@backstage/core-app-api 0.3.1 → 0.5.1

package/CHANGELOG.md

@@ -1,5 +1,56 @@
 # @backstage/core-app-api
 
+## 0.5.1
+
+### Patch Changes
+
+- f959c22787: Asynchronous methods on the identity API can now reliably be called at any time, including early in the bootstrap process or prior to successful sign-in.
+
+  Previously in such situations, a `Tried to access IdentityApi before app was loaded` error would be thrown. Now, those methods will wait and resolve eventually (as soon as a concrete identity API is provided).
+
+## 0.5.0
+
+### Minor Changes
+
+- ceebe25391: Removed deprecated `SignInResult` type, which was replaced with the new `onSignInSuccess` callback.
+
+### Patch Changes
+
+- fb565073ec: Add an `allowUrl` callback option to `FetchMiddlewares.injectIdentityAuth`
+- f050eec2c0: Added validation during the application startup that detects if there are any plugins present that have not had their required external routes bound. Failing the validation will cause a hard crash as it is a programmer error. It lets you detect early on that there are dangling routes, rather than having them cause an error later on.
+- Updated dependencies
+  - @backstage/core-plugin-api@0.6.0
+  - @backstage/config@0.1.13
+
+## 0.5.0-next.0
+
+### Minor Changes
+
+- ceebe25391: Removed deprecated `SignInResult` type, which was replaced with the new `onSignInSuccess` callback.
+
+### Patch Changes
+
+- Updated dependencies
+  - @backstage/core-plugin-api@0.6.0-next.0
+  - @backstage/config@0.1.13-next.0
+
+## 0.4.0
+
+### Minor Changes
+
+- e2eb92c109: Removed previously deprecated `ApiRegistry` export.
+
+### Patch Changes
+
+- 34442cd5cf: Fixed an issue where valid SAML and GitHub sessions would be considered invalid and not be stored.
+
+  Deprecated the `SamlSession` and `GithubSession` types.
+
+- 784d8078ab: Removed direct and transitive MUI dependencies.
+- Updated dependencies
+  - @backstage/config@0.1.12
+  - @backstage/core-plugin-api@0.5.0
+
 ## 0.3.1
 
 ### Patch Changes

package/dist/index.d.ts

@@ -1,6 +1,6 @@
 import { ReactNode, PropsWithChildren, ComponentType } from 'react';
 import PropTypes from 'prop-types';
-import { ApiHolder, ApiRef, ApiFactory, AnyApiRef, ProfileInfo, BackstageIdentity, OAuthRequestApi, DiscoveryApi, AuthProviderInfo, OAuthApi, SessionApi, SessionState, AuthRequestOptions, gitlabAuthApiRef, googleAuthApiRef, OpenIdConnectApi, ProfileInfoApi, BackstageIdentityApi, oktaAuthApiRef, auth0AuthApiRef, microsoftAuthApiRef, oneloginAuthApiRef, bitbucketAuthApiRef, atlassianAuthApiRef, AlertApi, AlertMessage, AnalyticsApi, AnalyticsEvent, AppThemeApi, AppTheme, ErrorApi, ErrorApiError, ErrorApiErrorContext, FeatureFlagsApi, FeatureFlag, FeatureFlagsSaveOptions, FetchApi, IdentityApi, OAuthRequesterOptions, OAuthRequester, PendingOAuthRequest, StorageApi, StorageValueSnapshot, BackstagePlugin, IconComponent, ExternalRouteRef, AnyApiFactory, PluginOutput, RouteRef, SubRouteRef } from '@backstage/core-plugin-api';
+import { ApiHolder, ApiRef, ApiFactory, AnyApiRef, ProfileInfo, BackstageIdentityResponse, OAuthRequestApi, DiscoveryApi, AuthProviderInfo, OAuthApi, SessionApi, SessionState, AuthRequestOptions, gitlabAuthApiRef, googleAuthApiRef, OpenIdConnectApi, ProfileInfoApi, BackstageIdentityApi, oktaAuthApiRef, auth0AuthApiRef, microsoftAuthApiRef, oneloginAuthApiRef, bitbucketAuthApiRef, atlassianAuthApiRef, AlertApi, AlertMessage, AnalyticsApi, AnalyticsEvent, AppThemeApi, AppTheme, ErrorApi, ErrorApiError, ErrorApiErrorContext, FeatureFlagsApi, FeatureFlag, FeatureFlagsSaveOptions, FetchApi, IdentityApi, OAuthRequesterOptions, OAuthRequester, PendingOAuthRequest, StorageApi, StorageValueSnapshot, BackstagePlugin, IconComponent, ExternalRouteRef, AnyApiFactory, RouteRef, SubRouteRef } from '@backstage/core-plugin-api';
 import * as _backstage_types from '@backstage/types';
 import { Observable, JsonValue } from '@backstage/types';
 import { Config, AppConfig } from '@backstage/config';
@@ -30,45 +30,6 @@ declare const ApiProvider: {
     };
 };
 
