@backstage/core-app-api 1.7.0-next.1 → 1.7.0-next.3

package/CHANGELOG.md

@@ -1,5 +1,33 @@
 # @backstage/core-app-api
 
+## 1.7.0-next.3
+
+### Minor Changes
+
+- c15e0cedbe1: The `AuthConnector` interface now supports specifying a set of scopes when
+  refreshing a session. The `DefaultAuthConnector` implementation passes the
+  `scope` query parameter to the auth-backend plugin appropriately. The
+  `RefreshingAuthSessionManager` passes any scopes in its `GetSessionRequest`
+  appropriately.
+
+### Patch Changes
+
+- Updated dependencies
+  - @backstage/config@1.0.7
+  - @backstage/core-plugin-api@1.5.1-next.1
+  - @backstage/types@1.0.2
+  - @backstage/version-bridge@1.0.4-next.0
+
+## 1.7.0-next.2
+
+### Patch Changes
+
+- Updated dependencies
+  - @backstage/core-plugin-api@1.5.1-next.1
+  - @backstage/config@1.0.7
+  - @backstage/types@1.0.2
+  - @backstage/version-bridge@1.0.4-next.0
+
 ## 1.7.0-next.1
 
 ### Patch Changes

package/dist/index.d.ts

@@ -1,5 +1,6 @@
 import { ReactNode, PropsWithChildren, ComponentType } from 'react';
 import PropTypes from 'prop-types';
+import * as _backstage_core_plugin_api from '@backstage/core-plugin-api';
 import { ApiHolder, ApiRef, ApiFactory, AnyApiRef, OAuthRequestApi, DiscoveryApi, AuthProviderInfo, ConfigApi, githubAuthApiRef, gitlabAuthApiRef, googleAuthApiRef, OAuthApi, OpenIdConnectApi, ProfileInfoApi, BackstageIdentityApi, SessionApi, SessionState, AuthRequestOptions, BackstageIdentityResponse, ProfileInfo, oktaAuthApiRef, microsoftAuthApiRef, oneloginAuthApiRef, bitbucketAuthApiRef, bitbucketServerAuthApiRef, atlassianAuthApiRef, AlertApi, AlertMessage, AnalyticsApi, AnalyticsEvent, AppThemeApi, AppTheme, ErrorApi, ErrorApiError, ErrorApiErrorContext, FeatureFlagsApi, FeatureFlag, FeatureFlagsSaveOptions, FetchApi, IdentityApi, OAuthRequesterOptions, OAuthRequester, PendingOAuthRequest, StorageApi, StorageValueSnapshot, BackstagePlugin, IconComponent, ExternalRouteRef, AnyApiFactory, RouteRef, SubRouteRef } from '@backstage/core-plugin-api';
 import * as _backstage_types from '@backstage/types';
 import { Observable, JsonValue } from '@backstage/types';
@@ -10,7 +11,7 @@ export { ConfigReader } from '@backstage/config';
  * Prop types for the ApiProvider component.
  * @public
  */
-declare type ApiProviderProps = {
+type ApiProviderProps = {
     apis: ApiHolder;
     children: ReactNode;
 };
@@ -23,9 +24,9 @@ declare type ApiProviderProps = {
 declare const ApiProvider: {
     (props: PropsWithChildren<ApiProviderProps>): JSX.Element;
     propTypes: {
-        apis: PropTypes.Validator<PropTypes.InferProps<{
+        apis: PropTypes.Validator<NonNullable<PropTypes.InferProps<{
             get: PropTypes.Validator<(...args: any[]) => any>;
-        }>>;
+        }>>>;
         children: PropTypes.Requireable<PropTypes.ReactNodeLike>;
     };
 };
@@ -33,7 +34,7 @@ declare const ApiProvider: {
 /**
  * @public
  */
