@commercetools-frontend/mc-dev-authentication 21.0.0-rc.1 → 21.5.0

package/dist/commercetools-frontend-mc-dev-authentication.cjs.d.ts

@@ -0,0 +1 @@
+export * from "./declarations/src/index";

package/dist/commercetools-frontend-mc-dev-authentication.cjs.dev.js

@@ -0,0 +1,133 @@
+'use strict';
+
+Object.defineProperty(exports, '__esModule', { value: true });
+
+var _JSON$stringify = require('@babel/runtime-corejs3/core-js-stable/json/stringify');
+var _startsWithInstanceProperty = require('@babel/runtime-corejs3/core-js-stable/instance/starts-with');
+var _concatInstanceProperty = require('@babel/runtime-corejs3/core-js-stable/instance/concat');
+var fs = require('fs');
+var path = require('path');
+
+function _interopDefault (e) { return e && e.__esModule ? e : { 'default': e }; }
+
+var _JSON$stringify__default = /*#__PURE__*/_interopDefault(_JSON$stringify);
+var _startsWithInstanceProperty__default = /*#__PURE__*/_interopDefault(_startsWithInstanceProperty);
+var _concatInstanceProperty__default = /*#__PURE__*/_interopDefault(_concatInstanceProperty);
+var fs__default = /*#__PURE__*/_interopDefault(fs);
+var path__default = /*#__PURE__*/_interopDefault(path);
+
+function logoutRoute(response) {
+  var _context;
+
+  var additionalCookieParameters = arguments.length > 1 && arguments[1] !== undefined ? arguments[1] : [];
+  // NOTE: removing the cookie only works if your are running the MC API
+  // locally, otherwise the cookie won't get removed as it's set to a
+  // proper domain (e.g. commercetools.com), which we can't unset from localhost.
+  response.setHeader('Set-Cookie', _concatInstanceProperty__default["default"](_context = ["mcAccessToken=''", // <-- unset the value
+  'Path=/', "Expires=".concat(new Date(0).toUTCString()), // <-- put a date in the past
+  'HttpOnly']).call(_context, additionalCookieParameters).join('; '));
+}
+
+var pages$1 = {
+  "loginPage": "<html>\n  <head>\n    <title>Login (development only)</title>\n    <style>\n      html,\n      body {\n        font: 1em sans-serif;\n        padding: 0;\n        margin: 0;\n        height: 100vh;\n        width: 100vw;\n      }\n\n      body {\n        display: flex;\n        flex-direction: column;\n        justify-content: flex-start;\n        align-items: center;\n        margin-top: 32px;\n      }\n\n      body > * + * {\n        margin-top: 32px;\n      }\n\n      .title {\n        width: 355px;\n      }\n\n      form {\n        display: flex;\n        flex-direction: column;\n        width: 355px;\n      }\n\n      form > * + * {\n        margin: 16px 0 0;\n      }\n\n      .field {\n        border: 0;\n      }\n\n      .field > * + * {\n        margin: 8px 0 0;\n      }\n\n      label {\n        display: block;\n      }\n\n      input {\n        width: 100%;\n        height: 24px;\n        outline: none;\n      }\n\n      input:focus {\n        border: 1px solid cornflowerblue;\n      }\n\n      input:focus:invalid {\n        border-color: red;\n      }\n\n      abbr {\n        text-decoration: none;\n        color: orangered;\n      }\n\n      #errors > div {\n        background-color: red;\n        color: #eee;\n        padding: 8px;\n        border-radius: 4px;\n      }\n\n      .info {\n        background-color: #b5e1fd;\n        padding: 8px;\n        border-radius: 4px;\n      }\n    </style>\n  </head>\n  <body>\n    <div class=\"title\">\n      <h3>\n        Welcome to the Merchant Center authorization page for local development\n      </h3>\n      <small>\n        This page is only available in development mode and is necessary to\n        authenticate yourself. In production environment, we use our own\n        authentication service.\n      </small>\n    </div>\n    <form id=\"login\">\n      <div id=\"errors\"></div>\n      <div class=\"field\">\n        <label for=\"email\">\n          Email<abbr title=\"This field is mandatory\">*</abbr>\n        </label>\n        <input id=\"email\" name=\"email\" type=\"text\" required=\"required\" />\n      </div>\n      <div class=\"field\">\n        <label for=\"password\">\n          Password<abbr title=\"This field is mandatory\">*</abbr>\n        </label>\n        <input\n          id=\"password\"\n          name=\"password\"\n          type=\"password\"\n          required=\"required\"\n        />\n      </div>\n      <div>\n        <button type=\"submit\" aria-label=\"Sign in\">Sign in 🚀</button>\n      </div>\n      <div class=\"info\">\n        <small>\n          Note that Single Sign On is not supported at the moment for the\n          development login page. If you are interested in this functionality,\n          let us know and open a\n          <a\n            href=\"https://github.com/commercetools/merchant-center-application-kit/issues/new/choose\"\n            target=\"_blank\"\n            rel=\"noopener noreferrer\"\n            >support issue</a\n          >.\n        </small>\n      </div>\n    </form>\n    <script>\n      /* eslint-disable no-var,vars-on-top */\n      /**\n       * NOTE:\n       *   This code is only used in development mode.\n       *   It authenticates a developer using the same mechanisms\n       *   as when not running in development. However,\n       *   this runs on the same domain as the developer.\n       */\n      window.addEventListener('load', function loaded() {\n        var form = document.getElementById('login');\n        form.addEventListener('submit', function onSubmit(event) {\n          event.preventDefault();\n          authorize();\n        });\n\n        function authorize() {\n          var data = new FormData(form);\n          var payload = {\n            email: data.get('email'),\n            password: data.get('password'),\n          };\n\n          var queryParams = new URLSearchParams(window.location.search);\n          if (queryParams.has('response_type')) {\n            // OIDC params\n            payload.client_id = queryParams.get('client_id');\n            payload.response_type = queryParams.get('response_type');\n            payload.scope = queryParams.get('scope');\n            payload.state = queryParams.get('state');\n            payload.nonce = queryParams.get('nonce');\n          }\n\n          var container = document.getElementById('errors');\n          // Clean up error message elements\n          while (container.firstChild) {\n            container.removeChild(container.firstChild);\n          }\n\n          const url = '__MC_API_URL__/tokens';\n\n          window\n            .fetch(url, {\n              method: 'POST',\n              headers: {\n                Accept: 'application/json',\n                'Content-Type': 'application/json',\n              },\n              credentials: 'include',\n              body: JSON.stringify(payload),\n            })\n            .then(function handleResponse(response) {\n              if (response.ok) {\n                return response.json().then(function onSuccess(result) {\n                  // Handle OIDC redirect.\n                  if (queryParams.has('response_type')) {\n                    window.location.replace(result.redirectTo);\n                  } else {\n                    window.localStorage.setItem('isAuthenticated', true);\n                    var searchParams = new URLSearchParams(\n                      window.location.search\n                    );\n                    var redirectTo = searchParams.get('redirectTo') || '/';\n                    window.location.replace(redirectTo);\n                  }\n                });\n              }\n              return response.text().then(function onError(responseText) {\n                var message;\n                try {\n                  var parsedResponse = JSON.parse(responseText);\n                  message = parsedResponse.message;\n                } catch (e) {\n                  console.warn(\n                    `Failed to parse error response for ${url}:`,\n                    responseText\n                  );\n\n                  message = responseText;\n                }\n                var errorMessage = document.createTextNode(message);\n                var errorContainer = document.createElement('div');\n                errorContainer.appendChild(errorMessage);\n                container.appendChild(errorContainer, container);\n              });\n            })\n            .catch(function onNetworkError(error) {\n              var errorMessage = document.createTextNode(error.message);\n              var errorContainer = document.createElement('div');\n              errorContainer.appendChild(errorMessage);\n              container.appendChild(errorContainer, container);\n            });\n        }\n      });\n    </script>\n  </body>\n</html>\n",
+  "logoutPage": "<html>\n  <head>\n    <title>Logout (development only)</title>\n    <script>\n      window.localStorage.removeItem('isAuthenticated');\n      window.localStorage.removeItem('loginStrategy');\n      window.localStorage.removeItem('activeProjectKey');\n    </script>\n  </head>\n  <body>\n    <div>\n      <h3>This is the logout page for local development.</h3>\n      <p>\n        Be aware that you might still have an active session as the cookie is\n        assigned to a production domain (e.g. commercetools.com) which we can't\n        unset from localhost. This is only a problem on local development and we\n        intend fix this in the future.\n      </p>\n      <p>\n        You can\n        <a href=\"#\" onclick=\"window.location='/login'+window.location.search;\"\n          >go to the login page</a\n        >\n        now.\n      </p>\n    </div>\n  </body>\n</html>\n"
+};
+
+var trimTrailingSlash$1 = function trimTrailingSlash(value) {
+  return value.replace(/\/$/, '');
+};
+
+function createMcDevAuthenticationMiddleware(applicationConfig) {
+  var htmlLogin = pages$1.loginPage.replace(new RegExp('__MC_API_URL__', 'g'), trimTrailingSlash$1(applicationConfig.env.mcApiUrl));
+  var htmlLogout = pages$1.logoutPage;
+  var isDevAuthenticationMiddlewareDisabled = String(applicationConfig.env.disableAuthRoutesOfDevServer) === 'true' || applicationConfig.env.servedByProxy;
+  return function (request, response, next) {
+    var _applicationConfig$en, _applicationConfig$en2;
+
+    if (request.originalUrl === '/api/graphql') {
+      response.statusCode = 404;
+      response.setHeader('Content-Type', 'application/json');
+      response.end(_JSON$stringify__default["default"]({
+        message: "This GraphQL endpoint is only available in production in the [Merchant Center Proxy Router](https://docs.commercetools.com/custom-applications/concepts/merchant-center-proxy-router). Please check that you are not calling this endpoint in development mode."
+      }));
+      return;
+    }
+
