Extracts the caller's credentials from a request.
An Express request object.
Optionaloptions: { allow?: TAllowed[]; allowLimitedAccess?: boolean }Optional further restrictions.
Optionalallow?: TAllowed[]If specified, allow only principals of the given type(s).
If the incoming credentials were not of a type that matched this restriction, a @backstage/errors#NotAllowedError is thrown.
The default is to allow user and service principals.
OptionalallowLimitedAccess?: booleanIf set to true, allow limited access tokens (such as cookies).
If this flag is not set, or is set to false, calls with limited access tokens will lead to a @backstage/errors#NotAllowedError being thrown.
The credentials have been validated before returning, and are guaranteed to adhere to whatever policies have been added to this route using HttpRouterService.addAuthPolicy, if any.
Further restrictions can be imposed by passing in options that control the allowed types of credential.
You can narrow the returned credentials object to specific principal types using AuthService.isPrincipal.
Issues a limited access token as a cookie on the given response object. This is only possible for requests that were originally made with user credentials (such as a Backstage token).
This must be called before sending any payload data.
An Express response object.
Optionaloptions: { credentials?: BackstageCredentials }Optional further settings.
Optionalcredentials?: BackstageCredentialsIssue the cookie for this specific credential. Must be a "user" type principal, or a "none" type (which leads to deleting the cookie).
Provides handling of credentials in an ongoing request.
See the service documentation for more details.