initial removal of all exports

Signed-off-by: Fredrik Adelöw <freben@gmail.com>

.changeset/new-hands-scream.md

@@ -0,0 +1,7 @@
+---
+'@backstage/plugin-auth-backend': major
+---
+
+**BREAKING**: Removed support for the old backend system, and removed all deprecated exports.
+
+If you were using one of the deprecated imports from this package, you will have to follow the instructions in their respective deprecation notices before upgrading. Most of the general utilities are available from `@backstage/plugin-auth-node`, and the specific auth providers are available from dedicated packages such as for example `@backstage/plugin-auth-backend-module-github-provider`. See [the auth docs](https://backstage.io/docs/auth/) for specific instructions.

packages/backend-legacy/package.json

@@ -35,7 +35,6 @@
     "@backstage/catalog-model": "workspace:^",
     "@backstage/config": "workspace:^",
     "@backstage/integration": "workspace:^",
-    "@backstage/plugin-auth-backend": "workspace:^",
     "@backstage/plugin-auth-node": "workspace:^",
     "@backstage/plugin-catalog-backend": "workspace:^",
     "@backstage/plugin-catalog-backend-module-scaffolder-entity-model": "workspace:^",

packages/backend-legacy/src/index.ts

@@ -38,7 +38,6 @@ import {
 import { Config } from '@backstage/config';
 import healthcheck from './plugins/healthcheck';
 import { metricsHandler, metricsInit } from './metrics';
-import authPlugin from './plugins/auth';
 import catalog from './plugins/catalog';
 import events from './plugins/events';
 import kubernetes from './plugins/kubernetes';
@@ -125,7 +124,6 @@ async function main() {
   const healthcheckEnv = useHotMemoize(module, () => createEnv('healthcheck'));
   const catalogEnv = useHotMemoize(module, () => createEnv('catalog'));
   const scaffolderEnv = useHotMemoize(module, () => createEnv('scaffolder'));
-  const authEnv = useHotMemoize(module, () => createEnv('auth'));
   const kubernetesEnv = useHotMemoize(module, () => createEnv('kubernetes'));
   const permissionEnv = useHotMemoize(module, () => createEnv('permission'));
   const eventsEnv = useHotMemoize(module, () => createEnv('events'));
@@ -134,7 +132,6 @@ async function main() {
   apiRouter.use('/catalog', await catalog(catalogEnv));
   apiRouter.use('/events', await events(eventsEnv));
   apiRouter.use('/scaffolder', await scaffolder(scaffolderEnv));
-  apiRouter.use('/auth', await authPlugin(authEnv));
   apiRouter.use('/kubernetes', await kubernetes(kubernetesEnv));
   apiRouter.use('/permission', await permission(permissionEnv));
   apiRouter.use(notFoundHandler());

