@backstage/plugin-auth-backend-module-microsoft-provider 0.1.19 → 0.2.0-next.0

package/CHANGELOG.md

@@ -1,12 +1,21 @@
 # @backstage/plugin-auth-backend-module-microsoft-provider
 
-## 0.1.19
+## 0.2.0-next.0
+
+### Minor Changes
+
+- d425fc4: **BREAKING**: The return values from `createBackendPlugin`, `createBackendModule`, and `createServiceFactory` are now simply `BackendFeature` and `ServiceFactory`, instead of the previously deprecated form of a function that returns them. For this reason, `createServiceFactory` also no longer accepts the callback form where you provide direct options to the service. This also affects all `coreServices.*` service refs.
+
+  This may in particular affect tests; if you were effectively doing `createBackendModule({...})()` (note the parentheses), you can now remove those extra parentheses at the end. You may encounter cases of this in your `packages/backend/src/index.ts` too, where you add plugins, modules, and services. If you were using `createServiceFactory` with a function as its argument for the purpose of passing in options, this pattern has been deprecated for a while and is no longer supported. You may want to explore the new multiton patterns to achieve your goals, or moving settings to app-config.
+
+  As part of this change, the `IdentityFactoryOptions` type was removed, and can no longer be used to tweak that service. The identity service was also deprecated some time ago, and you will want to [migrate to the new auth system](https://backstage.io/docs/tutorials/auth-service-migration) if you still rely on it.
 
 ### Patch Changes
 
+- 3c2d690: Allow users without defined email to be ingested by the `msgraph` catalog plugin and add `userIdMatchingUserEntityAnnotation` sign-in resolver for the Microsoft auth provider to support sign-in for users without defined email.
 - Updated dependencies
-  - @backstage/plugin-auth-node@0.5.1
-  - @backstage/backend-plugin-api@0.8.1
+  - @backstage/backend-plugin-api@0.9.0-next.0
+  - @backstage/plugin-auth-node@0.5.2-next.0
 
 ## 0.1.18
 

package/dist/index.cjs.js

@@ -146,6 +146,24 @@ exports.microsoftSignInResolvers = void 0;
       };
     }
   });
+  microsoftSignInResolvers2.userIdMatchingUserEntityAnnotation = pluginAuthNode.createSignInResolverFactory(
+    {
+      create() {
+        return async (info, ctx) => {
+          const { result } = info;
+          const id = result.fullProfile.id;
+          if (!id) {
+            throw new Error("Microsoft profile contained no id");
+          }
+          return ctx.signInWithCatalogUser({
+            annotations: {
+              "graph.microsoft.com/user-id": id
+            }
+          });
+        };
+      }
+    }
+  );
 })(exports.microsoftSignInResolvers || (exports.microsoftSignInResolvers = {}));
 
