@backstage/plugin-auth-backend-module-microsoft-provider 0.2.2-next.1 → 0.2.2

package/CHANGELOG.md

@@ -1,5 +1,21 @@
 # @backstage/plugin-auth-backend-module-microsoft-provider
 
+## 0.2.2
+
+### Patch Changes
+
+- Updated dependencies
+  - @backstage/plugin-auth-node@0.5.4
+  - @backstage/backend-plugin-api@1.0.2
+
+## 0.2.2-next.2
+
+### Patch Changes
+
+- Updated dependencies
+  - @backstage/plugin-auth-node@0.5.4-next.2
+  - @backstage/backend-plugin-api@1.0.2-next.2
+
 ## 0.2.2-next.1
 
 ### Patch Changes

package/dist/authenticator.cjs.js.map

@@ -1 +1 @@
-{"version":3,"file":"authenticator.cjs.js","sources":["../src/authenticator.ts"],"sourcesContent":["/*\n * Copyright 2023 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n *     http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport {\n  createOAuthAuthenticator,\n  PassportOAuthAuthenticatorHelper,\n  PassportOAuthDoneCallback,\n  PassportProfile,\n} from '@backstage/plugin-auth-node';\nimport { ExtendedMicrosoftStrategy } from './strategy';\n\n/** @public */\nexport const microsoftAuthenticator = createOAuthAuthenticator({\n  defaultProfileTransform:\n    PassportOAuthAuthenticatorHelper.defaultProfileTransform,\n  scopes: {\n    required: ['email', 'openid', 'offline_access', 'user.read'],\n    transform({ requested, granted, required, additional }) {\n      // Resources scopes are of the form `<resource>/<scope>`, and are handled\n      // separately from the normal scopes in the client. When request a\n      // resource scope we should only include forward the request scope along\n      // with offline_access.\n      const hasResourceScope = Array.from(requested).some(s => s.includes('/'));\n      if (hasResourceScope) {\n        return [...requested, 'offline_access'];\n      }\n      return [...requested, ...granted, ...required, ...additional];\n    },\n  },\n  initialize({ callbackUrl, config }) {\n    const clientId = config.getString('clientId');\n    const clientSecret = config.getString('clientSecret');\n    const tenantId = config.getString('tenantId');\n    const domainHint = config.getOptionalString('domainHint');\n    const skipUserProfile =\n      config.getOptionalBoolean('skipUserProfile') ?? false;\n\n    const strategy = new ExtendedMicrosoftStrategy(\n      {\n        clientID: clientId,\n        clientSecret: clientSecret,\n        callbackURL: callbackUrl,\n        tenant: tenantId,\n      },\n      (\n        accessToken: string,\n        refreshToken: string,\n        params: any,\n        fullProfile: PassportProfile,\n        done: PassportOAuthDoneCallback,\n      ) => {\n        done(undefined, { fullProfile, params, accessToken }, { refreshToken });\n      },\n    );\n\n    strategy.setSkipUserProfile(skipUserProfile);\n    const helper = PassportOAuthAuthenticatorHelper.from(strategy);\n\n    return {\n      helper,\n      domainHint,\n    };\n  },\n\n  async start(input, ctx) {\n    const options: Record<string, string> = {\n      accessType: 'offline',\n    };\n\n    if (ctx.domainHint !== undefined) {\n      options.domain_hint = ctx.domainHint;\n    }\n\n    return ctx.helper.start(input, options);\n  },\n\n  async authenticate(input, ctx) {\n    return ctx.helper.authenticate(input);\n  },\n\n  async refresh(input, ctx) {\n    return ctx.helper.refresh(input);\n  },\n});\n"],"names":["createOAuthAuthenticator","PassportOAuthAuthenticatorHelper","strategy","ExtendedMicrosoftStrategy"],"mappings":";;;;;AAyBO,MAAM,yBAAyBA,uCAAyB,CAAA;AAAA,EAC7D,yBACEC,+CAAiC,CAAA,uBAAA;AAAA,EACnC,MAAQ,EAAA;AAAA,IACN,QAAU,EAAA,CAAC,OAAS,EAAA,QAAA,EAAU,kBAAkB,WAAW,CAAA;AAAA,IAC3D,UAAU,EAAE,SAAA,EAAW,OAAS,EAAA,QAAA,EAAU,YAAc,EAAA;AAKtD,MAAM,MAAA,gBAAA,GAAmB,KAAM,CAAA,IAAA,CAAK,SAAS,CAAA,CAAE,KAAK,CAAK,CAAA,KAAA,CAAA,CAAE,QAAS,CAAA,GAAG,CAAC,CAAA,CAAA;AACxE,MAAA,IAAI,gBAAkB,EAAA;AACpB,QAAO,OAAA,CAAC,GAAG,SAAA,EAAW,gBAAgB,CAAA,CAAA;AAAA,OACxC;AACA,MAAO,OAAA,CAAC,GAAG,SAAW,EAAA,GAAG,SAAS,GAAG,QAAA,EAAU,GAAG,UAAU,CAAA,CAAA;AAAA,KAC9D;AAAA,GACF;AAAA,EACA,UAAW,CAAA,EAAE,WAAa,EAAA,MAAA,EAAU,EAAA;AAClC,IAAM,MAAA,QAAA,GAAW,MAAO,CAAA,SAAA,CAAU,UAAU,CAAA,CAAA;AAC5C,IAAM,MAAA,YAAA,GAAe,MAAO,CAAA,SAAA,CAAU,cAAc,CAAA,CAAA;AACpD,IAAM,MAAA,QAAA,GAAW,MAAO,CAAA,SAAA,CAAU,UAAU,CAAA,CAAA;AAC5C,IAAM,MAAA,UAAA,GAAa,MAAO,CAAA,iBAAA,CAAkB,YAAY,CAAA,CAAA;AACxD,IAAA,MAAM,eACJ,GAAA,MAAA,CAAO,kBAAmB,CAAA,iBAAiB,CAAK,IAAA,KAAA,CAAA;AAElD,IAAA,MAAMC,aAAW,IAAIC,kCAAA;AAAA,MACnB;AAAA,QACE,QAAU,EAAA,QAAA;AAAA,QACV,YAAA;AAAA,QACA,WAAa,EAAA,WAAA;AAAA,QACb,MAAQ,EAAA,QAAA;AAAA,OACV;AAAA,MACA,CACE,WAAA,EACA,YACA,EAAA,MAAA,EACA,aACA,IACG,KAAA;AACH,QAAK,IAAA,CAAA,KAAA,CAAA,EAAW,EAAE,WAAa,EAAA,MAAA,EAAQ,aAAe,EAAA,EAAE,cAAc,CAAA,CAAA;AAAA,OACxE;AAAA,KACF,CAAA;AAEA,IAAAD,UAAA,CAAS,mBAAmB,eAAe,CAAA,CAAA;AAC3C,IAAM,MAAA,MAAA,GAASD,+CAAiC,CAAA,IAAA,CAAKC,UAAQ,CAAA,CAAA;AAE7D,IAAO,OAAA;AAAA,MACL,MAAA;AAAA,MACA,UAAA;AAAA,KACF,CAAA;AAAA,GACF;AAAA,EAEA,MAAM,KAAM,CAAA,KAAA,EAAO,GAAK,EAAA;AACtB,IAAA,MAAM,OAAkC,GAAA;AAAA,MACtC,UAAY,EAAA,SAAA;AAAA,KACd,CAAA;AAEA,IAAI,IAAA,GAAA,CAAI,eAAe,KAAW,CAAA,EAAA;AAChC,MAAA,OAAA,CAAQ,cAAc,GAAI,CAAA,UAAA,CAAA;AAAA,KAC5B;AAEA,IAAA,OAAO,GAAI,CAAA,MAAA,CAAO,KAAM,CAAA,KAAA,EAAO,OAAO,CAAA,CAAA;AAAA,GACxC;AAAA,EAEA,MAAM,YAAa,CAAA,KAAA,EAAO,GAAK,EAAA;AAC7B,IAAO,OAAA,GAAA,CAAI,MAAO,CAAA,YAAA,CAAa,KAAK,CAAA,CAAA;AAAA,GACtC;AAAA,EAEA,MAAM,OAAQ,CAAA,KAAA,EAAO,GAAK,EAAA;AACxB,IAAO,OAAA,GAAA,CAAI,MAAO,CAAA,OAAA,CAAQ,KAAK,CAAA,CAAA;AAAA,GACjC;AACF,CAAC;;;;"}
+{"version":3,"file":"authenticator.cjs.js","sources":["../src/authenticator.ts"],"sourcesContent":["/*\n * Copyright 2023 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n *     http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport {\n  createOAuthAuthenticator,\n  PassportOAuthAuthenticatorHelper,\n  PassportOAuthDoneCallback,\n  PassportProfile,\n} from '@backstage/plugin-auth-node';\nimport { ExtendedMicrosoftStrategy } from './strategy';\n\n/** @public */\nexport const microsoftAuthenticator = createOAuthAuthenticator({\n  defaultProfileTransform:\n    PassportOAuthAuthenticatorHelper.defaultProfileTransform,\n  scopes: {\n    required: ['email', 'openid', 'offline_access', 'user.read'],\n    transform({ requested, granted, required, additional }) {\n      // Resources scopes are of the form `<resource>/<scope>`, and are handled\n      // separately from the normal scopes in the client. When request a\n      // resource scope we should only include forward the request scope along\n      // with offline_access.\n      const hasResourceScope = Array.from(requested).some(s => s.includes('/'));\n      if (hasResourceScope) {\n        return [...requested, 'offline_access'];\n      }\n      return [...requested, ...granted, ...required, ...additional];\n    },\n  },\n  initialize({ callbackUrl, config }) {\n    const clientId = config.getString('clientId');\n    const clientSecret = config.getString('clientSecret');\n    const tenantId = config.getString('tenantId');\n    const domainHint = config.getOptionalString('domainHint');\n    const skipUserProfile =\n      config.getOptionalBoolean('skipUserProfile') ?? false;\n\n    const strategy = new ExtendedMicrosoftStrategy(\n      {\n        clientID: clientId,\n        clientSecret: clientSecret,\n        callbackURL: callbackUrl,\n        tenant: tenantId,\n      },\n      (\n        accessToken: string,\n        refreshToken: string,\n        params: any,\n        fullProfile: PassportProfile,\n        done: PassportOAuthDoneCallback,\n      ) => {\n        done(undefined, { fullProfile, params, accessToken }, { refreshToken });\n      },\n    );\n\n    strategy.setSkipUserProfile(skipUserProfile);\n    const helper = PassportOAuthAuthenticatorHelper.from(strategy);\n\n    return {\n      helper,\n      domainHint,\n    };\n  },\n\n  async start(input, ctx) {\n    const options: Record<string, string> = {\n      accessType: 'offline',\n    };\n\n    if (ctx.domainHint !