@mondaydotcomorg/monday-authorization 3.5.0-upgrade-observability-kit-2ebbd01 → 3.5.1-fix-authorize-profile-picker-b5f77b0

package/dist/authorization-service.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"authorization-service.d.ts","sourceRoot":"","sources":["../src/authorization-service.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,kBAAkB,EAAE,MAAM,+BAA+B,CAAC;AAGnE,OAAO,EAAmB,YAAY,EAAE,MAAM,6BAA6B,CAAC;AAC5E,OAAO,EAAE,MAAM,EAAE,mBAAmB,EAAE,mBAAmB,EAAE,QAAQ,EAAE,MAAM,iBAAiB,CAAC;AAG7F,OAAO,EACL,YAAY,EACZ,kBAAkB,EAClB,0BAA0B,EAC1B,YAAY,EACb,MAAM,kCAAkC,CAAC;AAe1C,MAAM,WAAW,iBAAiB;IAChC,YAAY,EAAE,OAAO,CAAC;IACtB,eAAe,CAAC,EAAE,MAAM,EAAE,CAAC;IAC3B,mBAAmB,CAAC,EAAE,mBAAmB,EAAE,CAAC;CAC7C;AAED,wBAAgB,sBAAsB,CAAC,wBAAwB,EAAE,kBAAkB,QAElF;AAMD,qBAAa,oBAAoB;IAC/B,OAAO,CAAC,MAAM,KAAK,QAAQ,GAK1B;IACD,OAAO,CAAC,MAAM,CAAC,SAAS,CAAC,CAAW;IAEpC,OAAO,CAAC,MAAM,KAAK,WAAW,GAK7B;IACD,OAAO,CAAC,MAAM,CAAC,YAAY,CAAC,CAAc;IAE1C,MAAM,CAAC,eAAe,IAAI,IAAI;IAK9B,MAAM,CAAC,WAAW,CAAC,MAAC;IACpB,MAAM,CAAC,sCAAsC,CAAC,EAAE,MAAM,CAAC;IACvD,MAAM,CAAC,YAAY,CAAC,EAAE,YAAY,CAAC;IAEnC;;;OAGG;WACU,YAAY,CACvB,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,SAAS,EAAE,QAAQ,EAAE,EACrB,MAAM,EAAE,MAAM,GACb,OAAO,CAAC,iBAAiB,CAAC;WAEhB,YAAY,CACvB,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,2BAA2B,EAAE,mBAAmB,EAAE,GACjD,OAAO,CAAC,iBAAiB,CAAC;IAY7B;;;OAGG;WACU,wBAAwB,CACnC,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,WAAW,EAAE,MAAM,EACnB,OAAO,GAAE;QAAE,eAAe,CAAC,EAAE,OAAO,CAAA;KAAO,GAC1C,OAAO,CAAC,OAAO,CAAC;mBAkBE,6BAA6B;IAclD,OAAO,CAAC,MAAM,CAAC,gBAAgB;WAIlB,gBAAgB,CAC3B,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,MAAM,EAAE,MAAM,EACd,KAAK,EAAE,YAAY,GAClB,OAAO,CAAC,kBAAkB,CAAC;IAM9B,OAAO,CAAC,MAAM,CAAC,UAAU;WAsBZ,wBAAwB,CACnC,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,aAAa,EAAE,YAAY,EAAE,GAC5B,OAAO,CAAC,0BAA0B,EAAE,CAAC;mBA4CnB,oBAAoB;mBAUpB,oBAAoB;CAmF1C;AAED,wBAAgB,cAAc,CAC5B,MAAM,KAAA,EACN,sCAAsC,GAAE,MAAiD,QAY1F;AAED,wBAAsB,eAAe,kBAMpC;AAED,wBAAgB,yBAAyB,CAAC,SAAS,EAAE,QAAQ,EAAE,EAAE,MAAM,EAAE,MAAM,GAAG,mBAAmB,CAepG"}
+{"version":3,"file":"authorization-service.d.ts","sourceRoot":"","sources":["../src/authorization-service.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,kBAAkB,EAAE,MAAM,+BAA+B,CAAC;AAGnE,OAAO,EAAmB,YAAY,EAAE,MAAM,6BAA6B,CAAC;AAC5E,OAAO,EAAE,MAAM,EAAE,mBAAmB,EAAE,mBAAmB,EAAE,QAAQ,EAAE,MAAM,iBAAiB,CAAC;AAG7F,OAAO,EACL,YAAY,EACZ,kBAAkB,EAClB,0BAA0B,EAC1B,YAAY,EACb,MAAM,kCAAkC,CAAC;AAe1C,MAAM,WAAW,iBAAiB;IAChC,YAAY,EAAE,OAAO,CAAC;IACtB,eAAe,CAAC,EAAE,MAAM,EAAE,CAAC;IAC3B,mBAAmB,CAAC,EAAE,mBAAmB,EAAE,CAAC;CAC7C;AAED,wBAAgB,sBAAsB,CAAC,wBAAwB,EAAE,kBAAkB,QAElF;AAMD,qBAAa,oBAAoB;IAC/B,OAAO,CAAC,MAAM,KAAK,QAAQ,GAK1B;IACD,OAAO,CAAC,MAAM,CAAC,SAAS,CAAC,CAAW;IAEpC,OAAO,CAAC,MAAM,KAAK,WAAW,GAK7B;IACD,OAAO,CAAC,MAAM,CAAC,YAAY,CAAC,CAAc;IAE1C,MAAM,CAAC,eAAe,IAAI,IAAI;IAK9B,MAAM,CAAC,WAAW,CAAC,MAAC;IACpB,MAAM,CAAC,sCAAsC,CAAC,EAAE,MAAM,CAAC;IACvD,MAAM,CAAC,YAAY,CAAC,EAAE,YAAY,CAAC;IAEnC;;;OAGG;WACU,YAAY,CACvB,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,SAAS,EAAE,QAAQ,EAAE,EACrB,MAAM,EAAE,MAAM,GACb,OAAO,CAAC,iBAAiB,CAAC;WAEhB,YAAY,CACvB,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,2BAA2B,EAAE,mBAAmB,EAAE,GACjD,OAAO,CAAC,iBAAiB,CAAC;IAY7B;;;OAGG;WACU,wBAAwB,CACnC,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,WAAW,EAAE,MAAM,EACnB,OAAO,GAAE;QAAE,eAAe,CAAC,EAAE,OAAO,CAAA;KAAO,GAC1C,OAAO,CAAC,OAAO,CAAC;mBAkBE,6BAA6B;IAclD,OAAO,CAAC,MAAM,CAAC,gBAAgB;WAIlB,gBAAgB,CAC3B,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,MAAM,EAAE,MAAM,EACd,KAAK,EAAE,YAAY,GAClB,OAAO,CAAC,kBAAkB,CAAC;IAM9B,OAAO,CAAC,MAAM,CAAC,UAAU;WA+DZ,wBAAwB,CACnC,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,aAAa,EAAE,YAAY,EAAE,GAC5B,OAAO,CAAC,0BAA0B,EAAE,CAAC;mBA+DnB,oBAAoB;mBAUpB,oBAAoB;CAmF1C;AAED,wBAAgB,cAAc,CAC5B,MAAM,KAAA,EACN,sCAAsC,GAAE,MAAiD,QAY1F;AAED,wBAAsB,eAAe,kBAMpC;AAED,wBAAgB,yBAAyB,CAAC,SAAS,EAAE,QAAQ,EAAE,EAAE,MAAM,EAAE,MAAM,GAAG,mBAAmB,CAepG"}