+    if ((_applicationConfig$en = applicationConfig.env.__DEVELOPMENT__) !== null && _applicationConfig$en !== void 0 && (_applicationConfig$en2 = _applicationConfig$en.oidc) !== null && _applicationConfig$en2 !== void 0 && _applicationConfig$en2.authorizeUrl) {
+      var _applicationConfig$en3, _applicationConfig$en4, _context;
+
+      // Handle login page for OIDC workflow when developing against a local MC API.
+      if ((_applicationConfig$en3 = applicationConfig.env.__DEVELOPMENT__) !== null && _applicationConfig$en3 !== void 0 && (_applicationConfig$en4 = _applicationConfig$en3.oidc) !== null && _applicationConfig$en4 !== void 0 && _startsWithInstanceProperty__default["default"](_context = _applicationConfig$en4.authorizeUrl).call(_context, 'http://localhost')) {
+        var _context2;
+
+        if (_startsWithInstanceProperty__default["default"](_context2 = request.originalUrl).call(_context2, '/login/authorize')) {
+          if (isDevAuthenticationMiddlewareDisabled) {
+            next();
+          } else {
+            response.end(htmlLogin);
+          }
+
+          return;
+        }
+      }
+    } else {
+      if (request.originalUrl === '/login') {
+        if (isDevAuthenticationMiddlewareDisabled) {
+          next();
+        } else {
+          response.end(htmlLogin);
+        }
+
+        return;
+      }
+
+      if (request.originalUrl === '/logout') {
+        logoutRoute(response);
+
+        if (isDevAuthenticationMiddlewareDisabled) {
+          next();
+        } else {
+          response.end(htmlLogout);
+        }
+
+        return;
+      }
+    }
+
+    next();
+  };
+}
+
+// https://babeljs.io/blog/2017/09/11/zero-config-with-babel-macros
+var pages = {
+  "loginPage": "<html>\n  <head>\n    <title>Login (development only)</title>\n    <style>\n      html,\n      body {\n        font: 1em sans-serif;\n        padding: 0;\n        margin: 0;\n        height: 100vh;\n        width: 100vw;\n      }\n\n      body {\n        display: flex;\n        flex-direction: column;\n        justify-content: flex-start;\n        align-items: center;\n        margin-top: 32px;\n      }\n\n      body > * + * {\n        margin-top: 32px;\n      }\n\n      .title {\n        width: 355px;\n      }\n\n      form {\n        display: flex;\n        flex-direction: column;\n        width: 355px;\n      }\n\n      form > * + * {\n        margin: 16px 0 0;\n      }\n\n      .field {\n        border: 0;\n      }\n\n      .field > * + * {\n        margin: 8px 0 0;\n      }\n\n      label {\n        display: block;\n      }\n\n      input {\n        width: 100%;\n        height: 24px;\n        outline: none;\n      }\n\n      input:focus {\n        border: 1px solid cornflowerblue;\n      }\n\n      input:focus:invalid {\n        border-color: red;\n      }\n\n      abbr {\n        text-decoration: none;\n        color: orangered;\n      }\n\n      #errors > div {\n        background-color: red;\n        color: #eee;\n        padding: 8px;\n        border-radius: 4px;\n      }\n\n      .info {\n        background-color: #b5e1fd;\n        padding: 8px;\n        border-radius: 4px;\n      }\n    </style>\n  </head>\n  <body>\n    <div class=\"title\">\n      <h3>\n        Welcome to the Merchant Center authorization page for local development\n      </h3>\n      <small>\n        This page is only available in development mode and is necessary to\n        authenticate yourself. In production environment, we use our own\n        authentication service.\n      </small>\n    </div>\n    <form id=\"login\">\n      <div id=\"errors\"></div>\n      <div class=\"field\">\n        <label for=\"email\">\n          Email<abbr title=\"This field is mandatory\">*</abbr>\n        </label>\n        <input id=\"email\" name=\"email\" type=\"text\" required=\"required\" />\n      </div>\n      <div class=\"field\">\n        <label for=\"password\">\n          Password<abbr title=\"This field is mandatory\">*</abbr>\n        </label>\n        <input\n          id=\"password\"\n          name=\"password\"\n          type=\"password\"\n          required=\"required\"\n        />\n      </div>\n      <div>\n        <button type=\"submit\" aria-label=\"Sign in\">Sign in 🚀</button>\n      </div>\n      <div class=\"info\">\n        <small>\n          Note that Single Sign On is not supported at the moment for the\n          development login page. If you are interested in this functionality,\n          let us know and open a\n          <a\n            href=\"https://github.com/commercetools/merchant-center-application-kit/issues/new/choose\"\n            target=\"_blank\"\n            rel=\"noopener noreferrer\"\n            >support issue</a\n          >.\n        </small>\n      </div>\n    </form>\n    <script>\n      /* eslint-disable no-var,vars-on-top */\n      /**\n       * NOTE:\n       *   This code is only used in development mode.\n       *   It authenticates a developer using the same mechanisms\n       *   as when not running in development. However,\n       *   this runs on the same domain as the developer.\n       */\n      window.addEventListener('load', function loaded() {\n        var form = document.getElementById('login');\n        form.addEventListener('submit', function onSubmit(event) {\n          event.preventDefault();\n          authorize();\n        });\n\n        function authorize() {\n          var data = new FormData(form);\n          var payload = {\n            email: data.get('email'),\n            password: data.get('password'),\n          };\n\n          var queryParams = new URLSearchParams(window.location.search);\n          if (queryParams.has('response_type')) {\n            // OIDC params\n            payload.client_id = queryParams.get('client_id');\n            payload.response_type = queryParams.get('response_type');\n            payload.scope = queryParams.get('scope');\n            payload.state = queryParams.get('state');\n            payload.nonce = queryParams.get('nonce');\n          }\n\n          var container = document.getElementById('errors');\n          // Clean up error message elements\n          while (container.firstChild) {\n            container.removeChild(container.firstChild);\n          }\n\n          const url = '__MC_API_URL__/tokens';\n\n          window\n            .fetch(url, {\n              method: 'POST',\n              headers: {\n                Accept: 'application/json',\n                'Content-Type': 'application/json',\n              },\n              credentials: 'include',\n              body: JSON.stringify(payload),\n            })\n            .then(function handleResponse(response) {\n              if (response.ok) {\n                return response.json().then(function onSuccess(result) {\n                  // Handle OIDC redirect.\n                  if (queryParams.has('response_type')) {\n                    window.location.replace(result.redirectTo);\n                  } else {\n                    window.localStorage.setItem('isAuthenticated', true);\n                    var searchParams = new URLSearchParams(\n                      window.location.search\n                    );\n                    var redirectTo = searchParams.get('redirectTo') || '/';\n                    window.location.replace(redirectTo);\n                  }\n                });\n              }\n              return response.text().then(function onError(responseText) {\n                var message;\n                try {\n                  var parsedResponse = JSON.parse(responseText);\n                  message = parsedResponse.message;\n                } catch (e) {\n                  console.warn(\n                    `Failed to parse error response for ${url}:`,\n                    responseText\n                  );\n\n                  message = responseText;\n                }\n                var errorMessage = document.createTextNode(message);\n                var errorContainer = document.createElement('div');\n                errorContainer.appendChild(errorMessage);\n                container.appendChild(errorContainer, container);\n              });\n            })\n            .catch(function onNetworkError(error) {\n              var errorMessage = document.createTextNode(error.message);\n              var errorContainer = document.createElement('div');\n              errorContainer.appendChild(errorMessage);\n              container.appendChild(errorContainer, container);\n            });\n        }\n      });\n    </script>\n  </body>\n</html>\n",
+  "logoutPage": "<html>\n  <head>\n    <title>Logout (development only)</title>\n    <script>\n      window.localStorage.removeItem('isAuthenticated');\n      window.localStorage.removeItem('loginStrategy');\n      window.localStorage.removeItem('activeProjectKey');\n    </script>\n  </head>\n  <body>\n    <div>\n      <h3>This is the logout page for local development.</h3>\n      <p>\n        Be aware that you might still have an active session as the cookie is\n        assigned to a production domain (e.g. commercetools.com) which we can't\n        unset from localhost. This is only a problem on local development and we\n        intend fix this in the future.\n      </p>\n      <p>\n        You can\n        <a href=\"#\" onclick=\"window.location='/login'+window.location.search;\"\n          >go to the login page</a\n        >\n        now.\n      </p>\n    </div>\n  </body>\n</html>\n"
+};
+
+var trimTrailingSlash = function trimTrailingSlash(value) {
+  return value.replace(/\/$/, '');
+}; // Make sure any symlinks in the project folder are resolved:
+// https://github.com/facebook/create-react-app/issues/637
+
+
+var appDirectory = fs__default["default"].realpathSync(process.cwd());
+
+var resolveApp = function resolveApp(relativePath) {
+  return path__default["default"].resolve(appDirectory, relativePath);
+};
+
+var paths = {
+  appBuild: resolveApp('public')
+}; // This transformer will generate a development `login` and `logout` HTML files
+// and copy them to the application public folder.
+// This is necessary to run the application locally in production mode.
+
+var transformerLocal = function transformerLocal(compiledHtml) {
+  var htmlLogin = pages.loginPage.replace(new RegExp('__MC_API_URL__', 'g'), trimTrailingSlash(compiledHtml.env.mcApiUrl));
+  var htmlLogout = pages.logoutPage;
+  fs__default["default"].writeFileSync(path__default["default"].join(paths.appBuild, 'login.html'), htmlLogin, 'utf8');
+  fs__default["default"].writeFileSync(path__default["default"].join(paths.appBuild, 'logout.html'), htmlLogout, 'utf8');
+};
+
+exports.createMcDevAuthenticationMiddleware = createMcDevAuthenticationMiddleware;
+exports.transformerLocal = transformerLocal;

