@backstage/integration-react 1.1.30 → 1.1.31-next.0

package/CHANGELOG.md

@@ -1,5 +1,18 @@
 # @backstage/integration-react
 
+## 1.1.31-next.0
+
+### Patch Changes
+
+- 8a9d797: Remove unnecessary broad permissions from Gitlab `SCMAuth`
+
+  Newer versions of Gitlab (after 2019) do not require the broad api permissions to write to repos.
+
+- Updated dependencies
+  - @backstage/integration@1.15.0-next.0
+  - @backstage/core-plugin-api@1.9.4-next.0
+  - @backstage/config@1.2.0
+
 ## 1.1.30
 
 ### Patch Changes

package/dist/api/ScmAuth.esm.js

@@ -75,13 +75,13 @@ class ScmAuth {
    *
    * If the additional `repoWrite` permission is requested, these scopes are added:
    *
-   * `write_repository api`
+   * `write_repository`
    */
   static forGitlab(gitlabAuthApi, options) {
     const host = options?.host ?? "gitlab.com";
     return new ScmAuth("gitlab", gitlabAuthApi, host, {
       default: ["read_user", "read_api", "read_repository"],
-      repoWrite: ["write_repository", "api"]
+      repoWrite: ["write_repository"]
     });
   }
   /**

package/dist/api/ScmAuth.esm.js.map

@@ -1 +1 @@
-{"version":3,"file":"ScmAuth.esm.js","sources":["../../src/api/ScmAuth.ts"],"sourcesContent":["/*\n * Copyright 2021 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n *     http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport {\n  bitbucketAuthApiRef,\n  createApiFactory,\n  githubAuthApiRef,\n  gitlabAuthApiRef,\n  microsoftAuthApiRef,\n  OAuthApi,\n} from '@backstage/core-plugin-api';\nimport {\n  ScmAuthApi,\n  scmAuthApiRef,\n  ScmAuthTokenOptions,\n  ScmAuthTokenResponse,\n} from './ScmAuthApi';\n\ntype ScopeMapping = {\n  /** The base scopes used for all requests */\n  default: string[];\n  /** Additional scopes added if `repoWrite` is requested */\n  repoWrite: string[];\n};\n\n// An enum of all supported providers\ntype ProviderName = 'generic' | 'github' | 'azure' | 'bitbucket' | 'gitlab';\n\nclass ScmAuthMux implements ScmAuthApi {\n  #providers: Array<ScmAuth>;\n\n  constructor(providers: ScmAuth[]) {\n    this.#providers = providers;\n  }\n\n  async getCredentials(\n    options: ScmAuthTokenOptions,\n  ): Promise<ScmAuthTokenResponse> {\n    const url = new URL(options.url);\n    const provider = this.#providers.find(p => p.isUrlSupported(url));\n    if (!provider) {\n      throw new Error(\n        `No auth provider available for '${options.url}', see https://backstage.io/link?scm-auth`,\n      );\n    }\n\n    return provider.getCredentials(options);\n  }\n}\n\n/**\n * An implementation of the ScmAuthApi that merges together OAuthApi instances\n * to form a single instance that can handles authentication for multiple providers.\n *\n * @public\n *\n * @example\n * ```\n * // Supports authentication towards both public GitHub and GHE:\n * createApiFactory({\n *   api: scmAuthApiRef,\n *   deps: {\n *     gheAuthApi: gheAuthApiRef,\n *     githubAuthApi: githubAuthApiRef,\n *   },\n *   factory: ({ githubAuthApi, gheAuthApi }) =>\n *     ScmAuth.merge(\n *       ScmAuth.forGithub(githubAuthApi),\n *       ScmAuth.forGithub(gheAuthApi, {\n *         host: 'ghe.example.com',\n *       }),\n *     )\n * })\n * ```\n */\nexport class ScmAuth implements ScmAuthApi {\n  /**\n   * Creates an API factory that enables auth for each of the default SCM providers.