package/dist/authorization-service.js

@@ -96,15 +96,33 @@ class AuthorizationService {
             authorizationInternalService.logger.error({ tag: 'authorization-service' }, 'AuthorizationService: igniteClient is not set, failing request');
             throw new Error('AuthorizationService: igniteClient is not set, failing request');
         }
-        if (this.igniteClient.configuration.getObjectValue(ALLOWED_SDK_PLATFORM_PROFILES_KEY, []).includes(appName)) {
-            return attributionsService.getProfile();
+        const allowedProfiles = this.igniteClient.configuration.getObjectValue(ALLOWED_SDK_PLATFORM_PROFILES_KEY, []);
+        const isAllowedProfile = allowedProfiles.includes(appName);
+        authorizationInternalService.logger.debug({ tag: 'auth-debug', accountId, userId, appName, allowedProfiles, isAllowedProfile }, 'AuthorizationService.getProfile: checking allowed profiles');
+        if (isAllowedProfile) {
+            const profile = attributionsService.getProfile();
+            authorizationInternalService.logger.debug({ tag: 'auth-debug', accountId, userId, appName, profile }, 'AuthorizationService.getProfile: selected profile via allowed profiles');
+            return profile;
         }
-        if (this.igniteClient.configuration
-            .getObjectValue(IN_RELEASE_SDK_PLATFORM_PROFILES_KEY, [])
-            .includes(appName) &&
-            this.igniteClient.isReleased(PLATFORM_PROFILE_RELEASE_FF, { accountId, userId })) {
-            return attributionsService.getProfile();
+        const inReleaseProfiles = this.igniteClient.configuration.getObjectValue(IN_RELEASE_SDK_PLATFORM_PROFILES_KEY, []);
+        const isInReleaseProfile = inReleaseProfiles.includes(appName);
+        const isFeatureFlagReleased = this.igniteClient.isReleased(PLATFORM_PROFILE_RELEASE_FF, { accountId, userId });
+        authorizationInternalService.logger.debug({
+            tag: 'auth-debug',
+            accountId,
+            userId,
+            appName,
+            inReleaseProfiles,
+            isInReleaseProfile,
+            isFeatureFlagReleased,
+            featureFlag: PLATFORM_PROFILE_RELEASE_FF,
+        }, 'AuthorizationService.getProfile: checking feature flag release');
+        if (isInReleaseProfile && isFeatureFlagReleased) {
+            const profile = attributionsService.getProfile();
+            authorizationInternalService.logger.debug({ tag: 'auth-debug', accountId, userId, appName, profile }, 'AuthorizationService.getProfile: selected profile via feature flag release');
+            return profile;
         }
+        authorizationInternalService.logger.debug({ tag: 'auth-debug', accountId, userId, appName, profile: attributionsService.PlatformProfile.APP }, 'AuthorizationService.getProfile: selected default APP profile');
         return attributionsService.PlatformProfile.APP;
     }
     static async canActionInScopeMultiple(accountId, userId, scopedActions) {
@@ -112,15 +130,24 @@ class AuthorizationService {
             return [];
         }
         const shouldNavigateToGraph = Boolean(this.igniteClient?.isReleased(NAVIGATE_CAN_ACTION_IN_SCOPE_TO_GRAPH_FF, { accountId, userId }));
+        authorizationInternalService.logger.debug({
+            tag: 'auth-debug',
+            accountId,
+            userId,
+            shouldNavigateToGraph,
+            featureFlag: NAVIGATE_CAN_ACTION_IN_SCOPE_TO_GRAPH_FF,
+        }, 'AuthorizationService.canActionInScopeMultiple: determining which API flow to use');
         const startTime = perf_hooks.performance.now();
         let scopedActionResponseObjects;
         let apiType;
         if (shouldNavigateToGraph) {
             apiType = 'graph';
+            authorizationInternalService.logger.debug({ tag: 'auth-debug', accountId, userId, apiType }, 'AuthorizationService.canActionInScopeMultiple: using graph API flow');
             scopedActionResponseObjects = await this.graphApi.checkPermissions(accountId, userId, scopedActions);
         }
         else {
             apiType = 'platform';
+            authorizationInternalService.logger.debug({ tag: 'auth-debug', accountId, userId, apiType }, 'AuthorizationService.canActionInScopeMultiple: using platform API flow');
             const profile = this.getProfile(accountId, userId);
             const internalAuthToken = authorizationInternalService.AuthorizationInternalService.generateInternalAuthToken(accountId, userId);
             scopedActionResponseObjects = await this.platformApi.checkPermissions(profile, internalAuthToken, userId, scopedActions);

