@backstage/plugin-auth-backend-module-gcp-iap-provider 0.3.2-next.1 → 0.3.2

package/CHANGELOG.md

@@ -1,5 +1,25 @@
 # @backstage/plugin-auth-backend-module-gcp-iap-provider
 
+## 0.3.2
+
+### Patch Changes
+
+- Updated dependencies
+  - @backstage/types@1.2.0
+  - @backstage/plugin-auth-node@0.5.4
+  - @backstage/backend-plugin-api@1.0.2
+  - @backstage/errors@1.2.5
+
+## 0.3.2-next.2
+
+### Patch Changes
+
+- Updated dependencies
+  - @backstage/plugin-auth-node@0.5.4-next.2
+  - @backstage/backend-plugin-api@1.0.2-next.2
+  - @backstage/errors@1.2.4
+  - @backstage/types@1.1.1
+
 ## 0.3.2-next.1
 
 ### Patch Changes

package/dist/authenticator.cjs.js.map

@@ -1 +1 @@
-{"version":3,"file":"authenticator.cjs.js","sources":["../src/authenticator.ts"],"sourcesContent":["/*\n * Copyright 2023 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n *     http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { AuthenticationError } from '@backstage/errors';\nimport { createProxyAuthenticator } from '@backstage/plugin-auth-node';\nimport { createTokenValidator } from './helpers';\nimport { GcpIapResult } from './types';\n\n/**\n * The header name used by the IAP.\n */\nconst DEFAULT_IAP_JWT_HEADER = 'x-goog-iap-jwt-assertion';\n\n/** @public */\nexport const gcpIapAuthenticator = createProxyAuthenticator({\n  defaultProfileTransform: async (result: GcpIapResult) => {\n    return { profile: { email: result.iapToken.email } };\n  },\n  initialize({ config }) {\n    const audience = config.getString('audience');\n    const jwtHeader =\n      config.getOptionalString('jwtHeader') ?? DEFAULT_IAP_JWT_HEADER;\n\n    const tokenValidator = createTokenValidator(audience);\n\n    return { jwtHeader, tokenValidator };\n  },\n  async authenticate({ req }, { jwtHeader, tokenValidator }) {\n    const token = req.header(jwtHeader);\n\n    if (!token || typeof token !== 'string') {\n      throw new AuthenticationError('Missing Google IAP header');\n    }\n\n    const iapToken = await tokenValidator(token);\n\n    return {\n      result: { iapToken },\n      providerInfo: { iapToken },\n    };\n  },\n});\n"],"names":["createProxyAuthenticator","createTokenValidator","AuthenticationError"],"mappings":";;;;;;AAwBA,MAAM,sBAAyB,GAAA,0BAAA,CAAA;AAGxB,MAAM,sBAAsBA,uCAAyB,CAAA;AAAA,EAC1D,uBAAA,EAAyB,OAAO,MAAyB,KAAA;AACvD,IAAA,OAAO,EAAE,OAAS,EAAA,EAAE,OAAO,MAAO,CAAA,QAAA,CAAS,OAAQ,EAAA,CAAA;AAAA,GACrD;AAAA,EACA,UAAA,CAAW,EAAE,MAAA,EAAU,EAAA;AACrB,IAAM,MAAA,QAAA,GAAW,MAAO,CAAA,SAAA,CAAU,UAAU,CAAA,CAAA;AAC5C,IAAA,MAAM,SACJ,GAAA,MAAA,CAAO,iBAAkB,CAAA,WAAW,CAAK,IAAA,sBAAA,CAAA;AAE3C,IAAM,MAAA,cAAA,GAAiBC,6BAAqB,QAAQ,CAAA,CAAA;AAEpD,IAAO,OAAA,EAAE,WAAW,cAAe,EAAA,CAAA;AAAA,GACrC;AAAA,EACA,MAAM,aAAa,EAAE,GAAA,IAAO,EAAE,SAAA,EAAW,gBAAkB,EAAA;AACzD,IAAM,MAAA,KAAA,GAAQ,GAAI,CAAA,MAAA,CAAO,SAAS,CAAA,CAAA;AAElC,IAAA,IAAI,CAAC,KAAA,IAAS,OAAO,KAAA,KAAU,QAAU,EAAA;AACvC,MAAM,MAAA,IAAIC,2BAAoB,2BAA2B,CAAA,CAAA;AAAA,KAC3D;AAEA,IAAM,MAAA,QAAA,GAAW,MAAM,cAAA,CAAe,KAAK,CAAA,CAAA;AAE3C,IAAO,OAAA;AAAA,MACL,MAAA,EAAQ,EAAE,QAAS,EAAA;AAAA,MACnB,YAAA,EAAc,EAAE,QAAS,EAAA;AAAA,KAC3B,CAAA;AAAA,GACF;AACF,CAAC;;;;"}