package/dist/commercetools-frontend-mc-dev-authentication.cjs.js

@@ -0,0 +1,7 @@
+'use strict';
+
+if (process.env.NODE_ENV === "production") {
+  module.exports = require("./commercetools-frontend-mc-dev-authentication.cjs.prod.js");
+} else {
+  module.exports = require("./commercetools-frontend-mc-dev-authentication.cjs.dev.js");
+}

package/dist/commercetools-frontend-mc-dev-authentication.cjs.prod.js

@@ -0,0 +1,133 @@
+'use strict';
+
+Object.defineProperty(exports, '__esModule', { value: true });
+
+var _JSON$stringify = require('@babel/runtime-corejs3/core-js-stable/json/stringify');
+var _startsWithInstanceProperty = require('@babel/runtime-corejs3/core-js-stable/instance/starts-with');
+var _concatInstanceProperty = require('@babel/runtime-corejs3/core-js-stable/instance/concat');
+var fs = require('fs');
+var path = require('path');
+
+function _interopDefault (e) { return e && e.__esModule ? e : { 'default': e }; }
+
+var _JSON$stringify__default = /*#__PURE__*/_interopDefault(_JSON$stringify);
+var _startsWithInstanceProperty__default = /*#__PURE__*/_interopDefault(_startsWithInstanceProperty);
+var _concatInstanceProperty__default = /*#__PURE__*/_interopDefault(_concatInstanceProperty);
+var fs__default = /*#__PURE__*/_interopDefault(fs);
+var path__default = /*#__PURE__*/_interopDefault(path);
+
+function logoutRoute(response) {
+  var _context;
+
+  var additionalCookieParameters = arguments.length > 1 && arguments[1] !== undefined ? arguments[1] : [];
+  // NOTE: removing the cookie only works if your are running the MC API
+  // locally, otherwise the cookie won't get removed as it's set to a
+  // proper domain (e.g. commercetools.com), which we can't unset from localhost.
+  response.setHeader('Set-Cookie', _concatInstanceProperty__default["default"](_context = ["mcAccessToken=''", // <-- unset the value
+  'Path=/', "Expires=".concat(new Date(0).toUTCString()), // <-- put a date in the past
+  'HttpOnly']).call(_context, additionalCookieParameters).join('; '));
+}
+
+var pages$1 = {
+  "loginPage": "<html>\n  <head>\n    <title>Login (development only)</title>\n    <style>\n      html,\n      body {\n        font: 1em sans-serif;\n        padding: 0;\n        margin: 0;\n        height: 100vh;\n        width: 100vw;\n      }\n\n      body {\n        display: flex;\n        flex-direction: column;\n        justify-content: flex-start;\n        align-items: center;\n        margin-top: 32px;\n      }\n\n      body > * + * {\n        margin-top: 32px;\n      }\n\n      .title {\n        width: 355px;\n      }\n\n      form {\n        display: flex;\n        flex-direction: column;\n        width: 355px;\n      }\n\n      form > * + * {\n        margin: 16px 0 0;\n      }\n\n      .field {\n        border: 0;\n      }\n\n      .field > * + * {\n        margin: 8px 0 0;\n      }\n\n      label {\n        display: block;\n      }\n\n      input {\n        width: 100%;\n        height: 24px;\n        outline: none;\n      }\n\n      input:focus {\n        border: 1px solid cornflowerblue;\n      }\n\n      input:focus:invalid {\n        border-color: red;\n      }\n\n      abbr {\n        text-decoration: none;\n        color: orangered;\n      }\n\n      #errors > div {\n        background-color: red;\n        color: #eee;\n        padding: 8px;\n        border-radius: 4px;\n      }\n\n      .info {\n        background-color: #b5e1fd;\n        padding: 8px;\n        border-radius: 4px;\n      }\n    </style>\n  </head>\n  <body>\n    <div class=\"title\">\n      <h3>\n        Welcome to the Merchant Center authorization page for local development\n      </h3>\n      <small>\n        This page is only available in development mode and is necessary to\n        authenticate yourself. In production environment, we use our own\n        authentication service.\n      </small>\n    </div>\n    <form id=\"login\">\n      <div id=\"errors\"></div>\n      <div class=\"field\">\n        <label for=\"email\">\n          Email<abbr title=\"This field is mandatory\">*</abbr>\n        </label>\n        <input id=\"email\" name=\"email\" type=\"text\" required=\"required\" />\n      </div>\n      <div class=\"field\">\n        <label for=\"password\">\n          Password<abbr title=\"This field is mandatory\">*</abbr>\n        </label>\n        <input\n          id=\"password\"\n          name=\"password\"\n          type=\"password\"\n          required=\"required\"\n        />\n      </div>\n      <div>\n        <button type=\"submit\" aria-label=\"Sign in\">Sign in 🚀</button>\n      </div>\n      <div class=\"info\">\n        <small>\n          Note that Single Sign On is not supported at the moment for the\n          development login page. If you are interested in this functionality,\n          let us know and open a\n          <a\n            href=\"https://github.com/commercetools/merchant-center-application-kit/issues/new/choose\"\n            target=\"_blank\"\n            rel=\"noopener noreferrer\"\n            >support issue</a\n          >.\n        </small>\n      </div>\n    </form>\n    <script>\n      /* eslint-disable no-var,vars-on-top */\n      /**\n       * NOTE:\n       *   This code is only used in development mode.\n       *   It authenticates a developer using the same mechanisms\n       *   as when not running in development. However,\n       *   this runs on the same domain as the developer.\n       */\n      window.addEventListener('load', function loaded() {\n        var form = document.getElementById('login');\n        form.addEventListener('submit', function onSubmit(event) {\n          event.preventDefault();\n          authorize();\n        });\n\n        function authorize() {\n          var data = new FormData(form);\n          var payload = {\n            email: data.get('email'),\n            password: data.get('password'),\n          };\n\n          var queryParams = new URLSearchParams(window.location.search);\n          if (queryParams.has('response_type')) {\n            // OIDC params\n            payload.client_id = queryParams.get('client_id');\n            payload.response_type = queryParams.get('response_type');\n            payload.scope = queryParams.get('scope');\n            payload.state = queryParams.get('state');\n            payload.nonce = queryParams.get('nonce');\n          }\n\n          var container = document.getElementById('errors');\n          // Clean up error message elements\n          while (container.firstChild) {\n            container.removeChild(container.firstChild);\n          }\n\n          const url = '__MC_API_URL__/tokens';\n\n          window\n            .fetch(url, {\n              method: 'POST',\n              headers: {\n                Accept: 'application/json',\n                'Content-Type': 'application/json',\n              },\n              credentials: 'include',\n              body: JSON.stringify(payload),\n            })\n            .then(function handleResponse(response) {\n              if (response.ok) {\n                return response.json().then(function onSuccess(result) {\n                  // Handle OIDC redirect.\n                  if (queryParams.has('response_type')) {\n                    window.location.replace(result.redirectTo);\n                  } else {\n                    window.localStorage.setItem('isAuthenticated', true);\n                    var searchParams = new URLSearchParams(\n                      window.location.search\n                    );\n                    var redirectTo = searchParams.get('redirectTo') || '/';\n                    window.location.replace(redirectTo);\n                  }\n                });\n              }\n              return response.text().then(function onError(responseText) {\n                var message;\n                try {\n                  var parsedResponse = JSON.parse(responseText);\n                  message = parsedResponse.message;\n                } catch (e) {\n                  console.warn(\n                    `Failed to parse error response for ${url}:`,\n                    responseText\n                  );\n\n                  message = responseText;\n                }\n                var errorMessage = document.createTextNode(message);\n                var errorContainer = document.createElement('div');\n                errorContainer.appendChild(errorMessage);\n                container.appendChild(errorContainer, container);\n              });\n            })\n            .catch(function onNetworkError(error) {\n              var errorMessage = document.createTextNode(error.message);\n              var errorContainer = document.createElement('div');\n              errorContainer.appendChild(errorMessage);\n              container.appendChild(errorContainer, container);\n            });\n        }\n      });\n    </script>\n  </body>\n</html>\n",
+  "logoutPage": "<html>\n  <head>\n    <title>Logout (development only)</title>\n    <script>\n      window.localStorage.removeItem('isAuthenticated');\n      window.localStorage.removeItem('loginStrategy');\n      window.localStorage.removeItem('activeProjectKey');\n    </script>\n  </head>\n  <body>\n    <div>\n      <h3>This is the logout page for local development.</h3>\n      <p>\n        Be aware that you might still have an active session as the cookie is\n        assigned to a production domain (e.g. commercetools.com) which we can't\n        unset from localhost. This is only a problem on local development and we\n        intend fix this in the future.\n      </p>\n      <p>\n        You can\n        <a href=\"#\" onclick=\"window.location='/login'+window.location.search;\"\n          >go to the login page</a\n        >\n        now.\n      </p>\n    </div>\n  </body>\n</html>\n"
+};
+
+var trimTrailingSlash$1 = function trimTrailingSlash(value) {
+  return value.replace(/\/$/, '');
+};
+
+function createMcDevAuthenticationMiddleware(applicationConfig) {
+  var htmlLogin = pages$1.loginPage.replace(new RegExp('__MC_API_URL__', 'g'), trimTrailingSlash$1(applicationConfig.env.mcApiUrl));
+  var htmlLogout = pages$1.logoutPage;
+  var isDevAuthenticationMiddlewareDisabled = String(applicationConfig.env.disableAuthRoutesOfDevServer) === 'true' || applicationConfig.env.servedByProxy;
+  return function (request, response, next) {
+    var _applicationConfig$en, _applicationConfig$en2;
+
+    if (request.originalUrl === '/api/graphql') {
+      response.statusCode = 404;
+      response.setHeader('Content-Type', 'application/json');
+      response.end(_JSON$stringify__default["default"]({
+        message: "This GraphQL endpoint is only available in production in the [Merchant Center Proxy Router](https://docs.commercetools.com/custom-applications/concepts/merchant-center-proxy-router). Please check that you are not calling this endpoint in development mode."
