@backstage/plugin-auth-backend-module-github-provider 0.2.1-next.0 → 0.2.1

package/CHANGELOG.md

@@ -1,5 +1,23 @@
 # @backstage/plugin-auth-backend-module-github-provider
 
+## 0.2.1
+
+### Patch Changes
+
+- 217458a: Updated configuration schema to include the new `allowedDomains` option for the `emailLocalPartMatchingUserEntityName` sign-in resolver.
+- Updated dependencies
+  - @backstage/plugin-auth-node@0.5.3
+  - @backstage/backend-plugin-api@1.0.1
+
+## 0.2.1-next.1
+
+### Patch Changes
+
+- 217458a: Updated configuration schema to include the new `allowedDomains` option for the `emailLocalPartMatchingUserEntityName` sign-in resolver.
+- Updated dependencies
+  - @backstage/plugin-auth-node@0.5.3-next.1
+  - @backstage/backend-plugin-api@1.0.1-next.1
+
 ## 0.2.1-next.0
 
 ### Patch Changes

package/config.d.ts

@@ -31,7 +31,10 @@ export interface Config {
           signIn?: {
             resolvers: Array<
               | { resolver: 'usernameMatchingUserEntityName' }
-              | { resolver: 'emailLocalPartMatchingUserEntityName' }
+              | {
+                  resolver: 'emailLocalPartMatchingUserEntityName';
+                  allowedDomains?: string[];
+                }
               | { resolver: 'emailMatchingUserEntityProfileEmail' }
             >;
           };

package/dist/authenticator.cjs.js

@@ -0,0 +1,78 @@
+'use strict';
+
+var passportGithub2 = require('passport-github2');
+var pluginAuthNode = require('@backstage/plugin-auth-node');
+
+const ACCESS_TOKEN_PREFIX = "access-token.";
+const githubAuthenticator = pluginAuthNode.createOAuthAuthenticator({
+  defaultProfileTransform: pluginAuthNode.PassportOAuthAuthenticatorHelper.defaultProfileTransform,
+  scopes: {
+    persist: true,
+    required: ["read:user"]
+  },
+  initialize({ callbackUrl, config }) {
+    const clientId = config.getString("clientId");
+    const clientSecret = config.getString("clientSecret");
+    const enterpriseInstanceUrl = config.getOptionalString("enterpriseInstanceUrl")?.replace(/\/$/, "");
+    const authorizationUrl = enterpriseInstanceUrl ? `${enterpriseInstanceUrl}/login/oauth/authorize` : void 0;
+    const tokenUrl = enterpriseInstanceUrl ? `${enterpriseInstanceUrl}/login/oauth/access_token` : void 0;
+    const userProfileUrl = enterpriseInstanceUrl ? `${enterpriseInstanceUrl}/api/v3/user` : void 0;
+    return pluginAuthNode.PassportOAuthAuthenticatorHelper.from(
+      new passportGithub2.Strategy(
+        {
+          clientID: clientId,
+          clientSecret,
+          callbackURL: callbackUrl,
+          tokenURL: tokenUrl,
+          userProfileURL: userProfileUrl,
+          authorizationURL: authorizationUrl
+        },
+        (accessToken, refreshToken, params, fullProfile, done) => {
+          done(
+            void 0,
+            { fullProfile, params, accessToken },
+            { refreshToken }
+          );
+        }
+      )
+    );
+  },
+  async start(input, helper) {
+    return helper.start(input, {
+      accessType: "offline",
+      prompt: "consent"
+    });
+  },
+  async authenticate(input, helper) {
+    const { fullProfile, session } = await helper.authenticate(input);
+    if (!session.refreshToken && !session.expiresInSeconds) {
+      session.refreshToken = ACCESS_TOKEN_PREFIX + session.accessToken;
+    }
+    return { fullProfile, session };
+  },
+  async refresh(input, helper) {
+    if (input.refreshToken?.startsWith(ACCESS_TOKEN_PREFIX)) {
+      const accessToken = input.refreshToken.slice(ACCESS_TOKEN_PREFIX.length);
+      const fullProfile = await helper.fetchProfile(accessToken).catch((error) => {
+        if (error.oauthError?.statusCode === 401) {
+          throw new Error("Invalid access token");
+        }
+        throw error;
+      });
+      return {
+        fullProfile,
+        session: {
+          accessToken,
+          tokenType: "bearer",
+          scope: input.scope,
+          refreshToken: input.refreshToken
+          // No expiration
+        }
+      };
+    }
+    return helper.refresh(input);
+  }
+});
+
+exports.githubAuthenticator = githubAuthenticator;
+//# sourceMappingURL=authenticator.cjs.js.map

