npm - @backstage/core-app-api - Versions diffs - 1.7.0-next.2 → 1.7.0 - Mend

@backstage/core-app-api 1.7.0-next.2 → 1.7.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

package/CHANGELOG.md CHANGED Viewed

@@ -1,5 +1,44 @@
 # @backstage/core-app-api
+## 1.7.0
+### Minor Changes
+- 7908d72e033: Introduce a new global config parameter, `auth.enableExperimentalRedirectFlow`. When enabled, auth will happen with an in-window redirect flow rather than through a popup window.
+- c15e0cedbe1: The `AuthConnector` interface now supports specifying a set of scopes when
+  refreshing a session. The `DefaultAuthConnector` implementation passes the
+  `scope` query parameter to the auth-backend plugin appropriately. The
+  `RefreshingAuthSessionManager` passes any scopes in its `GetSessionRequest`
+  appropriately.
+### Patch Changes
+- 1e4f5e91b8e: Bump `zod` and `zod-to-json-schema` dependencies.
+- e0c6e8b9c3c: Update peer dependencies
+- Updated dependencies
+  - @backstage/core-plugin-api@1.5.1
+  - @backstage/version-bridge@1.0.4
+  - @backstage/config@1.0.7
+  - @backstage/types@1.0.2
+## 1.7.0-next.3
+### Minor Changes
+- c15e0cedbe1: The `AuthConnector` interface now supports specifying a set of scopes when
+  refreshing a session. The `DefaultAuthConnector` implementation passes the
+  `scope` query parameter to the auth-backend plugin appropriately. The
+  `RefreshingAuthSessionManager` passes any scopes in its `GetSessionRequest`
+  appropriately.
+### Patch Changes
+- Updated dependencies
+  - @backstage/config@1.0.7
+  - @backstage/core-plugin-api@1.5.1-next.1
+  - @backstage/types@1.0.2
+  - @backstage/version-bridge@1.0.4-next.0
 ## 1.7.0-next.2
 ### Patch Changes

package/dist/index.d.ts CHANGED Viewed

@@ -1,5 +1,6 @@
 import { ReactNode, PropsWithChildren, ComponentType } from 'react';
 import PropTypes from 'prop-types';
+import * as _backstage_core_plugin_api from '@backstage/core-plugin-api';
 import { ApiHolder, ApiRef, ApiFactory, AnyApiRef, OAuthRequestApi, DiscoveryApi, AuthProviderInfo, ConfigApi, githubAuthApiRef, gitlabAuthApiRef, googleAuthApiRef, OAuthApi, OpenIdConnectApi, ProfileInfoApi, BackstageIdentityApi, SessionApi, SessionState, AuthRequestOptions, BackstageIdentityResponse, ProfileInfo, oktaAuthApiRef, microsoftAuthApiRef, oneloginAuthApiRef, bitbucketAuthApiRef, bitbucketServerAuthApiRef, atlassianAuthApiRef, AlertApi, AlertMessage, AnalyticsApi, AnalyticsEvent, AppThemeApi, AppTheme, ErrorApi, ErrorApiError, ErrorApiErrorContext, FeatureFlagsApi, FeatureFlag, FeatureFlagsSaveOptions, FetchApi, IdentityApi, OAuthRequesterOptions, OAuthRequester, PendingOAuthRequest, StorageApi, StorageValueSnapshot, BackstagePlugin, IconComponent, ExternalRouteRef, AnyApiFactory, RouteRef, SubRouteRef } from '@backstage/core-plugin-api';
 import * as _backstage_types from '@backstage/types';
 import { Observable, JsonValue } from '@backstage/types';
@@ -211,7 +212,26 @@ declare class SamlAuth implements ProfileInfoApi, BackstageIdentityApi, SessionA
  * @public
  */
 declare class MicrosoftAuth {
-    static create(options: OAuthApiCreateOptions): typeof microsoftAuthApiRef.T;
+    private oauth2;
+    private configApi;
+    private environment;
+    private provider;
+    private oauthRequestApi;
+    private discoveryApi;
+    private scopeTransform;
+    private static MicrosoftGraphID;
+    static create(options: OAuth2CreateOptions): typeof microsoftAuthApiRef.T;
+    private constructor();
+    private microsoftGraph;
+    private static resourceForScopes;
+    private static resourceForScope;
+    getAccessToken(scope?: string | string[], options?: AuthRequestOptions): Promise<string>;
+    getIdToken(options?: AuthRequestOptions): Promise<string>;
+    getProfile(options?: AuthRequestOptions): Promise<_backstage_core_plugin_api.ProfileInfo | undefined>;
+    getBackstageIdentity(options?: AuthRequestOptions): Promise<_backstage_core_plugin_api.BackstageIdentityResponse | undefined>;
+    signIn(): Promise<void>;
+    signOut(): Promise<void>;
+    sessionState$(): _backstage_types.Observable<_backstage_core_plugin_api.SessionState>;
 }
 /**

