@adobe/aio-commerce-lib-auth 0.6.1 → 0.7.0

package/CHANGELOG.md

@@ -1,5 +1,22 @@
 # @adobe/aio-commerce-lib-auth
 
+## 0.7.0
+
+### Minor Changes
+
+- [#224](https://github.com/adobe/aio-commerce-sdk/pull/224) [`ac46985`](https://github.com/adobe/aio-commerce-sdk/commit/ac46985186961c65eddc6be3200dbe1e00369055) Thanks [@iivvaannxx](https://github.com/iivvaannxx)! - Implement token forwarding utilities
+
+### Patch Changes
+
+- Updated dependencies [[`f2b6f34`](https://github.com/adobe/aio-commerce-sdk/commit/f2b6f34709a5adcca93b852b5855cb6b1c852312), [`f2b6f34`](https://github.com/adobe/aio-commerce-sdk/commit/f2b6f34709a5adcca93b852b5855cb6b1c852312)]:
+  - @adobe/aio-commerce-lib-core@0.6.0
+
+## 0.6.2
+
+### Patch Changes
+
+- [#153](https://github.com/adobe/aio-commerce-sdk/pull/153) [`3c88b74`](https://github.com/adobe/aio-commerce-sdk/commit/3c88b74ccfea0df06514b696ce8797c95e1acc4f) Thanks [@iivvaannxx](https://github.com/iivvaannxx)! - Parse IMS scopes from potential string arrays, when resolving from a params object.
+
 ## 0.6.1
 
 ### Patch Changes

package/dist/cjs/index.cjs

@@ -1,14 +1 @@
-/**
-* @license
-* 
-* Copyright 2025 Adobe. All rights reserved.
-* This file is licensed to you under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License. You may obtain a copy
-* of the License at http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software distributed under
-* the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR REPRESENTATIONS
-* OF ANY KIND, either express or implied. See the License for the specific language
-* governing permissions and limitations under the License.
-*/
-var __create=Object.create,__defProp=Object.defineProperty,__getOwnPropDesc=Object.getOwnPropertyDescriptor,__getOwnPropNames=Object.getOwnPropertyNames,__getProtoOf=Object.getPrototypeOf,__hasOwnProp=Object.prototype.hasOwnProperty,__copyProps=(to,from,except,desc)=>{if(from&&typeof from==`object`||typeof from==`function`)for(var keys=__getOwnPropNames(from),i=0,n=keys.length,key;i<n;i++)key=keys[i],!__hasOwnProp.call(to,key)&&key!==except&&__defProp(to,key,{get:(k=>from[k]).bind(null,key),enumerable:!(desc=__getOwnPropDesc(from,key))||desc.enumerable});return to},__toESM=(mod,isNodeMode,target)=>(target=mod==null?{}:__create(__getProtoOf(mod)),__copyProps(isNodeMode||!mod||!mod.__esModule?__defProp(target,`default`,{value:mod,enumerable:!0}):target,mod));let __adobe_aio_lib_ims=require(`@adobe/aio-lib-ims`);__adobe_aio_lib_ims=__toESM(__adobe_aio_lib_ims);let __adobe_aio_commerce_lib_core_error=require(`@adobe/aio-commerce-lib-core/error`);__adobe_aio_commerce_lib_core_error=__toESM(__adobe_aio_commerce_lib_core_error);let valibot=require(`valibot`);valibot=__toESM(valibot);let crypto=require(`crypto`);crypto=__toESM(crypto);let oauth_1_0a=require(`oauth-1.0a`);oauth_1_0a=__toESM(oauth_1_0a);let __adobe_aio_commerce_lib_core_params=require(`@adobe/aio-commerce-lib-core/params`);__adobe_aio_commerce_lib_core_params=__toESM(__adobe_aio_commerce_lib_core_params);const{context,getToken}=__adobe_aio_lib_ims.default;function toImsAuthConfig(config){return{scopes:config.scopes,env:config?.environment??`prod`,context:config.context??`aio-commerce-lib-auth-creds`,client_id:config.clientId,client_secrets:config.clientSecrets,technical_account_id:config.technicalAccountId,technical_account_email:config.technicalAccountEmail,ims_org_id:config.imsOrgId}}function isImsAuthProvider(provider){return typeof provider==`object`&&!!provider&&`getAccessToken`in provider&&`getHeaders`in provider&&typeof provider.getAccessToken==`function`&&typeof provider.getHeaders==`function`}function getImsAuthProvider(authParams){let getAccessToken=async()=>{let imsAuthConfig=toImsAuthConfig(authParams);return await context.set(imsAuthConfig.context,imsAuthConfig),getToken(imsAuthConfig.context,{})};return{getAccessToken,getHeaders:async()=>({Authorization:`Bearer ${await getAccessToken()}`,"x-api-key":authParams.clientId})}}const imsAuthParameter=name=>(0,valibot.pipe)((0,valibot.string)(`Expected a string value for the IMS auth parameter ${name}`),(0,valibot.nonEmpty)(`Expected a non-empty string value for the IMS auth parameter ${name}`)),stringArray=(name,minimumLength)=>(0,valibot.pipe)((0,valibot.array)((0,valibot.string)(),`Expected a string array value for the IMS auth parameter ${name}`),(0,valibot.minLength)(minimumLength,`Expected at least ${minimumLength} items for the IMS auth parameter ${name}`)),maybeJsonStringArray=name=>(0,valibot.pipe)(imsAuthParameter(name),(0,valibot.rawTransform)(({dataset:{value:v},addIssue,NEVER})=>{if(v.startsWith(`[`)&&v.endsWith(`]`))try{return JSON.parse(v)}catch(error){let errorMessage=error.message;return addIssue({received:v,message:`Expected a valid JSON array for the IMS auth parameter "${name}": ${errorMessage}`}),NEVER}return[v]})),ImsAuthEnvSchema=(0,valibot.picklist)([`prod`,`stage`]),ImsAuthParamsSchema=(0,valibot.object)({clientId:imsAuthParameter(`clientId`),clientSecrets:(0,valibot.pipe)((0,valibot.union)([maybeJsonStringArray(`clientSecrets`),stringArray(`clientSecrets`,1)]),stringArray(`clientSecrets`,1)),technicalAccountId:imsAuthParameter(`technicalAccountId`),technicalAccountEmail:(0,valibot.pipe)((0,valibot.string)(`Expected a string value for the IMS auth parameter technicalAccountEmail`),(0,valibot.email)(`Expected a valid email format for technicalAccountEmail`)),imsOrgId:imsAuthParameter(`imsOrgId`),environment:(0,valibot.pipe)((0,valibot.optional)(ImsAuthEnvSchema)),context:(0,valibot.pipe)((0,valibot.optional)((0,valibot.string)())),scopes:stringArray(`scopes`,1)});function __parseImsAuthParams(config){let result=(0,valibot.safeParse)(ImsAuthParamsSchema,config);if(!result.success)throw new __adobe_aio_commerce_lib_core_error.CommerceSdkValidationError(`Invalid ImsAuthProvider configuration`,{issues:result.issues});return result.output}function assertImsAuthParams(config){__parseImsAuthParams(config)}function resolveImsAuthParams(params){return __parseImsAuthParams({clientId:params.AIO_COMMERCE_AUTH_IMS_CLIENT_ID,clientSecrets:params.AIO_COMMERCE_AUTH_IMS_CLIENT_SECRETS,technicalAccountId:params.AIO_COMMERCE_AUTH_IMS_TECHNICAL_ACCOUNT_ID,technicalAccountEmail:params.AIO_COMMERCE_AUTH_IMS_TECHNICAL_ACCOUNT_EMAIL,imsOrgId:params.AIO_COMMERCE_AUTH_IMS_ORG_ID,scopes:params.AIO_COMMERCE_AUTH_IMS_SCOPES,environment:params.AIO_COMMERCE_AUTH_IMS_ENVIRONMENT,context:params.AIO_COMMERCE_AUTH_IMS_CONTEXT})}const integrationAuthParameter=name=>(0,valibot.pipe)((0,valibot.string)(`Expected a string value for the Commerce Integration parameter ${name}`),(0,valibot.nonEmpty)(`Expected a non-empty string value for the Commerce Integration parameter ${name}`)),BaseUrlSchema=(0,valibot.pipe)((0,valibot.string)(`Expected a string for the Adobe Commerce endpoint`),(0,valibot.nonEmpty)(`Expected a non-empty string for the Adobe Commerce endpoint`),(0,valibot.url)(`Expected a valid url for the Adobe Commerce endpoint`)),UrlSchema=(0,valibot.pipe)((0,valibot.union)([BaseUrlSchema,(0,valibot.instance)(URL)]),(0,valibot.transform)(url=>url instanceof URL?url.toString():url)),IntegrationAuthParamsSchema=(0,valibot.nonOptional)((0,valibot.object)({consumerKey:integrationAuthParameter(`consumerKey`),consumerSecret:integrationAuthParameter(`consumerSecret`),accessToken:integrationAuthParameter(`accessToken`),accessTokenSecret:integrationAuthParameter(`accessTokenSecret`)}));function isIntegrationAuthProvider(provider){return typeof provider==`object`&&!!provider&&`getHeaders`in provider&&typeof provider.getHeaders==`function`}function getIntegrationAuthProvider(authParams){let oauth=new oauth_1_0a.default({consumer:{key:authParams.consumerKey,secret:authParams.consumerSecret},signature_method:`HMAC-SHA256`,hash_function:(baseString,key)=>crypto.default.createHmac(`sha256`,key).update(baseString).digest(`base64`)}),oauthToken={key:authParams.accessToken,secret:authParams.accessTokenSecret};return{getHeaders:(method,url)=>{let urlString=(0,valibot.parse)(UrlSchema,url);return oauth.toHeader(oauth.authorize({url:urlString,method},oauthToken))}}}function __parseIntegrationAuthParams(config){let result=(0,valibot.safeParse)(IntegrationAuthParamsSchema,config);if(!result.success)throw new __adobe_aio_commerce_lib_core_error.CommerceSdkValidationError(`Invalid IntegrationAuthProvider configuration`,{issues:result.issues});return result.output}function assertIntegrationAuthParams(config){__parseIntegrationAuthParams(config)}function resolveIntegrationAuthParams(params){return __parseIntegrationAuthParams({consumerKey:params.AIO_COMMERCE_AUTH_INTEGRATION_CONSUMER_KEY,consumerSecret:params.AIO_COMMERCE_AUTH_INTEGRATION_CONSUMER_SECRET,accessToken:params.AIO_COMMERCE_AUTH_INTEGRATION_ACCESS_TOKEN,accessTokenSecret:params.AIO_COMMERCE_AUTH_INTEGRATION_ACCESS_TOKEN_SECRET})}const IMS_AUTH_PARAMS=[`AIO_COMMERCE_AUTH_IMS_CLIENT_ID`,`AIO_COMMERCE_AUTH_IMS_CLIENT_SECRETS`,`AIO_COMMERCE_AUTH_IMS_TECHNICAL_ACCOUNT_ID`,`AIO_COMMERCE_AUTH_IMS_TECHNICAL_ACCOUNT_EMAIL`,`AIO_COMMERCE_AUTH_IMS_ORG_ID`,`AIO_COMMERCE_AUTH_IMS_SCOPES`],INTEGRATION_AUTH_PARAMS=[`AIO_COMMERCE_AUTH_INTEGRATION_CONSUMER_KEY`,`AIO_COMMERCE_AUTH_INTEGRATION_CONSUMER_SECRET`,`AIO_COMMERCE_AUTH_INTEGRATION_ACCESS_TOKEN`,`AIO_COMMERCE_AUTH_INTEGRATION_ACCESS_TOKEN_SECRET`];function resolveAuthParams(params){if((0,__adobe_aio_commerce_lib_core_params.allNonEmpty)(params,IMS_AUTH_PARAMS))return Object.assign(resolveImsAuthParams(params),{strategy:`ims`});if((0,__adobe_aio_commerce_lib_core_params.allNonEmpty)(params,INTEGRATION_AUTH_PARAMS))return Object.assign(resolveIntegrationAuthParams(params),{strategy:`integration`});throw Error(`Can't resolve authentication options for the given params. Please provide either IMS options (${IMS_AUTH_PARAMS.join(`, `)}) or Commerce integration options (${INTEGRATION_AUTH_PARAMS.join(`, `)}).`)}exports.assertImsAuthParams=assertImsAuthParams,exports.assertIntegrationAuthParams=assertIntegrationAuthParams,exports.getImsAuthProvider=getImsAuthProvider,exports.getIntegrationAuthProvider=getIntegrationAuthProvider,exports.isImsAuthProvider=isImsAuthProvider,exports.isIntegrationAuthProvider=isIntegrationAuthProvider,exports.resolveAuthParams=resolveAuthParams;
