@backstage/plugin-app 0.4.3-next.1 → 0.4.3-next.2

package/CHANGELOG.md

@@ -1,5 +1,20 @@
 # @backstage/plugin-app
 
+## 0.4.3-next.2
+
+### Patch Changes
+
+- 9244b70: The default auth implementation now checks for a `logoutUrl` in the logout response body. If the auth provider returns one (e.g. Auth0 federated logout), the browser is redirected to that URL to clear the provider's session cookies. This is backward compatible — providers that return an empty response are unaffected.
+- Updated dependencies
+  - @backstage/ui@0.14.0-next.2
+  - @backstage/theme@0.7.3-next.0
+  - @backstage/core-components@0.18.9-next.1
+  - @backstage/core-plugin-api@1.12.5-next.2
+  - @backstage/filter-predicates@0.1.2-next.0
+  - @backstage/frontend-plugin-api@0.16.0-next.2
+  - @backstage/integration-react@1.2.17-next.1
+  - @backstage/plugin-permission-react@0.4.42-next.1
+
 ## 0.4.3-next.1
 
 ### Patch Changes

package/dist/packages/core-app-api/src/lib/AuthConnector/DefaultAuthConnector.esm.js

@@ -103,6 +103,22 @@ class DefaultAuthConnector {
       error.status = res.status;
       throw error;
     }
+    try {
+      const contentType = res.headers.get("content-type");
+      if (contentType?.includes("application/json")) {
+        const body = await res.json();
+        if (body.logoutUrl) {
+          const url = new URL(body.logoutUrl);
+          if (url.protocol === "https:" || url.hostname === "localhost") {
+            window.location.href = body.logoutUrl;
+            return new Promise(() => {
+            });
+          }
+        }
+      }
+    } catch {
+    }
+    return void 0;
   }
   async showPopup(scopes) {
     const scope = this.joinScopesFunc(scopes);

package/dist/packages/core-app-api/src/lib/AuthConnector/DefaultAuthConnector.esm.js.map

@@ -1 +1 @@
-{"version":3,"file":"DefaultAuthConnector.esm.js","sources":["../../../../../../../../packages/core-app-api/src/lib/AuthConnector/DefaultAuthConnector.ts"],"sourcesContent":["/*\n * Copyright 2020 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n *     http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\nimport {\n  AuthProviderInfo,\n  ConfigApi,\n  DiscoveryApi,\n  OAuthRequestApi,\n  OAuthRequester,\n} from '@backstage/core-plugin-api';\nimport { openLoginPopup } from '../loginPopup';\nimport {\n  AuthConnector,\n  AuthConnectorCreateSessionOptions,\n  PopupOptions,\n  AuthConnectorRefreshSessionOptions,\n} from './types';\n\nlet warned = false;\n\ntype Options<AuthSession> = {\n  /**\n   * DiscoveryApi instance used to locate the auth backend endpoint.\n   */\n  discoveryApi: DiscoveryApi;\n  /**\n   * Environment hint passed on to auth backend, for example 'production' or 'development'\n   */\n  environment: string;\n  /**\n   * Information about the auth provider to be shown to the user.\n   * The ID Must match the backend auth plugin configuration, for example 'google'.\n   */\n  provider: AuthProviderInfo;\n  /**\n   * API used to instantiate an auth requester.\n   */\n  oauthRequestApi: OAuthRequestApi;\n  /**\n   * Function used to join together a set of scopes, defaults to joining with a space character.\n   */\n  joinScopes?: (scopes: Set<string>) => string;\n  /**\n   * Function used to transform an auth response into the session type.\n   */\n  sessionTransform?(response: any): AuthSession | Promise<AuthSession>;\n  /**\n   * ConfigApi instance used to configure authentication flow of pop-up or redirect.\n   */\n  configApi?: ConfigApi;\n  /**\n   * Options used to configure auth popup\n   */\n  popupOptions?: PopupOptions;\n};\n\nfunction defaultJoinScopes(scopes: Set<string>) {\n  return [...scopes].join(' ');\n}\n\n/**\n * DefaultAuthConnector is the default auth connector in Backstage. It talks to the\n * backend auth plugin through the standardized API, and requests user permission\n * via the OAuthRequestApi.