\n   */\n  static createDefaultApiFactory() {\n    return createApiFactory({\n      api: scmAuthApiRef,\n      deps: {\n        github: githubAuthApiRef,\n        gitlab: gitlabAuthApiRef,\n        azure: microsoftAuthApiRef,\n        bitbucket: bitbucketAuthApiRef,\n      },\n      factory: ({ github, gitlab, azure, bitbucket }) =>\n        ScmAuth.merge(\n          ScmAuth.forGithub(github),\n          ScmAuth.forGitlab(gitlab),\n          ScmAuth.forAzure(azure),\n          ScmAuth.forBitbucket(bitbucket),\n        ),\n    });\n  }\n\n  /**\n   * Creates a general purpose ScmAuth instance with a custom scope mapping.\n   */\n  static forAuthApi(\n    authApi: OAuthApi,\n    options: {\n      host: string;\n      scopeMapping: {\n        default: string[];\n        repoWrite: string[];\n      };\n    },\n  ): ScmAuth {\n    return new ScmAuth('generic', authApi, options.host, options.scopeMapping);\n  }\n\n  /**\n   * Creates a new ScmAuth instance that handles authentication towards GitHub.\n   *\n   * The host option determines which URLs that are handled by this instance and defaults to `github.com`.\n   *\n   * The default scopes are:\n   *\n   * `repo read:org read:user`\n   *\n   * If the additional `repoWrite` permission is requested, these scopes are added:\n   *\n   * `gist`\n   */\n  static forGithub(\n    githubAuthApi: OAuthApi,\n    options?: {\n      host?: string;\n    },\n  ): ScmAuth {\n    const host = options?.host ?? 'github.com';\n    return new ScmAuth('github', githubAuthApi, host, {\n      default: ['repo', 'read:org', 'read:user'],\n      repoWrite: ['gist'],\n    });\n  }\n\n  /**\n   * Creates a new ScmAuth instance that handles authentication towards GitLab.\n   *\n   * The host option determines which URLs that are handled by this instance and defaults to `gitlab.com`.\n   *\n   * The default scopes are:\n   *\n   * `read_user read_api read_repository`\n   *\n   * If the additional `repoWrite` permission is requested, these scopes are added:\n   *\n   * `write_repository api`\n   */\n  static forGitlab(\n    gitlabAuthApi: OAuthApi,\n    options?: {\n      host?: string;\n    },\n  ): ScmAuth {\n    const host = options?.host ?? 'gitlab.com';\n    return new ScmAuth('gitlab', gitlabAuthApi, host, {\n      default: ['read_user', 'read_api', 'read_repository'],\n      repoWrite: ['write_repository', 'api'],\n    });\n  }\n\n  /**\n   * Creates a new ScmAuth instance that handles authentication towards Azure.\n   *\n   * The host option determines which URLs that are handled by this instance and defaults to `dev.azure.com`.\n   *\n   * The default scopes are:\n   *\n   * `vso.build vso.code vso.graph vso.project vso.profile`\n   *\n   * If the additional `repoWrite` permission is requested, these scopes are added:\n   *\n   * `vso.code_manage`\n   */\n  static forAzure(\n    microsoftAuthApi: OAuthApi,\n    options?: {\n      host?: string;\n    },\n  ): ScmAuth {\n    const host = options?.host ?? 'dev.azure.com';\n    return new ScmAuth('azure', microsoftAuthApi, host, {\n      default: [\n        '499b84ac-1321-427f-aa17-267ca6975798/vso.build',\n        '499b84ac-1321-427f-aa17-267ca6975798/vso.code',\n        '499b84ac-1321-427f-aa17-267ca6975798/vso.graph',\n        '499b84ac-1321-427f-aa17-267ca6975798/vso.project',\n        '499b84ac-1321-427f-aa17-267ca6975798/vso.profile',\n      ],\n      repoWrite: ['499b84ac-1321-427f-aa17-267ca6975798/vso.code_manage'],\n    });\n  }\n\n  /**\n   * Creates a new ScmAuth instance that handles authentication towards Bitbucket.