@backstage/plugin-auth-node 0.2.17 → 0.3.0-next.0

package/dist/index.d.ts

@@ -1,19 +1,14 @@
+import * as _backstage_backend_plugin_api from '@backstage/backend-plugin-api';
+import { LoggerService } from '@backstage/backend-plugin-api';
+import { EntityFilterQuery } from '@backstage/catalog-client';
+import { Entity } from '@backstage/catalog-model';
+import { Config } from '@backstage/config';
+import { JsonValue, JsonObject } from '@backstage/types';
+import express, { Request, Response } from 'express';
+import { BackstageSignInResult as BackstageSignInResult$1, BackstageIdentityResponse as BackstageIdentityResponse$1 } from '@backstage/plugin-auth-node';
 import { PluginEndpointDiscovery } from '@backstage/backend-common';
-import { Request } from 'express';
-
-/**
- * Parses the given authorization header and returns the bearer token, or
- * undefined if no bearer token is given.
- *
- * @remarks
- *
- * This function is explicitly built to tolerate bad inputs safely, so you may
- * call it directly with e.g. the output of `req.header('authorization')`
- * without first checking that it exists.
- *
- * @public
- */
-declare function getBearerTokenFromAuthorizationHeader(authorizationHeader: unknown): string | undefined;
+import { Profile, Strategy } from 'passport';
+import { ZodSchema, ZodTypeDef } from 'zod';
 
 /**
  * A representation of a successful Backstage sign-in.
@@ -29,14 +24,6 @@ interface BackstageSignInResult {
      */
     token: string;
 }
-/**
- * Options to request the identity from a Backstage backend request
- *
- * @public
- */
-type IdentityApiGetIdentityRequest = {
-    request: Request<unknown>;
-};
 /**
  * Response object containing the {@link BackstageUserIdentity} and the token
  * from the authentication provider.
@@ -44,6 +31,10 @@ type IdentityApiGetIdentityRequest = {
  * @public
  */
 interface BackstageIdentityResponse extends BackstageSignInResult {
+    /**
+     * The number of seconds until the token expires. If not set, it can be assumed that the token does not expire.
+     */
+    expiresInSeconds?: number;
     /**
      * A plaintext description of the identity that is encapsulated within the token.
      */
@@ -70,7 +61,331 @@ type BackstageUserIdentity = {
      */
     ownershipEntityRefs: string[];
 };
+/**
+ * A query for a single user in the catalog.
+ *
+ * If `entityRef` is used, the default kind is `'User'`.
+ *
+ * If `annotations` are used, all annotations must be present and
+ * match the provided value exactly. Only entities of kind `'User'` will be considered.
+ *
+ * If `filter` are used they are passed on as they are to the `CatalogApi`.
+ *
+ * Regardless of the query method, the query must match exactly one entity
+ * in the catalog, or an error will be thrown.
+ *
+ * @public
+ */
+type AuthResolverCatalogUserQuery = {
+    entityRef: string | {
+        kind?: string;
+        namespace?: string;
+        name: string;
+    };
+} | {
+    annotations: Record<string, string>;
+} | {
+    filter: EntityFilterQuery;
+};
+/**
+ * Parameters used to issue new Backstage Tokens
+ *
+ * @public
+ */
+type TokenParams = {
+    /**
+     * The claims that will be embedded within the token. At a minimum, this should include
+     * the subject claim, `sub`. It is common to also list entity ownership relations in the
+     * `ent` list. Additional claims may also be added at the developer's discretion except
+     * for the following list, which will be overwritten by the TokenIssuer: `iss`, `aud`,
+     * `iat`, and `exp`. The Backstage team also maintains the right add new claims in the future
+     * without listing the change as a "breaking change".
+     */
+    claims: {
+        /** The token subject, i.e. User ID */
+        sub: string;
+        /** A list of entity references that the user claims ownership through */
+        ent?: string[];
+    } & Record<string, JsonValue>;
+};
+/**
+ * The context that is used for auth processing.
+ *
+ * @public
+ */
+type AuthResolverContext = {
+    /**
+     * Issues a Backstage token using the provided parameters.