packages/backend-legacy/src/plugins/auth.ts

@@ -1,146 +0,0 @@
-/*
- * Copyright 2020 The Backstage Authors
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-import {
-  DEFAULT_NAMESPACE,
-  stringifyEntityRef,
-} from '@backstage/catalog-model';
-import {
-  createRouter,
-  providers,
-  defaultAuthProviderFactories,
-} from '@backstage/plugin-auth-backend';
-import { Router } from 'express';
-import { PluginEnvironment } from '../types';
-
-export default async function createPlugin(
-  env: PluginEnvironment,
-): Promise<Router> {
-  return await createRouter({
-    logger: env.logger,
-    config: env.config,
-    database: env.database,
-    discovery: env.discovery,
-    tokenManager: env.tokenManager,
-    providerFactories: {
-      ...defaultAuthProviderFactories,
-
-      // NOTE: DO NOT add this many resolvers in your own instance!
-      //       It is important that each real user always gets resolved to
-      //       the same sign-in identity. The code below will not do that.
-      //       It is here for demo purposes only.
-      github: providers.github.create({
-        signIn: {
-          async resolver({ result: { fullProfile } }, ctx) {
-            const userId = fullProfile.username;
-            if (!userId) {
-              throw new Error(
-                `GitHub user profile does not contain a username`,
-              );
-            }
-
-            const userEntityRef = stringifyEntityRef({
-              kind: 'User',
-              name: userId,
-              namespace: DEFAULT_NAMESPACE,
-            });
-
-            return ctx.issueToken({
-              claims: {
-                sub: userEntityRef,
-                ent: [userEntityRef],
-              },
-            });
-          },
-        },
-      }),
-      gitlab: providers.gitlab.create({
-        signIn: {
-          async resolver({ result: { fullProfile } }, ctx) {
-            return ctx.signInWithCatalogUser({
-              entityRef: {
-                name: fullProfile.id,
-              },
-            });
-          },
-        },
-      }),
-      microsoft: providers.microsoft.create({
-        signIn: {
-          resolver:
-            providers.microsoft.resolvers.emailMatchingUserEntityAnnotation(),
-        },
-      }),
-      google: providers.google.create({
-        signIn: {
-          resolver:
-            providers.google.resolvers.emailLocalPartMatchingUserEntityName(),
-        },
-      }),
-      okta: providers.okta.create({
-        signIn: {
-          resolver:
-            providers.okta.resolvers.emailMatchingUserEntityAnnotation(),
-        },
-      }),
-      bitbucket: providers.bitbucket.create({
-        signIn: {
-          resolver:
-            providers.bitbucket.resolvers.usernameMatchingUserEntityAnnotation(),
-        },
-      }),
-      onelogin: providers.onelogin.create({
-        signIn: {
-          async resolver({ result: { fullProfile } }, ctx) {
-            return ctx.signInWithCatalogUser({
-              entityRef: {
-                name: fullProfile.id,
-              },
-            });
-          },
-        },
-      }),
-
-      bitbucketServer: providers.bitbucketServer.create({
-        signIn: {
-          resolver:
-            providers.bitbucketServer.resolvers.emailMatchingUserEntityProfileEmail(),
-        },
-      }),
-
-      // This is an example of how to configure the OAuth2Proxy provider as well
-      // as how to sign a user in without a matching user entity in the catalog.
-      // You can try it out using `<ProxiedSignInPage {...props} provider="myproxy" />`
-      myproxy: providers.oauth2Proxy.create({
-        signIn: {
-          async resolver({ result }, ctx) {
-            const entityRef = stringifyEntityRef({
-              kind: 'user',
-              namespace: DEFAULT_NAMESPACE,
-              name: result.getHeader('x-forwarded-user')!,
-            });
-            return ctx.issueToken({
-              claims: {
-                sub: entityRef,
-                ent: [entityRef],
-              },
-            });
-          },
-        },
-      }),
-    },
-  });
-}