+var __create=Object.create,__defProp=Object.defineProperty,__getOwnPropDesc=Object.getOwnPropertyDescriptor,__getOwnPropNames=Object.getOwnPropertyNames,__getProtoOf=Object.getPrototypeOf,__hasOwnProp=Object.prototype.hasOwnProperty,__copyProps=(to,from,except,desc)=>{if(from&&typeof from==`object`||typeof from==`function`)for(var keys=__getOwnPropNames(from),i=0,n=keys.length,key;i<n;i++)key=keys[i],!__hasOwnProp.call(to,key)&&key!==except&&__defProp(to,key,{get:(k=>from[k]).bind(null,key),enumerable:!(desc=__getOwnPropDesc(from,key))||desc.enumerable});return to},__toESM=(mod,isNodeMode,target)=>(target=mod==null?{}:__create(__getProtoOf(mod)),__copyProps(isNodeMode||!mod||!mod.__esModule?__defProp(target,`default`,{value:mod,enumerable:!0}):target,mod));let _adobe_aio_commerce_lib_core_headers=require(`@adobe/aio-commerce-lib-core/headers`),valibot=require(`valibot`);valibot=__toESM(valibot);let _adobe_aio_commerce_lib_core_error=require(`@adobe/aio-commerce-lib-core/error`),_adobe_aio_lib_ims=require(`@adobe/aio-lib-ims`);_adobe_aio_lib_ims=__toESM(_adobe_aio_lib_ims);let crypto=require(`crypto`);crypto=__toESM(crypto);let oauth_1_0a=require(`oauth-1.0a`);oauth_1_0a=__toESM(oauth_1_0a);let _adobe_aio_commerce_lib_core_params=require(`@adobe/aio-commerce-lib-core/params`);function stringValueSchema(propertyName){return valibot.string(`Expected a string value for property '${propertyName}'`)}function parseOrThrow(schema,input,message){let result=valibot.safeParse(schema,input);if(!result.success)throw new _adobe_aio_commerce_lib_core_error.CommerceSdkValidationError(message??`Invalid input`,{issues:result.issues});return result.output}const imsAuthParameter=name=>(0,valibot.pipe)((0,valibot.string)(`Expected a string value for the IMS auth parameter ${name}`),(0,valibot.nonEmpty)(`Expected a non-empty string value for the IMS auth parameter ${name}`)),stringArray=(name,minimumLength)=>(0,valibot.pipe)((0,valibot.array)((0,valibot.string)(),`Expected a string array value for the IMS auth parameter ${name}`),(0,valibot.minLength)(minimumLength,`Expected at least ${minimumLength} items for the IMS auth parameter ${name}`)),StringArrayTransformSchema=name=>(0,valibot.pipe)((0,valibot.union)([stringArray(name,1),(0,valibot.pipe)((0,valibot.string)(),(0,valibot.rawTransform)(({dataset:{value:v},addIssue,NEVER})=>{if(v.startsWith(`[`)&&v.endsWith(`]`))try{let parsed=JSON.parse(v);return Array.isArray(parsed)?parsed:(addIssue({received:v,message:`Expected a valid JSON array for the IMS auth parameter ${name}: ${v}`}),NEVER)}catch(error){let errorMessage=error.message;return addIssue({received:v,message:`Expected a valid JSON array for the IMS auth parameter ${name}: ${errorMessage}`}),NEVER}return[v]}))]),stringArray(`value`,1)),ImsAuthEnvSchema=(0,valibot.picklist)([`prod`,`stage`]),ImsAuthParamsSchema=(0,valibot.object)({clientId:imsAuthParameter(`clientId`),clientSecrets:stringArray(`clientSecrets`,1),technicalAccountId:imsAuthParameter(`technicalAccountId`),technicalAccountEmail:(0,valibot.pipe)((0,valibot.string)(`Expected a string value for the IMS auth parameter technicalAccountEmail`),(0,valibot.email)(`Expected a valid email format for technicalAccountEmail`)),imsOrgId:imsAuthParameter(`imsOrgId`),environment:(0,valibot.pipe)((0,valibot.optional)(ImsAuthEnvSchema)),context:(0,valibot.pipe)((0,valibot.optional)((0,valibot.string)())),scopes:stringArray(`scopes`,1)});function __transformStringArray(name,value){if(value===void 0)return;let result=(0,valibot.safeParse)(StringArrayTransformSchema(name),value);if(!result.success)throw new _adobe_aio_commerce_lib_core_error.CommerceSdkValidationError(`Invalid ImsAuthProvider configuration`,{issues:result.issues});return result.output}function __parseImsAuthParams(config){let result=(0,valibot.safeParse)(ImsAuthParamsSchema,config);if(!result.success)throw new _adobe_aio_commerce_lib_core_error.CommerceSdkValidationError(`Invalid ImsAuthProvider configuration`,{issues:result.issues});return result.output}function assertImsAuthParams(config){__parseImsAuthParams(config)}function resolveImsAuthParams(params){return __parseImsAuthParams({clientId:params.AIO_COMMERCE_AUTH_IMS_CLIENT_ID,clientSecrets:__transformStringArray(`AIO_COMMERCE_AUTH_IMS_CLIENT_SECRETS`,params.AIO_COMMERCE_AUTH_IMS_CLIENT_SECRETS),technicalAccountId:params.AIO_COMMERCE_AUTH_IMS_TECHNICAL_ACCOUNT_ID,technicalAccountEmail:params.AIO_COMMERCE_AUTH_IMS_TECHNICAL_ACCOUNT_EMAIL,imsOrgId:params.AIO_COMMERCE_AUTH_IMS_ORG_ID,scopes:__transformStringArray(`AIO_COMMERCE_AUTH_IMS_SCOPES`,params.AIO_COMMERCE_AUTH_IMS_SCOPES),environment:params.AIO_COMMERCE_AUTH_IMS_ENVIRONMENT,context:params.AIO_COMMERCE_AUTH_IMS_CONTEXT})}function