npm - @backstage/plugin-auth-backend - Versions diffs - 0.4.3 → 0.4.7 - Mend

@backstage/plugin-auth-backend 0.4.3 → 0.4.7

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

package/dist/index.cjs.js CHANGED Viewed

@@ -19,16 +19,18 @@ var got = require('got');
 var OAuth2Strategy = require('passport-oauth2');
 var passportOktaOauth = require('passport-okta-oauth');
 var passportBitbucketOauth2 = require('passport-bitbucket-oauth2');
-var openidClient = require('openid-client');
-var passportSaml = require('passport-saml');
-var passportOneloginOauth = require('passport-onelogin-oauth');
 var fetch = require('cross-fetch');
 var NodeCache = require('node-cache');
 var jose = require('jose');
+var openidClient = require('openid-client');
+var passportSaml = require('passport-saml');
+var passportOneloginOauth = require('passport-onelogin-oauth');
 var catalogClient = require('@backstage/catalog-client');
 var uuid = require('uuid');
 var luxon = require('luxon');
 var backendCommon = require('@backstage/backend-common');
+var firestore = require('@google-cloud/firestore');
+var lodash = require('lodash');
 var session = require('express-session');
 var passport = require('passport');
 var minimatch = require('minimatch');
@@ -417,12 +419,10 @@ class OAuthAdapter {
         response
       });
     } catch (error) {
+      const {name, message} = errors.isError(error) ? error : new Error("Encountered invalid error");
       return postMessageResponse(res, appOrigin, {
         type: "authorization_response",
-        error: {
-          name: error.name,
-          message: error.message
-        }
+        error: {name, message}
       });
     }
   }
@@ -458,7 +458,7 @@ class OAuthAdapter {
       }
       res.status(200).json(response);
     } catch (error) {
-      res.status(401).send(`${error.message}`);
+      res.status(401).send(String(error));
     }
   }
   async populateIdentity(identity) {
@@ -551,6 +551,7 @@ class GithubAuthProvider {
   constructor(options) {
     this.signInResolver = options.signInResolver;
     this.authHandler = options.authHandler;
+    this.stateEncoder = options.stateEncoder;
     this.tokenIssuer = options.tokenIssuer;
     this.catalogIdentityClient = options.catalogIdentityClient;
     this.logger = options.logger;
@@ -568,7 +569,7 @@ class GithubAuthProvider {
   async start(req) {
     return await executeRedirectStrategy(req, this._strategy, {
       scope: req.scope,
-      state: encodeState(req.state)
+      state: (await this.stateEncoder(req)).encodedState
     });
   }
   async handler(req) {
@@ -579,13 +580,17 @@ class GithubAuthProvider {
     };
   }
   async refresh(req) {
-    const {accessToken, params} = await executeRefreshTokenStrategy(this._strategy, req.refreshToken, req.scope);
+    const {
+      accessToken,
+      refreshToken: newRefreshToken,
+      params
+    } = await executeRefreshTokenStrategy(this._strategy, req.refreshToken, req.scope);
     const fullProfile = await executeFetchUserProfileStrategy(this._strategy, accessToken);
     return this.handleResult({
       fullProfile,
       params,
       accessToken,
-      refreshToken: req.refreshToken
+      refreshToken: newRefreshToken
     });
   }
   async handleResult(result) {
@@ -594,6 +599,7 @@ class GithubAuthProvider {
     const response = {
       providerInfo: {
         accessToken: result.accessToken,
+        refreshToken: result.refreshToken,
         scope: result.params.scope,
         expiresInSeconds: expiresInStr === void 0 ? void 0 : Number(expiresInStr)
       },
@@ -629,7 +635,7 @@ const createGithubProvider = (options) => {
     catalogApi,
     logger
   }) => OAuthEnvironmentHandler.mapConfig(config, (envConfig) => {
-    var _a, _b;
+    var _a, _b, _c;
     const clientId = envConfig.getString("clientId");
     const clientSecret = envConfig.getString("clientSecret");
     const enterpriseInstanceUrl = envConfig.getOptionalString("enterpriseInstanceUrl");
@@ -651,6 +657,9 @@ const createGithubProvider = (options) => {
       tokenIssuer,
       logger
     });