package/dist/authenticator.cjs.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"authenticator.cjs.js","sources":["../src/authenticator.ts"],"sourcesContent":["/*\n * Copyright 2023 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n *     http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { Strategy as GithubStrategy } from 'passport-github2';\nimport {\n  createOAuthAuthenticator,\n  PassportOAuthAuthenticatorHelper,\n  PassportOAuthDoneCallback,\n  PassportProfile,\n} from '@backstage/plugin-auth-node';\n\nconst ACCESS_TOKEN_PREFIX = 'access-token.';\n\n/** @public */\nexport const githubAuthenticator = createOAuthAuthenticator({\n  defaultProfileTransform:\n    PassportOAuthAuthenticatorHelper.defaultProfileTransform,\n  scopes: {\n    persist: true,\n    required: ['read:user'],\n  },\n  initialize({ callbackUrl, config }) {\n    const clientId = config.getString('clientId');\n    const clientSecret = config.getString('clientSecret');\n    const enterpriseInstanceUrl = config\n      .getOptionalString('enterpriseInstanceUrl')\n      ?.replace(/\\/$/, '');\n    const authorizationUrl = enterpriseInstanceUrl\n      ? `${enterpriseInstanceUrl}/login/oauth/authorize`\n      : undefined;\n    const tokenUrl = enterpriseInstanceUrl\n      ? `${enterpriseInstanceUrl}/login/oauth/access_token`\n      : undefined;\n    const userProfileUrl = enterpriseInstanceUrl\n      ? `${enterpriseInstanceUrl}/api/v3/user`\n      : undefined;\n\n    return PassportOAuthAuthenticatorHelper.from(\n      new GithubStrategy(\n        {\n          clientID: clientId,\n          clientSecret: clientSecret,\n          callbackURL: callbackUrl,\n          tokenURL: tokenUrl,\n          userProfileURL: userProfileUrl,\n          authorizationURL: authorizationUrl,\n        },\n        (\n          accessToken: string,\n          refreshToken: string,\n          params: any,\n          fullProfile: PassportProfile,\n          done: PassportOAuthDoneCallback,\n        ) => {\n          done(\n            undefined,\n            { fullProfile, params, accessToken },\n            { refreshToken },\n          );\n        },\n      ),\n    );\n  },\n\n  async start(input, helper) {\n    return helper.start(input, {\n      accessType: 'offline',\n      prompt: 'consent',\n    });\n  },\n\n  async authenticate(input, helper) {\n    const { fullProfile, session } = await helper.authenticate(input);\n\n    // If we do not have a real refresh token and we have a non-expiring\n    // access token, then we use that as our refresh token.\n    if (!session.refreshToken && !session.expiresInSeconds) {\n      session.refreshToken = ACCESS_TOKEN_PREFIX + session.accessToken;\n    }\n    return { fullProfile, session };\n  },\n\n  async refresh(input, helper) {\n    // This is the OAuth App flow. A non-expiring access token is stored in the\n    // refresh token cookie. We use that token to fetch the user profile and\n    // refresh the Backstage session when needed.