\n   *\n   * The host option determines which URLs that are handled by this instance and defaults to `bitbucket.org`.\n   *\n   * The default scopes are:\n   *\n   * `account team pullrequest snippet issue`\n   *\n   * If the additional `repoWrite` permission is requested, these scopes are added:\n   *\n   * `pullrequest:write snippet:write issue:write`\n   */\n  static forBitbucket(\n    bitbucketAuthApi: OAuthApi,\n    options?: {\n      host?: string;\n    },\n  ): ScmAuth {\n    const host = options?.host ?? 'bitbucket.org';\n    return new ScmAuth('bitbucket', bitbucketAuthApi, host, {\n      default: ['account', 'team', 'pullrequest', 'snippet', 'issue'],\n      repoWrite: ['pullrequest:write', 'snippet:write', 'issue:write'],\n    });\n  }\n\n  /**\n   * Merges together multiple ScmAuth instances into one that\n   * routes requests to the correct instance based on the URL.\n   */\n  static merge(...providers: ScmAuth[]): ScmAuthApi {\n    return new ScmAuthMux(providers);\n  }\n\n  #api: OAuthApi;\n  #host: string;\n  #scopeMapping: ScopeMapping;\n  #providerName: ProviderName;\n\n  private constructor(\n    providerName: ProviderName,\n    api: OAuthApi,\n    host: string,\n    scopeMapping: ScopeMapping,\n  ) {\n    this.#api = api;\n    this.#host = host;\n    this.#scopeMapping = scopeMapping;\n    this.#providerName = providerName;\n  }\n\n  /**\n   * Checks whether the implementation is able to provide authentication for the given URL.\n   */\n  isUrlSupported(url: URL): boolean {\n    return url.host === this.#host;\n  }\n\n  private getAdditionalScopesForProvider(\n    additionalScopes: ScmAuthTokenOptions['additionalScope'],\n  ): string[] {\n    if (!additionalScopes?.customScopes || this.#providerName === 'generic') {\n      return [];\n    }\n\n    return additionalScopes.customScopes?.[this.#providerName] ?? [];\n  }\n\n  /**\n   * Fetches credentials for the given resource.\n   */\n  async getCredentials(\n    options: ScmAuthTokenOptions,\n  ): Promise<ScmAuthTokenResponse> {\n    const { url, additionalScope, ...restOptions } = options;\n\n    const scopes = this.#scopeMapping.default.slice();\n    if (additionalScope?.repoWrite) {\n      scopes.push(...this.#scopeMapping.repoWrite);\n    }\n\n    const additionalScopes =\n      this.getAdditionalScopesForProvider(additionalScope);\n\n    if (additionalScopes.length) {\n      scopes.push(...additionalScopes);\n    }\n\n    const uniqueScopes = [...new Set(scopes)];\n\n    const token = await this.#api.getAccessToken(uniqueScopes, restOptions);\n\n    return {\n      token,\n      headers: {\n        Authorization: `Bearer ${token}`,\n      },\n    };\n  }\n}\n"],"names":[],"mappings":";;;AAyCA,MAAM,UAAiC,CAAA;AAAA,EACrC,UAAA,CAAA;AAAA,EAEA,YAAY,SAAsB,EAAA;AAChC,IAAA,IAAA,CAAK,UAAa,GAAA,SAAA,CAAA;AAAA,GACpB;AAAA,EAEA,MAAM,eACJ,OAC+B,EAAA;AAC/B,IAAA,MAAM,GAAM,GAAA,IAAI,GAAI,CAAA,OAAA,CAAQ,GAAG,CAAA,CAAA;AAC/B,IAAM,MAAA,QAAA,GAAW,KAAK,UAAW,CAAA,IAAA,CAAK,OAAK,CAAE,CAAA,cAAA,CAAe,GAAG,CAAC,CAAA,CAAA;AAChE,IAAA,IAAI,CAAC,QAAU,EAAA;AACb,MAAA,MAAM,IAAI,KAAA;AAAA,QACR,CAAA,gCAAA,EAAmC,QAAQ,GAAG,CAAA,yCAAA,CAAA;AAAA,OAChD,CAAA;AAAA,KACF;AAEA,IAAO,OAAA,QAAA,CAAS,eAAe,OAAO,CAAA,CAAA;AAAA,GACxC;AACF,CAAA;AA2BO,MAAM,OAA8B,CAAA;AAAA;AAAA;AAAA;AAAA,EAIzC,OAAO,uBAA0B,GAAA;AAC/B,IAAA,OAAO,gBAAiB,CAAA;AAAA,MACtB,GAAK,EAAA,aAAA;AAAA,MACL,IAAM,EAAA;AAAA,QACJ,MAAQ,EAAA,gBAAA;AAAA,QACR,MAAQ,EAAA,gBAAA;AAAA,QACR,KAAO,EAAA,mBAAA;AAAA,QACP,SAAW,EAAA,mBAAA;AAAA,OACb;AAAA,MACA,OAAA,EAAS,CAAC,EAAE,MAAA,EAAQ,QAAQ,KAAO,EAAA,SAAA,OACjC,OAAQ,CAAA,KAAA;AAAA,QACN,OAAA,CAAQ,UAAU,MAAM,CAAA;AAAA,QACxB,OAAA,CAAQ,UAAU,MAAM,CAAA;AAAA,QACxB,OAAA,CAAQ,SAAS,KAAK,CAAA;AAAA,QACtB,OAAA,CAAQ,aAAa,SAAS,CAAA;AAAA,OAChC;AAAA,KACH,CAAA,CAAA;AAAA,GACH;AAAA;AAAA;AAAA;AAAA,EAKA,OAAO,UACL,CAAA,OAAA,EACA,OAOS,EAAA;AACT,IAAA,OAAO,IAAI,OAAQ,CAAA,SAAA,EAAW,SAAS,OAAQ,CAAA,IAAA,EAAM,QAAQ,YAAY,CAAA,CAAA;AAAA,GAC3E;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAeA,OAAO,SACL,CAAA,aAAA,EACA,OAGS,EAAA;AACT,IAAM,MAAA,IAAA,GAAO,SAAS,IAAQ,IAAA,YAAA,CAAA;AAC9B,IAAA,OAAO,IAAI,OAAA,CAAQ,QAAU,EAAA,aAAA,EAAe,IAAM,EAAA;AAAA,MAChD,OAAS,EAAA,CAAC,MAAQ,EAAA,UAAA,EAAY,WAAW,CAAA;AAAA,MACzC,SAAA,EAAW,CAAC,MAAM,CAAA;AAAA,KACnB,CAAA,CAAA;AAAA,GACH;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAeA,OAAO,SACL,CAAA,aAAA,EACA,OAGS,EAAA;AACT,IAAM,MAAA,IAAA,GAAO,SAAS,IAAQ,IAAA,YAAA,CAAA;AAC9B,IAAA,OAAO,IAAI,OAAA,CAAQ,QAAU,EAAA,aAAA,EAAe,IAAM,EAAA;AAAA,MAChD,OAAS,EAAA,CAAC,WAAa,EAAA,UAAA,EAAY,iBAAiB,CAAA;AAAA,MACpD,SAAA,EAAW,CAAC,kBAAA,EAAoB,KAAK,CAAA;AAAA,KACtC,CAAA,CAAA;AAAA,GACH;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAeA,OAAO,QACL,CAAA,gBAAA,EACA,OAGS,EAAA;AACT,IAAM,MAAA,IAAA,GAAO,SAAS,IAAQ,IAAA,eAAA,CAAA;AAC9B,IAAA,OAAO,IAAI,OAAA,CAAQ,OAAS,EAAA,gBAAA,EAAkB,IAAM,EAAA;AAAA,MAClD,OAAS,EAAA;AAAA,QACP,gDAAA;AAAA,QACA,+CAAA;AAAA,QACA,gDAAA;AAAA,QACA,kDAAA;AAAA,QACA,kDAAA;AAAA,OACF;AAAA,MACA,SAAA,EAAW,CAAC,sDAAsD,CAAA;AAAA,KACnE,CAAA,CAAA;AAAA,GACH;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAeA,OAAO,YACL,CAAA,gBAAA,EACA,OAGS,EAAA;AACT,IAAM,MAAA,IAAA,GAAO,SAAS,IAAQ,IAAA,eAAA,CAAA;AAC9B,IAAA,OAAO,IAAI,OAAA,CAAQ,WAAa,EAAA,gBAAA,EAAkB,IAAM,EAAA;AAAA,MACtD,SAAS,CAAC,SAAA,EAAW,MAAQ,EAAA,aAAA,EAAe,WAAW,OAAO,CAAA;AAAA,MAC9D,SAAW,EAAA,CAAC,mBAAqB,EAAA,eAAA,EAAiB,aAAa,CAAA;AAAA,KAChE,CAAA,CAAA;AAAA,GACH;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,OAAO,SAAS,SAAkC,EAAA;AAChD,IAAO,OAAA,IAAI,WAAW,SAAS,CAAA,CAAA;AAAA,GACjC;AAAA,EAEA,IAAA,CAAA;AAAA,EACA,KAAA,CAAA;AAAA,EACA,aAAA,CAAA;AAAA,EACA,aAAA,CAAA;AAAA,EAEQ,WACN,CAAA,YAAA,EACA,GACA,EAAA,IAAA,EACA,YACA,EAAA;AACA,IAAA,IAAA,CAAK,IAAO,GAAA,GAAA,CAAA;AACZ,IAAA,IAAA,CAAK,KAAQ,GAAA,IAAA,CAAA;AACb,IAAA,IAAA,CAAK,aAAgB,GAAA,YAAA,CAAA;AACrB,IAAA,IAAA,CAAK,aAAgB,GAAA,YAAA,CAAA;AAAA,GACvB;AAAA;AAAA;AAAA;AAAA,EAKA,eAAe,GAAmB,EAAA;AAChC,IAAO,OAAA,GAAA,CAAI,SAAS,IAAK,CAAA,KAAA,CAAA;AAAA,GAC3B;AAAA,EAEQ,+BACN,gBACU,EAAA;AACV,IAAA,IAAI,CAAC,gBAAA,EAAkB,YAAgB,IAAA,IAAA,CAAK,kBAAkB,SAAW,EAAA;AACvE,MAAA,OAAO,EAAC,CAAA;AAAA,KACV;AAEA,IAAA,OAAO,gBAAiB,CAAA,YAAA,GAAe,IAAK,CAAA,aAAa,KAAK,EAAC,CAAA;AAAA,GACjE;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,eACJ,OAC+B,EAAA;AAC/B,IAAA,MAAM,EAAE,GAAA,EAAK,eAAiB,EAAA,GAAG,aAAgB,GAAA,OAAA,CAAA;AAEjD,IAAA,MAAM,MAAS,GAAA,IAAA,CAAK,aAAc,CAAA,OAAA,CAAQ,KAAM,EAAA,CAAA;AAChD,IAAA,IAAI,iBAAiB,SAAW,EAAA;AAC9B,MAAA,MAAA,CAAO,IAAK,CAAA,GAAG,IAAK,CAAA,aAAA,CAAc,SAAS,CAAA,CAAA;AAAA,KAC7C;AAEA,IAAM,MAAA,gBAAA,GACJ,IAAK,CAAA,8BAAA,CAA+B,eAAe,CAAA,CAAA;AAErD,IAAA,IAAI,iBAAiB,MAAQ,EAAA;AAC3B,MAAO,MAAA,CAAA,IAAA,CAAK,GAAG,gBAAgB,CAAA,CAAA;AAAA,KACjC;AAEA,IAAA,MAAM,eAAe,CAAC,GAAG,IAAI,GAAA,CAAI,MAAM,CAAC,CAAA,CAAA;AAExC,IAAA,MAAM,QAAQ,MAAM,IAAA,CAAK,IAAK,CAAA,cAAA,CAAe,cAAc,WAAW,CAAA,CAAA;AAEtE,IAAO,OAAA;AAAA,MACL,KAAA;AAAA,MACA,OAAS,EAAA;AAAA,QACP,aAAA,EAAe,UAAU,KAAK,CAAA,CAAA;AAAA,OAChC;AAAA,KACF,CAAA;AAAA,GACF;AACF;;;;"}