package/dist/clients/graph-api.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"graph-api.d.ts","sourceRoot":"","sources":["../../src/clients/graph-api.ts"],"names":[],"mappings":"AAEA,OAAO,EACL,YAAY,EACZ,0BAA0B,EAG3B,MAAM,mCAAmC,CAAC;AAG3C,OAAO,EAEL,sBAAsB,EAMvB,MAAM,0BAA0B,CAAC;AAQlC;;GAEG;AACH,qBAAa,QAAQ;IACnB,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAa;IACxC,OAAO,CAAC,QAAQ,CAAC,eAAe,CAAS;;IAezC;;OAEG;IACH,OAAO,CAAC,MAAM,CAAC,gBAAgB;IAyB/B;;OAEG;IACG,gBAAgB,CAAC,SAAS,EAAE,MAAM,EAAE,aAAa,EAAE,YAAY,EAAE,GAAG,OAAO,CAAC,sBAAsB,CAAC;IAgCzG;;OAEG;IACH,OAAO,CAAC,MAAM,CAAC,WAAW;IAiC1B;;OAEG;IACG,gBAAgB,CACpB,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,aAAa,EAAE,YAAY,EAAE,GAC5B,OAAO,CAAC,0BAA0B,EAAE,CAAC;IAMxC,OAAO,CAAC,MAAM,CAAC,iBAAiB;CAWjC"}
+{"version":3,"file":"graph-api.d.ts","sourceRoot":"","sources":["../../src/clients/graph-api.ts"],"names":[],"mappings":"AAEA,OAAO,EACL,YAAY,EACZ,0BAA0B,EAG3B,MAAM,mCAAmC,CAAC;AAG3C,OAAO,EAEL,sBAAsB,EAMvB,MAAM,0BAA0B,CAAC;AAQlC;;GAEG;AACH,qBAAa,QAAQ;IACnB,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAa;IACxC,OAAO,CAAC,QAAQ,CAAC,eAAe,CAAS;;IAezC;;OAEG;IACH,OAAO,CAAC,MAAM,CAAC,gBAAgB;IAyB/B;;OAEG;IACG,gBAAgB,CAAC,SAAS,EAAE,MAAM,EAAE,aAAa,EAAE,YAAY,EAAE,GAAG,OAAO,CAAC,sBAAsB,CAAC;IAiCzG;;OAEG;IACH,OAAO,CAAC,MAAM,CAAC,WAAW;IAiC1B;;OAEG;IACG,gBAAgB,CACpB,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,aAAa,EAAE,YAAY,EAAE,GAC5B,OAAO,CAAC,0BAA0B,EAAE,CAAC;IAMxC,OAAO,CAAC,MAAM,CAAC,iBAAiB;CAWjC"}

package/dist/clients/graph-api.js

@@ -65,6 +65,7 @@ class GraphApi {
                 url: {
                     appName: constants.GRAPH_APP_NAME,
                     path: CAN_ACTION_IN_SCOPE_GRAPH_PATH,
+                    profile: constants.GraphApiProfile.PERMISSION,
                 },
                 method: 'POST',
                 headers: {

package/dist/constants.d.ts

@@ -2,6 +2,9 @@ import { RecursivePartial } from '@mondaydotcomorg/monday-fetch-api';
 import { FetcherConfig } from '@mondaydotcomorg/trident-backend-api';
 export declare const APP_NAME = "authorization";
 export declare const GRAPH_APP_NAME = "authorization-graph";
+export declare enum GraphApiProfile {
+    PERMISSION = "authorization-graph-permission"
+}
 export declare const ERROR_MESSAGES: {
     readonly HTTP_CLIENT_NOT_INITIALIZED: "MondayAuthorization: HTTP client is not initialized";
     readonly REQUEST_FAILED: (method: string, status: number, reason: string) => string;