-declare type ApiImpl<T = unknown> = readonly [ApiRef<T>, T];
-declare class ApiRegistryBuilder {
-    private apis;
-    add<T, I extends T>(api: ApiRef<T>, impl: I): I;
-    build(): ApiRegistry;
-}
-/**
- * A registry for utility APIs.
- *
- * @public
- * @deprecated Will be removed, use {@link @backstage/test-utils#TestApiProvider} or {@link @backstage/test-utils#TestApiRegistry} instead.
- */
-declare class ApiRegistry implements ApiHolder {
-    private readonly apis;
-    static builder(): ApiRegistryBuilder;
-    /**
-     * Creates a new ApiRegistry with a list of API implementations.
-     *
-     * @param apis - A list of pairs mapping an ApiRef to its respective implementation
-     */
-    static from(apis: ApiImpl[]): ApiRegistry;
-    /**
-     * Creates a new ApiRegistry with a single API implementation.
-     *
-     * @param api - ApiRef for the API to add
-     * @param impl - Implementation of the API to add
-     */
-    static with<T>(api: ApiRef<T>, impl: T): ApiRegistry;
-    constructor(apis: Map<string, unknown>);
-    /**
-     * Returns a new ApiRegistry with the provided API added to the existing ones.
-     *
-     * @param api - ApiRef for the API to add
-     * @param impl - Implementation of the API to add
-     */
-    with<T>(api: ApiRef<T>, impl: T): ApiRegistry;
-    get<T>(api: ApiRef<T>): T | undefined;
-}
-
 /**
  * @public
  */
@@ -134,6 +95,7 @@ declare class ApiFactoryRegistry implements ApiFactoryHolder {
  * Session information for GitHub auth.
  *
  * @public
+ * @deprecated This type is internal and will be removed
  */
 declare type GithubSession = {
     providerInfo: {
@@ -142,7 +104,7 @@ declare type GithubSession = {
         expiresAt?: Date;
     };
     profile: ProfileInfo;
-    backstageIdentity: BackstageIdentity;
+    backstageIdentity: BackstageIdentityResponse;
 };
 