 const authModuleMicrosoftProvider$1 = backendPluginApi.createBackendModule({

package/dist/index.cjs.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.cjs.js","sources":["../src/strategy.ts","../src/authenticator.ts","../src/resolvers.ts","../src/module.ts","../src/deprecated.ts"],"sourcesContent":["/*\n * Copyright 2023 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n *     http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { PassportProfile } from '@backstage/plugin-auth-node';\nimport { decodeJwt } from 'jose';\nimport fetch from 'node-fetch';\nimport { Strategy as MicrosoftStrategy } from 'passport-microsoft';\n\nexport class ExtendedMicrosoftStrategy extends MicrosoftStrategy {\n  userProfile(\n    accessToken: string,\n    done: (err?: unknown, profile?: PassportProfile) => void,\n  ): void {\n    if (this.skipUserProfile(accessToken)) {\n      done(null, undefined);\n      return;\n    }\n\n    super.userProfile(\n      accessToken,\n      (err?: unknown, profile?: PassportProfile) => {\n        if (!profile || profile.photos) {\n          done(err, profile);\n          return;\n        }\n\n        this.getProfilePhotos(accessToken).then(photos => {\n          profile.photos = photos;\n          done(err, profile);\n        });\n      },\n    );\n  }\n\n  private hasGraphReadScope(accessToken: string): boolean {\n    const { aud, scp } = decodeJwt(accessToken);\n    return (\n      aud === '00000003-0000-0000-c000-000000000000' &&\n      !!scp &&\n      (scp as string)\n        .split(' ')\n        .map(s => s.toLocaleLowerCase('en-US'))\n        .some(s =>\n          [\n            'https://graph.microsoft.com/user.read',\n            'https://graph.microsoft.com/user.read.all',\n            'user.read',\n            'user.read.all',\n          ].includes(s),\n        )\n    );\n  }\n\n  private skipUserProfile(accessToken: string): boolean {\n    try {\n      return !this.hasGraphReadScope(accessToken);\n    } catch {\n      // If there is any error with checking the scope\n      // we fall back to not skipping the user profile\n      // which may still result in an auth failure\n      // e.g. due to a foreign scope.\n      return false;\n    }\n  }\n\n  private async getProfilePhotos(\n    accessToken: string,\n  ): Promise<Array<{ value: string }> | undefined> {\n    return this.getCurrentUserPhoto(accessToken, '96x96').then(photo =>\n      photo ? [{ value: photo }] : undefined,\n    );\n  }\n\n  private async getCurrentUserPhoto(\n    accessToken: string,\n    size: string,\n  ): Promise<string | undefined> {\n    try {\n      const res = await fetch(\n        `https://graph.microsoft.com/v1.0/me/photos/${size}/$value`,\n        {\n          headers: {\n            Authorization: `Bearer ${accessToken}`,\n          },\n        },\n      );\n      const data = await res.buffer();\n\n      return `data:image/jpeg;base64,${data.toString('base64')}`;\n    } catch (error) {\n      return undefined;\n    }\n  }\n}\n","/*\n * Copyright 2023 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n *     http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport {\n  createOAuthAuthenticator,\n  PassportOAuthAuthenticatorHelper,\n  PassportOAuthDoneCallback,\n  PassportProfile,\n} from '@backstage/plugin-auth-node';\nimport { ExtendedMicrosoftStrategy } from './strategy';\n\n/** @public */\nexport const microsoftAuthenticator = createOAuthAuthenticator({\n  defaultProfileTransform:\n    PassportOAuthAuthenticatorHelper.defaultProfileTransform,\n  scopes: {\n    required: ['email', 'openid', 'offline_access', 'user.read'],\n    transform({ requested, granted, required, additional }) {\n      // Resources scopes are of the form `<resource>/<scope>`, and are handled\n      // separately from the normal scopes in the client. When request a\n      // resource scope we should only include forward the request scope along\n      // with offline_access.