MAAM,gBAAsD,CAAA;AAAA,EAChD,QAAA;AAAA,EACA,cAAA;AAAA,EACA,WAAA;AAAA,EACA,eAAA;AAAA,EACA,MAAA;AAAA,EAEjB,YAAY,OAAkB,EAAA;AAC5B,IAAA,IAAA,CAAK,SAAS,OAAQ,CAAA,MAAA;AACtB,IAAA,IAAA,CAAK,iBAAiB,OAAQ,CAAA,cAAA;AAC9B,IAAA,IAAA,CAAK,cAAc,OAAQ,CAAA,WAAA;AAC3B,IAAA,IAAA,CAAK,kBAAkB,OAAQ,CAAA,eAAA;AAE/B,IAAM,MAAA,QAAA,GAAiC,CACrC,OAAA,EACA,IACG,KAAA;AAMH,MAAA,IAAA,CAAK,IAAM,EAAA,EAAE,WAAa,EAAA,OAAA,EAAS,CAAA;AAAA,KACrC;AACA,IAAA,IAAA,CAAK,QAAW,GAAA,IAAIA,qBAAa,CAAA,OAAA,EAAS,UAAU,QAAQ,CAAA;AAAA;AAC9D,EAEA,MAAM,KAAM,CAAA,GAAA,EAAsB,GAAsC,EAAA;AACtE,IAAM,MAAA,EAAE,KAAQ,GAAA,MAAMC,+CAAwB,GAAK,EAAA,IAAA,CAAK,QAAU,EAAA,EAAE,CAAA;AACpE,IAAA,GAAA,CAAI,SAAS,GAAG,CAAA;AAAA;AAClB,EAEA,MAAM,YACJ,CAAA,GAAA,EACA,GACe,EAAA;AACf,IAAI,IAAA;AACF,MAAM,MAAA,EAAE,MAAO,EAAA,GAAI,MAAMC,kDAAA;AAAA,QACvB,GAAA;AAAA,QACA,IAAK,CAAA;AAAA,OACP;AAEA,MAAM,MAAA,EAAE,SAAY,GAAA,MAAM,KAAK,WAAY,CAAA,MAAA,EAAQ,KAAK,eAAe,CAAA;AAEvE,MAAA,MAAM,QAAmC,GAAA;AAAA,QACvC,OAAA;AAAA,QACA,cAAc;AAAC,OACjB;AAEA,MAAA,IAAI,KAAK,cAAgB,EAAA;AACvB,QAAM,MAAA,cAAA,GAAiB,MAAM,IAAK,CAAA,cAAA;AAAA,UAChC;AAAA,YACE,MAAA;AAAA,YACA;AAAA,WACF;AAAA,UACA,IAAK,CAAA;AAAA,SACP;AAEA,QAAS,QAAA,CAAA,iBAAA,GACPC,kEAAiC,cAAc,CAAA;AAAA;AAGnD,MAAO,OAAAC,mCAAA,CAAoB,GAAK,EAAA,IAAA,CAAK,MAAQ,EAAA;AAAA,QAC3C,IAAM,EAAA,wBAAA;AAAA,QACN;AAAA,OACD,CAAA;AAAA,aACM,KAAO,EAAA;AACd,MAAM,MAAA,EAAE,IAAM,EAAA,OAAA,EAAY,GAAAC,cAAA,CAAQ,KAAK,CACnC,GAAA,KAAA,GACA,IAAI,KAAA,CAAM,2BAA2B,CAAA;AACzC,MAAO,OAAAD,mCAAA,CAAoB,GAAK,EAAA,IAAA,CAAK,MAAQ,EAAA;AAAA,QAC3C,IAAM,EAAA,wBAAA;AAAA,QACN,KAAA,EAAO,EAAE,IAAA,EAAM,OAAQ;AAAA,OACxB,CAAA;AAAA;AACH;AACF,EAEA,MAAM,MAAO,CAAA,IAAA,EAAuB,GAAsC,EAAA;AACxE,IAAA,GAAA,CAAI,GAAI,EAAA;AAAA;AAEZ;AASO,MAAM,OAAOE,2DAA8B,CAAA;AAAA,EAChD,OAAO,OAgBJ,EAAA;AACD,IAAA,OAAO,CAAC,EAAE,UAAA,EAAY,YAAc,EAAA,MAAA,EAAQ,iBAAsB,KAAA;AAChE,MAAM,MAAA,WAAA,GAA2C,SAAS,WACtD,GAAA,OAAA,CAAQ,cACR,OAAO,EAAE,aAAmB,MAAA;AAAA,QAC1B,OAAS,EAAA;AAAA,UACP,OAAO,WAAY,CAAA,KAAA;AAAA,UACnB,aAAa,WAAY,CAAA;AAAA;AAC3B,OACF,CAAA;AAEJ,MAAA,OAAO,IAAI,gBAAiB,CAAA;AAAA,QAC1B,WAAa,EAAA,CAAA,EAAG,YAAa,CAAA,OAAO,IAAI,UAAU,CAAA,cAAA,CAAA;AAAA,QAClD,UAAA,EAAY,MAAO,CAAA,SAAA,CAAU,YAAY,CAAA;AAAA,QACzC,SAAA,EAAW,MAAO,CAAA,iBAAA,CAAkB,WAAW,CAAA;AAAA,QAC/C,QAAA,EAAU,MAAO,CAAA,SAAA,CAAU,UAAU,CAAA;AAAA,QACrC,MAAA,EAAQ,MAAO,CAAA,SAAA,CAAU,QAAQ,CAAA;AAAA,QACjC,OAAA,EAAS,MAAO,CAAA,SAAA,CAAU,MAAM,CAAA;AAAA,QAChC,UAAA,EAAY,MAAO,CAAA,iBAAA,CAAkB,YAAY,CAAA;AAAA,QACjD,YAAA,EAAc,MAAO,CAAA,sBAAA,CAAuB,cAAc,CAAA;AAAA,QAC1D,gBAAA,EAAkB,MAAO,CAAA,iBAAA,CAAkB,kBAAkB,CAAA;AAAA,QAC7D,aAAA,EAAe,MAAO,CAAA,iBAAA,CAAkB,eAAe,CAAA;AAAA,QACvD,kBAAA,EAAoB,MAAO,CAAA,iBAAA,CAAkB,oBAAoB,CAAA;AAAA,QAGjE,eAAA,EAAiB,MAAO,CAAA,iBAAA,CAAkB,iBAAiB,CAAA;AAAA,QAC3D,mBAAA,EAAqB,MAAO,CAAA,iBAAA,CAAkB,qBAAqB,CAAA;AAAA,QACnE,yBAAyB,MAAO,CAAA,kBAAA;AAAA,UAC9B;AAAA,SACF;AAAA,QACA,oBAAA,EAAsB,MAAO,CAAA,kBAAA,CAAmB,sBAAsB,CAAA;AAAA,QACtE,QAAQ,YAAa,CAAA,MAAA;AAAA,QACrB,WAAA;AAAA,QACA,cAAA,EAAgB,SAAS,MAAQ,EAAA,QAAA;AAAA,QACjC;AAAA,OACD,CAAA;AAAA,KACH;AAAA,GACF;AAAA,EACA,SAAW,EAAA;AAAA;AAAA;AAAA;AAAA,IAIT,4BAA+D,GAAA;AAC7D,MAAO,OAAA,OAAO,MAAM,GAAQ,KAAA;AAC1B,QAAM,MAAA,EAAA,GAAK,IAAK,CAAA,MAAA,CAAO,WAAY,CAAA,MAAA;AAEnC,QAAA,IAAI,CAAC,EAAI,EAAA;AACP,UAAM,MAAA,IAAIC,2BAAoB,kCAAkC,CAAA;AAAA;AAGlE,QAAA,OAAO,IAAI,qBAAsB,CAAA;AAAA,UAC/B,SAAA,EAAW,EAAE,IAAA,EAAM,EAAG;AAAA,SACvB,CAAA;AAAA,OACH;AAAA;AACF;AAEJ,CAAC;;;;;"}
1
+ {"version":3,"file":"provider.cjs.js","sources":["../../../src/providers/saml/provider.ts"],"sourcesContent":["/*\n * Copyright 2020 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport express from 'express';\nimport { SamlConfig, VerifiedCallback } from '@node-saml/passport-saml';\nimport {\n Strategy as SamlStrategy,\n Profile as SamlProfile,\n VerifyWithoutRequest,\n} from '@node-saml/passport-saml';\nimport {\n executeFrameHandlerStrategy,\n executeRedirectStrategy,\n} from '../../lib/passport';\nimport { AuthHandler } from '../types';\nimport { postMessageResponse } from '../../lib/flow';\nimport { createAuthProviderIntegration } from '../createAuthProviderIntegration';\nimport { AuthenticationError, isError } from '@backstage/errors';\nimport { prepareBackstageIdentityResponse } from '../prepareBackstageIdentityResponse';\nimport {\n AuthProviderRouteHandlers,\n AuthResolverContext,\n ClientAuthResponse,\n SignInResolver,\n} from '@backstage/plugin-auth-node';\n\n/**\n * @public\n * @deprecated Migrate the auth plugin to the new backend system https://backstage.io/docs/backend-system/building-backends/migrating#the-auth-plugin\n */\nexport type SamlAuthResult = {\n fullProfile: any;\n};\n\ntype Options = SamlConfig & {\n signInResolver?: SignInResolver<SamlAuthResult>;\n authHandler: AuthHandler<SamlAuthResult>;\n resolverContext: AuthResolverContext;\n appUrl: string;\n};\n\nexport class SamlAuthProvider implements AuthProviderRouteHandlers {\n private readonly strategy: SamlStrategy;\n private readonly signInResolver?: SignInResolver<SamlAuthResult>;\n private readonly authHandler: AuthHandler<SamlAuthResult>;\n