plugins/auth-backend/report.api.md

@@ -3,675 +3,9 @@
 > Do not edit this file. It is a report generated by [API Extractor](https://api-extractor.com/).
 
 ```ts
-import { AuthOwnershipResolver } from '@backstage/plugin-auth-node';
-import { AuthProviderConfig as AuthProviderConfig_2 } from '@backstage/plugin-auth-node';
-import { AuthProviderFactory as AuthProviderFactory_2 } from '@backstage/plugin-auth-node';
-import { AuthProviderRouteHandlers as AuthProviderRouteHandlers_2 } from '@backstage/plugin-auth-node';
-import { AuthResolverCatalogUserQuery as AuthResolverCatalogUserQuery_2 } from '@backstage/plugin-auth-node';
-import { AuthResolverContext as AuthResolverContext_2 } from '@backstage/plugin-auth-node';
-import { AuthService } from '@backstage/backend-plugin-api';
-import { AwsAlbResult as AwsAlbResult_2 } from '@backstage/plugin-auth-backend-module-aws-alb-provider';
-import { AzureEasyAuthResult } from '@backstage/plugin-auth-backend-module-azure-easyauth-provider';
 import { BackendFeature } from '@backstage/backend-plugin-api';
-import { BackstageSignInResult } from '@backstage/plugin-auth-node';
-import { CacheService } from '@backstage/backend-plugin-api';
-import { CatalogApi } from '@backstage/catalog-client';
-import { ClientAuthResponse } from '@backstage/plugin-auth-node';
-import { cloudflareAccessSignInResolvers } from '@backstage/plugin-auth-backend-module-cloudflare-access-provider';
-import { Config } from '@backstage/config';
-import { CookieConfigurer as CookieConfigurer_2 } from '@backstage/plugin-auth-node';
-import { DatabaseService } from '@backstage/backend-plugin-api';
-import { decodeOAuthState } from '@backstage/plugin-auth-node';
-import { DiscoveryService } from '@backstage/backend-plugin-api';
-import { encodeOAuthState } from '@backstage/plugin-auth-node';
-import { Entity } from '@backstage/catalog-model';
-import express from 'express';
-import { GcpIapResult as GcpIapResult_2 } from '@backstage/plugin-auth-backend-module-gcp-iap-provider';
-import { GcpIapTokenInfo as GcpIapTokenInfo_2 } from '@backstage/plugin-auth-backend-module-gcp-iap-provider';
-import { HttpAuthService } from '@backstage/backend-plugin-api';
-import { LoggerService } from '@backstage/backend-plugin-api';
-import { OAuth2ProxyResult as OAuth2ProxyResult_2 } from '@backstage/plugin-auth-backend-module-oauth2-proxy-provider';
-import { OAuthEnvironmentHandler as OAuthEnvironmentHandler_2 } from '@backstage/plugin-auth-node';
-import { OAuthState as OAuthState_2 } from '@backstage/plugin-auth-node';
-import { OidcAuthResult as OidcAuthResult_2 } from '@backstage/plugin-auth-backend-module-oidc-provider';
-import { prepareBackstageIdentityResponse as prepareBackstageIdentityResponse_2 } from '@backstage/plugin-auth-node';
-import { Profile } from 'passport';
-import { ProfileInfo as ProfileInfo_2 } from '@backstage/plugin-auth-node';
-import { RootConfigService } from '@backstage/backend-plugin-api';
-import { SignInInfo as SignInInfo_2 } from '@backstage/plugin-auth-node';
-import { SignInResolver as SignInResolver_2 } from '@backstage/plugin-auth-node';
-import { TokenManager } from '@backstage/backend-common';
-import { TokenParams as TokenParams_2 } from '@backstage/plugin-auth-node';
-import { UserEntity } from '@backstage/catalog-model';
-import { WebMessageResponse as WebMessageResponse_2 } from '@backstage/plugin-auth-node';
-
-// @public @deprecated
-export type AuthHandler<TAuthResult> = (
-  input: TAuthResult,
-  context: AuthResolverContext_2,
-) => Promise<AuthHandlerResult>;
-
-// @public @deprecated
-export type AuthHandlerResult = {