buildImsHeaders(accessToken,apiKey){let imsHeaders={Authorization:`Bearer ${accessToken}`};return apiKey&&(imsHeaders[`x-api-key`]=apiKey),imsHeaders}const IMS_AUTH_TOKEN_PARAM=`AIO_COMMERCE_AUTH_IMS_TOKEN`,IMS_AUTH_API_KEY_PARAM=`AIO_COMMERCE_AUTH_IMS_API_KEY`,ImsAuthParamsInputSchema=valibot.looseObject({[IMS_AUTH_TOKEN_PARAM]:stringValueSchema(IMS_AUTH_TOKEN_PARAM),[IMS_AUTH_API_KEY_PARAM]:valibot.optional(stringValueSchema(IMS_AUTH_API_KEY_PARAM))}),ForwardedImsAuthSourceSchema=valibot.variant(`from`,[valibot.object({from:valibot.literal(`headers`),headers:valibot.record(valibot.string(),valibot.optional(valibot.string()))}),valibot.object({from:valibot.literal(`getter`),getHeaders:valibot.custom(input=>typeof input==`function`,`Expected a function for getHeaders`)}),valibot.object({from:valibot.literal(`params`),params:ImsAuthParamsInputSchema})]);function getForwardedImsAuthProvider(source){let validatedSource=parseOrThrow(ForwardedImsAuthSourceSchema,source,`Invalid forwarded IMS auth source`);switch(validatedSource.from){case`headers`:{let{authorization}=(0,_adobe_aio_commerce_lib_core_headers.createHeaderAccessor)(validatedSource.headers,[`Authorization`]),apiKey=(0,_adobe_aio_commerce_lib_core_headers.getHeader)(validatedSource.headers,`x-api-key`),{token}=(0,_adobe_aio_commerce_lib_core_headers.parseBearerToken)(authorization);return{getAccessToken:()=>token,getHeaders:()=>buildImsHeaders(token,apiKey)}}case`getter`:return{getHeaders:validatedSource.getHeaders,getAccessToken:async()=>{let{token}=(0,_adobe_aio_commerce_lib_core_headers.parseBearerToken)((await validatedSource.getHeaders()).Authorization);return token}};case`params`:{let{params}=validatedSource,accessToken=params[IMS_AUTH_TOKEN_PARAM],apiKey=params[IMS_AUTH_API_KEY_PARAM];return{getAccessToken:()=>accessToken,getHeaders:()=>buildImsHeaders(accessToken,apiKey)}}}}function forwardImsAuthProviderFromRequest(params){return getForwardedImsAuthProvider({from:`headers`,headers:(0,_adobe_aio_commerce_lib_core_headers.getHeadersFromParams)(params)})}function forwardImsAuthProviderFromParams(params){return getForwardedImsAuthProvider({from:`params`,params:parseOrThrow(ImsAuthParamsInputSchema,params,`Missing AIO_COMMERCE_AUTH_IMS_TOKEN in params`)})}function forwardImsAuthProvider(params){try{return forwardImsAuthProviderFromParams(params)}catch{}try{return forwardImsAuthProviderFromRequest(params)}catch{}throw Error(`Can't forward IMS authentication from the given params. Make sure your params contain an AIO_COMMERCE_AUTH_IMS_TOKEN input or an Authorization header with an IMS token.`)}const{context,getToken}=_adobe_aio_lib_ims.default;function toImsAuthConfig(config){return{scopes:config.scopes,env:config?.environment??`prod`,context:config.context??`aio-commerce-lib-auth-creds`,client_id:config.clientId,client_secrets:config.clientSecrets,technical_account_id:config.technicalAccountId,technical_account_email:config.technicalAccountEmail,ims_org_id:config.imsOrgId}}function isImsAuthProvider(provider){return typeof provider==`object`&&!!provider&&`getAccessToken`in provider&&`getHeaders`in provider&&typeof provider.getAccessToken==`function`&&typeof provider.getHeaders==`function`}function getImsAuthProvider(authParams){let getAccessToken=async()=>{let imsAuthConfig=toImsAuthConfig(authParams);return await context.set(imsAuthConfig.context,imsAuthConfig),getToken(imsAuthConfig.context,{})};return{getAccessToken,getHeaders:async()=>buildImsHeaders(await getAccessToken(),authParams.clientId)}}const integrationAuthParameter=name=>(0,valibot.pipe)((0,valibot.string)(`Expected a string value for the Commerce Integration parameter ${name}`),(0,valibot.nonEmpty)(`Expected a non-empty string value for the Commerce Integration parameter ${name}`)),BaseUrlSchema=(0,valibot.pipe)((0,valibot.string)(`Expected a string for the Adobe Commerce endpoint`),(0,valibot.nonEmpty)(`Expected a non-empty string for the Adobe Commerce endpoint`),(0,valibot.url)(`Expected a valid url for the Adobe Commerce endpoint`)),UrlSchema=(0,valibot.pipe)((0,valibot.union)([BaseUrlSchema,(0,valibot.instance)(URL)]),(0,valibot.transform)(url=>url instanceof URL?url.toString():url)),IntegrationAuthParamsSchema=(0,valibot.nonOptional)((0,valibot.object)({consumerKey:integrationAuthParameter(`consumerKey`),consumerSecret:integrationAuthParameter(`consumerSecret`),accessToken:integrationAuthParameter(`accessToken`),accessTokenSecret:integrationAuthParameter(`accessTokenSecret`)}));function isIntegrationAuthProvider(provider){return typeof provider==`object`&&!!provider&&`getHeaders`in provider&&typeof provider.getHeaders==`function`}function