+{"version":3,"file":"authenticator.cjs.js","sources":["../src/authenticator.ts"],"sourcesContent":["/*\n * Copyright 2023 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n *     http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { AuthenticationError } from '@backstage/errors';\nimport { createProxyAuthenticator } from '@backstage/plugin-auth-node';\nimport { createTokenValidator } from './helpers';\nimport { GcpIapResult } from './types';\n\n/**\n * The header name used by the IAP.\n */\nconst DEFAULT_IAP_JWT_HEADER = 'x-goog-iap-jwt-assertion';\n\n/** @public */\nexport const gcpIapAuthenticator = createProxyAuthenticator({\n  defaultProfileTransform: async (result: GcpIapResult) => {\n    return { profile: { email: result.iapToken.email } };\n  },\n  initialize({ config }) {\n    const audience = config.getString('audience');\n    const jwtHeader =\n      config.getOptionalString('jwtHeader') ?? DEFAULT_IAP_JWT_HEADER;\n\n    const tokenValidator = createTokenValidator(audience);\n\n    return { jwtHeader, tokenValidator };\n  },\n  async authenticate({ req }, { jwtHeader, tokenValidator }) {\n    const token = req.header(jwtHeader);\n\n    if (!token || typeof token !== 'string') {\n      throw new AuthenticationError('Missing Google IAP header');\n    }\n\n    const iapToken = await tokenValidator(token);\n\n    return {\n      result: { iapToken },\n      providerInfo: { iapToken },\n    };\n  },\n});\n"],"names":["createProxyAuthenticator","createTokenValidator","AuthenticationError"],"mappings":";;;;;;AAwBA,MAAM,sBAAyB,GAAA,0BAAA;AAGxB,MAAM,sBAAsBA,uCAAyB,CAAA;AAAA,EAC1D,uBAAA,EAAyB,OAAO,MAAyB,KAAA;AACvD,IAAA,OAAO,EAAE,OAAS,EAAA,EAAE,OAAO,MAAO,CAAA,QAAA,CAAS,OAAQ,EAAA;AAAA,GACrD;AAAA,EACA,UAAA,CAAW,EAAE,MAAA,EAAU,EAAA;AACrB,IAAM,MAAA,QAAA,GAAW,MAAO,CAAA,SAAA,CAAU,UAAU,CAAA;AAC5C,IAAA,MAAM,SACJ,GAAA,MAAA,CAAO,iBAAkB,CAAA,WAAW,CAAK,IAAA,sBAAA;AAE3C,IAAM,MAAA,cAAA,GAAiBC,6BAAqB,QAAQ,CAAA;AAEpD,IAAO,OAAA,EAAE,WAAW,cAAe,EAAA;AAAA,GACrC;AAAA,EACA,MAAM,aAAa,EAAE,GAAA,IAAO,EAAE,SAAA,EAAW,gBAAkB,EAAA;AACzD,IAAM,MAAA,KAAA,GAAQ,GAAI,CAAA,MAAA,CAAO,SAAS,CAAA;AAElC,IAAA,IAAI,CAAC,KAAA,IAAS,OAAO,KAAA,KAAU,QAAU,EAAA;AACvC,MAAM,MAAA,IAAIC,2BAAoB,2BAA2B,CAAA;AAAA;AAG3D,IAAM,MAAA,QAAA,GAAW,MAAM,cAAA,CAAe,KAAK,CAAA;AAE3C,IAAO,OAAA;AAAA,MACL,MAAA,EAAQ,EAAE,QAAS,EAAA;AAAA,MACnB,YAAA,EAAc,EAAE,QAAS;AAAA,KAC3B;AAAA;AAEJ,CAAC;;;;"}

package/dist/helpers.cjs.js.map

@@ -1 +1 @@
-{"version":3,"file":"helpers.cjs.js","sources":["../src/helpers.ts"],"sourcesContent":["/*\n * Copyright 2021 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n *     http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { AuthenticationError } from '@backstage/errors';\nimport { OAuth2Client } from 'google-auth-library';\nimport { GcpIapTokenInfo } from './types';\n\nexport function createTokenValidator(\n  audience: string,\n  providedClient?: OAuth2Client,\n): (token: string) => Promise<GcpIapTokenInfo> {\n  const client = providedClient ?? new OAuth2Client();\n\n  return async function tokenValidator(token) {\n    // TODO(freben): Rate limit the public key reads. It may be sensible to\n    // cache these for some reasonable time rather than asking for the public\n    // keys on every single sign-in. But since the rate of events here is so\n    // slow, I decided to keep it simple for now.