UNPKG

@backstage/backend-defaults

Version:

Backend defaults used by Backstage backend apps

backstage.io

backstage/backstage

55 lines (51 loc) 1.82 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
'use strict'; var errors = require('@backstage/errors'); var jose = require('jose'); var helpers = require('../auth/helpers.cjs.js'); class DefaultUserInfoService { discovery; constructor(options) { this.discovery = options.discovery; } async getUserInfo(credentials) { const internalCredentials = helpers.toInternalBackstageCredentials(credentials); if (internalCredentials.principal.type !== "user") { throw new Error("Only user credentials are supported"); } if (!internalCredentials.token) { throw new Error("User credentials is unexpectedly missing token"); } const { sub: userEntityRef, ent: tokenEnt } = jose.decodeJwt( internalCredentials.token ); if (typeof userEntityRef !== "string") { throw new Error("User entity ref must be a string"); } let ownershipEntityRefs = tokenEnt; if (!ownershipEntityRefs) { const userInfoResp = await fetch( `${await this.discovery.getBaseUrl("auth")}/v1/userinfo`, { headers: { Authorization: `Bearer ${internalCredentials.token}` } } ); if (!userInfoResp.ok) { throw await errors.ResponseError.fromResponse(userInfoResp); } const { claims: { ent } } = await userInfoResp.json(); ownershipEntityRefs = ent; } if (!ownershipEntityRefs) { throw new Error("Ownership entity refs can not be determined"); } else if (!Array.isArray(ownershipEntityRefs) || ownershipEntityRefs.some((ref) => typeof ref !== "string")) { throw new Error("Ownership entity refs must be an array of strings"); } return { userEntityRef, ownershipEntityRefs }; } } exports.DefaultUserInfoService = DefaultUserInfoService; //# sourceMappingURL=DefaultUserInfoService.cjs.js.map