package/dist/index.esm.js CHANGED Viewed

@@ -262,9 +262,12 @@ class DefaultAuthConnector {
     }
     return this.authRequester(options.scopes);
   }
-  async refreshSession() {
+  async refreshSession(scopes) {
     const res = await fetch(
-      await this.buildUrl("/refresh", { optional: true }),
+      await this.buildUrl("/refresh", {
+        optional: true,
+        ...scopes && { scope: this.joinScopesFunc(scopes) }
+      }),
       {
         headers: {
           "x-requested-with": "XMLHttpRequest"
@@ -606,7 +609,9 @@ class RefreshingAuthSessionManager {
         return this.currentSession;
       }
       try {
-        const refreshedSession = await this.collapsedSessionRefresh();
+        const refreshedSession = await this.collapsedSessionRefresh(
+          options.scopes
+        );
         const currentScopes = this.sessionScopesFunc(this.currentSession);
         const refreshedScopes = this.sessionScopesFunc(refreshedSession);
         if (hasScopes$1(refreshedScopes, currentScopes)) {
@@ -622,7 +627,7 @@ class RefreshingAuthSessionManager {
     }
     if (!this.currentSession && !options.instantPopup) {
       try {
-        const newSession = await this.collapsedSessionRefresh();
+        const newSession = await this.collapsedSessionRefresh(options.scopes);
         this.currentSession = newSession;
         return this.getSession(options);
       } catch {
@@ -646,11 +651,11 @@ class RefreshingAuthSessionManager {
   sessionState$() {
     return this.stateTracker.sessionState$();
   }
-  async collapsedSessionRefresh() {
+  async collapsedSessionRefresh(scopes) {
     if (this.refreshPromise) {
       return this.refreshPromise;
     }
-    this.refreshPromise = this.connector.refreshSession();
+    this.refreshPromise = this.connector.refreshSession(scopes);
     try {
       const session = await this.refreshPromise;
       this.stateTracker.setIsSignedIn(true);
@@ -1108,8 +1113,11 @@ const DEFAULT_PROVIDER$4 = {
   title: "Microsoft",
   icon: () => null
 };
-class MicrosoftAuth {
+const _MicrosoftAuth = class {
   static create(options) {
+    return new _MicrosoftAuth(options);
+  }
+  constructor(options) {
     const {
       configApi,
       environment = "development",
@@ -1122,18 +1130,101 @@ class MicrosoftAuth {
         "profile",
         "email",
         "User.Read"
-      ]
+      ],
+      scopeTransform = (scopes) => scopes.concat("offline_access")
     } = options;
-    return OAuth2.create({
-      configApi,
-      discoveryApi,
-      oauthRequestApi,
-      provider,
-      environment,
-      defaultScopes
-    });
+    this.configApi = configApi;
+    this.environment = environment;
+    this.provider = provider;
+    this.oauthRequestApi = oauthRequestApi;
+    this.discoveryApi = discoveryApi;
+    this.scopeTransform = scopeTransform;
+    this.oauth2 = {
+      [_MicrosoftAuth.MicrosoftGraphID]: OAuth2.create({
+        configApi: this.configApi,
+        discoveryApi: this.discoveryApi,
+        oauthRequestApi: this.oauthRequestApi,
+        provider: this.provider,
+        environment: this.environment,
+        scopeTransform: this.scopeTransform,
+        defaultScopes
+      })
+    };
   }
-}
+  microsoftGraph() {
+    return this.oauth2[_MicrosoftAuth.MicrosoftGraphID];
+  }
+  static resourceForScopes(scope) {
+    var _a;
+    const audiences = scope.split(" ").map(_MicrosoftAuth.resourceForScope).filter((aud) => aud !== "openid");
+    if (audiences.length > 1) {
+      return Promise.reject(
+        new Error(
+          `Requested access token with scopes from multiple Azure resources: ${audiences.join(
+            ", "
+          )}. Access tokens can only have a single audience.`
+        )
+      );
+    }
+    const audience = (_a = audiences[0]) != null ? _a : _MicrosoftAuth.MicrosoftGraphID;
+    return Promise.resolve(audience);
+  }
+  static resourceForScope(scope) {
+    var _a;
+    const groups = (_a = scope.match(/^(?<resourceURI>.*)\/(?<scp>[^\/]*)$/)) == null ? void 0 : _a.groups;
+    if (groups) {
+      const { resourceURI } = groups;
+      const aud = resourceURI.replace(/^api:\/\//, "");
+      return aud;
+    }
+    switch (scope) {
+      case "email":
+      case "openid":
+      case "offline_access":
+      case "profile": {
+        return "openid";
+      }
+      default:
+        return _MicrosoftAuth.MicrosoftGraphID;
+    }
+  }
+  async getAccessToken(scope, options) {
+    const aud = scope === void 0 ? _MicrosoftAuth.MicrosoftGraphID : await _MicrosoftAuth.resourceForScopes(
+      Array.isArray(scope) ? scope.join(" ") : scope
+    );
+    if (!(aud in this.oauth2)) {
+      this.oauth2[aud] = OAuth2.create({
+        configApi: this.configApi,
+        discoveryApi: this.discoveryApi,
+        oauthRequestApi: this.oauthRequestApi,
+        provider: this.provider,
+        environment: this.environment,
+        scopeTransform: this.scopeTransform
+      });
+    }
+    return this.oauth2[aud].getAccessToken(scope, options);
+  }
+  getIdToken(options) {
+    return this.microsoftGraph().getIdToken(options);
+  }
+  getProfile(options) {
+    return this.microsoftGraph().getProfile(options);
+  }
+  getBackstageIdentity(options) {
+    return this.microsoftGraph().getBackstageIdentity(options);
+  }
+  signIn() {
+    return this.microsoftGraph().signIn();
+  }
+  signOut() {
+    return this.microsoftGraph().signOut();
+  }
+  sessionState$() {
+    return this.microsoftGraph().sessionState$();
+  }
+};
+let MicrosoftAuth = _MicrosoftAuth;
+MicrosoftAuth.MicrosoftGraphID = "00000003-0000-0000-c000-000000000000";
 const DEFAULT_PROVIDER$3 = {
   id: "onelogin",