@backstage/plugin-auth-backend 0.24.5 → 0.25.0-next.0

package/dist/lib/legacy/adaptLegacyOAuthSignInResolver.cjs.js

@@ -1,24 +0,0 @@
-'use strict';
-
-function adaptLegacyOAuthSignInResolver(signInResolver) {
-  return signInResolver && (async (input, ctx) => signInResolver(
-    {
-      profile: input.profile,
-      result: {
-        fullProfile: input.result.fullProfile,
-        accessToken: input.result.session.accessToken,
-        refreshToken: input.result.session.refreshToken,
-        params: {
-          scope: input.result.session.scope,
-          id_token: input.result.session.idToken,
-          token_type: input.result.session.tokenType,
-          expires_in: input.result.session.expiresInSeconds
-        }
-      }
-    },
-    ctx
-  ));
-}
-
-exports.adaptLegacyOAuthSignInResolver = adaptLegacyOAuthSignInResolver;
-//# sourceMappingURL=adaptLegacyOAuthSignInResolver.cjs.js.map

package/dist/lib/legacy/adaptLegacyOAuthSignInResolver.cjs.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"adaptLegacyOAuthSignInResolver.cjs.js","sources":["../../../src/lib/legacy/adaptLegacyOAuthSignInResolver.ts"],"sourcesContent":["/*\n * Copyright 2023 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n *     http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport {\n  OAuthAuthenticatorResult,\n  PassportProfile,\n  SignInResolver,\n} from '@backstage/plugin-auth-node';\nimport { OAuthResult } from '../oauth';\n\n/** @internal */\nexport function adaptLegacyOAuthSignInResolver(\n  signInResolver?: SignInResolver<OAuthResult>,\n): SignInResolver<OAuthAuthenticatorResult<PassportProfile>> | undefined {\n  return (\n    signInResolver &&\n    (async (input, ctx) =>\n      signInResolver(\n        {\n          profile: input.profile,\n          result: {\n            fullProfile: input.result.fullProfile,\n            accessToken: input.result.session.accessToken,\n            refreshToken: input.result.session.refreshToken,\n            params: {\n              scope: input.result.session.scope,\n              id_token: input.result.session.idToken,\n              token_type: input.result.session.tokenType,\n              expires_in: input.result.session.expiresInSeconds!,\n            },\n          },\n        },\n        ctx,\n      ))\n  );\n}\n"],"names":[],"mappings":";;AAwBO,SAAS,+BACd,cACuE,EAAA;AACvE,EACE,OAAA,cAAA,KACC,OAAO,KAAA,EAAO,GACb,KAAA,cAAA;AAAA,IACE;AAAA,MACE,SAAS,KAAM,CAAA,OAAA;AAAA,MACf,MAAQ,EAAA;AAAA,QACN,WAAA,EAAa,MAAM,MAAO,CAAA,WAAA;AAAA,QAC1B,WAAA,EAAa,KAAM,CAAA,MAAA,CAAO,OAAQ,CAAA,WAAA;AAAA,QAClC,YAAA,EAAc,KAAM,CAAA,MAAA,CAAO,OAAQ,CAAA,YAAA;AAAA,QACnC,MAAQ,EAAA;AAAA,UACN,KAAA,EAAO,KAAM,CAAA,MAAA,CAAO,OAAQ,CAAA,KAAA;AAAA,UAC5B,QAAA,EAAU,KAAM,CAAA,MAAA,CAAO,OAAQ,CAAA,OAAA;AAAA,UAC/B,UAAA,EAAY,KAAM,CAAA,MAAA,CAAO,OAAQ,CAAA,SAAA;AAAA,UACjC,UAAA,EAAY,KAAM,CAAA,MAAA,CAAO,OAAQ,CAAA;AAAA;AACnC;AACF,KACF;AAAA,IACA;AAAA,GACF,CAAA;AAEN;;;;"}

package/dist/lib/legacy/adaptOAuthSignInResolverToLegacy.cjs.js

@@ -1,29 +0,0 @@
-'use strict';
-
-function adaptOAuthSignInResolverToLegacy(resolvers) {
-  const legacyResolvers = {};
-  for (const name of Object.keys(resolvers)) {
-    const resolver = resolvers[name];
-    legacyResolvers[name] = () => async (input, ctx) => resolver(
-      {
-        profile: input.profile,
-        result: {
-          fullProfile: input.result.fullProfile,
-          session: {
-            accessToken: input.result.accessToken,
-            expiresInSeconds: input.result.params.expires_in,
-            scope: input.result.params.scope,
-            idToken: input.result.params.id_token,
-            tokenType: input.result.params.token_type ?? "bearer",
-            refreshToken: input.result.refreshToken
-          }
-        }
-      },
-      ctx
-    );
-  }
-  return legacyResolvers;
-}
-
-exports.adaptOAuthSignInResolverToLegacy = adaptOAuthSignInResolverToLegacy;
-//# sourceMappingURL=adaptOAuthSignInResolverToLegacy.cjs.js.map

package/dist/lib/legacy/adaptOAuthSignInResolverToLegacy.cjs.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"adaptOAuthSignInResolverToLegacy.cjs.js","sources":["../../../src/lib/legacy/adaptOAuthSignInResolverToLegacy.ts"],"sourcesContent":["/*\n * Copyright 2023 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n *     http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport {\n  OAuthAuthenticatorResult,\n  PassportProfile,\n  SignInResolver,\n} from '@backstage/plugin-auth-node';\nimport { OAuthResult } from '../oauth';\n\n/** @internal */\nexport function adaptOAuthSignInResolverToLegacy<\n  TKeys extends string,\n>(resolvers: {\n  [key in TKeys]: SignInResolver<OAuthAuthenticatorResult<PassportProfile>>;\n}): { [key in TKeys]: () => SignInResolver<OAuthResult> } {\n  const legacyResolvers = {} as {\n    [key in TKeys]: () => SignInResolver<OAuthResult>;\n  };\n  for (const name of Object.keys(resolvers) as TKeys[]) {\n    const resolver = resolvers[name];\n    legacyResolvers[name] = () => async (input, ctx) =>\n      resolver(\n        {\n          profile: input.profile,\n          result: {\n            fullProfile: input.result.fullProfile,\n            session: {\n              accessToken: input.result.accessToken,\n              expiresInSeconds: input.result.params.expires_in,\n              scope: input.result.params.scope,\n              idToken: input.result.params.id_token,\n              tokenType: input.result.params.token_type ?? 'bearer',\n              refreshToken: input.result.refreshToken,\n            },\n          },\n        },\n        ctx,\n      );\n  }\n  return legacyResolvers;\n}\n"],"names":[],"mappings":";;AAwBO,SAAS,iCAEd,SAEwD,EAAA;AACxD,EAAA,MAAM,kBAAkB,EAAC;AAGzB,EAAA,KAAA,MAAW,IAAQ,IAAA,MAAA,CAAO,IAAK,CAAA,SAAS,CAAc,EAAA;AACpD,IAAM,MAAA,QAAA,GAAW,UAAU,IAAI,CAAA;AAC/B,IAAA,eAAA,CAAgB,IAAI,CAAA,GAAI,MAAM,OAAO,OAAO,GAC1C,KAAA,QAAA;AAAA,MACE;AAAA,QACE,SAAS,KAAM,CAAA,OAAA;AAAA,QACf,MAAQ,EAAA;AAAA,UACN,WAAA,EAAa,MAAM,MAAO,CAAA,WAAA;AAAA,UAC1B,OAAS,EAAA;AAAA,YACP,WAAA,EAAa,MAAM,MAAO,CAAA,WAAA;AAAA,YAC1B,gBAAA,EAAkB,KAAM,CAAA,MAAA,CAAO,MAAO,CAAA,UAAA;AAAA,YACtC,KAAA,EAAO,KAAM,CAAA,MAAA,CAAO,MAAO,CAAA,KAAA;AAAA,YAC3B,OAAA,EAAS,KAAM,CAAA,MAAA,CAAO,MAAO,CAAA,QAAA;AAAA,YAC7B,SAAW,EAAA,KAAA,CAAM,MAAO,CAAA,MAAA,CAAO,UAAc,IAAA,QAAA;AAAA,YAC7C,YAAA,EAAc,MAAM,MAAO,CAAA;AAAA;AAC7B;AACF,OACF;AAAA,MACA;AAAA,KACF;AAAA;AAEJ,EAAO,OAAA,eAAA;AACT;;;;"}

