Updated BFF management endpoints extensibility docs

src/content/docs/bff/extensibility/management/back-channel-logout.mdx

@@ -0,0 +1,76 @@
+---
+title: "BFF Back-Channel Logout Endpoint Extensibility"
+date: 2022-12-29T10:22:12+02:00
+sidebar:
+  label: "Back-Channel Logout"
+  order: 60
+redirect_from:
+  - /bff/v2/extensibility/management/back-channel-logout/
+  - /bff/v3/extensibility/management/back-channel-logout/
+  - /identityserver/v5/bff/extensibility/management/back-channel-logout/
+  - /identityserver/v6/bff/extensibility/management/back-channel-logout/
+  - /identityserver/v7/bff/extensibility/management/back-channel-logout/
+---
+
+import { Aside, Code } from "@astrojs/starlight/components";
+import { Tabs, TabItem } from "@astrojs/starlight/components";
+
+The back-channel logout endpoint has several extensibility points organized into two interfaces.
+The `IBackchannelLogoutEndpoint` is the top-level abstraction that processes requests to the endpoint.
+This service can be used to add custom request processing logic or to change how it validates incoming requests.
+When the back-channel logout endpoint receives a valid request, it revokes sessions using the `ISessionRevocationService`.
+
+<Aside type="caution">
+    In BFF V3, the `IBackchannelLogoutEndpoint` interface is called `IBackchannelLogoutService` instead.
+</Aside>
+
+## Request Processing
+
+<Tabs syncKey="bffVersion">
+    <TabItem label="V4">
+        You can customize the behavior of the back-channel logout endpoint by implementing the `ProcessRequestAsync` method of the
+        `IBackchannelLogoutEndpoint` interface. The [default implementation][1] can serve as a starting point for your own implementation.
+
+        If you want to extend the default behavior of the back-channel logout endpoint, you can instead add a custom endpoint and
+        call the original endpoint implementation:
+
+        <Code
+            lang="csharp"
+            title="Program.cs"
+            code={`
+var bffOptions = app.Services.GetRequiredService<IOptions<BffOptions>>().Value;
+
+app.MapGet(bffOptions.BackChannelLogoutPath, async (HttpContext context, CancellationToken ct) =>
+{
+    // Custom logic before calling the original endpoint implementation
+    var endpointProcessor = context.RequestServices.GetRequiredService<IBackchannelLogoutEndpoint>();
+    await endpointProcessor.ProcessRequestAsync(context, ct);
+    // Custom logic after calling the original endpoint implementation
+});
+`} />
+    </TabItem>
+    <TabItem label="V3">
+        `ProcessRequestAsync` is the top-level function called in the endpoint service `DefaultBackchannelLogoutService`,
+        and can be used to add arbitrary logic to the endpoint.
+
+        For example, you could take whatever actions you need before normal processing of the request like this:
+
+        <Code
+            lang="csharp"
+            code={`
+public override Task ProcessRequestAsync(HttpContext context, CancellationToken ct)
+{
+    // Custom logic here
+
+    return base.ProcessRequestAsync(context);
+}
+`}/>
+    </TabItem>
+</Tabs>
+
+## Session Revocation
+
+The back-channel logout service will call the registered session revocation service to revoke the user session when
+it receives a valid logout token. To customize the revocation process, implement the `ISessionRevocationService`.
+
+[1]: https://github.com/DuendeSoftware/products/tree/releases/bff/4.0.x/bff/src/Bff/Endpoints/Internal/DefaultBackchannelLogoutEndpoint.cs

src/content/docs/bff/extensibility/management/diagnostics.mdx

@@ -0,0 +1,69 @@
+---
+title: "BFF Diagnostics Endpoint Extensibility"
+date: 2022-12-29T10:22:12+02:00
+sidebar:
+  order: 70
+  label: "Diagnostics"
+redirect_from:
+  - /bff/v2/extensibility/management/diagnostics/
+  - /bff/v3/extensibility/management/diagnostics/
+  - /identityserver/v5/bff/extensibility/management/diagnostics/
+  - /identityserver/v6/bff/extensibility/management/diagnostics/
+  - /identityserver/v7/bff/extensibility/management/diagnostics/
+---
+
+import { Aside, Code } from "@astrojs/starlight/components";
+import { Tabs, TabItem } from "@astrojs/starlight/components";
+
+The BFF diagnostics endpoint can be customized by implementing the `IDiagnosticsEndpoint`.
+
+<Aside type="caution">
+    In BFF V3, the `IDiagnosticsEndpoint` interface is called `IDiagnosticsService` instead.
+</Aside>
+
+## Request Processing
+
+<Tabs syncKey="bffVersion">
+    <TabItem label="V4">
+        You can customize the behavior of the diagnostics endpoint by implementing the `ProcessRequestAsync` method of the
+        `IDiagnosticsEndpoint` interface. The [default implementation][1]
+        can serve as a starting point for your own implementation.
+
+        If you want to extend the default behavior of the diagnostics endpoint, you can instead add a custom endpoint and
+        call the original endpoint implementation:
+
+        <Code
+            lang="csharp"
+            title="Program.cs"
+            code={`
+var bffOptions = app.Services.GetRequiredService<IOptions<BffOptions>>().Value;
+
+app.MapGet(bffOptions.DiagnosticsPath, async (HttpContext context, CancellationToken ct) =>
+{
+    // Custom logic before calling the original endpoint implementation
+    var endpointProcessor = context.RequestServices.GetRequiredService<IDiagnosticsEndpoint>();
+    await endpointProcessor.ProcessRequestAsync(context, ct);
+    // Custom logic after calling the original endpoint implementation
+});
+`} />
+    </TabItem>
+    <TabItem label="V3">
+        `ProcessRequestAsync` is the top-level function called in the endpoint service `DefaultDiagnosticsService`,
+        and can be used to add arbitrary logic to the endpoint.
+
+        For example, you could take whatever actions you need before normal processing of the request like this:
+
+        <Code
+            lang="csharp"
+            code={`
+public override Task ProcessRequestAsync(HttpContext context, CancellationToken ct)
+{
+    // Custom logic here
+
+    return base.ProcessRequestAsync(context);
+}
+`}/>
+    </TabItem>
+</Tabs>
+
+[1]: https://github.com/DuendeSoftware/products/tree/releases/bff/4.0.x/bff/src/Bff/Endpoints/Internal/DefaultDiagnosticsEndpoint.cs