private readonly resolverContext: AuthResolverContext;\n private readonly appUrl: string;\n\n constructor(options: Options) {\n this.appUrl = options.appUrl;\n this.signInResolver = options.signInResolver;\n this.authHandler = options.authHandler;\n this.resolverContext = options.resolverContext;\n\n const verifier: VerifyWithoutRequest = (\n profile: SamlProfile | null,\n done: VerifiedCallback,\n ) => {\n // TODO: There's plenty more validation and profile handling to do here,\n // this provider is currently only intended to validate the provider pattern\n // for non-oauth auth flows.\n // TODO: This flow doesn't issue an identity token that can be used to validate\n // the identity of the user in other backends, which we need in some form.\n done(null, { fullProfile: profile });\n };\n this.strategy = new SamlStrategy(options, verifier, verifier);\n }\n\n async start(req: express.Request, res: express.Response): Promise<void> {\n const { url } = await executeRedirectStrategy(req, this.strategy, {});\n res.redirect(url);\n }\n\n async frameHandler(\n req: express.Request,\n res: express.Response,\n ): Promise<void> {\n try {\n const { result } = await executeFrameHandlerStrategy<SamlAuthResult>(\n req,\n this.strategy,\n );\n\n const { profile } = await this.authHandler(result, this.resolverContext);\n\n const response: ClientAuthResponse<{}> = {\n profile,\n providerInfo: {},\n };\n\n if (this.signInResolver) {\n const signInResponse = await this.signInResolver(\n {\n result,\n profile,\n },\n this.resolverContext,\n );\n\n response.backstageIdentity =\n prepareBackstageIdentityResponse(signInResponse);\n }\n\n return postMessageResponse(res, this.appUrl, {\n type: 'authorization_response',\n response,\n });\n } catch (error) {\n const { name, message } = isError(error)\n ? error\n : new Error('Encountered invalid error'); // Being a bit safe and not forwarding the bad value\n return postMessageResponse(res, this.appUrl, {\n type: 'authorization_response',\n error: { name, message },\n });\n }\n }\n\n async logout(_req: express.Request, res: express.Response): Promise<void> {\n res.end();\n }\n}\n\ntype SignatureAlgorithm = 'sha1' | 'sha256' | 'sha512';\n\n/**\n * Auth provider integration for SAML auth\n *\n * @public\n */\nexport const saml = createAuthProviderIntegration({\n create(options?: {\n /**\n * The profile transformation function used to verify and convert the auth response\n * into the profile that will be presented to the user.