\n    if (input.refreshToken?.startsWith(ACCESS_TOKEN_PREFIX)) {\n      const accessToken = input.refreshToken.slice(ACCESS_TOKEN_PREFIX.length);\n\n      const fullProfile = await helper\n        .fetchProfile(accessToken)\n        .catch(error => {\n          if (error.oauthError?.statusCode === 401) {\n            throw new Error('Invalid access token');\n          }\n          throw error;\n        });\n\n      return {\n        fullProfile,\n        session: {\n          accessToken,\n          tokenType: 'bearer',\n          scope: input.scope,\n          refreshToken: input.refreshToken,\n          // No expiration\n        },\n      };\n    }\n\n    // This is the App flow, which is close to a standard OAuth refresh flow. It has a\n    // pretty long session expiration, and it also ignores the requested scope, instead\n    // just allowing access to whatever is configured as part of the app installation.\n    return helper.refresh(input);\n  },\n});\n"],"names":["createOAuthAuthenticator","PassportOAuthAuthenticatorHelper","GithubStrategy"],"mappings":";;;;;AAwBA,MAAM,mBAAsB,GAAA,eAAA,CAAA;AAGrB,MAAM,sBAAsBA,uCAAyB,CAAA;AAAA,EAC1D,yBACEC,+CAAiC,CAAA,uBAAA;AAAA,EACnC,MAAQ,EAAA;AAAA,IACN,OAAS,EAAA,IAAA;AAAA,IACT,QAAA,EAAU,CAAC,WAAW,CAAA;AAAA,GACxB;AAAA,EACA,UAAW,CAAA,EAAE,WAAa,EAAA,MAAA,EAAU,EAAA;AAClC,IAAM,MAAA,QAAA,GAAW,MAAO,CAAA,SAAA,CAAU,UAAU,CAAA,CAAA;AAC5C,IAAM,MAAA,YAAA,GAAe,MAAO,CAAA,SAAA,CAAU,cAAc,CAAA,CAAA;AACpD,IAAA,MAAM,wBAAwB,MAC3B,CAAA,iBAAA,CAAkB,uBAAuB,CACxC,EAAA,OAAA,CAAQ,OAAO,EAAE,CAAA,CAAA;AACrB,IAAA,MAAM,gBAAmB,GAAA,qBAAA,GACrB,CAAG,EAAA,qBAAqB,CACxB,sBAAA,CAAA,GAAA,KAAA,CAAA,CAAA;AACJ,IAAA,MAAM,QAAW,GAAA,qBAAA,GACb,CAAG,EAAA,qBAAqB,CACxB,yBAAA,CAAA,GAAA,KAAA,CAAA,CAAA;AACJ,IAAA,MAAM,cAAiB,GAAA,qBAAA,GACnB,CAAG,EAAA,qBAAqB,CACxB,YAAA,CAAA,GAAA,KAAA,CAAA,CAAA;AAEJ,IAAA,OAAOA,+CAAiC,CAAA,IAAA;AAAA,MACtC,IAAIC,wBAAA;AAAA,QACF;AAAA,UACE,QAAU,EAAA,QAAA;AAAA,UACV,YAAA;AAAA,UACA,WAAa,EAAA,WAAA;AAAA,UACb,QAAU,EAAA,QAAA;AAAA,UACV,cAAgB,EAAA,cAAA;AAAA,UAChB,gBAAkB,EAAA,gBAAA;AAAA,SACpB;AAAA,QACA,CACE,WAAA,EACA,YACA,EAAA,MAAA,EACA,aACA,IACG,KAAA;AACH,UAAA,IAAA;AAAA,YACE,KAAA,CAAA;AAAA,YACA,EAAE,WAAa,EAAA,MAAA,EAAQ,WAAY,EAAA;AAAA,YACnC,EAAE,YAAa,EAAA;AAAA,WACjB,CAAA;AAAA,SACF;AAAA,OACF;AAAA,KACF,CAAA;AAAA,GACF;AAAA,EAEA,MAAM,KAAM,CAAA,KAAA,EAAO,MAAQ,EAAA;AACzB,IAAO,OAAA,MAAA,CAAO,MAAM,KAAO,EAAA;AAAA,MACzB,UAAY,EAAA,SAAA;AAAA,MACZ,MAAQ,EAAA,SAAA;AAAA,KACT,CAAA,CAAA;AAAA,GACH;AAAA,EAEA,MAAM,YAAa,CAAA,KAAA,EAAO,MAAQ,EAAA;AAChC,IAAA,MAAM,EAAE,WAAa,EAAA,OAAA,KAAY,MAAM,MAAA,CAAO,aAAa,KAAK,CAAA,CAAA;AAIhE,IAAA,IAAI,CAAC,OAAA,CAAQ,YAAgB,IAAA,CAAC,QAAQ,gBAAkB,EAAA;AACtD,MAAQ,OAAA,CAAA,YAAA,GAAe,sBAAsB,OAAQ,CAAA,WAAA,CAAA;AAAA,KACvD;AACA,IAAO,OAAA,EAAE,aAAa,OAAQ,EAAA,CAAA;AAAA,GAChC;AAAA,EAEA,MAAM,OAAQ,CAAA,KAAA,EAAO,MAAQ,EAAA;AAI3B,IAAA,IAAI,KAAM,CAAA,YAAA,EAAc,UAAW,CAAA,mBAAmB,CAAG,EAAA;AACvD,MAAA,MAAM,WAAc,GAAA,KAAA,CAAM,YAAa,CAAA,KAAA,CAAM,oBAAoB,MAAM,CAAA,CAAA;AAEvE,MAAA,MAAM,cAAc,MAAM,MAAA,CACvB,aAAa,WAAW,CAAA,CACxB,MAAM,CAAS,KAAA,KAAA;AACd,QAAI,IAAA,KAAA,CAAM,UAAY,EAAA,UAAA,KAAe,GAAK,EAAA;AACxC,UAAM,MAAA,IAAI,MAAM,sBAAsB,CAAA,CAAA;AAAA,SACxC;AACA,QAAM,MAAA,KAAA,CAAA;AAAA,OACP,CAAA,CAAA;AAEH,MAAO,OAAA;AAAA,QACL,WAAA;AAAA,QACA,OAAS,EAAA;AAAA,UACP,WAAA;AAAA,UACA,SAAW,EAAA,QAAA;AAAA,UACX,OAAO,KAAM,CAAA,KAAA;AAAA,UACb,cAAc,KAAM,CAAA,YAAA;AAAA;AAAA,SAEtB;AAAA,OACF,CAAA;AAAA,KACF;AAKA,IAAO,OAAA,MAAA,CAAO,QAAQ,KAAK,CAAA,CAAA;AAAA,GAC7B;AACF,CAAC;;;;"}

