FetchMiddlewares.injectIdentityAuth()
Home > @backstage/core-app-api
> FetchMiddlewares
> injectIdentityAuth
Injects a Backstage token header when the user is signed in.
Signature:
static injectIdentityAuth(options: {
identityApi: IdentityApi;
config?: Config;
urlPrefixAllowlist?: string[];
allowUrl?: (url: string) => boolean;
header?: {
name: string;
value: (backstageToken: string) => string;
};
}): FetchMiddleware;
Parameters
Parameter |
Type |
Description |
---|---|---|
options |
{ identityApi: IdentityApi; config?: Config; urlPrefixAllowlist?: string[]; allowUrl?: (url: string) => boolean; header?: { name: string; value: (backstageToken: string) => string; }; } |
Remarks
Per default, an Authorization: Bearer <token>
is generated. This can be customized using the header
option.
The header injection only happens on allowlisted URLs. Per default, if the config
option is passed in, the backend.baseUrl
is allowlisted, unless the urlPrefixAllowlist
or allowUrl
options are passed in, in which case they take precedence. If you pass in neither config nor an allowlist/callback, the middleware will have no effect since effectively no request will match the (nonexistent) rules.