-  profile: ProfileInfo_2;
-};
 
 // @public
 const authPlugin: BackendFeature;
 export default authPlugin;
-
-// @public @deprecated (undocumented)
-export type AuthProviderConfig = AuthProviderConfig_2;
-
-// @public @deprecated (undocumented)
-export type AuthProviderFactory = AuthProviderFactory_2;
-
-// @public @deprecated (undocumented)
-export type AuthProviderRouteHandlers = AuthProviderRouteHandlers_2;
-
-// @public @deprecated (undocumented)
-export type AuthResolverCatalogUserQuery = AuthResolverCatalogUserQuery_2;
-
-// @public @deprecated (undocumented)
-export type AuthResolverContext = AuthResolverContext_2;
-
-// @public @deprecated (undocumented)
-export type AuthResponse<TProviderInfo> = ClientAuthResponse<TProviderInfo>;
-
-// @public @deprecated
-export type AwsAlbResult = AwsAlbResult_2;
-
-// @public @deprecated (undocumented)
-export type BitbucketOAuthResult = {
-  fullProfile: BitbucketPassportProfile;
-  params: {
-    id_token?: string;
-    scope: string;
-    expires_in: number;
-  };
-  accessToken: string;
-  refreshToken?: string;
-};
-
-// @public @deprecated (undocumented)
-export type BitbucketPassportProfile = Profile & {
-  id?: string;
-  displayName?: string;
-  username?: string;
-  avatarUrl?: string;
-  _json?: {
-    links?: {
-      avatar?: {
-        href?: string;
-      };
-    };
-  };
-};
-
-// @public @deprecated (undocumented)
-export type BitbucketServerOAuthResult = {
-  fullProfile: Profile;
-  params: {
-    scope: string;
-    access_token?: string;
-    token_type?: string;
-    expires_in?: number;
-  };
-  accessToken: string;
-  refreshToken?: string;
-};
-
-// @public @deprecated
-export class CatalogIdentityClient {
-  constructor(options: {
-    catalogApi: CatalogApi;
-    tokenManager?: TokenManager;
-    discovery: DiscoveryService;
-    auth?: AuthService;
-    httpAuth?: HttpAuthService;
-  });
-  findUser(query: { annotations: Record<string, string> }): Promise<UserEntity>;
-  resolveCatalogMembership(query: {
-    entityRefs: string[];
-    logger?: LoggerService;
-  }): Promise<string[]>;
-}
-
-// @public @deprecated
-export type CloudflareAccessClaims = {
-  aud: string[];
-  email: string;
-  exp: number;
-  iat: number;
-  nonce: string;
-  identity_nonce: string;
-  sub: string;
-  iss: string;
-  custom: string;
-};
-
-// @public @deprecated
-export type CloudflareAccessGroup = {
-  id: string;
-  name: string;
-  email: string;
-};
-
-// @public @deprecated
-export type CloudflareAccessIdentityProfile = {
-  id: string;
-  name: string;
-  email: string;
-  groups: CloudflareAccessGroup[];
-};
-
-// @public @deprecated (undocumented)
-export type CloudflareAccessResult = {
-  claims: CloudflareAccessClaims;
-  cfIdentity: CloudflareAccessIdentityProfile;
-  expiresInSeconds?: number;
-  token: string;
-};
-
-// @public @deprecated (undocumented)
-export type CookieConfigurer = CookieConfigurer_2;
-
-// @public @deprecated
-export function createAuthProviderIntegration<
-  TCreateOptions extends unknown[],
-  TResolvers extends {
-    [name in string]: (...args: any[]) => SignInResolver_2<any>;
-  },
->(config: {
-  create: (...args: TCreateOptions) => AuthProviderFactory_2;
-  resolvers?: TResolvers;
-}): Readonly<{
-  create: (...args: TCreateOptions) => AuthProviderFactory_2;
-  resolvers: Readonly<string extends keyof TResolvers ? never : TResolvers>;
-}>;
-
-// @public @deprecated (undocumented)
-export function createOriginFilter(config: Config): (origin: string) => boolean;
-
-// @public @deprecated (undocumented)
-export function createRouter(options: RouterOptions): Promise<express.Router>;