getIntegrationAuthProvider(authParams){let oauth=new oauth_1_0a.default({consumer:{key:authParams.consumerKey,secret:authParams.consumerSecret},signature_method:`HMAC-SHA256`,hash_function:(baseString,key)=>crypto.default.createHmac(`sha256`,key).update(baseString).digest(`base64`)}),oauthToken={key:authParams.accessToken,secret:authParams.accessTokenSecret};return{getHeaders:(method,url)=>{let urlString=(0,valibot.parse)(UrlSchema,url);return oauth.toHeader(oauth.authorize({url:urlString,method},oauthToken))}}}function __parseIntegrationAuthParams(config){let result=(0,valibot.safeParse)(IntegrationAuthParamsSchema,config);if(!result.success)throw new _adobe_aio_commerce_lib_core_error.CommerceSdkValidationError(`Invalid IntegrationAuthProvider configuration`,{issues:result.issues});return result.output}function assertIntegrationAuthParams(config){__parseIntegrationAuthParams(config)}function resolveIntegrationAuthParams(params){return __parseIntegrationAuthParams({consumerKey:params.AIO_COMMERCE_AUTH_INTEGRATION_CONSUMER_KEY,consumerSecret:params.AIO_COMMERCE_AUTH_INTEGRATION_CONSUMER_SECRET,accessToken:params.AIO_COMMERCE_AUTH_INTEGRATION_ACCESS_TOKEN,accessTokenSecret:params.AIO_COMMERCE_AUTH_INTEGRATION_ACCESS_TOKEN_SECRET})}const IMS_AUTH_PARAMS=[`AIO_COMMERCE_AUTH_IMS_CLIENT_ID`,`AIO_COMMERCE_AUTH_IMS_CLIENT_SECRETS`,`AIO_COMMERCE_AUTH_IMS_TECHNICAL_ACCOUNT_ID`,`AIO_COMMERCE_AUTH_IMS_TECHNICAL_ACCOUNT_EMAIL`,`AIO_COMMERCE_AUTH_IMS_ORG_ID`,`AIO_COMMERCE_AUTH_IMS_SCOPES`],INTEGRATION_AUTH_PARAMS=[`AIO_COMMERCE_AUTH_INTEGRATION_CONSUMER_KEY`,`AIO_COMMERCE_AUTH_INTEGRATION_CONSUMER_SECRET`,`AIO_COMMERCE_AUTH_INTEGRATION_ACCESS_TOKEN`,`AIO_COMMERCE_AUTH_INTEGRATION_ACCESS_TOKEN_SECRET`];function resolveAuthParams(params){if((0,_adobe_aio_commerce_lib_core_params.allNonEmpty)(params,IMS_AUTH_PARAMS))return{...resolveImsAuthParams(params),strategy:`ims`};if((0,_adobe_aio_commerce_lib_core_params.allNonEmpty)(params,INTEGRATION_AUTH_PARAMS))return{...resolveIntegrationAuthParams(params),strategy:`integration`};throw Error(`Can't resolve authentication options for the given params. Please provide either IMS options (${IMS_AUTH_PARAMS.join(`, `)}) or Commerce integration options (${INTEGRATION_AUTH_PARAMS.join(`, `)}).`)}exports.assertImsAuthParams=assertImsAuthParams,exports.assertIntegrationAuthParams=assertIntegrationAuthParams,exports.forwardImsAuthProvider=forwardImsAuthProvider,exports.getForwardedImsAuthProvider=getForwardedImsAuthProvider,exports.getImsAuthProvider=getImsAuthProvider,exports.getIntegrationAuthProvider=getIntegrationAuthProvider,exports.isImsAuthProvider=isImsAuthProvider,exports.isIntegrationAuthProvider=isIntegrationAuthProvider,exports.resolveAuthParams=resolveAuthParams;

package/dist/cjs/index.d.cts

@@ -1,33 +1,141 @@
-/**
- * @license
- * 
- * Copyright 2025 Adobe. All rights reserved.
- * This file is licensed to you under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License. You may obtain a copy
- * of the License at http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software distributed under
- * the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR REPRESENTATIONS
- * OF ANY KIND, either express or implied. See the License for the specific language
- * governing permissions and limitations under the License.
- */
-
-import * as valibot21 from "valibot";
+import * as v from "valibot";
 import { InferOutput } from "valibot";
 
+//#region source/lib/ims-auth/types.d.ts
+/** Defines the headers required for IMS authentication. */
+type ImsAuthHeaders = {
+  Authorization: string;
+  "x-api-key"?: string;
+};
+/** Defines an authentication provider for Adobe IMS. */
+type ImsAuthProvider = {
+  getAccessToken: () => Promise<string> | string;
+  getHeaders: () => Promise<ImsAuthHeaders> | ImsAuthHeaders;
+};
+//#endregion
+//#region source/lib/ims-auth/forwarding.d.ts
+declare const ForwardedImsAuthSourceSchema: v.VariantSchema<"from", [v.ObjectSchema<{
+  readonly from: v.LiteralSchema<"headers", undefined>;
+  readonly headers: v.RecordSchema<v.StringSchema<undefined>, v.OptionalSchema<v.StringSchema<undefined>, undefined>, undefined>;
+}, undefined>, v.ObjectSchema<{
+  readonly from: v.LiteralSchema<"getter", undefined>;
+  readonly getHeaders: v.CustomSchema<() => ImsAuthHeaders | Promise<ImsAuthHeaders>, v.ErrorMessage<v.CustomIssue> | undefined>;
+}, undefined>, v.ObjectSchema<{
+  readonly from: v.LiteralSchema<"params", undefined>;
+  readonly params: v.LooseObjectSchema<{
+    readonly AIO_COMMERCE_AUTH_IMS_TOKEN: v.StringSchema<`Expected a string value for property '${string}'`>;
+    readonly AIO_COMMERCE_AUTH_IMS_API_KEY: v.OptionalSchema<v.StringSchema<`Expected a string value for property '${string}'`>, undefined>;
+  }, undefined>;
+}, undefined>], undefined>;
+/**
+ * Discriminated union for different sources of forwarded IMS auth credentials.