\n      const hasResourceScope = Array.from(requested).some(s => s.includes('/'));\n      if (hasResourceScope) {\n        return [...requested, 'offline_access'];\n      }\n      return [...requested, ...granted, ...required, ...additional];\n    },\n  },\n  initialize({ callbackUrl, config }) {\n    const clientId = config.getString('clientId');\n    const clientSecret = config.getString('clientSecret');\n    const tenantId = config.getString('tenantId');\n    const domainHint = config.getOptionalString('domainHint');\n\n    const helper = PassportOAuthAuthenticatorHelper.from(\n      new ExtendedMicrosoftStrategy(\n        {\n          clientID: clientId,\n          clientSecret: clientSecret,\n          callbackURL: callbackUrl,\n          tenant: tenantId,\n        },\n        (\n          accessToken: string,\n          refreshToken: string,\n          params: any,\n          fullProfile: PassportProfile,\n          done: PassportOAuthDoneCallback,\n        ) => {\n          done(\n            undefined,\n            { fullProfile, params, accessToken },\n            { refreshToken },\n          );\n        },\n      ),\n    );\n\n    return {\n      helper,\n      domainHint,\n    };\n  },\n\n  async start(input, ctx) {\n    const options: Record<string, string> = {\n      accessType: 'offline',\n    };\n\n    if (ctx.domainHint !== undefined) {\n      options.domain_hint = ctx.domainHint;\n    }\n\n    return ctx.helper.start(input, options);\n  },\n\n  async authenticate(input, ctx) {\n    return ctx.helper.authenticate(input);\n  },\n\n  async refresh(input, ctx) {\n    return ctx.helper.refresh(input);\n  },\n});\n","/*\n * Copyright 2023 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n *     http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport {\n  OAuthAuthenticatorResult,\n  createSignInResolverFactory,\n  PassportProfile,\n  SignInInfo,\n} from '@backstage/plugin-auth-node';\n\n/**\n * Available sign-in resolvers for the Microsoft auth provider.\n *\n * @public\n */\nexport namespace microsoftSignInResolvers {\n  /**\n   * Looks up the user by matching their Microsoft username to the entity name.\n   */\n  export const emailMatchingUserEntityAnnotation = createSignInResolverFactory({\n    create() {\n      return async (\n        info: SignInInfo<OAuthAuthenticatorResult<PassportProfile>>,\n        ctx,\n      ) => {\n        const { profile } = info;\n\n        if (!profile.email) {\n          throw new Error('Microsoft profile contained no email');\n        }\n\n        return ctx.signInWithCatalogUser({\n          annotations: {\n            'microsoft.com/email': profile.email,\n          },\n        });\n      };\n    },\n  });\n}\n","/*\n * Copyright 2023 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n *     http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\nimport { createBackendModule } from '@backstage/backend-plugin-api';\nimport {\n  authProvidersExtensionPoint,\n  commonSignInResolvers,\n  createOAuthProviderFactory,\n} from '@backstage/plugin-auth-node';\nimport { microsoftAuthenticator } from './authenticator';\nimport { microsoftSignInResolvers } from './resolvers';\n\n/** @public */\nexport const authModuleMicrosoftProvider = createBackendModule({\n  pluginId: 'auth',\n  moduleId: 'microsoft-provider',\n  register(reg) {\n    reg.registerInit({\n      deps: {\n        providers: authProvidersExtensionPoint,\n      },\n      async init({ providers }) {\n        providers.registerProvider({\n          providerId: 'microsoft',\n          factory: createOAuthProviderFactory({\n            authenticator: microsoftAuthenticator,\n            signInResolverFactories: {\n              ...microsoftSignInResolvers,\n              ...commonSignInResolvers,\n            },\n          }),\n        });\n      },\n    });\n  },\n});\n","/*\n * Copyright 2023 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n *     http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { authModuleMicrosoftProvider as deprecatedAuthModuleMicrosoftProvider } from './module';\n\n/**\n * @public\n * @deprecated Use default import instead\n */\nexport const authModuleMicrosoftProvider =\n  deprecatedAuthModuleMicrosoftProvider;\n"],"names":["MicrosoftStrategy","decodeJwt","fetch","createOAuthAuthenticator","PassportOAuthAuthenticatorHelper","microsoftSignInResolvers","createSignInResolverFactory","authModuleMicrosoftProvider","createBackendModule","authProvidersExtensionPoint","createOAuthProviderFactory","commonSignInResolvers","deprecatedAuthModuleMicrosoftProvider"],"mappings":";;;;;;;;;;;;;;AAqBO,MAAM,kCAAkCA,0BAAkB,CAAA;AAAA,EAC/D,WAAA,CACE,aACA,IACM,EAAA;AACN,IAAI,IAAA,IAAA,CAAK,eAAgB,CAAA,WAAW,CAAG,EAAA;AACrC,MAAA,IAAA,CAAK,MAAM,KAAS,CAAA,CAAA,CAAA;AACpB,MAAA,OAAA;AAAA,KACF;AAEA,IAAM,KAAA,CAAA,WAAA;AAAA,MACJ,WAAA;AAAA,MACA,CAAC,KAAe,OAA8B,KAAA;AAC5C,QAAI,IAAA,CAAC,OAAW,IAAA,OAAA,CAAQ,MAAQ,EAAA;AAC9B,UAAA,IAAA,CAAK,KAAK,OAAO,CAAA,CAAA;AACjB,UAAA,OAAA;AAAA,SACF;AAEA,QAAA,IAAA,CAAK,gBAAiB,CAAA,WAAW,CAAE,CAAA,IAAA,CAAK,CAAU,MAAA,KAAA;AAChD,UAAA,OAAA,CAAQ,MAAS,GAAA,MAAA,CAAA;AACjB,UAAA,IAAA,CAAK,KAAK,OAAO,CAAA,CAAA;AAAA,SAClB,CAAA,CAAA;AAAA,OACH;AAAA,KACF,CAAA;AAAA,GACF;AAAA,EAEQ,kBAAkB,WAA8B,EAAA;AACtD,IAAA,MAAM,EAAE,GAAA,EAAK,GAAI,EAAA,GAAIC,eAAU,WAAW,CAAA,CAAA;AAC1C,IAAA,OACE,GAAQ,KAAA,sCAAA,IACR,CAAC,CAAC,OACD,GACE,CAAA,KAAA,CAAM,GAAG,CAAA,CACT,IAAI,CAAK,CAAA,KAAA,CAAA,CAAE,iBAAkB,CAAA,OAAO,CAAC,CACrC,CAAA,IAAA;AAAA,MAAK,CACJ,CAAA,KAAA;AAAA,QACE,uCAAA;AAAA,QACA,2CAAA;AAAA,QACA,WAAA;AAAA,QACA,eAAA;AAAA,OACF,CAAE,SAAS,CAAC,CAAA;AAAA,KACd,CAAA;AAAA,GAEN;AAAA,EAEQ,gBAAgB,WAA8B,EAAA;AACpD,IAAI,IAAA;AACF,MAAO,OAAA,CAAC,IAAK,CAAA,iBAAA,CAAkB,WAAW,CAAA,CAAA;AAAA,KACpC,CAAA,MAAA;AAKN,MAAO,OAAA,KAAA,CAAA;AAAA,KACT;AAAA,GACF;AAAA,EAEA,MAAc,iBACZ,WAC+C,EAAA;AAC/C,IAAA,OAAO,IAAK,CAAA,mBAAA,CAAoB,WAAa,EAAA,OAAO,CAAE,CAAA,IAAA;AAAA,MAAK,WACzD,KAAQ,GAAA,CAAC,EAAE,KAAO,EAAA,KAAA,EAAO,CAAI,GAAA,KAAA,CAAA;AAAA,KAC/B,CAAA;AAAA,GACF;AAAA,EAEA,MAAc,mBACZ,CAAA,WAAA,EACA,IAC6B,EAAA;AAC7B,IAAI,IAAA;AACF,MAAA,MAAM,MAAM,MAAMC,sBAAA;AAAA,QAChB,8CAA8C,IAAI,CAAA,OAAA,CAAA;AAAA,QAClD;AAAA,UACE,OAAS,EAAA;AAAA,YACP,aAAA,EAAe,UAAU,WAAW,CAAA,CAAA;AAAA,WACtC;AAAA,SACF;AAAA,OACF,CAAA;AACA,MAAM,MAAA,IAAA,GAAO,MAAM,GAAA,CAAI,MAAO,EAAA,CAAA;AAE9B,MAAA,OAAO,CAA0B,uBAAA,EAAA,IAAA,CAAK,QAAS,CAAA,QAAQ,CAAC,CAAA,CAAA,CAAA;AAAA,aACjD,KAAO,EAAA;AACd,MAAO,OAAA,KAAA,CAAA,CAAA;AAAA,KACT;AAAA,GACF;AACF;;ACjFO,MAAM,yBAAyBC,uCAAyB,CAAA;AAAA,EAC7D,yBACEC,+CAAiC,CAAA,uBAAA;AAAA,EACnC,MAAQ,EAAA;AAAA,IACN,QAAU,EAAA,CAAC,OAAS,EAAA,QAAA,EAAU,kBAAkB,WAAW,CAAA;AAAA,IAC3D,UAAU,EAAE,SAAA,EAAW,OAAS,EAAA,QAAA,EAAU,YAAc,EAAA;AAKtD,MAAM,MAAA,gBAAA,GAAmB,KAAM,CAAA,IAAA,CAAK,SAAS,CAAA,CAAE,KAAK,CAAK,CAAA,KAAA,CAAA,CAAE,QAAS,CAAA,GAAG,CAAC,CAAA,CAAA;AACxE,MAAA,IAAI,gBAAkB,EAAA;AACpB,QAAO,OAAA,CAAC,GAAG,SAAA,EAAW,gBAAgB,CAAA,CAAA;AAAA,OACxC;AACA,MAAO,OAAA,CAAC,GAAG,SAAW,EAAA,GAAG,SAAS,GAAG,QAAA,EAAU,GAAG,UAAU,CAAA,CAAA;AAAA,KAC9D;AAAA,GACF;AAAA,EACA,UAAW,CAAA,EAAE,WAAa,EAAA,MAAA,EAAU,EAAA;AAClC,IAAM,MAAA,QAAA,GAAW,MAAO,CAAA,SAAA,CAAU,UAAU,CAAA,CAAA;AAC5C,IAAM,MAAA,YAAA,GAAe,MAAO,CAAA,SAAA,CAAU,cAAc,CAAA,CAAA;AACpD,IAAM,MAAA,QAAA,GAAW,MAAO,CAAA,SAAA,CAAU,UAAU,CAAA,CAAA;AAC5C,IAAM,MAAA,UAAA,GAAa,MAAO,CAAA,iBAAA,CAAkB,YAAY,CAAA,CAAA;AAExD,IAAA,MAAM,SAASA,+CAAiC,CAAA,IAAA;AAAA,MAC9C,IAAI,yBAAA;AAAA,QACF;AAAA,UACE,QAAU,EAAA,QAAA;AAAA,UACV,YAAA;AAAA,UACA,WAAa,EAAA,WAAA;AAAA,UACb,MAAQ,EAAA,QAAA;AAAA,SACV;AAAA,QACA,CACE,WAAA,EACA,YACA,EAAA,MAAA,EACA,aACA,IACG,KAAA;AACH,UAAA,IAAA;AAAA,YACE,KAAA,CAAA;AAAA,YACA,EAAE,WAAa,EAAA,MAAA,EAAQ,WAAY,EAAA;AAAA,YACnC,EAAE,YAAa,EAAA;AAAA,WACjB,CAAA;AAAA,SACF;AAAA,OACF;AAAA,KACF,CAAA;AAEA,IAAO,OAAA;AAAA,MACL,MAAA;AAAA,MACA,UAAA;AAAA,KACF,CAAA;AAAA,GACF;AAAA,EAEA,MAAM,KAAM,CAAA,KAAA,EAAO,GAAK,EAAA;AACtB,IAAA,MAAM,OAAkC,GAAA;AAAA,MACtC,UAAY,EAAA,SAAA;AAAA,KACd,CAAA;AAEA,IAAI,IAAA,GAAA,CAAI,eAAe,KAAW,CAAA,EAAA;AAChC,MAAA,OAAA,CAAQ,cAAc,GAAI,CAAA,UAAA,CAAA;AAAA,KAC5B;AAEA,IAAA,OAAO,GAAI,CAAA,MAAA,CAAO,KAAM,CAAA,KAAA,EAAO,OAAO,CAAA,CAAA;AAAA,GACxC;AAAA,EAEA,MAAM,YAAa,CAAA,KAAA,EAAO,GAAK,EAAA;AAC7B,IAAO,OAAA,GAAA,CAAI,MAAO,CAAA,YAAA,CAAa,KAAK,CAAA,CAAA;AAAA,GACtC;AAAA,EAEA,MAAM,OAAQ,CAAA,KAAA,EAAO,GAAK,EAAA;AACxB,IAAO,OAAA,GAAA,CAAI,MAAO,CAAA,OAAA,CAAQ,KAAK,CAAA,CAAA;AAAA,GACjC;AACF,CAAC;;ACrEgBC,0CAAA;AAAA,CAAV,CAAUA,yBAAV,KAAA;AAIE,EAAMA,yBAAAA,CAAA,oCAAoCC,0CAA4B,CAAA;AAAA,IAC3E,MAAS,GAAA;AACP,MAAO,OAAA,OACL,MACA,GACG,KAAA;AACH,QAAM,MAAA,EAAE,SAAY,GAAA,IAAA,CAAA;AAEpB,QAAI,IAAA,CAAC,QAAQ,KAAO,EAAA;AAClB,UAAM,MAAA,IAAI,MAAM,sCAAsC,CAAA,CAAA;AAAA,SACxD;AAEA,QAAA,OAAO,IAAI,qBAAsB,CAAA;AAAA,UAC/B,WAAa,EAAA;AAAA,YACX,uBAAuB,OAAQ,CAAA,KAAA;AAAA,WACjC;AAAA,SACD,CAAA,CAAA;AAAA,OACH,CAAA;AAAA,KACF;AAAA,GACD,CAAA,CAAA;AAAA,CAvBc,EAAAD,gCAAA,KAAAA,gCAAA,GAAA,EAAA,CAAA,CAAA;;ACHV,MAAME,gCAA8BC,oCAAoB,CAAA;AAAA,EAC7D,QAAU,EAAA,MAAA;AAAA,EACV,QAAU,EAAA,oBAAA;AAAA,EACV,SAAS,GAAK,EAAA;AACZ,IAAA,GAAA,CAAI,YAAa,CAAA;AAAA,MACf,IAAM,EAAA;AAAA,QACJ,SAAW,EAAAC,0CAAA;AAAA,OACb;AAAA,MACA,MAAM,IAAA,CAAK,EAAE,SAAA,EAAa,EAAA;AACxB,QAAA,SAAA,CAAU,gBAAiB,CAAA;AAAA,UACzB,UAAY,EAAA,WAAA;AAAA,UACZ,SAASC,yCAA2B,CAAA;AAAA,YAClC,aAAe,EAAA,sBAAA;AAAA,YACf,uBAAyB,EAAA;AAAA,cACvB,GAAGL,gCAAA;AAAA,cACH,GAAGM,oCAAA;AAAA,aACL;AAAA,WACD,CAAA;AAAA,SACF,CAAA,CAAA;AAAA,OACH;AAAA,KACD,CAAA,CAAA;AAAA,GACH;AACF,CAAC;;ACzBM,MAAM,2BACX,GAAAC;;;;;;"}