+    const stateEncoder = (_c = options == null ? void 0 : options.stateEncoder) != null ? _c : async (req) => {
+      return {encodedState: encodeState(req.state)};
+    };
     const provider = new GithubAuthProvider({
       clientId,
       clientSecret,
@@ -662,6 +671,7 @@ const createGithubProvider = (options) => {
       authHandler,
       tokenIssuer,
       catalogIdentityClient,
+      stateEncoder,
       logger
     });
     return OAuthAdapter.fromConfig(globalConfig, provider, {
@@ -1379,6 +1389,9 @@ const createOktaProvider = (_options) => {
     const clientSecret = envConfig.getString("clientSecret");
     const audience = envConfig.getString("audience");
     const callbackUrl = `${globalConfig.baseUrl}/${providerId}/handler/frame`;
+    if (!audience.startsWith("https://")) {
+      throw new Error("URL for 'audience' must start with 'https://'.");
+    }
     const catalogIdentityClient = new CatalogIdentityClient({
       catalogApi,
       tokenIssuer
@@ -1550,6 +1563,305 @@ const createBitbucketProvider = (options) => {
   });
 };
+const defaultScopes = ["offline_access", "read:me"];
+class AtlassianStrategy extends OAuth2Strategy__default['default'] {
+  constructor(options, verify) {
+    if (!options.scope) {
+      throw new TypeError("Atlassian requires a scope option");
+    }
+    const scopes = options.scope.split(" ");
+    const optionsWithURLs = {
+      ...options,
+      authorizationURL: `https://auth.atlassian.com/authorize`,
+      tokenURL: `https://auth.atlassian.com/oauth/token`,
+      scope: Array.from(new Set([...defaultScopes, ...scopes]))
+    };
+    super(optionsWithURLs, verify);
+    this.profileURL = "https://api.atlassian.com/me";
+    this.name = "atlassian";
+    this._oauth2.useAuthorizationHeaderforGET(true);
+  }
+  authorizationParams() {
+    return {
+      audience: "api.atlassian.com",
+      prompt: "consent"
+    };
+  }
+  userProfile(accessToken, done) {
+    this._oauth2.get(this.profileURL, accessToken, (err, body) => {
+      if (err) {
+        return done(new OAuth2Strategy.InternalOAuthError("Failed to fetch user profile", err.statusCode));
+      }
+      if (!body) {
+        return done(new Error("Failed to fetch user profile, body cannot be empty"));
+      }
+      try {
+        const json = typeof body !== "string" ? body.toString() : body;
+        const profile = AtlassianStrategy.parse(json);
+        return done(null, profile);
+      } catch (e) {
+        return done(new Error("Failed to parse user profile"));
+      }
+    });
+  }
+  static parse(json) {
+    const resp = JSON.parse(json);
+    return {
+      id: resp.account_id,
+      provider: "atlassian",
+      username: resp.nickname,
+      displayName: resp.name,
+      emails: [{value: resp.email}],
+      photos: [{value: resp.picture}]
+    };
+  }
+}
+const atlassianDefaultAuthHandler = async ({
+  fullProfile,
+  params
+}) => ({
+  profile: makeProfileInfo(fullProfile, params.id_token)
+});
+class AtlassianAuthProvider {
+  constructor(options) {
+    this.catalogIdentityClient = options.catalogIdentityClient;
+    this.logger = options.logger;
+    this.tokenIssuer = options.tokenIssuer;
+    this.authHandler = options.authHandler;
+    this.signInResolver = options.signInResolver;
+    this._strategy = new AtlassianStrategy({
+      clientID: options.clientId,
+      clientSecret: options.clientSecret,
+      callbackURL: options.callbackUrl,
+      scope: options.scopes
+    }, (accessToken, refreshToken, params, fullProfile, done) => {
+      done(void 0, {
+        fullProfile,
+        accessToken,
+        refreshToken,
+        params
+      });
+    });
+  }
+  async start(req) {
+    return await executeRedirectStrategy(req, this._strategy, {
+      state: encodeState(req.state)
+    });
+  }
+  async handler(req) {
+    var _a;
+    const {result} = await executeFrameHandlerStrategy(req, this._strategy);
+    return {
+      response: await this.handleResult(result),
+      refreshToken: (_a = result.refreshToken) != null ? _a : ""
+    };
+  }
+  async handleResult(result) {
+    const {profile} = await this.authHandler(result);