\n */\nexport class DefaultAuthConnector<AuthSession>\n  implements AuthConnector<AuthSession>\n{\n  private readonly discoveryApi: DiscoveryApi;\n  private readonly environment: string;\n  private readonly provider: AuthProviderInfo;\n  private readonly joinScopesFunc: (scopes: Set<string>) => string;\n  private readonly authRequester: OAuthRequester<AuthSession>;\n  private readonly sessionTransform: (response: any) => Promise<AuthSession>;\n  private readonly enableExperimentalRedirectFlow: boolean;\n  private readonly popupOptions: PopupOptions | undefined;\n  constructor(options: Options<AuthSession>) {\n    const {\n      configApi,\n      discoveryApi,\n      environment,\n      provider,\n      joinScopes = defaultJoinScopes,\n      oauthRequestApi,\n      sessionTransform = id => id,\n      popupOptions,\n    } = options;\n\n    if (!warned && !configApi) {\n      // eslint-disable-next-line no-console\n      console.warn(\n        'DEPRECATION WARNING: Authentication providers require a configApi instance to configure the authentication flow. Please provide one to the authentication provider constructor.',\n      );\n      warned = true;\n    }\n\n    this.enableExperimentalRedirectFlow = configApi\n      ? configApi.getOptionalBoolean('enableExperimentalRedirectFlow') ?? false\n      : false;\n\n    this.authRequester = oauthRequestApi.createAuthRequester({\n      provider,\n      onAuthRequest: async scopes => {\n        if (!this.enableExperimentalRedirectFlow) {\n          return this.showPopup(scopes);\n        }\n        return this.executeRedirect(scopes);\n      },\n    });\n\n    this.discoveryApi = discoveryApi;\n    this.environment = environment;\n    this.provider = provider;\n    this.joinScopesFunc = joinScopes;\n    this.sessionTransform = sessionTransform;\n    this.popupOptions = popupOptions;\n  }\n\n  async createSession(\n    options: AuthConnectorCreateSessionOptions,\n  ): Promise<AuthSession> {\n    if (options.instantPopup) {\n      if (this.enableExperimentalRedirectFlow) {\n        return this.executeRedirect(options.scopes);\n      }\n      return this.showPopup(options.scopes);\n    }\n    return this.authRequester(options.scopes);\n  }\n\n  async refreshSession(\n    options?: AuthConnectorRefreshSessionOptions,\n  ): Promise<any> {\n    const res = await fetch(\n      await this.buildUrl('/refresh', {\n        optional: true,\n        ...(options && { scope: this.joinScopesFunc(options.scopes) }),\n      }),\n      {\n        headers: {\n          'x-requested-with': 'XMLHttpRequest',\n        },\n        credentials: 'include',\n      },\n    ).catch(error => {\n      throw new Error(`Auth refresh request failed, ${error}`);\n    });\n\n    if (!res.ok) {\n      const error: any = new Error(\n        `Auth refresh request failed, ${res.statusText}`,\n      );\n      error.status = res.status;\n      throw error;\n    }\n\n    const authInfo = await res.json();\n\n    if (authInfo.error) {\n      const error = new Error(authInfo.error.message);\n      if (authInfo.error.name) {\n        error.name = authInfo.error.name;\n      }\n      throw error;\n    }\n    return await this.sessionTransform(authInfo);\n  }\n\n  async removeSession(): Promise<void> {\n    const res = await fetch(await this.buildUrl('/logout'), {\n      method: 'POST',\n      headers: {\n        'x-requested-with': 'XMLHttpRequest',\n      },\n      credentials: 'include',\n    }).catch(error => {\n      throw new Error(`Logout request failed, ${error}`);\n    });\n\n    if (!res.ok) {\n      const error: any = new Error(`Logout request failed, ${res.statusText}`);\n      error.status = res.status;\n      throw error;\n    }\n  }\n\n  private async showPopup(scopes: Set<string>): Promise<AuthSession> {\n    const scope = this.joinScopesFunc(scopes);\n    const popupUrl = await this.buildUrl('/start', {\n      scope,\n      origin: window.location.origin,\n      flow: 'popup',\n    });\n\n    