spotted 0.32.0 → 0.34.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 5a543070c1c0ef74514cbd6cde809153c4e1df8088291e9213c99f04e6fdb63e
-  data.tar.gz: 9f1f5aa4c514419418dd55aef926b1a164c9edefd0249acb8ed77d126de32e6f
+  metadata.gz: 77ec607b5d1456b68fe75d3699286c08d9f73f2962027830cb54fd562f359178
+  data.tar.gz: f4e4925f3af823d98bb5b038d9ed96c508c50f5d4d2aa4439189e586a645404e
 SHA512:
-  metadata.gz: b48973410e9ee24cda90e014db519cf64ede913c62ec32f62ee8f8e283749253c9eb1a054bb3a401c85d3a39fbe0118c859595448b6d64c7430bd04c81e9d5e7
-  data.tar.gz: '089e889095747aa0d54fd06b9b2d5e973b81b5e157b7de9ff142f967b61359c71d57e5ca962778b1bd2fa9d224d7733fdfd4b2bb3100c9b5b2e925061c23757f'
+  metadata.gz: 8016c1af387c5bb1f1318e2170ad24e8454d0dc593d877a314b05630c90ec643cb101c1738be367b2d9a16e4d8ddbcea9a6e10c0f8224ecf1187ecedf623e18a
+  data.tar.gz: 8d8419e329253cebec841027302fd74b784313cb16267a3041e0dfa9afc5997453488b1a250bc6fa37a900a5279d36c57905b7e6ab92dcfaf639705f296ccc12

data/CHANGELOG.md

@@ -1,5 +1,29 @@
 # Changelog
 
+## 0.34.0 (2026-01-16)
+
+Full Changelog: [v0.33.0...v0.34.0](https://github.com/cjavdev/spotted/compare/v0.33.0...v0.34.0)
+
+### Features
+
+* **oauth:** Adds OAuth helpers for getting new tokens ([1e4d698](https://github.com/cjavdev/spotted/commit/1e4d69811f02209449eba6bdbcbfcfaaba9530f4))
+
+
+### Chores
+
+* lint ([43c32bd](https://github.com/cjavdev/spotted/commit/43c32bd89d548732e0c35ceefa0f13769d0781cb))
+* types for auth ([5d5c7d1](https://github.com/cjavdev/spotted/commit/5d5c7d1495ab21f0f1aeb14185935a28f77e6deb))
+
+## 0.33.0 (2026-01-15)
+
+Full Changelog: [v0.32.0...v0.33.0](https://github.com/cjavdev/spotted/compare/v0.32.0...v0.33.0)
+
+### Features
+
+* **api:** manual updates ([4a0240e](https://github.com/cjavdev/spotted/commit/4a0240e10435cc9af7425885c72fa9e361d29613))
+* **api:** manual updates ([c937e8f](https://github.com/cjavdev/spotted/commit/c937e8f8f5ac33270ae32920640f28706df98965))
+* **api:** turn off oauth ([88abcd6](https://github.com/cjavdev/spotted/commit/88abcd62763cadfd6036026af2efd7ee0f2de678))
+
 ## 0.32.0 (2026-01-14)
 
 Full Changelog: [v0.31.1...v0.32.0](https://github.com/cjavdev/spotted/compare/v0.31.1...v0.32.0)

data/README.md

@@ -17,7 +17,7 @@ Use the Spotted MCP Server to enable AI assistants to interact with this API, al
 
 Documentation for releases of this gem can be found [on RubyDoc](https://gemdocs.org/gems/spotted).
 
-The REST API documentation can be found on [spotted.stldocs.com](https://spotted.stldocs.com?docs).
+The REST API documentation can be found on [spotted.cjav.dev](https://spotted.cjav.dev).
 