+    const response = {
+      providerInfo: {
+        idToken: result.params.id_token,
+        accessToken: result.accessToken,
+        refreshToken: result.refreshToken,
+        scope: result.params.scope,
+        expiresInSeconds: result.params.expires_in
+      },
+      profile
+    };
+    if (this.signInResolver) {
+      response.backstageIdentity = await this.signInResolver({
+        result,
+        profile
+      }, {
+        tokenIssuer: this.tokenIssuer,
+        catalogIdentityClient: this.catalogIdentityClient,
+        logger: this.logger
+      });
+    }
+    return response;
+  }
+  async refresh(req) {
+    const {
+      accessToken,
+      params,
+      refreshToken: newRefreshToken
+    } = await executeRefreshTokenStrategy(this._strategy, req.refreshToken, req.scope);
+    const fullProfile = await executeFetchUserProfileStrategy(this._strategy, accessToken);
+    return this.handleResult({
+      fullProfile,
+      params,
+      accessToken,
+      refreshToken: newRefreshToken
+    });
+  }
+}
+const createAtlassianProvider = (options) => {
+  return ({
+    providerId,
+    globalConfig,
+    config,
+    tokenIssuer,
+    catalogApi,
+    logger
+  }) => OAuthEnvironmentHandler.mapConfig(config, (envConfig) => {
+    var _a, _b;
+    const clientId = envConfig.getString("clientId");
+    const clientSecret = envConfig.getString("clientSecret");
+    const scopes = envConfig.getString("scopes");
+    const callbackUrl = `${globalConfig.baseUrl}/${providerId}/handler/frame`;
+    const catalogIdentityClient = new CatalogIdentityClient({
+      catalogApi,
+      tokenIssuer
+    });
+    const authHandler = (_a = options == null ? void 0 : options.authHandler) != null ? _a : atlassianDefaultAuthHandler;
+    const provider = new AtlassianAuthProvider({
+      clientId,
+      clientSecret,
+      scopes,
+      callbackUrl,
+      authHandler,
+      signInResolver: (_b = options == null ? void 0 : options.signIn) == null ? void 0 : _b.resolver,
+      catalogIdentityClient,
+      logger,
+      tokenIssuer
+    });
+    return OAuthAdapter.fromConfig(globalConfig, provider, {
+      disableRefresh: true,
+      providerId,
+      tokenIssuer
+    });
+  });
+};
+const ALB_JWT_HEADER = "x-amzn-oidc-data";
+const ALB_ACCESSTOKEN_HEADER = "x-amzn-oidc-accesstoken";
+const getJWTHeaders = (input) => {
+  const encoded = input.split(".")[0];
+  return JSON.parse(Buffer.from(encoded, "base64").toString("utf8"));
+};
+class AwsAlbAuthProvider {
+  constructor(options) {
+    this.region = options.region;
+    this.issuer = options.issuer;
+    this.authHandler = options.authHandler;
+    this.signInResolver = options.signInResolver;
+    this.tokenIssuer = options.tokenIssuer;
+    this.catalogIdentityClient = options.catalogIdentityClient;
+    this.logger = options.logger;
+    this.keyCache = new NodeCache__default['default']({stdTTL: 3600});
+  }
+  frameHandler() {
+    return Promise.resolve(void 0);
+  }
+  async refresh(req, res) {
+    try {
+      const result = await this.getResult(req);
+      const response = await this.handleResult(result);
+      res.json(response);
+    } catch (e) {
+      this.logger.error("Exception occurred during AWS ALB token refresh", e);
+      res.status(401);
+      res.end();
+    }
+  }
+  start() {
+    return Promise.resolve(void 0);
+  }
+  async getResult(req) {
+    const jwt = req.header(ALB_JWT_HEADER);
+    const accessToken = req.header(ALB_ACCESSTOKEN_HEADER);
+    if (jwt === void 0) {
+      throw new errors.AuthenticationError(`Missing ALB OIDC header: ${ALB_JWT_HEADER}`);
+    }
+    if (accessToken === void 0) {
+      throw new errors.AuthenticationError(`Missing ALB OIDC header: ${ALB_ACCESSTOKEN_HEADER}`);
+    }
+    try {
+      const headers = getJWTHeaders(jwt);
+      const key = await this.getKey(headers.kid);
+      const claims = jose.JWT.verify(jwt, key);
+      if (this.issuer && claims.iss !== this.issuer) {
+        throw new errors.AuthenticationError("Issuer mismatch on JWT token");
+      }
+      const fullProfile = {
