@commercetools-frontend/application-config 21.20.5 → 21.21.1

package/dist/commercetools-frontend-application-config.cjs.dev.js

@@ -28,6 +28,7 @@ var _getPrototypeOf = require('@babel/runtime-corejs3/helpers/getPrototypeOf');
 var _wrapNativeSuper = require('@babel/runtime-corejs3/helpers/wrapNativeSuper');
 var _mapInstanceProperty = require('@babel/runtime-corejs3/core-js-stable/instance/map');
 var _Set = require('@babel/runtime-corejs3/core-js-stable/set');
+var _Array$isArray = require('@babel/runtime-corejs3/core-js-stable/array/is-array');
 var Ajv = require('ajv');
 var _slicedToArray = require('@babel/runtime-corejs3/helpers/slicedToArray');
 var _trimInstanceProperty = require('@babel/runtime-corejs3/core-js-stable/instance/trim');
@@ -37,10 +38,10 @@ var _Object$values = require('@babel/runtime-corejs3/core-js-stable/object/value
 var _includesInstanceProperty = require('@babel/runtime-corejs3/core-js-stable/instance/includes');
 var uniq = require('lodash/uniq');
 var _startsWithInstanceProperty = require('@babel/runtime-corejs3/core-js-stable/instance/starts-with');
-var formatters = require('./formatters-3cfe4466.cjs.dev.js');
+var _reduceInstanceProperty = require('@babel/runtime-corejs3/core-js-stable/instance/reduce');
+var formatters = require('./formatters-d2c7b577.cjs.dev.js');
 var createDOMPurify = require('dompurify');
 var jsdom$1 = require('jsdom');
-require('@babel/runtime-corejs3/core-js-stable/instance/reduce');
 require('@babel/runtime-corejs3/core-js-stable/object/entries');
 require('lodash/upperFirst');
 
@@ -62,6 +63,7 @@ var path__default = /*#__PURE__*/_interopDefault(path);
 var _Reflect$construct__default = /*#__PURE__*/_interopDefault(_Reflect$construct);
 var _mapInstanceProperty__default = /*#__PURE__*/_interopDefault(_mapInstanceProperty);
 var _Set__default = /*#__PURE__*/_interopDefault(_Set);
+var _Array$isArray__default = /*#__PURE__*/_interopDefault(_Array$isArray);
 var Ajv__default = /*#__PURE__*/_interopDefault(Ajv);
 var _trimInstanceProperty__default = /*#__PURE__*/_interopDefault(_trimInstanceProperty);
 var _JSON$stringify__default = /*#__PURE__*/_interopDefault(_JSON$stringify);
@@ -69,6 +71,7 @@ var _Object$values__default = /*#__PURE__*/_interopDefault(_Object$values);
 var _includesInstanceProperty__default = /*#__PURE__*/_interopDefault(_includesInstanceProperty);
 var uniq__default = /*#__PURE__*/_interopDefault(uniq);
 var _startsWithInstanceProperty__default = /*#__PURE__*/_interopDefault(_startsWithInstanceProperty);
+var _reduceInstanceProperty__default = /*#__PURE__*/_interopDefault(_reduceInstanceProperty);
 var createDOMPurify__default = /*#__PURE__*/_interopDefault(createDOMPurify);
 
 function _createSuper(Derived) { var hasNativeReflectConstruct = _isNativeReflectConstruct(); return function _createSuperInternal() { var Super = _getPrototypeOf(Derived), result; if (hasNativeReflectConstruct) { var NewTarget = _getPrototypeOf(this).constructor; result = _Reflect$construct__default["default"](Super, arguments, NewTarget); } else { result = Super.apply(this, arguments); } return _possibleConstructorReturn(this, result); }; }
@@ -225,6 +228,50 @@ var schemaJson = {
 				"manage"
 			]
 		},
+		additionalOAuthScopes: {
+			description: "See https://docs.commercetools.com/custom-applications/api-reference/application-config#additionaloauthscopes",
+			type: "array",
+			"default": [
+			],
+			uniqueItems: true,
+			items: {
+				type: "object",
+				properties: {
+					name: {
+						description: "See https://docs.commercetools.com/custom-applications/api-reference/application-config#additionaloauthscopesname",
+						type: "string"
+					},
+					view: {
+						description: "See https://docs.commercetools.com/custom-applications/api-reference/application-config#additionaloauthscopesview",
+						type: "array",
+						"default": [
+						],
+						items: {
+							type: "string",
+							pattern: "view_(.*)"
+						},
+						uniqueItems: true
+					},
+					manage: {
+						description: "See https://docs.commercetools.com/custom-applications/api-reference/application-config#additionaloauthscopesmanage",
+						type: "array",
+						"default": [
+						],
+						items: {
+							type: "string",
+							pattern: "manage_(.*)"
+						},
+						uniqueItems: true
+					}
+				},
+				additionalProperties: false,
+				required: [
+					"name",
+					"view",
+					"manage"
+				]
+			}
+		},
 		env: {
 			description: "See https://docs.commercetools.com/custom-applications/api-reference/application-config#env",
 			type: "object",
@@ -310,10 +357,6 @@ var schemaJson = {
 						"connect-src"
 					]
 				},
-				featurePolicies: {
-					description: "See https://docs.commercetools.com/custom-applications/api-reference/application-config#headersfeaturepolicies",
-					type: "object"
-				},
 				permissionsPolicies: {
 					description: "See https://docs.commercetools.com/custom-applications/api-reference/application-config#headerspermissionspolicies",
 					type: "object"
@@ -471,10 +514,15 @@ var schemaJson = {
 };
 
 /**
- * The entryPointUriPath may be between 2 and 64 characters and only contain alphanumeric lowercase characters,
+ * The entryPointUriPath may be between 2 and 64 characters and only contain alphabetic lowercase characters,
  * non-consecutive underscores and hyphens. Leading and trailing underscore and hyphens are also not allowed.
  */
 var ENTRY_POINT_URI_PATH_REGEX = /^[^-_#]([0-9a-z]|[-_](?![-_])){0,62}[^-_#]$/g;
+/**
+ * The permission group name may be between 2 and 64 characters and only contain alphanumeric lowercase characters and non-consecutive hyphens. Leading and trailing hyphens are also not allowed.
+ */
+
+var PERMISSION_GROUP_NAME_REGEX = /^[^-#]([a-z]|[-](?![-])){0,62}[^-#]$/g;
 var CLOUD_IDENTIFIERS = {
   GCP_AU: 'gcp-au',
   GCP_EU: 'gcp-eu',
@@ -528,7 +576,7 @@ var validateConfig = function validateConfig(config) {
 };
 var validateEntryPointUriPath = function validateEntryPointUriPath(config) {
   if (!config.entryPointUriPath.match(ENTRY_POINT_URI_PATH_REGEX)) {
-    throw new Error('Invalid "entryPointUriPath". The value may be between 2 and 64 characters and only contain alphanumeric lowercase characters, non-consecutive underscores and hyphens. Leading and trailing underscore and hyphens are also not allowed.');
+    throw new Error('Invalid "entryPointUriPath". The value may be between 2 and 64 characters and only contain alphanumeric lowercase characters, non-consecutive underscores and hyphens. Leading and trailing underscores and hyphens are also not allowed.');
   }
 };
 var validateSubmenuLinks = function validateSubmenuLinks(config) {
@@ -546,6 +594,28 @@ var validateSubmenuLinks = function validateSubmenuLinks(config) {
     uriPathSet.add(uriPath);
   });
 };
+var validateAdditionalOAuthScopes = function validateAdditionalOAuthScopes(config) {
+  var _config$additionalOAu;
+
+  var additionalPermissionNames = new _Set__default["default"]();
+  (_config$additionalOAu = config.additionalOAuthScopes) === null || _config$additionalOAu === void 0 ? void 0 : _forEachInstanceProperty__default["default"](_config$additionalOAu).call(_config$additionalOAu, function (_ref2) {
+    var name = _ref2.name,
+        view = _ref2.view,
+        manage = _ref2.manage;
+
+    if ((_Array$isArray__default["default"](view) && view.length === 0 || !view) && (_Array$isArray__default["default"](manage) && manage.length === 0 || !manage)) {
+      throw new Error("At least one OAuth Scope for permission group name \"".concat(name, "\" is required"));
+    } else if (additionalPermissionNames.has(name)) {
+      throw new Error("Duplicate additional permission group name \"".concat(name, "\". Every additional permission must have a unique name"));
+    }
+
+    if (!name.match(PERMISSION_GROUP_NAME_REGEX)) {
+      throw new Error("Additional permission group name \"".concat(name, "\" is invalid. The value may be between 2 and 64 characters and only contain alphabetic lowercase characters and non-consecutive hyphens. Leading and trailing hyphens are also not allowed"));
+    }
+
+    additionalPermissionNames.add(name);
+  });
+};
 