== undefined) {\n      options.domain_hint = ctx.domainHint;\n    }\n\n    return ctx.helper.start(input, options);\n  },\n\n  async authenticate(input, ctx) {\n    return ctx.helper.authenticate(input);\n  },\n\n  async refresh(input, ctx) {\n    return ctx.helper.refresh(input);\n  },\n});\n"],"names":["createOAuthAuthenticator","PassportOAuthAuthenticatorHelper","strategy","ExtendedMicrosoftStrategy"],"mappings":";;;;;AAyBO,MAAM,yBAAyBA,uCAAyB,CAAA;AAAA,EAC7D,yBACEC,+CAAiC,CAAA,uBAAA;AAAA,EACnC,MAAQ,EAAA;AAAA,IACN,QAAU,EAAA,CAAC,OAAS,EAAA,QAAA,EAAU,kBAAkB,WAAW,CAAA;AAAA,IAC3D,UAAU,EAAE,SAAA,EAAW,OAAS,EAAA,QAAA,EAAU,YAAc,EAAA;AAKtD,MAAM,MAAA,gBAAA,GAAmB,KAAM,CAAA,IAAA,CAAK,SAAS,CAAA,CAAE,KAAK,CAAK,CAAA,KAAA,CAAA,CAAE,QAAS,CAAA,GAAG,CAAC,CAAA;AACxE,MAAA,IAAI,gBAAkB,EAAA;AACpB,QAAO,OAAA,CAAC,GAAG,SAAA,EAAW,gBAAgB,CAAA;AAAA;AAExC,MAAO,OAAA,CAAC,GAAG,SAAW,EAAA,GAAG,SAAS,GAAG,QAAA,EAAU,GAAG,UAAU,CAAA;AAAA;AAC9D,GACF;AAAA,EACA,UAAW,CAAA,EAAE,WAAa,EAAA,MAAA,EAAU,EAAA;AAClC,IAAM,MAAA,QAAA,GAAW,MAAO,CAAA,SAAA,CAAU,UAAU,CAAA;AAC5C,IAAM,MAAA,YAAA,GAAe,MAAO,CAAA,SAAA,CAAU,cAAc,CAAA;AACpD,IAAM,MAAA,QAAA,GAAW,MAAO,CAAA,SAAA,CAAU,UAAU,CAAA;AAC5C,IAAM,MAAA,UAAA,GAAa,MAAO,CAAA,iBAAA,CAAkB,YAAY,CAAA;AACxD,IAAA,MAAM,eACJ,GAAA,MAAA,CAAO,kBAAmB,CAAA,iBAAiB,CAAK,IAAA,KAAA;AAElD,IAAA,MAAMC,aAAW,IAAIC,kCAAA;AAAA,MACnB;AAAA,QACE,QAAU,EAAA,QAAA;AAAA,QACV,YAAA;AAAA,QACA,WAAa,EAAA,WAAA;AAAA,QACb,MAAQ,EAAA;AAAA,OACV;AAAA,MACA,CACE,WAAA,EACA,YACA,EAAA,MAAA,EACA,aACA,IACG,KAAA;AACH,QAAK,IAAA,CAAA,KAAA,CAAA,EAAW,EAAE,WAAa,EAAA,MAAA,EAAQ,aAAe,EAAA,EAAE,cAAc,CAAA;AAAA;AACxE,KACF;AAEA,IAAAD,UAAA,CAAS,mBAAmB,eAAe,CAAA;AAC3C,IAAM,MAAA,MAAA,GAASD,+CAAiC,CAAA,IAAA,CAAKC,UAAQ,CAAA;AAE7D,IAAO,OAAA;AAAA,MACL,MAAA;AAAA,MACA;AAAA,KACF;AAAA,GACF;AAAA,EAEA,MAAM,KAAM,CAAA,KAAA,EAAO,GAAK,EAAA;AACtB,IAAA,MAAM,OAAkC,GAAA;AAAA,MACtC,UAAY,EAAA;AAAA,KACd;AAEA,IAAI,IAAA,GAAA,CAAI,eAAe,KAAW,CAAA,EAAA;AAChC,MAAA,OAAA,CAAQ,cAAc,GAAI,CAAA,UAAA;AAAA;AAG5B,IAAA,OAAO,GAAI,CAAA,MAAA,CAAO,KAAM,CAAA,KAAA,EAAO,OAAO,CAAA;AAAA,GACxC;AAAA,EAEA,MAAM,YAAa,CAAA,KAAA,EAAO,GAAK,EAAA;AAC7B,IAAO,OAAA,GAAA,CAAI,MAAO,CAAA,YAAA,CAAa,KAAK,CAAA;AAAA,GACtC;AAAA,EAEA,MAAM,OAAQ,CAAA,KAAA,EAAO,GAAK,EAAA;AACxB,IAAO,OAAA,GAAA,CAAI,MAAO,CAAA,OAAA,CAAQ,KAAK,CAAA;AAAA;AAEnC,CAAC;;;;"}

package/dist/module.cjs.js.map

@@ -1 +1 @@
-{"version":3,"file":"module.cjs.js","sources":["../src/module.ts"],"sourcesContent":["/*\n * Copyright 2023 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n *     http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\nimport { createBackendModule } from '@backstage/backend-plugin-api';\nimport {\n  authProvidersExtensionPoint,\n  commonSignInResolvers,\n  createOAuthProviderFactory,\n} from '@backstage/plugin-auth-node';\nimport { microsoftAuthenticator } from './authenticator';\nimport { microsoftSignInResolvers } from './resolvers';\n\n/** @public */\nexport const authModuleMicrosoftProvider = createBackendModule({\n  pluginId: 'auth',\n  moduleId: 'microsoft-provider',\n  register(reg) {\n    reg.registerInit({\n      deps: {\n        providers: authProvidersExtensionPoint,\n      },\n      async init({ providers }) {\n        providers.registerProvider({\n          providerId: 'microsoft',\n          factory: createOAuthProviderFactory({\n            authenticator: microsoftAuthenticator,\n            signInResolverFactories: {\n              ...microsoftSignInResolvers,\n              ...commonSignInResolvers,\n            },\n          }),\n        });\n      },\n    });\n  },\n});\n"],"names":["createBackendModule","authProvidersExtensionPoint","createOAuthProviderFactory","microsoftAuthenticator","microsoftSignInResolvers","commonSignInResolvers"],"mappings":";;;;;;;AAyBO,MAAM,8BAA8BA,oCAAoB,CAAA;AAAA,EAC7D,QAAU,EAAA,MAAA;AAAA,EACV,QAAU,EAAA,oBAAA;AAAA,EACV,SAAS,GAAK,EAAA;AACZ,IAAA,GAAA,CAAI,YAAa,CAAA;AAAA,MACf,IAAM,EAAA;AAAA,QACJ,SAAW,EAAAC,0CAAA;AAAA,OACb;AAAA,MACA,MAAM,IAAA,CAAK,EAAE,SAAA,EAAa,EAAA;AACxB,QAAA,SAAA,CAAU,gBAAiB,CAAA;AAAA,UACzB,UAAY,EAAA,WAAA;AAAA,UACZ,SAASC,yCAA2B,CAAA;AAAA,YAClC,aAAe,EAAAC,oCAAA;AAAA,YACf,uBAAyB,EAAA;AAAA,cACvB,GAAGC,kCAAA;AAAA,cACH,GAAGC,oCAAA;AAAA,aACL;AAAA,WACD,CAAA;AAAA,SACF,CAAA,CAAA;AAAA,OACH;AAAA,KACD,CAAA,CAAA;AAAA,GACH;AACF,CAAC;;;;"}