package/dist/lib/oauth/OAuthAdapter.cjs.js

@@ -1,220 +0,0 @@
-'use strict';
-
-var crypto = require('crypto');
-var url = require('url');
-var errors = require('@backstage/errors');
-var helpers = require('./helpers.cjs.js');
-var authFlowHelpers = require('../flow/authFlowHelpers.cjs.js');
-var prepareBackstageIdentityResponse = require('../../providers/prepareBackstageIdentityResponse.cjs.js');
-
-function _interopDefaultCompat (e) { return e && typeof e === 'object' && 'default' in e ? e : { default: e }; }
-
-var crypto__default = /*#__PURE__*/_interopDefaultCompat(crypto);
-
-const THOUSAND_DAYS_MS = 1e3 * 24 * 60 * 60 * 1e3;
-const TEN_MINUTES_MS = 600 * 1e3;
-class OAuthAdapter {
-  constructor(handlers, options) {
-    this.handlers = handlers;
-    this.options = options;
-    this.baseCookieOptions = {
-      httpOnly: true,
-      sameSite: "lax"
-    };
-  }
-  static fromConfig(config, handlers, options) {
-    const { appUrl, baseUrl, isOriginAllowed } = config;
-    const { origin: appOrigin } = new url.URL(appUrl);
-    const cookieConfigurer = config.cookieConfigurer ?? helpers.defaultCookieConfigurer;
-    return new OAuthAdapter(handlers, {
-      ...options,
-      appOrigin,
-      baseUrl,
-      cookieConfigurer,
-      isOriginAllowed
-    });
-  }
-  baseCookieOptions;
-  async start(req, res) {
-    const scope = req.query.scope?.toString() ?? "";
-    const env = req.query.env?.toString();
-    const origin = req.query.origin?.toString();
-    const redirectUrl = req.query.redirectUrl?.toString();
-    const flow = req.query.flow?.toString();
-    if (!env) {
-      throw new errors.InputError("No env provided in request query parameters");
-    }
-    const cookieConfig = this.getCookieConfig(origin);
-    const nonce = crypto__default.default.randomBytes(16).toString("base64");
-    this.setNonceCookie(res, nonce, cookieConfig);
-    const state = { nonce, env, origin, redirectUrl, flow };
-    if (this.options.persistScopes) {
-      state.scope = scope;
-    }
-    const forwardReq = Object.assign(req, { scope, state });
-    const { url, status } = await this.handlers.start(
-      forwardReq
-    );
-    res.statusCode = status || 302;
-    res.setHeader("Location", url);
-    res.setHeader("Content-Length", "0");
-    res.end();
-  }
-  async frameHandler(req, res) {
-    let appOrigin = this.options.appOrigin;
-    try {
-      const state = helpers.readState(req.query.state?.toString() ?? "");
-      if (state.origin) {
-        try {
-          appOrigin = new url.URL(state.origin).origin;
-        } catch {
-          throw new errors.NotAllowedError("App origin is invalid, failed to parse");
-        }
-        if (!this.options.isOriginAllowed(appOrigin)) {
-          throw new errors.NotAllowedError(`Origin '${appOrigin}' is not allowed`);
-        }
-      }
-      helpers.verifyNonce(req, this.options.providerId);
-      const { response, refreshToken } = await this.handlers.handler(req);
-      const cookieConfig = this.getCookieConfig(appOrigin);
-      if (this.options.persistScopes && state.scope) {
-        this.setGrantedScopeCookie(res, state.scope, cookieConfig);
-        response.providerInfo.scope = state.scope;
-      }
-      if (refreshToken) {
-        this.setRefreshTokenCookie(res, refreshToken, cookieConfig);
-      }
-      const identity = await this.populateIdentity(response.backstageIdentity);
-      const responseObj = {
-        type: "authorization_response",
-        response: { ...response, backstageIdentity: identity }
-      };
-      if (state.flow === "redirect") {
-        if (!state.redirectUrl) {
-          throw new errors.InputError(
-            "No redirectUrl provided in request query parameters"
-          );
-        }
-        res.redirect(state.redirectUrl);
-        return void 0;
-      }
-      return authFlowHelpers.postMessageResponse(res, appOrigin, responseObj);
-    } catch (error) {
-      const { name, message } = errors.isError(error) ? error : new Error("Encountered invalid error");
-      return authFlowHelpers.postMessageResponse(res, appOrigin, {
-        type: "authorization_response",
-        error: { name, message }
-      });
-    }
-  }
-  async logout(req, res) {
-    if (!authFlowHelpers.ensuresXRequestedWith(req)) {
-      throw new errors.AuthenticationError("Invalid X-Requested-With header");
-    }
-    if (this.handlers.logout) {
-      const refreshToken = this.getRefreshTokenFromCookie(req);
-      const revokeRequest = Object.assign(req, {
-        refreshToken
-      });
-      await this.handlers.logout(revokeRequest);
-    }
-    const origin = req.get("origin");
-    const cookieConfig = this.getCookieConfig(origin);
-    this.removeRefreshTokenCookie(res, cookieConfig);
-    res.status(200).end();
-  }
-  async refresh(req, res) {
-    if (!authFlowHelpers.ensuresXRequestedWith(req)) {
-      throw new errors.AuthenticationError("Invalid X-Requested-With header");
-    }
-    if (!this.handlers.refresh) {
-      throw new errors.InputError(
-        `Refresh token is not supported for provider ${this.options.providerId}`
-      );
-    }
-    try {
-      const refreshToken = this.getRefreshTokenFromCookie(req);
-      if (!refreshToken) {
-        throw new errors.InputError("Missing session cookie");
-      }
-      let scope = req.query.scope?.toString() ?? "";
-      if (this.options.persistScopes) {
-        scope = this.getGrantedScopeFromCookie(req);
-      }
-      const forwardReq = Object.assign(req, { scope, refreshToken });
-      const { response, refreshToken: newRefreshToken } = await this.handlers.refresh(forwardReq);
-      const backstageIdentity = await this.populateIdentity(
-        response.backstageIdentity
-      );
-      if (newRefreshToken && newRefreshToken !== refreshToken) {
-        const origin = req.get("origin");
-        const cookieConfig = this.getCookieConfig(origin);
-        this.setRefreshTokenCookie(res, newRefreshToken, cookieConfig);
-      }
-      res.status(200).json({ ...response, backstageIdentity });
-    } catch (error) {
-      throw new errors.AuthenticationError("Refresh failed", error);
-    }
-  }
-  /**
-   * If the response from the OAuth provider includes a Backstage identity, we
-   * make sure it's populated with all the information we can derive from the user ID.
-   */
-  async populateIdentity(identity) {
-    if (!identity) {
-      return void 0;
-    }
-    if (!identity.token) {
-      throw new errors.InputError(`Identity response must return a token`);
-    }
-    return prepareBackstageIdentityResponse.prepareBackstageIdentityResponse(identity);
-  }
-  setNonceCookie = (res, nonce, cookieConfig) => {
-    res.cookie(`${this.options.providerId}-nonce`, nonce, {
-      maxAge: TEN_MINUTES_MS,
-      ...this.baseCookieOptions,
-      ...cookieConfig,
-      path: `${cookieConfig.path}/handler`
-    });
-  };
-  setGrantedScopeCookie = (res, scope, cookieConfig) => {
-    res.cookie(`${this.options.providerId}-granted-scope`, scope, {
-      maxAge: THOUSAND_DAYS_MS,
-      ...this.baseCookieOptions,
-      ...cookieConfig
-    });
-  };
-  getRefreshTokenFromCookie = (req) => {
-    return req.cookies[`${this.options.providerId}-refresh-token`];
-  };
-  getGrantedScopeFromCookie = (req) => {
-    return req.cookies[`${this.options.providerId}-granted-scope`];
-  };
-  setRefreshTokenCookie = (res, refreshToken, cookieConfig) => {
-    res.cookie(`${this.options.providerId}-refresh-token`, refreshToken, {
-      maxAge: THOUSAND_DAYS_MS,
-      ...this.baseCookieOptions,
-      ...cookieConfig
-    });
-  };
-  removeRefreshTokenCookie = (res, cookieConfig) => {
-    res.cookie(`${this.options.providerId}-refresh-token`, "", {
-      maxAge: 0,
-      ...this.baseCookieOptions,
-      ...cookieConfig
-    });
-  };
-  getCookieConfig = (origin) => {
-    return this.options.cookieConfigurer({
-      providerId: this.options.providerId,
-      baseUrl: this.options.baseUrl,
-      callbackUrl: this.options.callbackUrl,
-      appOrigin: origin ?? this.options.appOrigin
-    });
-  };
-}
-
-exports.OAuthAdapter = OAuthAdapter;
-exports.TEN_MINUTES_MS = TEN_MINUTES_MS;
-exports.THOUSAND_DAYS_MS = THOUSAND_DAYS_MS;
-//# sourceMappingURL=OAuthAdapter.cjs.js.map