 ## Installation
 
@@ -26,7 +26,7 @@ To use this gem, install via Bundler by adding the following to your application
 <!-- x-release-please-start-version -->
 
 ```ruby
-gem "spotted", "~> 0.32.0"
+gem "spotted", "~> 0.34.0"
 ```
 
 <!-- x-release-please-end -->
@@ -38,8 +38,7 @@ require "bundler/setup"
 require "spotted"
 
 spotted = Spotted::Client.new(
-  client_id: ENV["SPOTIFY_CLIENT_ID"], # This is the default and can be omitted
-  client_secret: ENV["SPOTIFY_CLIENT_SECRET"] # This is the default and can be omitted
+  access_token: ENV["SPOTIFY_ACCESS_TOKEN"] # This is the default and can be omitted
 )
 
 album = spotted.albums.retrieve("4aawyAB9vmqN3uQ7FjRGTy")

data/lib/spotted/auth.rb

@@ -0,0 +1,174 @@
+# frozen_string_literal: true
+
+module Spotted
+  # Handles OAuth 2.0 authorization flows for Spotify API
+  class Auth
+    AUTHORIZE_URL = "https://accounts.spotify.com/authorize"
+    TOKEN_URL = "https://accounts.spotify.com/api/token"
+
+    # @return [String]
+    attr_reader :client_id
+
+    # @return [String]
+    attr_reader :client_secret
+
+    # Creates a new Auth instance for handling OAuth flows
+    #
+    # @param client_id [String] The Spotify application client ID
+    # @param client_secret [String] The Spotify application client secret
+    #
+    # @raise [ArgumentError] if client_id or client_secret is missing
+    def initialize(client_id:, client_secret:)
+      if client_id.nil? || client_id.empty?
+        raise ArgumentError, "client_id is required"
+      end
+
+      if client_secret.nil? || client_secret.empty?
+        raise ArgumentError, "client_secret is required"
+      end
+
+      @client_id = client_id
+      @client_secret = client_secret
+    end
+
+    # Generates the Spotify authorization URL for OAuth2 authorization code flow
+    #
+    # @param redirect_uri [String] The URI to redirect to after authorization
+    # @param scope [String, Array<String>, nil] Space-delimited string or array of authorization scopes
+    # @param state [String, nil] Optional state parameter for CSRF protection
+    # @param show_dialog [Boolean] Whether to force the user to approve the app again
+    #
+    # @return [String] The authorization URL to redirect the user to
+    #
+    # @example Basic usage
+    #   auth = Spotted::Auth.new(client_id: "...", client_secret: "...")
+    #   url = auth.authorization_url(redirect_uri: "http://localhost:3000/callback")
+    #
+    # @example With scopes and state
+    #   url = auth.authorization_url(
+    #     redirect_uri: "http://localhost:3000/callback",
+    #     scope: ["user-read-private", "user-read-email"],
+    #     state: "random_state_string"
+    #   )
+    def authorization_url(redirect_uri:, scope: nil, state: nil, show_dialog: false)
+      params = {
+        client_id: @client_id,
+        response_type: "code",
+        redirect_uri: redirect_uri
+      }
+
+      params[:scope] = scope.is_a?(Array) ? scope.join(" ") : scope if scope
+      params[:state] = state if state
+      params[:show_dialog] = "true" if show_dialog
+
+      query_string = URI.encode_www_form(params)
+      "#{AUTHORIZE_URL}?#{query_string}"
+    end
+
+    # Exchanges an authorization code for an access token
+    #
+    # @param code [String] The authorization code received from the authorization callback
+    # @param redirect_uri [String] The redirect URI used in the authorization request (must match exactly)
+    #
+    # @return [Hash] Token response containing:
+    #   - access_token [String] The access token to use for API requests
+    #   - token_type [String] The type of token (usually "Bearer")
