feat(gcp-iap): Add user id annotation resolver

Signed-off-by: Nikolai Røed Kristiansen <nikolai.kristiansen@remarkable.no>

.changeset/serious-snails-poke.md

@@ -0,0 +1,5 @@
+---
+'@backstage/plugin-auth-backend-module-gcp-iap-provider': minor
+---
+
+Add user id annotation sign-in resolver

plugins/auth-backend-module-gcp-iap-provider/api-report.md

@@ -37,6 +37,10 @@ export namespace gcpIapSignInResolvers {
     GcpIapResult,
     unknown
   >;
+  const idMatchingUserEntityAnnotation: SignInResolverFactory<
+    GcpIapResult,
+    unknown
+  >;
 }
 
 // @public

plugins/auth-backend-module-gcp-iap-provider/src/resolvers.ts

@@ -46,4 +46,21 @@ export namespace gcpIapSignInResolvers {
       };
     },
   });
+
+  /**
+   * Looks up the user by matching their user ID to the `google.com/user-id` annotation.
+   */
+  export const idMatchingUserEntityAnnotation = createSignInResolverFactory({
+    create() {
+      return async (info: SignInInfo<GcpIapResult>, ctx) => {
+        const userId = info.result.iapToken.sub.split(':')[1];
+
+        return ctx.signInWithCatalogUser({
+          annotations: {
+            'google.com/user-id': userId,
+          },
+        });
+      };
+    },
+  });
 }