\n    const response = await client.getIapPublicKeys().catch(error => {\n      throw new AuthenticationError(\n        `Unable to list Google IAP token verification keys, ${error}`,\n      );\n    });\n    const ticket = await client\n      .verifySignedJwtWithCertsAsync(token, response.pubkeys, audience, [\n        'https://cloud.google.com/iap',\n      ])\n      .catch(error => {\n        throw new AuthenticationError(\n          `Google IAP token verification failed, ${error}`,\n        );\n      });\n\n    const payload = ticket.getPayload();\n    if (!payload) {\n      throw new AuthenticationError(\n        'Google IAP token verification failed, token had no payload',\n      );\n    }\n\n    if (!payload.sub) {\n      throw new AuthenticationError(\n        'Google IAP token payload is missing subject claim',\n      );\n    }\n    if (!payload.email) {\n      throw new AuthenticationError(\n        'Google IAP token payload is missing email claim',\n      );\n    }\n\n    return payload as unknown as GcpIapTokenInfo;\n  };\n}\n"],"names":["OAuth2Client","AuthenticationError"],"mappings":";;;;;AAoBgB,SAAA,oBAAA,CACd,UACA,cAC6C,EAAA;AAC7C,EAAM,MAAA,MAAA,GAA2B,IAAIA,8BAAa,EAAA,CAAA;AAElD,EAAO,OAAA,eAAe,eAAe,KAAO,EAAA;AAK1C,IAAA,MAAM,WAAW,MAAM,MAAA,CAAO,gBAAiB,EAAA,CAAE,MAAM,CAAS,KAAA,KAAA;AAC9D,MAAA,MAAM,IAAIC,0BAAA;AAAA,QACR,sDAAsD,KAAK,CAAA,CAAA;AAAA,OAC7D,CAAA;AAAA,KACD,CAAA,CAAA;AACD,IAAA,MAAM,SAAS,MAAM,MAAA,CAClB,8BAA8B,KAAO,EAAA,QAAA,CAAS,SAAS,QAAU,EAAA;AAAA,MAChE,8BAAA;AAAA,KACD,CACA,CAAA,KAAA,CAAM,CAAS,KAAA,KAAA;AACd,MAAA,MAAM,IAAIA,0BAAA;AAAA,QACR,yCAAyC,KAAK,CAAA,CAAA;AAAA,OAChD,CAAA;AAAA,KACD,CAAA,CAAA;AAEH,IAAM,MAAA,OAAA,GAAU,OAAO,UAAW,EAAA,CAAA;AAClC,IAAA,IAAI,CAAC,OAAS,EAAA;AACZ,MAAA,MAAM,IAAIA,0BAAA;AAAA,QACR,4DAAA;AAAA,OACF,CAAA;AAAA,KACF;AAEA,IAAI,IAAA,CAAC,QAAQ,GAAK,EAAA;AAChB,MAAA,MAAM,IAAIA,0BAAA;AAAA,QACR,mDAAA;AAAA,OACF,CAAA;AAAA,KACF;AACA,IAAI,IAAA,CAAC,QAAQ,KAAO,EAAA;AAClB,MAAA,MAAM,IAAIA,0BAAA;AAAA,QACR,iDAAA;AAAA,OACF,CAAA;AAAA,KACF;AAEA,IAAO,OAAA,OAAA,CAAA;AAAA,GACT,CAAA;AACF;;;;"}
+{"version":3,"file":"helpers.cjs.js","sources":["../src/helpers.ts"],"sourcesContent":["/*\n * Copyright 2021 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n *     http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { AuthenticationError } from '@backstage/errors';\nimport { OAuth2Client } from 'google-auth-library';\nimport { GcpIapTokenInfo } from './types';\n\nexport function createTokenValidator(\n  audience: string,\n  providedClient?: OAuth2Client,\n): (token: string) => Promise<GcpIapTokenInfo> {\n  const client = providedClient ?? new OAuth2Client();\n\n  return async function tokenValidator(token) {\n    // TODO(freben): Rate limit the public key reads. It may be sensible to\n    // cache these for some reasonable time rather than asking for the public\n    // keys on every single sign-in. But since the rate of events here is so\n    // slow, I decided to keep it simple for now.