FetchMiddlewares.injectIdentityAuth()
Home > @backstage/core-app-api > FetchMiddlewares > injectIdentityAuth
Injects a Backstage token header when the user is signed in.
Signature:
static injectIdentityAuth(options: {
identityApi: IdentityApi;
config?: Config;
urlPrefixAllowlist?: string[];
allowUrl?: (url: string) => boolean;
header?: {
name: string;
value: (backstageToken: string) => string;
};
}): FetchMiddleware;
Parameters
| Parameter | Type | Description |
|---|---|---|
| options | { identityApi: IdentityApi; config?: Config; urlPrefixAllowlist?: string[]; allowUrl?: (url: string) => boolean; header?: { name: string; value: (backstageToken: string) => string; }; } |
Returns:
Remarks
Per default, an Authorization: Bearer <token> is generated. This can be customized using the header option.
The header injection only happens on allowlisted URLs. Per default, if the config option is passed in, the backend.baseUrl is allowlisted, unless the urlPrefixAllowlist or allowUrl options are passed in, in which case they take precedence. If you pass in neither config nor an allowlist/callback, the middleware will have no effect since effectively no request will match the (nonexistent) rules.