 /**
  * NOTE:
@@ -724,7 +794,7 @@ var getOrThrow = function getOrThrow(fn, errorMessage) {
 
 function ownKeys$1(object, enumerableOnly) { var keys = _Object$keys__default["default"](object); if (_Object$getOwnPropertySymbols__default["default"]) { var symbols = _Object$getOwnPropertySymbols__default["default"](object); enumerableOnly && (symbols = _filterInstanceProperty__default["default"](symbols).call(symbols, function (sym) { return _Object$getOwnPropertyDescriptor__default["default"](object, sym).enumerable; })), keys.push.apply(keys, symbols); } return keys; }
 
-function _objectSpread$1(target) { for (var i = 1; i < arguments.length; i++) { var _context3, _context4; var source = null != arguments[i] ? arguments[i] : {}; i % 2 ? _forEachInstanceProperty__default["default"](_context3 = ownKeys$1(Object(source), !0)).call(_context3, function (key) { _defineProperty(target, key, source[key]); }) : _Object$getOwnPropertyDescriptors__default["default"] ? _Object$defineProperties__default["default"](target, _Object$getOwnPropertyDescriptors__default["default"](source)) : _forEachInstanceProperty__default["default"](_context4 = ownKeys$1(Object(source))).call(_context4, function (key) { _Object$defineProperty__default["default"](target, key, _Object$getOwnPropertyDescriptor__default["default"](source, key)); }); } return target; }
+function _objectSpread$1(target) { for (var i = 1; i < arguments.length; i++) { var _context6, _context7; var source = null != arguments[i] ? arguments[i] : {}; i % 2 ? _forEachInstanceProperty__default["default"](_context6 = ownKeys$1(Object(source), !0)).call(_context6, function (key) { _defineProperty(target, key, source[key]); }) : _Object$getOwnPropertyDescriptors__default["default"] ? _Object$defineProperties__default["default"](target, _Object$getOwnPropertyDescriptors__default["default"](source)) : _forEachInstanceProperty__default["default"](_context7 = ownKeys$1(Object(source))).call(_context7, function (key) { _Object$defineProperty__default["default"](target, key, _Object$getOwnPropertyDescriptor__default["default"](source, key)); }); } return target; }
 // to the `entryPointUriPath`. Computing the full path is done internally to keep
 // the configuration simple.
 
@@ -742,28 +812,57 @@ var computeUriPath = function computeUriPath(uriPath, entryPointUriPath) {
   return _concatInstanceProperty__default["default"](_context = "".concat(entryPointUriPath, "/")).call(_context, uriPath);
 };
 
+var getPermissions = function getPermissions(appConfig) {
+  var _context2, _appConfig$additional, _context3, _context4;
+
+  var additionalResourceAccessKeyToOauthScopeMap = _reduceInstanceProperty__default["default"](_context2 = appConfig.additionalOAuthScopes || []).call(_context2, function (previousOauthScope, _ref) {
+    var _objectSpread2;
+
+    var name = _ref.name,
+        view = _ref.view,
+        manage = _ref.manage;
+    var formattedResourceKey = formatters.formatEntryPointUriPathToResourceAccessKey(name);
+    return _objectSpread$1(_objectSpread$1({}, previousOauthScope), {}, (_objectSpread2 = {}, _defineProperty(_objectSpread2, "view".concat(formattedResourceKey), view), _defineProperty(_objectSpread2, "manage".concat(formattedResourceKey), manage), _objectSpread2));
+  }, {});
+
+  var additionalPermissionNames = ((_appConfig$additional = appConfig.additionalOAuthScopes) === null || _appConfig$additional === void 0 ? void 0 : _mapInstanceProperty__default["default"](_appConfig$additional).call(_appConfig$additional, function (_ref2) {
+    var name = _ref2.name;
+    return name;
+  })) || [];
+  var permissionKeys = formatters.entryPointUriPathToResourceAccesses(appConfig.entryPointUriPath, additionalPermissionNames);
+
+  var additionalPermissions = _mapInstanceProperty__default["default"](_context3 = _Object$keys__default["default"](additionalResourceAccessKeyToOauthScopeMap)).call(_context3, function (additionalResourceAccessKey) {
+    return {
+      name: permissionKeys[additionalResourceAccessKey],
+      oAuthScopes: additionalResourceAccessKeyToOauthScopeMap[additionalResourceAccessKey]
+    };
+  });
+
+  return _concatInstanceProperty__default["default"](_context4 = [{
+    name: permissionKeys.view,
+    oAuthScopes: appConfig.oAuthScopes.view
+  }, {
+    name: permissionKeys.manage,
+    oAuthScopes: appConfig.oAuthScopes.manage
+  }]).call(_context4, _toConsumableArray(additionalPermissions));
+};
+
 function transformCustomApplicationConfigToData(appConfig) {
-  var _context2;
+  var _context5;
 