const width = this.popupOptions?.size?.fullscreen\n      ? window.screen.width\n      : this.popupOptions?.size?.width || 450;\n\n    const height = this.popupOptions?.size?.fullscreen\n      ? window.screen.height\n      : this.popupOptions?.size?.height || 730;\n\n    const payload = await openLoginPopup({\n      url: popupUrl,\n      name: `${this.provider.title} Login`,\n      width,\n      height,\n    });\n\n    return await this.sessionTransform(payload);\n  }\n\n  private async executeRedirect(scopes: Set<string>): Promise<AuthSession> {\n    const scope = this.joinScopesFunc(scopes);\n    // redirect to auth api\n    window.location.href = await this.buildUrl('/start', {\n      scope,\n      origin: window.location.origin,\n      redirectUrl: window.location.href,\n      flow: 'redirect',\n    });\n    // return a promise that never resolves\n    return new Promise(() => {});\n  }\n\n  private async buildUrl(\n    path: string,\n    query?: { [key: string]: string | boolean | undefined },\n  ): Promise<string> {\n    const baseUrl = await this.discoveryApi.getBaseUrl('auth');\n    const queryString = this.buildQueryString({\n      ...query,\n      env: this.environment,\n    });\n\n    return `${baseUrl}/${this.provider.id}${path}${queryString}`;\n  }\n\n  private buildQueryString(query?: {\n    [key: string]: string | boolean | undefined;\n  }): string {\n    if (!query) {\n      return '';\n    }\n\n    const queryString = Object.entries<string | boolean | undefined>(query)\n      .map(([key, value]) => {\n        if (typeof value === 'string') {\n          return `${encodeURIComponent(key)}=${encodeURIComponent(value)}`;\n        } else if (value) {\n          return encodeURIComponent(key);\n        }\n        return undefined;\n      })\n      .filter(Boolean)\n      .join('&');\n\n    if (!queryString) {\n      return '';\n    }\n    return `?${queryString}`;\n  }\n}\n"],"names":[],"mappings":";;AA8BA,IAAI,MAAA,GAAS,KAAA;AAsCb,SAAS,kBAAkB,MAAA,EAAqB;AAC9C,EAAA,OAAO,CAAC,GAAG,MAAM,CAAA,CAAE,KAAK,GAAG,CAAA;AAC7B;AAOO,MAAM,oBAAA,CAEb;AAAA,EACmB,YAAA;AAAA,EACA,WAAA;AAAA,EACA,QAAA;AAAA,EACA,cAAA;AAAA,EACA,aAAA;AAAA,EACA,gBAAA;AAAA,EACA,8BAAA;AAAA,EACA,YAAA;AAAA,EACjB,YAAY,OAAA,EAA+B;AACzC,IAAA,MAAM;AAAA,MACJ,SAAA;AAAA,MACA,YAAA;AAAA,MACA,WAAA;AAAA,MACA,QAAA;AAAA,MACA,UAAA,GAAa,iBAAA;AAAA,MACb,eAAA;AAAA,MACA,mBAAmB,CAAA,EAAA,KAAM,EAAA;AAAA,MACzB;AAAA,KACF,GAAI,OAAA;AAEJ,IAAA,IAAI,CAAC,MAAA,IAAU,CAAC,SAAA,EAAW;AAEzB,MAAA,OAAA,CAAQ,IAAA;AAAA,QACN;AAAA,OACF;AACA,MAAA,MAAA,GAAS,IAAA;AAAA,IACX;AAEA,IAAA,IAAA,CAAK,iCAAiC,SAAA,GAClC,SAAA,CAAU,kBAAA,CAAmB,gCAAgC,KAAK,KAAA,GAClE,KAAA;AAEJ,IAAA,IAAA,CAAK,aAAA,GAAgB,gBAAgB,mBAAA,CAAoB;AAAA,MACvD,QAAA;AAAA,MACA,aAAA,EAAe,OAAM,MAAA,KAAU;AAC7B,QAAA,IAAI,CAAC,KAAK,8BAAA,EAAgC;AACxC,UAAA,OAAO,IAAA,CAAK,UAAU,MAAM,CAAA;AAAA,QAC9B;AACA,QAAA,OAAO,IAAA,CAAK,gBAAgB,MAAM,CAAA;AAAA,MACpC;AAAA,KACD,CAAA;AAED,IAAA,IAAA,CAAK,YAAA,GAAe,YAAA;AACpB,IAAA,IAAA,CAAK,WAAA,GAAc,WAAA;AACnB,IAAA,IAAA,CAAK,QAAA,GAAW,QAAA;AAChB,IAAA,IAAA,CAAK,cAAA,GAAiB,UAAA;AACtB,IAAA,IAAA,CAAK,gBAAA,GAAmB,gBAAA;AACxB,IAAA,IAAA,CAAK,YAAA,GAAe,YAAA;AAAA,EACtB;AAAA,EAEA,MAAM,cACJ,OAAA,EACsB;AACtB,IAAA,IAAI,QAAQ,YAAA,EAAc;AACxB,MAAA,IAAI,KAAK,8BAAA,EAAgC;AACvC,QAAA,OAAO,IAAA,CAAK,eAAA,CAAgB,OAAA,CAAQ,MAAM,CAAA;AAAA,MAC5C;AACA,MAAA,OAAO,IAAA,CAAK,SAAA,CAAU,OAAA,CAAQ,MAAM,CAAA;AAAA,IACtC;AACA,IAAA,OAAO,IAAA,CAAK,aAAA,CAAc,OAAA,CAAQ,MAAM,CAAA;AAAA,EAC1C;AAAA,EAEA,MAAM,eACJ,OAAA,EACc;AACd,IAAA,MAAM,MAAM,MAAM,KAAA;AAAA,MAChB,MAAM,IAAA,CAAK,QAAA,CAAS,UAAA,EAAY;AAAA,QAC9B,QAAA,EAAU,IAAA;AAAA,QACV,GAAI,WAAW,EAAE,KAAA,EAAO,KAAK,cAAA,CAAe,OAAA,CAAQ,MAAM,CAAA;AAAE,OAC7D,CAAA;AAAA,MACD;AAAA,QACE,OAAA,EAAS;AAAA,UACP,kBAAA,EAAoB;AAAA,SACtB;AAAA,QACA,WAAA,EAAa;AAAA;AACf,KACF,CAAE,MAAM,CAAA,KAAA,KAAS;AACf,MAAA,MAAM,IAAI,KAAA,CAAM,CAAA,6BAAA,EAAgC,KAAK,CAAA,CAAE,CAAA;AAAA,IACzD,CAAC,CAAA;AAED,IAAA,IAAI,CAAC,IAAI,EAAA,EAAI;AACX,MAAA,MAAM,QAAa,IAAI,KAAA;AAAA,QACrB,CAAA,