+{"version":3,"file":"ScmAuth.esm.js","sources":["../../src/api/ScmAuth.ts"],"sourcesContent":["/*\n * Copyright 2021 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n *     http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport {\n  bitbucketAuthApiRef,\n  createApiFactory,\n  githubAuthApiRef,\n  gitlabAuthApiRef,\n  microsoftAuthApiRef,\n  OAuthApi,\n} from '@backstage/core-plugin-api';\nimport {\n  ScmAuthApi,\n  scmAuthApiRef,\n  ScmAuthTokenOptions,\n  ScmAuthTokenResponse,\n} from './ScmAuthApi';\n\ntype ScopeMapping = {\n  /** The base scopes used for all requests */\n  default: string[];\n  /** Additional scopes added if `repoWrite` is requested */\n  repoWrite: string[];\n};\n\n// An enum of all supported providers\ntype ProviderName = 'generic' | 'github' | 'azure' | 'bitbucket' | 'gitlab';\n\nclass ScmAuthMux implements ScmAuthApi {\n  #providers: Array<ScmAuth>;\n\n  constructor(providers: ScmAuth[]) {\n    this.#providers = providers;\n  }\n\n  async getCredentials(\n    options: ScmAuthTokenOptions,\n  ): Promise<ScmAuthTokenResponse> {\n    const url = new URL(options.url);\n    const provider = this.#providers.find(p => p.isUrlSupported(url));\n    if (!provider) {\n      throw new Error(\n        `No auth provider available for '${options.url}', see https://backstage.io/link?scm-auth`,\n      );\n    }\n\n    return provider.getCredentials(options);\n  }\n}\n\n/**\n * An implementation of the ScmAuthApi that merges together OAuthApi instances\n * to form a single instance that can handles authentication for multiple providers.\n *\n * @public\n *\n * @example\n * ```\n * // Supports authentication towards both public GitHub and GHE:\n * createApiFactory({\n *   api: scmAuthApiRef,\n *   deps: {\n *     gheAuthApi: gheAuthApiRef,\n *     githubAuthApi: githubAuthApiRef,\n *   },\n *   factory: ({ githubAuthApi, gheAuthApi }) =>\n *     ScmAuth.merge(\n *       ScmAuth.forGithub(githubAuthApi),\n *       ScmAuth.forGithub(gheAuthApi, {\n *         host: 'ghe.example.com',\n *       }),\n *     )\n * })\n * ```\n */\nexport class ScmAuth implements ScmAuthApi {\n  /**\n   * Creates an API factory that enables auth for each of the default SCM providers.\n   */\n  static createDefaultApiFactory() {\n    return createApiFactory({\n      api: scmAuthApiRef,\n      deps: {\n        github: githubAuthApiRef,\n        gitlab: gitlabAuthApiRef,\n        azure: microsoftAuthApiRef,\n        bitbucket: bitbucketAuthApiRef,\n      },\n      factory: ({ github, gitlab, azure, bitbucket }) =>\n        ScmAuth.merge(\n          ScmAuth.forGithub(github),\n          ScmAuth.forGitlab(gitlab),\n          ScmAuth.forAzure(azure),\n          ScmAuth.forBitbucket(bitbucket),\n        ),\n    });\n  }\n\n  /**\n   * Creates a general purpose ScmAuth instance with a custom scope mapping.\n   */\n  static forAuthApi(\n    authApi: OAuthApi,\n    options: {\n      host: string;\n      scopeMapping: {\n        default: string[];\n        repoWrite: string[];\n      };\n    },\n  ): ScmAuth {\n    return new ScmAuth('generic', authApi, options.host, options.scopeMapping);\n  }\n\n  /**\n   * Creates a new ScmAuth instance that handles authentication towards GitHub.\n   *\n   * The host option determines which URLs that are handled by this instance and defaults to `github.com`.\n   *\n   * The default scopes are:\n   *\n   * `repo read:org read:user`\n   *\n   * If the additional `repoWrite` permission is requested, these scopes are added:\n   *\n   * `gist`\n   */\n  static forGithub(\n    githubAuthApi: OAuthApi,\n    options?: {\n      host?: string;\n    },\n  ): ScmAuth {\n    const host = options?.host ?? 