   validateEntryPointUriPath(appConfig);
   validateSubmenuLinks(appConfig);
-  var permissionKeys = formatters.entryPointUriPathToResourceAccesses(appConfig.entryPointUriPath);
+  validateAdditionalOAuthScopes(appConfig);
   return {
     id: appConfig.env.production.applicationId,
     name: appConfig.name,
     description: appConfig.description,
     entryPointUriPath: appConfig.entryPointUriPath,
     url: appConfig.env.production.url,
-    permissions: [{
-      name: permissionKeys.view,
-      oAuthScopes: appConfig.oAuthScopes.view
-    }, {
-      name: permissionKeys.manage,
-      oAuthScopes: appConfig.oAuthScopes.manage
-    }],
+    permissions: getPermissions(appConfig),
     icon: appConfig.icon,
     mainMenuLink: appConfig.mainMenuLink,
-    submenuLinks: _mapInstanceProperty__default["default"](_context2 = appConfig.submenuLinks).call(_context2, function (submenuLink) {
+    submenuLinks: _mapInstanceProperty__default["default"](_context5 = appConfig.submenuLinks).call(_context5, function (submenuLink) {
       return _objectSpread$1(_objectSpread$1({}, submenuLink), {}, {
         uriPath: computeUriPath(submenuLink.uriPath, appConfig.entryPointUriPath)
       });
@@ -842,7 +941,8 @@ var processConfig = function processConfig() {
       initialProjectKey: // For the `account` application, we should unset the projectKey.
       customApplicationData.entryPointUriPath === 'account' ? undefined : appConfig.env.development.initialProjectKey,
       teamId: (_appConfig$env$develo = appConfig.env.development) === null || _appConfig$env$develo === void 0 ? void 0 : _appConfig$env$develo.teamId,
-      oAuthScopes: appConfig.oAuthScopes
+      oAuthScopes: appConfig.oAuthScopes,
+      additionalOAuthScopes: appConfig === null || appConfig === void 0 ? void 0 : appConfig.additionalOAuthScopes
     }),
     menuLinks: _objectSpread(_objectSpread({
       icon: customApplicationData.icon
@@ -904,6 +1004,7 @@ exports.CLOUD_IDENTIFIERS = CLOUD_IDENTIFIERS;
 exports.ENTRY_POINT_URI_PATH_REGEX = ENTRY_POINT_URI_PATH_REGEX;
 exports.MC_API_URLS = MC_API_URLS;
 exports.MissingOrInvalidConfigError = MissingOrInvalidConfigError;
+exports.PERMISSION_GROUP_NAME_REGEX = PERMISSION_GROUP_NAME_REGEX;
 exports.getConfigPath = getConfigPath;
 exports.processConfig = processConfig;
 exports.sanitizeSvg = sanitizeSvg;

package/dist/commercetools-frontend-application-config.cjs.prod.js

@@ -28,6 +28,7 @@ var _getPrototypeOf = require('@babel/runtime-corejs3/helpers/getPrototypeOf');
 var _wrapNativeSuper = require('@babel/runtime-corejs3/helpers/wrapNativeSuper');
 var _mapInstanceProperty = require('@babel/runtime-corejs3/core-js-stable/instance/map');
 var _Set = require('@babel/runtime-corejs3/core-js-stable/set');
+var _Array$isArray = require('@babel/runtime-corejs3/core-js-stable/array/is-array');
 var Ajv = require('ajv');
 var _slicedToArray = require('@babel/runtime-corejs3/helpers/slicedToArray');
 var _trimInstanceProperty = require('@babel/runtime-corejs3/core-js-stable/instance/trim');
@@ -37,10 +38,10 @@ var _Object$values = require('@babel/runtime-corejs3/core-js-stable/object/value
 var _includesInstanceProperty = require('@babel/runtime-corejs3/core-js-stable/instance/includes');
 var uniq = require('lodash/uniq');
 var _startsWithInstanceProperty = require('@babel/runtime-corejs3/core-js-stable/instance/starts-with');
-var formatters = require('./formatters-80d55e3e.cjs.prod.js');
+var _reduceInstanceProperty = require('@babel/runtime-corejs3/core-js-stable/instance/reduce');
+var formatters = require('./formatters-88de943a.cjs.prod.js');
 var createDOMPurify = require('dompurify');
 var jsdom$1 = require('jsdom');
-require('@babel/runtime-corejs3/core-js-stable/instance/reduce');
 require('@babel/runtime-corejs3/core-js-stable/object/entries');
 require('lodash/upperFirst');
 
@@ -62,6 +63,7 @@ var path__default = /*#__PURE__*/_interopDefault(path);
 var _Reflect$construct__default = /*#__PURE__*/_interopDefault(_Reflect$construct);
 var _mapInstanceProperty__default = /*#__PURE__*/_interopDefault(_mapInstanceProperty);
 var _Set__default = /*#__PURE__*/_interopDefault(_Set);
+var _Array$isArray__default = /*#__PURE__*/_interopDefault(_Array$isArray);
 var Ajv__default = /*#__PURE__*/_interopDefault(Ajv);
 var _trimInstanceProperty__default = /*#__PURE__*/_interopDefault(_trimInstanceProperty);
 var _JSON$stringify__default = /*#__PURE__*/_interopDefault(_JSON$stringify);
@@ -69,6 +71,7 @@ var _Object$values__default = /*#__PURE__*/_interopDefault(_Object$values);
 var _includesInstanceProperty__default = /*#__PURE__*/_interopDefault(_includesInstanceProperty);
 var uniq__default = /*#__PURE__*/_interopDefault(uniq);
 var _startsWithInstanceProperty__default = /*#__PURE__*/_interopDefault(_startsWithInstanceProperty);
+var _reduceInstanceProperty__default = /*#__PURE__*/_interopDefault(_reduceInstanceProperty);
 var createDOMPurify__default = /*#__PURE__*/_interopDefault(createDOMPurify);
 
 function _createSuper(Derived) { var hasNativeReflectConstruct = _isNativeReflectConstruct(); return function _createSuperInternal() { var Super = _getPrototypeOf(Derived), result; if (hasNativeReflectConstruct) { var NewTarget = _getPrototypeOf(this).constructor; result = _Reflect$construct__default["default"](Super, arguments, NewTarget); } else { result = Super.apply(this, arguments); } return _possibleConstructorReturn(this, result); }; }
@@ -225,6 +228,50 @@ var schemaJson = {
 				"manage"
 			]
 		},
+		additionalOAuthScopes: {
+			description: "See https://docs.commercetools.com/custom-applications/api-reference/application-config#additionaloauthscopes",
+			type: "array",
+			"default": [
+			],
+			uniqueItems: true,
+			items: {
+				type: "object",
+				properties: {
+					name: {
+						description: "See https://docs.commercetools.com/custom-applications/api-reference/application-config#additionaloauthscopesname",
+						type: "string"
+					},
+					view: {
+						description: "See https://docs.commercetools.com/custom-applications/api-reference/application-config#additionaloauthscopesview",
+						type: "array",
+						"default": [
+						],
+						items: {
+							type: "string",
+							pattern: "view_(.*)"
+						},
+						uniqueItems: true
+					},
+					manage: {
+						description: "See https://docs.commercetools.com/custom-applications/api-reference/application-config#additionaloauthscopesmanage",
+						type: "array",
+						"default": [
+						],
+						items: {
+							type: "string",
+							pattern: "manage_(.*)"
+						},
+						uniqueItems: true
+					}
+				},
+				additionalProperties: false,
+				required: [
+					"name",
+					"view",
+					"manage"
+				]
+			}
+		},
 		env: {
 			description: "See https://docs.commercetools.com/custom-applications/api-reference/application-config#env",
 			type: "object",
@@ -310,10 +357,6 @@ var schemaJson = {
 						"connect-src"
 					]
 				},
-				featurePolicies: {
-					description: "See https://docs.commercetools.com/custom-applications/api-reference/application-config#headersfeaturepolicies",
-					type: "object"
-				},
 				permissionsPolicies: {
 					description: "See https://docs.commercetools.com/custom-applications/api-reference/application-config#headerspermissionspolicies",
 					type: "object"
@@ -471,10 +514,15 @@ var schemaJson = {
 };
 