+ *
+ * - `headers`: Extract credentials from a raw headers object (e.g. an HTTP request).
+ * - `getter`: Use a function that returns IMS auth headers (sync or async).
+ * - `params`: Read credentials from a params object using `AIO_COMMERCE_AUTH_IMS_TOKEN` and `AIO_COMMERCE_AUTH_IMS_API_KEY` keys.
+ */
+type ForwardedImsAuthSource = v.InferOutput<typeof ForwardedImsAuthSourceSchema>;
+/**
+ * Creates an {@link ImsAuthProvider} by forwarding authentication credentials from various sources.
+ *
+ * @param source The source of the credentials to forward, as a {@link ForwardedImsAuthSource}.
+ * @returns An {@link ImsAuthProvider} instance that returns the forwarded access token and headers.
+ *
+ * @throws {CommerceSdkValidationError} If the source object is invalid.
+ * @throws {CommerceSdkValidationError} If `from: "headers"` is used and the `Authorization` header is missing.
+ * @throws {CommerceSdkValidationError} If `from: "headers"` is used and the `Authorization` header is not in Bearer token format.
+ * @throws {CommerceSdkValidationError} If `from: "params"` is used and `AIO_COMMERCE_AUTH_IMS_TOKEN` is missing or empty.
+ *
+ * @example
+ * ```typescript
+ * import { getForwardedImsAuthProvider } from "@adobe/aio-commerce-lib-auth";
+ *
+ * // From raw headers (e.g. from an HTTP request).
+ * const provider1 = getForwardedImsAuthProvider({
+ *   from: "headers",
+ *   headers: params.__ow_headers,
+ * });
+ *
+ * // From async getter (e.g. fetch from secret manager)
+ * const provider2 = getForwardedImsAuthProvider({
+ *   from: "getter",
+ *   getHeaders: async () => {
+ *     const token = await secretManager.getSecret("ims-token");
+ *     return { Authorization: `Bearer ${token}` };
+ *   },
+ * });
+ *
+ * // From a params object (using AIO_COMMERCE_AUTH_IMS_TOKEN and AIO_COMMERCE_AUTH_IMS_API_KEY keys)
+ * const provider3 = getForwardedImsAuthProvider({
+ *   from: "params",
+ *   params: actionParams,
+ * });
+ *
+ * // Use the provider
+ * const token = await provider1.getAccessToken();
+ * const headers = await provider1.getHeaders();
+ * ```
+ */
+declare function getForwardedImsAuthProvider(source: v.InferInput<typeof ForwardedImsAuthSourceSchema>): ImsAuthProvider;
+/**
+ * Creates an {@link ImsAuthProvider} by forwarding authentication credentials from runtime action parameters.
+ *
+ * This function automatically detects the source of credentials by trying multiple strategies in order:
+ * 1. **Params token** - Looks for `AIO_COMMERCE_AUTH_IMS_TOKEN` (and optionally `AIO_COMMERCE_AUTH_IMS_API_KEY`) in the params object
+ * 2. **HTTP headers** - Falls back to extracting the `Authorization` header from `__ow_headers`
+ *
+ * Use this function when building actions that receive authenticated requests and need to forward
+ * those credentials to downstream services (proxy pattern).
+ *
+ * @param params The runtime action parameters object. Can contain either:
+ *   - `AIO_COMMERCE_AUTH_IMS_TOKEN` and optionally `AIO_COMMERCE_AUTH_IMS_API_KEY` for direct token forwarding
+ *   - `__ow_headers` with an `Authorization` header for HTTP request forwarding
+ * @returns An {@link ImsAuthProvider} instance that returns the forwarded access token and headers.
+ *
+ * @throws {Error} If neither a valid token param nor Authorization header is found.