'github.com';\n    return new ScmAuth('github', githubAuthApi, host, {\n      default: ['repo', 'read:org', 'read:user'],\n      repoWrite: ['gist'],\n    });\n  }\n\n  /**\n   * Creates a new ScmAuth instance that handles authentication towards GitLab.\n   *\n   * The host option determines which URLs that are handled by this instance and defaults to `gitlab.com`.\n   *\n   * The default scopes are:\n   *\n   * `read_user read_api read_repository`\n   *\n   * If the additional `repoWrite` permission is requested, these scopes are added:\n   *\n   * `write_repository`\n   */\n  static forGitlab(\n    gitlabAuthApi: OAuthApi,\n    options?: {\n      host?: string;\n    },\n  ): ScmAuth {\n    const host = options?.host ?? 'gitlab.com';\n    return new ScmAuth('gitlab', gitlabAuthApi, host, {\n      default: ['read_user', 'read_api', 'read_repository'],\n      repoWrite: ['write_repository'],\n    });\n  }\n\n  /**\n   * Creates a new ScmAuth instance that handles authentication towards Azure.\n   *\n   * The host option determines which URLs that are handled by this instance and defaults to `dev.azure.com`.\n   *\n   * The default scopes are:\n   *\n   * `vso.build vso.code vso.graph vso.project vso.profile`\n   *\n   * If the additional `repoWrite` permission is requested, these scopes are added:\n   *\n   * `vso.code_manage`\n   */\n  static forAzure(\n    microsoftAuthApi: OAuthApi,\n    options?: {\n      host?: string;\n    },\n  ): ScmAuth {\n    const host = options?.host ?? 'dev.azure.com';\n    return new ScmAuth('azure', microsoftAuthApi, host, {\n      default: [\n        '499b84ac-1321-427f-aa17-267ca6975798/vso.build',\n        '499b84ac-1321-427f-aa17-267ca6975798/vso.code',\n        '499b84ac-1321-427f-aa17-267ca6975798/vso.graph',\n        '499b84ac-1321-427f-aa17-267ca6975798/vso.project',\n        '499b84ac-1321-427f-aa17-267ca6975798/vso.profile',\n      ],\n      repoWrite: ['499b84ac-1321-427f-aa17-267ca6975798/vso.code_manage'],\n    });\n  }\n\n  /**\n   * Creates a new ScmAuth instance that handles authentication towards Bitbucket.\n   *\n   * The host option determines which URLs that are handled by this instance and defaults to `bitbucket.org`.\n   *\n   * The default scopes are:\n   *\n   * `account team pullrequest snippet issue`\n   *\n   * If the additional `repoWrite` permission is requested, these scopes are added:\n   *\n   * `pullrequest:write snippet:write issue:write`\n   */\n  static forBitbucket(\n    bitbucketAuthApi: OAuthApi,\n    options?: {\n      host?: string;\n    },\n  ): ScmAuth {\n    const host = options?.host ?? 'bitbucket.org';\n    return new ScmAuth('bitbucket', bitbucketAuthApi, host, {\n      default: ['account', 'team', 'pullrequest', 'snippet', 'issue'],\n      repoWrite: ['pullrequest:write', 'snippet:write', 'issue:write'],\n    });\n  }\n\n  /**\n   * Merges together multiple ScmAuth instances into one that\n   * routes requests to the correct instance based on the URL.\n   */\n  static merge(...providers: ScmAuth[]): ScmAuthApi {\n    return new ScmAuthMux(providers);\n  }\n\n  #api: OAuthApi;\n  #host: string;\n  #scopeMapping: ScopeMapping;\n  #providerName: ProviderName;\n\n  private constructor(\n    providerName: ProviderName,\n    api: OAuthApi,\n    host: string,\n    scopeMapping: ScopeMapping,\n  ) {\n    this.#api = api;\n    this.#host = host;\n    this.#scopeMapping = scopeMapping;\n    this.