package/dist/lib/oauth/OAuthAdapter.cjs.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"OAuthAdapter.cjs.js","sources":["../../../src/lib/oauth/OAuthAdapter.ts"],"sourcesContent":["/*\n * Copyright 2020 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n *     http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport express, { CookieOptions } from 'express';\nimport crypto from 'crypto';\nimport { URL } from 'url';\nimport {\n  AuthProviderConfig,\n  AuthProviderRouteHandlers,\n  BackstageIdentityResponse,\n  BackstageSignInResult,\n  CookieConfigurer,\n  OAuthState,\n} from '@backstage/plugin-auth-node';\nimport {\n  AuthenticationError,\n  InputError,\n  isError,\n  NotAllowedError,\n} from '@backstage/errors';\nimport { defaultCookieConfigurer, readState, verifyNonce } from './helpers';\nimport {\n  postMessageResponse,\n  ensuresXRequestedWith,\n  WebMessageResponse,\n} from '../flow';\nimport {\n  OAuthHandlers,\n  OAuthStartRequest,\n  OAuthRefreshRequest,\n  OAuthLogoutRequest,\n} from './types';\nimport { prepareBackstageIdentityResponse } from '../../providers/prepareBackstageIdentityResponse';\n\nexport const THOUSAND_DAYS_MS = 1000 * 24 * 60 * 60 * 1000;\nexport const TEN_MINUTES_MS = 600 * 1000;\n\n/**\n * @public\n * @deprecated Use `createOAuthRouteHandlers` from `@backstage/plugin-auth-node` instead\n */\nexport type OAuthAdapterOptions = {\n  providerId: string;\n  persistScopes?: boolean;\n  appOrigin: string;\n  baseUrl: string;\n  cookieConfigurer: CookieConfigurer;\n  isOriginAllowed: (origin: string) => boolean;\n  callbackUrl: string;\n};\n\n/**\n * @public\n * @deprecated Use `createOAuthRouteHandlers` from `@backstage/plugin-auth-node` instead\n */\nexport class OAuthAdapter implements AuthProviderRouteHandlers {\n  static fromConfig(\n    config: AuthProviderConfig,\n    handlers: OAuthHandlers,\n    options: Pick<\n      OAuthAdapterOptions,\n      'providerId' | 'persistScopes' | 'callbackUrl'\n    >,\n  ): OAuthAdapter {\n    const { appUrl, baseUrl, isOriginAllowed } = config;\n    const { origin: appOrigin } = new URL(appUrl);\n\n    const cookieConfigurer = config.cookieConfigurer ?? defaultCookieConfigurer;\n\n    return new OAuthAdapter(handlers, {\n      ...options,\n      appOrigin,\n      baseUrl,\n      cookieConfigurer,\n      isOriginAllowed,\n    });\n  }\n\n  private readonly baseCookieOptions: CookieOptions;\n\n  constructor(\n    private readonly handlers: OAuthHandlers,\n    private readonly options: OAuthAdapterOptions,\n  ) {\n    this.baseCookieOptions = {\n      httpOnly: true,\n      sameSite: 'lax',\n    };\n  }\n\n  async start(req: express.Request, res: express.Response): Promise<void> {\n    // retrieve scopes from request\n    const scope = req.query.scope?.toString() ?? '';\n    const env = req.query.env?.toString();\n    const origin = req.query.origin?.toString();\n    const redirectUrl = req.query.redirectUrl?.toString();\n    const flow = req.query.flow?.toString();\n\n    if (!env) {\n      throw new InputError('No env provided in request query parameters');\n    }\n\n    const cookieConfig = this.getCookieConfig(origin);\n\n    const nonce = crypto.randomBytes(16).toString('base64');\n    // set a nonce cookie before redirecting to oauth provider\n    this.setNonceCookie(res, nonce, cookieConfig);\n\n    const state: OAuthState = { nonce, env, origin, redirectUrl, flow };\n\n    // If scopes are persisted then we pass them through the state so that we\n    // can set the cookie on successful auth\n    if (this.options.persistScopes) {\n      state.scope = scope;\n    }\n    const forwardReq = Object.assign(req, { scope, state });\n\n    const { url, status } = await this.handlers.start(\n      forwardReq as OAuthStartRequest,\n    );\n\n    res.statusCode = status || 302;\n    res.setHeader('Location', url);\n    res.setHeader('Content-Length', '0');\n    res.end();\n  }\n\n  async frameHandler(\n    req: express.Request,\n    res: express.Response,\n  ): Promise<void> {\n    let appOrigin = this.options.appOrigin;\n\n    try {\n      const state: OAuthState = readState(req.query.state?.toString() ?? '');\n\n      if (state.origin) {\n        try {\n          appOrigin = new URL(state.origin).origin;\n        } catch {\n          throw new NotAllowedError('App origin is invalid, failed to parse');\n        }\n        if (!this.options.isOriginAllowed(appOrigin)) {\n          throw new NotAllowedError(`Origin '${appOrigin}' is not allowed`);\n        }\n      }\n\n      // verify nonce cookie and state cookie on callback\n      verifyNonce(req, this.options.providerId);\n\n      const { response, refreshToken } = await this.handlers.handler(req);\n\n      const cookieConfig = this.getCookieConfig(appOrigin);\n\n      // Store the scope that we have been granted for this session. This is useful if\n      // the provider does not return granted scopes on refresh or if they are normalized.\n      if (this.options.persistScopes && state.scope) {\n        this.setGrantedScopeCookie(res, state.scope, cookieConfig);\n        response.providerInfo.scope = state.scope;\n      }\n\n      if (refreshToken) {\n        // set new refresh token\n        this.setRefreshTokenCookie(res, refreshToken, cookieConfig);\n      }\n\n      const identity = await this.populateIdentity(response.backstageIdentity);\n\n      const responseObj: WebMessageResponse = {\n        type: 'authorization_response',\n        response: { ...response, backstageIdentity: identity },\n      };\n\n      if (state.flow === 'redirect') {\n        if (!state.redirectUrl) {\n          throw new InputError(\n            'No redirectUrl provided in request query parameters',\n          );\n        }\n        res.redirect(state.redirectUrl);\n        return undefined;\n      }\n      // post message back to popup if successful\n      return postMessageResponse(res, appOrigin, responseObj);\n    } catch (error) {\n      const { name, message } = isError(error)\n        ? error\n        : new Error('Encountered invalid error'); // Being a bit safe and not forwarding the bad value\n      // post error message back to popup if failure\n      return postMessageResponse(res, appOrigin, {\n        type: 'authorization_response',\n        error: { name, message },\n      });\n    }\n  }\n\n  async logout(req: express.Request, res: express.Response): Promise<void> {\n    if (!ensuresXRequestedWith(req)) {\n      throw new AuthenticationError('Invalid X-Requested-With header');\n    }\n\n    if (this.handlers.logout) {\n      const refreshToken = this.getRefreshTokenFromCookie(req);\n      const revokeRequest: OAuthLogoutRequest = Object.assign(req, {\n        refreshToken,\n      });\n      await this.handlers.logout(revokeRequest);\n    }\n\n    // remove refresh token cookie if it is set\n    const origin = req.get('origin');\n    const cookieConfig = this.getCookieConfig(origin);\n    this.removeRefreshTokenCookie(res, cookieConfig);\n\n    res.status(200).end();\n  }\n\n  async refresh(req: express.Request, res: express.Response): Promise<void> {\n    if (!ensuresXRequestedWith(req)) {\n      throw new AuthenticationError('Invalid X-Requested-With header');\n    }\n\n    if (!this.handlers.refresh) {\n      throw new InputError(\n        `Refresh token is not supported for provider ${this.options.providerId}`,\n      );\n    }\n\n    try {\n      const refreshToken = this.getRefreshTokenFromCookie(req);\n\n      // throw error if refresh token is missing in the request\n      if (!refreshToken) {\n        throw new InputError('Missing session cookie');\n      }\n\n      let scope = req.query.scope?.toString() ?? '';\n      if (this.options.persistScopes) {\n        scope = this.getGrantedScopeFromCookie(req);\n      }\n      const forwardReq = Object.assign(req, { scope, refreshToken });\n\n      // get new access_token\n      const { response, refreshToken: newRefreshToken } =\n        await this.handlers.refresh(forwardReq as OAuthRefreshRequest);\n\n      const backstageIdentity = await this.populateIdentity(\n        response.backstageIdentity,\n      );\n\n      if (newRefreshToken && newRefreshToken !== refreshToken) {\n        const origin = req.get('origin');\n        const cookieConfig = this.getCookieConfig(origin);\n        this.setRefreshTokenCookie(res, newRefreshToken, cookieConfig);\n      }\n\n      res.status(200).json({ ...response, backstageIdentity });\n    } catch (error) {\n      throw new AuthenticationError('Refresh failed', error);\n    }\n  }\n\n  /**\n   * If the response from the OAuth provider includes a Backstage identity, we\n   * make sure it's populated with all the information we can derive from the user ID.