Microsoft has recently released Dev Proxy v0.15.0, featuring a range of enhancements aimed at streamlining app development processes. Among a large list of improvements, the most notable addition is the ability to mock APIs that are secured with Entra. Other additions are related to the simulation of OAuth flows, improved monitoring URLs, improved support of CORS, custom commands and more.
For readers unfamiliar with it, Dev Proxy, previously named Microsoft 365 Developer Proxy, functions as a command-line tool utilized for mimicking genuine API behaviours during app testing. With Dev Proxy, developers can create resilient applications adept at managing errors and limitations.
One of the key additions in this update is the ability to simulate CRUD APIs secured with Microsoft Entra. Through the CrudApiPlugin Dev Proxy, developers can now emulate CRUD APIs, particularly useful when building apps in the absence of available APIs.
As reported, this version extends support to simulate APIs secured with Microsoft Entra, a crucial feature for enterprise app development. Developers can define CRUD APIs and validate aspects of the access token, like the audience, issuer, permissions or token lifetime, ensuring easier simulation of secured APIs without the need for extensive setup.
(Dev Proxy simulating a CRUD API secured with Microsoft Entra, Source: Microsoft 365 Platform blog)
Furthermore, the introduction of EntraMockResponsePlugin enables the simulation of OAuth flows, a common security measure in Microsoft cloud-based applications. This plugin facilitates the emulation of authentication processes, ensuring compatibility with Microsoft Identity libraries.
In addition to an announcement blog post, the author of DevProxy, Waldek Mastykarz was a guest on the PnP Weekly podcast, where he stated a couple of interesting facts about a tool, InfoQ brings the paraphrased statement:
In your development environment, you often create components that aren’t shipped anyway. Our approach allows for simulation, giving you control over aspects like token verification. We aim to mimic reality without wasting time on unnecessary components, optimizing your workflow.
Moreover, Enhancements have also been made to monitoring capabilities, with the addition of the urlsToWatch option. This feature allows developers to specify URLs for monitoring directly from the command line, enhancing efficiency in managing presets and monitoring API activity. Also, this version brings support for monitoring URLs on a specific port only.
(Specifying URLs to monitor from the command line, Source: Microsoft 365 Platform blog)
The update also addresses the need for greater customization, allowing developers to add multiple instances of the same plugin. As stated, this flexibility enables the creation of multiple CRUD APIs or mocks for varied use cases, enhancing adaptability in development environments.
Futhermore, throttling simulation capabilities have been enhanced in this version, enabling developers to configure retry-after values for throttled responses with extended plugins like GenericRandomErrorPlugin and GraphRandomErrorPlugin. Stating that this will bring developers the ability to simulate diverse scenarios and observe their impact on application performance.
Also, regarding the CORS, Cross-Origin Resource Sharing, the release includes RateLimitingPlugin and RetryAfterPlugin to expose throttling information for cross-origin requests
Additionally, developers now have better control over how Dev Proxy is initiated, with options to refrain from registering it as a system-wide proxy or installing SSL certificates. As stated, these options provide flexibility for users, particularly in Docker container environments.
Furthermore, Dev Proxy has been extended to support custom commands, allowing plugins to introduce new functionalities independent of request monitoring.
Regarding the breaking changes, a few are mentioned including adjustments to how plugins present options to facilitate adding multiple instances of the same plugin, modifications to the tracking of throttled requests, and revisions to logging procedures, involving the renaming of logging levels. As reported, these primarily impact users with custom plugins.
Lastly, The release also includes various bug fixes and performance improvements. For a detailed list of changes, developers are recommended to explore the GitHub release notes regarding this new release.