6BAAA,EAAgC,IAAI,UAAU,CAAA;AAAA,OAChD;AACA,MAAA,KAAA,CAAM,SAAS,GAAA,CAAI,MAAA;AACnB,MAAA,MAAM,KAAA;AAAA,IACR;AAEA,IAAA,MAAM,QAAA,GAAW,MAAM,GAAA,CAAI,IAAA,EAAK;AAEhC,IAAA,IAAI,SAAS,KAAA,EAAO;AAClB,MAAA,MAAM,KAAA,GAAQ,IAAI,KAAA,CAAM,QAAA,CAAS,MAAM,OAAO,CAAA;AAC9C,MAAA,IAAI,QAAA,CAAS,MAAM,IAAA,EAAM;AACvB,QAAA,KAAA,CAAM,IAAA,GAAO,SAAS,KAAA,CAAM,IAAA;AAAA,MAC9B;AACA,MAAA,MAAM,KAAA;AAAA,IACR;AACA,IAAA,OAAO,MAAM,IAAA,CAAK,gBAAA,CAAiB,QAAQ,CAAA;AAAA,EAC7C;AAAA,EAEA,MAAM,aAAA,GAA+B;AACnC,IAAA,MAAM,MAAM,MAAM,KAAA,CAAM,MAAM,IAAA,CAAK,QAAA,CAAS,SAAS,CAAA,EAAG;AAAA,MACtD,MAAA,EAAQ,MAAA;AAAA,MACR,OAAA,EAAS;AAAA,QACP,kBAAA,EAAoB;AAAA,OACtB;AAAA,MACA,WAAA,EAAa;AAAA,KACd,CAAA,CAAE,KAAA,CAAM,CAAA,KAAA,KAAS;AAChB,MAAA,MAAM,IAAI,KAAA,CAAM,CAAA,uBAAA,EAA0B,KAAK,CAAA,CAAE,CAAA;AAAA,IACnD,CAAC,CAAA;AAED,IAAA,IAAI,CAAC,IAAI,EAAA,EAAI;AACX,MAAA,MAAM,QAAa,IAAI,KAAA,CAAM,CAAA,uBAAA,EAA0B,GAAA,CAAI,UAAU,CAAA,CAAE,CAAA;AACvE,MAAA,KAAA,CAAM,SAAS,GAAA,CAAI,MAAA;AACnB,MAAA,MAAM,KAAA;AAAA,IACR;AAAA,EACF;AAAA,EAEA,MAAc,UAAU,MAAA,EAA2C;AACjE,IAAA,MAAM,KAAA,GAAQ,IAAA,CAAK,cAAA,CAAe,MAAM,CAAA;AACxC,IAAA,MAAM,QAAA,GAAW,MAAM,IAAA,CAAK,QAAA,CAAS,QAAA,EAAU;AAAA,MAC7C,KAAA;AAAA,MACA,MAAA,EAAQ,OAAO,QAAA,CAAS,MAAA;AAAA,MACxB,IAAA,EAAM;AAAA,KACP,CAAA;AAED,IAAA,MAAM,KAAA,GAAQ,IAAA,CAAK,YAAA,EAAc,IAAA,EAAM,UAAA,GACnC,MAAA,CAAO,MAAA,CAAO,KAAA,GACd,IAAA,CAAK,YAAA,EAAc,IAAA,EAAM,KAAA,IAAS,GAAA;AAEtC,IAAA,MAAM,MAAA,GAAS,IAAA,CAAK,YAAA,EAAc,IAAA,EAAM,UAAA,GACpC,MAAA,CAAO,MAAA,CAAO,MAAA,GACd,IAAA,CAAK,YAAA,EAAc,IAAA,EAAM,MAAA,IAAU,GAAA;AAEvC,IAAA,MAAM,OAAA,GAAU,MAAM,cAAA,CAAe;AAAA,MACnC,GAAA,EAAK,QAAA;AAAA,MACL,IAAA,EAAM,CAAA,EAAG,IAAA,CAAK,QAAA,CAAS,KAAK,CAAA,MAAA,CAAA;AAAA,MAC5B,KAAA;AAAA,MACA;AAAA,KACD,CAAA;AAED,IAAA,OAAO,MAAM,IAAA,CAAK,gBAAA,CAAiB,OAAO,CAAA;AAAA,EAC5C;AAAA,EAEA,MAAc,gBAAgB,MAAA,EAA2C;AACvE,IAAA,MAAM,KAAA,GAAQ,IAAA,CAAK,cAAA,CAAe,MAAM,CAAA;AAExC,IAAA,MAAA,CAAO,QAAA,CAAS,IAAA,GAAO,MAAM,IAAA,CAAK,SAAS,QAAA,EAAU;AAAA,MACnD,KAAA;AAAA,MACA,MAAA,EAAQ,OAAO,QAAA,CAAS,MAAA;AAAA,MACxB,WAAA,EAAa,OAAO,QAAA,CAAS,IAAA;AAAA,MAC7B,IAAA,EAAM;AAAA,KACP,CAAA;AAED,IAAA,OAAO,IAAI,QAAQ,MAAM;AAAA,IAAC,CAAC,CAAA;AAAA,EAC7B;AAAA,EAEA,MAAc,QAAA,CACZ,IAAA,EACA,KAAA,EACiB;AACjB,IAAA,MAAM,OAAA,GAAU,MAAM,IAAA,CAAK,YAAA,CAAa,WAAW,MAAM,CAAA;AACzD,IAAA,MAAM,WAAA,GAAc,KAAK,gBAAA,CAAiB;AAAA,MACxC,GAAG,KAAA;AAAA,MACH,KAAK,IAAA,CAAK;AAAA,KACX,CAAA;AAED,IAAA,OAAO,CAAA,EAAG,OAAO,CAAA,CAAA,EAAI,IAAA,CAAK,SAAS,EAAE,CAAA,EAAG,IAAI,CAAA,EAAG,WAAW,CAAA,CAAA;AAAA,EAC5D;AAAA,EAEQ,iBAAiB,KAAA,EAEd;AACT,IAAA,IAAI,CAAC,KAAA,EAAO;AACV,MAAA,OAAO,EAAA;AAAA,IACT;AAEA,IAAA,MAAM,WAAA,GAAc,MAAA,CAAO,OAAA,CAAsC,KAAK,CAAA,CACnE,IAAI,CAAC,CAAC,GAAA,EAAK,KAAK,CAAA,KAAM;AACrB,MAAA,IAAI,OAAO,UAAU,QAAA,EAAU;AAC7B,QAAA,OAAO,GAAG,kBAAA,CAAmB,GAAG,CAAC,CAAA,CAAA,EAAI,kBAAA,CAAmB,KAAK,CAAC,CAAA,CAAA;AAAA,MAChE,WAAW,KAAA,EAAO;AAChB,QAAA,OAAO,mBAAmB,GAAG,CAAA;AAAA,MAC/B;AACA,MAAA,OAAO,MAAA;AAAA,IACT,CAAC,CAAA,CACA,MAAA,CAAO,OAAO,CAAA,CACd,KAAK,GAAG,CAAA;AAEX,IAAA,IAAI,CAAC,WAAA,EAAa;AAChB,MAAA,OAAO,EAAA;AAAA,IACT;AACA,IAAA,OAAO,IAAI,WAAW,CAAA,CAAA;AAAA,EACxB;AACF;;;;"}
+{"version":3,"file":"DefaultAuthConnector.esm.js","sources":["../../../../../../../../packages/core-app-api/src/lib/AuthConnector/DefaultAuthConnector.ts"],"sourcesContent":["/*\n * Copyright 2020 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n *     http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\nimport {\n  AuthProviderInfo,\n  ConfigApi,\n  DiscoveryApi,\n  OAuthRequestApi,\n  OAuthRequester,\n} from '@backstage/core-plugin-api';\nimport { openLoginPopup } from '../loginPopup';\nimport {\n  AuthConnector,\n  AuthConnectorCreateSessionOptions,\n  PopupOptions,\n  AuthConnectorRefreshSessionOptions,\n} from './types';\n\nlet warned = false;\n\ntype Options<AuthSession> = {\n  /**\n   * DiscoveryApi instance used to locate the auth backend endpoint.\n   */\n  discoveryApi: DiscoveryApi;\n  /**\n   * Environment hint passed on to auth backend, for example 'production' or 'development'\n   */\n  environment: string;\n  /**\n   * Information about the auth provider to be shown to the user.