\n   */\n  private async populateIdentity(\n    identity?: BackstageSignInResult,\n  ): Promise<BackstageIdentityResponse | undefined> {\n    if (!identity) {\n      return undefined;\n    }\n    if (!identity.token) {\n      throw new InputError(`Identity response must return a token`);\n    }\n\n    return prepareBackstageIdentityResponse(identity);\n  }\n\n  private setNonceCookie = (\n    res: express.Response,\n    nonce: string,\n    cookieConfig: ReturnType<CookieConfigurer>,\n  ) => {\n    res.cookie(`${this.options.providerId}-nonce`, nonce, {\n      maxAge: TEN_MINUTES_MS,\n      ...this.baseCookieOptions,\n      ...cookieConfig,\n      path: `${cookieConfig.path}/handler`,\n    });\n  };\n\n  private setGrantedScopeCookie = (\n    res: express.Response,\n    scope: string,\n    cookieConfig: ReturnType<CookieConfigurer>,\n  ) => {\n    res.cookie(`${this.options.providerId}-granted-scope`, scope, {\n      maxAge: THOUSAND_DAYS_MS,\n      ...this.baseCookieOptions,\n      ...cookieConfig,\n    });\n  };\n\n  private getRefreshTokenFromCookie = (req: express.Request) => {\n    return req.cookies[`${this.options.providerId}-refresh-token`];\n  };\n\n  private getGrantedScopeFromCookie = (req: express.Request) => {\n    return req.cookies[`${this.options.providerId}-granted-scope`];\n  };\n\n  private setRefreshTokenCookie = (\n    res: express.Response,\n    refreshToken: string,\n    cookieConfig: ReturnType<CookieConfigurer>,\n  ) => {\n    res.cookie(`${this.options.providerId}-refresh-token`, refreshToken, {\n      maxAge: THOUSAND_DAYS_MS,\n      ...this.baseCookieOptions,\n      ...cookieConfig,\n    });\n  };\n\n  private removeRefreshTokenCookie = (\n    res: express.Response,\n    cookieConfig: ReturnType<CookieConfigurer>,\n  ) => {\n    res.cookie(`${this.options.providerId}-refresh-token`, '', {\n      maxAge: 0,\n      ...this.baseCookieOptions,\n      ...cookieConfig,\n    });\n  };\n\n  private getCookieConfig = (origin?: string) => {\n    return this.options.cookieConfigurer({\n      providerId: this.options.providerId,\n      baseUrl: this.options.baseUrl,\n      callbackUrl: this.options.callbackUrl,\n      appOrigin: origin ?? this.options.appOrigin,\n    });\n  };\n}\n"],"names":["URL","defaultCookieConfigurer","InputError","crypto","readState","NotAllowedError","verifyNonce","postMessageResponse","isError","ensuresXRequestedWith","AuthenticationError","prepareBackstageIdentityResponse"],"mappings":";;;;;;;;;;;;;AA+CO,MAAM,gBAAmB,GAAA,GAAA,GAAO,EAAK,GAAA,EAAA,GAAK,EAAK,GAAA;AAC/C,MAAM,iBAAiB,GAAM,GAAA;AAoB7B,MAAM,YAAkD,CAAA;AAAA,EAyB7D,WAAA,CACmB,UACA,OACjB,EAAA;AAFiB,IAAA,IAAA,CAAA,QAAA,GAAA,QAAA;AACA,IAAA,IAAA,CAAA,OAAA,GAAA,OAAA;AAEjB,IAAA,IAAA,CAAK,iBAAoB,GAAA;AAAA,MACvB,QAAU,EAAA,IAAA;AAAA,MACV,QAAU,EAAA;AAAA,KACZ;AAAA;AACF,EAhCA,OAAO,UAAA,CACL,MACA,EAAA,QAAA,EACA,OAIc,EAAA;AACd,IAAA,MAAM,EAAE,MAAA,EAAQ,OAAS,EAAA,eAAA,EAAoB,GAAA,MAAA;AAC7C,IAAA,MAAM,EAAE,MAAQ,EAAA,SAAA,EAAc,GAAA,IAAIA,QAAI,MAAM,CAAA;AAE5C,IAAM,MAAA,gBAAA,GAAmB,OAAO,gBAAoB,IAAAC,+BAAA;AAEpD,IAAO,OAAA,IAAI,aAAa,QAAU,EAAA;AAAA,MAChC,GAAG,OAAA;AAAA,MACH,SAAA;AAAA,MACA,OAAA;AAAA,MACA,gBAAA;AAAA,MACA;AAAA,KACD,CAAA;AAAA;AACH,EAEiB,iBAAA;AAAA,EAYjB,MAAM,KAAM,CAAA,GAAA,EAAsB,GAAsC,EAAA;AAEtE,IAAA,MAAM,KAAQ,GAAA,GAAA,CAAI,KAAM,CAAA,KAAA,EAAO,UAAc,IAAA,EAAA;AAC7C,IAAA,MAAM,GAAM,GAAA,GAAA,CAAI,KAAM,CAAA,GAAA,EAAK,QAAS,EAAA;AACpC,IAAA,MAAM,MAAS,GAAA,GAAA,CAAI,KAAM,CAAA,MAAA,EAAQ,QAAS,EAAA;AAC1C,IAAA,MAAM,WAAc,GAAA,GAAA,CAAI,KAAM,CAAA,WAAA,EAAa,QAAS,EAAA;AACpD,IAAA,MAAM,IAAO,GAAA,GAAA,CAAI,KAAM,CAAA,IAAA,EAAM,QAAS,EAAA;AAEtC,IAAA,IAAI,CAAC,GAAK,EAAA;AACR,MAAM,MAAA,IAAIC,kBAAW,6CAA6C,CAAA;AAAA;AAGpE,IAAM,MAAA,YAAA,GAAe,IAAK,CAAA,eAAA,CAAgB,MAAM,CAAA;AAEhD,IAAA,MAAM,QAAQC,uBAAO,CAAA,WAAA,CAAY,EAAE,CAAA,CAAE,SAAS,QAAQ,CAAA;AAEtD,IAAK,IAAA,CAAA,cAAA,CAAe,GAAK,EAAA,KAAA,EAAO,YAAY,CAAA;AAE5C,IAAA,MAAM,QAAoB,EAAE,KAAA,EAAO,GAAK,EAAA,MAAA,EAAQ,aAAa,IAAK,EAAA;AAIlE,IAAI,IAAA,IAAA,CAAK,QAAQ,aAAe,EAAA;AAC9B,MAAA,KAAA,CAAM,KAAQ,GAAA,KAAA;AAAA;AAEhB,IAAA,MAAM,aAAa,MAAO,CAAA,MAAA,CAAO,KAAK,EAAE,KAAA,EAAO,OAAO,CAAA;AAEtD,IAAA,MAAM,EAAE,GAAK,EAAA,MAAA,EAAW,GAAA,MAAM,KAAK,QAAS,CAAA,KAAA;AAAA,MAC1C;AAAA,KACF;AAEA,IAAA,GAAA,CAAI,aAAa,MAAU,IAAA,GAAA;AAC3B,IAAI,GAAA,CAAA,SAAA,CAAU,YAAY,GAAG,CAAA;AAC7B,IAAI,GAAA,CAAA,SAAA,CAAU,kBAAkB,GAAG,CAAA;AACnC,IAAA,GAAA,CAAI,GAAI,EAAA;AAAA;AACV,EAEA,MAAM,YACJ,CAAA,GAAA,EACA,GACe,EAAA;AACf,IAAI,IAAA,SAAA,GAAY,KAAK,OAAQ,CAAA,SAAA;AAE7B,IAAI,IAAA;AACF,MAAA,MAAM,QAAoBC,iBAAU,CAAA,GAAA,CAAI,MAAM,KAAO,EAAA,QAAA,MAAc,EAAE,CAAA;AAErE,MAAA,IAAI,MAAM,MAAQ,EAAA;AAChB,QAAI,IAAA;AACF,UAAA,SAAA,GAAY,IAAIJ,OAAA,CAAI,KAAM,CAAA,MAAM,CAAE,CAAA,MAAA;AAAA,SAC5B,CAAA,MAAA;AACN,UAAM,MAAA,IAAIK,uBAAgB,wCAAwC,CAAA;AAAA;AAEpE,QAAA,IAAI,CAAC,IAAA,CAAK,OAAQ,CAAA,eAAA,CAAgB,SAAS,CAAG,EAAA;AAC5C,UAAA,MAAM,IAAIA,sBAAA,CAAgB,CAAW,QAAA,EAAA,SAAS,CAAkB,gBAAA,CAAA,CAAA;AAAA;AAClE;AAIF,MAAYC,mBAAA,CAAA,GAAA,EAAK,IAAK,CAAA,OAAA,CAAQ,UAAU,CAAA;AAExC,MAAM,MAAA,EAAE,UAAU,YAAa,EAAA,GAAI,MAAM,IAAK,CAAA,QAAA,CAAS,QAAQ,GAAG,CAAA;AAElE,MAAM,MAAA,YAAA,GAAe,IAAK,CAAA,eAAA,CAAgB,SAAS,CAAA;AAInD,MAAA,IAAI,IAAK,CAAA,OAAA,CAAQ,aAAiB,IAAA,KAAA,CAAM,KAAO,EAAA;AAC7C,QAAA,IAAA,CAAK,qBAAsB,CAAA,GAAA,EAAK,KAAM,CAAA,KAAA,EAAO,YAAY,CAAA;AACzD,QAAS,QAAA,CAAA,YAAA,CAAa,QAAQ,KAAM,CAAA,KAAA;AAAA;AAGtC,MAAA,IAAI,YAAc,EAAA;AAEhB,QAAK,IAAA,CAAA,qBAAA,CAAsB,GAAK,EAAA,YAAA,EAAc,YAAY,CAAA;AAAA;AAG5D,MAAA,MAAM,QAAW,GAAA,MAAM,IAAK,CAAA,gBAAA,CAAiB,SAAS,iBAAiB,CAAA;AAEvE,MAAA,MAAM,WAAkC,GAAA;AAAA,QACtC,IAAM,EAAA,wBAAA;AAAA,QACN,QAAU,EAAA,EAAE,GAAG,QAAA,EAAU,mBAAmB,QAAS;AAAA,OACvD;AAEA,MAAI,IAAA,KAAA,CAAM,SAAS,UAAY,EAAA;AAC7B,QAAI,IAAA,CAAC,MAAM,WAAa,EAAA;AACtB,UAAA,MAAM,IAAIJ,iBAAA;AAAA,YACR;AAAA,WACF;AAAA;AAEF,QAAI,GAAA,CAAA,QAAA,CAAS,MAAM,WAAW,CAAA;AAC9B,QAAO,OAAA,KAAA,CAAA;AAAA;AAGT,MAAO,OAAAK,mCAAA,CAAoB,GAAK,EAAA,SAAA,EAAW,WAAW,CAAA;AAAA,aAC/C,KAAO,EAAA;AACd,MAAM,MAAA,EAAE,IAAM,EAAA,OAAA,EAAY,GAAAC,cAAA,CAAQ,KAAK,CACnC,GAAA,KAAA,GACA,IAAI,KAAA,CAAM,2BAA2B,CAAA;AAEzC,MAAO,OAAAD,mCAAA,CAAoB,KAAK,SAAW,EAAA;AAAA,QACzC,IAAM,EAAA,wBAAA;AAAA,QACN,KAAA,EAAO,EAAE,IAAA,EAAM,OAAQ;AAAA,OACxB,CAAA;AAAA;AACH;AACF,EAEA,MAAM,MAAO,CAAA,GAAA,EAAsB,GAAsC,EAAA;AACvE,IAAI,IAAA,CAACE,qCAAsB,CAAA,GAAG,CAAG,EAAA;AAC/B,MAAM,MAAA,IAAIC,2BAAoB,iCAAiC,CAAA;AAAA;AAGjE,IAAI,IAAA,IAAA,CAAK,SAAS,MAAQ,EAAA;AACxB,MAAM,MAAA,YAAA,GAAe,IAAK,CAAA,yBAAA,CAA0B,GAAG,CAAA;AACvD,MAAM,MAAA,aAAA,GAAoC,MAAO,CAAA,MAAA,CAAO,GAAK,EAAA;AAAA,QAC3D;AAAA,OACD,CAAA;AACD,MAAM,MAAA,IAAA,CAAK,QAAS,CAAA,MAAA,CAAO,aAAa,CAAA;AAAA;AAI1C,IAAM,MAAA,MAAA,GAAS,GAAI,CAAA,GAAA,CAAI,QAAQ,CAAA;AAC/B,IAAM,MAAA,YAAA,GAAe,IAAK,CAAA,eAAA,CAAgB,MAAM,CAAA;AAChD,IAAK,IAAA,CAAA,wBAAA,CAAyB,KAAK,YAAY,CAAA;AAE/C,IAAI,GAAA,CAAA,MAAA,CAAO,GAAG,CAAA,CAAE,GAAI,EAAA;AAAA;AACtB,EAEA,MAAM,OAAQ,CAAA,GAAA,EAAsB,GAAsC,EAAA;AACxE,IAAI,IAAA,CAACD,qCAAsB,CAAA,GAAG,CAAG,EAAA;AAC/B,MAAM,MAAA,IAAIC,2BAAoB,iCAAiC,CAAA;AAAA;AAGjE,IAAI,IAAA,CAAC,IAAK,CAAA,QAAA,CAAS,OAAS,EAAA;AAC1B,MAAA,MAAM,IAAIR,iBAAA;AAAA,QACR,CAAA,4CAAA,EAA+C,IAAK,CAAA,OAAA,CAAQ,UAAU,CAAA;AAAA,OACxE;AAAA;AAGF,IAAI,IAAA;AACF,MAAM,MAAA,YAAA,GAAe,IAAK,CAAA,yBAAA,CAA0B,GAAG,CAAA;AAGvD,MAAA,IAAI,CAAC,YAAc,EAAA;AACjB,QAAM,MAAA,IAAIA,kBAAW,wBAAwB,CAAA;AAAA;AAG/C,MAAA,IAAI,KAAQ,GAAA,GAAA,CAAI,KAAM,CAAA,KAAA,EAAO,UAAc,IAAA,EAAA;AAC3C,MAAI,IAAA,IAAA,CAAK,QAAQ,aAAe,EAAA;AAC9B,QAAQ,KAAA,GAAA,IAAA,CAAK,0BAA0B,GAAG,CAAA;AAAA;AAE5C,MAAA,MAAM,aAAa,MAAO,CAAA,MAAA,CAAO,KAAK,EAAE,KAAA,EAAO,cAAc,CAAA;AAG7D,MAAM,MAAA,EAAE,UAAU,YAAc,EAAA,eAAA,KAC9B,MAAM,IAAA,CAAK,QAAS,CAAA,OAAA,CAAQ,UAAiC,CAAA;AAE/D,MAAM,MAAA,iBAAA,GAAoB,MAAM,IAAK,CAAA,gBAAA;AAAA,QACnC,QAAS,CAAA;AAAA,OACX;AAEA,MAAI,IAAA,eAAA,IAAmB,oBAAoB,YAAc,EAAA;AACvD,QAAM,MAAA,MAAA,GAAS,GAAI,CAAA,GAAA,CAAI,QAAQ,CAAA;AAC/B,QAAM,MAAA,YAAA,GAAe,IAAK,CAAA,eAAA,CAAgB,MAAM,CAAA;AAChD,QAAK,IAAA,CAAA,qBAAA,CAAsB,GAAK,EAAA,eAAA,EAAiB,YAAY,CAAA;AAAA;AAG/D,MAAI,GAAA,CAAA,MAAA,CAAO,GAAG,CAAE,CAAA,IAAA,CAAK,EAAE,GAAG,QAAA,EAAU,mBAAmB,CAAA;AAAA,aAChD,KAAO,EAAA;AACd,MAAM,MAAA,IAAIQ,0BAAoB,CAAA,gBAAA,EAAkB,KAAK,CAAA;AAAA;AACvD;AACF;AAAA;AAAA;AAAA;AAAA,EAMA,MAAc,iBACZ,QACgD,EAAA;AAChD,IAAA,IAAI,CAAC,QAAU,EAAA;AACb,MAAO,OAAA,KAAA,CAAA;AAAA;AAET,IAAI,IAAA,CAAC,SAAS,KAAO,EAAA;AACnB,MAAM,MAAA,IAAIR,kBAAW,CAAuC,qCAAA,CAAA,CAAA;AAAA;AAG9D,IAAA,OAAOS,kEAAiC,QAAQ,CAAA;AAAA;AAClD,EAEQ,cAAiB,GAAA,CACvB,GACA,EAAA,KAAA,EACA,YACG,KAAA;AACH,IAAA,GAAA,CAAI,OAAO,CAAG,EAAA,IAAA,CAAK,OAAQ,CAAA,UAAU,UAAU,KAAO,EAAA;AAAA,MACpD,MAAQ,EAAA,cAAA;AAAA,MACR,GAAG,IAAK,CAAA,iBAAA;AAAA,MACR,GAAG,YAAA;AAAA,MACH,IAAA,EAAM,CAAG,EAAA,YAAA,CAAa,IAAI,CAAA,QAAA;AAAA,KAC3B,CAAA;AAAA,GACH;AAAA,EAEQ,qBAAwB,GAAA,CAC9B,GACA,EAAA,KAAA,EACA,YACG,KAAA;AACH,IAAA,GAAA,CAAI,OAAO,CAAG,EAAA,IAAA,CAAK,OAAQ,CAAA,UAAU,kBAAkB,KAAO,EAAA;AAAA,MAC5D,MAAQ,EAAA,gBAAA;AAAA,MACR,GAAG,IAAK,CAAA,iBAAA;AAAA,MACR,GAAG;AAAA,KACJ,CAAA;AAAA,GACH;AAAA,EAEQ,yBAAA,GAA4B,CAAC,GAAyB,KAAA;AAC5D,IAAA,OAAO,IAAI,OAAQ,CAAA,CAAA,EAAG,IAAK,CAAA,OAAA,CAAQ,UAAU,CAAgB,cAAA,CAAA,CAAA;AAAA,GAC/D;AAAA,EAEQ,yBAAA,GAA4B,CAAC,GAAyB,KAAA;AAC5D,IAAA,OAAO,IAAI,OAAQ,CAAA,CAAA,EAAG,IAAK,CAAA,OAAA,CAAQ,UAAU,CAAgB,cAAA,CAAA,CAAA;AAAA,GAC/D;AAAA,EAEQ,qBAAwB,GAAA,CAC9B,GACA,EAAA,YAAA,EACA,YACG,KAAA;AACH,IAAA,GAAA,CAAI,OAAO,CAAG,EAAA,IAAA,CAAK,OAAQ,CAAA,UAAU,kBAAkB,YAAc,EAAA;AAAA,MACnE,MAAQ,EAAA,gBAAA;AAAA,MACR,GAAG,IAAK,CAAA,iBAAA;AAAA,MACR,GAAG;AAAA,KACJ,CAAA;AAAA,GACH;AAAA,EAEQ,wBAAA,GAA2B,CACjC,GAAA,EACA,YACG,KAAA;AACH,IAAA,GAAA,CAAI,OAAO,CAAG,EAAA,IAAA,CAAK,OAAQ,CAAA,UAAU,kBAAkB,EAAI,EAAA;AAAA,MACzD,MAAQ,EAAA,CAAA;AAAA,MACR,GAAG,IAAK,CAAA,iBAAA;AAAA,MACR,GAAG;AAAA,KACJ,CAAA;AAAA,GACH;AAAA,EAEQ,eAAA,GAAkB,CAAC,MAAoB,KAAA;AAC7C,IAAO,OAAA,IAAA,CAAK,QAAQ,gBAAiB,CAAA;AAAA,MACnC,UAAA,EAAY,KAAK,OAAQ,CAAA,UAAA;AAAA,MACzB,OAAA,EAAS,KAAK,OAAQ,CAAA,OAAA;AAAA,MACtB,WAAA,EAAa,KAAK,OAAQ,CAAA,WAAA;AAAA,MAC1B,SAAA,EAAW,MAAU,IAAA,IAAA,CAAK,OAAQ,CAAA;AAAA,KACnC,CAAA;AAAA,GACH;AACF;;;;;;"}