\n    const response = await client.getIapPublicKeys().catch(error => {\n      throw new AuthenticationError(\n        `Unable to list Google IAP token verification keys, ${error}`,\n      );\n    });\n    const ticket = await client\n      .verifySignedJwtWithCertsAsync(token, response.pubkeys, audience, [\n        'https://cloud.google.com/iap',\n      ])\n      .catch(error => {\n        throw new AuthenticationError(\n          `Google IAP token verification failed, ${error}`,\n        );\n      });\n\n    const payload = ticket.getPayload();\n    if (!payload) {\n      throw new AuthenticationError(\n        'Google IAP token verification failed, token had no payload',\n      );\n    }\n\n    if (!payload.sub) {\n      throw new AuthenticationError(\n        'Google IAP token payload is missing subject claim',\n      );\n    }\n    if (!payload.email) {\n      throw new AuthenticationError(\n        'Google IAP token payload is missing email claim',\n      );\n    }\n\n    return payload as unknown as GcpIapTokenInfo;\n  };\n}\n"],"names":["OAuth2Client","AuthenticationError"],"mappings":";;;;;AAoBgB,SAAA,oBAAA,CACd,UACA,cAC6C,EAAA;AAC7C,EAAM,MAAA,MAAA,GAA2B,IAAIA,8BAAa,EAAA;AAElD,EAAO,OAAA,eAAe,eAAe,KAAO,EAAA;AAK1C,IAAA,MAAM,WAAW,MAAM,MAAA,CAAO,gBAAiB,EAAA,CAAE,MAAM,CAAS,KAAA,KAAA;AAC9D,MAAA,MAAM,IAAIC,0BAAA;AAAA,QACR,sDAAsD,KAAK,CAAA;AAAA,OAC7D;AAAA,KACD,CAAA;AACD,IAAA,MAAM,SAAS,MAAM,MAAA,CAClB,8BAA8B,KAAO,EAAA,QAAA,CAAS,SAAS,QAAU,EAAA;AAAA,MAChE;AAAA,KACD,CACA,CAAA,KAAA,CAAM,CAAS,KAAA,KAAA;AACd,MAAA,MAAM,IAAIA,0BAAA;AAAA,QACR,yCAAyC,KAAK,CAAA;AAAA,OAChD;AAAA,KACD,CAAA;AAEH,IAAM,MAAA,OAAA,GAAU,OAAO,UAAW,EAAA;AAClC,IAAA,IAAI,CAAC,OAAS,EAAA;AACZ,MAAA,MAAM,IAAIA,0BAAA;AAAA,QACR;AAAA,OACF;AAAA;AAGF,IAAI,IAAA,CAAC,QAAQ,GAAK,EAAA;AAChB,MAAA,MAAM,IAAIA,0BAAA;AAAA,QACR;AAAA,OACF;AAAA;AAEF,IAAI,IAAA,CAAC,QAAQ,KAAO,EAAA;AAClB,MAAA,MAAM,IAAIA,0BAAA;AAAA,QACR;AAAA,OACF;AAAA;AAGF,IAAO,OAAA,OAAA;AAAA,GACT;AACF;;;;"}

package/dist/module.cjs.js.map

@@ -1 +1 @@
-{"version":3,"file":"module.cjs.js","sources":["../src/module.ts"],"sourcesContent":["/*\n * Copyright 2023 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n *     http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { createBackendModule } from '@backstage/backend-plugin-api';\nimport {\n  authProvidersExtensionPoint,\n  commonSignInResolvers,\n  createProxyAuthProviderFactory,\n} from '@backstage/plugin-auth-node';\nimport { gcpIapAuthenticator } from './authenticator';\nimport { gcpIapSignInResolvers } from './resolvers';\n\n/** @public */\nexport const authModuleGcpIapProvider = createBackendModule({\n  pluginId: 'auth',\n  moduleId: 'gcp-iap-provider',\n  register(reg) {\n    reg.registerInit({\n      deps: {\n        providers: authProvidersExtensionPoint,\n      },\n      async