@adobe/aio-commerce-lib-auth 0.1.0 → 0.2.0

package/dist/es/index.d.ts

@@ -1,39 +1,88 @@
-import OAuth1a from "oauth-1.0a";
+import { ErrorType, Result } from "@adobe/aio-commerce-lib-core/result";
+import * as valibot0 from "valibot";
+import { InferInput, InferIssue, InferOutput } from "valibot";
+import { ValidationErrorType } from "@adobe/aio-commerce-lib-core/validation";
+import * as url39 from "url";
 
-//#region source/lib/ims-auth.d.ts
-declare const IMS_AUTH_HEADERS: readonly ["Authorization", "x-api-key"];
-declare const IMS_AUTH_PARAMS: readonly ["AIO_COMMERCE_IMS_CLIENT_ID", "AIO_COMMERCE_IMS_CLIENT_SECRETS", "AIO_COMMERCE_IMS_TECHNICAL_ACCOUNT_ID", "AIO_COMMERCE_IMS_TECHNICAL_ACCOUNT_EMAIL", "AIO_COMMERCE_IMS_IMS_ORG_ID", "AIO_COMMERCE_IMS_SCOPES", "AIO_COMMERCE_IMS_ENV", "AIO_COMMERCE_IMS_CTX"];
-type ImsAuthParam = (typeof IMS_AUTH_PARAMS)[number];
-type ImsAuthParams = Partial<Record<ImsAuthParam, string>>;
-type ImsAuthHeader = (typeof IMS_AUTH_HEADERS)[number];
-type ImsAuthHeaders = Record<ImsAuthHeader, string>;
+//#region source/lib/ims-auth/schema.d.ts
+declare const IMS_AUTH_ENV: {
+  readonly PROD: "prod";
+  readonly STAGE: "stage";
+};
+declare const ImsAuthEnvSchema: valibot0.EnumSchema<{
+  readonly PROD: "prod";
+  readonly STAGE: "stage";
+}, undefined>;
+declare const ImsAuthParamsSchema: valibot0.ObjectSchema<{
+  readonly AIO_COMMERCE_IMS_CLIENT_ID: valibot0.SchemaWithPipe<readonly [valibot0.StringSchema<`Expected a string value for the IMS auth parameter ${string}`>, valibot0.NonEmptyAction<string, `Expected a non-empty string value for the IMS auth parameter ${string}`>]>;
+  readonly AIO_COMMERCE_IMS_CLIENT_SECRETS: valibot0.SchemaWithPipe<readonly [valibot0.SchemaWithPipe<readonly [valibot0.StringSchema<`Expected a string value for the IMS auth parameter ${string}`>, valibot0.NonEmptyAction<string, `Expected a non-empty string value for the IMS auth parameter ${string}`>, valibot0.ParseJsonAction<string, undefined, undefined>]>, valibot0.ArraySchema<valibot0.StringSchema<undefined>, `Expected a stringified JSON array value for the IMS auth parameter ${string}`>]>;
+  readonly AIO_COMMERCE_IMS_TECHNICAL_ACCOUNT_ID: valibot0.SchemaWithPipe<readonly [valibot0.StringSchema<`Expected a string value for the IMS auth parameter ${string}`>, valibot0.NonEmptyAction<string, `Expected a non-empty string value for the IMS auth parameter ${string}`>]>;
+  readonly AIO_COMMERCE_IMS_TECHNICAL_ACCOUNT_EMAIL: valibot0.SchemaWithPipe<readonly [valibot0.StringSchema<`Expected a string value for the IMS auth parameter ${string}`>, valibot0.NonEmptyAction<string, `Expected a non-empty string value for the IMS auth parameter ${string}`>]>;
+  readonly AIO_COMMERCE_IMS_IMS_ORG_ID: valibot0.SchemaWithPipe<readonly [valibot0.StringSchema<`Expected a string value for the IMS auth parameter ${string}`>, valibot0.NonEmptyAction<string, `Expected a non-empty string value for the IMS auth parameter ${string}`>]>;
+  readonly AIO_COMMERCE_IMS_ENV: valibot0.SchemaWithPipe<readonly [valibot0.OptionalSchema<valibot0.EnumSchema<{
+    readonly PROD: "prod";
+    readonly STAGE: "stage";
+  }, undefined>, "prod">]>;
+  readonly AIO_COMMERCE_IMS_CTX: valibot0.SchemaWithPipe<readonly [valibot0.OptionalSchema<valibot0.StringSchema<undefined>, "aio-commerce-sdk-creds">]>;