package/dist/lib/oauth/OAuthEnvironmentHandler.cjs.js

@@ -1,8 +0,0 @@
-'use strict';
-
-var pluginAuthNode = require('@backstage/plugin-auth-node');
-
-const OAuthEnvironmentHandler = pluginAuthNode.OAuthEnvironmentHandler;
-
-exports.OAuthEnvironmentHandler = OAuthEnvironmentHandler;
-//# sourceMappingURL=OAuthEnvironmentHandler.cjs.js.map

package/dist/lib/oauth/OAuthEnvironmentHandler.cjs.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"OAuthEnvironmentHandler.cjs.js","sources":["../../../src/lib/oauth/OAuthEnvironmentHandler.ts"],"sourcesContent":["/*\n * Copyright 2020 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n *     http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { OAuthEnvironmentHandler as _OAuthEnvironmentHandler } from '@backstage/plugin-auth-node';\n\n/**\n * @public\n * @deprecated import from `@backstage/plugin-auth-node` instead\n */\nexport const OAuthEnvironmentHandler = _OAuthEnvironmentHandler;\n"],"names":["_OAuthEnvironmentHandler"],"mappings":";;;;AAsBO,MAAM,uBAA0B,GAAAA;;;;"}

package/dist/lib/oauth/helpers.cjs.js

@@ -1,40 +0,0 @@
-'use strict';
-
-var pluginAuthNode = require('@backstage/plugin-auth-node');
-
-const readState = pluginAuthNode.decodeOAuthState;
-const encodeState = pluginAuthNode.encodeOAuthState;
-const verifyNonce = (req, providerId) => {
-  const cookieNonce = req.cookies[`${providerId}-nonce`];
-  const state = readState(req.query.state?.toString() ?? "");
-  const stateNonce = state.nonce;
-  if (!cookieNonce) {
-    throw new Error("Auth response is missing cookie nonce");
-  }
-  if (stateNonce.length === 0) {
-    throw new Error("Auth response is missing state nonce");
-  }
-  if (cookieNonce !== stateNonce) {
-    throw new Error("Invalid nonce");
-  }
-};
-const defaultCookieConfigurer = ({
-  callbackUrl,
-  providerId,
-  appOrigin
-}) => {
-  const { hostname: domain, pathname, protocol } = new URL(callbackUrl);
-  const secure = protocol === "https:";
-  let sameSite = "lax";
-  if (new URL(appOrigin).hostname !== domain && secure) {
-    sameSite = "none";
-  }
-  const path = pathname.endsWith(`${providerId}/handler/frame`) ? pathname.slice(0, -"/handler/frame".length) : `${pathname}/${providerId}`;
-  return { domain, path, secure, sameSite };
-};
-
-exports.defaultCookieConfigurer = defaultCookieConfigurer;
-exports.encodeState = encodeState;
-exports.readState = readState;
-exports.verifyNonce = verifyNonce;
-//# sourceMappingURL=helpers.cjs.js.map

package/dist/lib/oauth/helpers.cjs.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"helpers.cjs.js","sources":["../../../src/lib/oauth/helpers.ts"],"sourcesContent":["/*\n * Copyright 2020 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n *     http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport express from 'express';\nimport {\n  CookieConfigurer,\n  OAuthState,\n  decodeOAuthState,\n  encodeOAuthState,\n} from '@backstage/plugin-auth-node';\n\n/**\n * @public\n * @deprecated Use `decodeOAuthState` from `@backstage/plugin-auth-node` instead\n */\nexport const readState = decodeOAuthState;\n\n/**\n * @public\n * @deprecated Use `encodeOAuthState` from `@backstage/plugin-auth-node` instead\n */\nexport const encodeState = encodeOAuthState;\n\n/**\n * @public\n * @deprecated Use inline logic to make sure the session and state nonce matches instead.\n */\nexport const verifyNonce = (req: express.Request, providerId: string) => {\n  const cookieNonce = req.cookies[`${providerId}-nonce`];\n  const state: OAuthState = readState(req.query.state?.toString() ?? '');\n  const stateNonce = state.nonce;\n\n  if (!cookieNonce) {\n    throw new Error('Auth response is missing cookie nonce');\n  }\n  if (stateNonce.length === 0) {\n    throw new Error('Auth response is missing state nonce');\n  }\n  if (cookieNonce !== stateNonce) {\n    throw new Error('Invalid nonce');\n  }\n};\n\nexport const defaultCookieConfigurer: CookieConfigurer = ({\n  callbackUrl,\n  providerId,\n  appOrigin,\n}) => {\n  const { hostname: domain, pathname, protocol } = new URL(callbackUrl);\n  const secure = protocol === 'https:';\n\n  // For situations where the auth-backend is running on a\n  // different domain than the app, we set the SameSite attribute\n  // to 'none' to allow third-party access to the cookie, but\n  // only if it's in a secure context (https).\n  let sameSite: ReturnType<CookieConfigurer>['sameSite'] = 'lax';\n  if (new URL(appOrigin).hostname !== domain && secure) {\n    sameSite = 'none';\n  }\n\n  // If the provider supports callbackUrls, the pathname will\n  // contain the complete path to the frame handler so we need\n  // to slice off the trailing part of the path.\n  const path = pathname.endsWith(`${providerId}/handler/frame`)\n    ? pathname.slice(0, -'/handler/frame'.length)\n    : `${pathname}/${providerId}`;\n\n  return { domain, path, secure, sameSite };\n};\n"],"names":["decodeOAuthState","encodeOAuthState"],"mappings":";;;;AA4BO,MAAM,SAAY,GAAAA;AAMlB,MAAM,WAAc,GAAAC;AAMd,MAAA,WAAA,GAAc,CAAC,GAAA,EAAsB,UAAuB,KAAA;AACvE,EAAA,MAAM,WAAc,GAAA,GAAA,CAAI,OAAQ,CAAA,CAAA,EAAG,UAAU,CAAQ,MAAA,CAAA,CAAA;AACrD,EAAA,MAAM,QAAoB,SAAU,CAAA,GAAA,CAAI,MAAM,KAAO,EAAA,QAAA,MAAc,EAAE,CAAA;AACrE,EAAA,MAAM,aAAa,KAAM,CAAA,KAAA;AAEzB,EAAA,IAAI,CAAC,WAAa,EAAA;AAChB,IAAM,MAAA,IAAI,MAAM,uCAAuC,CAAA;AAAA;AAEzD,EAAI,IAAA,UAAA,CAAW,WAAW,CAAG,EAAA;AAC3B,IAAM,MAAA,IAAI,MAAM,sCAAsC,CAAA;AAAA;AAExD,EAAA,IAAI,gBAAgB,UAAY,EAAA;AAC9B,IAAM,MAAA,IAAI,MAAM,eAAe,CAAA;AAAA;AAEnC;AAEO,MAAM,0BAA4C,CAAC;AAAA,EACxD,WAAA;AAAA,EACA,UAAA;AAAA,EACA;AACF,CAAM,KAAA;AACJ,EAAM,MAAA,EAAE,UAAU,MAAQ,EAAA,QAAA,EAAU,UAAa,GAAA,IAAI,IAAI,WAAW,CAAA;AACpE,EAAA,MAAM,SAAS,QAAa,KAAA,QAAA;AAM5B,EAAA,IAAI,QAAqD,GAAA,KAAA;AACzD,EAAA,IAAI,IAAI,GAAI,CAAA,SAAS,CAAE,CAAA,QAAA,KAAa,UAAU,MAAQ,EAAA;AACpD,IAAW,QAAA,GAAA,MAAA;AAAA;AAMb,EAAA,MAAM,OAAO,QAAS,CAAA,QAAA,CAAS,CAAG,EAAA,UAAU,gBAAgB,CACxD,GAAA,QAAA,CAAS,KAAM,CAAA,CAAA,EAAG,CAAC,gBAAiB,CAAA,MAAM,IAC1C,CAAG,EAAA,QAAQ,IAAI,UAAU,CAAA,CAAA;AAE7B,EAAA,OAAO,EAAE,MAAA,EAAQ,IAAM,EAAA,MAAA,EAAQ,QAAS,EAAA;AAC1C;;;;;;;"}