+      }));
+      return;
+    }
+
+    if ((_applicationConfig$en = applicationConfig.env.__DEVELOPMENT__) !== null && _applicationConfig$en !== void 0 && (_applicationConfig$en2 = _applicationConfig$en.oidc) !== null && _applicationConfig$en2 !== void 0 && _applicationConfig$en2.authorizeUrl) {
+      var _applicationConfig$en3, _applicationConfig$en4, _context;
+
+      // Handle login page for OIDC workflow when developing against a local MC API.
+      if ((_applicationConfig$en3 = applicationConfig.env.__DEVELOPMENT__) !== null && _applicationConfig$en3 !== void 0 && (_applicationConfig$en4 = _applicationConfig$en3.oidc) !== null && _applicationConfig$en4 !== void 0 && _startsWithInstanceProperty__default["default"](_context = _applicationConfig$en4.authorizeUrl).call(_context, 'http://localhost')) {
+        var _context2;
+
+        if (_startsWithInstanceProperty__default["default"](_context2 = request.originalUrl).call(_context2, '/login/authorize')) {
+          if (isDevAuthenticationMiddlewareDisabled) {
+            next();
+          } else {
+            response.end(htmlLogin);
+          }
+
+          return;
+        }
+      }
+    } else {
+      if (request.originalUrl === '/login') {
+        if (isDevAuthenticationMiddlewareDisabled) {
+          next();
+        } else {
+          response.end(htmlLogin);
+        }
+
+        return;
+      }
+
+      if (request.originalUrl === '/logout') {
+        logoutRoute(response);
+
+        if (isDevAuthenticationMiddlewareDisabled) {
+          next();
+        } else {
+          response.end(htmlLogout);
+        }
+
+        return;
+      }
+    }
+
+    next();
+  };
+}
+
+// https://babeljs.io/blog/2017/09/11/zero-config-with-babel-macros
+var pages = {
+  "loginPage": "<html>\n  <head>\n    <title>Login (development only)</title>\n    <style>\n      html,\n      body {\n        font: 1em sans-serif;\n        padding: 0;\n        margin: 0;\n        height: 100vh;\n        width: 100vw;\n      }\n\n      body {\n        display: flex;\n        flex-direction: column;\n        justify-content: flex-start;\n        align-items: center;\n        margin-top: 32px;\n      }\n\n      body > * + * {\n        margin-top: 32px;\n      }\n\n      .title {\n        width: 355px;\n      }\n\n      form {\n        display: flex;\n        flex-direction: column;\n        width: 355px;\n      }\n\n      form > * + * {\n        margin: 16px 0 0;\n      }\n\n      .field {\n        border: 0;\n      }\n\n      .field > * + * {\n        margin: 8px 0 0;\n      }\n\n      label {\n        display: block;\n      }\n\n      input {\n        width: 100%;\n        height: 24px;\n        outline: none;\n      }\n\n      input:focus {\n        border: 1px solid cornflowerblue;\n      }\n\n      input:focus:invalid {\n        border-color: red;\n      }\n\n      abbr {\n        text-decoration: none;\n        color: orangered;\n      }\n\n      #errors > div {\n        background-color: red;\n        color: #eee;\n        padding: 8px;\n        border-radius: 4px;\n      }\n\n      .info {\n        background-color: #b5e1fd;\n        padding: 8px;\n        border-radius: 4px;\n      }\n    </style>\n  </head>\n  <body>\n    <div class=\"title\">\n      <h3>\n        Welcome to the Merchant Center authorization page for local development\n      </h3>\n      <small>\n        This page is only available in development mode and is necessary to\n        authenticate yourself. In production environment, we use our own\n        authentication service.\n      </small>\n    </div>\n    <form id=\"login\">\n      <div id=\"errors\"></div>\n      <div class=\"field\">\n        <label for=\"email\">\n          Email<abbr title=\"This field is mandatory\">*</abbr>\n        </label>\n        <input id=\"email\" name=\"email\" type=\"text\" required=\"required\" />\n      </div>\n      <div class=\"field\">\n        <label for=\"password\">\n          Password<abbr title=\"This field is mandatory\">*</abbr>\n        </label>\n        <input\n          id=\"password\"\n          name=\"password\"\n          type=\"password\"\n          required=\"required\"\n        />\n      </div>\n      <div>\n        <button type=\"submit\" aria-label=\"Sign in\">Sign in 🚀</button>\n      </div>\n      <div class=\"info\">\n        <small>\n          Note that Single Sign On is not supported at the moment for the\n          development login page. If you are interested in this functionality,\n          let us know and open a\n          <a\n            href=\"https://github.com/commercetools/merchant-center-application-kit/issues/new/choose\"\n            target=\"_blank\"\n            rel=\"noopener noreferrer\"\n            >support issue</a\n          >.\n        </small>\n      </div>\n    </form>\n    <script>\n      /* eslint-disable no-var,vars-on-top */\n      /**\n       * NOTE:\n       *   This code is only used in development mode.\n       *   It authenticates a developer using the same mechanisms\n       *   as when not running in development. However,\n       *   this runs on the same domain as the developer.\n       */\n      window.addEventListener('load', function loaded() {\n        var form = document.getElementById('login');\n        form.addEventListener('submit', function onSubmit(event) {\n          event.preventDefault();\n          authorize();\n        });\n\n        function authorize() {\n          var data = new FormData(form);\n          var payload = {\n            email: data.get('email'),\n            password: data.get('password'),\n          };\n\n          var queryParams = new URLSearchParams(window.location.search);\n          if (queryParams.has('response_type')) {\n            // OIDC params\n            payload.client_id = queryParams.get('client_id');\n            payload.response_type = queryParams.get('response_type');\n            payload.scope = queryParams.get('scope');\n            payload.state = queryParams.get('state');\n            payload.nonce = queryParams.get('nonce');\n          }\n\n          var container = document.getElementById('errors');\n          // Clean up error message elements\n          while (container.firstChild) {\n            container.removeChild(container.firstChild);\n          }\n\n          const url = '__MC_API_URL__/tokens';\n\n          window\n            .fetch(url, {\n              method: 'POST',\n              headers: {\n                Accept: 'application/json',\n                'Content-Type': 'application/json',\n              },\n              credentials: 'include',\n              body: JSON.stringify(payload),\n            })\n            .then(function handleResponse(response) {\n              if (response.ok) {\n                return response.json().then(function onSuccess(result) {\n                  // Handle OIDC redirect.\n                  if (queryParams.has('response_type')) {\n                    window.location.replace(result.redirectTo);\n                  } else {\n                    window.localStorage.setItem('isAuthenticated', true);\n                    var searchParams = new URLSearchParams(\n                      window.location.search\n                    );\n                    var redirectTo = searchParams.get('redirectTo') || '/';\n                    window.location.replace(redirectTo);\n                  }\n                });\n              }\n              return response.text().then(function onError(responseText) {\n                var message;\n                try {\n                  var parsedResponse = JSON.parse(responseText);\n                  message = parsedResponse.message;\n                } catch (e) {\n                  console.warn(\n                    `Failed to parse error response for ${url}:`,\n                    responseText\n                  );\n\n                  message = responseText;\n                }\n                var errorMessage = document.createTextNode(message);\n                var errorContainer = document.createElement('div');\n                errorContainer.appendChild(errorMessage);\n                container.appendChild(errorContainer, container);\n              });\n            })\n            .catch(function onNetworkError(error) {\n              var errorMessage = document.createTextNode(error.message);\n              var errorContainer = document.createElement('div');\n              errorContainer.appendChild(errorMessage);\n              container.appendChild(errorContainer, container);\n            });\n        }\n      });\n    </script>\n  </body>\n</html>\n",
+  "logoutPage": "<html>\n  <head>\n    <title>Logout (development only)</title>\n    <script>\n      window.localStorage.removeItem('isAuthenticated');\n      window.localStorage.removeItem('loginStrategy');\n      window.localStorage.removeItem('activeProjectKey');\n    </script>\n  </head>\n  <body>\n    <div>\n      <h3>This is the logout page for local development.</h3>\n      <p>\n        Be aware that you might still have an active session as the cookie is\n        assigned to a production domain (e.g. commercetools.com) which we can't\n        unset from localhost. This is only a problem on local development and we\n        intend fix this in the future.\n      </p>\n      <p>\n        You can\n        <a href=\"#\" onclick=\"window.location='/login'+window.location.search;\"\n          >go to the login page</a\n        >\n        now.\n      </p>\n    </div>\n  </body>\n</html>\n"
+};
+
+var trimTrailingSlash = function trimTrailingSlash(value) {
+  return value.replace(/\/$/, '');
+}; // Make sure any symlinks in the project folder are resolved:
+// https://github.com/facebook/create-react-app/issues/637
+
+
+var appDirectory = fs__default["default"].realpathSync(process.cwd());
+
+var resolveApp = function resolveApp(relativePath) {
+  return path__default["default"].resolve(appDirectory, relativePath);
+};
+
+var paths = {
+  appBuild: resolveApp('public')
+}; // This transformer will generate a development `login` and `logout` HTML files
+// and copy them to the application public folder.
+// This is necessary to run the application locally in production mode.
+
+var transformerLocal = function transformerLocal(compiledHtml) {
+  var htmlLogin = pages.loginPage.replace(new RegExp('__MC_API_URL__', 'g'), trimTrailingSlash(compiledHtml.env.mcApiUrl));
+  var htmlLogout = pages.logoutPage;
+  fs__default["default"].writeFileSync(path__default["default"].join(paths.appBuild, 'login.html'), htmlLogin, 'utf8');
+  fs__default["default"].writeFileSync(path__default["default"].join(paths.appBuild, 'logout.html'), htmlLogout, 'utf8');
+};
+
+exports.createMcDevAuthenticationMiddleware = createMcDevAuthenticationMiddleware;
+exports.transformerLocal = transformerLocal;