 /**
- * The entryPointUriPath may be between 2 and 64 characters and only contain alphanumeric lowercase characters,
+ * The entryPointUriPath may be between 2 and 64 characters and only contain alphabetic lowercase characters,
  * non-consecutive underscores and hyphens. Leading and trailing underscore and hyphens are also not allowed.
  */
 var ENTRY_POINT_URI_PATH_REGEX = /^[^-_#]([0-9a-z]|[-_](?![-_])){0,62}[^-_#]$/g;
+/**
+ * The permission group name may be between 2 and 64 characters and only contain alphanumeric lowercase characters and non-consecutive hyphens. Leading and trailing hyphens are also not allowed.
+ */
+
+var PERMISSION_GROUP_NAME_REGEX = /^[^-#]([a-z]|[-](?![-])){0,62}[^-#]$/g;
 var CLOUD_IDENTIFIERS = {
   GCP_AU: 'gcp-au',
   GCP_EU: 'gcp-eu',
@@ -528,7 +576,7 @@ var validateConfig = function validateConfig(config) {
 };
 var validateEntryPointUriPath = function validateEntryPointUriPath(config) {
   if (!config.entryPointUriPath.match(ENTRY_POINT_URI_PATH_REGEX)) {
-    throw new Error('Invalid "entryPointUriPath". The value may be between 2 and 64 characters and only contain alphanumeric lowercase characters, non-consecutive underscores and hyphens. Leading and trailing underscore and hyphens are also not allowed.');
+    throw new Error('Invalid "entryPointUriPath". The value may be between 2 and 64 characters and only contain alphanumeric lowercase characters, non-consecutive underscores and hyphens. Leading and trailing underscores and hyphens are also not allowed.');
   }
 };
 var validateSubmenuLinks = function validateSubmenuLinks(config) {
@@ -546,6 +594,28 @@ var validateSubmenuLinks = function validateSubmenuLinks(config) {
     uriPathSet.add(uriPath);
   });
 };
+var validateAdditionalOAuthScopes = function validateAdditionalOAuthScopes(config) {
+  var _config$additionalOAu;
+
+  var additionalPermissionNames = new _Set__default["default"]();
+  (_config$additionalOAu = config.additionalOAuthScopes) === null || _config$additionalOAu === void 0 ? void 0 : _forEachInstanceProperty__default["default"](_config$additionalOAu).call(_config$additionalOAu, function (_ref2) {
+    var name = _ref2.name,
+        view = _ref2.view,
+        manage = _ref2.manage;
+
+    if ((_Array$isArray__default["default"](view) && view.length === 0 || !view) && (_Array$isArray__default["default"](manage) && manage.length === 0 || !manage)) {
+      throw new Error("At least one OAuth Scope for permission group name \"".concat(name, "\" is required"));
+    } else if (additionalPermissionNames.has(name)) {
+      throw new Error("Duplicate additional permission group name \"".concat(name, "\". Every additional permission must have a unique name"));
+    }
+
+    if (!name.match(PERMISSION_GROUP_NAME_REGEX)) {
+      throw new Error("Additional permission group name \"".concat(name, "\" is invalid. The value may be between 2 and 64 characters and only contain alphabetic lowercase characters and non-consecutive hyphens. Leading and trailing hyphens are also not allowed"));
+    }
+
+    additionalPermissionNames.add(name);
+  });
+};
 
 /**
  * NOTE:
@@ -724,7 +794,7 @@ var getOrThrow = function getOrThrow(fn, errorMessage) {
 
 function ownKeys$1(object, enumerableOnly) { var keys = _Object$keys__default["default"](object); if (_Object$getOwnPropertySymbols__default["default"]) { var symbols = _Object$getOwnPropertySymbols__default["default"](object); enumerableOnly && (symbols = _filterInstanceProperty__default["default"](symbols).call(symbols, function (sym) { return _Object$getOwnPropertyDescriptor__default["default"](object, sym).enumerable; })), keys.push.apply(keys, symbols); } return keys; }
 
-function _objectSpread$1(target) { for (var i = 1; i < arguments.length; i++) { var _context3, _context4; var source = null != arguments[i] ? arguments[i] : {}; i % 2 ? _forEachInstanceProperty__default["default"](_context3 = ownKeys$1(Object(source), !0)).call(_context3, function (key) { _defineProperty(target, key, source[key]); }) : _Object$getOwnPropertyDescriptors__default["default"] ? _Object$defineProperties__default["default"](target, _Object$getOwnPropertyDescriptors__default["default"](source)) : _forEachInstanceProperty__default["default"](_context4 = ownKeys$1(Object(source))).call(_context4, function (key) { _Object$defineProperty__default["default"](target, key, _Object$getOwnPropertyDescriptor__default["default"](source, key)); }); } return target; }
+function _objectSpread$1(target) { for (var i = 1; i < arguments.length; i++) { var _context6, _context7; var source = null != arguments[i] ? arguments[i] : {}; i % 2 ? _forEachInstanceProperty__default["default"](_context6 = ownKeys$1(Object(source), !0)).call(_context6, function (key) { _defineProperty(target, key, source[key]); }) : _Object$getOwnPropertyDescriptors__default["default"] ? _Object$defineProperties__default["default"](target, _Object$getOwnPropertyDescriptors__default["default"](source)) : _forEachInstanceProperty__default["default"](_context7 = ownKeys$1(Object(source))).call(_context7, function (key) { _Object$defineProperty__default["default"](target, key, _Object$getOwnPropertyDescriptor__default["default"](source, key)); }); } return target; }
 // to the `entryPointUriPath`. Computing the full path is done internally to keep
 // the configuration simple.
 
@@ -742,28 +812,57 @@ var computeUriPath = function computeUriPath(uriPath, entryPointUriPath) {
   return _concatInstanceProperty__default["default"](_context = "".concat(entryPointUriPath, "/")).call(_context, uriPath);
 };
 
+var getPermissions = function getPermissions(appConfig) {
+  var _context2, _appConfig$additional, _context3, _context4;
+
+  var additionalResourceAccessKeyToOauthScopeMap = _reduceInstanceProperty__default["default"](_context2 = appConfig.additionalOAuthScopes || []).call(_context2, function (previousOauthScope, _ref) {
+    var _objectSpread2;
+
+    var name = _ref.name,
+        view = _ref.view,
+        manage = _ref.manage;
+    var formattedResourceKey = formatters.formatEntryPointUriPathToResourceAccessKey(name);
+    return _objectSpread$1(_objectSpread$1({}, previousOauthScope), {}, (_objectSpread2 = {}, _defineProperty(_objectSpread2, "view".concat(formattedResourceKey), view), _defineProperty(_objectSpread2, "manage".concat(formattedResourceKey), manage), _objectSpread2));
+  }, {});
+
+  var additionalPermissionNames = ((_appConfig$additional = appConfig.additionalOAuthScopes) === null || _appConfig$additional === void 0 ? void 0 : _mapInstanceProperty__default["default"](_appConfig$additional).call(_appConfig$additional, function (_ref2) {
+    var name = _ref2.name;
+    return name;
+  })) || [];
+  var permissionKeys = formatters.entryPointUriPathToResourceAccesses(appConfig.entryPointUriPath, additionalPermissionNames);
+
+  var additionalPermissions = _mapInstanceProperty__default["default"](_context3 = _Object$keys__default["default"](additionalResourceAccessKeyToOauthScopeMap)).call(_context3, function (additionalResourceAccessKey) {
+    return {
+      name: permissionKeys[additionalResourceAccessKey],
+      oAuthScopes: additionalResourceAccessKeyToOauthScopeMap[additionalResourceAccessKey]
+    };
+  });
+
+  return _concatInstanceProperty__default["default"](_context4 = [{
+    name: permissionKeys.view,
+    oAuthScopes: appConfig.oAuthScopes.view
+  }, {
+    name: permissionKeys.manage,
+    oAuthScopes: appConfig.oAuthScopes.manage
+  }]).call(_context4, _toConsumableArray(additionalPermissions));
+};
+
 function transformCustomApplicationConfigToData(appConfig) {
-  var _context2;
+  var _context5;
 