+    #   - expires_in [Integer] Number of seconds until the token expires
+    #   - refresh_token [String] Token to use to refresh the access token
+    #   - scope [String] Space-delimited list of granted scopes
+    #
+    # @raise [Spotted::APIError] if the token exchange fails
+    #
+    # @example
+    #   auth = Spotted::Auth.new(client_id: "...", client_secret: "...")
+    #   credentials = auth.exchange_authorization_code(
+    #     code: params[:code],
+    #     redirect_uri: "http://localhost:3000/callback"
+    #   )
+    #   access_token = credentials[:access_token]
+    def exchange_authorization_code(code:, redirect_uri:)
+      body = URI.encode_www_form(
+        grant_type: "authorization_code",
+        code: code,
+        redirect_uri: redirect_uri
+      )
+
+      make_token_request(body: body)
+    end
+
+    # Refreshes an access token using a refresh token
+    #
+    # @param refresh_token [String] The refresh token received from a previous authorization
+    #
+    # @return [Hash] Token response containing:
+    #   - access_token [String] The new access token to use for API requests
+    #   - token_type [String] The type of token (usually "Bearer")
+    #   - expires_in [Integer] Number of seconds until the token expires
+    #   - scope [String] Space-delimited list of granted scopes
+    #
+    # @raise [Spotted::APIError] if the token refresh fails
+    #
+    # @example
+    #   auth = Spotted::Auth.new(client_id: "...", client_secret: "...")
+    #   credentials = auth.refresh_access_token(refresh_token: stored_refresh_token)
+    #   new_access_token = credentials[:access_token]
+    def refresh_access_token(refresh_token:)
+      body = URI.encode_www_form(
+        grant_type: "refresh_token",
+        refresh_token: refresh_token
+      )
+
+      make_token_request(body: body)
+    end
+
+    private
+
+    # Makes a request to the token endpoint
+    #
+    # @param body [String] The URL-encoded form body
+    # @return [Hash] The parsed JSON response
+    # @raise [Spotted::APIError] if the request fails
+    def make_token_request(body:)
+      uri = URI(TOKEN_URL)
+      http = Net::HTTP.new(uri.host, uri.port)
+      http.use_ssl = true
+
+      # Configure SSL to use system certificates
+      http.verify_mode = OpenSSL::SSL::VERIFY_PEER
+      http.cert_store = OpenSSL::X509::Store.new
+      http.cert_store.set_default_paths
+
+      request = Net::HTTP::Post.new(uri.path)
+      request["Content-Type"] = "application/x-www-form-urlencoded"
+      request["Authorization"] = "Basic #{Base64.strict_encode64("#{@client_id}:#{@client_secret}")}"
+      request.body = body
+
+      response = http.request(request)
+
+      parse_token_response(response)
+    end
+
+    # Parses the token response and handles errors
+    #
+    # @param response [Net::HTTPResponse] The HTTP response from the token endpoint
+    # @return [Hash] The parsed token data with symbolized keys
+    # @raise [Spotted::APIError] if the response indicates an error
+    def parse_token_response(response)
+      body = JSON.parse(response.body)
+
+      case response
+      when Net::HTTPSuccess
+        # Convert string keys to symbols for easier access
+        body.transform_keys(&:to_sym)
+      else
+        error_message = body["error_description"] || body["error"] || "Token request failed"
+        raise Spotted::Errors::APIError.new(
+          url: uri,
+          status: response.code.to_i,
+          body: body,
+          message: error_message
+        )
+      end
+    end
+  end
+end