+{"version":3,"file":"module.cjs.js","sources":["../src/module.ts"],"sourcesContent":["/*\n * Copyright 2023 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n *     http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\nimport { createBackendModule } from '@backstage/backend-plugin-api';\nimport {\n  authProvidersExtensionPoint,\n  commonSignInResolvers,\n  createOAuthProviderFactory,\n} from '@backstage/plugin-auth-node';\nimport { microsoftAuthenticator } from './authenticator';\nimport { microsoftSignInResolvers } from './resolvers';\n\n/** @public */\nexport const authModuleMicrosoftProvider = createBackendModule({\n  pluginId: 'auth',\n  moduleId: 'microsoft-provider',\n  register(reg) {\n    reg.registerInit({\n      deps: {\n        providers: authProvidersExtensionPoint,\n      },\n      async init({ providers }) {\n        providers.registerProvider({\n          providerId: 'microsoft',\n          factory: createOAuthProviderFactory({\n            authenticator: microsoftAuthenticator,\n            signInResolverFactories: {\n              ...microsoftSignInResolvers,\n              ...commonSignInResolvers,\n            },\n          }),\n        });\n      },\n    });\n  },\n});\n"],"names":["createBackendModule","authProvidersExtensionPoint","createOAuthProviderFactory","microsoftAuthenticator","microsoftSignInResolvers","commonSignInResolvers"],"mappings":";;;;;;;AAyBO,MAAM,8BAA8BA,oCAAoB,CAAA;AAAA,EAC7D,QAAU,EAAA,MAAA;AAAA,EACV,QAAU,EAAA,oBAAA;AAAA,EACV,SAAS,GAAK,EAAA;AACZ,IAAA,GAAA,CAAI,YAAa,CAAA;AAAA,MACf,IAAM,EAAA;AAAA,QACJ,SAAW,EAAAC;AAAA,OACb;AAAA,MACA,MAAM,IAAA,CAAK,EAAE,SAAA,EAAa,EAAA;AACxB,QAAA,SAAA,CAAU,gBAAiB,CAAA;AAAA,UACzB,UAAY,EAAA,WAAA;AAAA,UACZ,SAASC,yCAA2B,CAAA;AAAA,YAClC,aAAe,EAAAC,oCAAA;AAAA,YACf,uBAAyB,EAAA;AAAA,cACvB,GAAGC,kCAAA;AAAA,cACH,GAAGC;AAAA;AACL,WACD;AAAA,SACF,CAAA;AAAA;AACH,KACD,CAAA;AAAA;AAEL,CAAC;;;;"}

package/dist/resolvers.cjs.js.map

@@ -1 +1 @@
-{"version":3,"file":"resolvers.cjs.js","sources":["../src/resolvers.ts"],"sourcesContent":["/*\n * Copyright 2023 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n *     http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport {\n  OAuthAuthenticatorResult,\n  createSignInResolverFactory,\n  PassportProfile,\n  SignInInfo,\n} from '@backstage/plugin-auth-node';\n\n/**\n * Available sign-in resolvers for the Microsoft auth provider.\n *\n * @public\n */\nexport namespace microsoftSignInResolvers {\n  /**\n   * Looks up the user by matching their Microsoft email to the email entity annotation.\n   */\n  export const emailMatchingUserEntityAnnotation = createSignInResolverFactory({\n    create() {\n      return async (\n        info: SignInInfo<OAuthAuthenticatorResult<PassportProfile>>,\n        ctx,\n      ) => {\n        const { profile } = info;\n\n        if (!profile.email) {\n          throw new Error('Microsoft profile contained no email');\n        }\n\n        return ctx.signInWithCatalogUser({\n          annotations: {\n            'microsoft.com/email': profile.email,\n          },\n        });\n      };\n    },\n  });\n  /**\n   * Looks up the user by matching their Microsoft user id to the user id entity annotation.