+ *
+ * @example
+ * ```typescript
+ * import { forwardImsAuthProvider } from "@adobe/aio-commerce-lib-auth";
+ *
+ * export async function main(params: Record<string, unknown>) {
+ *   // Automatically detects credentials from params or headers
+ *   const authProvider = forwardImsAuthProvider(params);
+ *
+ *   // Get the access token
+ *   const token = await authProvider.getAccessToken();
+ *
+ *   // Get headers for downstream API requests
+ *   const headers = await authProvider.getHeaders();
+ *   // {
+ *   //   Authorization: "Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9...",
+ *   //   "x-api-key": "my-api-key" // Only if available
+ *   // }
+ *
+ *   // Use the forwarded credentials in downstream API calls
+ *   const response = await fetch("https://api.adobe.io/some-endpoint", {
+ *     headers,
+ *   });
+ *
+ *   return { statusCode: 200, body: await response.json() };
+ * }
+ * ```
+ */
+declare function forwardImsAuthProvider(params: Record<string, unknown>): ImsAuthProvider;
+//#endregion
 //#region source/lib/ims-auth/schema.d.ts
 /** Validation schema for IMS auth environment values. */
-declare const ImsAuthEnvSchema: valibot21.PicklistSchema<["prod", "stage"], undefined>;
+declare const ImsAuthEnvSchema: v.PicklistSchema<["prod", "stage"], undefined>;
 /** Defines the schema to validate the necessary parameters for the IMS auth service. */
-declare const ImsAuthParamsSchema: valibot21.ObjectSchema<{
-  readonly clientId: valibot21.SchemaWithPipe<readonly [valibot21.StringSchema<`Expected a string value for the IMS auth parameter ${string}`>, valibot21.NonEmptyAction<string, `Expected a non-empty string value for the IMS auth parameter ${string}`>]>;
-  readonly clientSecrets: valibot21.SchemaWithPipe<readonly [valibot21.UnionSchema<[valibot21.SchemaWithPipe<readonly [valibot21.SchemaWithPipe<readonly [valibot21.StringSchema<`Expected a string value for the IMS auth parameter ${string}`>, valibot21.NonEmptyAction<string, `Expected a non-empty string value for the IMS auth parameter ${string}`>]>, valibot21.RawTransformAction<string, any>]>, valibot21.SchemaWithPipe<readonly [valibot21.ArraySchema<valibot21.StringSchema<undefined>, `Expected a string array value for the IMS auth parameter ${string}`>, valibot21.MinLengthAction<string[], number, `Expected at least ${number} items for the IMS auth parameter ${string}`>]>], undefined>, valibot21.SchemaWithPipe<readonly [valibot21.ArraySchema<valibot21.StringSchema<undefined>, `Expected a string array value for the IMS auth parameter ${string}`>, valibot21.MinLengthAction<string[], number, `Expected at least ${number} items for the IMS auth parameter ${string}`>]>]>;
-  readonly technicalAccountId: valibot21.SchemaWithPipe<readonly [valibot21.StringSchema<`Expected a string value for the IMS auth parameter ${string}`>, valibot21.NonEmptyAction<string, `Expected a non-empty string value for the IMS auth parameter ${string}`>]>;
-  readonly technicalAccountEmail: valibot21.SchemaWithPipe<readonly [valibot21.StringSchema<"Expected a string value for the IMS auth parameter technicalAccountEmail">, valibot21.EmailAction<string, "Expected a valid email format for technicalAccountEmail">]>;
-  readonly imsOrgId: valibot21.SchemaWithPipe<readonly [valibot21.StringSchema<`Expected a string value for the IMS auth parameter ${string}`>, valibot21.NonEmptyAction<string, `Expected a non-empty string value for the IMS auth parameter ${string}`>]>;
-  readonly environment: valibot21.SchemaWithPipe<readonly [valibot21.OptionalSchema<valibot21.PicklistSchema<["prod", "stage"], undefined>, undefined>]>;
-  readonly context: valibot21.SchemaWithPipe<readonly [valibot21.OptionalSchema<valibot21.StringSchema<undefined>, undefined>]>;
-  readonly scopes: valibot21.SchemaWithPipe<readonly [valibot21.ArraySchema<valibot21.StringSchema<undefined>, `Expected a string array value for the IMS auth parameter ${string}`>, valibot21.MinLengthAction<string[], number, `Expected at least ${number} items for the IMS auth parameter ${string}`>]>;
+declare const ImsAuthParamsSchema: v.ObjectSchema<{
+  readonly clientId: v.SchemaWithPipe<readonly [v.StringSchema<`Expected a string value for the IMS auth parameter ${string}`>, v.NonEmptyAction<string, `Expected a non-empty string value for the IMS auth parameter ${string}`>]>;
+  readonly clientSecrets: v.SchemaWithPipe<readonly [v.ArraySchema<v.StringSchema<undefined>, `Expected a string array value for the IMS auth parameter ${string}`>, v.MinLengthAction<string[], number, `Expected at least ${number} items for the IMS auth parameter ${string}`>]>;
+  readonly technicalAccountId: v.SchemaWithPipe<readonly [v.StringSchema<`Expected a string value for the IMS auth parameter ${string}`>, v.NonEmptyAction<string, `Expected a non-empty string value for the IMS auth parameter ${string}`>]>;
+  readonly technicalAccountEmail: v.SchemaWithPipe<readonly [v.StringSchema<"Expected a string value for the IMS auth parameter technicalAccountEmail">, v.EmailAction<string, "Expected a valid email format for technicalAccountEmail">]>;
+  readonly imsOrgId: v.SchemaWithPipe<readonly [v.StringSchema<`Expected a string value for the IMS auth parameter ${string}`>, v.NonEmptyAction<string, `Expected a non-empty string value for the IMS auth parameter ${string}`>]>;
+  readonly environment: v.SchemaWithPipe<readonly [v.OptionalSchema<v.PicklistSchema<["prod", "stage"], undefined>, undefined>]>;
+  readonly context: v.SchemaWithPipe<readonly [v.OptionalSchema<v.StringSchema<undefined>, undefined>]>;
+  readonly scopes: v.SchemaWithPipe<readonly [v.ArraySchema<v.StringSchema<undefined>, `Expected a string array value for the IMS auth parameter ${string}`>, v.MinLengthAction<string[], number, `Expected at least ${number} items for the IMS auth parameter ${string}`>]>;
 }, undefined>;
 /** Defines the parameters for the IMS auth service. */
 type ImsAuthParams = InferOutput<typeof ImsAuthParamsSchema>;
@@ -35,15 +143,6 @@ type ImsAuthParams = InferOutput<typeof ImsAuthParamsSchema>;
 type ImsAuthEnv = InferOutput<typeof ImsAuthEnvSchema>;
 //#endregion
 //#region source/lib/ims-auth/provider.d.ts
-/** Defines the header keys used for IMS authentication. */
-type ImsAuthHeader = "Authorization" | "x-api-key";
-/** Defines the headers required for IMS authentication. */
-type ImsAuthHeaders = Record<ImsAuthHeader, string>;
-/** Defines an authentication provider for Adobe IMS. */
-type ImsAuthProvider = {
-  getAccessToken: () => Promise<string>;
-  getHeaders: () => Promise<ImsAuthHeaders>;
-};
 /**
  * Type guard to check if a value is an ImsAuthProvider instance.