package/dist/index.cjs.js

@@ -2,121 +2,16 @@
 
 Object.defineProperty(exports, '__esModule', { value: true });
 
-var passportGithub2 = require('passport-github2');
-var pluginAuthNode = require('@backstage/plugin-auth-node');
-var backendPluginApi = require('@backstage/backend-plugin-api');
+var authenticator = require('./authenticator.cjs.js');
+var module$1 = require('./module.cjs.js');
+var resolvers = require('./resolvers.cjs.js');
 
-const ACCESS_TOKEN_PREFIX = "access-token.";
-const githubAuthenticator = pluginAuthNode.createOAuthAuthenticator({
-  defaultProfileTransform: pluginAuthNode.PassportOAuthAuthenticatorHelper.defaultProfileTransform,
-  scopes: {
-    persist: true,
-    required: ["read:user"]
-  },
-  initialize({ callbackUrl, config }) {
-    const clientId = config.getString("clientId");
-    const clientSecret = config.getString("clientSecret");
-    const enterpriseInstanceUrl = config.getOptionalString("enterpriseInstanceUrl")?.replace(/\/$/, "");
-    const authorizationUrl = enterpriseInstanceUrl ? `${enterpriseInstanceUrl}/login/oauth/authorize` : void 0;
-    const tokenUrl = enterpriseInstanceUrl ? `${enterpriseInstanceUrl}/login/oauth/access_token` : void 0;
-    const userProfileUrl = enterpriseInstanceUrl ? `${enterpriseInstanceUrl}/api/v3/user` : void 0;
-    return pluginAuthNode.PassportOAuthAuthenticatorHelper.from(
-      new passportGithub2.Strategy(
-        {
-          clientID: clientId,
-          clientSecret,
-          callbackURL: callbackUrl,
-          tokenURL: tokenUrl,
-          userProfileURL: userProfileUrl,
-          authorizationURL: authorizationUrl
-        },
-        (accessToken, refreshToken, params, fullProfile, done) => {
-          done(
-            void 0,
-            { fullProfile, params, accessToken },
-            { refreshToken }
-          );
-        }
-      )
-    );
-  },
-  async start(input, helper) {
-    return helper.start(input, {
-      accessType: "offline",
-      prompt: "consent"
-    });
-  },
-  async authenticate(input, helper) {
-    const { fullProfile, session } = await helper.authenticate(input);
-    if (!session.refreshToken && !session.expiresInSeconds) {
-      session.refreshToken = ACCESS_TOKEN_PREFIX + session.accessToken;
-    }
-    return { fullProfile, session };
-  },
-  async refresh(input, helper) {
-    if (input.refreshToken?.startsWith(ACCESS_TOKEN_PREFIX)) {
-      const accessToken = input.refreshToken.slice(ACCESS_TOKEN_PREFIX.length);
-      const fullProfile = await helper.fetchProfile(accessToken).catch((error) => {
-        if (error.oauthError?.statusCode === 401) {
-          throw new Error("Invalid access token");
-        }
-        throw error;
-      });
-      return {
-        fullProfile,
-        session: {
-          accessToken,
-          tokenType: "bearer",
-          scope: input.scope,
-          refreshToken: input.refreshToken
-          // No expiration
-        }
-      };
-    }
-    return helper.refresh(input);
-  }
-});
 
-exports.githubSignInResolvers = void 0;
-((githubSignInResolvers2) => {
-  githubSignInResolvers2.usernameMatchingUserEntityName = pluginAuthNode.createSignInResolverFactory({
-    create() {
-      return async (info, ctx) => {
-        const { fullProfile } = info.result;
-        const userId = fullProfile.username;
-        if (!userId) {
-          throw new Error(`GitHub user profile does not contain a username`);
-        }
-        return ctx.signInWithCatalogUser({ entityRef: { name: userId } });
-      };
-    }
-  });
-})(exports.githubSignInResolvers || (exports.githubSignInResolvers = {}));
 
-const authModuleGithubProvider = backendPluginApi.createBackendModule({
-  pluginId: "auth",
-  moduleId: "github-provider",
-  register(reg) {
-    reg.registerInit({
-      deps: {
-        providers: pluginAuthNode.authProvidersExtensionPoint
-      },
-      async init({ providers }) {
-        providers.registerProvider({
-          providerId: "github",
-          factory: pluginAuthNode.createOAuthProviderFactory({
-            authenticator: githubAuthenticator,
-            signInResolverFactories: {
-              ...exports.githubSignInResolvers,
-              ...pluginAuthNode.commonSignInResolvers
-            }
-          })
-        });
-      }
-    });
-  }
+exports.githubAuthenticator = authenticator.githubAuthenticator;
+exports.default = module$1.authModuleGithubProvider;
+Object.defineProperty(exports, "githubSignInResolvers", {
+	enumerable: true,
+	get: function () { return resolvers.githubSignInResolvers; }
 });
-
-exports.default = authModuleGithubProvider;
-exports.githubAuthenticator = githubAuthenticator;
 //# sourceMappingURL=index.cjs.js.map