\n   */\n  export const userIdMatchingUserEntityAnnotation = createSignInResolverFactory(\n    {\n      create() {\n        return async (\n          info: SignInInfo<OAuthAuthenticatorResult<PassportProfile>>,\n          ctx,\n        ) => {\n          const { result } = info;\n\n          const id = result.fullProfile.id;\n\n          if (!id) {\n            throw new Error('Microsoft profile contained no id');\n          }\n\n          return ctx.signInWithCatalogUser({\n            annotations: {\n              'graph.microsoft.com/user-id': id,\n            },\n          });\n        };\n      },\n    },\n  );\n}\n"],"names":["microsoftSignInResolvers","createSignInResolverFactory"],"mappings":";;;;AA4BiBA,0CAAA;AAAA,CAAV,CAAUA,yBAAV,KAAA;AAIE,EAAMA,yBAAAA,CAAA,oCAAoCC,0CAA4B,CAAA;AAAA,IAC3E,MAAS,GAAA;AACP,MAAO,OAAA,OACL,MACA,GACG,KAAA;AACH,QAAM,MAAA,EAAE,SAAY,GAAA,IAAA,CAAA;AAEpB,QAAI,IAAA,CAAC,QAAQ,KAAO,EAAA;AAClB,UAAM,MAAA,IAAI,MAAM,sCAAsC,CAAA,CAAA;AAAA,SACxD;AAEA,QAAA,OAAO,IAAI,qBAAsB,CAAA;AAAA,UAC/B,WAAa,EAAA;AAAA,YACX,uBAAuB,OAAQ,CAAA,KAAA;AAAA,WACjC;AAAA,SACD,CAAA,CAAA;AAAA,OACH,CAAA;AAAA,KACF;AAAA,GACD,CAAA,CAAA;AAIM,EAAMD,0BAAA,kCAAqC,GAAAC,0CAAA;AAAA,IAChD;AAAA,MACE,MAAS,GAAA;AACP,QAAO,OAAA,OACL,MACA,GACG,KAAA;AACH,UAAM,MAAA,EAAE,QAAW,GAAA,IAAA,CAAA;AAEnB,UAAM,MAAA,EAAA,GAAK,OAAO,WAAY,CAAA,EAAA,CAAA;AAE9B,UAAA,IAAI,CAAC,EAAI,EAAA;AACP,YAAM,MAAA,IAAI,MAAM,mCAAmC,CAAA,CAAA;AAAA,WACrD;AAEA,UAAA,OAAO,IAAI,qBAAsB,CAAA;AAAA,YAC/B,WAAa,EAAA;AAAA,cACX,6BAA+B,EAAA,EAAA;AAAA,aACjC;AAAA,WACD,CAAA,CAAA;AAAA,SACH,CAAA;AAAA,OACF;AAAA,KACF;AAAA,GACF,CAAA;AAAA,CAlDe,EAAAD,gCAAA,KAAAA,gCAAA,GAAA,EAAA,CAAA,CAAA;;"}
+{"version":3,"file":"resolvers.cjs.js","sources":["../src/resolvers.ts"],"sourcesContent":["/*\n * Copyright 2023 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n *     http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport {\n  OAuthAuthenticatorResult,\n  createSignInResolverFactory,\n  PassportProfile,\n  SignInInfo,\n} from '@backstage/plugin-auth-node';\n\n/**\n * Available sign-in resolvers for the Microsoft auth provider.\n *\n * @public\n */\nexport namespace microsoftSignInResolvers {\n  /**\n   * Looks up the user by matching their Microsoft email to the email entity annotation.\n   */\n  export const emailMatchingUserEntityAnnotation = createSignInResolverFactory({\n    create() {\n      return async (\n        info: SignInInfo<OAuthAuthenticatorResult<PassportProfile>>,\n        ctx,\n      ) => {\n        const { profile } = info;\n\n        if (!profile.email) {\n          throw new Error('Microsoft profile contained no email');\n        }\n\n        return ctx.signInWithCatalogUser({\n          annotations: {\n            'microsoft.com/email': profile.email,\n          },\n        });\n      };\n    },\n  });\n  /**\n   * Looks up the user by matching their Microsoft user id to the user id entity annotation.\n   */\n  export const userIdMatchingUserEntityAnnotation = createSignInResolverFactory(\n    {\n      create() {\n        return async (\n          info: SignInInfo<OAuthAuthenticatorResult<PassportProfile>>,\n          ctx,\n        ) => {\n          const { result } = info;\n\n          const id = result.fullProfile.id;\n\n          if (!id) {\n            throw new Error('Microsoft profile contained no id');\n          }\n\n          return ctx.signInWithCatalogUser({\n            annotations: {\n              'graph.microsoft.com/user-id': id,\n            },\n          });\n        };\n      },\n    },\n  );\n}\n"],"names":["microsoftSignInResolvers","createSignInResolverFactory"],"mappings":";;;;AA4BiBA;AAAA,CAAV,CAAUA,yBAAV,KAAA;AAIE,EAAMA,yBAAAA,CAAA,oCAAoCC,0CAA4B,CAAA;AAAA,IAC3E,MAAS,GAAA;AACP,MAAO,OAAA,OACL,MACA,GACG,KAAA;AACH,QAAM,MAAA,EAAE,SAAY,GAAA,IAAA;AAEpB,QAAI,IAAA,CAAC,QAAQ,KAAO,EAAA;AAClB,UAAM,MAAA,IAAI,MAAM,sCAAsC,CAAA;AAAA;AAGxD,QAAA,OAAO,IAAI,qBAAsB,CAAA;AAAA,UAC/B,WAAa,EAAA;AAAA,YACX,uBAAuB,OAAQ,CAAA;AAAA;AACjC,SACD,CAAA;AAAA,OACH;AAAA;AACF,GACD,CAAA;AAIM,EAAMD,0BAAA,kCAAqC,GAAAC,0CAAA;AAAA,IAChD;AAAA,MACE,MAAS,GAAA;AACP,QAAO,OAAA,OACL,MACA,GACG,KAAA;AACH,UAAM,MAAA,EAAE,QAAW,GAAA,IAAA;AAEnB,UAAM,MAAA,EAAA,GAAK,OAAO,WAAY,CAAA,EAAA;AAE9B,UAAA,IAAI,CAAC,EAAI,EAAA;AACP,YAAM,MAAA,IAAI,MAAM,mCAAmC,CAAA;AAAA;AAGrD,UAAA,OAAO,IAAI,qBAAsB,CAAA;AAAA,YAC/B,WAAa,EAAA;AAAA,cACX,6BAA+B,EAAA;AAAA;AACjC,WACD,CAAA;AAAA,SACH;AAAA;AACF;AACF,GACF;AAAA,CAlDe,EAAAD,gCAAA,KAAAA,gCAAA,GAAA,EAAA,CAAA,CAAA;;"}