+{"version":3,"file":"index.cjs.js","sources":["../src/strategy.ts","../src/authenticator.ts","../src/resolvers.ts","../src/module.ts","../src/deprecated.ts"],"sourcesContent":["/*\n * Copyright 2023 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n *     http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { PassportProfile } from '@backstage/plugin-auth-node';\nimport { decodeJwt } from 'jose';\nimport fetch from 'node-fetch';\nimport { Strategy as MicrosoftStrategy } from 'passport-microsoft';\n\nexport class ExtendedMicrosoftStrategy extends MicrosoftStrategy {\n  userProfile(\n    accessToken: string,\n    done: (err?: unknown, profile?: PassportProfile) => void,\n  ): void {\n    if (this.skipUserProfile(accessToken)) {\n      done(null, undefined);\n      return;\n    }\n\n    super.userProfile(\n      accessToken,\n      (err?: unknown, profile?: PassportProfile) => {\n        if (!profile || profile.photos) {\n          done(err, profile);\n          return;\n        }\n\n        this.getProfilePhotos(accessToken).then(photos => {\n          profile.photos = photos;\n          done(err, profile);\n        });\n      },\n    );\n  }\n\n  private hasGraphReadScope(accessToken: string): boolean {\n    const { aud, scp } = decodeJwt(accessToken);\n    return (\n      aud === '00000003-0000-0000-c000-000000000000' &&\n      !!scp &&\n      (scp as string)\n        .split(' ')\n        .map(s => s.toLocaleLowerCase('en-US'))\n        .some(s =>\n          [\n            'https://graph.microsoft.com/user.read',\n            'https://graph.microsoft.com/user.read.all',\n            'user.read',\n            'user.read.all',\n          ].includes(s),\n        )\n    );\n  }\n\n  private skipUserProfile(accessToken: string): boolean {\n    try {\n      return !this.hasGraphReadScope(accessToken);\n    } catch {\n      // If there is any error with checking the scope\n      // we fall back to not skipping the user profile\n      // which may still result in an auth failure\n      // e.g. due to a foreign scope.\n      return false;\n    }\n  }\n\n  private async getProfilePhotos(\n    accessToken: string,\n  ): Promise<Array<{ value: string }> | undefined> {\n    return this.getCurrentUserPhoto(accessToken, '96x96').then(photo =>\n      photo ? [{ value: photo }] : undefined,\n    );\n  }\n\n  private async getCurrentUserPhoto(\n    accessToken: string,\n    size: string,\n  ): Promise<string | undefined> {\n    try {\n      const res = await fetch(\n        `https://graph.microsoft.com/v1.0/me/photos/${size}/$value`,\n        {\n          headers: {\n            Authorization: `Bearer ${accessToken}`,\n          },\n        },\n      );\n      const data = await res.buffer();\n\n      return `data:image/jpeg;base64,${data.toString('base64')}`;\n    } catch (error) {\n      return undefined;\n    }\n  }\n}\n","/*\n * Copyright 2023 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n *     http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport {\n  createOAuthAuthenticator,\n  PassportOAuthAuthenticatorHelper,\n  PassportOAuthDoneCallback,\n  PassportProfile,\n} from '@backstage/plugin-auth-node';\nimport { ExtendedMicrosoftStrategy } from './strategy';\n\n/** @public */\nexport const microsoftAuthenticator = createOAuthAuthenticator({\n  defaultProfileTransform:\n    PassportOAuthAuthenticatorHelper.defaultProfileTransform,\n  scopes: {\n    required: ['email', 'openid', 'offline_access', 'user.read'],\n    transform({ requested, granted, required, additional }) {\n      // Resources scopes are of the form `<resource>/<scope>`, and are handled\n      // separately from the normal scopes in the client. When request a\n      // resource scope we should only include forward the request scope along\n      // with offline_access.\n      const hasResourceScope = Array.from(requested).some(s => s.includes('/'));\n      if (hasResourceScope) {\n        return [...requested, 'offline_access'];\n      }\n      return [...requested, ...granted, ...required, ...additional];\n    },\n  },\n  initialize({ callbackUrl, config }) {\n    const clientId = config.getString('clientId');\n    const clientSecret = config.getString('clientSecret');\n    const tenantId = config.getString('tenantId');\n    const domainHint = config.getOptionalString('domainHint');\n\n    const helper = PassportOAuthAuthenticatorHelper.from(\n      new ExtendedMicrosoftStrategy(\n        {\n          clientID: clientId,\n          clientSecret: clientSecret,\n          callbackURL: callbackUrl,\n          tenant: tenantId,\n        },\n        (\n          accessToken: string,\n          refreshToken: string,\n          params: any,\n          fullProfile: PassportProfile,\n          done: PassportOAuthDoneCallback,\n        ) => {\n          done(\n            undefined,\n            { fullProfile, params, accessToken },\n            { refreshToken },\n          );\n        },\n      ),\n    );\n\n    return {\n      helper,\n      domainHint,\n    };\n  },\n\n  async start(input, ctx) {\n    const options: Record<string, string> = {\n      accessType: 'offline',\n    };\n\n    if (ctx.domainHint !