data/lib/spotted/client.rb

@@ -15,13 +15,7 @@ module Spotted
     # Default max retry delay in seconds.
     DEFAULT_MAX_RETRY_DELAY = 8.0
 
-    # @return [String, nil]
-    attr_reader :client_id
-
-    # @return [String, nil]
-    attr_reader :client_secret
-
-    # @return [String, nil]
+    # @return [String]
     attr_reader :access_token
 
     # @return [Spotted::Resources::Albums]
@@ -76,63 +70,13 @@ module Spotted
     #
     # @return [Hash{String=>String}]
     private def auth_headers
-      unless @access_token.nil?
-        return {**bearer_auth}
-      end
-
-      if @client_id && @client_secret
-        return {**oauth_2_0}
-      end
-
-      {}
-    end
-
-    # @api private
-    #
-    # @return [Hash{String=>String}]
-    private def bearer_auth
       return {} if @access_token.nil?
 
       {"authorization" => "Bearer #{@access_token}"}
     end
 
-    # @api private
-    # @return [Spotted::Internal::OAuth2ClientCredentials]
-    attr_reader :oauth_2_0_state
-
-    # @api private
-    #
-    # @return [Hash{String=>String}]
-    private def oauth_2_0
-      return @oauth_2_0_state.auth_headers if @oauth_2_0_state
-
-      return {} unless @client_id && @client_secret
-
-      path = Spotted::Internal::Util.interpolate_path("https://accounts.spotify.com/api/token")
-      token_url = Spotted::Internal::Util.join_parsed_uri(
-        @base_url_components,
-        {
-          path: path,
-          query: {grant_type: "client_credentials"}
-        }
-      )
-
-      @oauth_2_0_state = Spotted::Internal::OAuth2ClientCredentials.new(
-        token_url: token_url.to_s,
-        client_id: @client_id,
-        client_secret: @client_secret,
-        timeout: @timeout,
-        client: self
-      )
-      @oauth_2_0_state.auth_headers
-    end
-
     # Creates and returns a new client for interacting with the API.
     #
-    # @param client_id [String, nil] Defaults to `ENV["SPOTIFY_CLIENT_ID"]`
-    #
-    # @param client_secret [String, nil] Defaults to `ENV["SPOTIFY_CLIENT_SECRET"]`
-    #
     # @param access_token [String, nil] Defaults to `ENV["SPOTIFY_ACCESS_TOKEN"]`
     #
     # @param base_url [String, nil] Override the default base URL for the API, e.g.,
@@ -146,8 +90,6 @@ module Spotted
     #
     # @param max_retry_delay [Float]
     def initialize(
-      client_id: ENV["SPOTIFY_CLIENT_ID"],
-      client_secret: ENV["SPOTIFY_CLIENT_SECRET"],
       access_token: ENV["SPOTIFY_ACCESS_TOKEN"],
       base_url: ENV["SPOTTED_BASE_URL"],
       max_retries: self.class::DEFAULT_MAX_RETRIES,
@@ -157,9 +99,11 @@ module Spotted
     )
       base_url ||= "https://api.spotify.com/v1"
 
-      @client_id = client_id&.to_s
-      @client_secret = client_secret&.to_s
-      @access_token = access_token&.to_s
+      if access_token.nil?
+        raise ArgumentError.new("access_token is required, and can be set via environ: \"SPOTIFY_ACCESS_TOKEN\"")
+      end
+
+      @access_token = access_token.to_s
 
       super(
         base_url: base_url,
@@ -186,90 +130,5 @@ module Spotted
       @recommendations = Spotted::Resources::Recommendations.new(client: self)
       @markets = Spotted::Resources::Markets.new(client: self)
     end
-
-    # Generates the Spotify authorization URL for OAuth2 authorization code flow.
-    #
-    # @param redirect_uri [String] The URI to redirect to after authorization
-    # @param scope [String, Array<String>, nil] Space-delimited string or array of authorization scopes
-    # @param state [String, nil] Optional state parameter for CSRF protection
-    # @param show_dialog [Boolean] Whether to force the user to approve the app again
-    #
-    # @return [String] The authorization URL to redirect the user to
-    #
-    # @example Basic usage
-    #   client = Spotted::Client.new(client_id: "...", client_secret: "...")
-    #   url = client.authorization_url(redirect_uri: "http://localhost:3000/callback")
-    #
-    # @example With scopes and state
-    #   url = client.authorization_url(
-    #     redirect_uri: "http://localhost:3000/callback",
-    #     scope: ["user-read-private", "user-read-email"],
-    #     state: "random_state_string"
-    #   )
-    def authorization_url(redirect_uri:, scope: nil, state: nil, show_dialog: false)
-      params = {
-        client_id: @client_id,
-        response_type: "code",
-        redirect_uri: redirect_uri
-      }
-
-      params[:scope] = scope.is_a?(Array) ? scope.join(" ") : scope if scope
-      params[:state] = state if state
-      params[:show_dialog] = "true" if show_dialog
-
-      query_string = URI.encode_www_form(params)
-      "https://accounts.spotify.com/authorize?#{query_string}"
-    end
-
-    # Exchanges an authorization code for an access token.
-    #
-    # @param code [String] The authorization code to exchange
-    # @param redirect_uri [String] The redirect URI used to obtain the authorization code
-    #
-    # @return [Object] The access token and refresh token
-    def exchange_authorization_code(code:, redirect_uri:)
-      if @client_id.nil? || @client_secret.nil?
-        raise ArgumentError, "Both client_id and client_secret must be set to exchange an authorization code."
-      end
-      body = URI.encode_www_form(
-        grant_type: "authorization_code",
-        code: code,
-        redirect_uri: redirect_uri
-      )
-      client = Spotted::Client.new(
-        client_id: @client_id,
-        client_secret: @client_secret,
-        base_url: "https://accounts.spotify.com"
-      )
-      client.request(
-        method: :post,
-        headers: {
-          "Content-Type" => "application/x-www-form-urlencoded",
-          "Authorization" => "Basic #{Base64.strict_encode64("#{@client_id}:#{@client_secret}")}"
-        },
-        path: "/api/token",
-        body: body
-      )
-    end
-
-    def refresh_access_token(refresh_token:)
-      if @client_id.nil? || @client_secret.nil?
-        raise ArgumentError, "Both client_id and client_secret must be set to refresh an access token."
-      end
-      body = URI.encode_www_form(
-        grant_type: "refresh_token",
-        refresh_token: refresh_token
-      )
-      client = Spotted::Client.new(client_id: @client_id, client_secret: @client_secret, base_url: "https://accounts.spotify.com")
-      client.request(
-        method: :post,
-        headers: {
-          "Content-Type" => "application/x-www-form-urlencoded",
-          "Authorization" => "Basic #{Base64.strict_encode64("#{@client_id}:#{@client_secret}")}"
-        },
-        path: "/api/token",
-        body: body
-      )
-    end
   end
 end