+     */
+    issueToken(params: TokenParams): Promise<{
+        token: string;
+    }>;
+    /**
+     * Finds a single user in the catalog using the provided query.
+     *
+     * See {@link AuthResolverCatalogUserQuery} for details.
+     */
+    findCatalogUser(query: AuthResolverCatalogUserQuery): Promise<{
+        entity: Entity;
+    }>;
+    /**
+     * Finds a single user in the catalog using the provided query, and then
+     * issues an identity for that user using default ownership resolution.
+     *
+     * See {@link AuthResolverCatalogUserQuery} for details.
+     */
+    signInWithCatalogUser(query: AuthResolverCatalogUserQuery): Promise<BackstageSignInResult>;
+};
+/**
+ * Any Auth provider needs to implement this interface which handles the routes in the
+ * auth backend. Any auth API requests from the frontend reaches these methods.
+ *
+ * The routes in the auth backend API are tied to these methods like below
+ *
+ * `/auth/[provider]/start -> start`
+ * `/auth/[provider]/handler/frame -> frameHandler`
+ * `/auth/[provider]/refresh -> refresh`
+ * `/auth/[provider]/logout -> logout`
+ *
+ * @public
+ */
+interface AuthProviderRouteHandlers {
+    /**
+     * Handles the start route of the API. This initiates a sign in request with an auth provider.
+     *
+     * Request
+     * - scopes for the auth request (Optional)
+     * Response
+     * - redirect to the auth provider for the user to sign in or consent.
+     * - sets a nonce cookie and also pass the nonce as 'state' query parameter in the redirect request
+     */
+    start(req: Request, res: Response): Promise<void>;
+    /**
+     * Once the user signs in or consents in the OAuth screen, the auth provider redirects to the
+     * callbackURL which is handled by this method.
+     *
+     * Request
+     * - to contain a nonce cookie and a 'state' query parameter
+     * Response
+     * - postMessage to the window with a payload that contains accessToken, expiryInSeconds?, idToken? and scope.
+     * - sets a refresh token cookie if the auth provider supports refresh tokens
+     */
+    frameHandler(req: Request, res: Response): Promise<void>;
+    /**
+     * (Optional) If the auth provider supports refresh tokens then this method handles
+     * requests to get a new access token.
+     *
+     * Other types of providers may also use this method to implement its own logic to create new sessions
+     * upon request. For example, this can be used to create a new session for a provider that handles requests
+     * from an authenticating proxy.
+     *
+     * Request
+     * - to contain a refresh token cookie and scope (Optional) query parameter.
+     * Response
+     * - payload with accessToken, expiryInSeconds?, idToken?, scope and user profile information.
+     */
+    refresh?(req: Request, res: Response): Promise<void>;
+    /**
+     * (Optional) Handles sign out requests
+     *
+     * Response
+     * - removes the refresh token cookie
+     */
+    logout?(req: Request, res: Response): Promise<void>;
+}
+/**
+ * @public
+ * @deprecated Use top-level properties passed to `AuthProviderFactory` instead
+ */
+type AuthProviderConfig = {
+    /**
+     * The protocol://domain[:port] where the app is hosted. This is used to construct the
+     * callbackURL to redirect to once the user signs in to the auth provider.
+     */
+    baseUrl: string;
+    /**
+     * The base URL of the app as provided by app.baseUrl
+     */
+    appUrl: string;
+    /**
+     * A function that is called to check whether an origin is allowed to receive the authentication result.
+     */
+    isOriginAllowed: (origin: string) => boolean;
+    /**
+     * The function used to resolve cookie configuration based on the auth provider options.
+     */
+    cookieConfigurer?: CookieConfigurer;
+};
+/** @public */
+type AuthProviderFactory = (options: {
+    providerId: string;
+    /** @deprecated Use top-level properties instead */
+    globalConfig: AuthProviderConfig;
+    config: Config;
+    logger: LoggerService;
+    resolverContext: AuthResolverContext;
+    /**
+     * The protocol://domain[:port] where the app is hosted. This is used to construct the
+     * callbackURL to redirect to once the user signs in to the auth provider.