 /**
@@ -176,7 +138,7 @@ declare class GithubAuth implements OAuthApi, SessionApi {
     signOut(): Promise<void>;
     sessionState$(): Observable<SessionState>;
     getAccessToken(scope?: string, options?: AuthRequestOptions): Promise<string>;
-    getBackstageIdentity(options?: AuthRequestOptions): Promise<BackstageIdentity | undefined>;
+    getBackstageIdentity(options?: AuthRequestOptions): Promise<BackstageIdentityResponse | undefined>;
     getProfile(options?: AuthRequestOptions): Promise<ProfileInfo | undefined>;
     static normalizeScope(scope?: string): Set<string>;
 }
@@ -221,7 +183,7 @@ declare class OAuth2 implements OAuthApi, OpenIdConnectApi, ProfileInfoApi, Back
     sessionState$(): Observable<SessionState>;
     getAccessToken(scope?: string | string[], options?: AuthRequestOptions): Promise<string>;
     getIdToken(options?: AuthRequestOptions): Promise<string>;
-    getBackstageIdentity(options?: AuthRequestOptions): Promise<BackstageIdentity | undefined>;
+    getBackstageIdentity(options?: AuthRequestOptions): Promise<BackstageIdentityResponse | undefined>;
     getProfile(options?: AuthRequestOptions): Promise<ProfileInfo | undefined>;
     private static normalizeScopes;
 }
@@ -239,7 +201,7 @@ declare type OAuth2Session = {
         expiresAt: Date;
     };
     profile: ProfileInfo;
-    backstageIdentity: BackstageIdentity;
+    backstageIdentity: BackstageIdentityResponse;
 };
 
 /**
@@ -263,7 +225,7 @@ declare class SamlAuth implements ProfileInfoApi, BackstageIdentityApi, SessionA
     private constructor();
     signIn(): Promise<void>;
     signOut(): Promise<void>;
-    getBackstageIdentity(options?: AuthRequestOptions): Promise<BackstageIdentity | undefined>;
+    getBackstageIdentity(options?: AuthRequestOptions): Promise<BackstageIdentityResponse | undefined>;
     getProfile(options?: AuthRequestOptions): Promise<ProfileInfo | undefined>;
 }
 
@@ -271,11 +233,12 @@ declare class SamlAuth implements ProfileInfoApi, BackstageIdentityApi, SessionA
  * Session information for SAML auth.
  *
  * @public
+ * @deprecated This type is internal and will be removed
  */
-declare type SamlSession = {
+declare type ExportedSamlSession = {
     userId: string;
     profile: ProfileInfo;
-    backstageIdentity: BackstageIdentity;
+    backstageIdentity: BackstageIdentityResponse;
 };
 
 /**
@@ -344,7 +307,7 @@ declare type BitbucketSession = {
         expiresAt?: Date;
     };
     profile: ProfileInfo;
-    backstageIdentity: BackstageIdentity;
+    backstageIdentity: BackstageIdentityResponse;
 };
 
 /**
@@ -547,14 +510,16 @@ declare class FetchMiddlewares {
      *
      * The header injection only happens on allowlisted URLs. Per default, if the
      * `config` option is passed in, the `backend.baseUrl` is allowlisted, unless
-     * the `urlPrefixAllowlist` option is passed in, in which case it takes
-     * precedence. If you pass in neither config nor an allowlist, the middleware
-     * will have no effect.
+     * the `urlPrefixAllowlist` or `allowUrl` options are passed in, in which case
+     * they take precedence. If you pass in neither config nor an
+     * allowlist/callback, the middleware will have no effect since effectively no
+     * request will match the (nonexistent) rules.
      */
     static injectIdentityAuth(options: {
         identityApi: IdentityApi;
         config?: Config;
         urlPrefixAllowlist?: string[];
+        allowUrl?: (url: string) => boolean;
         header?: {
             name: string;
             value: (backstageToken: string) => string;
@@ -615,27 +580,6 @@ declare type BootErrorPageProps = {
     step: 'load-config' | 'load-chunk';
     error: Error;
 };
-/**
- * The outcome of signing in on the sign-in page.
- *
- * @public
- * @deprecated replaced by passing the {@link @backstage/core-plugin-api#IdentityApi} to the {@link SignInPageProps.onSignInSuccess} instead.
- */
-declare type SignInResult = {
-    /**
-     * User ID that will be returned by the IdentityApi
-     */
-    userId: string;
-    profile: ProfileInfo;
-    /**
-     * Function used to retrieve an ID token for the signed in user.
-     */
-    getIdToken?: () => Promise<string>;
-    /**
-     * Sign out handler that will be called if the user requests to sign out.
-     */
-    signOut?: () => Promise<void>;
-};
 /**
  * Props for the `SignInPage` component of {@link AppComponents}.
  *
@@ -782,11 +726,14 @@ declare type AppOptions = {
     /**
      * A list of all plugins to include in the app.
      */
-    plugins?: (Omit<BackstagePlugin<any, any>, 'output'> & {
-        output(): (PluginOutput | {
+    plugins?: Array<BackstagePlugin<any, any> & {
+        output?(): Array<{
+            type: 'feature-flag';
+            name: string;
+        } | {
             type: string;
-        })[];
-    })[];
+        }>;
+    }>;
     /**
      * Supply components to the app to override the default ones.
      */
@@ -971,4 +918,4 @@ declare type FeatureFlaggedProps = {
  */
 declare const FeatureFlagged: (props: FeatureFlaggedProps) => JSX.Element;
 