package/dist/commercetools-frontend-mc-dev-authentication.esm.js

@@ -0,0 +1,120 @@
+import _JSON$stringify from '@babel/runtime-corejs3/core-js-stable/json/stringify';
+import _startsWithInstanceProperty from '@babel/runtime-corejs3/core-js-stable/instance/starts-with';
+import _concatInstanceProperty from '@babel/runtime-corejs3/core-js-stable/instance/concat';
+import fs from 'fs';
+import path from 'path';
+
+function logoutRoute(response) {
+  var _context;
+
+  var additionalCookieParameters = arguments.length > 1 && arguments[1] !== undefined ? arguments[1] : [];
+  // NOTE: removing the cookie only works if your are running the MC API
+  // locally, otherwise the cookie won't get removed as it's set to a
+  // proper domain (e.g. commercetools.com), which we can't unset from localhost.
+  response.setHeader('Set-Cookie', _concatInstanceProperty(_context = ["mcAccessToken=''", // <-- unset the value
+  'Path=/', "Expires=".concat(new Date(0).toUTCString()), // <-- put a date in the past
+  'HttpOnly']).call(_context, additionalCookieParameters).join('; '));
+}
+
+var pages$1 = {
+  "loginPage": "<html>\n  <head>\n    <title>Login (development only)</title>\n    <style>\n      html,\n      body {\n        font: 1em sans-serif;\n        padding: 0;\n        margin: 0;\n        height: 100vh;\n        width: 100vw;\n      }\n\n      body {\n        display: flex;\n        flex-direction: column;\n        justify-content: flex-start;\n        align-items: center;\n        margin-top: 32px;\n      }\n\n      body > * + * {\n        margin-top: 32px;\n      }\n\n      .title {\n        width: 355px;\n      }\n\n      form {\n        display: flex;\n        flex-direction: column;\n        width: 355px;\n      }\n\n      form > * + * {\n        margin: 16px 0 0;\n      }\n\n      .field {\n        border: 0;\n      }\n\n      .field > * + * {\n        margin: 8px 0 0;\n      }\n\n      label {\n        display: block;\n      }\n\n      input {\n        width: 100%;\n        height: 24px;\n        outline: none;\n      }\n\n      input:focus {\n        border: 1px solid cornflowerblue;\n      }\n\n      input:focus:invalid {\n        border-color: red;\n      }\n\n      abbr {\n        text-decoration: none;\n        color: orangered;\n      }\n\n      #errors > div {\n        background-color: red;\n        color: #eee;\n        padding: 8px;\n        border-radius: 4px;\n      }\n\n      .info {\n        background-color: #b5e1fd;\n        padding: 8px;\n        border-radius: 4px;\n      }\n    </style>\n  </head>\n  <body>\n    <div class=\"title\">\n      <h3>\n        Welcome to the Merchant Center authorization page for local development\n      </h3>\n      <small>\n        This page is only available in development mode and is necessary to\n        authenticate yourself. In production environment, we use our own\n        authentication service.\n      </small>\n    </div>\n    <form id=\"login\">\n      <div id=\"errors\"></div>\n      <div class=\"field\">\n        <label for=\"email\">\n          Email<abbr title=\"This field is mandatory\">*</abbr>\n        </label>\n        <input id=\"email\" name=\"email\" type=\"text\" required=\"required\" />\n      </div>\n      <div class=\"field\">\n        <label for=\"password\">\n          Password<abbr title=\"This field is mandatory\">*</abbr>\n        </label>\n        <input\n          id=\"password\"\n          name=\"password\"\n          type=\"password\"\n          required=\"required\"\n        />\n      </div>\n      <div>\n        <button type=\"submit\" aria-label=\"Sign in\">Sign in 🚀</button>\n      </div>\n      <div class=\"info\">\n        <small>\n          Note that Single Sign On is not supported at the moment for the\n          development login page. If you are interested in this functionality,\n          let us know and open a\n          <a\n            href=\"https://github.com/commercetools/merchant-center-application-kit/issues/new/choose\"\n            target=\"_blank\"\n            rel=\"noopener noreferrer\"\n            >support issue</a\n          >.\n        </small>\n      </div>\n    </form>\n    <script>\n      /* eslint-disable no-var,vars-on-top */\n      /**\n       * NOTE:\n       *   This code is only used in development mode.\n       *   It authenticates a developer using the same mechanisms\n       *   as when not running in development. However,\n       *   this runs on the same domain as the developer.\n       */\n      window.addEventListener('load', function loaded() {\n        var form = document.getElementById('login');\n        form.addEventListener('submit', function onSubmit(event) {\n          event.preventDefault();\n          authorize();\n        });\n\n        function authorize() {\n          var data = new FormData(form);\n          var payload = {\n            email: data.get('email'),\n            password: data.get('password'),\n          };\n\n          var queryParams = new URLSearchParams(window.location.search);\n          if (queryParams.has('response_type')) {\n            // OIDC params\n            payload.client_id = queryParams.get('client_id');\n            payload.response_type = queryParams.get('response_type');\n            payload.scope = queryParams.get('scope');\n            payload.state = queryParams.get('state');\n            payload.nonce = queryParams.get('nonce');\n          }\n\n          var container = document.getElementById('errors');\n          // Clean up error message elements\n          while (container.firstChild) {\n            container.removeChild(container.firstChild);\n          }\n\n          const url = '__MC_API_URL__/tokens';\n\n          window\n            .fetch(url, {\n              method: 'POST',\n              headers: {\n                Accept: 'application/json',\n                'Content-Type': 'application/json',\n              },\n              credentials: 'include',\n              body: JSON.stringify(payload),\n            })\n            .then(function handleResponse(response) {\n              if (response.ok) {\n                return response.json().then(function onSuccess(result) {\n                  // Handle OIDC redirect.\n                  if (queryParams.has('response_type')) {\n                    window.location.replace(result.redirectTo);\n                  } else {\n                    window.localStorage.setItem('isAuthenticated', true);\n                    var searchParams = new URLSearchParams(\n                      window.location.search\n                    );\n                    var redirectTo = searchParams.get('redirectTo') || '/';\n                    window.location.replace(redirectTo);\n                  }\n                });\n              }\n              return response.text().then(function onError(responseText) {\n                var message;\n                try {\n                  var parsedResponse = JSON.parse(responseText);\n                  message = parsedResponse.message;\n                } catch (e) {\n                  console.warn(\n                    `Failed to parse error response for ${url}:`,\n                    responseText\n                  );\n\n                  message = responseText;\n                }\n                var errorMessage = document.createTextNode(message);\n                var errorContainer = document.createElement('div');\n                errorContainer.appendChild(errorMessage);\n                container.appendChild(errorContainer, container);\n              });\n            })\n            .catch(function onNetworkError(error) {\n              var errorMessage = document.createTextNode(error.message);\n              var errorContainer = document.createElement('div');\n              errorContainer.appendChild(errorMessage);\n              container.appendChild(errorContainer, container);\n            });\n        }\n      });\n    </script>\n  </body>\n</html>\n",
+  "logoutPage": "<html>\n  <head>\n    <title>Logout (development only)</title>\n    <script>\n      window.localStorage.removeItem('isAuthenticated');\n      window.localStorage.removeItem('loginStrategy');\n      window.localStorage.removeItem('activeProjectKey');\n    </script>\n  </head>\n  <body>\n    <div>\n      <h3>This is the logout page for local development.</h3>\n      <p>\n        Be aware that you might still have an active session as the cookie is\n        assigned to a production domain (e.g. commercetools.com) which we can't\n        unset from localhost. This is only a problem on local development and we\n        intend fix this in the future.\n      </p>\n      <p>\n        You can\n        <a href=\"#\" onclick=\"window.location='/login'+window.location.search;\"\n          >go to the login page</a\n        >\n        now.\n      </p>\n    </div>\n  </body>\n</html>\n"
+};
+
+var trimTrailingSlash$1 = function trimTrailingSlash(value) {
+  return value.replace(/\/$/, '');
+};
+
+function createMcDevAuthenticationMiddleware(applicationConfig) {
+  var htmlLogin = pages$1.loginPage.replace(new RegExp('__MC_API_URL__', 'g'), trimTrailingSlash$1(applicationConfig.env.mcApiUrl));
+  var htmlLogout = pages$1.logoutPage;
+  var isDevAuthenticationMiddlewareDisabled = String(applicationConfig.env.disableAuthRoutesOfDevServer) === 'true' || applicationConfig.env.servedByProxy;
+  return function (request, response, next) {
+    var _applicationConfig$en, _applicationConfig$en2;
+
+    if (request.originalUrl === '/api/graphql') {
+      response.statusCode = 404;
+      response.setHeader('Content-Type', 'application/json');
+      response.end(_JSON$stringify({
+        message: "This GraphQL endpoint is only available in production in the [Merchant Center Proxy Router](https://docs.commercetools.com/custom-applications/concepts/merchant-center-proxy-router). Please check that you are not calling this endpoint in development mode."
+      }));
+      return;
+    }
+
+    if ((_applicationConfig$en = applicationConfig.env.__DEVELOPMENT__) !== null && _applicationConfig$en !== void 0 && (_applicationConfig$en2 = _applicationConfig$en.oidc) !== null && _applicationConfig$en2 !== void 0 && _applicationConfig$en2.authorizeUrl) {
+      var _applicationConfig$en3, _applicationConfig$en4, _context;
+
+      // Handle login page for OIDC workflow when developing against a local MC API.
+      if ((_applicationConfig$en3 = applicationConfig.env.__DEVELOPMENT__) !== null && _applicationConfig$en3 !== void 0 && (_applicationConfig$en4 = _applicationConfig$en3.oidc) !== null && _applicationConfig$en4 !== void 0 && _startsWithInstanceProperty(_context = _applicationConfig$en4.authorizeUrl).call(_context, 'http://localhost')) {
+        var _context2;
+
+        if (_startsWithInstanceProperty(_context2 = request.originalUrl).call(_context2, '/login/authorize')) {
+          if (isDevAuthenticationMiddlewareDisabled) {
+            next();
+          } else {
+            response.end(htmlLogin);
+          }
+
+          return;
+        }
+      }
+    } else {
+      if (request.originalUrl === '/login') {
+        if (isDevAuthenticationMiddlewareDisabled) {
+          next();
+        } else {
+          response.end(htmlLogin);
+        }
+
+        return;
+      }
+
+      if (request.originalUrl === '/logout') {
+        logoutRoute(response);
+
+        if (isDevAuthenticationMiddlewareDisabled) {
+          next();
+        } else {
+          response.end(htmlLogout);
+        }
+
+        return;
+      }
+    }
+
+    next();
+  };
+}
+
+// https://babeljs.io/blog/2017/09/11/zero-config-with-babel-macros
+var pages = {
+  "loginPage": "<html>\n  <head>\n    <title>Login (development only)</title>\n    <style>\n      html,\n      body {\n        font: 1em sans-serif;\n        padding: 0;\n        margin: 0;\n        height: 100vh;\n        width: 100vw;\n      }\n\n      body {\n        display: flex;\n        flex-direction: column;\n        justify-content: flex-start;\n        align-items: center;\n        margin-top: 32px;\n      }\n\n      body > * + * {\n        margin-top: 32px;\n      }\n\n      .title {\n        width: 355px;\n      }\n\n      form {\n        display: flex;\n        flex-direction: column;\n        width: 355px;\n      }\n\n      form > * + * {\n        margin: 16px 0 0;\n      }\n\n      .field {\n        border: 0;\n      }\n\n      .field > * + * {\n        margin: 8px 0 0;\n      }\n\n      label {\n        display: block;\n      }\n\n      input {\n        width: 100%;\n        height: 24px;\n        outline: none;\n      }\n\n      input:focus {\n        border: 1px solid cornflowerblue;\n      }\n\n      input:focus:invalid {\n        border-color: red;\n      }\n\n      abbr {\n        text-decoration: none;\n        color: orangered;\n      }\n\n      #errors > div {\n        background-color: red;\n        color: #eee;\n        padding: 8px;\n        border-radius: 4px;\n      }\n\n      .info {\n        background-color: #b5e1fd;\n        padding: 8px;\n        border-radius: 4px;\n      }\n    </style>\n  </head>\n  <body>\n    <div class=\"title\">\n      <h3>\n        Welcome to the Merchant Center authorization page for local development\n      </h3>\n      <small>\n        This page is only available in development mode and is necessary to\n        authenticate yourself. In production environment, we use our own\n        authentication service.\n      </small>\n    </div>\n    <form id=\"login\">\n      <div id=\"errors\"></div>\n      <div class=\"field\">\n        <label for=\"email\">\n          Email<abbr title=\"This field is mandatory\">*</abbr>\n        </label>\n        <input id=\"email\" name=\"email\" type=\"text\" required=\"required\" />\n      </div>\n      <div class=\"field\">\n        <label for=\"password\">\n          Password<abbr title=\"This field is mandatory\">*</abbr>\n        </label>\n        <input\n          id=\"password\"\n          name=\"password\"\n          type=\"password\"\n          required=\"required\"\n        />\n      </div>\n      <div>\n        <button type=\"submit\" aria-label=\"Sign in\">Sign in 🚀</button>\n      </div>\n      <div class=\"info\">\n        <small>\n          Note that Single Sign On is not supported at the moment for the\n          development login page. If you are interested in this functionality,\n          let us know and open a\n          <a\n            href=\"https://github.com/commercetools/merchant-center-application-kit/issues/new/choose\"\n            target=\"_blank\"\n            rel=\"noopener noreferrer\"\n            >support issue</a\n          >.\n        </small>\n      </div>\n    </form>\n    <script>\n      /* eslint-disable no-var,vars-on-top */\n      /**\n       * NOTE:\n       *   This code is only used in development mode.\n       *   It authenticates a developer using the same mechanisms\n       *   as when not running in development. However,\n       *   this runs on the same domain as the developer.\n       */\n      window.addEventListener('load', function loaded() {\n        var form = document.getElementById('login');\n        form.addEventListener('submit', function onSubmit(event) {\n          event.preventDefault();\n          authorize();\n        });\n\n        function authorize() {\n          var data = new FormData(form);\n          var payload = {\n            email: data.get('email'),\n            password: data.get('password'),\n          };\n\n          var queryParams = new URLSearchParams(window.location.search);\n          if (queryParams.has('response_type')) {\n            // OIDC params\n            payload.client_id = queryParams.get('client_id');\n            payload.response_type = queryParams.get('response_type');\n            payload.scope = queryParams.get('scope');\n            payload.state = queryParams.get('state');\n            payload.nonce = queryParams.get('nonce');\n          }\n\n          var container = document.getElementById('errors');\n          // Clean up error message elements\n          while (container.firstChild) {\n            container.removeChild(container.firstChild);\n          }\n\n          const url = '__MC_API_URL__/tokens';\n\n          window\n            .fetch(url, {\n              method: 'POST',\n              headers: {\n                Accept: 'application/json',\n                'Content-Type': 'application/json',\n              },\n              credentials: 'include',\n              body: JSON.stringify(payload),\n            })\n            .then(function handleResponse(response) {\n              if (response.ok) {\n                return response.json().then(function onSuccess(result) {\n                  // Handle OIDC redirect.\n                  if (queryParams.has('response_type')) {\n                    window.location.replace(result.redirectTo);\n                  } else {\n                    window.localStorage.setItem('isAuthenticated', true);\n                    var searchParams = new URLSearchParams(\n                      window.location.search\n                    );\n                    var redirectTo = searchParams.get('redirectTo') || '/';\n                    window.location.replace(redirectTo);\n                  }\n                });\n              }\n              return response.text().then(function onError(responseText) {\n                var message;\n                try {\n                  var parsedResponse = JSON.parse(responseText);\n                  message = parsedResponse.message;\n                } catch (e) {\n                  console.warn(\n                    `Failed to parse error response for ${url}:`,\n                    responseText\n                  );\n\n                  message = responseText;\n                }\n                var errorMessage = document.createTextNode(message);\n                var errorContainer = document.createElement('div');\n                errorContainer.appendChild(errorMessage);\n                container.appendChild(errorContainer, container);\n              });\n            })\n            .catch(function onNetworkError(error) {\n              var errorMessage = document.createTextNode(error.message);\n              var errorContainer = document.createElement('div');\n              errorContainer.appendChild(errorMessage);\n              container.appendChild(errorContainer, container);\n            });\n        }\n      });\n    </script>\n  </body>\n</html>\n",
+  "logoutPage": "<html>\n  <head>\n    <title>Logout (development only)</title>\n    <script>\n      window.localStorage.removeItem('isAuthenticated');\n      window.localStorage.removeItem('loginStrategy');\n      window.localStorage.removeItem('activeProjectKey');\n    </script>\n  </head>\n  <body>\n    <div>\n      <h3>This is the logout page for local development.</h3>\n      <p>\n        Be aware that you might still have an active session as the cookie is\n        assigned to a production domain (e.g. commercetools.com) which we can't\n        unset from localhost. This is only a problem on local development and we\n        intend fix this in the future.\n      </p>\n      <p>\n        You can\n        <a href=\"#\" onclick=\"window.location='/login'+window.location.search;\"\n          >go to the login page</a\n        >\n        now.\n      </p>\n    </div>\n  </body>\n</html>\n"
+};
+
+var trimTrailingSlash = function trimTrailingSlash(value) {
+  return value.replace(/\/$/, '');
+}; // Make sure any symlinks in the project folder are resolved:
+// https://github.com/facebook/create-react-app/issues/637
+
+
+var appDirectory = fs.realpathSync(process.cwd());
+
+var resolveApp = function resolveApp(relativePath) {
+  return path.resolve(appDirectory, relativePath);
+};
+
+var paths = {
+  appBuild: resolveApp('public')
+}; // This transformer will generate a development `login` and `logout` HTML files
+// and copy them to the application public folder.
+// This is necessary to run the application locally in production mode.
+
+var transformerLocal = function transformerLocal(compiledHtml) {
+  var htmlLogin = pages.loginPage.replace(new RegExp('__MC_API_URL__', 'g'), trimTrailingSlash(compiledHtml.env.mcApiUrl));
+  var htmlLogout = pages.logoutPage;
+  fs.writeFileSync(path.join(paths.appBuild, 'login.html'), htmlLogin, 'utf8');
+  fs.writeFileSync(path.join(paths.appBuild, 'logout.html'), htmlLogout, 'utf8');
+};
+
+export { createMcDevAuthenticationMiddleware, transformerLocal };