package/dist/constants.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"constants.d.ts","sourceRoot":"","sources":["../src/constants.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,gBAAgB,EAAE,MAAM,mCAAmC,CAAC;AACrE,OAAO,EAAE,aAAa,EAAE,MAAM,sCAAsC,CAAC;AAErE,eAAO,MAAM,QAAQ,kBAAkB,CAAC;AACxC,eAAO,MAAM,cAAc,wBAAwB,CAAC;AAEpD,eAAO,MAAM,cAAc;;sCAEA,MAAM,UAAU,MAAM,UAAU,MAAM;CAEvD,CAAC;AAEX,eAAO,MAAM,qBAAqB,EAAE,gBAAgB,CAAC,aAAa,CAUjE,CAAC"}
+{"version":3,"file":"constants.d.ts","sourceRoot":"","sources":["../src/constants.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,gBAAgB,EAAE,MAAM,mCAAmC,CAAC;AACrE,OAAO,EAAE,aAAa,EAAE,MAAM,sCAAsC,CAAC;AAErE,eAAO,MAAM,QAAQ,kBAAkB,CAAC;AACxC,eAAO,MAAM,cAAc,wBAAwB,CAAC;AAEpD,oBAAY,eAAe;IACzB,UAAU,mCAAmC;CAC9C;AAED,eAAO,MAAM,cAAc;;sCAEA,MAAM,UAAU,MAAM,UAAU,MAAM;CAEvD,CAAC;AAEX,eAAO,MAAM,qBAAqB,EAAE,gBAAgB,CAAC,aAAa,CAUjE,CAAC"}

package/dist/constants.js

@@ -2,6 +2,10 @@ Object.defineProperty(exports, Symbol.toStringTag, { value: 'Module' });
 
 const APP_NAME = 'authorization';
 const GRAPH_APP_NAME = 'authorization-graph';
+exports.GraphApiProfile = void 0;
+(function (GraphApiProfile) {
+    GraphApiProfile["PERMISSION"] = "authorization-graph-permission";
+})(exports.GraphApiProfile || (exports.GraphApiProfile = {}));
 const ERROR_MESSAGES = {
     HTTP_CLIENT_NOT_INITIALIZED: 'MondayAuthorization: HTTP client is not initialized',
     REQUEST_FAILED: (method, status, reason) => `MondayAuthorization: [${method}] request failed with status ${status} with reason: ${reason}`,