-export { AlertApiForwarder, ApiFactoryHolder, ApiFactoryRegistry, ApiFactoryScope, ApiProvider, ApiProviderProps, ApiRegistry, ApiResolver, AppComponents, AppConfigLoader, AppContext, AppIcons, AppOptions, AppRouteBinder, AppThemeSelector, AtlassianAuth, Auth0Auth, AuthApiCreateOptions, BackstageApp, BitbucketAuth, BitbucketSession, BootErrorPageProps, ErrorAlerter, ErrorApiForwarder, ErrorBoundaryFallbackProps, FeatureFlagged, FeatureFlaggedProps, FetchMiddleware, FetchMiddlewares, FlatRoutes, FlatRoutesProps, GithubAuth, GithubSession, GitlabAuth, GoogleAuth, LocalStorageFeatureFlags, MicrosoftAuth, NoOpAnalyticsApi, OAuth2, OAuth2CreateOptions, OAuth2Session, OAuthApiCreateOptions, OAuthRequestManager, OktaAuth, OneLoginAuth, OneLoginAuthCreateOptions, SamlAuth, SamlSession, SignInPageProps, SignInResult, UnhandledErrorForwarder, UrlPatternDiscovery, WebStorage, createFetchApi, createSpecializedApp, defaultConfigLoader };
+export { AlertApiForwarder, ApiFactoryHolder, ApiFactoryRegistry, ApiFactoryScope, ApiProvider, ApiProviderProps, ApiResolver, AppComponents, AppConfigLoader, AppContext, AppIcons, AppOptions, AppRouteBinder, AppThemeSelector, AtlassianAuth, Auth0Auth, AuthApiCreateOptions, BackstageApp, BitbucketAuth, BitbucketSession, BootErrorPageProps, ErrorAlerter, ErrorApiForwarder, ErrorBoundaryFallbackProps, FeatureFlagged, FeatureFlaggedProps, FetchMiddleware, FetchMiddlewares, FlatRoutes, FlatRoutesProps, GithubAuth, GithubSession, GitlabAuth, GoogleAuth, LocalStorageFeatureFlags, MicrosoftAuth, NoOpAnalyticsApi, OAuth2, OAuth2CreateOptions, OAuth2Session, OAuthApiCreateOptions, OAuthRequestManager, OktaAuth, OneLoginAuth, OneLoginAuthCreateOptions, SamlAuth, ExportedSamlSession as SamlSession, SignInPageProps, UnhandledErrorForwarder, UrlPatternDiscovery, WebStorage, createFetchApi, createSpecializedApp, defaultConfigLoader };

package/dist/index.esm.js

@@ -8,7 +8,6 @@ import { ConfigReader } from '@backstage/config';
 export { ConfigReader } from '@backstage/config';
 import { matchRoutes, generatePath, useLocation, Routes, Route, useRoutes } from 'react-router-dom';
 import useAsync from 'react-use/lib/useAsync';
-import { UserIdentity } from '@backstage/core-components';
 import useObservable from 'react-use/lib/useObservable';
 
 class ApiAggregator {
@@ -42,39 +41,6 @@ ApiProvider.propTypes = {
   children: PropTypes.node
 };
 