package/dist/index.cjs.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.cjs.js","sources":["../src/authenticator.ts","../src/resolvers.ts","../src/module.ts"],"sourcesContent":["/*\n * Copyright 2023 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n *     http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { Strategy as GithubStrategy } from 'passport-github2';\nimport {\n  createOAuthAuthenticator,\n  PassportOAuthAuthenticatorHelper,\n  PassportOAuthDoneCallback,\n  PassportProfile,\n} from '@backstage/plugin-auth-node';\n\nconst ACCESS_TOKEN_PREFIX = 'access-token.';\n\n/** @public */\nexport const githubAuthenticator = createOAuthAuthenticator({\n  defaultProfileTransform:\n    PassportOAuthAuthenticatorHelper.defaultProfileTransform,\n  scopes: {\n    persist: true,\n    required: ['read:user'],\n  },\n  initialize({ callbackUrl, config }) {\n    const clientId = config.getString('clientId');\n    const clientSecret = config.getString('clientSecret');\n    const enterpriseInstanceUrl = config\n      .getOptionalString('enterpriseInstanceUrl')\n      ?.replace(/\\/$/, '');\n    const authorizationUrl = enterpriseInstanceUrl\n      ? `${enterpriseInstanceUrl}/login/oauth/authorize`\n      : undefined;\n    const tokenUrl = enterpriseInstanceUrl\n      ? `${enterpriseInstanceUrl}/login/oauth/access_token`\n      : undefined;\n    const userProfileUrl = enterpriseInstanceUrl\n      ? `${enterpriseInstanceUrl}/api/v3/user`\n      : undefined;\n\n    return PassportOAuthAuthenticatorHelper.from(\n      new GithubStrategy(\n        {\n          clientID: clientId,\n          clientSecret: clientSecret,\n          callbackURL: callbackUrl,\n          tokenURL: tokenUrl,\n          userProfileURL: userProfileUrl,\n          authorizationURL: authorizationUrl,\n        },\n        (\n          accessToken: string,\n          refreshToken: string,\n          params: any,\n          fullProfile: PassportProfile,\n          done: PassportOAuthDoneCallback,\n        ) => {\n          done(\n            undefined,\n            { fullProfile, params, accessToken },\n            { refreshToken },\n          );\n        },\n      ),\n    );\n  },\n\n  async start(input, helper) {\n    return helper.start(input, {\n      accessType: 'offline',\n      prompt: 'consent',\n    });\n  },\n\n  async authenticate(input, helper) {\n    const { fullProfile, session } = await helper.authenticate(input);\n\n    // If we do not have a real refresh token and we have a non-expiring\n    // access token, then we use that as our refresh token.\n    if (!session.refreshToken && !session.expiresInSeconds) {\n      session.refreshToken = ACCESS_TOKEN_PREFIX + session.accessToken;\n    }\n    return { fullProfile, session };\n  },\n\n  async refresh(input, helper) {\n    // This is the OAuth App flow. A non-expiring access token is stored in the\n    // refresh token cookie. We use that token to fetch the user profile and\n    // refresh the Backstage session when needed.\n    if (input.refreshToken?.startsWith(ACCESS_TOKEN_PREFIX)) {\n      const accessToken = input.refreshToken.slice(ACCESS_TOKEN_PREFIX.length);\n\n      const fullProfile = await helper\n        .fetchProfile(accessToken)\n        .catch(error => {\n          if (error.oauthError?.statusCode === 401) {\n            throw new Error('Invalid access token');\n          }\n          throw error;\n        });\n\n      return {\n        fullProfile,\n        session: {\n          accessToken,\n          tokenType: 'bearer',\n          scope: input.scope,\n          refreshToken: input.refreshToken,\n          // No expiration\n        },\n      };\n    }\n\n    // This is the App flow, which is close to a standard OAuth refresh flow. It has a\n    // pretty long session expiration, and it also ignores the requested scope, instead\n    // just allowing access to whatever is configured as part of the app installation.\n    return helper.refresh(input);\n  },\n});\n","/*\n * Copyright 2023 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n *     http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport {\n  createSignInResolverFactory,\n  OAuthAuthenticatorResult,\n  PassportProfile,\n  SignInInfo,\n} from '@backstage/plugin-auth-node';\n\n/**\n * Available sign-in resolvers for the GitHub auth provider.\n *\n * @public\n */\nexport namespace githubSignInResolvers {\n  /**\n   * Looks up the user by matching their GitHub username to the entity name.