-
-// @public @deprecated
-export const defaultAuthProviderFactories: {
-  [providerId: string]: AuthProviderFactory_2;
-};
-
-// @public @deprecated (undocumented)
-export type EasyAuthResult = AzureEasyAuthResult;
-
-// @public @deprecated (undocumented)
-export const encodeState: typeof encodeOAuthState;
-
-// @public @deprecated (undocumented)
-export const ensuresXRequestedWith: (req: express.Request) => boolean;
-
-// @public @deprecated
-export type GcpIapResult = GcpIapResult_2;
-
-// @public @deprecated
-export type GcpIapTokenInfo = GcpIapTokenInfo_2;
-
-// @public @deprecated
-export function getDefaultOwnershipEntityRefs(entity: Entity): string[];
-
-// @public @deprecated (undocumented)
-export type GithubOAuthResult = {
-  fullProfile: Profile;
-  params: {
-    scope: string;
-    expires_in?: string;
-    refresh_token_expires_in?: string;
-  };
-  accessToken: string;
-  refreshToken?: string;
-};
-
-// @public @deprecated (undocumented)
-export type OAuth2ProxyResult = OAuth2ProxyResult_2;
-
-// @public @deprecated (undocumented)
-export class OAuthAdapter implements AuthProviderRouteHandlers_2 {
-  constructor(handlers: OAuthHandlers, options: OAuthAdapterOptions);
-  // (undocumented)
-  frameHandler(req: express.Request, res: express.Response): Promise<void>;
-  // (undocumented)
-  static fromConfig(
-    config: AuthProviderConfig_2,
-    handlers: OAuthHandlers,
-    options: Pick<
-      OAuthAdapterOptions,
-      'providerId' | 'persistScopes' | 'callbackUrl'
-    >,
-  ): OAuthAdapter;
-  // (undocumented)
-  logout(req: express.Request, res: express.Response): Promise<void>;
-  // (undocumented)
-  refresh(req: express.Request, res: express.Response): Promise<void>;
-  // (undocumented)
-  start(req: express.Request, res: express.Response): Promise<void>;
-}
-
-// @public @deprecated (undocumented)
-export type OAuthAdapterOptions = {
-  providerId: string;
-  persistScopes?: boolean;
-  appOrigin: string;
-  baseUrl: string;
-  cookieConfigurer: CookieConfigurer_2;
-  isOriginAllowed: (origin: string) => boolean;
-  callbackUrl: string;
-};
-
-// @public @deprecated (undocumented)
-export const OAuthEnvironmentHandler: typeof OAuthEnvironmentHandler_2;
-
-// @public @deprecated (undocumented)
-export interface OAuthHandlers {
-  handler(req: express.Request): Promise<{
-    response: OAuthResponse;
-    refreshToken?: string;
-  }>;
-  logout?(req: OAuthLogoutRequest): Promise<void>;
-  refresh?(req: OAuthRefreshRequest): Promise<{
-    response: OAuthResponse;
-    refreshToken?: string;
-  }>;
-  start(req: OAuthStartRequest): Promise<OAuthStartResponse>;
-}
-
-// @public @deprecated (undocumented)
-export type OAuthLogoutRequest = express.Request<{}> & {
-  refreshToken: string;
-};
-
-// @public @deprecated (undocumented)
-export type OAuthProviderInfo = {
-  accessToken: string;
-  idToken?: string;
-  expiresInSeconds?: number;
-  scope: string;
-};
-
-// @public @deprecated
-export type OAuthProviderOptions = {
-  clientId: string;
-  clientSecret: string;
-  callbackUrl: string;
-};
-
-// @public @deprecated (undocumented)
-export type OAuthRefreshRequest = express.Request<{}> & {
-  scope: string;
-  refreshToken: string;
-};
-
-// @public @deprecated (undocumented)
-export type OAuthResponse = {
-  profile: ProfileInfo_2;
-  providerInfo: OAuthProviderInfo;
-  backstageIdentity?: BackstageSignInResult;
-};
-
-// @public @deprecated (undocumented)
-export type OAuthResult = {
-  fullProfile: Profile;
-  params: {
-    id_token?: string;
-    scope: string;
-    token_type?: string;