init({ providers }) {\n        providers.registerProvider({\n          providerId: 'gcpIap',\n          factory: createProxyAuthProviderFactory({\n            authenticator: gcpIapAuthenticator,\n            signInResolverFactories: {\n              ...gcpIapSignInResolvers,\n              ...commonSignInResolvers,\n            },\n          }),\n        });\n      },\n    });\n  },\n});\n"],"names":["createBackendModule","authProvidersExtensionPoint","createProxyAuthProviderFactory","gcpIapAuthenticator","gcpIapSignInResolvers","commonSignInResolvers"],"mappings":";;;;;;;AA0BO,MAAM,2BAA2BA,oCAAoB,CAAA;AAAA,EAC1D,QAAU,EAAA,MAAA;AAAA,EACV,QAAU,EAAA,kBAAA;AAAA,EACV,SAAS,GAAK,EAAA;AACZ,IAAA,GAAA,CAAI,YAAa,CAAA;AAAA,MACf,IAAM,EAAA;AAAA,QACJ,SAAW,EAAAC,0CAAA;AAAA,OACb;AAAA,MACA,MAAM,IAAA,CAAK,EAAE,SAAA,EAAa,EAAA;AACxB,QAAA,SAAA,CAAU,gBAAiB,CAAA;AAAA,UACzB,UAAY,EAAA,QAAA;AAAA,UACZ,SAASC,6CAA+B,CAAA;AAAA,YACtC,aAAe,EAAAC,iCAAA;AAAA,YACf,uBAAyB,EAAA;AAAA,cACvB,GAAGC,+BAAA;AAAA,cACH,GAAGC,oCAAA;AAAA,aACL;AAAA,WACD,CAAA;AAAA,SACF,CAAA,CAAA;AAAA,OACH;AAAA,KACD,CAAA,CAAA;AAAA,GACH;AACF,CAAC;;;;"}
+{"version":3,"file":"module.cjs.js","sources":["../src/module.ts"],"sourcesContent":["/*\n * Copyright 2023 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n *     http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { createBackendModule } from '@backstage/backend-plugin-api';\nimport {\n  authProvidersExtensionPoint,\n  commonSignInResolvers,\n  createProxyAuthProviderFactory,\n} from '@backstage/plugin-auth-node';\nimport { gcpIapAuthenticator } from './authenticator';\nimport { gcpIapSignInResolvers } from './resolvers';\n\n/** @public */\nexport const authModuleGcpIapProvider = createBackendModule({\n  pluginId: 'auth',\n  moduleId: 'gcp-iap-provider',\n  register(reg) {\n    reg.registerInit({\n      deps: {\n        providers: authProvidersExtensionPoint,\n      },\n      async init({ providers }) {\n        providers.registerProvider({\n          providerId: 'gcpIap',\n          factory: createProxyAuthProviderFactory({\n            authenticator: gcpIapAuthenticator,\n            signInResolverFactories: {\n              ...gcpIapSignInResolvers,\n              ...commonSignInResolvers,\n            },\n          }),\n        });\n      },\n    });\n  },\n});\n"],"names":["createBackendModule","authProvidersExtensionPoint","createProxyAuthProviderFactory","gcpIapAuthenticator","gcpIapSignInResolvers","commonSignInResolvers"],"mappings":";;;;;;;AA0BO,MAAM,2BAA2BA,oCAAoB,CAAA;AAAA,EAC1D,QAAU,EAAA,MAAA;AAAA,EACV,QAAU,EAAA,kBAAA;AAAA,EACV,SAAS,GAAK,EAAA;AACZ,IAAA,GAAA,CAAI,YAAa,CAAA;AAAA,MACf,IAAM,EAAA;AAAA,QACJ,SAAW,EAAAC;AAAA,OACb;AAAA,MACA,MAAM,IAAA,CAAK,EAAE,SAAA,EAAa,EAAA;AACxB,QAAA,SAAA,CAAU,gBAAiB,CAAA;AAAA,UACzB,UAAY,EAAA,QAAA;AAAA,UACZ,SAASC,6CAA+B,CAAA;AAAA,YACtC,aAAe,EAAAC,iCAAA;AAAA,YACf,uBAAyB,EAAA;AAAA,cACvB,GAAGC,+BAAA;AAAA,cACH,GAAGC;AAAA;AACL,WACD;AAAA,SACF,CAAA;AAAA;AACH,KACD,CAAA;AAAA;AAEL,CAAC;;;;"}

package/dist/resolvers.cjs.js.map

@@ -1 +1 @@