\n   */\n  export const usernameMatchingUserEntityName = createSignInResolverFactory({\n    create() {\n      return async (\n        info: SignInInfo<OAuthAuthenticatorResult<PassportProfile>>,\n        ctx,\n      ) => {\n        const { fullProfile } = info.result;\n\n        const userId = fullProfile.username;\n        if (!userId) {\n          throw new Error(`GitHub user profile does not contain a username`);\n        }\n\n        return ctx.signInWithCatalogUser({ entityRef: { name: userId } });\n      };\n    },\n  });\n}\n","/*\n * Copyright 2023 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n *     http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\nimport { createBackendModule } from '@backstage/backend-plugin-api';\nimport {\n  authProvidersExtensionPoint,\n  commonSignInResolvers,\n  createOAuthProviderFactory,\n} from '@backstage/plugin-auth-node';\nimport { githubAuthenticator } from './authenticator';\nimport { githubSignInResolvers } from './resolvers';\n\n/** @public */\nexport const authModuleGithubProvider = createBackendModule({\n  pluginId: 'auth',\n  moduleId: 'github-provider',\n  register(reg) {\n    reg.registerInit({\n      deps: {\n        providers: authProvidersExtensionPoint,\n      },\n      async init({ providers }) {\n        providers.registerProvider({\n          providerId: 'github',\n          factory: createOAuthProviderFactory({\n            authenticator: githubAuthenticator,\n            signInResolverFactories: {\n              ...githubSignInResolvers,\n              ...commonSignInResolvers,\n            },\n          }),\n        });\n      },\n    });\n  },\n});\n"],"names":["createOAuthAuthenticator","PassportOAuthAuthenticatorHelper","GithubStrategy","githubSignInResolvers","createSignInResolverFactory","createBackendModule","authProvidersExtensionPoint","createOAuthProviderFactory","commonSignInResolvers"],"mappings":";;;;;;;;AAwBA,MAAM,mBAAsB,GAAA,eAAA,CAAA;AAGrB,MAAM,sBAAsBA,uCAAyB,CAAA;AAAA,EAC1D,yBACEC,+CAAiC,CAAA,uBAAA;AAAA,EACnC,MAAQ,EAAA;AAAA,IACN,OAAS,EAAA,IAAA;AAAA,IACT,QAAA,EAAU,CAAC,WAAW,CAAA;AAAA,GACxB;AAAA,EACA,UAAW,CAAA,EAAE,WAAa,EAAA,MAAA,EAAU,EAAA;AAClC,IAAM,MAAA,QAAA,GAAW,MAAO,CAAA,SAAA,CAAU,UAAU,CAAA,CAAA;AAC5C,IAAM,MAAA,YAAA,GAAe,MAAO,CAAA,SAAA,CAAU,cAAc,CAAA,CAAA;AACpD,IAAA,MAAM,wBAAwB,MAC3B,CAAA,iBAAA,CAAkB,uBAAuB,CACxC,EAAA,OAAA,CAAQ,OAAO,EAAE,CAAA,CAAA;AACrB,IAAA,MAAM,gBAAmB,GAAA,qBAAA,GACrB,CAAG,EAAA,qBAAqB,CACxB,sBAAA,CAAA,GAAA,KAAA,CAAA,CAAA;AACJ,IAAA,MAAM,QAAW,GAAA,qBAAA,GACb,CAAG,EAAA,qBAAqB,CACxB,yBAAA,CAAA,GAAA,KAAA,CAAA,CAAA;AACJ,IAAA,MAAM,cAAiB,GAAA,qBAAA,GACnB,CAAG,EAAA,qBAAqB,CACxB,YAAA,CAAA,GAAA,KAAA,CAAA,CAAA;AAEJ,IAAA,OAAOA,+CAAiC,CAAA,IAAA;AAAA,MACtC,IAAIC,wBAAA;AAAA,QACF;AAAA,UACE,QAAU,EAAA,QAAA;AAAA,UACV,YAAA;AAAA,UACA,WAAa,EAAA,WAAA;AAAA,UACb,QAAU,EAAA,QAAA;AAAA,UACV,cAAgB,EAAA,cAAA;AAAA,UAChB,gBAAkB,EAAA,gBAAA;AAAA,SACpB;AAAA,QACA,CACE,WAAA,EACA,YACA,EAAA,MAAA,EACA,aACA,IACG,KAAA;AACH,UAAA,IAAA;AAAA,YACE,KAAA,CAAA;AAAA,YACA,EAAE,WAAa,EAAA,MAAA,EAAQ,WAAY,EAAA;AAAA,YACnC,EAAE,YAAa,EAAA;AAAA,WACjB,CAAA;AAAA,SACF;AAAA,OACF;AAAA,KACF,CAAA;AAAA,GACF;AAAA,EAEA,MAAM,KAAM,CAAA,KAAA,EAAO,MAAQ,EAAA;AACzB,IAAO,OAAA,MAAA,CAAO,MAAM,KAAO,EAAA;AAAA,MACzB,UAAY,EAAA,SAAA;AAAA,MACZ,MAAQ,EAAA,SAAA;AAAA,KACT,CAAA,CAAA;AAAA,GACH;AAAA,EAEA,MAAM,YAAa,CAAA,KAAA,EAAO,MAAQ,EAAA;AAChC,IAAA,MAAM,EAAE,WAAa,EAAA,OAAA,KAAY,MAAM,MAAA,CAAO,aAAa,KAAK,CAAA,CAAA;AAIhE,IAAA,IAAI,CAAC,OAAA,CAAQ,YAAgB,IAAA,CAAC,QAAQ,gBAAkB,EAAA;AACtD,MAAQ,OAAA,CAAA,YAAA,GAAe,sBAAsB,OAAQ,CAAA,WAAA,CAAA;AAAA,KACvD;AACA,IAAO,OAAA,EAAE,aAAa,OAAQ,EAAA,CAAA;AAAA,GAChC;AAAA,EAEA,MAAM,OAAQ,CAAA,KAAA,EAAO,MAAQ,EAAA;AAI3B,IAAA,IAAI,KAAM,CAAA,YAAA,EAAc,UAAW,CAAA,mBAAmB,CAAG,EAAA;AACvD,MAAA,MAAM,WAAc,GAAA,KAAA,CAAM,YAAa,CAAA,KAAA,CAAM,oBAAoB,MAAM,CAAA,CAAA;AAEvE,MAAA,MAAM,cAAc,MAAM,MAAA,CACvB,aAAa,WAAW,CAAA,CACxB,MAAM,CAAS,KAAA,KAAA;AACd,QAAI,IAAA,KAAA,CAAM,UAAY,EAAA,UAAA,KAAe,GAAK,EAAA;AACxC,UAAM,MAAA,IAAI,MAAM,sBAAsB,CAAA,CAAA;AAAA,SACxC;AACA,QAAM,MAAA,KAAA,CAAA;AAAA,OACP,CAAA,CAAA;AAEH,MAAO,OAAA;AAAA,QACL,WAAA;AAAA,QACA,OAAS,EAAA;AAAA,UACP,WAAA;AAAA,UACA,SAAW,EAAA,QAAA;AAAA,UACX,OAAO,KAAM,CAAA,KAAA;AAAA,UACb,cAAc,KAAM,CAAA,YAAA;AAAA;AAAA,SAEtB;AAAA,OACF,CAAA;AAAA,KACF;AAKA,IAAO,OAAA,MAAA,CAAO,QAAQ,KAAK,CAAA,CAAA;AAAA,GAC7B;AACF,CAAC;;ACpGgBC,uCAAA;AAAA,CAAV,CAAUA,sBAAV,KAAA;AAIE,EAAMA,sBAAAA,CAAA,iCAAiCC,0CAA4B,CAAA;AAAA,IACxE,MAAS,GAAA;AACP,MAAO,OAAA,OACL,MACA,GACG,KAAA;AACH,QAAM,MAAA,EAAE,WAAY,EAAA,GAAI,IAAK,CAAA,MAAA,CAAA;AAE7B,QAAA,MAAM,SAAS,WAAY,CAAA,QAAA,CAAA;AAC3B,QAAA,IAAI,CAAC,MAAQ,EAAA;AACX,UAAM,MAAA,IAAI,MAAM,CAAiD,+CAAA,CAAA,CAAA,CAAA;AAAA,SACnE;AAEA,QAAO,OAAA,GAAA,CAAI,sBAAsB,EAAE,SAAA,EAAW,EAAE,IAAM,EAAA,MAAA,IAAU,CAAA,CAAA;AAAA,OAClE,CAAA;AAAA,KACF;AAAA,GACD,CAAA,CAAA;AAAA,CApBc,EAAAD,6BAAA,KAAAA,6BAAA,GAAA,EAAA,CAAA,CAAA;;ACHV,MAAM,2BAA2BE,oCAAoB,CAAA;AAAA,EAC1D,QAAU,EAAA,MAAA;AAAA,EACV,QAAU,EAAA,iBAAA;AAAA,EACV,SAAS,GAAK,EAAA;AACZ,IAAA,GAAA,CAAI,YAAa,CAAA;AAAA,MACf,IAAM,EAAA;AAAA,QACJ,SAAW,EAAAC,0CAAA;AAAA,OACb;AAAA,MACA,MAAM,IAAA,CAAK,EAAE,SAAA,EAAa,EAAA;AACxB,QAAA,SAAA,CAAU,gBAAiB,CAAA;AAAA,UACzB,UAAY,EAAA,QAAA;AAAA,UACZ,SAASC,yCAA2B,CAAA;AAAA,YAClC,aAAe,EAAA,mBAAA;AAAA,YACf,uBAAyB,EAAA;AAAA,cACvB,GAAGJ,6BAAA;AAAA,cACH,GAAGK,oCAAA;AAAA,aACL;AAAA,WACD,CAAA;AAAA,SACF,CAAA,CAAA;AAAA,OACH;AAAA,KACD,CAAA,CAAA;AAAA,GACH;AACF,CAAC;;;;;"}
+{"version":3,"file":"index.cjs.js","sources":[],"sourcesContent":[],"names":[],"mappings":";;;;;;;;;;;;;;;"}