package/dist/lib/passport/PassportStrategyHelper.cjs.js

@@ -1,49 +0,0 @@
-'use strict';
-
-require('jose');
-require('@backstage/errors');
-
-const executeRedirectStrategy = async (req, providerStrategy, options) => {
-  return new Promise((resolve) => {
-    const strategy = Object.create(providerStrategy);
-    strategy.redirect = (url, status) => {
-      resolve({ url, status: status ?? void 0 });
-    };
-    strategy.authenticate(req, { ...options });
-  });
-};
-const executeFrameHandlerStrategy = async (req, providerStrategy, options) => {
-  return new Promise(
-    (resolve, reject) => {
-      const strategy = Object.create(providerStrategy);
-      strategy.success = (result, privateInfo) => {
-        resolve({ result, privateInfo });
-      };
-      strategy.fail = (info) => {
-        reject(new Error(`Authentication rejected, ${info.message ?? ""}`));
-      };
-      strategy.error = (error) => {
-        let message = `Authentication failed, ${error.message}`;
-        if (error.oauthError?.data) {
-          try {
-            const errorData = JSON.parse(error.oauthError.data);
-            if (errorData.message) {
-              message += ` - ${errorData.message}`;
-            }
-          } catch (parseError) {
-            message += ` - ${error.oauthError}`;
-          }
-        }
-        reject(new Error(message));
-      };
-      strategy.redirect = () => {
-        reject(new Error("Unexpected redirect"));
-      };
-      strategy.authenticate(req, { ...{} });
-    }
-  );
-};
-
-exports.executeFrameHandlerStrategy = executeFrameHandlerStrategy;
-exports.executeRedirectStrategy = executeRedirectStrategy;
-//# sourceMappingURL=PassportStrategyHelper.cjs.js.map

package/dist/lib/passport/PassportStrategyHelper.cjs.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"PassportStrategyHelper.cjs.js","sources":["../../../src/lib/passport/PassportStrategyHelper.ts"],"sourcesContent":["/*\n * Copyright 2020 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n *     http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport express from 'express';\nimport passport from 'passport';\nimport { decodeJwt } from 'jose';\nimport { InternalOAuthError } from 'passport-oauth2';\nimport { ProfileInfo } from '@backstage/plugin-auth-node';\nimport { PassportProfile } from './types';\nimport { OAuthStartResponse } from '../../providers/types';\nimport { ForwardedError } from '@backstage/errors';\n\nexport type PassportDoneCallback<Res, Private = never> = (\n  err?: Error,\n  response?: Res,\n  privateInfo?: Private,\n) => void;\n\nexport const makeProfileInfo = (\n  profile: PassportProfile,\n  idToken?: string,\n): ProfileInfo => {\n  let email: string | undefined = undefined;\n  if (profile.emails && profile.emails.length > 0) {\n    const [firstEmail] = profile.emails;\n    email = firstEmail.value;\n  }\n\n  let picture: string | undefined = undefined;\n  if (profile.avatarUrl) {\n    picture = profile.avatarUrl;\n  } else if (profile.photos && profile.photos.length > 0) {\n    const [firstPhoto] = profile.photos;\n    picture = firstPhoto.value;\n  }\n\n  let displayName: string | undefined =\n    profile.displayName ?? profile.username ?? profile.id;\n\n  if ((!email || !picture || !displayName) && idToken) {\n    try {\n      const decoded = decodeJwt(idToken) as {\n        email?: string;\n        name?: string;\n        picture?: string;\n      };\n      if (!email && decoded.email) {\n        email = decoded.email;\n      }\n      if (!picture && decoded.picture) {\n        picture = decoded.picture;\n      }\n      if (!displayName && decoded.name) {\n        displayName = decoded.name;\n      }\n    } catch (e) {\n      throw new ForwardedError(\n        `Failed to parse id token and get profile info`,\n        e,\n      );\n    }\n  }\n\n  return {\n    email,\n    picture,\n    displayName,\n  };\n};\n\nexport const executeRedirectStrategy = async (\n  req: express.Request,\n  providerStrategy: passport.Strategy,\n  options: Record<string, string>,\n): Promise<OAuthStartResponse> => {\n  return new Promise(resolve => {\n    const strategy = Object.create(providerStrategy);\n    strategy.redirect = (url: string, status?: number) => {\n      resolve({ url, status: status ?? undefined });\n    };\n\n    strategy.authenticate(req, { ...options });\n  });\n};\n\nexport const executeFrameHandlerStrategy = async <Result, PrivateInfo = never>(\n  req: express.Request,\n  providerStrategy: passport.Strategy,\n  options?: Record<string, string>,\n) => {\n  return new Promise<{ result: Result; privateInfo: PrivateInfo }>(\n    (resolve, reject) => {\n      const strategy = Object.create(providerStrategy);\n      strategy.success = (result: any, privateInfo: any) => {\n        resolve({ result, privateInfo });\n      };\n      strategy.fail = (\n        info: { type: 'success' | 'error'; message?: string },\n        // _status: number,\n      ) => {\n        reject(new Error(`Authentication rejected, ${info.message ?? ''}`));\n      };\n      strategy.error = (error: InternalOAuthError) => {\n        let message = `Authentication failed, ${error.message}`;\n\n        if (error.oauthError?.data) {\n          try {\n            const errorData = JSON.parse(error.oauthError.data);\n\n            if (errorData.message) {\n              message += ` - ${errorData.message}`;\n            }\n          } catch (parseError) {\n            message += ` - ${error.oauthError}`;\n          }\n        }\n\n        reject(new Error(message));\n      };\n      strategy.redirect = () => {\n        reject(new Error('Unexpected redirect'));\n      };\n      strategy.authenticate(req, { ...(options ?? {}) });\n    },\n  );\n};\n\ntype RefreshTokenResponse = {\n  /**\n   * An access token issued for the signed in user.\n   */\n  accessToken: string;\n  /**\n   * Optionally, the server can issue a new Refresh Token for the user\n   */\n  refreshToken?: string;\n  params: any;\n};\n\nexport const executeRefreshTokenStrategy = async (\n  providerStrategy: passport.Strategy,\n  refreshToken: string,\n  scope: string,\n): Promise<RefreshTokenResponse> => {\n  return new Promise((resolve, reject) => {\n    const anyStrategy = providerStrategy as any;\n    const OAuth2 = anyStrategy._oauth2.constructor;\n    const oauth2 = new OAuth2(\n      anyStrategy._oauth2._clientId,\n      anyStrategy._oauth2._clientSecret,\n      anyStrategy._oauth2._baseSite,\n      anyStrategy._oauth2._authorizeUrl,\n      anyStrategy._refreshURL || anyStrategy._oauth2._accessTokenUrl,\n      anyStrategy._oauth2._customHeaders,\n    );\n\n    oauth2.getOAuthAccessToken(\n      refreshToken,\n      {\n        scope,\n        grant_type: 'refresh_token',\n      },\n      (\n        err: Error | null,\n        accessToken: string,\n        newRefreshToken: string,\n        params: any,\n      ) => {\n        if (err) {\n          reject(new ForwardedError(`Failed to refresh access token`, err));\n        }\n        if (!accessToken) {\n          reject(\n            new Error(\n              `Failed to refresh access token, no access token received`,\n            ),\n          );\n        }\n\n        resolve({\n          accessToken,\n          refreshToken: newRefreshToken,\n          params,\n        });\n      },\n    );\n  });\n};\n\ntype ProviderStrategy = {\n  userProfile(accessToken: string, callback: Function): void;\n};\n\nexport const executeFetchUserProfileStrategy = async (\n  providerStrategy: passport.Strategy,\n  accessToken: string,\n): Promise<PassportProfile> => {\n  return new Promise((resolve, reject) => {\n    const anyStrategy = providerStrategy as unknown as ProviderStrategy;\n    anyStrategy.userProfile(\n      accessToken,\n      (error: Error, rawProfile: PassportProfile) => {\n        if (error) {\n          reject(error);\n        } else {\n          resolve(rawProfile);\n        }\n      },\n    );\n  });\n};\n"],"names":[],"mappings":";;;;;AAmFO,MAAM,uBAA0B,GAAA,OACrC,GACA,EAAA,gBAAA,EACA,OACgC,KAAA;AAChC,EAAO,OAAA,IAAI,QAAQ,CAAW,OAAA,KAAA;AAC5B,IAAM,MAAA,QAAA,GAAW,MAAO,CAAA,MAAA,CAAO,gBAAgB,CAAA;AAC/C,IAAS,QAAA,CAAA,QAAA,GAAW,CAAC,GAAA,EAAa,MAAoB,KAAA;AACpD,MAAA,OAAA,CAAQ,EAAE,GAAA,EAAK,MAAQ,EAAA,MAAA,IAAU,QAAW,CAAA;AAAA,KAC9C;AAEA,IAAA,QAAA,CAAS,YAAa,CAAA,GAAA,EAAK,EAAE,GAAG,SAAS,CAAA;AAAA,GAC1C,CAAA;AACH;AAEO,MAAM,2BAA8B,GAAA,OACzC,GACA,EAAA,gBAAA,EACA,OACG,KAAA;AACH,EAAA,OAAO,IAAI,OAAA;AAAA,IACT,CAAC,SAAS,MAAW,KAAA;AACnB,MAAM,MAAA,QAAA,GAAW,MAAO,CAAA,MAAA,CAAO,gBAAgB,CAAA;AAC/C,MAAS,QAAA,CAAA,OAAA,GAAU,CAAC,MAAA,EAAa,WAAqB,KAAA;AACpD,QAAQ,OAAA,CAAA,EAAE,MAAQ,EAAA,WAAA,EAAa,CAAA;AAAA,OACjC;AACA,MAAS,QAAA,CAAA,IAAA,GAAO,CACd,IAEG,KAAA;AACH,QAAA,MAAA,CAAO,IAAI,KAAM,CAAA,CAAA,yBAAA,EAA4B,KAAK,OAAW,IAAA,EAAE,EAAE,CAAC,CAAA;AAAA,OACpE;AACA,MAAS,QAAA,CAAA,KAAA,GAAQ,CAAC,KAA8B,KAAA;AAC9C,QAAI,IAAA,OAAA,GAAU,CAA0B,uBAAA,EAAA,KAAA,CAAM,OAAO,CAAA,CAAA;AAErD,QAAI,IAAA,KAAA,CAAM,YAAY,IAAM,EAAA;AAC1B,UAAI,IAAA;AACF,YAAA,MAAM,SAAY,GAAA,IAAA,CAAK,KAAM,CAAA,KAAA,CAAM,WAAW,IAAI,CAAA;AAElD,YAAA,IAAI,UAAU,OAAS,EAAA;AACrB,cAAW,OAAA,IAAA,CAAA,GAAA,EAAM,UAAU,OAAO,CAAA,CAAA;AAAA;AACpC,mBACO,UAAY,EAAA;AACnB,YAAW,OAAA,IAAA,CAAA,GAAA,EAAM,MAAM,UAAU,CAAA,CAAA;AAAA;AACnC;AAGF,QAAO,MAAA,CAAA,IAAI,KAAM,CAAA,OAAO,CAAC,CAAA;AAAA,OAC3B;AACA,MAAA,QAAA,CAAS,WAAW,MAAM;AACxB,QAAO,MAAA,CAAA,IAAI,KAAM,CAAA,qBAAqB,CAAC,CAAA;AAAA,OACzC;AACA,MAAA,QAAA,CAAS,aAAa,GAAK,EAAA,EAAE,GAAe,IAAK,CAAA;AAAA;AACnD,GACF;AACF;;;;;"}