-class ApiRegistryBuilder {
-  constructor() {
-    this.apis = [];
-  }
-  add(api, impl) {
-    this.apis.push([api.id, impl]);
-    return impl;
-  }
-  build() {
-    return new ApiRegistry(new Map(this.apis));
-  }
-}
-class ApiRegistry {
-  constructor(apis) {
-    this.apis = apis;
-  }
-  static builder() {
-    return new ApiRegistryBuilder();
-  }
-  static from(apis) {
-    return new ApiRegistry(new Map(apis.map(([api, impl]) => [api.id, impl])));
-  }
-  static with(api, impl) {
-    return new ApiRegistry(/* @__PURE__ */ new Map([[api.id, impl]]));
-  }
-  with(api, impl) {
-    return new ApiRegistry(new Map([...this.apis, [api.id, impl]]));
-  }
-  get(api) {
-    return this.apis.get(api.id);
-  }
-}
-
 class ApiResolver {
   constructor(factories) {
     this.factories = factories;
@@ -1119,7 +1085,6 @@ class OktaAuth {
 }
 
 const samlSessionSchema = z.object({
-  userId: z.string(),
   profile: z.object({
     email: z.string().optional(),
     displayName: z.string().optional(),
@@ -1532,29 +1497,24 @@ function createFetchApi(options) {
 }
 
 class IdentityAuthInjectorFetchMiddleware {
-  constructor(identityApi, urlPrefixAllowlist, headerName, headerValue) {
+  constructor(identityApi, allowUrl, headerName, headerValue) {
     this.identityApi = identityApi;
-    this.urlPrefixAllowlist = urlPrefixAllowlist;
+    this.allowUrl = allowUrl;
     this.headerName = headerName;
     this.headerValue = headerValue;
   }
   static create(options) {
     var _a, _b;
-    const allowlist = [];
-    if (options.urlPrefixAllowlist) {
-      allowlist.push(...options.urlPrefixAllowlist);
-    } else if (options.config) {
-      allowlist.push(options.config.getString("backend.baseUrl"));
-    }
+    const matcher = buildMatcher(options);
     const headerName = ((_a = options.header) == null ? void 0 : _a.name) || "authorization";
     const headerValue = ((_b = options.header) == null ? void 0 : _b.value) || ((token) => `Bearer ${token}`);
-    return new IdentityAuthInjectorFetchMiddleware(options.identityApi, allowlist.map((prefix) => prefix.replace(/\/$/, "")), headerName, headerValue);
+    return new IdentityAuthInjectorFetchMiddleware(options.identityApi, matcher, headerName, headerValue);
   }
   apply(next) {
     return async (input, init) => {
       const request = new Request(input, init);
       const { token } = await this.identityApi.getCredentials();
-      if (request.headers.get(this.headerName) || !this.urlPrefixAllowlist.some((prefix) => request.url === prefix || request.url.startsWith(`${prefix}/`)) || typeof token !== "string" || !token) {
+      if (request.headers.get(this.headerName) || typeof token !== "string" || !token || !this.allowUrl(request.url)) {
         return next(input, init);
       }
       request.headers.set(this.headerName, this.headerValue(token));
@@ -1562,6 +1522,20 @@ class IdentityAuthInjectorFetchMiddleware {
     };
   }
 }
+function buildMatcher(options) {
+  if (options.allowUrl) {
+    return options.allowUrl;
+  } else if (options.urlPrefixAllowlist) {
+    return buildPrefixMatcher(options.urlPrefixAllowlist);
+  } else if (options.config) {
+    return buildPrefixMatcher([options.config.getString("backend.baseUrl")]);
+  }
+  return () => false;
+}
+function buildPrefixMatcher(prefixes) {
+  const trimmedPrefixes = prefixes.map((prefix) => prefix.replace(/\/$/, ""));
+  return (url) => trimmedPrefixes.some((prefix) => url === prefix || url.startsWith(`${prefix}/`));
+}
 
 function join(left, right) {
   if (!right || right === "/") {
@@ -2173,7 +2147,7 @@ const RouteTracker = ({ tree }) => {
   }));
 };
 