+     */
+    baseUrl: string;
+    /**
+     * The base URL of the app as provided by app.baseUrl
+     */
+    appUrl: string;
+    /**
+     * A function that is called to check whether an origin is allowed to receive the authentication result.
+     */
+    isOriginAllowed: (origin: string) => boolean;
+    /**
+     * The function used to resolve cookie configuration based on the auth provider options.
+     */
+    cookieConfigurer?: CookieConfigurer;
+}) => AuthProviderRouteHandlers;
+/** @public */
+type ClientAuthResponse<TProviderInfo> = {
+    providerInfo: TProviderInfo;
+    profile: ProfileInfo;
+    backstageIdentity?: BackstageIdentityResponse;
+};
+/**
+ * Type of sign in information context. Includes the profile information and
+ * authentication result which contains auth related information.
+ *
+ * @public
+ */
+type SignInInfo<TAuthResult> = {
+    /**
+     * The simple profile passed down for use in the frontend.
+     */
+    profile: ProfileInfo;
+    /**
+     * The authentication result that was received from the authentication
+     * provider.
+     */
+    result: TAuthResult;
+};
+/**
+ * Describes the function which handles the result of a successful
+ * authentication. Must return a valid {@link @backstage/plugin-auth-node#BackstageSignInResult}.
+ *
+ * @public
+ */
+type SignInResolver<TAuthResult> = (info: SignInInfo<TAuthResult>, context: AuthResolverContext) => Promise<BackstageSignInResult>;
+/**
+ * Describes the function that transforms the result of a successful
+ * authentication into a {@link ProfileInfo} object.
+ *
+ * This function may optionally throw an error in order to reject authentication.
+ *
+ * @public
+ */
+type ProfileTransform<TResult> = (result: TResult, context: AuthResolverContext) => Promise<{
+    profile: ProfileInfo;
+}>;
+/**
+ * Used to display login information to user, i.e. sidebar popup.
+ *
+ * It is also temporarily used as the profile of the signed-in user's Backstage
+ * identity, but we want to replace that with data from identity and/org catalog
+ * service
+ *
+ * @public
+ */
+type ProfileInfo = {
+    /**
+     * Email ID of the signed in user.
+     */
+    email?: string;
+    /**
+     * Display name that can be presented to the signed in user.
+     */
+    displayName?: string;
+    /**
+     * URL to an image that can be used as the display image or avatar of the
+     * signed in user.
+     */
+    picture?: string;
+};
+/**
+ * The callback used to resolve the cookie configuration for auth providers that use cookies.
+ * @public
+ */
+type CookieConfigurer = (ctx: {
+    /** ID of the auth provider that this configuration applies to */
+    providerId: string;
+    /** The externally reachable base URL of the auth-backend plugin */
+    baseUrl: string;
+    /** The configured callback URL of the auth provider */
+    callbackUrl: string;
+    /** The origin URL of the app */
+    appOrigin: string;
+}) => {
+    domain: string;
+    path: string;
+    secure: boolean;
+    sameSite?: 'none' | 'lax' | 'strict';
+};
+
+/** @public */
+interface AuthProviderRegistrationOptions {
+    providerId: string;
+    factory: AuthProviderFactory;
+}
+/** @public */
+interface AuthProvidersExtensionPoint {
+    registerProvider(options: AuthProviderRegistrationOptions): void;
+}
+/** @public */
+declare const authProvidersExtensionPoint: _backstage_backend_plugin_api.ExtensionPoint<AuthProvidersExtensionPoint>;
 
+/**
+ * Payload sent as a post message after the auth request is complete.
+ * If successful then has a valid payload with Auth information else contains an error.
+ *
+ * @public
+ */
+type WebMessageResponse = {
+    type: 'authorization_response';
+    response: ClientAuthResponse<unknown>;
+} | {
+    type: 'authorization_response';
+    error: Error;
+};
+/** @public */
+declare function sendWebMessageResponse(res: Response, appOrigin: string, response: WebMessageResponse): void;
+
+/**
+ * Parses a Backstage-issued token and decorates the
+ * {@link @backstage/plugin-auth-node#BackstageIdentityResponse} with identity information sourced from the
+ * token.