+  readonly AIO_COMMERCE_IMS_SCOPES: valibot0.SchemaWithPipe<readonly [valibot0.SchemaWithPipe<readonly [valibot0.StringSchema<`Expected a string value for the IMS auth parameter ${string}`>, valibot0.NonEmptyAction<string, `Expected a non-empty string value for the IMS auth parameter ${string}`>, valibot0.ParseJsonAction<string, undefined, undefined>]>, valibot0.ArraySchema<valibot0.StringSchema<undefined>, `Expected a stringified JSON array value for the IMS auth parameter ${string}`>]>;
+}, undefined>;
+type ImsAuthParams = InferOutput<typeof ImsAuthParamsSchema>;
+type ImsAuthEnv = InferOutput<typeof ImsAuthEnvSchema>;
+//#endregion
+//#region source/lib/ims-auth/provider.d.ts
 type ImsAccessToken = string;
+type ImsAuthHeader = "Authorization" | "x-api-key";
+type ImsAuthHeaders = Record<ImsAuthHeader, string>;
+type ImsAuthValidationError = ValidationErrorType<"ImsAuthValidationError", InferIssue<typeof ImsAuthParamsSchema>[]>;
+type ImsAuthError<TError = unknown> = ErrorType<"ImsAuthError", {
+  message: string;
+  error: TError;
+}>;
+interface ImsAuthConfig {
+  clientId: string;
+  clientSecrets: string[];
+  technicalAccountId: string;
+  technicalAccountEmail: string;
+  imsOrgId: string;
+  scopes: string[];
+  environment: ImsAuthEnv;
+  context: string;
+}
 interface ImsAuthProvider {
-  getHeaders: () => Promise<ImsAuthHeaders>;
-  getAccessToken: () => Promise<ImsAccessToken>;
+  getAccessToken: () => Promise<Result<ImsAccessToken, ImsAuthError>>;
+  getHeaders: () => Promise<Result<ImsAuthHeaders, ImsAuthError>>;
 }
-declare function getImsAuthProvider(params: ImsAuthParams): Promise<{
-  getAccessToken: () => Promise<string>;
-  getHeaders: () => Promise<{
-    Authorization: string;
-    "x-api-key": string;
-  }>;
-} | undefined>;
+declare function getImsAuthProvider(config: ImsAuthConfig): ImsAuthProvider;
+declare function tryGetImsAuthProvider(params: InferInput<typeof ImsAuthParamsSchema>): Result<ImsAuthProvider, ImsAuthValidationError>;
+//#endregion
+//#region source/lib/integration-auth/schema.d.ts
+declare const HttpMethodSchema: valibot0.PicklistSchema<readonly ["GET", "POST", "PUT", "PATCH", "DELETE"], undefined>;
+type HttpMethodInput = InferInput<typeof HttpMethodSchema>;
+declare const UrlSchema: valibot0.SchemaWithPipe<readonly [valibot0.UnionSchema<[valibot0.SchemaWithPipe<readonly [valibot0.StringSchema<"Expected a string for the Adobe Commerce endpoint">, valibot0.NonEmptyAction<string, "Expected a non-empty string for the Adobe Commerce endpoint">, valibot0.UrlAction<string, "Expected a valid url for the Adobe Commerce endpoint">]>, valibot0.InstanceSchema<typeof url39.URL, undefined>], undefined>, valibot0.TransformAction<string | url39.URL, string>]>;
+type AdobeCommerceUri = InferInput<typeof UrlSchema>;
+declare const IntegrationAuthParamsSchema: valibot0.NonOptionalSchema<valibot0.ObjectSchema<{
+  readonly AIO_COMMERCE_INTEGRATIONS_CONSUMER_KEY: valibot0.SchemaWithPipe<readonly [valibot0.StringSchema<`Expected a string value for the Commerce Integration parameter ${string}`>, valibot0.NonEmptyAction<string, `Expected a non-empty string value for the Commerce Integration parameter ${string}`>]>;
+  readonly AIO_COMMERCE_INTEGRATIONS_CONSUMER_SECRET: valibot0.SchemaWithPipe<readonly [valibot0.StringSchema<`Expected a string value for the Commerce Integration parameter ${string}`>, valibot0.NonEmptyAction<string, `Expected a non-empty string value for the Commerce Integration parameter ${string}`>]>;