   validateEntryPointUriPath(appConfig);
   validateSubmenuLinks(appConfig);
-  var permissionKeys = formatters.entryPointUriPathToResourceAccesses(appConfig.entryPointUriPath);
+  validateAdditionalOAuthScopes(appConfig);
   return {
     id: appConfig.env.production.applicationId,
     name: appConfig.name,
     description: appConfig.description,
     entryPointUriPath: appConfig.entryPointUriPath,
     url: appConfig.env.production.url,
-    permissions: [{
-      name: permissionKeys.view,
-      oAuthScopes: appConfig.oAuthScopes.view
-    }, {
-      name: permissionKeys.manage,
-      oAuthScopes: appConfig.oAuthScopes.manage
-    }],
+    permissions: getPermissions(appConfig),
     icon: appConfig.icon,
     mainMenuLink: appConfig.mainMenuLink,
-    submenuLinks: _mapInstanceProperty__default["default"](_context2 = appConfig.submenuLinks).call(_context2, function (submenuLink) {
+    submenuLinks: _mapInstanceProperty__default["default"](_context5 = appConfig.submenuLinks).call(_context5, function (submenuLink) {
       return _objectSpread$1(_objectSpread$1({}, submenuLink), {}, {
         uriPath: computeUriPath(submenuLink.uriPath, appConfig.entryPointUriPath)
       });
@@ -842,7 +941,8 @@ var processConfig = function processConfig() {
       initialProjectKey: // For the `account` application, we should unset the projectKey.
       customApplicationData.entryPointUriPath === 'account' ? undefined : appConfig.env.development.initialProjectKey,
       teamId: (_appConfig$env$develo = appConfig.env.development) === null || _appConfig$env$develo === void 0 ? void 0 : _appConfig$env$develo.teamId,
-      oAuthScopes: appConfig.oAuthScopes
+      oAuthScopes: appConfig.oAuthScopes,
+      additionalOAuthScopes: appConfig === null || appConfig === void 0 ? void 0 : appConfig.additionalOAuthScopes
     }),
     menuLinks: _objectSpread(_objectSpread({
       icon: customApplicationData.icon
@@ -904,6 +1004,7 @@ exports.CLOUD_IDENTIFIERS = CLOUD_IDENTIFIERS;
 exports.ENTRY_POINT_URI_PATH_REGEX = ENTRY_POINT_URI_PATH_REGEX;
 exports.MC_API_URLS = MC_API_URLS;
 exports.MissingOrInvalidConfigError = MissingOrInvalidConfigError;
+exports.PERMISSION_GROUP_NAME_REGEX = PERMISSION_GROUP_NAME_REGEX;
 exports.getConfigPath = getConfigPath;
 exports.processConfig = processConfig;
 exports.sanitizeSvg = sanitizeSvg;

package/dist/commercetools-frontend-application-config.esm.js

@@ -24,6 +24,7 @@ import _getPrototypeOf from '@babel/runtime-corejs3/helpers/esm/getPrototypeOf';
 import _wrapNativeSuper from '@babel/runtime-corejs3/helpers/esm/wrapNativeSuper';
 import _mapInstanceProperty from '@babel/runtime-corejs3/core-js-stable/instance/map';
 import _Set from '@babel/runtime-corejs3/core-js-stable/set';
+import _Array$isArray from '@babel/runtime-corejs3/core-js-stable/array/is-array';
 import Ajv from 'ajv';
 import _slicedToArray from '@babel/runtime-corejs3/helpers/esm/slicedToArray';
 import _trimInstanceProperty from '@babel/runtime-corejs3/core-js-stable/instance/trim';
@@ -33,10 +34,10 @@ import _Object$values from '@babel/runtime-corejs3/core-js-stable/object/values'
 import _includesInstanceProperty from '@babel/runtime-corejs3/core-js-stable/instance/includes';
 import uniq from 'lodash/uniq';
 import _startsWithInstanceProperty from '@babel/runtime-corejs3/core-js-stable/instance/starts-with';
-import { e as entryPointUriPathToResourceAccesses } from './formatters-0d13ed2a.esm.js';
+import _reduceInstanceProperty from '@babel/runtime-corejs3/core-js-stable/instance/reduce';
+import { f as formatEntryPointUriPathToResourceAccessKey, e as entryPointUriPathToResourceAccesses } from './formatters-cf2cd8ed.esm.js';
 import createDOMPurify from 'dompurify';
 import { JSDOM } from 'jsdom';
-import '@babel/runtime-corejs3/core-js-stable/instance/reduce';
 import '@babel/runtime-corejs3/core-js-stable/object/entries';
 import 'lodash/upperFirst';
 
@@ -194,6 +195,50 @@ var schemaJson = {
 				"manage"
 			]
 		},
+		additionalOAuthScopes: {
+			description: "See https://docs.commercetools.com/custom-applications/api-reference/application-config#additionaloauthscopes",
+			type: "array",
+			"default": [
+			],
+			uniqueItems: true,
+			items: {
+				type: "object",
+				properties: {
+					name: {
+						description: "See https://docs.commercetools.com/custom-applications/api-reference/application-config#additionaloauthscopesname",
+						type: "string"
+					},
+					view: {
+						description: "See https://docs.commercetools.com/custom-applications/api-reference/application-config#additionaloauthscopesview",
+						type: "array",
+						"default": [
+						],
+						items: {
+							type: "string",
+							pattern: "view_(.*)"
+						},
+						uniqueItems: true
+					},
+					manage: {
+						description: "See https://docs.commercetools.com/custom-applications/api-reference/application-config#additionaloauthscopesmanage",
+						type: "array",
+						"default": [
+						],
+						items: {
+							type: "string",
+							pattern: "manage_(.*)"
+						},
+						uniqueItems: true
+					}
+				},
+				additionalProperties: false,
+				required: [
+					"name",
+					"view",
+					"manage"
+				]
+			}
+		},
 		env: {
 			description: "See https://docs.commercetools.com/custom-applications/api-reference/application-config#env",
 			type: "object",
@@ -279,10 +324,6 @@ var schemaJson = {
 						"connect-src"
 					]
 				},
-				featurePolicies: {
-					description: "See https://docs.commercetools.com/custom-applications/api-reference/application-config#headersfeaturepolicies",
-					type: "object"
-				},
 				permissionsPolicies: {
 					description: "See https://docs.commercetools.com/custom-applications/api-reference/application-config#headerspermissionspolicies",
 					type: "object"
@@ -440,10 +481,15 @@ var schemaJson = {
 };
 