-function validateRoutes(routePaths, routeParents) {
+function validateRouteParameters(routePaths, routeParents) {
   const notLeafRoutes = new Set(routeParents.values());
   notLeafRoutes.delete(void 0);
   for (const route of routeParents.keys()) {
@@ -2202,6 +2176,21 @@ function validateRoutes(routePaths, routeParents) {
     }
   }
 }
+function validateRouteBindings(routeBindings, plugins) {
+  for (const plugin of plugins) {
+    if (!plugin.externalRoutes) {
+      continue;
+    }
+    for (const [name, externalRouteRef] of Object.entries(plugin.externalRoutes)) {
+      if (externalRouteRef.optional) {
+        continue;
+      }
+      if (!routeBindings.has(externalRouteRef)) {
+        throw new Error(`External route '${name}' of the '${plugin.getId()}' plugin must be bound to a target route. See https://backstage.io/link?bind-routes for details.`);
+      }
+    }
+  }
+}
 
 const AppContext = createVersionedContext("app-context");
 const AppContextProvider = ({
@@ -2218,51 +2207,65 @@ const AppContextProvider = ({
 function mkError(thing) {
   return new Error(`Tried to access IdentityApi ${thing} before app was loaded`);
 }
+function logDeprecation(thing) {
+  console.warn(`WARNING: Call to ${thing} is deprecated and will break in the future`);
+}
 class AppIdentityProxy {
+  constructor() {
+    this.resolveTarget = () => {
+    };
+    this.waitForTarget = new Promise((resolve) => {
+      this.resolveTarget = resolve;
+    });
+  }
   setTarget(identityApi) {
     this.target = identityApi;
+    this.resolveTarget(identityApi);
   }
   getUserId() {
     if (!this.target) {
       throw mkError("getUserId");
     }
+    if (!this.target.getUserId) {
+      throw new Error("IdentityApi does not implement getUserId");
+    }
+    logDeprecation("getUserId");
     return this.target.getUserId();
   }
   getProfile() {
     if (!this.target) {
       throw mkError("getProfile");
     }
+    if (!this.target.getProfile) {
+      throw new Error("IdentityApi does not implement getProfile");
+    }
+    logDeprecation("getProfile");
     return this.target.getProfile();
   }
   async getProfileInfo() {
-    if (!this.target) {
-      throw mkError("getProfileInfo");
-    }
-    return this.target.getProfileInfo();
+    return this.waitForTarget.then((target) => target.getProfileInfo());
   }
   async getBackstageIdentity() {
-    if (!this.target) {
-      throw mkError("getBackstageIdentity");
+    const identity = await this.waitForTarget.then((target) => target.getBackstageIdentity());
+    if (!identity.userEntityRef.match(/^.*:.*\/.*$/)) {
+      console.warn(`WARNING: The App IdentityApi provided an invalid userEntityRef, '${identity.userEntityRef}'. It must be a full Entity Reference of the form '<kind>:<namespace>/<name>'.`);
     }
-    return this.target.getBackstageIdentity();
+    return identity;
   }
   async getCredentials() {
-    if (!this.target) {
-      throw mkError("getCredentials");
-    }
-    return this.target.getCredentials();
+    return this.waitForTarget.then((target) => target.getCredentials());
   }
   async getIdToken() {
-    if (!this.target) {
-      throw mkError("getIdToken");
-    }
-    return this.target.getIdToken();
+    return this.waitForTarget.then((target) => {
+      if (!target.getIdToken) {
+        throw new Error("IdentityApi does not implement getIdToken");
+      }
+      logDeprecation("getIdToken");
+      return target.getIdToken();
+    });
   }
   async signOut() {
-    if (!this.target) {
-      throw mkError("signOut");
-    }
-    await this.target.signOut();
+    await this.waitForTarget.then((target) => target.signOut());
     location.reload();
   }
 }
@@ -2344,7 +2347,40 @@ const defaultConfigLoader = async (runtimeConfigJson = "__APP_INJECTED_RUNTIME_C
   return configs;
 };
 