== undefined) {\n      options.domain_hint = ctx.domainHint;\n    }\n\n    return ctx.helper.start(input, options);\n  },\n\n  async authenticate(input, ctx) {\n    return ctx.helper.authenticate(input);\n  },\n\n  async refresh(input, ctx) {\n    return ctx.helper.refresh(input);\n  },\n});\n","/*\n * Copyright 2023 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n *     http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport {\n  OAuthAuthenticatorResult,\n  createSignInResolverFactory,\n  PassportProfile,\n  SignInInfo,\n} from '@backstage/plugin-auth-node';\n\n/**\n * Available sign-in resolvers for the Microsoft auth provider.\n *\n * @public\n */\nexport namespace microsoftSignInResolvers {\n  /**\n   * Looks up the user by matching their Microsoft email to the email entity annotation.\n   */\n  export const emailMatchingUserEntityAnnotation = createSignInResolverFactory({\n    create() {\n      return async (\n        info: SignInInfo<OAuthAuthenticatorResult<PassportProfile>>,\n        ctx,\n      ) => {\n        const { profile } = info;\n\n        if (!profile.email) {\n          throw new Error('Microsoft profile contained no email');\n        }\n\n        return ctx.signInWithCatalogUser({\n          annotations: {\n            'microsoft.com/email': profile.email,\n          },\n        });\n      };\n    },\n  });\n  /**\n   * Looks up the user by matching their Microsoft user id to the user id entity annotation.\n   */\n  export const userIdMatchingUserEntityAnnotation = createSignInResolverFactory(\n    {\n      create() {\n        return async (\n          info: SignInInfo<OAuthAuthenticatorResult<PassportProfile>>,\n          ctx,\n        ) => {\n          const { result } = info;\n\n          const id = result.fullProfile.id;\n\n          if (!id) {\n            throw new Error('Microsoft profile contained no id');\n          }\n\n          return ctx.signInWithCatalogUser({\n            annotations: {\n              'graph.microsoft.com/user-id': id,\n            },\n          });\n        };\n      },\n    },\n  );\n}\n","/*\n * Copyright 2023 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n *     http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\nimport { createBackendModule } from '@backstage/backend-plugin-api';\nimport {\n  authProvidersExtensionPoint,\n  commonSignInResolvers,\n  createOAuthProviderFactory,\n} from '@backstage/plugin-auth-node';\nimport { microsoftAuthenticator } from './authenticator';\nimport { microsoftSignInResolvers } from './resolvers';\n\n/** @public */\nexport const authModuleMicrosoftProvider = createBackendModule({\n  pluginId: 'auth',\n  moduleId: 'microsoft-provider',\n  register(reg) {\n    reg.registerInit({\n      deps: {\n        providers: authProvidersExtensionPoint,\n      },\n      async init({ providers }) {\n        providers.registerProvider({\n          providerId: 'microsoft',\n          factory: createOAuthProviderFactory({\n            authenticator: microsoftAuthenticator,\n            signInResolverFactories: {\n              ...microsoftSignInResolvers,\n              ...commonSignInResolvers,\n            },\n          }),\n        });\n      },\n    });\n  },\n});\n","/*\n * Copyright 2023 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n *     http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { authModuleMicrosoftProvider as deprecatedAuthModuleMicrosoftProvider } from './module';\n\n/**\n * @public\n * @deprecated Use default import instead\n */\nexport const authModuleMicrosoftProvider =\n  deprecatedAuthModuleMicrosoftProvider;\n"],"names":["MicrosoftStrategy","decodeJwt","fetch","createOAuthAuthenticator","PassportOAuthAuthenticatorHelper","microsoftSignInResolvers","createSignInResolverFactory","authModuleMicrosoftProvider","createBackendModule","authProvidersExtensionPoint","createOAuthProviderFactory","commonSignInResolvers","deprecatedAuthModuleMicrosoftProvider"],"mappings":";;;;;;;;;;;;;;AAqBO,MAAM,kCAAkCA,0BAAkB,CAAA;AAAA,EAC/D,WAAA,CACE,aACA,IACM,EAAA;AACN,IAAI,IAAA,IAAA,CAAK,eAAgB,CAAA,WAAW,CAAG,EAAA;AACrC,MAAA,IAAA,CAAK,MAAM,KAAS,CAAA,CAAA,CAAA;AACpB,MAAA,OAAA;AAAA,KACF;AAEA,IAAM,KAAA,CAAA,WAAA;AAAA,MACJ,WAAA;AAAA,MACA,CAAC,KAAe,OAA8B,KAAA;AAC5C,QAAI,IAAA,CAAC,OAAW,IAAA,OAAA,CAAQ,MAAQ,EAAA;AAC9B,UAAA,IAAA,CAAK,KAAK,OAAO,CAAA,CAAA;AACjB,UAAA,OAAA;AAAA,SACF;AAEA,QAAA,IAAA,CAAK,gBAAiB,CAAA,WAAW,CAAE,CAAA,IAAA,CAAK,CAAU,MAAA,KAAA;AAChD,UAAA,OAAA,CAAQ,MAAS,GAAA,MAAA,CAAA;AACjB,UAAA,IAAA,CAAK,KAAK,OAAO,CAAA,CAAA;AAAA,SAClB,CAAA,CAAA;AAAA,OACH;AAAA,KACF,CAAA;AAAA,GACF;AAAA,EAEQ,kBAAkB,WAA8B,EAAA;AACtD,IAAA,MAAM,EAAE,GAAA,EAAK,GAAI,EAAA,GAAIC,eAAU,WAAW,CAAA,CAAA;AAC1C,IAAA,OACE,GAAQ,KAAA,sCAAA,IACR,CAAC,CAAC,OACD,GACE,CAAA,KAAA,CAAM,GAAG,CAAA,CACT,IAAI,CAAK,CAAA,KAAA,CAAA,CAAE,iBAAkB,CAAA,OAAO,CAAC,CACrC,CAAA,IAAA;AAAA,MAAK,CACJ,CAAA,KAAA;AAAA,QACE,uCAAA;AAAA,QACA,2CAAA;AAAA,QACA,WAAA;AAAA,QACA,eAAA;AAAA,OACF,CAAE,SAAS,CAAC,CAAA;AAAA,KACd,CAAA;AAAA,GAEN;AAAA,EAEQ,gBAAgB,WAA8B,EAAA;AACpD,IAAI,IAAA;AACF,MAAO,OAAA,CAAC,IAAK,CAAA,iBAAA,CAAkB,WAAW,CAAA,CAAA;AAAA,KACpC,CAAA,MAAA;AAKN,MAAO,OAAA,KAAA,CAAA;AAAA,KACT;AAAA,GACF;AAAA,EAEA,MAAc,iBACZ,WAC+C,EAAA;AAC/C,IAAA,OAAO,IAAK,CAAA,mBAAA,CAAoB,WAAa,EAAA,OAAO,CAAE,CAAA,IAAA;AAAA,MAAK,WACzD,KAAQ,GAAA,CAAC,EAAE,KAAO,EAAA,KAAA,EAAO,CAAI,GAAA,KAAA,CAAA;AAAA,KAC/B,CAAA;AAAA,GACF;AAAA,EAEA,MAAc,mBACZ,CAAA,WAAA,EACA,IAC6B,EAAA;AAC7B,IAAI,IAAA;AACF,MAAA,MAAM,MAAM,MAAMC,sBAAA;AAAA,QAChB,8CAA8C,IAAI,CAAA,OAAA,CAAA;AAAA,QAClD;AAAA,UACE,OAAS,EAAA;AAAA,YACP,aAAA,EAAe,UAAU,WAAW,CAAA,CAAA;AAAA,WACtC;AAAA,SACF;AAAA,OACF,CAAA;AACA,MAAM,MAAA,IAAA,GAAO,MAAM,GAAA,CAAI,MAAO,EAAA,CAAA;AAE9B,MAAA,OAAO,CAA0B,uBAAA,EAAA,IAAA,CAAK,QAAS,CAAA,QAAQ,CAAC,CAAA,CAAA,CAAA;AAAA,aACjD,KAAO,EAAA;AACd,MAAO,OAAA,KAAA,CAAA,CAAA;AAAA,KACT;AAAA,GACF;AACF;;ACjFO,MAAM,yBAAyBC,uCAAyB,CAAA;AAAA,EAC7D,yBACEC,+CAAiC,CAAA,uBAAA;AAAA,EACnC,MAAQ,EAAA;AAAA,IACN,QAAU,EAAA,CAAC,OAAS,EAAA,QAAA,EAAU,kBAAkB,WAAW,CAAA;AAAA,IAC3D,UAAU,EAAE,SAAA,EAAW,OAAS,EAAA,QAAA,EAAU,YAAc,EAAA;AAKtD,MAAM,MAAA,gBAAA,GAAmB,KAAM,CAAA,IAAA,CAAK,SAAS,CAAA,CAAE,KAAK,CAAK,CAAA,KAAA,CAAA,CAAE,QAAS,CAAA,GAAG,CAAC,CAAA,CAAA;AACxE,MAAA,IAAI,gBAAkB,EAAA;AACpB,QAAO,OAAA,CAAC,GAAG,SAAA,EAAW,gBAAgB,CAAA,CAAA;AAAA,OACxC;AACA,MAAO,OAAA,CAAC,GAAG,SAAW,EAAA,GAAG,SAAS,GAAG,QAAA,EAAU,GAAG,UAAU,CAAA,CAAA;AAAA,KAC9D;AAAA,GACF;AAAA,EACA,UAAW,CAAA,EAAE,WAAa,EAAA,MAAA,EAAU,EAAA;AAClC,IAAM,MAAA,QAAA,GAAW,MAAO,CAAA,SAAA,CAAU,UAAU,CAAA,CAAA;AAC5C,IAAM,MAAA,YAAA,GAAe,MAAO,CAAA,SAAA,CAAU,cAAc,CAAA,CAAA;AACpD,IAAM,MAAA,QAAA,GAAW,MAAO,CAAA,SAAA,CAAU,UAAU,CAAA,CAAA;AAC5C,IAAM,MAAA,UAAA,GAAa,MAAO,CAAA,iBAAA,CAAkB,YAAY,CAAA,CAAA;AAExD,IAAA,MAAM,SAASA,+CAAiC,CAAA,IAAA;AAAA,MAC9C,IAAI,yBAAA;AAAA,QACF;AAAA,UACE,QAAU,EAAA,QAAA;AAAA,UACV,YAAA;AAAA,UACA,WAAa,EAAA,WAAA;AAAA,UACb,MAAQ,EAAA,QAAA;AAAA,SACV;AAAA,QACA,CACE,WAAA,EACA,YACA,EAAA,MAAA,EACA,aACA,IACG,KAAA;AACH,UAAA,IAAA;AAAA,YACE,KAAA,CAAA;AAAA,YACA,EAAE,WAAa,EAAA,MAAA,EAAQ,WAAY,EAAA;AAAA,YACnC,EAAE,YAAa,EAAA;AAAA,WACjB,CAAA;AAAA,SACF;AAAA,OACF;AAAA,KACF,CAAA;AAEA,IAAO,OAAA;AAAA,MACL,MAAA;AAAA,MACA,UAAA;AAAA,KACF,CAAA;AAAA,GACF;AAAA,EAEA,MAAM,KAAM,CAAA,KAAA,EAAO,GAAK,EAAA;AACtB,IAAA,MAAM,OAAkC,GAAA;AAAA,MACtC,UAAY,EAAA,SAAA;AAAA,KACd,CAAA;AAEA,IAAI,IAAA,GAAA,CAAI,eAAe,KAAW,CAAA,EAAA;AAChC,MAAA,OAAA,CAAQ,cAAc,GAAI,CAAA,UAAA,CAAA;AAAA,KAC5B;AAEA,IAAA,OAAO,GAAI,CAAA,MAAA,CAAO,KAAM,CAAA,KAAA,EAAO,OAAO,CAAA,CAAA;AAAA,GACxC;AAAA,EAEA,MAAM,YAAa,CAAA,KAAA,EAAO,GAAK,EAAA;AAC7B,IAAO,OAAA,GAAA,CAAI,MAAO,CAAA,YAAA,CAAa,KAAK,CAAA,CAAA;AAAA,GACtC;AAAA,EAEA,MAAM,OAAQ,CAAA,KAAA,EAAO,GAAK,EAAA;AACxB,IAAO,OAAA,GAAA,CAAI,MAAO,CAAA,OAAA,CAAQ,KAAK,CAAA,CAAA;AAAA,GACjC;AACF,CAAC;;ACrEgBC,0CAAA;AAAA,CAAV,CAAUA,yBAAV,KAAA;AAIE,EAAMA,yBAAAA,CAAA,oCAAoCC,0CAA4B,CAAA;AAAA,IAC3E,MAAS,GAAA;AACP,MAAO,OAAA,OACL,MACA,GACG,KAAA;AACH,QAAM,MAAA,EAAE,SAAY,GAAA,IAAA,CAAA;AAEpB,QAAI,IAAA,CAAC,QAAQ,KAAO,EAAA;AAClB,UAAM,MAAA,IAAI,MAAM,sCAAsC,CAAA,CAAA;AAAA,SACxD;AAEA,QAAA,OAAO,IAAI,qBAAsB,CAAA;AAAA,UAC/B,WAAa,EAAA;AAAA,YACX,uBAAuB,OAAQ,CAAA,KAAA;AAAA,WACjC;AAAA,SACD,CAAA,CAAA;AAAA,OACH,CAAA;AAAA,KACF;AAAA,GACD,CAAA,CAAA;AAIM,EAAMD,0BAAA,kCAAqC,GAAAC,0CAAA;AAAA,IAChD;AAAA,MACE,MAAS,GAAA;AACP,QAAO,OAAA,OACL,MACA,GACG,KAAA;AACH,UAAM,MAAA,EAAE,QAAW,GAAA,IAAA,CAAA;AAEnB,UAAM,MAAA,EAAA,GAAK,OAAO,WAAY,CAAA,EAAA,CAAA;AAE9B,UAAA,IAAI,CAAC,EAAI,EAAA;AACP,YAAM,MAAA,IAAI,MAAM,mCAAmC,CAAA,CAAA;AAAA,WACrD;AAEA,UAAA,OAAO,IAAI,qBAAsB,CAAA;AAAA,YAC/B,WAAa,EAAA;AAAA,cACX,6BAA+B,EAAA,EAAA;AAAA,aACjC;AAAA,WACD,CAAA,CAAA;AAAA,SACH,CAAA;AAAA,OACF;AAAA,KACF;AAAA,GACF,CAAA;AAAA,CAlDe,EAAAD,gCAAA,KAAAA,gCAAA,GAAA,EAAA,CAAA,CAAA;;ACHV,MAAME,gCAA8BC,oCAAoB,CAAA;AAAA,EAC7D,QAAU,EAAA,MAAA;AAAA,EACV,QAAU,EAAA,oBAAA;AAAA,EACV,SAAS,GAAK,EAAA;AACZ,IAAA,GAAA,CAAI,YAAa,CAAA;AAAA,MACf,IAAM,EAAA;AAAA,QACJ,SAAW,EAAAC,0CAAA;AAAA,OACb;AAAA,MACA,MAAM,IAAA,CAAK,EAAE,SAAA,EAAa,EAAA;AACxB,QAAA,SAAA,CAAU,gBAAiB,CAAA;AAAA,UACzB,UAAY,EAAA,WAAA;AAAA,UACZ,SAASC,yCAA2B,CAAA;AAAA,YAClC,aAAe,EAAA,sBAAA;AAAA,YACf,uBAAyB,EAAA;AAAA,cACvB,GAAGL,gCAAA;AAAA,cACH,GAAGM,oCAAA;AAAA,aACL;AAAA,WACD,CAAA;AAAA,SACF,CAAA,CAAA;AAAA,OACH;AAAA,KACD,CAAA,CAAA;AAAA,GACH;AACF,CAAC;;ACzBM,MAAM,2BACX,GAAAC;;;;;;"}