\n */\n authHandler?: AuthHandler<SamlAuthResult>;\n\n /**\n * Configure sign-in for this provider, without it the provider can not be used to sign users in.\n */\n signIn?: {\n /**\n * Maps an auth result to a Backstage identity for the user.\n */\n resolver: SignInResolver<SamlAuthResult>;\n };\n }) {\n return ({ providerId, globalConfig, config, resolverContext }) => {\n const authHandler: AuthHandler<SamlAuthResult> = options?.authHandler\n ? options.authHandler\n : async ({ fullProfile }) => ({\n profile: {\n email: fullProfile.email,\n displayName: fullProfile.displayName,\n },\n });\n\n return new SamlAuthProvider({\n callbackUrl: `${globalConfig.baseUrl}/${providerId}/handler/frame`,\n entryPoint: config.getString('entryPoint'),\n logoutUrl: config.getOptionalString('logoutUrl'),\n audience: config.getString('audience'),\n issuer: config.getString('issuer'),\n idpCert: config.getString('cert'),\n privateKey: config.getOptionalString('privateKey'),\n authnContext: config.getOptionalStringArray('authnContext'),\n identifierFormat: config.getOptionalString('identifierFormat'),\n decryptionPvk: config.getOptionalString('decryptionPvk'),\n signatureAlgorithm: config.getOptionalString('signatureAlgorithm') as\n | SignatureAlgorithm\n | undefined,\n digestAlgorithm: config.getOptionalString('digestAlgorithm'),\n acceptedClockSkewMs: config.getOptionalNumber('acceptedClockSkewMs'),\n wantAuthnResponseSigned: config.getOptionalBoolean(\n 'wantAuthnResponseSigned',\n ),\n wantAssertionsSigned: config.getOptionalBoolean('wantAssertionsSigned'),\n appUrl: globalConfig.appUrl,\n authHandler,\n signInResolver: options?.signIn?.resolver,\n resolverContext,\n });\n };\n },\n resolvers: {\n /**\n * Looks up the user by matching their nameID to the entity name.\n */\n nameIdMatchingUserEntityName(): SignInResolver<SamlAuthResult> {\n return async (info, ctx) => {\n const id = info.result.fullProfile.nameID;\n\n if (!id) {\n throw new AuthenticationError('No nameID found in SAML response');\n }\n\n return ctx.signInWithCatalogUser({\n entityRef: { name: id },\n });\n };\n },\n },\n});\n"],"names":["SamlStrategy","executeRedirectStrategy","executeFrameHandlerStrategy","prepareBackstageIdentityResponse","postMessageResponse","isError","createAuthProviderIntegration","AuthenticationError"],"mappings":";;;;;;;;;AAsDO,MAAM,gBAAsD,CAAA;AAAA,EAChD,QAAA;AAAA,EACA,cAAA;AAAA,EACA,WAAA;AAAA,EACA,eAAA;AAAA,EACA,MAAA;AAAA,EAEjB,YAAY,OAAkB,EAAA;AAC5B,IAAA,IAAA,CAAK,SAAS,OAAQ,CAAA,MAAA;AACtB,IAAA,IAAA,CAAK,iBAAiB,OAAQ,CAAA,cAAA;AAC9B,IAAA,IAAA,CAAK,cAAc,OAAQ,CAAA,WAAA;AAC3B,IAAA,IAAA,CAAK,kBAAkB,OAAQ,CAAA,eAAA;AAE/B,IAAM,MAAA,QAAA,GAAiC,CACrC,OAAA,EACA,IACG,KAAA;AAMH,MAAA,IAAA,CAAK,IAAM,EAAA,EAAE,WAAa,EAAA,OAAA,EAAS,CAAA;AAAA,KACrC;AACA,IAAA,IAAA,CAAK,QAAW,GAAA,IAAIA,qBAAa,CAAA,OAAA,EAAS,UAAU,QAAQ,CAAA;AAAA;AAC9D,EAEA,MAAM,KAAM,CAAA,GAAA,EAAsB,GAAsC,EAAA;AACtE,IAAM,MAAA,EAAE,KAAQ,GAAA,MAAMC,+CAAwB,GAAK,EAAA,IAAA,CAAK,QAAU,EAAA,EAAE,CAAA;AACpE,IAAA,GAAA,CAAI,SAAS,GAAG,CAAA;AAAA;AAClB,EAEA,MAAM,YACJ,CAAA,GAAA,EACA,GACe,EAAA;AACf,IAAI,IAAA;AACF,MAAM,MAAA,EAAE,MAAO,EAAA,GAAI,MAAMC,kDAAA;AAAA,QACvB,GAAA;AAAA,QACA,IAAK,CAAA;AAAA,OACP;AAEA,MAAM,MAAA,EAAE,SAAY,GAAA,MAAM,KAAK,WAAY,CAAA,MAAA,EAAQ,KAAK,eAAe,CAAA;AAEvE,MAAA,MAAM,QAAmC,GAAA;AAAA,QACvC,OAAA;AAAA,QACA,cAAc;AAAC,OACjB;AAEA,MAAA,IAAI,KAAK,cAAgB,EAAA;AACvB,QAAM,MAAA,cAAA,GAAiB,MAAM,IAAK,CAAA,cAAA;AAAA,UAChC;AAAA,YACE,MAAA;AAAA,YACA;AAAA,WACF;AAAA,UACA,IAAK,CAAA;AAAA,SACP;AAEA,QAAS,QAAA,CAAA,iBAAA,GACPC,kEAAiC,cAAc,CAAA;AAAA;AAGnD,MAAO,OAAAC,mCAAA,CAAoB,GAAK,EAAA,IAAA,CAAK,MAAQ,EAAA;AAAA,QAC3C,IAAM,EAAA,wBAAA;AAAA,QACN;AAAA,OACD,CAAA;AAAA,aACM,KAAO,EAAA;AACd,MAAM,MAAA,EAAE,IAAM,EAAA,OAAA,EAAY,GAAAC,cAAA,CAAQ,KAAK,CACnC,GAAA,KAAA,GACA,IAAI,KAAA,CAAM,2BAA2B,CAAA;AACzC,MAAO,OAAAD,mCAAA,CAAoB,GAAK,EAAA,IAAA,CAAK,MAAQ,EAAA;AAAA,QAC3C,IAAM,EAAA,wBAAA;AAAA,QACN,KAAA,EAAO,EAAE,IAAA,EAAM,OAAQ;AAAA,OACxB,CAAA;AAAA;AACH;AACF,EAEA,MAAM,MAAO,CAAA,IAAA,EAAuB,GAAsC,EAAA;AACxE,IAAA,GAAA,CAAI,GAAI,EAAA;AAAA;AAEZ;AASO,MAAM,OAAOE,2DAA8B,CAAA;AAAA,EAChD,OAAO,OAgBJ,EAAA;AACD,IAAA,OAAO,CAAC,EAAE,UAAA,EAAY,YAAc,EAAA,MAAA,EAAQ,iBAAsB,KAAA;AAChE,MAAM,MAAA,WAAA,GAA2C,SAAS,WACtD,GAAA,OAAA,CAAQ,cACR,OAAO,EAAE,aAAmB,MAAA;AAAA,QAC1B,OAAS,EAAA;AAAA,UACP,OAAO,WAAY,CAAA,KAAA;AAAA,UACnB,aAAa,WAAY,CAAA;AAAA;AAC3B,OACF,CAAA;AAEJ,MAAA,OAAO,IAAI,gBAAiB,CAAA;AAAA,QAC1B,WAAa,EAAA,CAAA,EAAG,YAAa,CAAA,OAAO,IAAI,UAAU,CAAA,cAAA,CAAA;AAAA,QAClD,UAAA,EAAY,MAAO,CAAA,SAAA,CAAU,YAAY,CAAA;AAAA,QACzC,SAAA,EAAW,MAAO,CAAA,iBAAA,CAAkB,WAAW,CAAA;AAAA,QAC/C,QAAA,EAAU,MAAO,CAAA,SAAA,CAAU,UAAU,CAAA;AAAA,QACrC,MAAA,EAAQ,MAAO,CAAA,SAAA,CAAU,QAAQ,CAAA;AAAA,QACjC,OAAA,EAAS,MAAO,CAAA,SAAA,CAAU,MAAM,CAAA;AAAA,QAChC,UAAA,EAAY,MAAO,CAAA,iBAAA,CAAkB,YAAY,CAAA;AAAA,QACjD,YAAA,EAAc,MAAO,CAAA,sBAAA,CAAuB,cAAc,CAAA;AAAA,QAC1D,gBAAA,EAAkB,MAAO,CAAA,iBAAA,CAAkB,kBAAkB,CAAA;AAAA,QAC7D,aAAA,EAAe,MAAO,CAAA,iBAAA,CAAkB,eAAe,CAAA;AAAA,QACvD,kBAAA,EAAoB,MAAO,CAAA,iBAAA,CAAkB,oBAAoB,CAAA;AAAA,QAGjE,eAAA,EAAiB,MAAO,CAAA,iBAAA,CAAkB,iBAAiB,CAAA;AAAA,QAC3D,mBAAA,EAAqB,MAAO,CAAA,iBAAA,CAAkB,qBAAqB,CAAA;AAAA,QACnE,yBAAyB,MAAO,CAAA,kBAAA;AAAA,UAC9B;AAAA,SACF;AAAA,QACA,oBAAA,EAAsB,MAAO,CAAA,kBAAA,CAAmB,sBAAsB,CAAA;AAAA,QACtE,QAAQ,YAAa,CAAA,MAAA;AAAA,QACrB,WAAA;AAAA,QACA,cAAA,EAAgB,SAAS,MAAQ,EAAA,QAAA;AAAA,QACjC;AAAA,OACD,CAAA;AAAA,KACH;AAAA,GACF;AAAA,EACA,SAAW,EAAA;AAAA;AAAA;AAAA;AAAA,IAIT,4BAA+D,GAAA;AAC7D,MAAO,OAAA,OAAO,MAAM,GAAQ,KAAA;AAC1B,QAAM,MAAA,EAAA,GAAK,IAAK,CAAA,MAAA,CAAO,WAAY,CAAA,MAAA;AAEnC,QAAA,IAAI,CAAC,EAAI,EAAA;AACP,UAAM,MAAA,IAAIC,2BAAoB,kCAAkC,CAAA;AAAA;AAGlE,QAAA,OAAO,IAAI,qBAAsB,CAAA;AAAA,UAC/B,SAAA,EAAW,EAAE,IAAA,EAAM,EAAG;AAAA,SACvB,CAAA;AAAA,OACH;AAAA;AACF;AAEJ,CAAC;;;;;"}
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@backstage/plugin-auth-backend",
3
- "version": "0.24.4-next.0",
3
+ "version": "0.24.4-next.1",
4
4
  "description": "A Backstage backend plugin that handles authentication",
5
5
  "backstage": {
6
6
  "role": "backend-plugin",
@@ -47,30 +47,30 @@
47
47
  },
48
48
  "dependencies": {
49
49
  "@backstage/backend-common": "^0.25.0",
50
- "@backstage/backend-plugin-api": "1.2.1-next.0",
50
+ "@backstage/backend-plugin-api": "1.2.1-next.1",
51
51
  "@backstage/catalog-client": "1.9.1",
52
52
  "@backstage/catalog-model": "1.7.3",
53
53
  "@backstage/config": "1.3.2",
54
54
  "@backstage/errors": "1.2.7",
55
- "@backstage/plugin-auth-backend-module-atlassian-provider": "0.4.1-next.0",
56
- "@backstage/plugin-auth-backend-module-auth0-provider": "0.2.1-next.0",
57
- "@backstage/plugin-auth-backend-module-aws-alb-provider": "0.4.1-next.0",
58
- "@backstage/plugin-auth-backend-module-azure-easyauth-provider": "0.2.6-next.0",
59
- "@backstage/plugin-auth-backend-module-bitbucket-provider": "0.3.1-next.0",
60
- "@backstage/plugin-auth-backend-module-bitbucket-server-provider": "0.2.1-next.0",
61
- "@backstage/plugin-auth-backend-module-cloudflare-access-provider": "0.4.1-next.0",
62
- "@backstage/plugin-auth-backend-module-gcp-iap-provider": "0.4.1-next.0",
63
- "@backstage/plugin-auth-backend-module-github-provider": "0.3.1-next.0",
64
- "@backstage/plugin-auth-backend-module-gitlab-provider": "0.3.1-next.0",
65
- "@backstage/plugin-auth-backend-module-google-provider": "0.3.1-next.0",
66
- "@backstage/plugin-auth-backend-module-microsoft-provider": "0.3.1-next.0",
67
- "@backstage/plugin-auth-backend-module-oauth2-provider": "0.4.1-next.0",
68
- "@backstage/plugin-auth-backend-module-oauth2-proxy-provider": "0.2.6-next.0",