+        provider: "unknown",
+        id: claims.sub,
+        displayName: claims.name,
+        username: claims.email.split("@")[0].toLowerCase(),
+        name: {
+          familyName: claims.family_name,
+          givenName: claims.given_name
+        },
+        emails: [{value: claims.email.toLowerCase()}],
+        photos: [{value: claims.picture}]
+      };
+      return {
+        fullProfile,
+        expiresInSeconds: claims.exp,
+        accessToken
+      };
+    } catch (e) {
+      throw new Error(`Exception occurred during JWT processing: ${e}`);
+    }
+  }
+  async handleResult(result) {
+    const {profile} = await this.authHandler(result);
+    const backstageIdentity = await this.signInResolver({
+      result,
+      profile
+    }, {
+      tokenIssuer: this.tokenIssuer,
+      catalogIdentityClient: this.catalogIdentityClient,
+      logger: this.logger
+    });
+    return {
+      providerInfo: {
+        accessToken: result.accessToken,
+        expiresInSeconds: result.expiresInSeconds
+      },
+      backstageIdentity,
+      profile
+    };
+  }
+  async getKey(keyId) {
+    const optionalCacheKey = this.keyCache.get(keyId);
+    if (optionalCacheKey) {
+      return crypto__namespace.createPublicKey(optionalCacheKey);
+    }
+    const keyText = await fetch__default['default'](`https://public-keys.auth.elb.${this.region}.amazonaws.com/${keyId}`).then((response) => response.text());
+    const keyValue = crypto__namespace.createPublicKey(keyText);
+    this.keyCache.set(keyId, keyValue.export({format: "pem", type: "spki"}));
+    return keyValue;
+  }
+}
+const createAwsAlbProvider = (options) => {
+  return ({config, tokenIssuer, catalogApi, logger}) => {
+    const region = config.getString("region");
+    const issuer = config.getOptionalString("iss");
+    if ((options == null ? void 0 : options.signIn.resolver) === void 0) {
+      throw new Error("SignInResolver is required to use this authentication provider");
+    }
+    const catalogIdentityClient = new CatalogIdentityClient({
+      catalogApi,
+      tokenIssuer
+    });
+    const authHandler = (options == null ? void 0 : options.authHandler) ? options.authHandler : async ({fullProfile}) => ({
+      profile: makeProfileInfo(fullProfile)
+    });
+    const signInResolver = options == null ? void 0 : options.signIn.resolver;
+    return new AwsAlbAuthProvider({
+      region,
+      issuer,
+      signInResolver,
+      authHandler,
+      tokenIssuer,
+      catalogIdentityClient,
+      logger
+    });
+  };
+};
 class OidcAuthProvider {
   constructor(options) {
     this.implementation = this.setupStrategy(options);
@@ -1702,12 +2014,10 @@ class SamlAuthProvider {
         }
       });
     } catch (error) {
+      const {name, message} = errors.isError(error) ? error : new Error("Encountered invalid error");
       return postMessageResponse(res, this.appUrl, {
         type: "authorization_response",
-        error: {
-          name: error.name,
-          message: error.message
-        }
+        error: {name, message}
       });
     }
   }
@@ -1724,9 +2034,12 @@ const createSamlProvider = (_options) => {
       callbackUrl: `${globalConfig.baseUrl}/${providerId}/handler/frame`,
       entryPoint: config.getString("entryPoint"),
       logoutUrl: config.getOptionalString("logoutUrl"),
+      audience: config.getOptionalString("audience"),
       issuer: config.getString("issuer"),
       cert: config.getString("cert"),
       privateCert: config.getOptionalString("privateKey"),
+      authnContext: config.getOptionalStringArray("authnContext"),
+      identifierFormat: config.getOptionalString("identifierFormat"),
       decryptionPvk: config.getOptionalString("decryptionPvk"),
       signatureAlgorithm: config.getOptionalString("signatureAlgorithm"),
       digestAlgorithm: config.getOptionalString("digestAlgorithm"),
@@ -1923,77 +2236,6 @@ const createOneLoginProvider = (_options) => {
   });
 };
-const ALB_JWT_HEADER = "x-amzn-oidc-data";
-const getJWTHeaders = (input) => {
-  const encoded = input.split(".")[0];