-function generateBoundRoutes(bindRoutes) {
+class ApiRegistryBuilder {
+  constructor() {
+    this.apis = [];
+  }
+  add(api, impl) {
+    this.apis.push([api.id, impl]);
+    return impl;
+  }
+  build() {
+    return new ApiRegistry(new Map(this.apis));
+  }
+}
+class ApiRegistry {
+  constructor(apis) {
+    this.apis = apis;
+  }
+  static builder() {
+    return new ApiRegistryBuilder();
+  }
+  static from(apis) {
+    return new ApiRegistry(new Map(apis.map(([api, impl]) => [api.id, impl])));
+  }
+  static with(api, impl) {
+    return new ApiRegistry(/* @__PURE__ */ new Map([[api.id, impl]]));
+  }
+  with(api, impl) {
+    return new ApiRegistry(new Map([...this.apis, [api.id, impl]]));
+  }
+  get(api) {
+    return this.apis.get(api.id);
+  }
+}
+
+function resolveRouteBindings(bindRoutes) {
   const result = /* @__PURE__ */ new Map();
   if (bindRoutes) {
     const bind = (externalRoutes, targetRoutes) => {
@@ -2365,6 +2401,7 @@ function generateBoundRoutes(bindRoutes) {
   }
   return result;
 }
+
 function getBasePath(configApi) {
   var _a;
   let { pathname } = new URL((_a = configApi.getOptionalString("app.baseUrl")) != null ? _a : "/", "http://dummy.dev");
@@ -2390,7 +2427,7 @@ function useConfigLoader(configLoader, components, appThemeApi) {
   if (noConfigNode) {
     return {
       node: /* @__PURE__ */ React.createElement(ApiProvider, {
-        apis: ApiRegistry.from([[appThemeApiRef, appThemeApi]])
+        apis: ApiRegistry.with(appThemeApiRef, appThemeApi)
       }, /* @__PURE__ */ React.createElement(ThemeProvider, null, noConfigNode))
     };
   }
@@ -2436,9 +2473,16 @@ class AppManager {
   }
   getProvider() {
     const appContext = new AppContextImpl(this);
+    let routesHaveBeenValidated = false;
     const Provider = ({ children }) => {
       const appThemeApi = useMemo(() => AppThemeSelector.createWithStorage(this.themes), []);
-      const { routePaths, routeParents, routeObjects, featureFlags } = useMemo(() => {
+      const {
+        routePaths,
+        routeParents,
+        routeObjects,
+        featureFlags,
+        routeBindings
+      } = useMemo(() => {
         const result = traverseElementTree({
           root: children,
           discoverers: [childDiscoverer, routeElementDiscoverer],
@@ -2450,12 +2494,19 @@ class AppManager {
             featureFlags: featureFlagCollector
           }
         });
-        validateRoutes(result.routePaths, result.routeParents);
         result.collectedPlugins.forEach((plugin) => this.plugins.add(plugin));
         this.verifyPlugins(this.plugins);
         this.getApiHolder();
-        return result;
+        return {
+          ...result,
+          routeBindings: resolveRouteBindings(this.bindRoutes)
+        };
       }, [children]);
+      if (!routesHaveBeenValidated) {
+        routesHaveBeenValidated = true;
+        validateRouteParameters(routePaths, routeParents);
+        validateRouteBindings(routeBindings, this.plugins);
+      }
       const loadedConfig = useConfigLoader(this.configLoader, this.components, appThemeApi);
       const hasConfigApi = "api" in loadedConfig;
       if (hasConfigApi) {
@@ -2475,14 +2526,11 @@ class AppManager {
               }
             } else {
               for (const output of plugin.output()) {
-                switch (output.type) {
-                  case "feature-flag": {
-                    featureFlagsApi.registerFlag({
-                      name: output.name,
-                      pluginId: plugin.getId()
-                    });
-                    break;
-                  }
+                if (output.type === "feature-flag") {
+                  featureFlagsApi.registerFlag({
+                    name: output.name,
+                    pluginId: plugin.getId()
+                  });
                 }
               }
             }
@@ -2504,7 +2552,7 @@ class AppManager {
         routePaths,
         routeParents,
         routeObjects,
-        routeBindings: generateBoundRoutes(this.bindRoutes),
+        routeBindings,
         basePath: getBasePath(loadedConfig.api)
       }, children))));
     };
@@ -2529,7 +2577,26 @@ class AppManager {
       const configApi = useApi(configApiRef);
       const mountPath = `${getBasePath(configApi)}/*`;
       if (!SignInPageComponent) {
-        this.appIdentityProxy.setTarget(UserIdentity.createGuest());
+        this.appIdentityProxy.setTarget({
+          getUserId: () => "guest",
+          getIdToken: async () => void 0,
+          getProfile: () => ({
+            email: "guest@example.com",
+            displayName: "Guest"
+          }),
+          getProfileInfo: async () => ({
+            email: "guest@example.com",
+            displayName: "Guest"
+          }),
+          getBackstageIdentity: async () => ({
+            type: "user",
+            userEntityRef: "user:default/guest",
+            ownershipEntityRefs: ["user:default/guest"]
+          }),
+          getCredentials: async () => ({}),
+          signOut: async () => {
+          }
+        });
         return /* @__PURE__ */ React.createElement(RouterComponent, null, /* @__PURE__ */ React.createElement(RouteTracker, {
           tree: children
         }), /* @__PURE__ */ React.createElement(Routes, null, /* @__PURE__ */ React.createElement(Route, {
@@ -2653,5 +2720,5 @@ const FlatRoutes = (props) => {
   return useRoutes(routes);
 };
 