+ *
+ * @public
+ */
+declare function prepareBackstageIdentityResponse(result: BackstageSignInResult$1): BackstageIdentityResponse$1;
+
+/**
+ * Parses the given authorization header and returns the bearer token, or
+ * undefined if no bearer token is given.
+ *
+ * @remarks
+ *
+ * This function is explicitly built to tolerate bad inputs safely, so you may
+ * call it directly with e.g. the output of `req.header('authorization')`
+ * without first checking that it exists.
+ *
+ * @public
+ */
+declare function getBearerTokenFromAuthorizationHeader(authorizationHeader: unknown): string | undefined;
+
+/**
+ * Options to request the identity from a Backstage backend request
+ *
+ * @public
+ */
+type IdentityApiGetIdentityRequest = {
+    request: Request<unknown>;
+};
 /**
  * An identity client api to authenticate Backstage
  * tokens
@@ -157,4 +472,270 @@ declare class IdentityClient {
     authenticate(token: string | undefined): Promise<BackstageIdentityResponse>;
 }
 
-export { BackstageIdentityResponse, BackstageSignInResult, BackstageUserIdentity, DefaultIdentityClient, IdentityApi, IdentityApiGetIdentityRequest, IdentityClient, IdentityClientOptions, getBearerTokenFromAuthorizationHeader };
+/**
+ * A type for the serialized value in the `state` parameter of the OAuth authorization flow
+ * @public
+ */
+type OAuthState = {
+    nonce: string;
+    env: string;
+    origin?: string;
+    scope?: string;
+    redirectUrl?: string;
+    flow?: string;
+};
+/** @public */
+type OAuthStateTransform = (state: OAuthState, context: {
+    req: Request;
+}) => Promise<{
+    state: OAuthState;
+}>;
+/** @public */
+declare function encodeOAuthState(state: OAuthState): string;
+/** @public */
+declare function decodeOAuthState(encodedState: string): OAuthState;
+
+/** @public */
+interface OAuthSession {
+    accessToken: string;
+    tokenType: string;
+    idToken?: string;
+    scope: string;
+    expiresInSeconds?: number;
+    refreshToken?: string;
+    refreshTokenExpiresInSeconds?: number;
+}
+/** @public */
+interface OAuthAuthenticatorStartInput {
+    scope: string;
+    state: string;
+    req: Request;
+}
+/** @public */
+interface OAuthAuthenticatorAuthenticateInput {
+    req: Request;
+}
+/** @public */
+interface OAuthAuthenticatorRefreshInput {
+    scope: string;
+    refreshToken: string;
+    req: Request;
+}
+/** @public */
+interface OAuthAuthenticatorLogoutInput {
+    accessToken?: string;
+    refreshToken?: string;
+    req: Request;
+}
+/** @public */
+interface OAuthAuthenticatorResult<TProfile> {
+    fullProfile: TProfile;
+    session: OAuthSession;
+}
+/** @public */
+interface OAuthAuthenticator<TContext, TProfile> {
+    defaultProfileTransform: ProfileTransform<OAuthAuthenticatorResult<TProfile>>;
+    shouldPersistScopes?: boolean;
+    initialize(ctx: {
+        callbackUrl: string;
+        config: Config;
+    }): TContext;
+    start(input: OAuthAuthenticatorStartInput, ctx: TContext): Promise<{
+        url: string;
+        status?: number;
+    }>;
+    authenticate(input: OAuthAuthenticatorAuthenticateInput, ctx: TContext): Promise<OAuthAuthenticatorResult<TProfile>>;
+    refresh(input: OAuthAuthenticatorRefreshInput, ctx: TContext): Promise<OAuthAuthenticatorResult<TProfile>>;
+    logout?(input: OAuthAuthenticatorLogoutInput, ctx: TContext): Promise<void>;
+}
+/** @public */