 /**
- * The entryPointUriPath may be between 2 and 64 characters and only contain alphanumeric lowercase characters,
+ * The entryPointUriPath may be between 2 and 64 characters and only contain alphabetic lowercase characters,
  * non-consecutive underscores and hyphens. Leading and trailing underscore and hyphens are also not allowed.
  */
 var ENTRY_POINT_URI_PATH_REGEX = /^[^-_#]([0-9a-z]|[-_](?![-_])){0,62}[^-_#]$/g;
+/**
+ * The permission group name may be between 2 and 64 characters and only contain alphanumeric lowercase characters and non-consecutive hyphens. Leading and trailing hyphens are also not allowed.
+ */
+
+var PERMISSION_GROUP_NAME_REGEX = /^[^-#]([a-z]|[-](?![-])){0,62}[^-#]$/g;
 var CLOUD_IDENTIFIERS = {
   GCP_AU: 'gcp-au',
   GCP_EU: 'gcp-eu',
@@ -497,7 +543,7 @@ var validateConfig = function validateConfig(config) {
 };
 var validateEntryPointUriPath = function validateEntryPointUriPath(config) {
   if (!config.entryPointUriPath.match(ENTRY_POINT_URI_PATH_REGEX)) {
-    throw new Error('Invalid "entryPointUriPath". The value may be between 2 and 64 characters and only contain alphanumeric lowercase characters, non-consecutive underscores and hyphens. Leading and trailing underscore and hyphens are also not allowed.');
+    throw new Error('Invalid "entryPointUriPath". The value may be between 2 and 64 characters and only contain alphanumeric lowercase characters, non-consecutive underscores and hyphens. Leading and trailing underscores and hyphens are also not allowed.');
   }
 };
 var validateSubmenuLinks = function validateSubmenuLinks(config) {
@@ -515,6 +561,28 @@ var validateSubmenuLinks = function validateSubmenuLinks(config) {
     uriPathSet.add(uriPath);
   });
 };
+var validateAdditionalOAuthScopes = function validateAdditionalOAuthScopes(config) {
+  var _config$additionalOAu;
+
+  var additionalPermissionNames = new _Set();
+  (_config$additionalOAu = config.additionalOAuthScopes) === null || _config$additionalOAu === void 0 ? void 0 : _forEachInstanceProperty(_config$additionalOAu).call(_config$additionalOAu, function (_ref2) {
+    var name = _ref2.name,
+        view = _ref2.view,
+        manage = _ref2.manage;
+
+    if ((_Array$isArray(view) && view.length === 0 || !view) && (_Array$isArray(manage) && manage.length === 0 || !manage)) {
+      throw new Error("At least one OAuth Scope for permission group name \"".concat(name, "\" is required"));
+    } else if (additionalPermissionNames.has(name)) {
+      throw new Error("Duplicate additional permission group name \"".concat(name, "\". Every additional permission must have a unique name"));
+    }
+
+    if (!name.match(PERMISSION_GROUP_NAME_REGEX)) {
+      throw new Error("Additional permission group name \"".concat(name, "\" is invalid. The value may be between 2 and 64 characters and only contain alphabetic lowercase characters and non-consecutive hyphens. Leading and trailing hyphens are also not allowed"));
+    }
+
+    additionalPermissionNames.add(name);
+  });
+};
 
 /**
  * NOTE:
@@ -693,7 +761,7 @@ var getOrThrow = function getOrThrow(fn, errorMessage) {
 
 function ownKeys$1(object, enumerableOnly) { var keys = _Object$keys(object); if (_Object$getOwnPropertySymbols) { var symbols = _Object$getOwnPropertySymbols(object); enumerableOnly && (symbols = _filterInstanceProperty(symbols).call(symbols, function (sym) { return _Object$getOwnPropertyDescriptor(object, sym).enumerable; })), keys.push.apply(keys, symbols); } return keys; }
 
-function _objectSpread$1(target) { for (var i = 1; i < arguments.length; i++) { var _context3, _context4; var source = null != arguments[i] ? arguments[i] : {}; i % 2 ? _forEachInstanceProperty(_context3 = ownKeys$1(Object(source), !0)).call(_context3, function (key) { _defineProperty(target, key, source[key]); }) : _Object$getOwnPropertyDescriptors ? _Object$defineProperties(target, _Object$getOwnPropertyDescriptors(source)) : _forEachInstanceProperty(_context4 = ownKeys$1(Object(source))).call(_context4, function (key) { _Object$defineProperty(target, key, _Object$getOwnPropertyDescriptor(source, key)); }); } return target; }
+function _objectSpread$1(target) { for (var i = 1; i < arguments.length; i++) { var _context6, _context7; var source = null != arguments[i] ? arguments[i] : {}; i % 2 ? _forEachInstanceProperty(_context6 = ownKeys$1(Object(source), !0)).call(_context6, function (key) { _defineProperty(target, key, source[key]); }) : _Object$getOwnPropertyDescriptors ? _Object$defineProperties(target, _Object$getOwnPropertyDescriptors(source)) : _forEachInstanceProperty(_context7 = ownKeys$1(Object(source))).call(_context7, function (key) { _Object$defineProperty(target, key, _Object$getOwnPropertyDescriptor(source, key)); }); } return target; }
 // to the `entryPointUriPath`. Computing the full path is done internally to keep
 // the configuration simple.
 
@@ -711,28 +779,57 @@ var computeUriPath = function computeUriPath(uriPath, entryPointUriPath) {
   return _concatInstanceProperty(_context = "".concat(entryPointUriPath, "/")).call(_context, uriPath);
 };
 
+var getPermissions = function getPermissions(appConfig) {
+  var _context2, _appConfig$additional, _context3, _context4;
+
+  var additionalResourceAccessKeyToOauthScopeMap = _reduceInstanceProperty(_context2 = appConfig.additionalOAuthScopes || []).call(_context2, function (previousOauthScope, _ref) {
+    var _objectSpread2;
+
+    var name = _ref.name,
+        view = _ref.view,
+        manage = _ref.manage;
+    var formattedResourceKey = formatEntryPointUriPathToResourceAccessKey(name);
+    return _objectSpread$1(_objectSpread$1({}, previousOauthScope), {}, (_objectSpread2 = {}, _defineProperty(_objectSpread2, "view".concat(formattedResourceKey), view), _defineProperty(_objectSpread2, "manage".concat(formattedResourceKey), manage), _objectSpread2));
+  }, {});
+
+  var additionalPermissionNames = ((_appConfig$additional = appConfig.additionalOAuthScopes) === null || _appConfig$additional === void 0 ? void 0 : _mapInstanceProperty(_appConfig$additional).call(_appConfig$additional, function (_ref2) {
+    var name = _ref2.name;
+    return name;
+  })) || [];
+  var permissionKeys = entryPointUriPathToResourceAccesses(appConfig.entryPointUriPath, additionalPermissionNames);
+
+  var additionalPermissions = _mapInstanceProperty(_context3 = _Object$keys(additionalResourceAccessKeyToOauthScopeMap)).call(_context3, function (additionalResourceAccessKey) {
+    return {
+      name: permissionKeys[additionalResourceAccessKey],
+      oAuthScopes: additionalResourceAccessKeyToOauthScopeMap[additionalResourceAccessKey]
+    };
+  });
+
+  return _concatInstanceProperty(_context4 = [{
+    name: permissionKeys.view,
+    oAuthScopes: appConfig.oAuthScopes.view
+  }, {
+    name: permissionKeys.manage,
+    oAuthScopes: appConfig.oAuthScopes.manage
+  }]).call(_context4, _toConsumableArray(additionalPermissions));
+};
+
 function transformCustomApplicationConfigToData(appConfig) {
-  var _context2;
+  var _context5;
 