#providerName = providerName;\n  }\n\n  /**\n   * Checks whether the implementation is able to provide authentication for the given URL.\n   */\n  isUrlSupported(url: URL): boolean {\n    return url.host === this.#host;\n  }\n\n  private getAdditionalScopesForProvider(\n    additionalScopes: ScmAuthTokenOptions['additionalScope'],\n  ): string[] {\n    if (!additionalScopes?.customScopes || this.#providerName === 'generic') {\n      return [];\n    }\n\n    return additionalScopes.customScopes?.[this.#providerName] ?? [];\n  }\n\n  /**\n   * Fetches credentials for the given resource.\n   */\n  async getCredentials(\n    options: ScmAuthTokenOptions,\n  ): Promise<ScmAuthTokenResponse> {\n    const { url, additionalScope, ...restOptions } = options;\n\n    const scopes = this.#scopeMapping.default.slice();\n    if (additionalScope?.repoWrite) {\n      scopes.push(...this.#scopeMapping.repoWrite);\n    }\n\n    const additionalScopes =\n      this.getAdditionalScopesForProvider(additionalScope);\n\n    if (additionalScopes.length) {\n      scopes.push(...additionalScopes);\n    }\n\n    const uniqueScopes = [...new Set(scopes)];\n\n    const token = await this.#api.getAccessToken(uniqueScopes, restOptions);\n\n    return {\n      token,\n      headers: {\n        Authorization: `Bearer ${token}`,\n      },\n    };\n  }\n}\n"],"names":[],"mappings":";;;AAyCA,MAAM,UAAiC,CAAA;AAAA,EACrC,UAAA,CAAA;AAAA,EAEA,YAAY,SAAsB,EAAA;AAChC,IAAA,IAAA,CAAK,UAAa,GAAA,SAAA,CAAA;AAAA,GACpB;AAAA,EAEA,MAAM,eACJ,OAC+B,EAAA;AAC/B,IAAA,MAAM,GAAM,GAAA,IAAI,GAAI,CAAA,OAAA,CAAQ,GAAG,CAAA,CAAA;AAC/B,IAAM,MAAA,QAAA,GAAW,KAAK,UAAW,CAAA,IAAA,CAAK,OAAK,CAAE,CAAA,cAAA,CAAe,GAAG,CAAC,CAAA,CAAA;AAChE,IAAA,IAAI,CAAC,QAAU,EAAA;AACb,MAAA,MAAM,IAAI,KAAA;AAAA,QACR,CAAA,gCAAA,EAAmC,QAAQ,GAAG,CAAA,yCAAA,CAAA;AAAA,OAChD,CAAA;AAAA,KACF;AAEA,IAAO,OAAA,QAAA,CAAS,eAAe,OAAO,CAAA,CAAA;AAAA,GACxC;AACF,CAAA;AA2BO,MAAM,OAA8B,CAAA;AAAA;AAAA;AAAA;AAAA,EAIzC,OAAO,uBAA0B,GAAA;AAC/B,IAAA,OAAO,gBAAiB,CAAA;AAAA,MACtB,GAAK,EAAA,aAAA;AAAA,MACL,IAAM,EAAA;AAAA,QACJ,MAAQ,EAAA,gBAAA;AAAA,QACR,MAAQ,EAAA,gBAAA;AAAA,QACR,KAAO,EAAA,mBAAA;AAAA,QACP,SAAW,EAAA,mBAAA;AAAA,OACb;AAAA,MACA,OAAA,EAAS,CAAC,EAAE,MAAA,EAAQ,QAAQ,KAAO,EAAA,SAAA,OACjC,OAAQ,CAAA,KAAA;AAAA,QACN,OAAA,CAAQ,UAAU,MAAM,CAAA;AAAA,QACxB,OAAA,CAAQ,UAAU,MAAM,CAAA;AAAA,QACxB,OAAA,CAAQ,SAAS,KAAK,CAAA;AAAA,QACtB,OAAA,CAAQ,aAAa,SAAS,CAAA;AAAA,OAChC;AAAA,KACH,CAAA,CAAA;AAAA,GACH;AAAA;AAAA;AAAA;AAAA,EAKA,OAAO,UACL,CAAA,OAAA,EACA,OAOS,EAAA;AACT,IAAA,OAAO,IAAI,OAAQ,CAAA,SAAA,EAAW,SAAS,OAAQ,CAAA,IAAA,EAAM,QAAQ,YAAY,CAAA,CAAA;AAAA,GAC3E;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAeA,OAAO,SACL,CAAA,aAAA,EACA,OAGS,EAAA;AACT,IAAM,MAAA,IAAA,GAAO,SAAS,IAAQ,IAAA,YAAA,CAAA;AAC9B,IAAA,OAAO,IAAI,OAAA,CAAQ,QAAU,EAAA,aAAA,EAAe,IAAM,EAAA;AAAA,MAChD,OAAS,EAAA,CAAC,MAAQ,EAAA,UAAA,EAAY,WAAW,CAAA;AAAA,MACzC,SAAA,EAAW,CAAC,MAAM,CAAA;AAAA,KACnB,CAAA,CAAA;AAAA,GACH;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAeA,OAAO,SACL,CAAA,aAAA,EACA,OAGS,EAAA;AACT,IAAM,MAAA,IAAA,GAAO,SAAS,IAAQ,IAAA,YAAA,CAAA;AAC9B,IAAA,OAAO,IAAI,OAAA,CAAQ,QAAU,EAAA,aAAA,EAAe,IAAM,EAAA;AAAA,MAChD,OAAS,EAAA,CAAC,WAAa,EAAA,UAAA,EAAY,iBAAiB,CAAA;AAAA,MACpD,SAAA,EAAW,CAAC,kBAAkB,CAAA;AAAA,KAC/B,CAAA,CAAA;AAAA,GACH;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAeA,OAAO,QACL,CAAA,gBAAA,EACA,OAGS,EAAA;AACT,IAAM,MAAA,IAAA,GAAO,SAAS,IAAQ,IAAA,eAAA,CAAA;AAC9B,IAAA,OAAO,IAAI,OAAA,CAAQ,OAAS,EAAA,gBAAA,EAAkB,IAAM,EAAA;AAAA,MAClD,OAAS,EAAA;AAAA,QACP,gDAAA;AAAA,QACA,+CAAA;AAAA,QACA,gDAAA;AAAA