+declare function createOAuthAuthenticator<TContext, TProfile>(authenticator: OAuthAuthenticator<TContext, TProfile>): OAuthAuthenticator<TContext, TProfile>;
+
+/** @public */
+interface OAuthRouteHandlersOptions<TProfile> {
+    authenticator: OAuthAuthenticator<any, TProfile>;
+    appUrl: string;
+    baseUrl: string;
+    isOriginAllowed: (origin: string) => boolean;
+    providerId: string;
+    config: Config;
+    resolverContext: AuthResolverContext;
+    stateTransform?: OAuthStateTransform;
+    profileTransform?: ProfileTransform<OAuthAuthenticatorResult<TProfile>>;
+    cookieConfigurer?: CookieConfigurer;
+    signInResolver?: SignInResolver<OAuthAuthenticatorResult<TProfile>>;
+}
+/** @public */
+declare function createOAuthRouteHandlers<TProfile>(options: OAuthRouteHandlersOptions<TProfile>): AuthProviderRouteHandlers;
+
+/** @public */
+type PassportProfile = Profile & {
+    avatarUrl?: string;
+};
+/** @public */
+type PassportDoneCallback<TResult, TPrivateInfo = never> = (err?: Error, result?: TResult, privateInfo?: TPrivateInfo) => void;
+
+/** @public */
+declare class PassportHelpers {
+    private constructor();
+    static transformProfile: (profile: PassportProfile, idToken?: string) => ProfileInfo;
+    static executeRedirectStrategy(req: Request, providerStrategy: Strategy, options: Record<string, string>): Promise<{
+        /**
+         * URL to redirect to
+         */
+        url: string;
+        /**
+         * Status code to use for the redirect
+         */
+        status?: number;
+    }>;
+    static executeFrameHandlerStrategy<TResult, TPrivateInfo = never>(req: Request, providerStrategy: Strategy, options?: Record<string, string>): Promise<{
+        result: TResult;
+        privateInfo: TPrivateInfo;
+    }>;
+    static executeRefreshTokenStrategy(providerStrategy: Strategy, refreshToken: string, scope: string): Promise<{
+        /**
+         * An access token issued for the signed in user.
+         */
+        accessToken: string;
+        /**
+         * Optionally, the server can issue a new Refresh Token for the user
+         */
+        refreshToken?: string;
+        params: any;
+    }>;
+    static executeFetchUserProfileStrategy(providerStrategy: Strategy, accessToken: string): Promise<PassportProfile>;
+}
+
+/** @public */
+type PassportOAuthResult = {
+    fullProfile: PassportProfile;
+    params: {
+        id_token?: string;
+        scope: string;
+        token_type?: string;
+        expires_in: number;
+    };
+    accessToken: string;
+};
+/** @public */
+type PassportOAuthPrivateInfo = {
+    refreshToken?: string;
+};
+/** @public */
+type PassportOAuthDoneCallback = PassportDoneCallback<PassportOAuthResult, PassportOAuthPrivateInfo>;
+/** @public */
+declare class PassportOAuthAuthenticatorHelper {
+    #private;
+    static defaultProfileTransform: ProfileTransform<OAuthAuthenticatorResult<PassportProfile>>;
+    static from(strategy: Strategy): PassportOAuthAuthenticatorHelper;
+    private constructor();
+    start(input: OAuthAuthenticatorStartInput, options: Record<string, string>): Promise<{
+        url: string;
+        status?: number;
+    }>;
+    authenticate(input: OAuthAuthenticatorAuthenticateInput): Promise<OAuthAuthenticatorResult<PassportProfile>>;
+    refresh(input: OAuthAuthenticatorRefreshInput): Promise<OAuthAuthenticatorResult<PassportProfile>>;