+  readonly AIO_COMMERCE_INTEGRATIONS_ACCESS_TOKEN: valibot0.SchemaWithPipe<readonly [valibot0.StringSchema<`Expected a string value for the Commerce Integration parameter ${string}`>, valibot0.NonEmptyAction<string, `Expected a non-empty string value for the Commerce Integration parameter ${string}`>]>;
+  readonly AIO_COMMERCE_INTEGRATIONS_ACCESS_TOKEN_SECRET: valibot0.SchemaWithPipe<readonly [valibot0.StringSchema<`Expected a string value for the Commerce Integration parameter ${string}`>, valibot0.NonEmptyAction<string, `Expected a non-empty string value for the Commerce Integration parameter ${string}`>]>;
+}, undefined>, undefined>;
+type IntegrationAuthParams = InferInput<typeof IntegrationAuthParamsSchema>;
 //#endregion
-//#region source/lib/integration-auth.d.ts
-declare const HTTP_METHODS: readonly ["GET", "POST", "PUT", "PATCH", "DELETE"];
-declare const INTEGRATION_AUTH_HEADERS: readonly ["Authorization"];
-declare const INTEGRATION_AUTH_PARAMS: readonly ["AIO_COMMERCE_INTEGRATIONS_CONSUMER_KEY", "AIO_COMMERCE_INTEGRATIONS_CONSUMER_SECRET", "AIO_COMMERCE_INTEGRATIONS_ACCESS_TOKEN", "AIO_COMMERCE_INTEGRATIONS_ACCESS_TOKEN_SECRET"];
-type IntegrationAuthParam = (typeof INTEGRATION_AUTH_PARAMS)[number];
-type IntegrationAuthParams = Partial<Record<IntegrationAuthParam, string>>;
-type IntegrationAuthHeader = (typeof INTEGRATION_AUTH_HEADERS)[number];
+//#region source/lib/integration-auth/provider.d.ts
+type IntegrationAuthHeader = "Authorization";
 type IntegrationAuthHeaders = Record<IntegrationAuthHeader, string>;
-type HttpMethod = (typeof HTTP_METHODS)[number];
+interface IntegrationConfig {
+  consumerKey: string;
+  consumerSecret: string;
+  accessToken: string;
+  accessTokenSecret: string;
+}
+type ValidationIssues = InferIssue<typeof IntegrationAuthParamsSchema>[] | InferIssue<typeof UrlSchema>[];
+type IntegrationAuthError = ValidationErrorType<"IntegrationAuthValidationError", ValidationIssues>;
 interface IntegrationAuthProvider {
-  getHeaders: (method: HttpMethod, url: string) => IntegrationAuthHeaders;
+  getHeaders: (method: HttpMethodInput, url: AdobeCommerceUri) => Result<IntegrationAuthHeaders, IntegrationAuthError>;
 }
-declare function getIntegrationAuthProvider(params: IntegrationAuthParams): {
-  getHeaders(method: HttpMethod, url: string): OAuth1a.Header;
-} | undefined;
+declare function getIntegrationAuthProvider(config: IntegrationConfig): IntegrationAuthProvider;
+declare function tryGetIntegrationAuthProvider(params: IntegrationAuthParams): Result<IntegrationAuthProvider, IntegrationAuthError>;
 //#endregion
-export { ImsAuthHeader, ImsAuthHeaders, ImsAuthParam, ImsAuthParams, ImsAuthProvider, IntegrationAuthHeader, IntegrationAuthHeaders, IntegrationAuthParam, IntegrationAuthParams, IntegrationAuthProvider, getImsAuthProvider, getIntegrationAuthProvider };
+export { IMS_AUTH_ENV, ImsAuthConfig, ImsAuthEnv, ImsAuthError, ImsAuthParams, ImsAuthProvider, IntegrationAuthError, IntegrationAuthParams, IntegrationAuthProvider, IntegrationConfig, getImsAuthProvider, getIntegrationAuthProvider, tryGetImsAuthProvider, tryGetIntegrationAuthProvider };

package/dist/es/index.js

@@ -1,111 +1,201 @@
+import { err, map, ok } from "@adobe/aio-commerce-lib-core/result";