data/lib/spotted/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Spotted
-  VERSION = "0.32.0"
+  VERSION = "0.34.0"
 end

data/lib/spotted.rb

@@ -16,7 +16,6 @@ require "rbconfig"
 require "securerandom"
 require "set"
 require "stringio"
-require "thread"
 require "time"
 require "uri"
 # rubocop:enable Lint/RedundantRequireStatement
@@ -50,10 +49,10 @@ require_relative "spotted/internal"
 require_relative "spotted/request_options"
 require_relative "spotted/file_part"
 require_relative "spotted/errors"
+require_relative "spotted/auth"
 require_relative "spotted/internal/transport/base_client"
 require_relative "spotted/internal/transport/pooled_net_requester"
 require_relative "spotted/client"
-require_relative "spotted/internal/oauth2"
 require_relative "spotted/internal/cursor_url_page"
 require_relative "spotted/models/audiobook_base"
 require_relative "spotted/models/playlist_user_object"

data/rbi/spotted/auth.rbi

@@ -0,0 +1,42 @@
+# typed: strong
+
+module Spotted
+  class Auth
+    AUTHORIZE_URL = T.let("https://accounts.spotify.com/authorize", String)
+    TOKEN_URL = T.let("https://accounts.spotify.com/api/token", String)
+
+    sig { returns(String) }
+    attr_reader :client_id
+
+    sig { returns(String) }
+    attr_reader :client_secret
+
+    sig { params(client_id: String, client_secret: String).void }
+    def initialize(client_id:, client_secret:); end
+
+    sig do
+      params(
+        redirect_uri: String,
+        scope: T.nilable(T.any(String, T::Array[String])),
+        state: T.nilable(String),
+        show_dialog: T::Boolean
+      ).returns(String)
+    end
+    def authorization_url(redirect_uri:, scope: nil, state: nil, show_dialog: false); end
+
+    sig do
+      params(
+        code: String,
+        redirect_uri: String
+      ).returns(T::Hash[Symbol, T.untyped])
+    end
+    def exchange_authorization_code(code:, redirect_uri:); end
+
+    sig do
+      params(
+        refresh_token: String
+      ).returns(T::Hash[Symbol, T.untyped])
+    end
+    def refresh_access_token(refresh_token:); end
+  end
+end

data/rbi/spotted/client.rbi

@@ -10,13 +10,7 @@ module Spotted
 
     DEFAULT_MAX_RETRY_DELAY = T.let(8.0, Float)
 