+    fetchProfile(accessToken: string): Promise<PassportProfile>;
+}
+
+/** @public */
+declare class OAuthEnvironmentHandler implements AuthProviderRouteHandlers {
+    private readonly handlers;
+    static mapConfig(config: Config, factoryFunc: (envConfig: Config) => AuthProviderRouteHandlers): OAuthEnvironmentHandler;
+    constructor(handlers: Map<string, AuthProviderRouteHandlers>);
+    start(req: express.Request, res: express.Response): Promise<void>;
+    frameHandler(req: express.Request, res: express.Response): Promise<void>;
+    refresh(req: express.Request, res: express.Response): Promise<void>;
+    logout(req: express.Request, res: express.Response): Promise<void>;
+    private getEnvFromRequest;
+    private getProviderForEnv;
+}
+
+/** @public */
+interface SignInResolverFactory<TAuthResult, TOptions> {
+    (...options: undefined extends TOptions ? [options?: TOptions] : [options: TOptions]): SignInResolver<TAuthResult>;
+    optionsJsonSchema?: JsonObject;
+}
+/** @public */
+interface SignInResolverFactoryOptions<TAuthResult, TOptionsOutput, TOptionsInput> {
+    optionsSchema?: ZodSchema<TOptionsOutput, ZodTypeDef, TOptionsInput>;
+    create(options: TOptionsOutput): SignInResolver<TAuthResult>;
+}
+/** @public */
+declare function createSignInResolverFactory<TAuthResult, TOptionsOutput, TOptionsInput>(options: SignInResolverFactoryOptions<TAuthResult, TOptionsOutput, TOptionsInput>): SignInResolverFactory<TAuthResult, TOptionsInput>;
+
+/** @public */
+declare function createOAuthProviderFactory<TProfile>(options: {
+    authenticator: OAuthAuthenticator<unknown, TProfile>;
+    stateTransform?: OAuthStateTransform;
+    profileTransform?: ProfileTransform<OAuthAuthenticatorResult<TProfile>>;
+    signInResolver?: SignInResolver<OAuthAuthenticatorResult<TProfile>>;
+    signInResolverFactories?: {
+        [name in string]: SignInResolverFactory<OAuthAuthenticatorResult<TProfile>, unknown>;
+    };
+}): AuthProviderFactory;
+
+/** @public */
+interface ProxyAuthenticator<TContext, TResult> {
+    defaultProfileTransform: ProfileTransform<TResult>;
+    initialize(ctx: {
+        config: Config;
+    }): Promise<TContext>;
+    authenticate(options: {
+        req: Request;
+    }, ctx: TContext): Promise<{
+        result: TResult;
+    }>;
+}
+/** @public */
+declare function createProxyAuthenticator<TContext, TResult>(authenticator: ProxyAuthenticator<TContext, TResult>): ProxyAuthenticator<TContext, TResult>;
+
+/** @public */
+interface ReadDeclarativeSignInResolverOptions<TAuthResult> {
+    config: Config;
+    signInResolverFactories: {
+        [name in string]: SignInResolverFactory<TAuthResult, unknown>;
+    };
+}
+/** @public */
+declare function readDeclarativeSignInResolver<TAuthResult>(options: ReadDeclarativeSignInResolverOptions<TAuthResult>): SignInResolver<TAuthResult> | undefined;
+
+/**
+ * A collection of common sign-in resolvers that work with any auth provider.
+ *
+ * @public
+ */
+declare namespace commonSignInResolvers {
+    /**
+     * A common sign-in resolver that looks up the user using their email address
+     * as email of the entity.
+     */
+    const emailMatchingUserEntityProfileEmail: SignInResolverFactory<unknown, unknown>;
+    /**
+     * A common sign-in resolver that looks up the user using the local part of
+     * their email address as the entity name.