 import { context, getToken } from "@adobe/aio-lib-ims";
+import { array, enum as enum$1, instance, message, nonEmpty, nonOptional, object, optional, parseJson, picklist, pipe, safeParse, string, transform, union, url } from "valibot";
 import crypto from "node:crypto";
 import OAuth1a from "oauth-1.0a";
 
-//#region source/lib/params.ts
+//#region source/lib/ims-auth/schema.ts
+const imsAuthParameter = (name) => pipe(string(`Expected a string value for the IMS auth parameter ${name}`), nonEmpty(`Expected a non-empty string value for the IMS auth parameter ${name}`));
+const jsonStringArray = (name) => {
+	const jsonStringArraySchema = message(pipe(string(`Expected a string value for the IMS auth parameter ${name}`), nonEmpty(`Expected a non-empty string value for the IMS auth parameter ${name}`), parseJson()), `An error occurred while parsing the JSON string array parameter ${name}`);
+	return pipe(jsonStringArraySchema, array(string(), `Expected a stringified JSON array value for the IMS auth parameter ${name}`));
+};
+/** The environments accepted by the IMS auth service. */
+const IMS_AUTH_ENV = {
+	PROD: "prod",
+	STAGE: "stage"
+};
+const ImsAuthEnvSchema = enum$1(IMS_AUTH_ENV);
+/** Defines the schema to validate the necessary parameters for the IMS auth service. */
+const ImsAuthParamsSchema = object({
+	AIO_COMMERCE_IMS_CLIENT_ID: imsAuthParameter("AIO_COMMERCE_IMS_CLIENT_ID"),
+	AIO_COMMERCE_IMS_CLIENT_SECRETS: jsonStringArray("AIO_COMMERCE_IMS_CLIENT_SECRETS"),
+	AIO_COMMERCE_IMS_TECHNICAL_ACCOUNT_ID: imsAuthParameter("AIO_COMMERCE_IMS_TECHNICAL_ACCOUNT_ID"),
+	AIO_COMMERCE_IMS_TECHNICAL_ACCOUNT_EMAIL: imsAuthParameter("AIO_COMMERCE_IMS_TECHNICAL_ACCOUNT_EMAIL"),
+	AIO_COMMERCE_IMS_IMS_ORG_ID: imsAuthParameter("AIO_COMMERCE_IMS_IMS_ORG_ID"),
+	AIO_COMMERCE_IMS_ENV: pipe(optional(ImsAuthEnvSchema, IMS_AUTH_ENV.PROD)),
+	AIO_COMMERCE_IMS_CTX: pipe(optional(string(), "aio-commerce-sdk-creds")),
+	AIO_COMMERCE_IMS_SCOPES: jsonStringArray("AIO_COMMERCE_IMS_SCOPES")
+});
+
+//#endregion
+//#region source/lib/ims-auth/provider.ts
+function snakeCaseImsAuthConfig(config) {
+	return {
+		...config,
+		client_id: config.clientId,
+		client_secrets: config.clientSecrets,
+		technical_account_id: config.technicalAccountId,
+		technical_account_email: config.technicalAccountEmail,
+		ims_org_id: config.imsOrgId
+	};
+}
+function makeImsAuthValidationError(message$1, issues) {
+	return {
+		_tag: "ImsAuthValidationError",
+		message: message$1,
+		issues
+	};
+}
+function makeImsAuthError(message$1, error) {
+	return {
+		_tag: "ImsAuthError",
+		message: message$1,
+		error
+	};
+}
+function fromParams$1(params) {
+	return {
+		clientId: params.AIO_COMMERCE_IMS_CLIENT_ID,
+		clientSecrets: params.AIO_COMMERCE_IMS_CLIENT_SECRETS,
+		technicalAccountId: params.AIO_COMMERCE_IMS_TECHNICAL_ACCOUNT_ID,
+		technicalAccountEmail: params.AIO_COMMERCE_IMS_TECHNICAL_ACCOUNT_EMAIL,
+		imsOrgId: params.AIO_COMMERCE_IMS_IMS_ORG_ID,
+		scopes: params.AIO_COMMERCE_IMS_SCOPES,
+		environment: params.AIO_COMMERCE_IMS_ENV,
+		context: params.AIO_COMMERCE_IMS_CTX
+	};
+}
+async function tryGetAccessToken(contextName) {
+	try {
+		const accessToken = await getToken(contextName, {});
+		return ok(accessToken);
+	} catch (error) {
+		return err(makeImsAuthError("Failed to retrieve IMS access token", error));
+	}
+}
 /**
-* Checks if the given value is non-empty.