-declare type ApiFactoryHolder = {
+type ApiFactoryHolder = {
     get<T>(api: ApiRef<T>): ApiFactory<T, T, {
         [key in string]: unknown;
     }> | undefined;
@@ -63,7 +64,7 @@ declare class ApiResolver implements ApiHolder {
  * Scope type when registering API factories.
  * @public
  */
-declare type ApiFactoryScope = 'default' | 'app' | 'static';
+type ApiFactoryScope = 'default' | 'app' | 'static';
 /**
  * ApiFactoryRegistry is an ApiFactoryHolder implementation that enables
  * registration of API Factories with different scope.
@@ -95,7 +96,7 @@ declare class ApiFactoryRegistry implements ApiFactoryHolder {
  * Create options for OAuth APIs.
  * @public
  */
-declare type OAuthApiCreateOptions = AuthApiCreateOptions & {
+type OAuthApiCreateOptions = AuthApiCreateOptions & {
     oauthRequestApi: OAuthRequestApi;
     defaultScopes?: string[];
 };
@@ -103,7 +104,7 @@ declare type OAuthApiCreateOptions = AuthApiCreateOptions & {
  * Generic create options for auth APIs.
  * @public
  */
-declare type AuthApiCreateOptions = {
+type AuthApiCreateOptions = {
     discoveryApi: DiscoveryApi;
     environment?: string;
     provider?: AuthProviderInfo;
@@ -141,7 +142,7 @@ declare class GoogleAuth {
  * OAuth2 create options.
  * @public
  */
-declare type OAuth2CreateOptions = OAuthApiCreateOptions & {
+type OAuth2CreateOptions = OAuthApiCreateOptions & {
     scopeTransform?: (scopes: string[]) => string[];
 };
 /**
@@ -169,7 +170,7 @@ declare class OAuth2 implements OAuthApi, OpenIdConnectApi, ProfileInfoApi, Back
  *
  * @public
  */
-declare type OAuth2Session = {
+type OAuth2Session = {
     providerInfo: {
         idToken: string;
         accessToken: string;
@@ -211,14 +212,33 @@ declare class SamlAuth implements ProfileInfoApi, BackstageIdentityApi, SessionA
  * @public
  */
 declare class MicrosoftAuth {
-    static create(options: OAuthApiCreateOptions): typeof microsoftAuthApiRef.T;
+    private oauth2;
+    private configApi;
+    private environment;
+    private provider;
+    private oauthRequestApi;
+    private discoveryApi;
+    private scopeTransform;
+    private static MicrosoftGraphID;
+    static create(options: OAuth2CreateOptions): typeof microsoftAuthApiRef.T;
+    private constructor();
+    private microsoftGraph;
+    private static resourceForScopes;
+    private static resourceForScope;
+    getAccessToken(scope?: string | string[], options?: AuthRequestOptions): Promise<string>;
+    getIdToken(options?: AuthRequestOptions): Promise<string>;
+    getProfile(options?: AuthRequestOptions): Promise<_backstage_core_plugin_api.ProfileInfo | undefined>;
+    getBackstageIdentity(options?: AuthRequestOptions): Promise<_backstage_core_plugin_api.BackstageIdentityResponse | undefined>;
+    signIn(): Promise<void>;
+    signOut(): Promise<void>;
+    sessionState$(): _backstage_types.Observable<_backstage_core_plugin_api.SessionState>;
 }
 