package/dist/declarations/src/create-mc-dev-authentication-middleware.d.ts

@@ -0,0 +1,4 @@
+import type { Request, Response, NextFunction } from 'express';
+import type { TCustomApplicationRuntimeConfig } from './types';
+declare function createMcDevAuthenticationMiddleware(applicationConfig: TCustomApplicationRuntimeConfig): (request: Request, response: Response, next: NextFunction) => void;
+export default createMcDevAuthenticationMiddleware;

package/dist/declarations/src/index.d.ts

@@ -0,0 +1,2 @@
+export { default as createMcDevAuthenticationMiddleware } from './create-mc-dev-authentication-middleware';
+export { default as transformerLocal } from './transformer-local';

package/dist/declarations/src/pages.d.ts

@@ -0,0 +1,3 @@
+declare type Pages = { loginPage: string; logoutPage: string };
+declare const pages: Pages;
+export default pages;

package/dist/declarations/src/routes/index.d.ts

@@ -0,0 +1 @@
+export { default as logout } from './logout';

package/dist/declarations/src/routes/logout.d.ts

@@ -0,0 +1,3 @@
+import type { Response } from 'express';
+declare function logoutRoute(response: Response, additionalCookieParameters?: string[]): void;
+export default logoutRoute;

package/dist/declarations/src/transformer-local.d.ts

@@ -0,0 +1,3 @@
+import type { TCompiledHtml } from './types';
+declare const transformerLocal: (compiledHtml: TCompiledHtml) => void;
+export default transformerLocal;

package/dist/declarations/src/types.d.ts

@@ -0,0 +1,9 @@
+import type { ApplicationRuntimeConfig } from '@commercetools-frontend/application-config';
+export declare type TCustomApplicationRuntimeConfig = ApplicationRuntimeConfig<{
+    disableAuthRoutesOfDevServer?: boolean;
+}>;
+export declare type TCompiledHtml = {
+    env: TCustomApplicationRuntimeConfig['env'];
+    headers: Record<string, string>;
+    indexHtmlContent: string;
+};