src/content/docs/bff/extensibility/management/index.mdx

@@ -45,8 +45,8 @@ builder.Services.AddTransient<IDiagnosticsEndpoint, DefaultDiagnosticsEndpoint>(
     Task ProcessRequestAsync(HttpContext context, CancellationToken ct);
 }`}/>
 
-      You can customize the behavior of the endpoints either by implementing the appropriate interface.
-      The [default implementations](https://github.com/DuendeSoftware/products/tree/releases/bff/4.0.0/bff/src/Bff/Endpoints/Internal) can serve as a starting point for your own implementation.
+      You can customize the behavior of the endpoints by implementing the appropriate interface.
+      The [default implementations][1] can serve as a starting point for your own implementation.
 
       If you want to extend the default behavior of a management endpoint, you can add a custom endpoint and call the original endpoint implementation:
 
@@ -90,4 +90,6 @@ builder.Services.AddTransient<IDiagnosticsService, DefaultDiagnosticsService>();
 
       Several of the default endpoint service implementations also define virtual methods that can be overridden to customize their behavior with more granularity.
   </TabItem>
-</Tabs>
+</Tabs>
+
+[1]: https://github.com/DuendeSoftware/products/tree/releases/bff/4.0.x/bff/src/Bff/Endpoints/Internal

src/content/docs/bff/extensibility/management/login.mdx

@@ -0,0 +1,77 @@
+---
+title: "BFF Login Endpoint Extensibility"
+date: 2022-12-30 10:55:24
+sidebar:
+  label: "Login"
+  order: 10
+redirect_from:
+  - /bff/v2/extensibility/management/login/
+  - /bff/v3/extensibility/management/login/
+  - /identityserver/v5/bff/extensibility/management/login/
+  - /identityserver/v6/bff/extensibility/management/login/
+  - /identityserver/v7/bff/extensibility/management/login/
+---
+
+import { Aside, Code } from "@astrojs/starlight/components";
+import { Tabs, TabItem } from "@astrojs/starlight/components";
+
+The BFF login endpoint has extensibility points in two interfaces. The `ILoginEndpoint` is the top-level abstraction
+that processes requests to the endpoint. This service can be used to add custom request processing logic.
+The `IReturnUrlValidator` ensures that the `returnUrl` parameter passed to the login endpoint is safe to use.
+
+<Aside type="caution">
+    In BFF V3, the `ILoginEndpoint` interface is called `ILoginService` instead.
+</Aside>
+
+## Request Processing
+
+<Tabs syncKey="bffVersion">
+    <TabItem label="V4">
+        You can customize the behavior of the login endpoint by implementing the `ProcessRequestAsync` method of the
+        `ILoginEndpoint` interface. The [default implementation][1]
+        can serve as a starting point for your own implementation.
+
+        If you want to extend the default behavior of the login endpoint, you can instead add a custom endpoint and
+        call the original endpoint implementation:
+
+        <Code
+            lang="csharp"
+            title="Program.cs"
+            code={`
+var bffOptions = app.Services.GetRequiredService<IOptions<BffOptions>>().Value;
+
+app.MapGet(bffOptions.LoginPath, async (HttpContext context, CancellationToken ct) =>
+{
+    // Custom logic before calling the original endpoint implementation
+    var endpointProcessor = context.RequestServices.GetRequiredService<ILoginEndpoint>();
+    await endpointProcessor.ProcessRequestAsync(context, ct);
+    // Custom logic after calling the original endpoint implementation
+});
+            `} />
+    </TabItem>
+    <TabItem label="V3">
+        `ProcessRequestAsync` is the top-level function called in the endpoint service `DefaultLoginService`, and can
+        be used to add arbitrary logic to the endpoint.
+
+        For example, you could take whatever actions you need before normal processing of the request like this:
+
+        <Code
+            lang="csharp"
+            code={`
+public override Task ProcessRequestAsync(HttpContext context, CancellationToken ct)
+{
+    // Custom logic here
+
+    return base.ProcessRequestAsync(context);
+}
+            `}/>
+    </TabItem>
+</Tabs>
+
+## Return URL Validation
+
+To prevent open redirector attacks, the `returnUrl` parameter to the login endpoint must be validated. You can
+customize this validation by implementing the `IReturnUrlValidator` interface. The default implementation enforces
+that return URLs are local.
+
+[1]: https://github.com/DuendeSoftware/products/tree/releases/bff/4.0.x/bff/src/Bff/Endpoints/Internal/DefaultLoginEndpoint.cs