   validateEntryPointUriPath(appConfig);
   validateSubmenuLinks(appConfig);
-  var permissionKeys = entryPointUriPathToResourceAccesses(appConfig.entryPointUriPath);
+  validateAdditionalOAuthScopes(appConfig);
   return {
     id: appConfig.env.production.applicationId,
     name: appConfig.name,
     description: appConfig.description,
     entryPointUriPath: appConfig.entryPointUriPath,
     url: appConfig.env.production.url,
-    permissions: [{
-      name: permissionKeys.view,
-      oAuthScopes: appConfig.oAuthScopes.view
-    }, {
-      name: permissionKeys.manage,
-      oAuthScopes: appConfig.oAuthScopes.manage
-    }],
+    permissions: getPermissions(appConfig),
     icon: appConfig.icon,
     mainMenuLink: appConfig.mainMenuLink,
-    submenuLinks: _mapInstanceProperty(_context2 = appConfig.submenuLinks).call(_context2, function (submenuLink) {
+    submenuLinks: _mapInstanceProperty(_context5 = appConfig.submenuLinks).call(_context5, function (submenuLink) {
       return _objectSpread$1(_objectSpread$1({}, submenuLink), {}, {
         uriPath: computeUriPath(submenuLink.uriPath, appConfig.entryPointUriPath)
       });
@@ -811,7 +908,8 @@ var processConfig = function processConfig() {
       initialProjectKey: // For the `account` application, we should unset the projectKey.
       customApplicationData.entryPointUriPath === 'account' ? undefined : appConfig.env.development.initialProjectKey,
       teamId: (_appConfig$env$develo = appConfig.env.development) === null || _appConfig$env$develo === void 0 ? void 0 : _appConfig$env$develo.teamId,
-      oAuthScopes: appConfig.oAuthScopes
+      oAuthScopes: appConfig.oAuthScopes,
+      additionalOAuthScopes: appConfig === null || appConfig === void 0 ? void 0 : appConfig.additionalOAuthScopes
     }),
     menuLinks: _objectSpread(_objectSpread({
       icon: customApplicationData.icon
@@ -869,4 +967,4 @@ function sanitizeSvg(data) {
   }).innerHTML;
 }
 
-export { CLOUD_IDENTIFIERS, ENTRY_POINT_URI_PATH_REGEX, MC_API_URLS, MissingOrInvalidConfigError, getConfigPath, processConfig, sanitizeSvg };
+export { CLOUD_IDENTIFIERS, ENTRY_POINT_URI_PATH_REGEX, MC_API_URLS, MissingOrInvalidConfigError, PERMISSION_GROUP_NAME_REGEX, getConfigPath, processConfig, sanitizeSvg };

package/dist/declarations/src/constants.d.ts

@@ -1,4 +1,5 @@
 export declare const ENTRY_POINT_URI_PATH_REGEX: RegExp;
+export declare const PERMISSION_GROUP_NAME_REGEX: RegExp;
 export declare const CLOUD_IDENTIFIERS: {
     readonly GCP_AU: "gcp-au";
     readonly GCP_EU: "gcp-eu";

package/dist/declarations/src/formatters.d.ts

@@ -1,8 +1,10 @@
 import type { CamelCase } from './types';
 declare type TImplicitCustomApplicationResourceAccesses<PermissionGroupName extends string = ''> = Record<`view` | `manage` | `view${Capitalize<CamelCase<PermissionGroupName>>}` | `manage${Capitalize<CamelCase<PermissionGroupName>>}`, string>;
 declare type TImplicitCustomApplicationPermissionKeys<PermissionGroupName extends string = ''> = Record<`View` | `Manage` | `View${Capitalize<CamelCase<PermissionGroupName>>}` | `Manage${Capitalize<CamelCase<PermissionGroupName>>}`, string>;
+declare const formatEntryPointUriPathToResourceAccessKey: (entryPointUriPath: string) => string;
+declare const formatPermissionGroupNameToResourceAccessKey: (permissionGroupName: string) => string;
 declare function entryPointUriPathToResourceAccesses(entryPointUriPath: string): TImplicitCustomApplicationResourceAccesses<''>;
 declare function entryPointUriPathToResourceAccesses<PermissionGroupName extends string>(entryPointUriPath: string, permissionGroupNames: PermissionGroupName[]): TImplicitCustomApplicationResourceAccesses<PermissionGroupName>;
 declare function entryPointUriPathToPermissionKeys(entryPointUriPath: string): TImplicitCustomApplicationPermissionKeys<''>;
 declare function entryPointUriPathToPermissionKeys<PermissionGroupName extends string>(entryPointUriPath: string, permissionGroupNames: PermissionGroupName[]): TImplicitCustomApplicationPermissionKeys<PermissionGroupName>;
-export { entryPointUriPathToResourceAccesses, entryPointUriPathToPermissionKeys, };
+export { entryPointUriPathToResourceAccesses, entryPointUriPathToPermissionKeys, formatEntryPointUriPathToResourceAccessKey, formatPermissionGroupNameToResourceAccessKey, };

package/dist/declarations/src/schema.d.ts

@@ -9,6 +9,11 @@ export interface JSONSchemaForCustomApplicationConfigurationFiles {
         view: string[];
         manage: string[];
     };
+    additionalOAuthScopes?: {
+        name: string;
+        view: string[];
+        manage: string[];
+    }[];
     env: {
         development: {
             initialProjectKey: string;
@@ -32,9 +37,6 @@ export interface JSONSchemaForCustomApplicationConfigurationFiles {
             'style-src'?: CspDirective;
             'frame-src'?: CspDirective;
         };
-        featurePolicies?: {
-            [k: string]: unknown;
-        };
         permissionsPolicies?: {
             [k: string]: unknown;
         };

package/dist/declarations/src/validations.d.ts

@@ -2,3 +2,4 @@ import type { JSONSchemaForCustomApplicationConfigurationFiles } from './schema'
 export declare const validateConfig: (config: JSONSchemaForCustomApplicationConfigurationFiles) => void;
 export declare const validateEntryPointUriPath: (config: JSONSchemaForCustomApplicationConfigurationFiles) => void;
 export declare const validateSubmenuLinks: (config: JSONSchemaForCustomApplicationConfigurationFiles) => void;
+export declare const validateAdditionalOAuthScopes: (config: JSONSchemaForCustomApplicationConfigurationFiles) => void;

package/dist/{formatters-3cfe4466.cjs.dev.js → formatters-88de943a.cjs.prod.js}

@@ -117,3 +117,5 @@ function entryPointUriPathToPermissionKeys(entryPointUriPath, permissionGroupNam
 
 exports.entryPointUriPathToPermissionKeys = entryPointUriPathToPermissionKeys;
 exports.entryPointUriPathToResourceAccesses = entryPointUriPathToResourceAccesses;
+exports.formatEntryPointUriPathToResourceAccessKey = formatEntryPointUriPathToResourceAccessKey;
+exports.formatPermissionGroupNameToResourceAccessKey = formatPermissionGroupNameToResourceAccessKey;

package/dist/{formatters-0d13ed2a.esm.js → formatters-cf2cd8ed.esm.js}

@@ -97,4 +97,4 @@ function entryPointUriPathToPermissionKeys(entryPointUriPath, permissionGroupNam
   }, {});
 }
 