package/dist/module.cjs.js

@@ -0,0 +1,33 @@
+'use strict';
+
+var backendPluginApi = require('@backstage/backend-plugin-api');
+var pluginAuthNode = require('@backstage/plugin-auth-node');
+var authenticator = require('./authenticator.cjs.js');
+var resolvers = require('./resolvers.cjs.js');
+
+const authModuleGithubProvider = backendPluginApi.createBackendModule({
+  pluginId: "auth",
+  moduleId: "github-provider",
+  register(reg) {
+    reg.registerInit({
+      deps: {
+        providers: pluginAuthNode.authProvidersExtensionPoint
+      },
+      async init({ providers }) {
+        providers.registerProvider({
+          providerId: "github",
+          factory: pluginAuthNode.createOAuthProviderFactory({
+            authenticator: authenticator.githubAuthenticator,
+            signInResolverFactories: {
+              ...resolvers.githubSignInResolvers,
+              ...pluginAuthNode.commonSignInResolvers
+            }
+          })
+        });
+      }
+    });
+  }
+});
+
+exports.authModuleGithubProvider = authModuleGithubProvider;
+//# sourceMappingURL=module.cjs.js.map

package/dist/module.cjs.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"module.cjs.js","sources":["../src/module.ts"],"sourcesContent":["/*\n * Copyright 2023 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n *     http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\nimport { createBackendModule } from '@backstage/backend-plugin-api';\nimport {\n  authProvidersExtensionPoint,\n  commonSignInResolvers,\n  createOAuthProviderFactory,\n} from '@backstage/plugin-auth-node';\nimport { githubAuthenticator } from './authenticator';\nimport { githubSignInResolvers } from './resolvers';\n\n/** @public */\nexport const authModuleGithubProvider = createBackendModule({\n  pluginId: 'auth',\n  moduleId: 'github-provider',\n  register(reg) {\n    reg.registerInit({\n      deps: {\n        providers: authProvidersExtensionPoint,\n      },\n      async init({ providers }) {\n        providers.registerProvider({\n          providerId: 'github',\n          factory: createOAuthProviderFactory({\n            authenticator: githubAuthenticator,\n            signInResolverFactories: {\n              ...githubSignInResolvers,\n              ...commonSignInResolvers,\n            },\n          }),\n        });\n      },\n    });\n  },\n});\n"],"names":["createBackendModule","authProvidersExtensionPoint","createOAuthProviderFactory","githubAuthenticator","githubSignInResolvers","commonSignInResolvers"],"mappings":";;;;;;;AAyBO,MAAM,2BAA2BA,oCAAoB,CAAA;AAAA,EAC1D,QAAU,EAAA,MAAA;AAAA,EACV,QAAU,EAAA,iBAAA;AAAA,EACV,SAAS,GAAK,EAAA;AACZ,IAAA,GAAA,CAAI,YAAa,CAAA;AAAA,MACf,IAAM,EAAA;AAAA,QACJ,SAAW,EAAAC,0CAAA;AAAA,OACb;AAAA,MACA,MAAM,IAAA,CAAK,EAAE,SAAA,EAAa,EAAA;AACxB,QAAA,SAAA,CAAU,gBAAiB,CAAA;AAAA,UACzB,UAAY,EAAA,QAAA;AAAA,UACZ,SAASC,yCAA2B,CAAA;AAAA,YAClC,aAAe,EAAAC,iCAAA;AAAA,YACf,uBAAyB,EAAA;AAAA,cACvB,GAAGC,+BAAA;AAAA,cACH,GAAGC,oCAAA;AAAA,aACL;AAAA,WACD,CAAA;AAAA,SACF,CAAA,CAAA;AAAA,OACH;AAAA,KACD,CAAA,CAAA;AAAA,GACH;AACF,CAAC;;;;"}