package/dist/providers/atlassian/provider.cjs.js

@@ -1,20 +0,0 @@
-'use strict';
-
-var pluginAuthBackendModuleAtlassianProvider = require('@backstage/plugin-auth-backend-module-atlassian-provider');
-var pluginAuthNode = require('@backstage/plugin-auth-node');
-var adaptLegacyOAuthHandler = require('../../lib/legacy/adaptLegacyOAuthHandler.cjs.js');
-var adaptLegacyOAuthSignInResolver = require('../../lib/legacy/adaptLegacyOAuthSignInResolver.cjs.js');
-var createAuthProviderIntegration = require('../createAuthProviderIntegration.cjs.js');
-
-const atlassian = createAuthProviderIntegration.createAuthProviderIntegration({
-  create(options) {
-    return pluginAuthNode.createOAuthProviderFactory({
-      authenticator: pluginAuthBackendModuleAtlassianProvider.atlassianAuthenticator,
-      profileTransform: adaptLegacyOAuthHandler.adaptLegacyOAuthHandler(options?.authHandler),
-      signInResolver: adaptLegacyOAuthSignInResolver.adaptLegacyOAuthSignInResolver(options?.signIn?.resolver)
-    });
-  }
-});
-
-exports.atlassian = atlassian;
-//# sourceMappingURL=provider.cjs.js.map

package/dist/providers/atlassian/provider.cjs.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"provider.cjs.js","sources":["../../../src/providers/atlassian/provider.ts"],"sourcesContent":["/*\n * Copyright 2020 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n *     http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { atlassianAuthenticator } from '@backstage/plugin-auth-backend-module-atlassian-provider';\nimport {\n  SignInResolver,\n  createOAuthProviderFactory,\n} from '@backstage/plugin-auth-node';\nimport {\n  adaptLegacyOAuthHandler,\n  adaptLegacyOAuthSignInResolver,\n} from '../../lib/legacy';\nimport { OAuthResult } from '../../lib/oauth';\nimport { createAuthProviderIntegration } from '../createAuthProviderIntegration';\nimport { AuthHandler } from '../types';\n\n/**\n * Auth provider integration for Atlassian auth\n *\n * @public\n * @deprecated Migrate the auth plugin to the new backend system https://backstage.io/docs/backend-system/building-backends/migrating#the-auth-plugin\n */\nexport const atlassian = createAuthProviderIntegration({\n  create(options?: {\n    /**\n     * The profile transformation function used to verify and convert the auth response\n     * into the profile that will be presented to the user.\n     */\n    authHandler?: AuthHandler<OAuthResult>;\n\n    /**\n     * Configure sign-in for this provider, without it the provider can not be used to sign users in.\n     */\n    signIn?: {\n      resolver: SignInResolver<OAuthResult>;\n    };\n  }) {\n    return createOAuthProviderFactory({\n      authenticator: atlassianAuthenticator,\n      profileTransform: adaptLegacyOAuthHandler(options?.authHandler),\n      signInResolver: adaptLegacyOAuthSignInResolver(options?.signIn?.resolver),\n    });\n  },\n});\n"],"names":["createAuthProviderIntegration","createOAuthProviderFactory","atlassianAuthenticator","adaptLegacyOAuthHandler","adaptLegacyOAuthSignInResolver"],"mappings":";;;;;;;;AAmCO,MAAM,YAAYA,2DAA8B,CAAA;AAAA,EACrD,OAAO,OAaJ,EAAA;AACD,IAAA,OAAOC,yCAA2B,CAAA;AAAA,MAChC,aAAe,EAAAC,+DAAA;AAAA,MACf,gBAAA,EAAkBC,+CAAwB,CAAA,OAAA,EAAS,WAAW,CAAA;AAAA,MAC9D,cAAgB,EAAAC,6DAAA,CAA+B,OAAS,EAAA,MAAA,EAAQ,QAAQ;AAAA,KACzE,CAAA;AAAA;AAEL,CAAC;;;;"}

package/dist/providers/auth0/provider.cjs.js

@@ -1,20 +0,0 @@
-'use strict';
-
-var createAuthProviderIntegration = require('../createAuthProviderIntegration.cjs.js');
-var pluginAuthNode = require('@backstage/plugin-auth-node');
-var adaptLegacyOAuthHandler = require('../../lib/legacy/adaptLegacyOAuthHandler.cjs.js');
-var adaptLegacyOAuthSignInResolver = require('../../lib/legacy/adaptLegacyOAuthSignInResolver.cjs.js');
-var pluginAuthBackendModuleAuth0Provider = require('@backstage/plugin-auth-backend-module-auth0-provider');
-
-const auth0 = createAuthProviderIntegration.createAuthProviderIntegration({
-  create(options) {
-    return pluginAuthNode.createOAuthProviderFactory({
-      authenticator: pluginAuthBackendModuleAuth0Provider.auth0Authenticator,
-      profileTransform: adaptLegacyOAuthHandler.adaptLegacyOAuthHandler(options?.authHandler),
-      signInResolver: adaptLegacyOAuthSignInResolver.adaptLegacyOAuthSignInResolver(options?.signIn?.resolver)
-    });
-  }
-});
-
-exports.auth0 = auth0;
-//# sourceMappingURL=provider.cjs.js.map

package/dist/providers/auth0/provider.cjs.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"provider.cjs.js","sources":["../../../src/providers/auth0/provider.ts"],"sourcesContent":["/*\n * Copyright 2020 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n *     http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { OAuthProviderOptions, OAuthResult } from '../../lib/oauth';\n\nimport { AuthHandler } from '../types';\nimport { createAuthProviderIntegration } from '../createAuthProviderIntegration';\nimport {\n  AuthResolverContext,\n  createOAuthProviderFactory,\n  SignInResolver,\n} from '@backstage/plugin-auth-node';\nimport {\n  adaptLegacyOAuthHandler,\n  adaptLegacyOAuthSignInResolver,\n} from '../../lib/legacy';\nimport { auth0Authenticator } from '@backstage/plugin-auth-backend-module-auth0-provider';\n\n/**\n * @public\n * @deprecated The Auth0 auth provider was extracted to `@backstage/plugin-auth-backend-module-auth0-provider`.\n */\nexport type Auth0AuthProviderOptions = OAuthProviderOptions & {\n  domain: string;\n  signInResolver?: SignInResolver<OAuthResult>;\n  authHandler: AuthHandler<OAuthResult>;\n  resolverContext: AuthResolverContext;\n  audience?: string;\n  connection?: string;\n  connectionScope?: string;\n};\n\n/**\n * Auth provider integration for auth0 auth\n *\n * @public\n * @deprecated Migrate the auth plugin to the new backend system https://backstage.io/docs/backend-system/building-backends/migrating#the-auth-plugin\n */\nexport const auth0 = createAuthProviderIntegration({\n  create(options?: {\n    /**\n     * The profile transformation function used to verify and convert the auth response\n     * into the profile that will be presented to the user.\n     */\n    authHandler?: AuthHandler<OAuthResult>;\n\n    /**\n     * Configure sign-in for this provider, without it the provider can not be used to sign users in.\n     */\n    signIn?: {\n      /**\n       * Maps an auth result to a Backstage identity for the user.\n       */\n      resolver: SignInResolver<OAuthResult>;\n    };\n  }) {\n    return createOAuthProviderFactory({\n      authenticator: auth0Authenticator,\n      profileTransform: adaptLegacyOAuthHandler(options?.authHandler),\n      signInResolver: adaptLegacyOAuthSignInResolver(options?.signIn?.resolver),\n    });\n  },\n});\n"],"names":["createAuthProviderIntegration","createOAuthProviderFactory","auth0Authenticator","adaptLegacyOAuthHandler","adaptLegacyOAuthSignInResolver"],"mappings":";;;;;;;;AAmDO,MAAM,QAAQA,2DAA8B,CAAA;AAAA,EACjD,OAAO,OAgBJ,EAAA;AACD,IAAA,OAAOC,yCAA2B,CAAA;AAAA,MAChC,aAAe,EAAAC,uDAAA;AAAA,MACf,gBAAA,EAAkBC,+CAAwB,CAAA,OAAA,EAAS,WAAW,CAAA;AAAA,MAC9D,cAAgB,EAAAC,6DAAA,CAA+B,OAAS,EAAA,MAAA,EAAQ,QAAQ;AAAA,KACzE,CAAA;AAAA;AAEL,CAAC;;;;"}

package/dist/providers/aws-alb/provider.cjs.js

@@ -1,18 +0,0 @@
-'use strict';
-
-var pluginAuthBackendModuleAwsAlbProvider = require('@backstage/plugin-auth-backend-module-aws-alb-provider');
-var pluginAuthNode = require('@backstage/plugin-auth-node');
-var createAuthProviderIntegration = require('../createAuthProviderIntegration.cjs.js');
-
-const awsAlb = createAuthProviderIntegration.createAuthProviderIntegration({
-  create(options) {
-    return pluginAuthNode.createProxyAuthProviderFactory({
-      authenticator: pluginAuthBackendModuleAwsAlbProvider.awsAlbAuthenticator,
-      profileTransform: options?.authHandler,
-      signInResolver: options?.signIn?.resolver
-    });
-  }
-});
-
-exports.awsAlb = awsAlb;
-//# sourceMappingURL=provider.cjs.js.map