package/dist/esm/authorization-service.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"authorization-service.d.ts","sourceRoot":"","sources":["../../src/authorization-service.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,kBAAkB,EAAE,MAAM,+BAA+B,CAAC;AAGnE,OAAO,EAAmB,YAAY,EAAE,MAAM,6BAA6B,CAAC;AAC5E,OAAO,EAAE,MAAM,EAAE,mBAAmB,EAAE,mBAAmB,EAAE,QAAQ,EAAE,MAAM,iBAAiB,CAAC;AAG7F,OAAO,EACL,YAAY,EACZ,kBAAkB,EAClB,0BAA0B,EAC1B,YAAY,EACb,MAAM,kCAAkC,CAAC;AAe1C,MAAM,WAAW,iBAAiB;IAChC,YAAY,EAAE,OAAO,CAAC;IACtB,eAAe,CAAC,EAAE,MAAM,EAAE,CAAC;IAC3B,mBAAmB,CAAC,EAAE,mBAAmB,EAAE,CAAC;CAC7C;AAED,wBAAgB,sBAAsB,CAAC,wBAAwB,EAAE,kBAAkB,QAElF;AAMD,qBAAa,oBAAoB;IAC/B,OAAO,CAAC,MAAM,KAAK,QAAQ,GAK1B;IACD,OAAO,CAAC,MAAM,CAAC,SAAS,CAAC,CAAW;IAEpC,OAAO,CAAC,MAAM,KAAK,WAAW,GAK7B;IACD,OAAO,CAAC,MAAM,CAAC,YAAY,CAAC,CAAc;IAE1C,MAAM,CAAC,eAAe,IAAI,IAAI;IAK9B,MAAM,CAAC,WAAW,CAAC,MAAC;IACpB,MAAM,CAAC,sCAAsC,CAAC,EAAE,MAAM,CAAC;IACvD,MAAM,CAAC,YAAY,CAAC,EAAE,YAAY,CAAC;IAEnC;;;OAGG;WACU,YAAY,CACvB,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,SAAS,EAAE,QAAQ,EAAE,EACrB,MAAM,EAAE,MAAM,GACb,OAAO,CAAC,iBAAiB,CAAC;WAEhB,YAAY,CACvB,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,2BAA2B,EAAE,mBAAmB,EAAE,GACjD,OAAO,CAAC,iBAAiB,CAAC;IAY7B;;;OAGG;WACU,wBAAwB,CACnC,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,WAAW,EAAE,MAAM,EACnB,OAAO,GAAE;QAAE,eAAe,CAAC,EAAE,OAAO,CAAA;KAAO,GAC1C,OAAO,CAAC,OAAO,CAAC;mBAkBE,6BAA6B;IAclD,OAAO,CAAC,MAAM,CAAC,gBAAgB;WAIlB,gBAAgB,CAC3B,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,MAAM,EAAE,MAAM,EACd,KAAK,EAAE,YAAY,GAClB,OAAO,CAAC,kBAAkB,CAAC;IAM9B,OAAO,CAAC,MAAM,CAAC,UAAU;WAsBZ,wBAAwB,CACnC,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,aAAa,EAAE,YAAY,EAAE,GAC5B,OAAO,CAAC,0BAA0B,EAAE,CAAC;mBA4CnB,oBAAoB;mBAUpB,oBAAoB;CAmF1C;AAED,wBAAgB,cAAc,CAC5B,MAAM,KAAA,EACN,sCAAsC,GAAE,MAAiD,QAY1F;AAED,wBAAsB,eAAe,kBAMpC;AAED,wBAAgB,yBAAyB,CAAC,SAAS,EAAE,QAAQ,EAAE,EAAE,MAAM,EAAE,MAAM,GAAG,mBAAmB,CAepG"}
+{"version":3,"file":"authorization-service.d.ts","sourceRoot":"","sources":["../../src/authorization-service.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,kBAAkB,EAAE,MAAM,+BAA+B,CAAC;AAGnE,OAAO,EAAmB,YAAY,EAAE,MAAM,6BAA6B,CAAC;AAC5E,OAAO,EAAE,MAAM,EAAE,mBAAmB,EAAE,mBAAmB,EAAE,QAAQ,EAAE,MAAM,iBAAiB,CAAC;AAG7F,OAAO,EACL,YAAY,EACZ,kBAAkB,EAClB,0BAA0B,EAC1B,YAAY,EACb,MAAM,kCAAkC,CAAC;AAe1C,MAAM,WAAW,iBAAiB;IAChC,YAAY,EAAE,OAAO,CAAC;IACtB,eAAe,CAAC,EAAE,MAAM,EAAE,CAAC;IAC3B,mBAAmB,CAAC,EAAE,mBAAmB,EAAE,CAAC;CAC7C;AAED,wBAAgB,sBAAsB,CAAC,wBAAwB,EAAE,kBAAkB,QAElF;AAMD,qBAAa,oBAAoB;IAC/B,OAAO,CAAC,MAAM,KAAK,QAAQ,GAK1B;IACD,OAAO,CAAC,MAAM,CAAC,SAAS,CAAC,CAAW;IAEpC,OAAO,CAAC,MAAM,KAAK,WAAW,GAK7B;IACD,OAAO,CAAC,MAAM,CAAC,YAAY,CAAC,CAAc;IAE1C,MAAM,CAAC,eAAe,IAAI,IAAI;IAK9B,MAAM,CAAC,WAAW,CAAC,MAAC;IACpB,MAAM,CAAC,sCAAsC,CAAC,EAAE,MAAM,CAAC;IACvD,MAAM,CAAC,YAAY,CAAC,EAAE,YAAY,CAAC;IAEnC;;;OAGG;WACU,YAAY,CACvB,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,SAAS,EAAE,QAAQ,EAAE,EACrB,MAAM,EAAE,MAAM,GACb,OAAO,CAAC,iBAAiB,CAAC;WAEhB,YAAY,CACvB,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,2BAA2B,EAAE,mBAAmB,EAAE,GACjD,OAAO,CAAC,iBAAiB,CAAC;IAY7B;;;OAGG;WACU,wBAAwB,CACnC,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,WAAW,EAAE,MAAM,EACnB,OAAO,GAAE;QAAE,eAAe,CAAC,EAAE,OAAO,CAAA;KAAO,GAC1C,OAAO,CAAC,OAAO,CAAC;mBAkBE,6BAA6B;IAclD,OAAO,CAAC,MAAM,CAAC,gBAAgB;WAIlB,gBAAgB,CAC3B,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,MAAM,EAAE,MAAM,EACd,KAAK,EAAE,YAAY,GAClB,OAAO,CAAC,kBAAkB,CAAC;IAM9B,OAAO,CAAC,MAAM,CAAC,UAAU;WA+DZ,wBAAwB,CACnC,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,aAAa,EAAE,YAAY,EAAE,GAC5B,OAAO,CAAC,0BAA0B,EAAE,CAAC;mBA+DnB,oBAAoB;mBAUpB,oBAAoB;CAmF1C;AAED,wBAAgB,cAAc,CAC5B,MAAM,KAAA,EACN,sCAAsC,GAAE,MAAiD,QAY1F;AAED,wBAAsB,eAAe,kBAMpC;AAED,wBAAgB,yBAAyB,CAAC,SAAS,EAAE,QAAQ,EAAE,EAAE,MAAM,EAAE,MAAM,GAAG,mBAAmB,CAepG"}