-*
-* @param name of the parameter. Required because of `aio app dev` compatibility: inputs mapped to undefined env vars come as $<input_name> in dev mode, but as '' in prod mode.
-* @param value of the parameter.
+* Creates an {@link ImsAuthProvider} based on the provided configuration.
+* @param config The configuration for the IMS Auth Provider.
+* @returns An {@link ImsAuthProvider} instance that can be used to get access token and auth headers.
 */
-function nonEmpty(name, value) {
-	const v = value?.trim();
-	return v !== void 0 && v !== `$${name}`;
+function getImsAuthProvider(config) {
+	const getAccessToken = async () => {
+		const snakeCasedConfig = snakeCaseImsAuthConfig(config);
+		await context.set(config.context, snakeCasedConfig);
+		return tryGetAccessToken(config.context);
+	};
+	const getHeaders = async () => {
+		const result = await getAccessToken();
+		return map(result, (accessToken) => ({
+			Authorization: `Bearer ${accessToken}`,
+			"x-api-key": config.clientId
+		}));
+	};
+	return {
+		getAccessToken,
+		getHeaders
+	};
 }
 /**
-* Checks if all required parameters are non-empty.
-* @param params action input parameters.
-* @param required list of required parameter names.
+* Tries to create an {@link ImsAuthProvider} based on the provided parameters.
+* @param params The parameters required to create the IMS Auth Provider.
+* @returns An {@link ImsAuthProvider} instance that can be used to get access token and auth headers.
 */
-function allNonEmpty(params, required) {
-	return required.every((name) => nonEmpty(name, params[name]));
+function tryGetImsAuthProvider(params) {
+	const validation = safeParse(ImsAuthParamsSchema, params);
+	if (!validation.success) return err(makeImsAuthValidationError("Failed to validate the provided IMS parameters", validation.issues));
+	return ok(getImsAuthProvider(fromParams$1(validation.output)));
 }
 
 //#endregion
-//#region source/lib/ims-auth.ts
+//#region source/lib/integration-auth/schema.ts
 /**
-* If the required IMS parameters are present, this function returns an {@link ImsAuthProvider}.
-* @param params includes IMS parameters
+* The HTTP methods supported by Commerce.
+* This is used to determine which headers to include in the signing of the authorization header.
 */
-async function getImsAuthProvider(params) {
-	const config = resolveImsConfig(params);
-	if (config) {
-		const contextName = params.AIO_COMMERCE_IMS_CTX ?? "aio-commerce-sdk-creds";
-		await context.set(contextName, config);
-		return {
-			getAccessToken: async () => getToken(contextName, {}),
-			getHeaders: async () => {
-				const accessToken = await getToken(contextName, {});
-				return {
-					Authorization: `Bearer ${accessToken}`,
-					"x-api-key": config.client_id
-				};
-			}
-		};
-	}
-}
-function resolveImsConfig(params) {
-	if (allNonEmpty(params, [
-		"AIO_COMMERCE_IMS_CLIENT_ID",
-		"AIO_COMMERCE_IMS_CLIENT_SECRETS",
-		"AIO_COMMERCE_IMS_TECHNICAL_ACCOUNT_ID",
-		"AIO_COMMERCE_IMS_TECHNICAL_ACCOUNT_EMAIL",
-		"AIO_COMMERCE_IMS_IMS_ORG_ID",
-		"AIO_COMMERCE_IMS_SCOPES"
-	])) return {
-		client_id: params.AIO_COMMERCE_IMS_CLIENT_ID,
-		client_secrets: JSON.parse(params.AIO_COMMERCE_IMS_CLIENT_SECRETS ?? "[]"),
-		technical_account_id: params.AIO_COMMERCE_IMS_TECHNICAL_ACCOUNT_ID,
-		technical_account_email: params.AIO_COMMERCE_IMS_TECHNICAL_ACCOUNT_EMAIL,
-		ims_org_id: params.AIO_COMMERCE_IMS_IMS_ORG_ID,
-		scopes: JSON.parse(params.AIO_COMMERCE_IMS_SCOPES ?? "[]"),
-		environment: params.AIO_COMMERCE_IMS_ENV ?? "prod"
-	};
-}
-
-//#endregion
-//#region source/lib/integration-auth.ts
+const AllowedHttpMethod = [
+	"GET",
+	"POST",
+	"PUT",
+	"PATCH",
+	"DELETE"
+];
+const HttpMethodSchema = picklist(AllowedHttpMethod);
+const integrationAuthParameter = (name) => pipe(string(`Expected a string value for the Commerce Integration parameter ${name}`), nonEmpty(`Expected a non-empty string value for the Commerce Integration parameter ${name}`));
+const BaseUrlSchema = pipe(string("Expected a string for the Adobe Commerce endpoint"), nonEmpty("Expected a non-empty string for the Adobe Commerce endpoint"), url("Expected a valid url for the Adobe Commerce endpoint"));
+const UrlSchema = pipe(union([BaseUrlSchema, instance(URL)]), transform((url$1) => {
+	if (url$1 instanceof URL) return url$1.toString();
+	return url$1;
+}));
 /**
-* If the required integration parameters are present, this function returns an {@link IntegrationAuthProvider}.