-    expires_in: number;
-  };
-  accessToken: string;
-  refreshToken?: string;
-};
-
-// @public @deprecated (undocumented)
-export type OAuthStartRequest = express.Request<{}> & {
-  scope: string;
-  state: OAuthState;
-};
-
-// @public @deprecated (undocumented)
-export type OAuthStartResponse = {
-  url: string;
-  status?: number;
-};
-
-// @public @deprecated (undocumented)
-export type OAuthState = OAuthState_2;
-
-// @public @deprecated (undocumented)
-export type OidcAuthResult = OidcAuthResult_2;
-
-// @public @deprecated (undocumented)
-export const postMessageResponse: (
-  res: express.Response,
-  appOrigin: string,
-  response: WebMessageResponse,
-) => void;
-
-// @public @deprecated (undocumented)
-export const prepareBackstageIdentityResponse: typeof prepareBackstageIdentityResponse_2;
-
-// @public @deprecated (undocumented)
-export type ProfileInfo = ProfileInfo_2;
-
-// @public @deprecated (undocumented)
-export type ProviderFactories = {
-  [s: string]: AuthProviderFactory_2;
-};
-
-// @public @deprecated
-export const providers: Readonly<{
-  atlassian: Readonly<{
-    create: (
-      options?:
-        | {
-            authHandler?: AuthHandler<OAuthResult>;
-            signIn?: {
-              resolver: SignInResolver_2<OAuthResult>;
-            };
-          }
-        | undefined,
-    ) => AuthProviderFactory_2;
-    resolvers: never;
-  }>;
-  auth0: Readonly<{
-    create: (
-      options?:
-        | {
-            authHandler?: AuthHandler<OAuthResult>;
-            signIn?: {
-              resolver: SignInResolver_2<OAuthResult>;
-            };
-          }
-        | undefined,
-    ) => AuthProviderFactory_2;
-    resolvers: never;
-  }>;
-  awsAlb: Readonly<{
-    create: (
-      options?:
-        | {
-            authHandler?: AuthHandler<AwsAlbResult_2>;
-            signIn: {
-              resolver: SignInResolver_2<AwsAlbResult_2>;
-            };
-          }
-        | undefined,
-    ) => AuthProviderFactory_2;
-    resolvers: never;
-  }>;
-  bitbucket: Readonly<{
-    create: (
-      options?:
-        | {
-            authHandler?: AuthHandler<OAuthResult>;
-            signIn?: {
-              resolver: SignInResolver_2<OAuthResult>;
-            };
-          }
-        | undefined,
-    ) => AuthProviderFactory_2;
-    resolvers: Readonly<{
-      userIdMatchingUserEntityAnnotation: () => SignInResolver_2<OAuthResult>;
-      usernameMatchingUserEntityAnnotation: () => SignInResolver_2<OAuthResult>;
-    }>;
-  }>;
-  bitbucketServer: Readonly<{
-    create: (
-      options?:
-        | {
-            authHandler?: AuthHandler<BitbucketServerOAuthResult>;
-            signIn?: {
-              resolver: SignInResolver_2<BitbucketServerOAuthResult>;
-            };
-          }
-        | undefined,
-    ) => AuthProviderFactory_2;
-    resolvers: Readonly<{
-      emailMatchingUserEntityProfileEmail: () => SignInResolver_2<BitbucketServerOAuthResult>;
-    }>;
-  }>;
-  cfAccess: Readonly<{
-    create: (options: {
-      authHandler?: AuthHandler<CloudflareAccessResult>;
-      signIn: {
-        resolver: SignInResolver_2<CloudflareAccessResult>;
-      };
-      cache?: CacheService;
-    }) => AuthProviderFactory_2;
-    resolvers: Readonly<cloudflareAccessSignInResolvers>;
-  }>;
-  gcpIap: Readonly<{
-    create: (options: {
-      authHandler?: AuthHandler<GcpIapResult>;
-      signIn: {
-        resolver: SignInResolver_2<GcpIapResult>;
-      };
-    }) => AuthProviderFactory_2;
-    resolvers: never;
-  }>;
-  github: Readonly<{
-    create: (
-      options?:
-        | {