package/dist/providers/aws-alb/provider.cjs.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"provider.cjs.js","sources":["../../../src/providers/aws-alb/provider.ts"],"sourcesContent":["/*\n * Copyright 2021 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n *     http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport {\n  AwsAlbResult,\n  awsAlbAuthenticator,\n} from '@backstage/plugin-auth-backend-module-aws-alb-provider';\nimport {\n  SignInResolver,\n  createProxyAuthProviderFactory,\n} from '@backstage/plugin-auth-node';\nimport { AuthHandler } from '../types';\nimport { createAuthProviderIntegration } from '../createAuthProviderIntegration';\n\n/**\n * Auth provider integration for AWS ALB auth\n *\n * @public\n * @deprecated Migrate the auth plugin to the new backend system https://backstage.io/docs/backend-system/building-backends/migrating#the-auth-plugin\n */\nexport const awsAlb = createAuthProviderIntegration({\n  create(options?: {\n    /**\n     * The profile transformation function used to verify and convert the auth\n     * response into the profile that will be presented to the user. The default\n     * implementation just provides the authenticated email that the IAP\n     * presented.\n     */\n    authHandler?: AuthHandler<AwsAlbResult>;\n    /**\n     * Configures sign-in for this provider.\n     */\n    signIn: {\n      /**\n       * Maps an auth result to a Backstage identity for the user.\n       */\n      resolver: SignInResolver<AwsAlbResult>;\n    };\n  }) {\n    return createProxyAuthProviderFactory({\n      authenticator: awsAlbAuthenticator,\n      profileTransform: options?.authHandler,\n      signInResolver: options?.signIn?.resolver,\n    });\n  },\n});\n"],"names":["createAuthProviderIntegration","createProxyAuthProviderFactory","awsAlbAuthenticator"],"mappings":";;;;;;AAiCO,MAAM,SAASA,2DAA8B,CAAA;AAAA,EAClD,OAAO,OAiBJ,EAAA;AACD,IAAA,OAAOC,6CAA+B,CAAA;AAAA,MACpC,aAAe,EAAAC,yDAAA;AAAA,MACf,kBAAkB,OAAS,EAAA,WAAA;AAAA,MAC3B,cAAA,EAAgB,SAAS,MAAQ,EAAA;AAAA,KAClC,CAAA;AAAA;AAEL,CAAC;;;;"}

package/dist/providers/azure-easyauth/provider.cjs.js

@@ -1,18 +0,0 @@
-'use strict';
-
-var pluginAuthNode = require('@backstage/plugin-auth-node');
-var createAuthProviderIntegration = require('../createAuthProviderIntegration.cjs.js');
-var pluginAuthBackendModuleAzureEasyauthProvider = require('@backstage/plugin-auth-backend-module-azure-easyauth-provider');
-
-const easyAuth = createAuthProviderIntegration.createAuthProviderIntegration({
-  create(options) {
-    return pluginAuthNode.createProxyAuthProviderFactory({
-      authenticator: pluginAuthBackendModuleAzureEasyauthProvider.azureEasyAuthAuthenticator,
-      profileTransform: options?.authHandler,
-      signInResolver: options?.signIn?.resolver
-    });
-  }
-});
-
-exports.easyAuth = easyAuth;
-//# sourceMappingURL=provider.cjs.js.map

package/dist/providers/azure-easyauth/provider.cjs.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"provider.cjs.js","sources":["../../../src/providers/azure-easyauth/provider.ts"],"sourcesContent":["/*\n * Copyright 2020 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n *     http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport {\n  SignInResolver,\n  createProxyAuthProviderFactory,\n} from '@backstage/plugin-auth-node';\nimport { AuthHandler } from '../types';\nimport { createAuthProviderIntegration } from '../createAuthProviderIntegration';\nimport {\n  AzureEasyAuthResult,\n  azureEasyAuthAuthenticator,\n} from '@backstage/plugin-auth-backend-module-azure-easyauth-provider';\n\n/**\n * Auth provider integration for Azure EasyAuth\n *\n * @public\n * @deprecated Migrate the auth plugin to the new backend system https://backstage.io/docs/backend-system/building-backends/migrating#the-auth-plugin\n */\nexport const easyAuth = createAuthProviderIntegration({\n  create(options?: {\n    /**\n     * The profile transformation function used to verify and convert the auth response\n     * into the profile that will be presented to the user.\n     */\n    authHandler?: AuthHandler<AzureEasyAuthResult>;\n\n    /**\n     * Configure sign-in for this provider, without it the provider can not be used to sign users in.\n     */\n    signIn: {\n      /**\n       * Maps an auth result to a Backstage identity for the user.\n       */\n      resolver: SignInResolver<AzureEasyAuthResult>;\n    };\n  }) {\n    return createProxyAuthProviderFactory({\n      authenticator: azureEasyAuthAuthenticator,\n      profileTransform: options?.authHandler,\n      signInResolver: options?.signIn?.resolver,\n    });\n  },\n});\n"],"names":["createAuthProviderIntegration","createProxyAuthProviderFactory","azureEasyAuthAuthenticator"],"mappings":";;;;;;AAiCO,MAAM,WAAWA,2DAA8B,CAAA;AAAA,EACpD,OAAO,OAgBJ,EAAA;AACD,IAAA,OAAOC,6CAA+B,CAAA;AAAA,MACpC,aAAe,EAAAC,uEAAA;AAAA,MACf,kBAAkB,OAAS,EAAA,WAAA;AAAA,MAC3B,cAAA,EAAgB,SAAS,MAAQ,EAAA;AAAA,KAClC,CAAA;AAAA;AAEL,CAAC;;;;"}

package/dist/providers/bitbucket/provider.cjs.js

@@ -1,25 +0,0 @@
-'use strict';
-
-var pluginAuthBackendModuleBitbucketProvider = require('@backstage/plugin-auth-backend-module-bitbucket-provider');
-var pluginAuthNode = require('@backstage/plugin-auth-node');
-var adaptLegacyOAuthHandler = require('../../lib/legacy/adaptLegacyOAuthHandler.cjs.js');
-var adaptLegacyOAuthSignInResolver = require('../../lib/legacy/adaptLegacyOAuthSignInResolver.cjs.js');
-var adaptOAuthSignInResolverToLegacy = require('../../lib/legacy/adaptOAuthSignInResolverToLegacy.cjs.js');
-var createAuthProviderIntegration = require('../createAuthProviderIntegration.cjs.js');
-
-const bitbucket = createAuthProviderIntegration.createAuthProviderIntegration({
-  create(options) {
-    return pluginAuthNode.createOAuthProviderFactory({
-      authenticator: pluginAuthBackendModuleBitbucketProvider.bitbucketAuthenticator,
-      profileTransform: adaptLegacyOAuthHandler.adaptLegacyOAuthHandler(options?.authHandler),
-      signInResolver: adaptLegacyOAuthSignInResolver.adaptLegacyOAuthSignInResolver(options?.signIn?.resolver)
-    });
-  },
-  resolvers: adaptOAuthSignInResolverToLegacy.adaptOAuthSignInResolverToLegacy({
-    userIdMatchingUserEntityAnnotation: pluginAuthBackendModuleBitbucketProvider.bitbucketSignInResolvers.userIdMatchingUserEntityAnnotation(),
-    usernameMatchingUserEntityAnnotation: pluginAuthBackendModuleBitbucketProvider.bitbucketSignInResolvers.usernameMatchingUserEntityAnnotation()
-  })
-});
-
-exports.bitbucket = bitbucket;
-//# sourceMappingURL=provider.cjs.js.map

package/dist/providers/bitbucket/provider.cjs.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"provider.cjs.js","sources":["../../../src/providers/bitbucket/provider.ts"],"sourcesContent":["/*\n * Copyright 2020 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n *     http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport {\n  bitbucketAuthenticator,\n  bitbucketSignInResolvers,\n} from '@backstage/plugin-auth-backend-module-bitbucket-provider';\nimport {\n  SignInResolver,\n  createOAuthProviderFactory,\n} from '@backstage/plugin-auth-node';\nimport { Profile as PassportProfile } from 'passport';\nimport {\n  adaptLegacyOAuthHandler,\n  adaptLegacyOAuthSignInResolver,\n  adaptOAuthSignInResolverToLegacy,\n} from '../../lib/legacy';\nimport { OAuthResult } from '../../lib/oauth';\nimport { createAuthProviderIntegration } from '../createAuthProviderIntegration';\nimport { AuthHandler } from '../types';\n\n/**\n * @public\n * @deprecated The Bitbucket auth provider was extracted to `@backstage/plugin-auth-backend-module-bitbucket-provider`.\n */\nexport type BitbucketOAuthResult = {\n  fullProfile: BitbucketPassportProfile;\n  params: {\n    id_token?: string;\n    scope: string;\n    expires_in: number;\n  };\n  accessToken: string;\n  refreshToken?: string;\n};\n\n/**\n * @public\n * @deprecated The Bitbucket auth provider was extracted to `@backstage/plugin-auth-backend-module-bitbucket-provider`.\n */\nexport type BitbucketPassportProfile = PassportProfile & {\n  id?: string;\n  displayName?: string;\n  username?: string;\n  avatarUrl?: string;\n  _json?: {\n    links?: {\n      avatar?: {\n        href?: string;\n      };\n    };\n  };\n};\n\n/**\n * Auth provider integration for Bitbucket auth\n *\n * @public\n * @deprecated Migrate the auth plugin to the new backend system https://backstage.io/docs/backend-system/building-backends/migrating#the-auth-plugin\n */\nexport const bitbucket = createAuthProviderIntegration({\n  create(options?: {\n    /**\n     * The profile transformation function used to verify and convert the auth response\n     * into the profile that will be presented to the user.\n     */\n    authHandler?: AuthHandler<OAuthResult>;\n\n    /**\n     * Configure sign-in for this provider, without it the provider can not be used to sign users in.\n     */\n    signIn?: {\n      resolver: SignInResolver<OAuthResult>;\n    };\n  }) {\n    return createOAuthProviderFactory({\n      authenticator: bitbucketAuthenticator,\n      profileTransform: adaptLegacyOAuthHandler(options?.authHandler),\n      signInResolver: adaptLegacyOAuthSignInResolver(options?.signIn?.resolver),\n    });\n  },\n  resolvers: adaptOAuthSignInResolverToLegacy({\n    userIdMatchingUserEntityAnnotation:\n      bitbucketSignInResolvers.userIdMatchingUserEntityAnnotation(),\n    usernameMatchingUserEntityAnnotation:\n      bitbucketSignInResolvers.usernameMatchingUserEntityAnnotation(),\n  }),\n});\n"],"names":["createAuthProviderIntegration","createOAuthProviderFactory","bitbucketAuthenticator","adaptLegacyOAuthHandler","adaptLegacyOAuthSignInResolver","adaptOAuthSignInResolverToLegacy","bitbucketSignInResolvers"],"mappings":";;;;;;;;;AAyEO,MAAM,YAAYA,2DAA8B,CAAA;AAAA,EACrD,OAAO,OAaJ,EAAA;AACD,IAAA,OAAOC,yCAA2B,CAAA;AAAA,MAChC,aAAe,EAAAC,+DAAA;AAAA,MACf,gBAAA,EAAkBC,+CAAwB,CAAA,OAAA,EAAS,WAAW,CAAA;AAAA,MAC9D,cAAgB,EAAAC,6DAAA,CAA+B,OAAS,EAAA,MAAA,EAAQ,QAAQ;AAAA,KACzE,CAAA;AAAA,GACH;AAAA,EACA,WAAWC,iEAAiC,CAAA;AAAA,IAC1C,kCAAA,EACEC,kEAAyB,kCAAmC,EAAA;AAAA,IAC9D,oCAAA,EACEA,kEAAyB,oCAAqC;AAAA,GACjE;AACH,CAAC;;;;"}