package/dist/resolvers.cjs.js

@@ -0,0 +1,20 @@
+'use strict';
+
+var pluginAuthNode = require('@backstage/plugin-auth-node');
+
+exports.githubSignInResolvers = void 0;
+((githubSignInResolvers2) => {
+  githubSignInResolvers2.usernameMatchingUserEntityName = pluginAuthNode.createSignInResolverFactory({
+    create() {
+      return async (info, ctx) => {
+        const { fullProfile } = info.result;
+        const userId = fullProfile.username;
+        if (!userId) {
+          throw new Error(`GitHub user profile does not contain a username`);
+        }
+        return ctx.signInWithCatalogUser({ entityRef: { name: userId } });
+      };
+    }
+  });
+})(exports.githubSignInResolvers || (exports.githubSignInResolvers = {}));
+//# sourceMappingURL=resolvers.cjs.js.map

package/dist/resolvers.cjs.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"resolvers.cjs.js","sources":["../src/resolvers.ts"],"sourcesContent":["/*\n * Copyright 2023 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n *     http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport {\n  createSignInResolverFactory,\n  OAuthAuthenticatorResult,\n  PassportProfile,\n  SignInInfo,\n} from '@backstage/plugin-auth-node';\n\n/**\n * Available sign-in resolvers for the GitHub auth provider.\n *\n * @public\n */\nexport namespace githubSignInResolvers {\n  /**\n   * Looks up the user by matching their GitHub username to the entity name.\n   */\n  export const usernameMatchingUserEntityName = createSignInResolverFactory({\n    create() {\n      return async (\n        info: SignInInfo<OAuthAuthenticatorResult<PassportProfile>>,\n        ctx,\n      ) => {\n        const { fullProfile } = info.result;\n\n        const userId = fullProfile.username;\n        if (!userId) {\n          throw new Error(`GitHub user profile does not contain a username`);\n        }\n\n        return ctx.signInWithCatalogUser({ entityRef: { name: userId } });\n      };\n    },\n  });\n}\n"],"names":["githubSignInResolvers","createSignInResolverFactory"],"mappings":";;;;AA4BiBA,uCAAA;AAAA,CAAV,CAAUA,sBAAV,KAAA;AAIE,EAAMA,sBAAAA,CAAA,iCAAiCC,0CAA4B,CAAA;AAAA,IACxE,MAAS,GAAA;AACP,MAAO,OAAA,OACL,MACA,GACG,KAAA;AACH,QAAM,MAAA,EAAE,WAAY,EAAA,GAAI,IAAK,CAAA,MAAA,CAAA;AAE7B,QAAA,MAAM,SAAS,WAAY,CAAA,QAAA,CAAA;AAC3B,QAAA,IAAI,CAAC,MAAQ,EAAA;AACX,UAAM,MAAA,IAAI,MAAM,CAAiD,+CAAA,CAAA,CAAA,CAAA;AAAA,SACnE;AAEA,QAAO,OAAA,GAAA,CAAI,sBAAsB,EAAE,SAAA,EAAW,EAAE,IAAM,EAAA,MAAA,IAAU,CAAA,CAAA;AAAA,OAClE,CAAA;AAAA,KACF;AAAA,GACD,CAAA,CAAA;AAAA,CApBc,EAAAD,6BAAA,KAAAA,6BAAA,GAAA,EAAA,CAAA,CAAA;;"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@backstage/plugin-auth-backend-module-github-provider",
-  "version": "0.2.1-next.0",
+  "version": "0.2.1",
   "description": "The github-provider backend module for the auth plugin.",
   "backstage": {
     "role": "backend-plugin-module",
@@ -34,15 +34,15 @@
     "test": "backstage-cli package test"
   },
   "dependencies": {
-    "@backstage/backend-plugin-api": "^1.0.1-next.0",
-    "@backstage/plugin-auth-node": "^0.5.3-next.0",
+    "@backstage/backend-plugin-api": "^1.0.1",
+    "@backstage/plugin-auth-node": "^0.5.3",
     "passport-github2": "^0.1.12"
   },
   "devDependencies": {
-    "@backstage/backend-defaults": "^0.5.1-next.0",
-    "@backstage/backend-test-utils": "^1.0.1-next.0",
-    "@backstage/cli": "^0.28.0-next.0",
-    "@backstage/plugin-auth-backend": "^0.23.1-next.0",
+    "@backstage/backend-defaults": "^0.5.1",
+    "@backstage/backend-test-utils": "^1.0.1",
+    "@backstage/cli": "^0.28.0",
+    "@backstage/plugin-auth-backend": "^0.23.1",
     "supertest": "^7.0.0"
   },
   "configSchema": "config.d.ts"