,QACA,kDAAA;AAAA,QACA,kDAAA;AAAA,OACF;AAAA,MACA,SAAA,EAAW,CAAC,sDAAsD,CAAA;AAAA,KACnE,CAAA,CAAA;AAAA,GACH;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAeA,OAAO,YACL,CAAA,gBAAA,EACA,OAGS,EAAA;AACT,IAAM,MAAA,IAAA,GAAO,SAAS,IAAQ,IAAA,eAAA,CAAA;AAC9B,IAAA,OAAO,IAAI,OAAA,CAAQ,WAAa,EAAA,gBAAA,EAAkB,IAAM,EAAA;AAAA,MACtD,SAAS,CAAC,SAAA,EAAW,MAAQ,EAAA,aAAA,EAAe,WAAW,OAAO,CAAA;AAAA,MAC9D,SAAW,EAAA,CAAC,mBAAqB,EAAA,eAAA,EAAiB,aAAa,CAAA;AAAA,KAChE,CAAA,CAAA;AAAA,GACH;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,OAAO,SAAS,SAAkC,EAAA;AAChD,IAAO,OAAA,IAAI,WAAW,SAAS,CAAA,CAAA;AAAA,GACjC;AAAA,EAEA,IAAA,CAAA;AAAA,EACA,KAAA,CAAA;AAAA,EACA,aAAA,CAAA;AAAA,EACA,aAAA,CAAA;AAAA,EAEQ,WACN,CAAA,YAAA,EACA,GACA,EAAA,IAAA,EACA,YACA,EAAA;AACA,IAAA,IAAA,CAAK,IAAO,GAAA,GAAA,CAAA;AACZ,IAAA,IAAA,CAAK,KAAQ,GAAA,IAAA,CAAA;AACb,IAAA,IAAA,CAAK,aAAgB,GAAA,YAAA,CAAA;AACrB,IAAA,IAAA,CAAK,aAAgB,GAAA,YAAA,CAAA;AAAA,GACvB;AAAA;AAAA;AAAA;AAAA,EAKA,eAAe,GAAmB,EAAA;AAChC,IAAO,OAAA,GAAA,CAAI,SAAS,IAAK,CAAA,KAAA,CAAA;AAAA,GAC3B;AAAA,EAEQ,+BACN,gBACU,EAAA;AACV,IAAA,IAAI,CAAC,gBAAA,EAAkB,YAAgB,IAAA,IAAA,CAAK,kBAAkB,SAAW,EAAA;AACvE,MAAA,OAAO,EAAC,CAAA;AAAA,KACV;AAEA,IAAA,OAAO,gBAAiB,CAAA,YAAA,GAAe,IAAK,CAAA,aAAa,KAAK,EAAC,CAAA;AAAA,GACjE;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,eACJ,OAC+B,EAAA;AAC/B,IAAA,MAAM,EAAE,GAAA,EAAK,eAAiB,EAAA,GAAG,aAAgB,GAAA,OAAA,CAAA;AAEjD,IAAA,MAAM,MAAS,GAAA,IAAA,CAAK,aAAc,CAAA,OAAA,CAAQ,KAAM,EAAA,CAAA;AAChD,IAAA,IAAI,iBAAiB,SAAW,EAAA;AAC9B,MAAA,MAAA,CAAO,IAAK,CAAA,GAAG,IAAK,CAAA,aAAA,CAAc,SAAS,CAAA,CAAA;AAAA,KAC7C;AAEA,IAAM,MAAA,gBAAA,GACJ,IAAK,CAAA,8BAAA,CAA+B,eAAe,CAAA,CAAA;AAErD,IAAA,IAAI,iBAAiB,MAAQ,EAAA;AAC3B,MAAO,MAAA,CAAA,IAAA,CAAK,GAAG,gBAAgB,CAAA,CAAA;AAAA,KACjC;AAEA,IAAA,MAAM,eAAe,CAAC,GAAG,IAAI,GAAA,CAAI,MAAM,CAAC,CAAA,CAAA;AAExC,IAAA,MAAM,QAAQ,MAAM,IAAA,CAAK,IAAK,CAAA,cAAA,CAAe,cAAc,WAAW,CAAA,CAAA;AAEtE,IAAO,OAAA;AAAA,MACL,KAAA;AAAA,MACA,OAAS,EAAA;AAAA,QACP,aAAA,EAAe,UAAU,KAAK,CAAA,CAAA;AAAA,OAChC;AAAA,KACF,CAAA;AAAA,GACF;AACF;;;;"}

package/dist/index.d.ts

@@ -150,7 +150,7 @@ declare class ScmAuth implements ScmAuthApi {
      *
      * If the additional `repoWrite` permission is requested, these scopes are added:
      *
-     * `write_repository api`
+     * `write_repository`
      */
     static forGitlab(gitlabAuthApi: OAuthApi, options?: {
         host?: string;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@backstage/integration-react",
-  "version": "1.1.30",
+  "version": "1.1.31-next.0",
   "description": "Frontend package for managing integrations towards external systems",
   "backstage": {
     "role": "web-library"
@@ -34,17 +34,17 @@
   },
   "dependencies": {
     "@backstage/config": "^1.2.0",
-    "@backstage/core-plugin-api": "^1.9.3",
-    "@backstage/integration": "^1.14.0",
+    "@backstage/core-plugin-api": "^1.9.4-next.0",
+    "@backstage/integration": "^1.15.0-next.0",
     "@material-ui/core": "^4.12.2",
     "@material-ui/icons": "^4.9.1",
     "@types/react": "^16.13.1 || ^17.0.0"
   },
   "devDependencies": {
-    "@backstage/cli": "^0.27.0",
-    "@backstage/core-components": "^0.14.10",
-    "@backstage/dev-utils": "^1.0.37",
-    "@backstage/test-utils": "^1.5.10",
+    "@backstage/cli": "^0.27.1-next.2",
+    "@backstage/core-components": "^0.14.11-next.1",
+    "@backstage/dev-utils": "^1.1.0-next.2",
+    "@backstage/test-utils": "^1.6.0-next.1",
     "@testing-library/dom": "^10.0.0",
     "@testing-library/jest-dom": "^6.0.0",
     "msw": "^1.0.0"