-    sig { returns(T.nilable(String)) }
-    attr_reader :client_id
-
-    sig { returns(T.nilable(String)) }
-    attr_reader :client_secret
-
-    sig { returns(T.nilable(String)) }
+    sig { returns(String) }
     attr_reader :access_token
 
     sig { returns(Spotted::Resources::Albums) }
@@ -72,25 +66,9 @@ module Spotted
     private def auth_headers
     end
 
-    # @api private
-    sig { returns(T::Hash[String, String]) }
-    private def bearer_auth
-    end
-
-    # @api private
-    sig { returns(Spotted::Internal::OAuth2ClientCredentials) }
-    attr_reader :oauth_2_0_state
-
-    # @api private
-    sig { returns(T::Hash[String, String]) }
-    private def oauth_2_0
-    end
-
     # Creates and returns a new client for interacting with the API.
     sig do
       params(
-        client_id: T.nilable(String),
-        client_secret: T.nilable(String),
         access_token: T.nilable(String),
         base_url: T.nilable(String),
         max_retries: Integer,
@@ -100,10 +78,6 @@ module Spotted
       ).returns(T.attached_class)
     end
     def self.new(
-      # Defaults to `ENV["SPOTIFY_CLIENT_ID"]`
-      client_id: ENV["SPOTIFY_CLIENT_ID"],
-      # Defaults to `ENV["SPOTIFY_CLIENT_SECRET"]`
-      client_secret: ENV["SPOTIFY_CLIENT_SECRET"],
       # Defaults to `ENV["SPOTIFY_ACCESS_TOKEN"]`
       access_token: ENV["SPOTIFY_ACCESS_TOKEN"],
       # Override the default base URL for the API, e.g.,

data/sig/spotted/client.rbs

@@ -8,11 +8,7 @@ module Spotted
 
     DEFAULT_MAX_RETRY_DELAY: Float
 
-    attr_reader client_id: String?
-
-    attr_reader client_secret: String?
-
-    attr_reader access_token: String?
+    attr_reader access_token: String
 
     attr_reader albums: Spotted::Resources::Albums
 
@@ -48,16 +44,7 @@ module Spotted
 
     private def auth_headers: -> ::Hash[String, String]
 
-    private def bearer_auth: -> ::Hash[String, String]
-
-    # @api private
-    attr_reader oauth_2_0_state: Spotted::Internal::OAuth2ClientCredentials
-
-    private def oauth_2_0: -> ::Hash[String, String]
-
     def initialize: (
-      ?client_id: String?,
-      ?client_secret: String?,
       ?access_token: String?,
       ?base_url: String?,
       ?max_retries: Integer,

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: spotted
 version: !ruby/object:Gem::Version
-  version: 0.32.0
+  version: 0.34.0
 platform: ruby
 authors:
 - Spotted
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2026-01-14 00:00:00.000000000 Z
+date: 2026-01-16 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: cgi
@@ -50,12 +50,12 @@ files:
 - README.md
 - SECURITY.md
 - lib/spotted.rb
+- lib/spotted/auth.rb
 - lib/spotted/client.rb
 - lib/spotted/errors.rb
 - lib/spotted/file_part.rb
 - lib/spotted/internal.rb
 - lib/spotted/internal/cursor_url_page.rb
-- lib/spotted/internal/oauth2.rb
 - lib/spotted/internal/transport/base_client.rb
 - lib/spotted/internal/transport/pooled_net_requester.rb
 - lib/spotted/internal/type/array_of.rb
@@ -276,12 +276,12 @@ files:
 - lib/spotted/resources/users/playlists.rb
 - lib/spotted/version.rb
 - manifest.yaml
+- rbi/spotted/auth.rbi
 - rbi/spotted/client.rbi
 - rbi/spotted/errors.rbi
 - rbi/spotted/file_part.rbi
 - rbi/spotted/internal.rbi
 - rbi/spotted/internal/cursor_url_page.rbi
-- rbi/spotted/internal/oauth2.rbi
 - rbi/spotted/internal/transport/base_client.rbi
 - rbi/spotted/internal/transport/pooled_net_requester.rbi
 - rbi/spotted/internal/type/array_of.rbi
@@ -506,7 +506,6 @@ files:
 - sig/spotted/file_part.rbs
 - sig/spotted/internal.rbs
 - sig/spotted/internal/cursor_url_page.rbs
-- sig/spotted/internal/oauth2.rbs
 - sig/spotted/internal/transport/base_client.rbs
 - sig/spotted/internal/transport/pooled_net_requester.rbs
 - sig/spotted/internal/type/array_of.rbs