package/dist/strategy.cjs.js.map

@@ -1 +1 @@
-{"version":3,"file":"strategy.cjs.js","sources":["../src/strategy.ts"],"sourcesContent":["/*\n * Copyright 2023 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n *     http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { PassportProfile } from '@backstage/plugin-auth-node';\nimport { decodeJwt } from 'jose';\nimport fetch from 'node-fetch';\nimport { Strategy as MicrosoftStrategy } from 'passport-microsoft';\n\nexport class ExtendedMicrosoftStrategy extends MicrosoftStrategy {\n  private shouldSkipUserProfile = false;\n\n  public setSkipUserProfile(shouldSkipUserProfile: boolean): void {\n    this.shouldSkipUserProfile = shouldSkipUserProfile;\n  }\n\n  userProfile(\n    accessToken: string,\n    done: (err?: unknown, profile?: PassportProfile) => void,\n  ): void {\n    if (this.skipUserProfile(accessToken)) {\n      done(null, undefined);\n      return;\n    }\n\n    super.userProfile(\n      accessToken,\n      (err?: unknown, profile?: PassportProfile) => {\n        if (!profile || profile.photos) {\n          done(err, profile);\n          return;\n        }\n\n        this.getProfilePhotos(accessToken).then(photos => {\n          profile.photos = photos;\n          done(err, profile);\n        });\n      },\n    );\n  }\n\n  private hasGraphReadScope(accessToken: string): boolean {\n    const { aud, scp } = decodeJwt(accessToken);\n    return (\n      aud === '00000003-0000-0000-c000-000000000000' &&\n      !!scp &&\n      (scp as string)\n        .split(' ')\n        .map(s => s.toLocaleLowerCase('en-US'))\n        .some(s =>\n          [\n            'https://graph.microsoft.com/user.read',\n            'https://graph.microsoft.com/user.read.all',\n            'user.read',\n            'user.read.all',\n          ].includes(s),\n        )\n    );\n  }\n\n  private skipUserProfile(accessToken: string): boolean {\n    try {\n      return this.shouldSkipUserProfile || !this.hasGraphReadScope(accessToken);\n    } catch {\n      // If there is any error with checking the scope\n      // we fall back to not skipping the user profile\n      // which may still result in an auth failure\n      // e.g. due to a foreign scope.\n      return false;\n    }\n  }\n\n  private async getProfilePhotos(\n    accessToken: string,\n  ): Promise<Array<{ value: string }> | undefined> {\n    return this.getCurrentUserPhoto(accessToken, '96x96').then(photo =>\n      photo ? [{ value: photo }] : undefined,\n    );\n  }\n\n  private async getCurrentUserPhoto(\n    accessToken: string,\n    size: string,\n  ): Promise<string | undefined> {\n    try {\n      const res = await fetch(\n        `https://graph.microsoft.com/v1.0/me/photos/${size}/$value`,\n        {\n          headers: {\n            Authorization: `Bearer ${accessToken}`,\n          },\n        },\n      );\n      const data = await res.buffer();\n\n      return `data:image/jpeg;base64,${data.toString('base64')}`;\n    } catch (error) {\n      return undefined;\n    }\n  }\n}\n"],"names":["MicrosoftStrategy","decodeJwt","fetch"],"mappings":";;;;;;;;;;AAqBO,MAAM,kCAAkCA,0BAAkB,CAAA;AAAA,EACvD,qBAAwB,GAAA,KAAA,CAAA;AAAA,EAEzB,mBAAmB,qBAAsC,EAAA;AAC9D,IAAA,IAAA,CAAK,qBAAwB,GAAA,qBAAA,CAAA;AAAA,GAC/B;AAAA,EAEA,WAAA,CACE,aACA,IACM,EAAA;AACN,IAAI,IAAA,IAAA,CAAK,eAAgB,CAAA,WAAW,CAAG,EAAA;AACrC,MAAA,IAAA,CAAK,MAAM,KAAS,CAAA,CAAA,CAAA;AACpB,MAAA,OAAA;AAAA,KACF;AAEA,IAAM,KAAA,CAAA,WAAA;AAAA,MACJ,WAAA;AAAA,MACA,CAAC,KAAe,OAA8B,KAAA;AAC5C,QAAI,IAAA,CAAC,OAAW,IAAA,OAAA,CAAQ,MAAQ,EAAA;AAC9B,UAAA,IAAA,CAAK,KAAK,OAAO,CAAA,CAAA;AACjB,UAAA,OAAA;AAAA,SACF;AAEA,QAAA,IAAA,CAAK,gBAAiB,CAAA,WAAW,CAAE,CAAA,IAAA,CAAK,CAAU,MAAA,KAAA;AAChD,UAAA,OAAA,CAAQ,MAAS,GAAA,MAAA,CAAA;AACjB,UAAA,IAAA,CAAK,KAAK,OAAO,CAAA,CAAA;AAAA,SAClB,CAAA,CAAA;AAAA,OACH;AAAA,KACF,CAAA;AAAA,GACF;AAAA,EAEQ,kBAAkB,WAA8B,EAAA;AACtD,IAAA,MAAM,EAAE,GAAA,EAAK,GAAI,EAAA,GAAIC,eAAU,WAAW,CAAA,CAAA;AAC1C,IAAA,OACE,GAAQ,KAAA,sCAAA,IACR,CAAC,CAAC,OACD,GACE,CAAA,KAAA,CAAM,GAAG,CAAA,CACT,IAAI,CAAK,CAAA,KAAA,CAAA,CAAE,iBAAkB,CAAA,OAAO,CAAC,CACrC,CAAA,IAAA;AAAA,MAAK,CACJ,CAAA,KAAA;AAAA,QACE,uCAAA;AAAA,QACA,2CAAA;AAAA,QACA,WAAA;AAAA,QACA,eAAA;AAAA,OACF,CAAE,SAAS,CAAC,CAAA;AAAA,KACd,CAAA;AAAA,GAEN;AAAA,EAEQ,gBAAgB,WAA8B,EAAA;AACpD,IAAI,IAAA;AACF,MAAA,OAAO,IAAK,CAAA,qBAAA,IAAyB,CAAC,IAAA,CAAK,kBAAkB,WAAW,CAAA,CAAA;AAAA,KAClE,CAAA,MAAA;AAKN,MAAO,OAAA,KAAA,CAAA;AAAA,KACT;AAAA,GACF;AAAA,EAEA,MAAc,iBACZ,WAC+C,EAAA;AAC/C,IAAA,OAAO,IAAK,CAAA,mBAAA,CAAoB,WAAa,EAAA,OAAO,CAAE,CAAA,IAAA;AAAA,MAAK,WACzD,KAAQ,GAAA,CAAC,EAAE,KAAO,EAAA,KAAA,EAAO,CAAI,GAAA,KAAA,CAAA;AAAA,KAC/B,CAAA;AAAA,GACF;AAAA,EAEA,MAAc,mBACZ,CAAA,WAAA,EACA,IAC6B,EAAA;AAC7B,IAAI,IAAA;AACF,MAAA,MAAM,MAAM,MAAMC,sBAAA;AAAA,QAChB,8CAA8C,IAAI,CAAA,OAAA,CAAA;AAAA,QAClD;AAAA,UACE,OAAS,EAAA;AAAA,YACP,aAAA,EAAe,UAAU,WAAW,CAAA,CAAA;AAAA,WACtC;AAAA,SACF;AAAA,OACF,CAAA;AACA,MAAM,MAAA,IAAA,GAAO,MAAM,GAAA,CAAI,MAAO,EAAA,CAAA;AAE9B,MAAA,OAAO,CAA0B,uBAAA,EAAA,IAAA,CAAK,QAAS,CAAA,QAAQ,CAAC,CAAA,CAAA,CAAA;AAAA,aACjD,KAAO,EAAA;AACd,MAAO,OAAA,KAAA,CAAA,CAAA;AAAA,KACT;AAAA,GACF;AACF;;;;"}
+{"version":3,"file":"strategy.cjs.js","sources":["../src/strategy.ts"],"sourcesContent":["/*\n * Copyright 2023 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n *     http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { PassportProfile } from '@backstage/plugin-auth-node';\nimport { decodeJwt } from 'jose';\nimport fetch from 'node-fetch';\nimport { Strategy as MicrosoftStrategy } from 'passport-microsoft';\n\nexport class ExtendedMicrosoftStrategy extends MicrosoftStrategy {\n  private shouldSkipUserProfile = false;\n\n  public setSkipUserProfile(shouldSkipUserProfile: boolean): void {\n    this.shouldSkipUserProfile = shouldSkipUserProfile;\n  }\n\n  userProfile(\n    accessToken: string,\n    done: (err?: unknown, profile?: PassportProfile) => void,\n  ): void {\n    if (this.skipUserProfile(accessToken)) {\n      done(null, undefined);\n      return;\n    }\n\n    super.userProfile(\n      accessToken,\n      (err?: unknown, profile?: PassportProfile) => {\n        if (!profile || profile.photos) {\n          done(err, profile);\n          return;\n        }\n\n        this.getProfilePhotos(accessToken).then(photos => {\n          profile.photos = photos;\n          done(err, profile);\n        });\n      },\n    );\n  }\n\n  private hasGraphReadScope(accessToken: string): boolean {\n    const { aud, scp } = decodeJwt(accessToken);\n    return (\n      aud === '00000003-0000-0000-c000-000000000000' &&\n      !!scp &&\n      (scp as string)\n        .split(' ')\n        .map(s => s.toLocaleLowerCase('en-US'))\n        .some(s =>\n          [\n            'https://graph.microsoft.com/user.read',\n            'https://graph.microsoft.com/user.read.all',\n            'user.read',\n            'user.read.all',\n          ].includes(s),\n        )\n    );\n  }\n\n  private skipUserProfile(accessToken: string): boolean {\n    try {\n      return this.shouldSkipUserProfile || !this.hasGraphReadScope(accessToken);\n    } catch {\n      // If there is any error with checking the scope\n      // we fall back to not skipping the user profile\n      // which may still result in an auth failure\n      // e.g. due to a foreign scope.