\n   * The ID Must match the backend auth plugin configuration, for example 'google'.\n   */\n  provider: AuthProviderInfo;\n  /**\n   * API used to instantiate an auth requester.\n   */\n  oauthRequestApi: OAuthRequestApi;\n  /**\n   * Function used to join together a set of scopes, defaults to joining with a space character.\n   */\n  joinScopes?: (scopes: Set<string>) => string;\n  /**\n   * Function used to transform an auth response into the session type.\n   */\n  sessionTransform?(response: any): AuthSession | Promise<AuthSession>;\n  /**\n   * ConfigApi instance used to configure authentication flow of pop-up or redirect.\n   */\n  configApi?: ConfigApi;\n  /**\n   * Options used to configure auth popup\n   */\n  popupOptions?: PopupOptions;\n};\n\nfunction defaultJoinScopes(scopes: Set<string>) {\n  return [...scopes].join(' ');\n}\n\n/**\n * DefaultAuthConnector is the default auth connector in Backstage. It talks to the\n * backend auth plugin through the standardized API, and requests user permission\n * via the OAuthRequestApi.\n */\nexport class DefaultAuthConnector<AuthSession>\n  implements AuthConnector<AuthSession>\n{\n  private readonly discoveryApi: DiscoveryApi;\n  private readonly environment: string;\n  private readonly provider: AuthProviderInfo;\n  private readonly joinScopesFunc: (scopes: Set<string>) => string;\n  private readonly authRequester: OAuthRequester<AuthSession>;\n  private readonly sessionTransform: (response: any) => Promise<AuthSession>;\n  private readonly enableExperimentalRedirectFlow: boolean;\n  private readonly popupOptions: PopupOptions | undefined;\n  constructor(options: Options<AuthSession>) {\n    const {\n      configApi,\n      discoveryApi,\n      environment,\n      provider,\n      joinScopes = defaultJoinScopes,\n      oauthRequestApi,\n      sessionTransform = id => id,\n      popupOptions,\n    } = options;\n\n    if (!warned && !configApi) {\n      // eslint-disable-next-line no-console\n      console.warn(\n        'DEPRECATION WARNING: Authentication providers require a configApi instance to configure the authentication flow. Please provide one to the authentication provider constructor.',\n      );\n      warned = true;\n    }\n\n    this.enableExperimentalRedirectFlow = configApi\n      ? configApi.getOptionalBoolean('enableExperimentalRedirectFlow') ?? false\n      : false;\n\n    this.authRequester = oauthRequestApi.createAuthRequester({\n      provider,\n      onAuthRequest: async scopes => {\n        if (!this.enableExperimentalRedirectFlow) {\n          return this.showPopup(scopes);\n        }\n        return this.executeRedirect(scopes);\n      },\n    });\n\n    this.discoveryApi = discoveryApi;\n    this.environment = environment;\n    this.provider = provider;\n    this.joinScopesFunc = joinScopes;\n    this.sessionTransform = sessionTransform;\n    this.popupOptions = popupOptions;\n  }\n\n  async createSession(\n    options: AuthConnectorCreateSessionOptions,\n  ): Promise<AuthSession> {\n    if (options.instantPopup) {\n      if (this.enableExperimentalRedirectFlow) {\n        return this.executeRedirect(options.scopes);\n      }\n      return this.showPopup(options.scopes);\n    }\n    return this.authRequester(options.scopes);\n  }\n\n  async refreshSession(\n    options?: AuthConnectorRefreshSessionOptions,\n  ): Promise<any> {\n    const res = await fetch(\n      await this.buildUrl('/refresh', {\n        optional: true,\n        ...