package/dist/esm/authorization-service.mjs

@@ -94,15 +94,33 @@ class AuthorizationService {
             logger.error({ tag: 'authorization-service' }, 'AuthorizationService: igniteClient is not set, failing request');
             throw new Error('AuthorizationService: igniteClient is not set, failing request');
         }
-        if (this.igniteClient.configuration.getObjectValue(ALLOWED_SDK_PLATFORM_PROFILES_KEY, []).includes(appName)) {
-            return getProfile();
+        const allowedProfiles = this.igniteClient.configuration.getObjectValue(ALLOWED_SDK_PLATFORM_PROFILES_KEY, []);
+        const isAllowedProfile = allowedProfiles.includes(appName);
+        logger.debug({ tag: 'auth-debug', accountId, userId, appName, allowedProfiles, isAllowedProfile }, 'AuthorizationService.getProfile: checking allowed profiles');
+        if (isAllowedProfile) {
+            const profile = getProfile();
+            logger.debug({ tag: 'auth-debug', accountId, userId, appName, profile }, 'AuthorizationService.getProfile: selected profile via allowed profiles');
+            return profile;
         }
-        if (this.igniteClient.configuration
-            .getObjectValue(IN_RELEASE_SDK_PLATFORM_PROFILES_KEY, [])
-            .includes(appName) &&
-            this.igniteClient.isReleased(PLATFORM_PROFILE_RELEASE_FF, { accountId, userId })) {
-            return getProfile();
+        const inReleaseProfiles = this.igniteClient.configuration.getObjectValue(IN_RELEASE_SDK_PLATFORM_PROFILES_KEY, []);
+        const isInReleaseProfile = inReleaseProfiles.includes(appName);
+        const isFeatureFlagReleased = this.igniteClient.isReleased(PLATFORM_PROFILE_RELEASE_FF, { accountId, userId });
+        logger.debug({
+            tag: 'auth-debug',
+            accountId,
+            userId,
+            appName,
+            inReleaseProfiles,
+            isInReleaseProfile,
+            isFeatureFlagReleased,
+            featureFlag: PLATFORM_PROFILE_RELEASE_FF,
+        }, 'AuthorizationService.getProfile: checking feature flag release');
+        if (isInReleaseProfile && isFeatureFlagReleased) {
+            const profile = getProfile();
+            logger.debug({ tag: 'auth-debug', accountId, userId, appName, profile }, 'AuthorizationService.getProfile: selected profile via feature flag release');
+            return profile;
         }
+        logger.debug({ tag: 'auth-debug', accountId, userId, appName, profile: PlatformProfile.APP }, 'AuthorizationService.getProfile: selected default APP profile');
         return PlatformProfile.APP;
     }
     static async canActionInScopeMultiple(accountId, userId, scopedActions) {
@@ -110,15 +128,24 @@ class AuthorizationService {
             return [];
         }
         const shouldNavigateToGraph = Boolean(this.igniteClient?.isReleased(NAVIGATE_CAN_ACTION_IN_SCOPE_TO_GRAPH_FF, { accountId, userId }));
+        logger.debug({
+            tag: 'auth-debug',
+            accountId,
+            userId,
+            shouldNavigateToGraph,
+            featureFlag: NAVIGATE_CAN_ACTION_IN_SCOPE_TO_GRAPH_FF,
+        }, 'AuthorizationService.canActionInScopeMultiple: determining which API flow to use');
         const startTime = performance.now();
         let scopedActionResponseObjects;
         let apiType;
         if (shouldNavigateToGraph) {
             apiType = 'graph';
+            logger.debug({ tag: 'auth-debug', accountId, userId, apiType }, 'AuthorizationService.canActionInScopeMultiple: using graph API flow');
             scopedActionResponseObjects = await this.graphApi.checkPermissions(accountId, userId, scopedActions);
         }
         else {
             apiType = 'platform';
+            logger.debug({ tag: 'auth-debug', accountId, userId, apiType }, 'AuthorizationService.canActionInScopeMultiple: using platform API flow');
             const profile = this.getProfile(accountId, userId);
             const internalAuthToken = AuthorizationInternalService.generateInternalAuthToken(accountId, userId);
             scopedActionResponseObjects = await this.platformApi.checkPermissions(profile, internalAuthToken, userId, scopedActions);

package/dist/esm/clients/graph-api.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"graph-api.d.ts","sourceRoot":"","sources":["../../../src/clients/graph-api.ts"],"names":[],"mappings":"AAEA,OAAO,EACL,YAAY,EACZ,0BAA0B,EAG3B,MAAM,mCAAmC,CAAC;AAG3C,OAAO,EAEL,sBAAsB,EAMvB,MAAM,0BAA0B,CAAC;AAQlC;;GAEG;AACH,qBAAa,QAAQ;IACnB,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAa;IACxC,OAAO,CAAC,QAAQ,CAAC,eAAe,CAAS;;IAezC;;OAEG;IACH,OAAO,CAAC,MAAM,CAAC,gBAAgB;IAyB/B;;OAEG;IACG,gBAAgB,CAAC,SAAS,EAAE,MAAM,EAAE,aAAa,EAAE,YAAY,EAAE,GAAG,OAAO,CAAC,sBAAsB,CAAC;IAgCzG;;OAEG;IACH,OAAO,CAAC,MAAM,CAAC,WAAW;IAiC1B;;OAEG;IACG,gBAAgB,CACpB,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,aAAa,EAAE,YAAY,EAAE,GAC5B,OAAO,CAAC,0BAA0B,EAAE,CAAC;IAMxC,OAAO,CAAC,MAAM,CAAC,iBAAiB;CAWjC"}
+{"version":3,"file":"graph-api.d.ts","sourceRoot":"","sources":["../../../src/clients/graph-api.ts"],"names":[],"mappings":"AAEA,OAAO,EACL,YAAY,EACZ,0BAA0B,EAG3B,MAAM,mCAAmC,CAAC;AAG3C,OAAO,EAEL,sBAAsB,EAMvB,MAAM,0BAA0B,CAAC;AAQlC;;GAEG;AACH,qBAAa,QAAQ;IACnB,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAa;IACxC,OAAO,CAAC,QAAQ,CAAC,eAAe,CAAS;;IAezC;;OAEG;IACH,OAAO,CAAC,MAAM,CAAC,gBAAgB;IAyB/B;;OAEG;IACG,gBAAgB,CAAC,SAAS,EAAE,MAAM,EAAE,aAAa,EAAE,YAAY,EAAE,GAAG,OAAO,CAAC,sBAAsB,CAAC;IAiCzG;;OAEG;IACH,OAAO,CAAC,MAAM,CAAC,WAAW;IAiC1B;;OAEG;IACG,gBAAgB,CACpB,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,aAAa,EAAE,YAAY,EAAE,GAC5B,OAAO,CAAC,0BAA0B,EAAE,CAAC;IAMxC,OAAO,CAAC,MAAM,CAAC,iBAAiB;CAWjC"}