-* @param params includes integration parameters
+* The schema for the Commerce Integration parameters.
+* This is used to validate the parameters passed to the Commerce Integration provider.
 */
-function getIntegrationAuthProvider(params) {
-	const config = resolveIntegrationConfig(params);
-	if (config) {
-		const oauth = new OAuth1a({
-			consumer: {
-				key: config.consumerKey,
-				secret: config.consumerSecret
-			},
-			signature_method: "HMAC-SHA256",
-			hash_function: (baseString, key) => crypto.createHmac("sha256", key).update(baseString).digest("base64")
-		});
-		const oauthToken = {
-			key: config.accessToken,
-			secret: config.accessTokenSecret
-		};
-		return { getHeaders(method, url) {
-			return oauth.toHeader(oauth.authorize({
-				url,
-				method
-			}, oauthToken));
-		} };
-	}
+const IntegrationAuthParamsSchema = nonOptional(object({
+	AIO_COMMERCE_INTEGRATIONS_CONSUMER_KEY: integrationAuthParameter("AIO_COMMERCE_INTEGRATIONS_CONSUMER_KEY"),
+	AIO_COMMERCE_INTEGRATIONS_CONSUMER_SECRET: integrationAuthParameter("AIO_COMMERCE_INTEGRATIONS_CONSUMER_SECRET"),
+	AIO_COMMERCE_INTEGRATIONS_ACCESS_TOKEN: integrationAuthParameter("AIO_COMMERCE_INTEGRATIONS_ACCESS_TOKEN"),
+	AIO_COMMERCE_INTEGRATIONS_ACCESS_TOKEN_SECRET: integrationAuthParameter("AIO_COMMERCE_INTEGRATIONS_ACCESS_TOKEN_SECRET")
+}));
+
+//#endregion
+//#region source/lib/integration-auth/provider.ts
+function makeIntegrationAuthValidationError(message$1, issues) {
+	return {
+		_tag: "IntegrationAuthValidationError",
+		message: message$1,
+		issues
+	};
 }
-function resolveIntegrationConfig(params) {
-	if (allNonEmpty(params, [
-		"AIO_COMMERCE_INTEGRATIONS_CONSUMER_KEY",
-		"AIO_COMMERCE_INTEGRATIONS_CONSUMER_SECRET",
-		"AIO_COMMERCE_INTEGRATIONS_ACCESS_TOKEN",
-		"AIO_COMMERCE_INTEGRATIONS_ACCESS_TOKEN_SECRET"
-	])) return {
+function fromParams(params) {
+	return {
 		consumerKey: params.AIO_COMMERCE_INTEGRATIONS_CONSUMER_KEY,
 		consumerSecret: params.AIO_COMMERCE_INTEGRATIONS_CONSUMER_SECRET,
 		accessToken: params.AIO_COMMERCE_INTEGRATIONS_ACCESS_TOKEN,
 		accessTokenSecret: params.AIO_COMMERCE_INTEGRATIONS_ACCESS_TOKEN_SECRET
 	};
 }
+/**
+* Creates an {@link IntegrationAuthProvider} based on the provided configuration.
+* @param config The configuration for the integration.
+* @returns An {@link IntegrationAuthProvider} instance that can be used to get auth headers.