-  return JSON.parse(Buffer.from(encoded, "base64").toString("utf8"));
-};
-class AwsAlbAuthProvider {
-  constructor(logger, catalogClient, options) {
-    this.logger = logger;
-    this.catalogClient = catalogClient;
-    this.options = options;
-    this.keyCache = new NodeCache__default['default']({stdTTL: 3600});
-  }
-  frameHandler() {
-    return Promise.resolve(void 0);
-  }
-  async refresh(req, res) {
-    const jwt = req.header(ALB_JWT_HEADER);
-    if (jwt !== void 0) {
-      try {
-        const headers = getJWTHeaders(jwt);
-        const key = await this.getKey(headers.kid);
-        const payload = jose.JWT.verify(jwt, key);
-        if (this.options.issuer && headers.iss !== this.options.issuer) {
-          throw new Error("issuer mismatch on JWT");
-        }
-        const resolvedEntity = await this.options.identityResolutionCallback(payload, this.catalogClient);
-        res.json(resolvedEntity);
-      } catch (e) {
-        this.logger.error("exception occurred during JWT processing", e);
-        res.status(401);
-        res.end();
-      }
-    } else {
-      res.status(401);
-      res.end();
-    }
-  }
-  start() {
-    return Promise.resolve(void 0);
-  }
-  async getKey(keyId) {
-    const optionalCacheKey = this.keyCache.get(keyId);
-    if (optionalCacheKey) {
-      return crypto__namespace.createPublicKey(optionalCacheKey);
-    }
-    const keyText = await fetch__default['default'](`https://public-keys.auth.elb.${this.options.region}.amazonaws.com/${keyId}`).then((response) => response.text());
-    const keyValue = crypto__namespace.createPublicKey(keyText);
-    this.keyCache.set(keyId, keyValue.export({format: "pem", type: "spki"}));
-    return keyValue;
-  }
-}
-const createAwsAlbProvider = (_options) => {
-  return ({
-    logger,
-    catalogApi,
-    config,
-    identityResolver
-  }) => {
-    const region = config.getString("region");
-    const issuer = config.getOptionalString("iss");
-    if (identityResolver !== void 0) {
-      return new AwsAlbAuthProvider(logger, catalogApi, {
-        region,
-        issuer,
-        identityResolutionCallback: identityResolver
-      });
-    }
-    throw new Error("Identity resolver is required to use this authentication provider");
-  };
-};
 const factories = {
   google: createGoogleProvider(),
   github: createGithubProvider(),
@@ -2006,7 +2248,8 @@ const factories = {
   oidc: createOidcProvider(),
   onelogin: createOneLoginProvider(),
   awsalb: createAwsAlbProvider(),
-  bitbucket: createBitbucketProvider()
+  bitbucket: createBitbucketProvider(),
+  atlassian: createAtlassianProvider()
 };
 function createOidcRouter(options) {
@@ -2225,6 +2468,121 @@ class DatabaseKeyStore {
   }
 }
+class MemoryKeyStore {
+  constructor() {
+    this.keys = new Map();
+  }
+  async addKey(key) {
+    this.keys.set(key.kid, {
+      createdAt: luxon.DateTime.utc().toJSDate(),
+      key: JSON.stringify(key)
+    });
+  }
+  async removeKeys(kids) {
+    for (const kid of kids) {
+      this.keys.delete(kid);
+    }
+  }
+  async listKeys() {
+    return {
+      items: Array.from(this.keys).map(([, {createdAt, key: keyStr}]) => ({
+        createdAt,
+        key: JSON.parse(keyStr)
+      }))
+    };
+  }
+}
+const DEFAULT_TIMEOUT_MS = 1e4;
+const DEFAULT_DOCUMENT_PATH = "sessions";
+class FirestoreKeyStore {
+  constructor(database, path, timeout) {
+    this.database = database;
+    this.path = path;
+    this.timeout = timeout;
+  }
+  static async create(settings) {
+    const {path, timeout, ...firestoreSettings} = settings != null ? settings : {};
+    const database = new firestore.Firestore(firestoreSettings);
+    return new FirestoreKeyStore(database, path != null ? path : DEFAULT_DOCUMENT_PATH, timeout != null ? timeout : DEFAULT_TIMEOUT_MS);
+  }
+  static async verifyConnection(keyStore, logger) {
+    try {
+      await keyStore.verify();
+    } catch (error) {
+      if (process.env.NODE_ENV !== "development") {
+        throw new Error(`Failed to connect to database: ${error.message}`);
+      }
+      logger == null ? void 0 : logger.warn(`Failed to connect to database: ${error.message}`);