package/dist/esm/clients/graph-api.mjs

@@ -4,7 +4,7 @@ import { PermitTechnicalReason } from '../types/scoped-actions-contracts.mjs';
 import { AuthorizationInternalService } from '../authorization-internal-service.mjs';
 import { getAttributionsFromApi } from '../attributions-service.mjs';
 import { scopeToResource } from '../utils/authorization.utils.mjs';
-import { GRAPH_APP_NAME } from '../constants.mjs';
+import { GRAPH_APP_NAME, GraphApiProfile } from '../constants.mjs';
 import { handleApiError } from '../utils/api-error-handler.mjs';
 
 const CAN_ACTION_IN_SCOPE_GRAPH_PATH = '/permissions/is-allowed';
@@ -63,6 +63,7 @@ class GraphApi {
                 url: {
                     appName: GRAPH_APP_NAME,
                     path: CAN_ACTION_IN_SCOPE_GRAPH_PATH,
+                    profile: GraphApiProfile.PERMISSION,
                 },
                 method: 'POST',
                 headers: {

package/dist/esm/constants.d.ts

@@ -2,6 +2,9 @@ import { RecursivePartial } from '@mondaydotcomorg/monday-fetch-api';
 import { FetcherConfig } from '@mondaydotcomorg/trident-backend-api';
 export declare const APP_NAME = "authorization";
 export declare const GRAPH_APP_NAME = "authorization-graph";
+export declare enum GraphApiProfile {
+    PERMISSION = "authorization-graph-permission"
+}
 export declare const ERROR_MESSAGES: {
     readonly HTTP_CLIENT_NOT_INITIALIZED: "MondayAuthorization: HTTP client is not initialized";
     readonly REQUEST_FAILED: (method: string, status: number, reason: string) => string;

package/dist/esm/constants.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"constants.d.ts","sourceRoot":"","sources":["../../src/constants.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,gBAAgB,EAAE,MAAM,mCAAmC,CAAC;AACrE,OAAO,EAAE,aAAa,EAAE,MAAM,sCAAsC,CAAC;AAErE,eAAO,MAAM,QAAQ,kBAAkB,CAAC;AACxC,eAAO,MAAM,cAAc,wBAAwB,CAAC;AAEpD,eAAO,MAAM,cAAc;;sCAEA,MAAM,UAAU,MAAM,UAAU,MAAM;CAEvD,CAAC;AAEX,eAAO,MAAM,qBAAqB,EAAE,gBAAgB,CAAC,aAAa,CAUjE,CAAC"}
+{"version":3,"file":"constants.d.ts","sourceRoot":"","sources":["../../src/constants.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,gBAAgB,EAAE,MAAM,mCAAmC,CAAC;AACrE,OAAO,EAAE,aAAa,EAAE,MAAM,sCAAsC,CAAC;AAErE,eAAO,MAAM,QAAQ,kBAAkB,CAAC;AACxC,eAAO,MAAM,cAAc,wBAAwB,CAAC;AAEpD,oBAAY,eAAe;IACzB,UAAU,mCAAmC;CAC9C;AAED,eAAO,MAAM,cAAc;;sCAEA,MAAM,UAAU,MAAM,UAAU,MAAM;CAEvD,CAAC;AAEX,eAAO,MAAM,qBAAqB,EAAE,gBAAgB,CAAC,aAAa,CAUjE,CAAC"}

package/dist/esm/constants.mjs

@@ -1,5 +1,9 @@
 const APP_NAME = 'authorization';
 const GRAPH_APP_NAME = 'authorization-graph';
+var GraphApiProfile;
+(function (GraphApiProfile) {
+    GraphApiProfile["PERMISSION"] = "authorization-graph-permission";
+})(GraphApiProfile || (GraphApiProfile = {}));
 const ERROR_MESSAGES = {
     HTTP_CLIENT_NOT_INITIALIZED: 'MondayAuthorization: HTTP client is not initialized',
     REQUEST_FAILED: (method, status, reason) => `MondayAuthorization: [${method}] request failed with status ${status} with reason: ${reason}`,
@@ -16,4 +20,4 @@ const DEFAULT_FETCH_OPTIONS = {
     },
 };
 
-export { APP_NAME, DEFAULT_FETCH_OPTIONS, ERROR_MESSAGES, GRAPH_APP_NAME };
+export { APP_NAME, DEFAULT_FETCH_OPTIONS, ERROR_MESSAGES, GRAPH_APP_NAME, GraphApiProfile };

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@mondaydotcomorg/monday-authorization",
-  "version": "3.5.0-upgrade-observability-kit-2ebbd01",
+  "version": "3.5.1-fix-authorize-profile-picker-b5f77b0",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",
   "license": "BSD-3-Clause",
@@ -25,7 +25,7 @@
     "@mondaydotcomorg/monday-fetch-api": "^1.0.2",
     "@mondaydotcomorg/monday-jwt": "^3.0.14",
     "@mondaydotcomorg/monday-logger": "^4.0.11",
-    "@mondaydotcomorg/monday-observability-kit": "^1.8.1",
+    "@mondaydotcomorg/monday-observability-kit": "^1.5.3",
     "@mondaydotcomorg/monday-sns": "^1.2.1",
     "@mondaydotcomorg/trident-backend-api": "^0.24.3",
     "lodash": "^4.17.21",