-            authHandler?: AuthHandler<GithubOAuthResult>;
-            signIn?: {
-              resolver: SignInResolver_2<GithubOAuthResult>;
-            };
-            stateEncoder?: StateEncoder;
-          }
-        | undefined,
-    ) => AuthProviderFactory_2;
-    resolvers: Readonly<{
-      usernameMatchingUserEntityName: () => SignInResolver_2<GithubOAuthResult>;
-    }>;
-  }>;
-  gitlab: Readonly<{
-    create: (
-      options?:
-        | {
-            authHandler?: AuthHandler<OAuthResult>;
-            signIn?: {
-              resolver: SignInResolver_2<OAuthResult>;
-            };
-          }
-        | undefined,
-    ) => AuthProviderFactory_2;
-    resolvers: never;
-  }>;
-  google: Readonly<{
-    create: (
-      options?:
-        | {
-            authHandler?: AuthHandler<OAuthResult>;
-            signIn?: {
-              resolver: SignInResolver_2<OAuthResult>;
-            };
-          }
-        | undefined,
-    ) => AuthProviderFactory_2;
-    resolvers: Readonly<{
-      emailMatchingUserEntityProfileEmail: () => SignInResolver_2<OAuthResult>;
-      emailLocalPartMatchingUserEntityName: () => SignInResolver_2<OAuthResult>;
-      emailMatchingUserEntityAnnotation: () => SignInResolver_2<OAuthResult>;
-    }>;
-  }>;
-  microsoft: Readonly<{
-    create: (
-      options?:
-        | {
-            authHandler?: AuthHandler<OAuthResult>;
-            signIn?: {
-              resolver: SignInResolver_2<OAuthResult>;
-            };
-          }
-        | undefined,
-    ) => AuthProviderFactory_2;
-    resolvers: Readonly<{
-      emailMatchingUserEntityProfileEmail: () => SignInResolver_2<OAuthResult>;
-      emailLocalPartMatchingUserEntityName: () => SignInResolver_2<OAuthResult>;
-      userIdMatchingUserEntityAnnotation: () => SignInResolver_2<OAuthResult>;
-      emailMatchingUserEntityAnnotation: () => SignInResolver_2<OAuthResult>;
-    }>;
-  }>;
-  oauth2: Readonly<{
-    create: (
-      options?:
-        | {
-            authHandler?: AuthHandler<OAuthResult>;
-            signIn?: {
-              resolver: SignInResolver_2<OAuthResult>;
-            };
-          }
-        | undefined,
-    ) => AuthProviderFactory_2;
-    resolvers: never;
-  }>;
-  oauth2Proxy: Readonly<{
-    create: (options: {
-      authHandler?: AuthHandler<OAuth2ProxyResult_2>;
-      signIn: {
-        resolver: SignInResolver_2<OAuth2ProxyResult_2>;
-      };
-    }) => AuthProviderFactory_2;
-    resolvers: never;
-  }>;
-  oidc: Readonly<{
-    create: (
-      options?:
-        | {
-            authHandler?: AuthHandler<OidcAuthResult_2>;
-            signIn?: {
-              resolver: SignInResolver_2<OidcAuthResult_2>;
-            };
-          }
-        | undefined,
-    ) => AuthProviderFactory_2;
-    resolvers: Readonly<{
-      emailLocalPartMatchingUserEntityName: () => SignInResolver_2<unknown>;
-      emailMatchingUserEntityProfileEmail: () => SignInResolver_2<unknown>;
-    }>;
-  }>;
-  okta: Readonly<{
-    create: (
-      options?:
-        | {
-            authHandler?: AuthHandler<OAuthResult>;
-            signIn?: {
-              resolver: SignInResolver_2<OAuthResult>;
-            };
-          }
-        | undefined,
-    ) => AuthProviderFactory_2;
-    resolvers: Readonly<{
-      emailLocalPartMatchingUserEntityName: () => SignInResolver_2<unknown>;
-      emailMatchingUserEntityProfileEmail: () => SignInResolver_2<unknown>;
-      emailMatchingUserEntityAnnotation(): SignInResolver_2<OAuthResult>;
-    }>;
-  }>;
-  onelogin: Readonly<{
-    create: (
-      options?:
-        | {
