feat(orchestrator): add auth requester widget (#972)

* feat(orchestrator): add auth requester widget

* replaced custom capitalize with lodash

* updated generated openapi

* fixed report

Author: batzionb

workspaces/orchestrator/.changeset/proud-planes-dream.md

@@ -0,0 +1,9 @@
+---
+'@red-hat-developer-hub/backstage-plugin-orchestrator-form-react': minor
+'@red-hat-developer-hub/backstage-plugin-orchestrator-form-api': minor
+'@red-hat-developer-hub/backstage-plugin-orchestrator-backend': minor
+'@red-hat-developer-hub/backstage-plugin-orchestrator-common': minor
+'@red-hat-developer-hub/backstage-plugin-orchestrator': minor
+---
+
+implemented authorization widget for enabling specifying the required auth providers in the schema so the UI can pick it up from there and forward to workflow execution

workspaces/orchestrator/plugins/orchestrator-backend/package.json

@@ -85,6 +85,7 @@
     "express-promise-router": "^4.1.1",
     "fs-extra": "^10.1.0",
     "isomorphic-git": "^1.23.0",
+    "lodash": "^4.17.21",
     "moment": "^2.29.4",
     "openapi-backend": "^5.10.5",
     "yn": "^5.0.0"

workspaces/orchestrator/plugins/orchestrator-backend/src/service/SonataFlowService.ts

@@ -16,6 +16,8 @@
 
 import { LoggerService } from '@backstage/backend-plugin-api';
 
+import capitalize from 'lodash/capitalize';
+
 import {
   AuthToken,
   extractWorkflowFormat,
@@ -109,7 +111,7 @@ export class SonataFlowService {
     if (args.authTokens && Array.isArray(args.authTokens)) {
       args.authTokens.forEach(tokenObj => {
         if (tokenObj.provider && tokenObj.token) {
-          const headerKey = `X-Authorization-${tokenObj.provider}`;
+          const headerKey = `X-${capitalize(tokenObj.provider)}-Authorization`;
           headers[headerKey] = String(tokenObj.token); // Ensure token is a string
         }
       });

workspaces/orchestrator/plugins/orchestrator-backend/src/service/router.ts

@@ -84,7 +84,6 @@ const authorize = async (
   httpAuth: HttpAuthService,
 ): Promise<AuthorizePermissionResponse> => {
   const credentials = await httpAuth.credentials(request);
-
   const decisionResponses: AuthorizePermissionResponse[][] = await Promise.all(
     anyOfPermissions.map(permission =>
       permissionsSvc.authorize([{ permission }], {
@@ -255,7 +254,7 @@ export async function createBackendRouter(
 
   const middleware = MiddlewareFactory.create({ logger, config });
 
-  router.use(middleware.error());
+  router.use(middleware.error({ logAllErrors: true })); // log also openapi errors
 
   return router;
 }
@@ -309,7 +308,7 @@ async function initRouterApi(
         _req: express.Request,
         res: express.Response,
       ) => {
-        console.log('validationFail', c.operation);
+        console.log('OPENAPI validationFail', c.operation);
         res.status(400).json({ err: c.validation.errors });
       },
       notFound: async (_c, req: express.Request, res: express.Response) => {

workspaces/orchestrator/plugins/orchestrator-common/report.api.md

@@ -0,0 +1,16 @@
+/*
+ * Copyright Red Hat, Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+export * from './tokenDescriptorTypes';

workspaces/orchestrator/plugins/orchestrator-common/src/auth/index.ts

@@ -0,0 +1,26 @@
+/*
+ * Copyright Red Hat, Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+import { OAuthScope } from '@backstage/core-plugin-api';
+
+export type ScmTokenProvider = 'gitlab' | 'github';
+
+export type TokenProvider = ScmTokenProvider | 'microsoft';
+
+export type AuthTokenDescriptor = {
+  provider: TokenProvider;
+  scope?: OAuthScope;
+  tokenType: 'openId' | 'oauth';
+};

workspaces/orchestrator/plugins/orchestrator-common/src/auth/tokenDescriptorTypes.ts

@@ -1 +1 @@
-9b58bc9fda4bd3d2e3222fac599125372f0f5dd5
+61c0db002e4c6e594a5b1fccc7d54f9e81f5ca4d

workspaces/orchestrator/plugins/orchestrator-common/src/generated/.METADATA.sha1

@@ -53,14 +53,23 @@ export interface AuthToken {
      * @type {string}
      * @memberof AuthToken
      */
-    'provider': string;
+    'provider': AuthTokenProviderEnum;
     /**
      * The auth token itself retrieved from the above specified provider name
      * @type {string}
      * @memberof AuthToken
      */
     'token': string;
 }
+
+export const AuthTokenProviderEnum = {
+    Github: 'github',
+    Gitlab: 'gitlab',
+    Microsoft: 'microsoft'
+} as const;
+
+export type AuthTokenProviderEnum = typeof AuthTokenProviderEnum[keyof typeof AuthTokenProviderEnum];
+
 /**
  * The ErrorResponse object represents a common structure for handling errors in API responses. It includes essential information about the error, such as the error message and additional optional details.
  * @export