package/src/authorization-service.ts

@@ -155,19 +155,60 @@ export class AuthorizationService {
       logger.error({ tag: 'authorization-service' }, 'AuthorizationService: igniteClient is not set, failing request');
       throw new Error('AuthorizationService: igniteClient is not set, failing request');
     }
-    if (
-      this.igniteClient.configuration.getObjectValue<string[]>(ALLOWED_SDK_PLATFORM_PROFILES_KEY, []).includes(appName)
-    ) {
-      return getProfile();
+
+    const allowedProfiles = this.igniteClient.configuration.getObjectValue<string[]>(
+      ALLOWED_SDK_PLATFORM_PROFILES_KEY,
+      []
+    );
+    const isAllowedProfile = allowedProfiles.includes(appName);
+    logger.debug(
+      { tag: 'auth-debug', accountId, userId, appName, allowedProfiles, isAllowedProfile },
+      'AuthorizationService.getProfile: checking allowed profiles'
+    );
+
+    if (isAllowedProfile) {
+      const profile = getProfile();
+      logger.debug(
+        { tag: 'auth-debug', accountId, userId, appName, profile },
+        'AuthorizationService.getProfile: selected profile via allowed profiles'
+      );
+      return profile;
     }
-    if (
-      this.igniteClient.configuration
-        .getObjectValue<string[]>(IN_RELEASE_SDK_PLATFORM_PROFILES_KEY, [])
-        .includes(appName) &&
-      this.igniteClient.isReleased(PLATFORM_PROFILE_RELEASE_FF, { accountId, userId })
-    ) {
-      return getProfile();
+
+    const inReleaseProfiles = this.igniteClient.configuration.getObjectValue<string[]>(
+      IN_RELEASE_SDK_PLATFORM_PROFILES_KEY,
+      []
+    );
+    const isInReleaseProfile = inReleaseProfiles.includes(appName);
+    const isFeatureFlagReleased = this.igniteClient.isReleased(PLATFORM_PROFILE_RELEASE_FF, { accountId, userId });
+
+    logger.debug(
+      {
+        tag: 'auth-debug',
+        accountId,
+        userId,
+        appName,
+        inReleaseProfiles,
+        isInReleaseProfile,
+        isFeatureFlagReleased,
+        featureFlag: PLATFORM_PROFILE_RELEASE_FF,
+      },
+      'AuthorizationService.getProfile: checking feature flag release'
+    );
+
+    if (isInReleaseProfile && isFeatureFlagReleased) {
+      const profile = getProfile();
+      logger.debug(
+        { tag: 'auth-debug', accountId, userId, appName, profile },
+        'AuthorizationService.getProfile: selected profile via feature flag release'
+      );
+      return profile;
     }
+
+    logger.debug(
+      { tag: 'auth-debug', accountId, userId, appName, profile: PlatformProfile.APP },
+      'AuthorizationService.getProfile: selected default APP profile'
+    );
     return PlatformProfile.APP;
   }
 
@@ -184,15 +225,34 @@ export class AuthorizationService {
       this.igniteClient?.isReleased(NAVIGATE_CAN_ACTION_IN_SCOPE_TO_GRAPH_FF, { accountId, userId })
     );
 
+    logger.debug(
+      {
+        tag: 'auth-debug',
+        accountId,
+        userId,
+        shouldNavigateToGraph,
+        featureFlag: NAVIGATE_CAN_ACTION_IN_SCOPE_TO_GRAPH_FF,
+      },
+      'AuthorizationService.canActionInScopeMultiple: determining which API flow to use'
+    );
+
     const startTime = performance.now();
     let scopedActionResponseObjects: ScopedActionResponseObject[];
     let apiType: 'graph' | 'platform';
 
     if (shouldNavigateToGraph) {
       apiType = 'graph';
+      logger.debug(
+        { tag: 'auth-debug', accountId, userId, apiType },
+        'AuthorizationService.canActionInScopeMultiple: using graph API flow'
+      );
       scopedActionResponseObjects = await this.graphApi.checkPermissions(accountId, userId, scopedActions);
     } else {
       apiType = 'platform';
+      logger.debug(
+        { tag: 'auth-debug', accountId, userId, apiType },
+        'AuthorizationService.canActionInScopeMultiple: using platform API flow'
+      );
       const profile = this.getProfile(accountId, userId);
       const internalAuthToken = AuthorizationInternalService.generateInternalAuthToken(accountId, userId);
 

package/src/clients/graph-api.ts

@@ -18,7 +18,7 @@ import {
   GraphPermissionReason,
 } from '../types/graph-api.types';
 import { scopeToResource } from '../utils/authorization.utils';
-import { GRAPH_APP_NAME } from '../constants';
+import { GRAPH_APP_NAME, GraphApiProfile } from '../constants';
 import { handleApiError } from '../utils/api-error-handler';
 
 const CAN_ACTION_IN_SCOPE_GRAPH_PATH = '/permissions/is-allowed';
@@ -85,6 +85,7 @@ export class GraphApi {
           url: {
             appName: GRAPH_APP_NAME,
             path: CAN_ACTION_IN_SCOPE_GRAPH_PATH,
+            profile: GraphApiProfile.PERMISSION,
           },
           method: 'POST',
           headers: {

package/src/constants.ts

@@ -4,6 +4,10 @@ import { FetcherConfig } from '@mondaydotcomorg/trident-backend-api';
 export const APP_NAME = 'authorization';
 export const GRAPH_APP_NAME = 'authorization-graph';
 
+export enum GraphApiProfile {
+  PERMISSION = 'authorization-graph-permission',
+}
+
 export const ERROR_MESSAGES = {
   HTTP_CLIENT_NOT_INITIALIZED: 'MondayAuthorization: HTTP client is not initialized',
   REQUEST_FAILED: (method: string, status: number, reason: string) =>