data/lib/spotted/internal/oauth2.rb

@@ -1,87 +0,0 @@
-# frozen_string_literal: true
-
-module Spotted
-  module Internal
-    class OAuth2ClientCredentials
-      # @param token_url [String]
-      # @param client_id [String]
-      # @param client_secret [String]
-      # @param timeout [Integer]
-      # @param client [Object]
-      def initialize(token_url:, client_id:, client_secret:, timeout:, client:)
-        @token_url = token_url
-        @client_id = client_id
-        @client_secret = client_secret
-        @client = client
-        @timeout = timeout
-        @token = nil
-        @token_expires_at = nil
-        @mutex = Thread::Mutex.new
-      end
-
-      # @api private
-      #
-      # @return [Hash{String=>String}]
-      def auth_headers
-        @mutex.synchronize do
-          if @token && !token_expired?
-            return {"Authorization" => "Bearer #{@token}"}
-          end
-
-          @token = nil
-          @token_expires_at = nil
-
-          token_response = fetch_token
-          if token_response
-            @token = token_response[:access_token]
-            @token_expires_at = Time.now + token_response[:expires_in]
-
-            return {"Authorization" => "Bearer #{@token}"}
-          end
-
-          {}
-        end
-      end
-
-      # @api private
-      #
-      # @return [Boolean]
-      private def token_expired?
-        return true if @token_expires_at.nil? || @token.nil?
-
-        # Consider token expired if it expires within 10 seconds
-        Time.now > (@token_expires_at - 10)
-      end
-
-      # @api private
-      #
-      # @return [Object]
-      private def fetch_token
-        body = URI.encode_www_form(
-          {
-            grant_type: "client_credentials",
-            client_id: @client_id,
-            client_secret: @client_secret
-          }
-        )
-        request = {
-          method: :post,
-          url: URI(@token_url),
-          headers: {
-            "Content-Type" => "application/x-www-form-urlencoded"
-          },
-          body: body,
-          max_retries: @client.max_retries,
-          timeout: @timeout
-        }
-        _status, response, stream = @client.send_request(
-          request,
-          redirect_count: 0,
-          retry_count: 0,
-          send_retry_header: true
-        )
-        Spotted::Internal::Util.decode_content(response, stream: stream)
-      end
-    end
-  end
-end

data/rbi/spotted/internal/oauth2.rbi

@@ -1,34 +0,0 @@
-# typed: strong
-
-module Spotted
-  module Internal
-    class OAuth2ClientCredentials
-      sig do
-        params(
-          token_url: String,
-          client_id: String,
-          client_secret: String,
-          timeout: Integer,
-          client: T.anything
-        ).void
-      end
-      def initialize(token_url:, client_id:, client_secret:, timeout:, client:)
-      end
-
-      # @api private
-      sig { returns(T::Hash[String, String]) }
-      def auth_headers
-      end
-
-      # @api private
-      sig { returns(T::Boolean) }
-      private def token_expired?
-      end
-
-      # @api private
-      sig { returns(T.anything) }
-      private def fetch_token
-      end
-    end
-  end
-end

data/sig/spotted/internal/oauth2.rbs

@@ -1,19 +0,0 @@
-module Spotted
-  module Internal
-    class OAuth2ClientCredentials
-      def initialize: (
-        token_url: String,
-        client_id: String,
-        client_secret: String,
-        timeout: Integer,
-        client: top
-      ) -> void
-
-      def auth_headers: -> ::Hash[String, String]
-
-      private def token_expired?: -> bool
-
-      private def fetch_token: -> top
-    end
-  end
-end