 /**
  * OneLogin auth provider create options.
  * @public
  */
-declare type OneLoginAuthCreateOptions = {
+type OneLoginAuthCreateOptions = {
     configApi?: ConfigApi;
     discoveryApi: DiscoveryApi;
     oauthRequestApi: OAuthRequestApi;
@@ -239,7 +259,7 @@ declare class OneLoginAuth {
  *
  * @public
  */
-declare type BitbucketSession = {
+type BitbucketSession = {
     providerInfo: {
         accessToken: string;
         scopes: Set<string>;
@@ -263,7 +283,7 @@ declare class BitbucketAuth {
  *
  * @public
  */
-declare type BitbucketServerSession = {
+type BitbucketServerSession = {
     providerInfo: {
         accessToken: string;
         scopes: Set<string>;
@@ -604,7 +624,7 @@ declare function AppRouter(props: AppRouterProps): JSX.Element;
  *
  * @public
  */
-declare type BootErrorPageProps = {
+type BootErrorPageProps = {
     step: 'load-config' | 'load-chunk';
     error: Error;
 };
@@ -613,7 +633,7 @@ declare type BootErrorPageProps = {
  *
  * @public
  */
-declare type SignInPageProps = {
+type SignInPageProps = {
     /**
      * Set the IdentityApi on successful sign-in. This should only be called once.
      */
@@ -624,7 +644,7 @@ declare type SignInPageProps = {
  *
  * @public
  */
-declare type ErrorBoundaryFallbackProps = {
+type ErrorBoundaryFallbackProps = {
     plugin?: BackstagePlugin;
     error: Error;
     resetError: () => void;
@@ -634,7 +654,7 @@ declare type ErrorBoundaryFallbackProps = {
  *
  * @public
  */
-declare type AppComponents = {
+type AppComponents = {
     NotFoundErrorPage: ComponentType<{}>;
     BootErrorPage: ComponentType<BootErrorPageProps>;
     Progress: ComponentType<{}>;
@@ -659,7 +679,7 @@ declare type AppComponents = {
  *
  * @public
  */
-declare type AppIcons = {
+type AppIcons = {
     'kind:api': IconComponent;
     'kind:component': IconComponent;
     'kind:domain': IconComponent;
@@ -690,13 +710,13 @@ declare type AppIcons = {
  *
  * @public
  */
-declare type AppConfigLoader = () => Promise<AppConfig[]>;
+type AppConfigLoader = () => Promise<AppConfig[]>;
 /**
  * Extracts a union of the keys in a map whose value extends the given type
  *
  * @ignore
  */
-declare type KeysWithType<Obj extends {
+type KeysWithType<Obj extends {
     [key in string]: any;
 }, Type> = {
     [key in keyof Obj]: Obj[key] extends Type ? key : never;
@@ -706,7 +726,7 @@ declare type KeysWithType<Obj extends {
  *
  * @ignore
  */
-declare type PartialKeys<Map extends {
+type PartialKeys<Map extends {
     [name in string]: any;
 }, Keys extends keyof Map> = Partial<Pick<Map, Keys>> & Required<Omit<Map, Keys>>;
 /**
@@ -714,7 +734,7 @@ declare type PartialKeys<Map extends {
  *
  * @ignore
  */
-declare type TargetRouteMap<ExternalRoutes extends {
+type TargetRouteMap<ExternalRoutes extends {
     [name: string]: ExternalRouteRef;
 }> = {
     [name in keyof ExternalRoutes]: ExternalRoutes[name] extends ExternalRouteRef<infer Params, any> ? RouteRef<Params> | SubRouteRef<Params> : never;
@@ -725,7 +745,7 @@ declare type TargetRouteMap<ExternalRoutes extends {
  *
  * @public
  */
-declare type AppRouteBinder = <ExternalRoutes extends {
+type AppRouteBinder = <ExternalRoutes extends {
     [name: string]: ExternalRouteRef;
 }>(externalRoutes: ExternalRoutes, targetRoutes: PartialKeys<TargetRouteMap<ExternalRoutes>, KeysWithType<ExternalRoutes, ExternalRouteRef<any, true>>>) => void;
 /**
@@ -733,7 +753,7 @@ declare type AppRouteBinder = <ExternalRoutes extends {
  *
  * @public
  */
-declare type AppOptions = {
+type AppOptions = {
     /**
      * A collection of ApiFactories to register in the application to either
      * add new ones, or override factories provided by default or by plugins.
@@ -840,7 +860,7 @@ declare type AppOptions = {
  *
  * @public
  */
-declare type BackstageApp = {
+type BackstageApp = {
     /**
      * Returns all plugins registered for the app.
      */
@@ -894,7 +914,7 @@ declare type BackstageApp = {
  *
  * @public
  */
-declare type AppContext = {
+type AppContext = {
     /**
      * Get a list of all plugins that are installed in the app.
      */
@@ -948,7 +968,7 @@ declare const defaultConfigLoader: AppConfigLoader;
  *
  * @public
  */
-declare type FlatRoutesProps = {
+type FlatRoutesProps = {
     children: ReactNode;
 };
 /**
@@ -969,7 +989,7 @@ declare const FlatRoutes: (props: FlatRoutesProps) => JSX.Element | null;
  *
  * @public
  */
-declare type FeatureFlaggedProps = {
+type FeatureFlaggedProps = {
     children: ReactNode;
 } & ({
     with: string;

