Skip to main content
Version: Next

HttpAuthService.credentials()

Home > @backstage/backend-plugin-api > HttpAuthService > credentials

Extracts the caller's credentials from a request.

Signature:

credentials<TAllowed extends keyof BackstagePrincipalTypes = 'unknown'>(
req: Request<any, any, any, any, any>,
options?: {
allow?: Array<TAllowed>;
allowLimitedAccess?: boolean;
}): Promise<BackstageCredentials<BackstagePrincipalTypes[TAllowed]>>;

Parameters

Parameter

Type

Description

req

Request<any, any, any, any, any>

options

{ allow?: Array<TAllowed>; allowLimitedAccess?: boolean; }

(Optional)

**Returns:**

Promise<BackstageCredentials<BackstagePrincipalTypes[TAllowed]>>

Remarks

The credentials have been validated before returning, and are guaranteed to adhere to whatever policies have been added to this route using HttpRouterService.addAuthPolicy(), if any.

Further restrictions can be imposed by passing in options that control the allowed types of credential.

You can narrow the returned credentials object to specific principal types using AuthService.isPrincipal().