+     */
+    const emailLocalPartMatchingUserEntityName: SignInResolverFactory<unknown, unknown>;
+}
+
+/** @public */
+declare function createProxyAuthProviderFactory<TResult>(options: {
+    authenticator: ProxyAuthenticator<unknown, TResult>;
+    profileTransform?: ProfileTransform<TResult>;
+    signInResolver?: SignInResolver<TResult>;
+    signInResolverFactories?: Record<string, SignInResolverFactory<TResult, unknown>>;
+}): AuthProviderFactory;
+
+/** @public */
+interface ProxyAuthRouteHandlersOptions<TResult> {
+    authenticator: ProxyAuthenticator<any, TResult>;
+    config: Config;
+    resolverContext: AuthResolverContext;
+    signInResolver: SignInResolver<TResult>;
+    profileTransform?: ProfileTransform<TResult>;
+}
+/** @public */
+declare function createProxyAuthRouteHandlers<TResult>(options: ProxyAuthRouteHandlersOptions<TResult>): AuthProviderRouteHandlers;
+
+export { AuthProviderConfig, AuthProviderFactory, AuthProviderRegistrationOptions, AuthProviderRouteHandlers, AuthProvidersExtensionPoint, AuthResolverCatalogUserQuery, AuthResolverContext, BackstageIdentityResponse, BackstageSignInResult, BackstageUserIdentity, ClientAuthResponse, CookieConfigurer, DefaultIdentityClient, IdentityApi, IdentityApiGetIdentityRequest, IdentityClient, IdentityClientOptions, OAuthAuthenticator, OAuthAuthenticatorAuthenticateInput, OAuthAuthenticatorLogoutInput, OAuthAuthenticatorRefreshInput, OAuthAuthenticatorResult, OAuthAuthenticatorStartInput, OAuthEnvironmentHandler, OAuthRouteHandlersOptions, OAuthSession, OAuthState, OAuthStateTransform, PassportDoneCallback, PassportHelpers, PassportOAuthAuthenticatorHelper, PassportOAuthDoneCallback, PassportOAuthPrivateInfo, PassportOAuthResult, PassportProfile, ProfileInfo, ProfileTransform, ProxyAuthRouteHandlersOptions, ProxyAuthenticator, ReadDeclarativeSignInResolverOptions, SignInInfo, SignInResolver, SignInResolverFactory, SignInResolverFactoryOptions, TokenParams, WebMessageResponse, authProvidersExtensionPoint, commonSignInResolvers, createOAuthAuthenticator, createOAuthProviderFactory, createOAuthRouteHandlers, createProxyAuthProviderFactory, createProxyAuthRouteHandlers, createProxyAuthenticator, createSignInResolverFactory, decodeOAuthState, encodeOAuthState, getBearerTokenFromAuthorizationHeader, prepareBackstageIdentityResponse, readDeclarativeSignInResolver, sendWebMessageResponse };

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@backstage/plugin-auth-node",
-  "version": "0.2.17",
+  "version": "0.3.0-next.0",
   "main": "dist/index.cjs.js",
   "types": "dist/index.d.ts",
   "license": "Apache-2.0",
@@ -28,20 +28,32 @@
     "start": "backstage-cli package start"
   },
   "dependencies": {
-    "@backstage/backend-common": "^0.19.2",
+    "@backstage/backend-common": "^0.19.4-next.0",
+    "@backstage/backend-plugin-api": "^0.6.2-next.0",
+    "@backstage/catalog-client": "^1.4.3",
+    "@backstage/catalog-model": "^1.4.1",
     "@backstage/config": "^1.0.8",
     "@backstage/errors": "^1.2.1",
+    "@backstage/types": "^1.1.0",
     "@types/express": "*",
+    "@types/passport": "^1.0.3",
     "express": "^4.17.1",
     "jose": "^4.6.0",
+    "lodash": "^4.17.21",
     "node-fetch": "^2.6.7",
-    "winston": "^3.2.1"
+    "passport": "^0.6.0",
+    "winston": "^3.2.1",
+    "zod": "^3.21.4",
+    "zod-to-json-schema": "^3.21.4"
   },
   "devDependencies": {
-    "@backstage/backend-test-utils": "^0.2.0",
-    "@backstage/cli": "^0.22.10",
+    "@backstage/backend-test-utils": "^0.2.2-next.0",
+    "@backstage/cli": "^0.22.12-next.0",
+    "cookie-parser": "^1.4.6",
+    "express-promise-router": "^4.1.1",
     "lodash": "^4.17.21",
     "msw": "^1.0.0",
+    "supertest": "^6.1.3",
     "uuid": "^8.0.0"
   },
   "files": [