+*/
+function getIntegrationAuthProvider(config) {
+	const oauth = new OAuth1a({
+		consumer: {
+			key: config.consumerKey,
+			secret: config.consumerSecret
+		},
+		signature_method: "HMAC-SHA256",
+		hash_function: (baseString, key) => crypto.createHmac("sha256", key).update(baseString).digest("base64")
+	});
+	const oauthToken = {
+		key: config.accessToken,
+		secret: config.accessTokenSecret
+	};
+	const getHeaders = (method, url$1) => {
+		const uriValidation = safeParse(UrlSchema, url$1);
+		if (!uriValidation.success) return err(makeIntegrationAuthValidationError("Failed to validate the provided Adobe Commerce URL", uriValidation.issues));
+		const finalUrl = uriValidation.output;
+		const headers = oauth.toHeader(oauth.authorize({
+			url: finalUrl,
+			method
+		}, oauthToken));
+		return ok(headers);
+	};
+	return { getHeaders };
+}
+/**
+* Tries to create an {@link IntegrationAuthProvider} based on the provided parameters.
+* @param params The parameters required for integration authentication.
+* @returns An {@link IntegrationAuthProvider} instance that can be used to get auth headers.
+*/
+function tryGetIntegrationAuthProvider(params) {
+	const validation = safeParse(IntegrationAuthParamsSchema, params);
+	if (!validation.success) return err(makeIntegrationAuthValidationError("Failed to validate the provided integration parameters", validation.issues));
+	return ok(getIntegrationAuthProvider(fromParams(validation.output)));
+}
 
 //#endregion
-export { getImsAuthProvider, getIntegrationAuthProvider };
+export { IMS_AUTH_ENV, getImsAuthProvider, getIntegrationAuthProvider, tryGetImsAuthProvider, tryGetIntegrationAuthProvider };

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@adobe/aio-commerce-lib-auth",
   "type": "module",
-  "version": "0.1.0",
+  "version": "0.2.0",
   "private": false,
   "author": "Adobe Inc.",
   "engines": {
@@ -42,7 +42,10 @@
   },
   "dependencies": {
     "@adobe/aio-lib-ims": "^8.1.0",
-    "oauth-1.0a": "^2.2.6"
+    "ansis": "^4.1.0",
+    "oauth-1.0a": "^2.2.6",
+    "valibot": "^1.1.0",
+    "@adobe/aio-commerce-lib-core": "0.2.0"
   },
   "devDependencies": {
     "vitest": "^3.2.4",

package/source/index.ts

@@ -10,5 +10,26 @@
  * governing permissions and limitations under the License.
  */
 
-export * from "./lib/ims-auth";
-export * from "./lib/integration-auth";
+export {
+  getImsAuthProvider,
+  type ImsAuthConfig,
+  type ImsAuthError,
+  type ImsAuthProvider,
+  tryGetImsAuthProvider,
+} from "./lib/ims-auth/provider";
+
+export {
+  IMS_AUTH_ENV,
+  type ImsAuthEnv,
+  type ImsAuthParams,
+} from "./lib/ims-auth/schema";
+
+export {
+  getIntegrationAuthProvider,
+  type IntegrationAuthError,
+  type IntegrationAuthProvider,
+  type IntegrationConfig,
+  tryGetIntegrationAuthProvider,
+} from "./lib/integration-auth/provider";
+
+export type { IntegrationAuthParams } from "./lib/integration-auth/schema";

package/source/lib/ims-auth/provider.ts

@@ -0,0 +1,160 @@
+import {
+  type ErrorType,
+  err,
+  map,
+  ok,
+  type Result,
+} from "@adobe/aio-commerce-lib-core/result";
+
+import type { ValidationErrorType } from "@adobe/aio-commerce-lib-core/validation";
+import { context, getToken } from "@adobe/aio-lib-ims";
+import type { SnakeCasedProperties } from "type-fest";
+import { type InferInput, type InferIssue, safeParse } from "valibot";
+
+import {
+  type ImsAuthEnv,
+  type ImsAuthParams,
+  ImsAuthParamsSchema,
+} from "./schema";
+
+type ImsAccessToken = string;
+type ImsAuthHeader = "Authorization" | "x-api-key";
+type ImsAuthHeaders = Record<ImsAuthHeader, string>;
+
+/** Defines a validation error type for the IMS auth service. */
+export type ImsAuthValidationError = ValidationErrorType<
+  "ImsAuthValidationError",
+  InferIssue<typeof ImsAuthParamsSchema>[]
+>;
+
+/** Defines an error type for the IMS auth service. */