-export { entryPointUriPathToPermissionKeys as a, entryPointUriPathToResourceAccesses as e };
+export { entryPointUriPathToPermissionKeys as a, formatPermissionGroupNameToResourceAccessKey as b, entryPointUriPathToResourceAccesses as e, formatEntryPointUriPathToResourceAccessKey as f };

package/dist/{formatters-80d55e3e.cjs.prod.js → formatters-d2c7b577.cjs.dev.js}

@@ -117,3 +117,5 @@ function entryPointUriPathToPermissionKeys(entryPointUriPath, permissionGroupNam
 
 exports.entryPointUriPathToPermissionKeys = entryPointUriPathToPermissionKeys;
 exports.entryPointUriPathToResourceAccesses = entryPointUriPathToResourceAccesses;
+exports.formatEntryPointUriPathToResourceAccessKey = formatEntryPointUriPathToResourceAccessKey;
+exports.formatPermissionGroupNameToResourceAccessKey = formatPermissionGroupNameToResourceAccessKey;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@commercetools-frontend/application-config",
-  "version": "21.20.5",
+  "version": "21.21.1",
   "description": "Configuration utilities for building Custom Applications",
   "bugs": "https://github.com/commercetools/merchant-center-application-kit/issues",
   "repository": {
@@ -37,7 +37,7 @@
     "@babel/register": "^7.18.9",
     "@babel/runtime": "^7.19.0",
     "@babel/runtime-corejs3": "^7.19.0",
-    "@commercetools-frontend/babel-preset-mc-app": "21.20.5",
+    "@commercetools-frontend/babel-preset-mc-app": "workspace:*",
     "ajv": "8.11.0",
     "core-js": "^3.25.1",
     "cosmiconfig": "7.0.1",

package/schema.json

@@ -61,6 +61,43 @@
       "additionalProperties": false,
       "required": ["view", "manage"]
     },
+    "additionalOAuthScopes": {
+      "description": "See https://docs.commercetools.com/custom-applications/api-reference/application-config#additionaloauthscopes",
+      "type": "array",
+      "default": [],
+      "uniqueItems": true,
+      "items": {
+        "type": "object",
+        "properties": {
+          "name": {
+            "description": "See https://docs.commercetools.com/custom-applications/api-reference/application-config#additionaloauthscopesname",
+            "type": "string"
+          },
+          "view": {
+            "description": "See https://docs.commercetools.com/custom-applications/api-reference/application-config#additionaloauthscopesview",
+            "type": "array",
+            "default": [],
+            "items": {
+              "type": "string",
+              "pattern": "view_(.*)"
+            },
+            "uniqueItems": true
+          },
+          "manage": {
+            "description": "See https://docs.commercetools.com/custom-applications/api-reference/application-config#additionaloauthscopesmanage",
+            "type": "array",
+            "default": [],
+            "items": {
+              "type": "string",
+              "pattern": "manage_(.*)"
+            },
+            "uniqueItems": true
+          }
+        },
+        "additionalProperties": false,
+        "required": ["name", "view", "manage"]
+      }
+    },
     "env": {
       "description": "See https://docs.commercetools.com/custom-applications/api-reference/application-config#env",
       "type": "object",
@@ -136,10 +173,6 @@
           "additionalProperties": false,
           "required": ["connect-src"]
         },
-        "featurePolicies": {
-          "description": "See https://docs.commercetools.com/custom-applications/api-reference/application-config#headersfeaturepolicies",
-          "type": "object"
-        },
         "permissionsPolicies": {
           "description": "See https://docs.commercetools.com/custom-applications/api-reference/application-config#headerspermissionspolicies",
           "type": "object"

package/ssr/dist/commercetools-frontend-application-config-ssr.cjs.dev.js

@@ -2,7 +2,7 @@
 
 Object.defineProperty(exports, '__esModule', { value: true });
 
-var formatters = require('../../dist/formatters-3cfe4466.cjs.dev.js');
+var formatters = require('../../dist/formatters-d2c7b577.cjs.dev.js');
 require('@babel/runtime-corejs3/core-js-stable/object/keys');
 require('@babel/runtime-corejs3/core-js-stable/object/get-own-property-symbols');
 require('@babel/runtime-corejs3/core-js-stable/instance/filter');
@@ -23,3 +23,5 @@ require('lodash/upperFirst');
 
 exports.entryPointUriPathToPermissionKeys = formatters.entryPointUriPathToPermissionKeys;
 exports.entryPointUriPathToResourceAccesses = formatters.entryPointUriPathToResourceAccesses;
+exports.formatEntryPointUriPathToResourceAccessKey = formatters.formatEntryPointUriPathToResourceAccessKey;
+exports.formatPermissionGroupNameToResourceAccessKey = formatters.formatPermissionGroupNameToResourceAccessKey;

package/ssr/dist/commercetools-frontend-application-config-ssr.cjs.prod.js

@@ -2,7 +2,7 @@
 
 Object.defineProperty(exports, '__esModule', { value: true });
 
-var formatters = require('../../dist/formatters-80d55e3e.cjs.prod.js');
+var formatters = require('../../dist/formatters-88de943a.cjs.prod.js');
 require('@babel/runtime-corejs3/core-js-stable/object/keys');
 require('@babel/runtime-corejs3/core-js-stable/object/get-own-property-symbols');
 require('@babel/runtime-corejs3/core-js-stable/instance/filter');
@@ -23,3 +23,5 @@ require('lodash/upperFirst');
 
 exports.entryPointUriPathToPermissionKeys = formatters.entryPointUriPathToPermissionKeys;
 exports.entryPointUriPathToResourceAccesses = formatters.entryPointUriPathToResourceAccesses;
+exports.formatEntryPointUriPathToResourceAccessKey = formatters.formatEntryPointUriPathToResourceAccessKey;
+exports.formatPermissionGroupNameToResourceAccessKey = formatters.formatPermissionGroupNameToResourceAccessKey;

package/ssr/dist/commercetools-frontend-application-config-ssr.esm.js

@@ -1,4 +1,4 @@
-export { a as entryPointUriPathToPermissionKeys, e as entryPointUriPathToResourceAccesses } from '../../dist/formatters-0d13ed2a.esm.js';
+export { a as entryPointUriPathToPermissionKeys, e as entryPointUriPathToResourceAccesses, f as formatEntryPointUriPathToResourceAccessKey, b as formatPermissionGroupNameToResourceAccessKey } from '../../dist/formatters-cf2cd8ed.esm.js';
 import '@babel/runtime-corejs3/core-js-stable/object/keys';
 import '@babel/runtime-corejs3/core-js-stable/object/get-own-property-symbols';
 import '@babel/runtime-corejs3/core-js-stable/instance/filter';