-{"version":3,"file":"resolvers.cjs.js","sources":["../src/resolvers.ts"],"sourcesContent":["/*\n * Copyright 2023 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n *     http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport {\n  createSignInResolverFactory,\n  SignInInfo,\n} from '@backstage/plugin-auth-node';\nimport { GcpIapResult } from './types';\n\n/**\n * Available sign-in resolvers for the Google auth provider.\n *\n * @public\n */\nexport namespace gcpIapSignInResolvers {\n  /**\n   * Looks up the user by matching their email to the `google.com/email` annotation.\n   */\n  export const emailMatchingUserEntityAnnotation = createSignInResolverFactory({\n    create() {\n      return async (info: SignInInfo<GcpIapResult>, ctx) => {\n        const email = info.result.iapToken.email;\n\n        if (!email) {\n          throw new Error('Google IAP sign-in result is missing email');\n        }\n\n        return ctx.signInWithCatalogUser({\n          annotations: {\n            'google.com/email': email,\n          },\n        });\n      };\n    },\n  });\n\n  /**\n   * Looks up the user by matching their user ID to the `google.com/user-id` annotation.\n   */\n  export const idMatchingUserEntityAnnotation = createSignInResolverFactory({\n    create() {\n      return async (info: SignInInfo<GcpIapResult>, ctx) => {\n        const userId = info.result.iapToken.sub.split(':')[1];\n\n        return ctx.signInWithCatalogUser({\n          annotations: {\n            'google.com/user-id': userId,\n          },\n        });\n      };\n    },\n  });\n}\n"],"names":["gcpIapSignInResolvers","createSignInResolverFactory"],"mappings":";;;;AA2BiBA,uCAAA;AAAA,CAAV,CAAUA,sBAAV,KAAA;AAIE,EAAMA,sBAAAA,CAAA,oCAAoCC,0CAA4B,CAAA;AAAA,IAC3E,MAAS,GAAA;AACP,MAAO,OAAA,OAAO,MAAgC,GAAQ,KAAA;AACpD,QAAM,MAAA,KAAA,GAAQ,IAAK,CAAA,MAAA,CAAO,QAAS,CAAA,KAAA,CAAA;AAEnC,QAAA,IAAI,CAAC,KAAO,EAAA;AACV,UAAM,MAAA,IAAI,MAAM,4CAA4C,CAAA,CAAA;AAAA,SAC9D;AAEA,QAAA,OAAO,IAAI,qBAAsB,CAAA;AAAA,UAC/B,WAAa,EAAA;AAAA,YACX,kBAAoB,EAAA,KAAA;AAAA,WACtB;AAAA,SACD,CAAA,CAAA;AAAA,OACH,CAAA;AAAA,KACF;AAAA,GACD,CAAA,CAAA;AAKM,EAAMD,sBAAAA,CAAA,iCAAiCC,0CAA4B,CAAA;AAAA,IACxE,MAAS,GAAA;AACP,MAAO,OAAA,OAAO,MAAgC,GAAQ,KAAA;AACpD,QAAM,MAAA,MAAA,GAAS,KAAK,MAAO,CAAA,QAAA,CAAS,IAAI,KAAM,CAAA,GAAG,EAAE,CAAC,CAAA,CAAA;AAEpD,QAAA,OAAO,IAAI,qBAAsB,CAAA;AAAA,UAC/B,WAAa,EAAA;AAAA,YACX,oBAAsB,EAAA,MAAA;AAAA,WACxB;AAAA,SACD,CAAA,CAAA;AAAA,OACH,CAAA;AAAA,KACF;AAAA,GACD,CAAA,CAAA;AAAA,CArCc,EAAAD,6BAAA,KAAAA,6BAAA,GAAA,EAAA,CAAA,CAAA;;"}
+{"version":3,"file":"resolvers.cjs.js","sources":["../src/resolvers.ts"],"sourcesContent":["/*\n * Copyright 2023 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n *     http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport {\n  createSignInResolverFactory,\n  SignInInfo,\n} from '@backstage/plugin-auth-node';\nimport { GcpIapResult } from './types';\n\n/**\n * Available sign-in resolvers for the Google auth provider.\n *\n * @public\n */\nexport namespace gcpIapSignInResolvers {\n  /**\n   * Looks up the user by matching their email to the `google.com/email` annotation.