package/dist/index.d.ts

@@ -9,7 +9,7 @@ declare const microsoftAuthenticator: _backstage_plugin_auth_node.OAuthAuthentic
 }, PassportProfile>;
 
 /** @public */
-declare const authModuleMicrosoftProvider$1: _backstage_backend_plugin_api.BackendFeatureCompat;
+declare const authModuleMicrosoftProvider$1: _backstage_backend_plugin_api.BackendFeature;
 
 /**
  * Available sign-in resolvers for the Microsoft auth provider.
@@ -18,15 +18,19 @@ declare const authModuleMicrosoftProvider$1: _backstage_backend_plugin_api.Backe
  */
 declare namespace microsoftSignInResolvers {
     /**
-     * Looks up the user by matching their Microsoft username to the entity name.
+     * Looks up the user by matching their Microsoft email to the email entity annotation.
      */
     const emailMatchingUserEntityAnnotation: _backstage_plugin_auth_node.SignInResolverFactory<OAuthAuthenticatorResult<PassportProfile>, unknown>;
+    /**
+     * Looks up the user by matching their Microsoft user id to the user id entity annotation.
+     */
+    const userIdMatchingUserEntityAnnotation: _backstage_plugin_auth_node.SignInResolverFactory<OAuthAuthenticatorResult<PassportProfile>, unknown>;
 }
 
 /**
  * @public
  * @deprecated Use default import instead
  */
-declare const authModuleMicrosoftProvider: _backstage_backend_plugin_api.BackendFeatureCompat;
+declare const authModuleMicrosoftProvider: _backstage_backend_plugin_api.BackendFeature;
 
 export { authModuleMicrosoftProvider, authModuleMicrosoftProvider$1 as default, microsoftAuthenticator, microsoftSignInResolvers };

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@backstage/plugin-auth-backend-module-microsoft-provider",
-  "version": "0.1.19",
+  "version": "0.2.0-next.0",
   "description": "The microsoft-provider backend module for the auth plugin.",
   "backstage": {
     "role": "backend-plugin-module",
@@ -34,19 +34,19 @@
     "test": "backstage-cli package test"
   },
   "dependencies": {
-    "@backstage/backend-plugin-api": "^0.8.1",
-    "@backstage/plugin-auth-node": "^0.5.1",
+    "@backstage/backend-plugin-api": "^0.9.0-next.0",
+    "@backstage/plugin-auth-node": "^0.5.2-next.0",
     "express": "^4.18.2",
     "jose": "^5.0.0",
     "node-fetch": "^2.7.0",
     "passport-microsoft": "^1.0.0"
   },
   "devDependencies": {
-    "@backstage/backend-defaults": "^0.4.4",
-    "@backstage/backend-test-utils": "^0.5.1",
-    "@backstage/cli": "^0.27.0",
+    "@backstage/backend-defaults": "^0.5.0-next.0",
+    "@backstage/backend-test-utils": "^0.6.0-next.0",
+    "@backstage/cli": "^0.27.1-next.0",
     "@backstage/config": "^1.2.0",
-    "@backstage/plugin-auth-backend": "^0.22.12",
+    "@backstage/plugin-auth-backend": "^0.23.0-next.0",
     "@types/passport-microsoft": "^1.0.0",
     "msw": "^1.0.0",
     "supertest": "^6.3.3"