+    }
+  }
+  async addKey(key) {
+    await this.withTimeout(this.database.collection(this.path).doc(key.kid).set({
+      kid: key.kid,
+      key: JSON.stringify(key)
+    }));
+  }
+  async listKeys() {
+    const keys = await this.withTimeout(this.database.collection(this.path).get());
+    return {
+      items: keys.docs.map((key) => ({
+        key: key.data(),
+        createdAt: key.createTime.toDate()
+      }))
+    };
+  }
+  async removeKeys(kids) {
+    for (const kid of kids) {
+      await this.withTimeout(this.database.collection(this.path).doc(kid).delete());
+    }
+  }
+  async withTimeout(operation) {
+    const timer = new Promise((_, reject) => setTimeout(() => {
+      reject(new Error(`Operation timed out after ${this.timeout}ms`));
+    }, this.timeout));
+    return Promise.race([operation, timer]);
+  }
+  async verify() {
+    await this.withTimeout(this.database.collection(this.path).limit(1).get());
+  }
+}
+class KeyStores {
+  static async fromConfig(config, options) {
+    var _a;
+    const {logger, database} = options != null ? options : {};
+    const ks = config.getOptionalConfig("auth.keyStore");
+    const provider = (_a = ks == null ? void 0 : ks.getOptionalString("provider")) != null ? _a : "database";
+    logger == null ? void 0 : logger.info(`Configuring "${provider}" as KeyStore provider`);
+    if (provider === "database") {
+      if (!database) {
+        throw new Error("This KeyStore provider requires a database");
+      }
+      return await DatabaseKeyStore.create({
+        database: await database.getClient()
+      });
+    }
+    if (provider === "memory") {
+      return new MemoryKeyStore();
+    }
+    if (provider === "firestore") {
+      const settings = ks == null ? void 0 : ks.getConfig(provider);
+      const keyStore = await FirestoreKeyStore.create(lodash.pickBy({
+        projectId: settings == null ? void 0 : settings.getOptionalString("projectId"),
+        keyFilename: settings == null ? void 0 : settings.getOptionalString("keyFilename"),
+        host: settings == null ? void 0 : settings.getOptionalString("host"),
+        port: settings == null ? void 0 : settings.getOptionalNumber("port"),
+        ssl: settings == null ? void 0 : settings.getOptionalBoolean("ssl"),
+        path: settings == null ? void 0 : settings.getOptionalString("path"),
+        timeout: settings == null ? void 0 : settings.getOptionalNumber("timeout")
+      }, (value) => value !== void 0));
+      await FirestoreKeyStore.verifyConnection(keyStore, logger);
+      return keyStore;
+    }
+    throw new Error(`Unknown KeyStore provider: ${provider}`);
+  }
+}
 async function createRouter({
   logger,
   config,
@@ -2235,10 +2593,8 @@ async function createRouter({
   const router = Router__default['default']();
   const appUrl = config.getString("app.baseUrl");
   const authUrl = await discovery.getExternalBaseUrl("auth");
+  const keyStore = await KeyStores.fromConfig(config, {logger, database});
   const keyDurationSeconds = 3600;
-  const keyStore = await DatabaseKeyStore.create({
-    database: await database.getClient()
-  });
   const tokenIssuer = new TokenFactory({
     issuer: authUrl,
     keyStore,
@@ -2289,6 +2645,7 @@ async function createRouter({
         }
         router.use(`/${providerId}`, r);
       } catch (e) {
+        errors.assertError(e);
         if (process.env.NODE_ENV !== "development") {
           throw new Error(`Failed to initialize ${providerId} auth provider, ${e.message}`);
         }
@@ -2332,6 +2689,8 @@ exports.OAuthAdapter = OAuthAdapter;
 exports.OAuthEnvironmentHandler = OAuthEnvironmentHandler;
 exports.bitbucketUserIdSignInResolver = bitbucketUserIdSignInResolver;
 exports.bitbucketUsernameSignInResolver = bitbucketUsernameSignInResolver;
+exports.createAtlassianProvider = createAtlassianProvider;
+exports.createAwsAlbProvider = createAwsAlbProvider;
 exports.createBitbucketProvider = createBitbucketProvider;
 exports.createGithubProvider = createGithubProvider;
 exports.createGitlabProvider = createGitlabProvider;