\n   */\n  export const emailMatchingUserEntityAnnotation = createSignInResolverFactory({\n    create() {\n      return async (info: SignInInfo<GcpIapResult>, ctx) => {\n        const email = info.result.iapToken.email;\n\n        if (!email) {\n          throw new Error('Google IAP sign-in result is missing email');\n        }\n\n        return ctx.signInWithCatalogUser({\n          annotations: {\n            'google.com/email': email,\n          },\n        });\n      };\n    },\n  });\n\n  /**\n   * Looks up the user by matching their user ID to the `google.com/user-id` annotation.\n   */\n  export const idMatchingUserEntityAnnotation = createSignInResolverFactory({\n    create() {\n      return async (info: SignInInfo<GcpIapResult>, ctx) => {\n        const userId = info.result.iapToken.sub.split(':')[1];\n\n        return ctx.signInWithCatalogUser({\n          annotations: {\n            'google.com/user-id': userId,\n          },\n        });\n      };\n    },\n  });\n}\n"],"names":["gcpIapSignInResolvers","createSignInResolverFactory"],"mappings":";;;;AA2BiBA;AAAA,CAAV,CAAUA,sBAAV,KAAA;AAIE,EAAMA,sBAAAA,CAAA,oCAAoCC,0CAA4B,CAAA;AAAA,IAC3E,MAAS,GAAA;AACP,MAAO,OAAA,OAAO,MAAgC,GAAQ,KAAA;AACpD,QAAM,MAAA,KAAA,GAAQ,IAAK,CAAA,MAAA,CAAO,QAAS,CAAA,KAAA;AAEnC,QAAA,IAAI,CAAC,KAAO,EAAA;AACV,UAAM,MAAA,IAAI,MAAM,4CAA4C,CAAA;AAAA;AAG9D,QAAA,OAAO,IAAI,qBAAsB,CAAA;AAAA,UAC/B,WAAa,EAAA;AAAA,YACX,kBAAoB,EAAA;AAAA;AACtB,SACD,CAAA;AAAA,OACH;AAAA;AACF,GACD,CAAA;AAKM,EAAMD,sBAAAA,CAAA,iCAAiCC,0CAA4B,CAAA;AAAA,IACxE,MAAS,GAAA;AACP,MAAO,OAAA,OAAO,MAAgC,GAAQ,KAAA;AACpD,QAAM,MAAA,MAAA,GAAS,KAAK,MAAO,CAAA,QAAA,CAAS,IAAI,KAAM,CAAA,GAAG,EAAE,CAAC,CAAA;AAEpD,QAAA,OAAO,IAAI,qBAAsB,CAAA;AAAA,UAC/B,WAAa,EAAA;AAAA,YACX,oBAAsB,EAAA;AAAA;AACxB,SACD,CAAA;AAAA,OACH;AAAA;AACF,GACD,CAAA;AAAA,CArCc,EAAAD,6BAAA,KAAAA,6BAAA,GAAA,EAAA,CAAA,CAAA;;"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@backstage/plugin-auth-backend-module-gcp-iap-provider",
-  "version": "0.3.2-next.1",
+  "version": "0.3.2",
   "description": "A GCP IAP auth provider module for the Backstage auth backend",
   "backstage": {
     "role": "backend-plugin-module",
@@ -38,16 +38,23 @@
     "test": "backstage-cli package test"
   },
   "dependencies": {
-    "@backstage/backend-plugin-api": "1.0.2-next.1",
-    "@backstage/errors": "1.2.4",
-    "@backstage/plugin-auth-node": "0.5.4-next.1",
-    "@backstage/types": "1.1.1",
+    "@backstage/backend-plugin-api": "^1.0.2",
+    "@backstage/errors": "^1.2.5",
+    "@backstage/plugin-auth-node": "^0.5.4",
+    "@backstage/types": "^1.2.0",
     "google-auth-library": "^9.0.0"
   },
   "devDependencies": {
-    "@backstage/backend-test-utils": "1.0.3-next.1",
-    "@backstage/cli": "0.29.0-next.1",
+    "@backstage/backend-test-utils": "^1.1.0",
+    "@backstage/cli": "^0.29.0",
     "express": "^4.18.2"
   },
-  "configSchema": "config.d.ts"
+  "configSchema": "config.d.ts",
+  "typesVersions": {
+    "*": {
+      "index": [
+        "dist/index.d.ts"
+      ]
+    }
+  }
 }