-            authHandler?: AuthHandler<OAuthResult>;
-            signIn?: {
-              resolver: SignInResolver_2<OAuthResult>;
-            };
-          }
-        | undefined,
-    ) => AuthProviderFactory_2;
-    resolvers: never;
-  }>;
-  saml: Readonly<{
-    create: (
-      options?:
-        | {
-            authHandler?: AuthHandler<SamlAuthResult>;
-            signIn?: {
-              resolver: SignInResolver_2<SamlAuthResult>;
-            };
-          }
-        | undefined,
-    ) => AuthProviderFactory_2;
-    resolvers: Readonly<{
-      nameIdMatchingUserEntityName(): SignInResolver_2<SamlAuthResult>;
-    }>;
-  }>;
-  easyAuth: Readonly<{
-    create: (
-      options?:
-        | {
-            authHandler?: AuthHandler<AzureEasyAuthResult>;
-            signIn: {
-              resolver: SignInResolver_2<AzureEasyAuthResult>;
-            };
-          }
-        | undefined,
-    ) => AuthProviderFactory_2;
-    resolvers: never;
-  }>;
-}>;
-
-// @public @deprecated (undocumented)
-export const readState: typeof decodeOAuthState;
-
-// @public @deprecated (undocumented)
-export interface RouterOptions {
-  // (undocumented)
-  auth?: AuthService;
-  // (undocumented)
-  catalogApi?: CatalogApi;
-  // (undocumented)
-  config: RootConfigService;
-  // (undocumented)
-  database: DatabaseService;
-  // (undocumented)
-  disableDefaultProviderFactories?: boolean;
-  // (undocumented)
-  discovery: DiscoveryService;
-  // (undocumented)
-  httpAuth?: HttpAuthService;
-  // (undocumented)
-  logger: LoggerService;
-  // (undocumented)
-  ownershipResolver?: AuthOwnershipResolver;
-  // (undocumented)
-  providerFactories?: ProviderFactories;
-  // (undocumented)
-  tokenFactoryAlgorithm?: string;
-  // (undocumented)
-  tokenManager?: TokenManager;
-}
-
-// @public @deprecated (undocumented)
-export type SamlAuthResult = {
-  fullProfile: any;
-};
-
-// @public @deprecated (undocumented)
-export type SignInInfo<TAuthResult> = SignInInfo_2<TAuthResult>;
-
-// @public @deprecated (undocumented)
-export type SignInResolver<TAuthResult> = SignInResolver_2<TAuthResult>;
-
-// @public @deprecated (undocumented)
-export type StateEncoder = (req: OAuthStartRequest) => Promise<{
-  encodedState: string;
-}>;
-
-// @public @deprecated (undocumented)
-export type TokenParams = TokenParams_2;
-
-// @public @deprecated (undocumented)
-export const verifyNonce: (req: express.Request, providerId: string) => void;
-
-// @public @deprecated (undocumented)
-export type WebMessageResponse = WebMessageResponse_2;
 ```

plugins/auth-backend/src/index.ts

@@ -21,17 +21,3 @@
  */
 
 export { authPlugin as default } from './authPlugin';
-export * from './service';
-export type { TokenParams } from './identity';
-export * from './providers';
-
-// flow package provides 2 functions
-// ensuresXRequestedWith and postMessageResponse to safely handle CORS requests for login. The WebMessageResponse type in flow is used to type the response from the login-popup
-export * from './lib/flow';
-
-// OAuth wrapper over a passport or a custom `strategy`.
-export * from './lib/oauth';
-
-export * from './lib/catalog';
-
-export { getDefaultOwnershipEntityRefs } from './lib/resolvers';

yarn.lock

@@ -29083,7 +29083,6 @@ __metadata:
     "@backstage/cli": "workspace:^"
     "@backstage/config": "workspace:^"
     "@backstage/integration": "workspace:^"
-    "@backstage/plugin-auth-backend": "workspace:^"
     "@backstage/plugin-auth-node": "workspace:^"
     "@backstage/plugin-catalog-backend": "workspace:^"
     "@backstage/plugin-catalog-backend-module-scaffolder-entity-model": "workspace:^"