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@commercetools-frontend/mc-dev-authentication",
-  "version": "21.0.0-rc.1",
+  "version": "21.5.0",
   "description": "Authentication views when running webpack-dev-server in development mode",
   "bugs": "https://github.com/commercetools/merchant-center-application-kit/issues",
   "repository": {
@@ -14,8 +14,23 @@
   "publishConfig": {
     "access": "public"
   },
+  "main": "dist/commercetools-frontend-mc-dev-authentication.cjs.js",
+  "module": "dist/commercetools-frontend-mc-dev-authentication.esm.js",
+  "files": [
+    "dist",
+    "transformer-local.js",
+    "package.json",
+    "LICENSE",
+    "README.md"
+  ],
   "dependencies": {
-    "pug": "3.0.2"
+    "@babel/runtime": "^7.17.9",
+    "@babel/runtime-corejs3": "^7.17.9"
+  },
+  "devDependencies": {
+    "@commercetools-frontend/application-config": "21.5.0",
+    "@tsconfig/node14": "^1.0.1",
+    "express": "4.17.3"
   },
   "engines": {
     "node": ">=14"

package/transformer-local.js

@@ -1,49 +1,12 @@
-const fs = require('fs');
-const path = require('path');
-const pug = require('pug');
-
-const compileLoginView = pug.compileFile(
-  path.join(__dirname, './views/login.pug')
-);
-const compileLogoutView = pug.compileFile(
-  path.join(__dirname, './views/logout.pug')
-);
-
-// Make sure any symlinks in the project folder are resolved:
-// https://github.com/facebook/create-react-app/issues/637
-const appDirectory = fs.realpathSync(process.cwd());
-const resolveApp = (relativePath) => path.resolve(appDirectory, relativePath);
-const paths = {
-  appBuild: resolveApp('public'),
-};
-
-// This transformer will generate a development `login` and `logout` HTML files
-// and copy them to the application public foder.
-// This is necessary to run the application locally in production mode.
-module.exports = ({ env }) => {
-  const loginViewHtml = compileLoginView({ env });
-  const logoutViewHtml = compileLogoutView({ env });
-
-  fs.copyFileSync(
-    path.join(__dirname, 'views', 'login.css'),
-    path.join(paths.appBuild, 'login.css')
-  );
-  fs.copyFileSync(
-    path.join(__dirname, 'views', 'login.js'),
-    path.join(paths.appBuild, 'login.js')
-  );
-  fs.copyFileSync(
-    path.join(__dirname, 'views', 'logout.js'),
-    path.join(paths.appBuild, 'logout.js')
-  );
-  fs.writeFileSync(
-    path.join(paths.appBuild, 'login.html'),
-    loginViewHtml,
-    'utf8'
-  );
-  fs.writeFileSync(
-    path.join(paths.appBuild, 'logout.html'),
-    logoutViewHtml,
-    'utf8'
-  );
-};
+/**
+ * This file is expected to be included in the package as it's referenced for the `--transformer` option
+ * in the `compile-html` command.
+ *
+ * @example
+ * ```
+ * mc-scripts compile-html --transformer @commercetools-frontend/mc-dev-authentication/transformer-local.js
+ * ```
+ */
+
+const { transformerLocal } = require('.');
+module.exports = transformerLocal;

package/CHANGELOG.md

@@ -1,138 +0,0 @@
-# @commercetools-frontend/mc-dev-authentication
-
-## 21.0.0-rc.1
-
-### Patch Changes
-
-- [#2430](https://github.com/commercetools/merchant-center-application-kit/pull/2430) [`5ea8baf1`](https://github.com/commercetools/merchant-center-application-kit/commit/5ea8baf1b2ca2661aac9a6a572d2c8e596ee0b2c) Thanks [@emmenko](https://github.com/emmenko)! - Use version range for Babel packages.
-
-## 21.0.0-rc.0
-
-### Major Changes
-
-- [#2430](https://github.com/commercetools/merchant-center-application-kit/pull/2430) [`1c363fad`](https://github.com/commercetools/merchant-center-application-kit/commit/1c363fad7ab770a739ac8080358e41ae4af42074) Thanks [@emmenko](https://github.com/emmenko)! - Drop Node.js `v12`. Recommended min Node.js version is `v14` or `v16`.
-
-* [#2430](https://github.com/commercetools/merchant-center-application-kit/pull/2430) [`07f5b00f`](https://github.com/commercetools/merchant-center-application-kit/commit/07f5b00f3045a3e30462a1150e6ba85fcecc9098) Thanks [@emmenko](https://github.com/emmenko)! - Following breaking changes were introduced:
-
-  - In `mc-scripts`, the `build` command additionally compiles the `index.html` by default.
-  - Running the `compile-html` command by default should not be necessary anymore. However, you can pass `--build-only` to the `build` command to opt-out of the compilation step, in case you want to run it separately, for example to use the `--transformer`.
-  - Running the `compile-html` command by default does not print to `stdout` the JSON string with the security headers. You can opt into the old behavior by passing the `--print-security-headers` option.
-  - The `--inline-csp` of `compile-html` has been dropped, as it's now the built-in behavior.
-  - The `dist` folder created by the `build` command has been removed. Instead, the `build` command writes the production bundles directly into the `public` folder.
-
-  For more information see [Release notes v21](https://docs.commercetools.com/custom-applications/releases/2022-01-31-custom-applications-v21).
-
-## 20.10.6
-
-### Patch Changes
-
-- [#2386](https://github.com/commercetools/merchant-center-application-kit/pull/2386) [`d7fcf6fc`](https://github.com/commercetools/merchant-center-application-kit/commit/d7fcf6fc8495d4eae68e0a4f4c1f1b3e0e394454) Thanks [@emmenko](https://github.com/emmenko)! - Upgrade to Yarn v3
-
-## 20.10.3
-
-### Patch Changes
-
-- [#2376](https://github.com/commercetools/merchant-center-application-kit/pull/2376) [`9d879503`](https://github.com/commercetools/merchant-center-application-kit/commit/9d879503f7af467729291d66a35625b6e7cbb385) Thanks [@emmenko](https://github.com/emmenko)! - > For commercetools only.
-
-  Allow to use OIDC login when developing against a local running MC API.
-
-## 20.10.1
-
-### Patch Changes
-
-- [#2356](https://github.com/commercetools/merchant-center-application-kit/pull/2356) [`e34fe076`](https://github.com/commercetools/merchant-center-application-kit/commit/e34fe076aab6681cdcc54622d84123f2c22020e6) Thanks [@ByronDWall](https://github.com/ByronDWall)! - set node version to 16.8 in nvmrc to avoid a bug in node/v8
-
-## 19.0.0
-
-### Major Changes
-
-- [#2041](https://github.com/commercetools/merchant-center-application-kit/pull/2041) [`a240f657`](https://github.com/commercetools/merchant-center-application-kit/commit/a240f6574a9240a2ac82febb67b0f6c814db979f) Thanks [@emmenko](https://github.com/emmenko)! - - Changes required Node.js engine version to `>=12 || >=14` in `package.json`.
-
-* [#2041](https://github.com/commercetools/merchant-center-application-kit/pull/2041) [`a240f657`](https://github.com/commercetools/merchant-center-application-kit/commit/a240f6574a9240a2ac82febb67b0f6c814db979f) Thanks [@emmenko](https://github.com/emmenko)! - Upgrade and migrate packages to use `ui-kit@v12`
-
-## 18.5.4
-
-### Patch Changes
-
-- [`d44f5b69`](https://github.com/commercetools/merchant-center-application-kit/commit/d44f5b6916c3897ce198eb06757d29d40535b8d4) [#2076](https://github.com/commercetools/merchant-center-application-kit/pull/2076) Thanks [@tdeekens](https://github.com/tdeekens)! - refactor: to remove lerna and only use many-pkg
-
-## 18.5.2
-
-### Patch Changes
-
-- [`7f26c54e`](https://github.com/commercetools/merchant-center-application-kit/commit/7f26c54e55eff8aeac786ec0d011d36e40b0d263) [#2066](https://github.com/commercetools/merchant-center-application-kit/pull/2066) Thanks [@renovate](https://github.com/apps/renovate)! - fix(deps): update all dependencies
-
-## 18.1.0
-
-### Patch Changes
-
-- [`3bf32993`](https://github.com/commercetools/merchant-center-application-kit/commit/3bf329935a109a73a7c33580fdf618e60fdbcc2c) [#1971](https://github.com/commercetools/merchant-center-application-kit/pull/1971) Thanks [@tdeekens](https://github.com/tdeekens)! - Add internal opt-in support for combining feature flag adapters.
-
-## 17.3.0
-
-### Patch Changes
-
-- [`71c9111`](https://github.com/commercetools/merchant-center-application-kit/commit/71c9111308832009d1a27e91e4f2d2da4c53367c) [#1866](https://github.com/commercetools/merchant-center-application-kit/pull/1866) Thanks [@emmenko](https://github.com/emmenko)! - Update to uikit v10.39.8
-
-## 17.2.0
-
-### Patch Changes
-
-- [`e0ec004`](https://github.com/commercetools/merchant-center-application-kit/commit/e0ec004d611f93b24f015120d09f6f18389b219f) [#1854](https://github.com/commercetools/merchant-center-application-kit/pull/1854) Thanks [@emmenko](https://github.com/emmenko)! - chore: update deps
-
-## 17.0.0
-
-### Major Changes
-
-- [`e706232`](https://github.com/commercetools/merchant-center-application-kit/commit/e706232c152f3fed9cf44c10a0c4f25b27448a16) [#1805](https://github.com/commercetools/merchant-center-application-kit/pull/1805) Thanks [@emmenko](https://github.com/emmenko)! - Remove `mc-scripts extract-intl` command in favor of the official `@formatjs/cli` package.
-  We recommend to update your script to extract Intl messages to use the `formatjs extract` command.
-
-  See full release notes: https://docs.commercetools.com/custom-applications/releases/2020-10-14-custom-applications-v17
-
-* [`633d8c7`](https://github.com/commercetools/merchant-center-application-kit/commit/633d8c7b8ddc2f25128d8249579b7bb287a62e30) [#1805](https://github.com/commercetools/merchant-center-application-kit/pull/1805) Thanks [@emmenko](https://github.com/emmenko)! - Remove the CLI flag `--use-local-assets`. The default behavior of `mc-scripts compile-html` now is to compile the assets locally, which is the only reasonable thing to do.
-
-  Furthermore, the `@commercetools-frontend/mc-http-server` package has been deprecated and won't be published anymore.
-  With the `compile-html` command there is no need to have a pre-configured HTTP server anymore.
-
-  When running the `mc-scripts compile-html` command, the `index.html` is compiled for production usage and it lives in the `public` folder, together with the other static assets. This is all you need to deploy your application.
-  You can decide to [deploy the Custom Application statically to one of the popular cloud providers](https://docs.commercetools.com/custom-applications/deployment/compiling-a-custom-application#deployment), or serve the files on your own using a static server.
-
-  For example, to run locally the Custom Application using the production bundles:
-
-  ```console
-  NODE_ENV=production MC_APP_ENV=development dotenv -- \
-    mc-scripts compile-html \
-    --transformer @commercetools-frontend/mc-dev-authentication/transformer-local.js
-
-  mc-scripts serve
-  ```
-
-## 16.15.2
-
-### Patch Changes
-
-- [`77eb38a`](https://github.com/commercetools/merchant-center-application-kit/commit/77eb38ace68e7f519dea9deda487ed4c612091a5) [#1641](https://github.com/commercetools/merchant-center-application-kit/pull/1641) Thanks [@emmenko](https://github.com/emmenko)! - Unify login/logout dev routes for http servers
-
-## 16.9.1
-
-### Patch Changes
-
-- [`f92ec54`](https://github.com/commercetools/merchant-center-application-kit/commit/f92ec54e78edb668e8dff53342e8542e96d8c319) [#1551](https://github.com/commercetools/merchant-center-application-kit/pull/1551) Thanks [@renovate](https://github.com/apps/renovate)! - chore(deps): update all dependencies
-
-## 16.8.8
-
-### Patch Changes
-
-- [`8600676`](https://github.com/commercetools/merchant-center-application-kit/commit/86006764f9fb75d82ffb01bcc7f14c912c61b698) [#1539](https://github.com/commercetools/merchant-center-application-kit/pull/1539) Thanks [@renovate](https://github.com/apps/renovate)! - fix(deps): update dependency pug to v3
-
-## 16.8.6
-
-### Patch Changes
-
-- [`9391762`](https://github.com/commercetools/merchant-center-application-kit/commit/939176298df3558970a267b6e6478051a355ffae) [#1530](https://github.com/commercetools/merchant-center-application-kit/pull/1530) Thanks [@emmenko](https://github.com/emmenko)! - Update `@commercetools-uikit/*` packages to `10.21.0`
-
-## 16.8.1
-
-### Patch Changes
-
-- [`4c15deb`](https://github.com/commercetools/merchant-center-application-kit/commit/4c15deb750a652291bd0eeb30866198c7ab040ec) [#1487](https://github.com/commercetools/merchant-center-application-kit/pull/1487) Thanks [@tdeekens](https://github.com/tdeekens)! - Fix link to `/login` to preserve url query parameters such as `redirectTo`.