(options && { scope: this.joinScopesFunc(options.scopes) }),\n      }),\n      {\n        headers: {\n          'x-requested-with': 'XMLHttpRequest',\n        },\n        credentials: 'include',\n      },\n    ).catch(error => {\n      throw new Error(`Auth refresh request failed, ${error}`);\n    });\n\n    if (!res.ok) {\n      const error: any = new Error(\n        `Auth refresh request failed, ${res.statusText}`,\n      );\n      error.status = res.status;\n      throw error;\n    }\n\n    const authInfo = await res.json();\n\n    if (authInfo.error) {\n      const error = new Error(authInfo.error.message);\n      if (authInfo.error.name) {\n        error.name = authInfo.error.name;\n      }\n      throw error;\n    }\n    return await this.sessionTransform(authInfo);\n  }\n\n  async removeSession(): Promise<void> {\n    const res = await fetch(await this.buildUrl('/logout'), {\n      method: 'POST',\n      headers: {\n        'x-requested-with': 'XMLHttpRequest',\n      },\n      credentials: 'include',\n    }).catch(error => {\n      throw new Error(`Logout request failed, ${error}`);\n    });\n\n    if (!res.ok) {\n      const error: any = new Error(`Logout request failed, ${res.statusText}`);\n      error.status = res.status;\n      throw error;\n    }\n\n    // If the auth provider returned a logout URL (e.g. for Auth0 federated\n    // logout), redirect the browser to clear the provider's session cookies.\n    try {\n      const contentType = res.headers.get('content-type');\n      if (contentType?.includes('application/json')) {\n        const body = await res.json();\n        if (body.logoutUrl) {\n          const url = new URL(body.logoutUrl);\n          if (url.protocol === 'https:' || url.hostname === 'localhost') {\n            window.location.href = body.logoutUrl;\n            return new Promise(() => {});\n          }\n        }\n      }\n    } catch {\n      // Provider logout redirect is best-effort - the backend session\n      // (refresh token cookie and persisted scopes) is already cleared,\n      // so we degrade gracefully.\n    }\n\n    return undefined;\n  }\n\n  private async showPopup(scopes: Set<string>): Promise<AuthSession> {\n    const scope = this.joinScopesFunc(scopes);\n    const popupUrl = await this.buildUrl('/start', {\n      scope,\n      origin: window.location.origin,\n      flow: 'popup',\n    });\n\n    const width = this.popupOptions?.size?.fullscreen\n      ? window.screen.width\n      : this.popupOptions?.size?.width || 450;\n\n    const height = this.popupOptions?.size?.fullscreen\n      ? window.screen.height\n      : this.popupOptions?.size?.height || 730;\n\n    const payload = await openLoginPopup({\n      url: popupUrl,\n      name: `${this.provider.title} Login`,\n      width,\n      height,\n    });\n\n    return await this.sessionTransform(payload);\n  }\n\n  private async executeRedirect(scopes: Set<string>): Promise<AuthSession> {\n    const scope = this.joinScopesFunc(scopes);\n    // redirect to auth api\n    window.location.href = await this.buildUrl('/start', {\n      scope,\n      origin: window.location.origin,\n      redirectUrl: window.location.href,\n      flow: 'redirect',\n    });\n    // return a promise that never resolves\n    return new Promise(() => {});\n  }\n\n  private async buildUrl(\n    path: string,\n    query?: { [key: string]: string | boolean | undefined },\n  ): Promise<string> {\n    const baseUrl = await this.discoveryApi.getBaseUrl('auth');\n    const queryString = this.buildQueryString({\n      ...query,\n      env: this.environment,\n    });\n\n    return `${baseUrl}/${this.provider.id}${path}${queryString}`;\n  }\n\n  private buildQueryString(query?: {\n    [key: string]: string | boolean | undefined;\n  }): string {\n    if (!query) {\n      return '';\n    }\n\n    const queryString = Object.entries<string | boolean | undefined>(query)\n      .map(([key, value]) => {\n        if (typeof value === 'string') {\n          return `${encodeURIComponent(key)}=${encodeURIComponent(value)}`;\n        } else if (value) {\n          return encodeURIComponent(key);\n        }\n        return undefined;\n      })\n      .filter(Boolean)\n      .join('&');\n\n    if (!queryString) {\n      return '';\n    }\n    return `?