+export type ImsAuthError<TError = unknown> = ErrorType<
+  "ImsAuthError",
+  {
+    message: string;
+    error: TError;
+  }
+>;
+
+/** Defines the configuration options to create an {@link ImsAuthProvider}. */
+export interface ImsAuthConfig {
+  clientId: string;
+  clientSecrets: string[];
+  technicalAccountId: string;
+  technicalAccountEmail: string;
+  imsOrgId: string;
+  scopes: string[];
+  environment: ImsAuthEnv;
+  context: string;
+}
+
+/** Defines an authentication provider for Adobe IMS. */
+export interface ImsAuthProvider {
+  getAccessToken: () => Promise<Result<ImsAccessToken, ImsAuthError>>;
+  getHeaders: () => Promise<Result<ImsAuthHeaders, ImsAuthError>>;
+}
+
+function snakeCaseImsAuthConfig(
+  config: ImsAuthConfig,
+): SnakeCasedProperties<ImsAuthConfig> {
+  return {
+    ...config,
+    client_id: config.clientId,
+    client_secrets: config.clientSecrets,
+    technical_account_id: config.technicalAccountId,
+    technical_account_email: config.technicalAccountEmail,
+    ims_org_id: config.imsOrgId,
+  };
+}
+
+function makeImsAuthValidationError(
+  message: string,
+  issues: InferIssue<typeof ImsAuthParamsSchema>[],
+) {
+  return {
+    _tag: "ImsAuthValidationError",
+    message,
+    issues,
+  } satisfies ImsAuthValidationError;
+}
+
+function makeImsAuthError(message: string, error: unknown) {
+  return {
+    _tag: "ImsAuthError",
+    message,
+    error,
+  } satisfies ImsAuthError;
+}
+
+function fromParams(params: ImsAuthParams) {
+  return {
+    clientId: params.AIO_COMMERCE_IMS_CLIENT_ID,
+    clientSecrets: params.AIO_COMMERCE_IMS_CLIENT_SECRETS,
+    technicalAccountId: params.AIO_COMMERCE_IMS_TECHNICAL_ACCOUNT_ID,
+    technicalAccountEmail: params.AIO_COMMERCE_IMS_TECHNICAL_ACCOUNT_EMAIL,
+    imsOrgId: params.AIO_COMMERCE_IMS_IMS_ORG_ID,
+    scopes: params.AIO_COMMERCE_IMS_SCOPES,
+    environment: params.AIO_COMMERCE_IMS_ENV,
+    context: params.AIO_COMMERCE_IMS_CTX,
+  } satisfies ImsAuthConfig;
+}
+
+async function tryGetAccessToken(
+  contextName: string,
+): Promise<Result<ImsAccessToken, ImsAuthError>> {
+  try {
+    const accessToken = await getToken(contextName, {});
+    return ok(accessToken);
+  } catch (error) {
+    return err(makeImsAuthError("Failed to retrieve IMS access token", error));
+  }
+}
+
+/**
+ * Creates an {@link ImsAuthProvider} based on the provided configuration.
+ * @param config The configuration for the IMS Auth Provider.
+ * @returns An {@link ImsAuthProvider} instance that can be used to get access token and auth headers.
+ */
+export function getImsAuthProvider(config: ImsAuthConfig): ImsAuthProvider {
+  const getAccessToken = async () => {
+    const snakeCasedConfig = snakeCaseImsAuthConfig(config);
+
+    await context.set(config.context, snakeCasedConfig);
+    return tryGetAccessToken(config.context);
+  };
+
+  const getHeaders = async () => {
+    const result = await getAccessToken();
+    return map(result, (accessToken) => ({
+      Authorization: `Bearer ${accessToken}`,
+      "x-api-key": config.clientId,
+    }));
+  };
+
+  return {
+    getAccessToken,
+    getHeaders,
+  };
+}
+
+/**
+ * Tries to create an {@link ImsAuthProvider} based on the provided parameters.
+ * @param params The parameters required to create the IMS Auth Provider.
+ * @returns An {@link ImsAuthProvider} instance that can be used to get access token and auth headers.
+ */
+export function tryGetImsAuthProvider(
+  params: InferInput<typeof ImsAuthParamsSchema>,
+): Result<ImsAuthProvider, ImsAuthValidationError> {
+  const validation = safeParse(ImsAuthParamsSchema, params);
+
+  if (!validation.success) {
+    return err(
+      makeImsAuthValidationError(
+        "Failed to validate the provided IMS parameters",
+        validation.issues,
+      ),
+    );
+  }
+
+  return ok(getImsAuthProvider(fromParams(validation.output)));
+}