package/config/index.js

@@ -1,3 +0,0 @@
-module.exports = {
-  viewEngine: 'pug',
-};

package/index.js

@@ -1,13 +0,0 @@
-const path = require('path');
-const middlewares = require('./middlewares');
-const routes = require('./routes');
-const config = require('./config');
-
-const views = path.join(__dirname, 'views');
-
-module.exports = {
-  config,
-  middlewares,
-  routes,
-  views,
-};

package/middlewares/create-login-middleware.js

@@ -1,12 +0,0 @@
-const createLoginMiddleware = (env) => (request, response, next) => {
-  if (
-    String(env.disableAuthRoutesOfDevServer) === 'true' ||
-    env.servedByProxy
-  ) {
-    next();
-  } else {
-    response.render('login', { env });
-  }
-};
-
-module.exports = createLoginMiddleware;

package/middlewares/create-logout-middleware.js

@@ -1,16 +0,0 @@
-const { logout } = require('../routes');
-
-const createLogoutMiddleware = (env) => (request, response, next) => {
-  logout(response);
-
-  if (
-    String(env.disableAuthRoutesOfDevServer) === 'true' ||
-    env.servedByProxy
-  ) {
-    next();
-  } else {
-    response.render('logout', { env });
-  }
-};
-
-module.exports = createLogoutMiddleware;

package/middlewares/index.js

@@ -1,7 +0,0 @@
-const createLoginMiddleware = require('./create-login-middleware');
-const createLogoutMiddleware = require('./create-logout-middleware');
-
-module.exports = {
-  createLoginMiddleware,
-  createLogoutMiddleware,
-};

package/routes/index.js

@@ -1,5 +0,0 @@
-const logout = require('./logout');
-
-module.exports = {
-  logout,
-};

package/routes/logout.js

@@ -1,16 +0,0 @@
-module.exports = (response, additionalCookieParameters = []) => {
-  // NOTE: removing the cookie only works if your are running the MC API
-  // locally, otherwise the cookie won't get removed as it's set to a
-  // proper domain (e.g. commercetools.com), which we can't unset from localhost.
-  response.setHeader(
-    'Set-Cookie',
-    [
-      `mcAccessToken=''`, // <-- unset the value
-      'Path=/',
-      `Expires=${new Date(0).toUTCString()}`, // <-- put a date in the past
-      'HttpOnly',
-    ]
-      .concat(additionalCookieParameters)
-      .join('; ')
-  );
-};

package/views/login.css

@@ -1,78 +0,0 @@
-html,
-body {
-  font: 1em sans-serif;
-  padding: 0;
-  margin: 0;
-  height: 100vh;
-  width: 100vw;
-}
-
-body {
-  display: flex;
-  flex-direction: column;
-  justify-content: flex-start;
-  align-items: center;
-  margin-top: 32px;
-}
-
-body > * + * {
-  margin-top: 32px;
-}
-
-.title {
-  width: 355px;
-}
-
-form {
-  display: flex;
-  flex-direction: column;
-  width: 355px;
-}
-
-form > * + * {
-  margin: 16px 0 0;
-}
-
-.field {
-  border: 0;
-}
-
-.field > * + * {
-  margin: 8px 0 0;
-}
-
-label {
-  display: block;
-}
-
-input {
-  width: 100%;
-  height: 24px;
-  outline: none;
-}
-
-input:focus {
-  border: 1px solid cornflowerblue;
-}
-
-input:focus:invalid {
-  border-color: red;
-}
-
-abbr {
-  text-decoration: none;
-  color: orangered;
-}
-
-#errors > div {
-  background-color: red;
-  color: #eee;
-  padding: 8px;
-  border-radius: 4px;
-}
-
-.info {
-  background-color: #b5e1fd;
-  padding: 8px;
-  border-radius: 4px;
-}

package/views/login.js

@@ -1,91 +0,0 @@
-/* eslint-disable no-var,vars-on-top */
-/**
- * NOTE:
- *   This code is only used in development mode.
- *   It authenticates a developer using the same mechanisms
- *   as when not running in development. However,
- *   this runs on the same domain as the developer.
- */
-window.addEventListener('load', function loaded() {
-  var form = document.getElementById('login');
-  form.addEventListener('submit', function onSubmit(event) {
-    event.preventDefault();
-    authorize();
-  });
-
-  function authorize() {
-    var data = new FormData(form);
-    var payload = {
-      email: data.get('email'),
-      password: data.get('password'),
-    };
-
-    var queryParams = new URLSearchParams(window.location.search);
-    if (queryParams.has('response_type')) {
-      // OIDC params
-      payload.client_id = queryParams.get('client_id');
-      payload.response_type = queryParams.get('response_type');
-      payload.scope = queryParams.get('scope');
-      payload.state = queryParams.get('state');
-      payload.nonce = queryParams.get('nonce');
-    }
-
-    var container = document.getElementById('errors');
-    // Clean up error message elements
-    while (container.firstChild) {
-      container.removeChild(container.firstChild);
-    }
-
-    const url = data.get('url');
-
-    window
-      .fetch(url, {
-        method: 'POST',
-        headers: {
-          Accept: 'application/json',
-          'Content-Type': 'application/json',
-        },
-        credentials: 'include',
-        body: JSON.stringify(payload),
-      })
-      .then(function handleResponse(response) {
-        if (response.ok) {
-          return response.json().then(function onSuccess(result) {
-            // Handle OIDC redirect.
-            if (queryParams.has('response_type')) {
-              window.location.replace(result.redirectTo);
-            } else {
-              window.localStorage.setItem('isAuthenticated', true);
-              var searchParams = new URLSearchParams(window.location.search);
-              var redirectTo = searchParams.get('redirectTo') || '/';
-              window.location.replace(redirectTo);
-            }
-          });
-        }
-        return response.text().then(function onError(responseText) {
-          var message;
-          try {
-            var parsedResponse = JSON.parse(responseText);
-            message = parsedResponse.message;
-          } catch (e) {
-            console.warn(
-              `Failed to parse error response for ${url}:`,
-              responseText
-            );
-
-            message = responseText;
-          }
-          var errorMessage = document.createTextNode(message);
-          var errorContainer = document.createElement('div');
-          errorContainer.appendChild(errorMessage);
-          container.appendChild(errorContainer, container);
-        });
-      })
-      .catch(function onNetworkError(error) {
-        var errorMessage = document.createTextNode(error.message);
-        var errorContainer = document.createElement('div');
-        errorContainer.appendChild(errorMessage);
-        container.appendChild(errorContainer, container);
-      });
-  }
-});

package/views/login.pug

@@ -1,51 +0,0 @@
-html
-  head
-    title Login (development only)
-    style
-      include login.css
-  body
-    div(class="title")
-      h3 Welcome to the Merchant Center authorization page for local development
-      small This page is only available in development mode and is necessary to authenticate yourself. In production environment, we use our own authentication service.
-    form(id="login")
-      div(id="errors")
-      div(class="field")
-        label(for="email") Email
-          abbr(title="This field is mandatory") *
-        input(
-          id="email"
-          name="email"
-          type="text"
-          required
-        )
-      div(class="field")
-        label(for="password") Password
-          abbr(title="This field is mandatory") *
-        input(
-          id="password"
-          name="password"
-          type="password"
-          required
-        )
-      input(
-        id="url"
-        name="url"
-        value=env.mcApiUrl.replace(/\/$/, '') + "/tokens"
-        style="display: none;"
-      )
-      div
-        button(
-          type="submit"
-          aria-label="Sign in"
-        ) ➡ Sign in 🚀
-
-      div(class="info")
-        small
-          | Note that Single Sign On is not supported at the moment for the development login page.
-          | If you are interested in this functionality, let us know and open a
-          |
-          a(href="https://github.com/commercetools/merchant-center-application-kit/issues/new/choose" target="_blank" rel="noopener noreferrer") support issue
-          | .
-
-    script
-      include login.js

package/views/logout.js

@@ -1,3 +0,0 @@
-window.localStorage.removeItem('isAuthenticated');
-window.localStorage.removeItem('loginStrategy');
-window.localStorage.removeItem('activeProjectKey');

package/views/logout.pug

@@ -1,10 +0,0 @@
-html
-  head
-    title Logout (development only)
-    script
-      include logout.js
-  body
-    div
-      h3 This is the logout page for local development.
-      p Be aware that you might still have an active session as the cookie is assigned to a production domain (e.g. commercetools.com) which we can't unset from localhost. This is only a problem on local development and we intend fix this in the future.
-      p You can #[a(href="#" onclick="window.location='/login'+window.location.search;") go to the login page] now.