-export { AlertApiForwarder, ApiFactoryRegistry, ApiProvider, ApiRegistry, ApiResolver, AppThemeSelector, AtlassianAuth, Auth0Auth, BitbucketAuth, ErrorAlerter, ErrorApiForwarder, FeatureFlagged, FetchMiddlewares, FlatRoutes, GithubAuth, GitlabAuth, GoogleAuth, LocalStorageFeatureFlags, MicrosoftAuth, NoOpAnalyticsApi, OAuth2, OAuthRequestManager, OktaAuth, OneLoginAuth, SamlAuth, UnhandledErrorForwarder, UrlPatternDiscovery, WebStorage, createFetchApi, createSpecializedApp, defaultConfigLoader };
+export { AlertApiForwarder, ApiFactoryRegistry, ApiProvider, ApiResolver, AppThemeSelector, AtlassianAuth, Auth0Auth, BitbucketAuth, ErrorAlerter, ErrorApiForwarder, FeatureFlagged, FetchMiddlewares, FlatRoutes, GithubAuth, GitlabAuth, GoogleAuth, LocalStorageFeatureFlags, MicrosoftAuth, NoOpAnalyticsApi, OAuth2, OAuthRequestManager, OktaAuth, OneLoginAuth, SamlAuth, UnhandledErrorForwarder, UrlPatternDiscovery, WebStorage, createFetchApi, createSpecializedApp, defaultConfigLoader };
 //# sourceMappingURL=index.esm.js.map