package/dist/index.esm.js

@@ -262,9 +262,12 @@ class DefaultAuthConnector {
     }
     return this.authRequester(options.scopes);
   }
-  async refreshSession() {
+  async refreshSession(scopes) {
     const res = await fetch(
-      await this.buildUrl("/refresh", { optional: true }),
+      await this.buildUrl("/refresh", {
+        optional: true,
+        ...scopes && { scope: this.joinScopesFunc(scopes) }
+      }),
       {
         headers: {
           "x-requested-with": "XMLHttpRequest"
@@ -606,7 +609,9 @@ class RefreshingAuthSessionManager {
         return this.currentSession;
       }
       try {
-        const refreshedSession = await this.collapsedSessionRefresh();
+        const refreshedSession = await this.collapsedSessionRefresh(
+          options.scopes
+        );
         const currentScopes = this.sessionScopesFunc(this.currentSession);
         const refreshedScopes = this.sessionScopesFunc(refreshedSession);
         if (hasScopes$1(refreshedScopes, currentScopes)) {
@@ -622,7 +627,7 @@ class RefreshingAuthSessionManager {
     }
     if (!this.currentSession && !options.instantPopup) {
       try {
-        const newSession = await this.collapsedSessionRefresh();
+        const newSession = await this.collapsedSessionRefresh(options.scopes);
         this.currentSession = newSession;
         return this.getSession(options);
       } catch {
@@ -646,11 +651,11 @@ class RefreshingAuthSessionManager {
   sessionState$() {
     return this.stateTracker.sessionState$();
   }
-  async collapsedSessionRefresh() {
+  async collapsedSessionRefresh(scopes) {
     if (this.refreshPromise) {
       return this.refreshPromise;
     }
-    this.refreshPromise = this.connector.refreshSession();
+    this.refreshPromise = this.connector.refreshSession(scopes);
     try {
       const session = await this.refreshPromise;
       this.stateTracker.setIsSignedIn(true);
@@ -1108,8 +1113,11 @@ const DEFAULT_PROVIDER$4 = {
   title: "Microsoft",
   icon: () => null
 };
-class MicrosoftAuth {
+const _MicrosoftAuth = class {
   static create(options) {
+    return new _MicrosoftAuth(options);
+  }
+  constructor(options) {
     const {
       configApi,
       environment = "development",
@@ -1122,18 +1130,101 @@ class MicrosoftAuth {
         "profile",
         "email",
         "User.Read"
-      ]
+      ],
+      scopeTransform = (scopes) => scopes.concat("offline_access")
     } = options;
-    return OAuth2.create({
-      configApi,
-      discoveryApi,
-      oauthRequestApi,
-      provider,
-      environment,
-      defaultScopes
-    });
+    this.configApi = configApi;
+    this.environment = environment;
+    this.provider = provider;
+    this.oauthRequestApi = oauthRequestApi;
+    this.discoveryApi = discoveryApi;
+    this.scopeTransform = scopeTransform;
+    this.oauth2 = {
+      [_MicrosoftAuth.MicrosoftGraphID]: OAuth2.create({
+        configApi: this.configApi,
+        discoveryApi: this.discoveryApi,
+        oauthRequestApi: this.oauthRequestApi,
+        provider: this.provider,
+        environment: this.environment,
+        scopeTransform: this.scopeTransform,
+        defaultScopes
+      })
+    };
   }
-}
+  microsoftGraph() {
+    return this.oauth2[_MicrosoftAuth.MicrosoftGraphID];
+  }
+  static resourceForScopes(scope) {
+    var _a;
+    const audiences = scope.split(" ").map(_MicrosoftAuth.resourceForScope).filter((aud) => aud !== "openid");
+    if (audiences.length > 1) {
+      return Promise.reject(
+        new Error(
+          `Requested access token with scopes from multiple Azure resources: ${audiences.join(
+            ", "
+          )}. Access tokens can only have a single audience.`
+        )
+      );
+    }
+    const audience = (_a = audiences[0]) != null ? _a : _MicrosoftAuth.MicrosoftGraphID;
+    return Promise.resolve(audience);
+  }
+  static resourceForScope(scope) {
+    var _a;
+    const groups = (_a = scope.match(/^(?<resourceURI>.*)\/(?<scp>[^\/]*)$/)) == null ? void 0 : _a.groups;
+    if (groups) {
+      const { resourceURI } = groups;
+      const aud = resourceURI.replace(/^api:\/\//, "");
+      return aud;
+    }
+    switch (scope) {
+      case "email":
+      case "openid":
+      case "offline_access":
+      case "profile": {
+        return "openid";
+      }
+      default:
+        return _MicrosoftAuth.MicrosoftGraphID;
+    }
+  }
+  async getAccessToken(scope, options) {
+    const aud = scope === void 0 ? _MicrosoftAuth.MicrosoftGraphID : await _MicrosoftAuth.resourceForScopes(
+      Array.isArray(scope) ? scope.join(" ") : scope
+    );
+    if (!(aud in this.oauth2)) {
+      this.oauth2[aud] = OAuth2.create({
+        configApi: this.configApi,
+        discoveryApi: this.discoveryApi,
+        oauthRequestApi: this.oauthRequestApi,
+        provider: this.provider,
+        environment: this.environment,
+        scopeTransform: this.scopeTransform
+      });
+    }
+    return this.oauth2[aud].getAccessToken(scope, options);
+  }
+  getIdToken(options) {
+    return this.microsoftGraph().getIdToken(options);
+  }
+  getProfile(options) {
+    return this.microsoftGraph().getProfile(options);
+  }
+  getBackstageIdentity(options) {
+    return this.microsoftGraph().getBackstageIdentity(options);
+  }
+  signIn() {
+    return this.microsoftGraph().signIn();
+  }
+  signOut() {
+    return this.microsoftGraph().signOut();
+  }
+  sessionState$() {
+    return this.microsoftGraph().sessionState$();
+  }
+};
+let MicrosoftAuth = _MicrosoftAuth;
+MicrosoftAuth.MicrosoftGraphID = "00000003-0000-0000-c000-000000000000";
 
 const DEFAULT_PROVIDER$3 = {
   id: "onelogin",