\n      return false;\n    }\n  }\n\n  private async getProfilePhotos(\n    accessToken: string,\n  ): Promise<Array<{ value: string }> | undefined> {\n    return this.getCurrentUserPhoto(accessToken, '96x96').then(photo =>\n      photo ? [{ value: photo }] : undefined,\n    );\n  }\n\n  private async getCurrentUserPhoto(\n    accessToken: string,\n    size: string,\n  ): Promise<string | undefined> {\n    try {\n      const res = await fetch(\n        `https://graph.microsoft.com/v1.0/me/photos/${size}/$value`,\n        {\n          headers: {\n            Authorization: `Bearer ${accessToken}`,\n          },\n        },\n      );\n      const data = await res.buffer();\n\n      return `data:image/jpeg;base64,${data.toString('base64')}`;\n    } catch (error) {\n      return undefined;\n    }\n  }\n}\n"],"names":["MicrosoftStrategy","decodeJwt","fetch"],"mappings":";;;;;;;;;;AAqBO,MAAM,kCAAkCA,0BAAkB,CAAA;AAAA,EACvD,qBAAwB,GAAA,KAAA;AAAA,EAEzB,mBAAmB,qBAAsC,EAAA;AAC9D,IAAA,IAAA,CAAK,qBAAwB,GAAA,qBAAA;AAAA;AAC/B,EAEA,WAAA,CACE,aACA,IACM,EAAA;AACN,IAAI,IAAA,IAAA,CAAK,eAAgB,CAAA,WAAW,CAAG,EAAA;AACrC,MAAA,IAAA,CAAK,MAAM,KAAS,CAAA,CAAA;AACpB,MAAA;AAAA;AAGF,IAAM,KAAA,CAAA,WAAA;AAAA,MACJ,WAAA;AAAA,MACA,CAAC,KAAe,OAA8B,KAAA;AAC5C,QAAI,IAAA,CAAC,OAAW,IAAA,OAAA,CAAQ,MAAQ,EAAA;AAC9B,UAAA,IAAA,CAAK,KAAK,OAAO,CAAA;AACjB,UAAA;AAAA;AAGF,QAAA,IAAA,CAAK,gBAAiB,CAAA,WAAW,CAAE,CAAA,IAAA,CAAK,CAAU,MAAA,KAAA;AAChD,UAAA,OAAA,CAAQ,MAAS,GAAA,MAAA;AACjB,UAAA,IAAA,CAAK,KAAK,OAAO,CAAA;AAAA,SAClB,CAAA;AAAA;AACH,KACF;AAAA;AACF,EAEQ,kBAAkB,WAA8B,EAAA;AACtD,IAAA,MAAM,EAAE,GAAA,EAAK,GAAI,EAAA,GAAIC,eAAU,WAAW,CAAA;AAC1C,IAAA,OACE,GAAQ,KAAA,sCAAA,IACR,CAAC,CAAC,OACD,GACE,CAAA,KAAA,CAAM,GAAG,CAAA,CACT,IAAI,CAAK,CAAA,KAAA,CAAA,CAAE,iBAAkB,CAAA,OAAO,CAAC,CACrC,CAAA,IAAA;AAAA,MAAK,CACJ,CAAA,KAAA;AAAA,QACE,uCAAA;AAAA,QACA,2CAAA;AAAA,QACA,WAAA;AAAA,QACA;AAAA,OACF,CAAE,SAAS,CAAC;AAAA,KACd;AAAA;AAEN,EAEQ,gBAAgB,WAA8B,EAAA;AACpD,IAAI,IAAA;AACF,MAAA,OAAO,IAAK,CAAA,qBAAA,IAAyB,CAAC,IAAA,CAAK,kBAAkB,WAAW,CAAA;AAAA,KAClE,CAAA,MAAA;AAKN,MAAO,OAAA,KAAA;AAAA;AACT;AACF,EAEA,MAAc,iBACZ,WAC+C,EAAA;AAC/C,IAAA,OAAO,IAAK,CAAA,mBAAA,CAAoB,WAAa,EAAA,OAAO,CAAE,CAAA,IAAA;AAAA,MAAK,WACzD,KAAQ,GAAA,CAAC,EAAE,KAAO,EAAA,KAAA,EAAO,CAAI,GAAA,KAAA;AAAA,KAC/B;AAAA;AACF,EAEA,MAAc,mBACZ,CAAA,WAAA,EACA,IAC6B,EAAA;AAC7B,IAAI,IAAA;AACF,MAAA,MAAM,MAAM,MAAMC,sBAAA;AAAA,QAChB,8CAA8C,IAAI,CAAA,OAAA,CAAA;AAAA,QAClD;AAAA,UACE,OAAS,EAAA;AAAA,YACP,aAAA,EAAe,UAAU,WAAW,CAAA;AAAA;AACtC;AACF,OACF;AACA,MAAM,MAAA,IAAA,GAAO,MAAM,GAAA,CAAI,MAAO,EAAA;AAE9B,MAAA,OAAO,CAA0B,uBAAA,EAAA,IAAA,CAAK,QAAS,CAAA,QAAQ,CAAC,CAAA,CAAA;AAAA,aACjD,KAAO,EAAA;AACd,MAAO,OAAA,KAAA,CAAA;AAAA;AACT;AAEJ;;;;"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@backstage/plugin-auth-backend-module-microsoft-provider",
-  "version": "0.2.2-next.1",
+  "version": "0.2.2",
   "description": "The microsoft-provider backend module for the auth plugin.",
   "backstage": {
     "role": "backend-plugin-module",
@@ -34,22 +34,29 @@
     "test": "backstage-cli package test"
   },
   "dependencies": {
-    "@backstage/backend-plugin-api": "1.0.2-next.1",
-    "@backstage/plugin-auth-node": "0.5.4-next.1",
+    "@backstage/backend-plugin-api": "^1.0.2",
+    "@backstage/plugin-auth-node": "^0.5.4",
     "express": "^4.18.2",
     "jose": "^5.0.0",
     "node-fetch": "^2.7.0",
     "passport-microsoft": "^1.0.0"
   },
   "devDependencies": {
-    "@backstage/backend-defaults": "0.5.3-next.1",
-    "@backstage/backend-test-utils": "1.0.3-next.1",
-    "@backstage/cli": "0.29.0-next.1",
-    "@backstage/config": "1.2.0",
-    "@backstage/plugin-auth-backend": "0.24.0-next.1",
+    "@backstage/backend-defaults": "^0.5.3",
+    "@backstage/backend-test-utils": "^1.1.0",
+    "@backstage/cli": "^0.29.0",
+    "@backstage/config": "^1.3.0",
+    "@backstage/plugin-auth-backend": "^0.24.0",
     "@types/passport-microsoft": "^1.0.0",
     "msw": "^1.0.0",
     "supertest": "^7.0.0"
   },
-  "configSchema": "config.d.ts"
+  "configSchema": "config.d.ts",
+  "typesVersions": {
+    "*": {
+      "index": [
+        "dist/index.d.ts"
+      ]
+    }
+  }
 }