69
- "@backstage/plugin-auth-backend-module-oidc-provider": "0.4.1-next.0",
70
- "@backstage/plugin-auth-backend-module-okta-provider": "0.2.1-next.0",
71
- "@backstage/plugin-auth-backend-module-onelogin-provider": "0.3.1-next.0",
72
- "@backstage/plugin-auth-node": "0.6.1-next.0",
73
- "@backstage/plugin-catalog-node": "1.16.1-next.0",
55
+ "@backstage/plugin-auth-backend-module-atlassian-provider": "0.4.1-next.1",
56
+ "@backstage/plugin-auth-backend-module-auth0-provider": "0.2.1-next.1",
57
+ "@backstage/plugin-auth-backend-module-aws-alb-provider": "0.4.1-next.1",
58
+ "@backstage/plugin-auth-backend-module-azure-easyauth-provider": "0.2.6-next.1",
59
+ "@backstage/plugin-auth-backend-module-bitbucket-provider": "0.3.1-next.1",
60
+ "@backstage/plugin-auth-backend-module-bitbucket-server-provider": "0.2.1-next.1",
61
+ "@backstage/plugin-auth-backend-module-cloudflare-access-provider": "0.4.1-next.1",
62
+ "@backstage/plugin-auth-backend-module-gcp-iap-provider": "0.4.1-next.1",
63
+ "@backstage/plugin-auth-backend-module-github-provider": "0.3.1-next.1",
64
+ "@backstage/plugin-auth-backend-module-gitlab-provider": "0.3.1-next.1",
65
+ "@backstage/plugin-auth-backend-module-google-provider": "0.3.1-next.1",
66
+ "@backstage/plugin-auth-backend-module-microsoft-provider": "0.3.1-next.1",
67
+ "@backstage/plugin-auth-backend-module-oauth2-provider": "0.4.1-next.1",
68
+ "@backstage/plugin-auth-backend-module-oauth2-proxy-provider": "0.2.6-next.1",
69
+ "@backstage/plugin-auth-backend-module-oidc-provider": "0.4.1-next.1",
70
+ "@backstage/plugin-auth-backend-module-okta-provider": "0.2.1-next.1",
71
+ "@backstage/plugin-auth-backend-module-onelogin-provider": "0.3.1-next.1",
72
+ "@backstage/plugin-auth-node": "0.6.1-next.1",
73
+ "@backstage/plugin-catalog-node": "1.16.1-next.1",
74
74
  "@backstage/types": "1.2.1",
75
75
  "@google-cloud/firestore": "^7.0.0",
76
76
  "@node-saml/passport-saml": "^5.0.0",
@@ -105,9 +105,9 @@
105
105
  "yn": "^4.0.0"
106
106
  },
107
107
  "devDependencies": {
108
- "@backstage/backend-defaults": "0.8.2-next.0",
109
- "@backstage/backend-test-utils": "1.3.1-next.0",
110
- "@backstage/cli": "0.30.0",
108
+ "@backstage/backend-defaults": "0.8.2-next.1",
109
+ "@backstage/backend-test-utils": "1.3.1-next.1",
110
+ "@backstage/cli": "0.30.1-next.0",
111
111
  "@types/body-parser": "^1.19.0",
112
112
  "@types/cookie-parser": "^1.4.2",
113
113
  "@types/express-session": "^1.17.2",