${queryString}`;\n  }\n}\n"],"names":[],"mappings":";;AA8BA,IAAI,MAAA,GAAS,KAAA;AAsCb,SAAS,kBAAkB,MAAA,EAAqB;AAC9C,EAAA,OAAO,CAAC,GAAG,MAAM,CAAA,CAAE,KAAK,GAAG,CAAA;AAC7B;AAOO,MAAM,oBAAA,CAEb;AAAA,EACmB,YAAA;AAAA,EACA,WAAA;AAAA,EACA,QAAA;AAAA,EACA,cAAA;AAAA,EACA,aAAA;AAAA,EACA,gBAAA;AAAA,EACA,8BAAA;AAAA,EACA,YAAA;AAAA,EACjB,YAAY,OAAA,EAA+B;AACzC,IAAA,MAAM;AAAA,MACJ,SAAA;AAAA,MACA,YAAA;AAAA,MACA,WAAA;AAAA,MACA,QAAA;AAAA,MACA,UAAA,GAAa,iBAAA;AAAA,MACb,eAAA;AAAA,MACA,mBAAmB,CAAA,EAAA,KAAM,EAAA;AAAA,MACzB;AAAA,KACF,GAAI,OAAA;AAEJ,IAAA,IAAI,CAAC,MAAA,IAAU,CAAC,SAAA,EAAW;AAEzB,MAAA,OAAA,CAAQ,IAAA;AAAA,QACN;AAAA,OACF;AACA,MAAA,MAAA,GAAS,IAAA;AAAA,IACX;AAEA,IAAA,IAAA,CAAK,iCAAiC,SAAA,GAClC,SAAA,CAAU,kBAAA,CAAmB,gCAAgC,KAAK,KAAA,GAClE,KAAA;AAEJ,IAAA,IAAA,CAAK,aAAA,GAAgB,gBAAgB,mBAAA,CAAoB;AAAA,MACvD,QAAA;AAAA,MACA,aAAA,EAAe,OAAM,MAAA,KAAU;AAC7B,QAAA,IAAI,CAAC,KAAK,8BAAA,EAAgC;AACxC,UAAA,OAAO,IAAA,CAAK,UAAU,MAAM,CAAA;AAAA,QAC9B;AACA,QAAA,OAAO,IAAA,CAAK,gBAAgB,MAAM,CAAA;AAAA,MACpC;AAAA,KACD,CAAA;AAED,IAAA,IAAA,CAAK,YAAA,GAAe,YAAA;AACpB,IAAA,IAAA,CAAK,WAAA,GAAc,WAAA;AACnB,IAAA,IAAA,CAAK,QAAA,GAAW,QAAA;AAChB,IAAA,IAAA,CAAK,cAAA,GAAiB,UAAA;AACtB,IAAA,IAAA,CAAK,gBAAA,GAAmB,gBAAA;AACxB,IAAA,IAAA,CAAK,YAAA,GAAe,YAAA;AAAA,EACtB;AAAA,EAEA,MAAM,cACJ,OAAA,EACsB;AACtB,IAAA,IAAI,QAAQ,YAAA,EAAc;AACxB,MAAA,IAAI,KAAK,8BAAA,EAAgC;AACvC,QAAA,OAAO,IAAA,CAAK,eAAA,CAAgB,OAAA,CAAQ,MAAM,CAAA;AAAA,MAC5C;AACA,MAAA,OAAO,IAAA,CAAK,SAAA,CAAU,OAAA,CAAQ,MAAM,CAAA;AAAA,IACtC;AACA,IAAA,OAAO,IAAA,CAAK,aAAA,CAAc,OAAA,CAAQ,MAAM,CAAA;AAAA,EAC1C;AAAA,EAEA,MAAM,eACJ,OAAA,EACc;AACd,IAAA,MAAM,MAAM,MAAM,KAAA;AAAA,MAChB,MAAM,IAAA,CAAK,QAAA,CAAS,UAAA,EAAY;AAAA,QAC9B,QAAA,EAAU,IAAA;AAAA,QACV,GAAI,WAAW,EAAE,KAAA,EAAO,KAAK,cAAA,CAAe,OAAA,CAAQ,MAAM,CAAA;AAAE,OAC7D,CAAA;AAAA,MACD;AAAA,QACE,OAAA,EAAS;AAAA,UACP,kBAAA,EAAoB;AAAA,SACtB;AAAA,QACA,WAAA,EAAa;AAAA;AACf,KACF,CAAE,MAAM,CAAA,KAAA,KAAS;AACf,MAAA,MAAM,IAAI,KAAA,CAAM,CAAA,6BAAA,EAAgC,KAAK,CAAA,CAAE,CAAA;AAAA,IACzD,CAAC,CAAA;AAED,IAAA,IAAI,CAAC,IAAI,EAAA,EAAI;AACX,MAAA,MAAM,QAAa,IAAI,KAAA;AAAA,QACrB,CAAA,6BAAA,EAAgC,IAAI,UAAU,CAAA;AAAA,OAChD;AACA,MAAA,KAAA,CAAM,SAAS,GAAA,CAAI,MAAA;AACnB,MAAA,MAAM,KAAA;AAAA,IACR;AAEA,IAAA,MAAM,QAAA,GAAW,MAAM,GAAA,CAAI,IAAA,EAAK;AAEhC,IAAA,IAAI,SAAS,KAAA,EAAO;AAClB,MAAA,MAAM,KAAA,GAAQ,IAAI,KAAA,CAAM,QAAA,CAAS,MAAM,OAAO,CAAA;AAC9C,MAAA,IAAI,QAAA,CAAS,MAAM,IAAA,EAAM;AACvB,QAAA,KAAA,CAAM,IAAA,GAAO,SAAS,KAAA,CAAM,IAAA;AAAA,MAC9B;AACA,MAAA,MAAM,KAAA;AAAA,IACR;AACA,IAAA,OAAO,MAAM,IAAA,CAAK,gBAAA,CAAiB,QAAQ,CAAA;AAAA,EAC7C;AAAA,EAEA,MAAM,aAAA,GAA+B;AACnC,IAAA,MAAM,MAAM,MAAM,KAAA,CAAM,MAAM,IAAA,CAAK,QAAA,CAAS,SAAS,CAAA,EAAG;AAAA,MACtD,MAAA,EAAQ,MAAA;AAAA,MACR,OAAA,EAAS;AAAA,QACP,kBAAA,EAAoB;AAAA,OACtB;AAAA,MACA,WAAA,EAAa;AAAA,KACd,CAAA,CAAE,KAAA,CAAM,CAAA,KAAA,KAAS;AAChB,MAAA,MAAM,IAAI,KAAA,CAAM,CAAA,uBAAA,EAA0B,KAAK,CAAA,CAAE,CAAA;AAAA,IACnD,CAAC,CAAA;AAED,IAAA,IAAI,CAAC,IAAI,EAAA,EAAI;AACX,MAAA,MAAM,QAAa,IAAI,KAAA,CAAM,CAAA,uBAAA,EAA0B,GAAA,CAAI,UAAU,CAAA,CAAE,CAAA;AACvE,MAAA,KAAA,CAAM,SAAS,GAAA,CAAI,MAAA;AACnB,MAAA,MAAM,KAAA;AAAA,IACR;AAIA,IAAA,IAAI;AACF,MAAA,MAAM,WAAA,GAAc,GAAA,CAAI,OAAA,CAAQ,GAAA,CAAI,cAAc,CAAA;AAClD,MAAA,IAAI,WAAA,EAAa,QAAA,CAAS,kBAAkB,CAAA,EAAG;AAC7C,QAAA,MAAM,IAAA,GAAO,MAAM,GAAA,CAAI,IAAA,EAAK;AAC5B,QAAA,IAAI,KAAK,SAAA,EAAW;AAClB,UAAA,MAAM,GAAA,GAAM,IAAI,GAAA,CAAI,IAAA,CAAK,SAAS,CAAA;AAClC,UAAA,IAAI,GAAA,CAAI,QAAA,KAAa,QAAA,IAAY,GAAA,CAAI,aAAa,WAAA,EAAa;AAC7D,YAAA,MAAA,CAAO,QAAA,CAAS,OAAO,IAAA,CAAK,SAAA;AAC5B,YAAA,OAAO,IAAI,QAAQ,MAAM;AAAA,YAAC,CAAC,CAAA;AAAA,UAC7B;AAAA,QACF;AAAA,MACF;AAAA,IACF,CAAA,CAAA,MAAQ;AAAA,IAIR;AAEA,IAAA,OAAO,MAAA;AAAA,EACT;AAAA,EAEA,MAAc,UAAU,MAAA,EAA2C;AACjE,IAAA,MAAM,KAAA,GAAQ,IAAA,CAAK,cAAA,CAAe,MAAM,CAAA;AACxC,IAAA,MAAM,QAAA,GAAW,MAAM,IAAA,CAAK,QAAA,CAAS,QAAA,EAAU;AAAA,MAC7C,KAAA;AAAA,MACA,MAAA,EAAQ,OAAO,QAAA,CAAS,MAAA;AAAA,MACxB,IAAA,EAAM;AAAA,KACP,CAAA;AAED,IAAA,MAAM,KAAA,GAAQ,IAAA,CAAK,YAAA,EAAc,IAAA,EAAM,UAAA,GACnC,MAAA,CAAO,MAAA,CAAO,KAAA,GACd,IAAA,CAAK,YAAA,EAAc,IAAA,EAAM,KAAA,IAAS,GAAA;AAEtC,IAAA,MAAM,MAAA,GAAS,IAAA,CAAK,YAAA,EAAc,IAAA,EAAM,UAAA,GACpC,MAAA,CAAO,MAAA,CAAO,MAAA,GACd,IAAA,CAAK,YAAA,EAAc,IAAA,EAAM,MAAA,IAAU,GAAA;AAEvC,IAAA,MAAM,OAAA,GAAU,MAAM,cAAA,CAAe;AAAA,MACnC,GAAA,EAAK,QAAA;AAAA,MACL,IAAA,EAAM,CAAA,EAAG,IAAA,CAAK,QAAA,CAAS,KAAK,CAAA,MAAA,CAAA;AAAA,MAC5B,KAAA;AAAA,MACA;AAAA,KACD,CAAA;AAED,IAAA,OAAO,MAAM,IAAA,CAAK,gBAAA,CAAiB,OAAO,CAAA;AAAA,EAC5C;AAAA,EAEA,MAAc,gBAAgB,MAAA,EAA2C;AACvE,IAAA,MAAM,KAAA,GAAQ,IAAA,CAAK,cAAA,CAAe,MAAM,CAAA;AAExC,IAAA,MAAA,CAAO,QAAA,CAAS,IAAA,GAAO,MAAM,IAAA,CAAK,SAAS,QAAA,EAAU;AAAA,MACnD,KAAA;AAAA,MACA,MAAA,EAAQ,OAAO,QAAA,CAAS,MAAA;AAAA,MACxB,WAAA,EAAa,OAAO,QAAA,CAAS,IAAA;AAAA,MAC7B,IAAA,EAAM;AAAA,KACP,CAAA;AAED,IAAA,OAAO,IAAI,QAAQ,MAAM;AAAA,IAAC,CAAC,CAAA;AAAA,EAC7B;AAAA,EAEA,MAAc,QAAA,CACZ,IAAA,EACA,KAAA,EACiB;AACjB,IAAA,MAAM,OAAA,GAAU,MAAM,IAAA,CAAK,YAAA,CAAa,WAAW,MAAM,CAAA;AACzD,IAAA,MAAM,WAAA,GAAc,KAAK,gBAAA,CAAiB;AAAA,MACxC,GAAG,KAAA;AAAA,MACH,KAAK,IAAA,CAAK;AAAA,KACX,CAAA;AAED,IAAA,OAAO,CAAA,EAAG,OAAO,CAAA,CAAA,EAAI,IAAA,CAAK,SAAS,EAAE,CAAA,EAAG,IAAI,CAAA,EAAG,WAAW,CAAA,CAAA;AAAA,EAC5D;AAAA,EAEQ,iBAAiB,KAAA,EAEd;AACT,IAAA,IAAI,CAAC,KAAA,EAAO;AACV,MAAA,OAAO,EAAA;AAAA,IACT;AAEA,IAAA,MAAM,WAAA,GAAc,MAAA,CAAO,OAAA,CAAsC,KAAK,CAAA,CACnE,IAAI,CAAC,CAAC,GAAA,EAAK,KAAK,CAAA,KAAM;AACrB,MAAA,IAAI,OAAO,UAAU,QAAA,EAAU;AAC7B,QAAA,OAAO,GAAG,kBAAA,CAAmB,GAAG,CAAC,CAAA,CAAA,EAAI,kBAAA,CAAmB,KAAK,CAAC,CAAA,CAAA;AAAA,MAChE,WAAW,KAAA,EAAO;AAChB,QAAA,OAAO,mBAAmB,GAAG,CAAA;AAAA,MAC/B;AACA,MAAA,OAAO,MAAA;AAAA,IACT,CAAC,CAAA,CACA,MAAA,CAAO,OAAO,CAAA,CACd,KAAK,GAAG,CAAA;AAEX,IAAA,IAAI,CAAC,WAAA,EAAa;AAChB,MAAA,OAAO,EAAA;AAAA,IACT;AACA,IAAA,OAAO,IAAI,WAAW,CAAA,CAAA;AAAA,EACxB;AACF;;;;"}

package/dist/plugins/app/package.json.esm.js

@@ -1,5 +1,5 @@
 var name = "@backstage/plugin-app";
-var version = "0.4.3-next.1";
+var version = "0.4.3-next.2";
 var backstage = {
 	role: "frontend-plugin",
 	pluginId: "app",

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@backstage/plugin-app",
-  "version": "0.4.3-next.1",
+  "version": "0.4.3-next.2",
   "backstage": {
     "role": "frontend-plugin",
     "pluginId": "app",
@@ -63,16 +63,16 @@
     "test": "backstage-cli package test"
   },
   "dependencies": {
-    "@backstage/core-components": "0.18.9-next.0",
-    "@backstage/core-plugin-api": "1.12.5-next.1",
-    "@backstage/filter-predicates": "0.1.1",
-    "@backstage/frontend-plugin-api": "0.16.0-next.1",
-    "@backstage/integration-react": "1.2.17-next.0",
+    "@backstage/core-components": "0.18.9-next.1",
+    "@backstage/core-plugin-api": "1.12.5-next.2",
+    "@backstage/filter-predicates": "0.1.2-next.0",
+    "@backstage/frontend-plugin-api": "0.16.0-next.2",
+    "@backstage/integration-react": "1.2.17-next.1",
     "@backstage/plugin-app-react": "0.2.2-next.1",
-    "@backstage/plugin-permission-react": "0.4.42-next.0",
-    "@backstage/theme": "0.7.2",
+    "@backstage/plugin-permission-react": "0.4.42-next.1",
+    "@backstage/theme": "0.7.3-next.0",
     "@backstage/types": "1.2.2",
-    "@backstage/ui": "0.14.0-next.1",
+    "@backstage/ui": "0.14.0-next.2",
     "@backstage/version-bridge": "1.0.12",
     "@material-ui/core": "^4.9.13",
     "@material-ui/icons": "^4.9.1",
@@ -88,11 +88,11 @@
     "zod": "^3.25.76 || ^4.0.0"
   },
   "devDependencies": {
-    "@backstage/cli": "0.36.1-next.1",
-    "@backstage/dev-utils": "1.1.22-next.1",
-    "@backstage/frontend-defaults": "0.5.1-next.1",
-    "@backstage/frontend-test-utils": "0.5.2-next.1",
-    "@backstage/test-utils": "1.7.17-next.1",
+    "@backstage/cli": "0.36.1-next.2",
+    "@backstage/dev-utils": "1.1.22-next.2",
+    "@backstage/frontend-defaults": "0.5.1-next.2",
+    "@backstage/frontend-test-utils": "0.5.2-next.2",
+    "@backstage/test-utils": "1.7.17-next.2",
     "@testing-library/jest-dom": "^6.0.0",
     "@testing-library/react": "^16.0.0",
     "@testing-library/user-event": "^14.0.0",