  *
@@ -103,10 +202,7 @@ declare function isImsAuthProvider(provider: unknown): provider is ImsAuthProvid
  */
 declare function getImsAuthProvider(authParams: ImsAuthParams): {
   getAccessToken: () => Promise<string>;
-  getHeaders: () => Promise<{
-    Authorization: string;
-    "x-api-key": string;
-  }>;
+  getHeaders: () => Promise<ImsAuthHeaders>;
 };
 //#endregion
 //#region source/lib/ims-auth/utils.d.ts
@@ -156,11 +252,11 @@ type HttpMethodInput = "GET" | "POST" | "PUT" | "PATCH" | "DELETE";
  * The schema for the Commerce Integration parameters.
  * This is used to validate the parameters passed to the Commerce Integration provider.
  */
-declare const IntegrationAuthParamsSchema: valibot21.NonOptionalSchema<valibot21.ObjectSchema<{
-  readonly consumerKey: valibot21.SchemaWithPipe<readonly [valibot21.StringSchema<`Expected a string value for the Commerce Integration parameter ${string}`>, valibot21.NonEmptyAction<string, `Expected a non-empty string value for the Commerce Integration parameter ${string}`>]>;
-  readonly consumerSecret: valibot21.SchemaWithPipe<readonly [valibot21.StringSchema<`Expected a string value for the Commerce Integration parameter ${string}`>, valibot21.NonEmptyAction<string, `Expected a non-empty string value for the Commerce Integration parameter ${string}`>]>;
-  readonly accessToken: valibot21.SchemaWithPipe<readonly [valibot21.StringSchema<`Expected a string value for the Commerce Integration parameter ${string}`>, valibot21.NonEmptyAction<string, `Expected a non-empty string value for the Commerce Integration parameter ${string}`>]>;
-  readonly accessTokenSecret: valibot21.SchemaWithPipe<readonly [valibot21.StringSchema<`Expected a string value for the Commerce Integration parameter ${string}`>, valibot21.NonEmptyAction<string, `Expected a non-empty string value for the Commerce Integration parameter ${string}`>]>;
+declare const IntegrationAuthParamsSchema: v.NonOptionalSchema<v.ObjectSchema<{
+  readonly consumerKey: v.SchemaWithPipe<readonly [v.StringSchema<`Expected a string value for the Commerce Integration parameter ${string}`>, v.NonEmptyAction<string, `Expected a non-empty string value for the Commerce Integration parameter ${string}`>]>;
+  readonly consumerSecret: v.SchemaWithPipe<readonly [v.StringSchema<`Expected a string value for the Commerce Integration parameter ${string}`>, v.NonEmptyAction<string, `Expected a non-empty string value for the Commerce Integration parameter ${string}`>]>;
+  readonly accessToken: v.SchemaWithPipe<readonly [v.StringSchema<`Expected a string value for the Commerce Integration parameter ${string}`>, v.NonEmptyAction<string, `Expected a non-empty string value for the Commerce Integration parameter ${string}`>]>;
+  readonly accessTokenSecret: v.SchemaWithPipe<readonly [v.StringSchema<`Expected a string value for the Commerce Integration parameter ${string}`>, v.NonEmptyAction<string, `Expected a non-empty string value for the Commerce Integration parameter ${string}`>]>;
 }, undefined>, undefined>;
 /** Defines the parameters required for Commerce Integration authentication. */
 type IntegrationAuthParams = InferOutput<typeof IntegrationAuthParamsSchema>;
@@ -272,7 +368,8 @@ declare function assertIntegrationAuthParams(config: Record<PropertyKey, unknown
  * }
  * ```
  */
-declare function resolveAuthParams(params: Record<string, unknown>): ({
+declare function resolveAuthParams(params: Record<string, unknown>): {
+  strategy: "ims";
   clientId: string;
   clientSecrets: string[];
   technicalAccountId: string;
@@ -281,15 +378,12 @@ declare function resolveAuthParams(params: Record<string, unknown>): ({
   environment?: "prod" | "stage" | undefined;
   context?: string | undefined;
   scopes: string[];
-} & {
-  readonly strategy: "ims";
-}) | ({
+} | {
+  strategy: "integration";
   consumerKey: string;
   consumerSecret: string;
   accessToken: string;
   accessTokenSecret: string;
-} & {
-  readonly strategy: "integration";
-});
+};
 //#endregion
-export { type ImsAuthEnv, type ImsAuthParams, type ImsAuthProvider, type IntegrationAuthParams, type IntegrationAuthProvider, assertImsAuthParams, assertIntegrationAuthParams, getImsAuthProvider, getIntegrationAuthProvider, isImsAuthProvider, isIntegrationAuthProvider, resolveAuthParams };
+export { type ForwardedImsAuthSource, type ImsAuthEnv, type ImsAuthHeaders, type ImsAuthParams, type ImsAuthProvider, type IntegrationAuthParams, type IntegrationAuthProvider, assertImsAuthParams, assertIntegrationAuthParams, forwardImsAuthProvider, getForwardedImsAuthProvider, getImsAuthProvider, getIntegrationAuthProvider, isImsAuthProvider, isIntegrationAuthProvider, resolveAuthParams };

package/dist/es/{index.d.ts → index.d.mts}

@@ -1,33 +1,142 @@
-/**
- * @license
- * 
- * Copyright 2025 Adobe. All rights reserved.
- * This file is licensed to you under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License. You may obtain a copy
- * of the License at http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software distributed under
- * the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR REPRESENTATIONS
- * OF ANY KIND, either express or implied. See the License for the specific language
- * governing permissions and limitations under the License.
- */
-
-import * as valibot21 from "valibot";
+import * as v from "valibot";
 import { InferOutput } from "valibot";
+import "@adobe/aio-commerce-lib-core/params";
 
+//#region source/lib/ims-auth/types.d.ts
+/** Defines the headers required for IMS authentication. */
+type ImsAuthHeaders = {
+  Authorization: string;
+  "x-api-key"?: string;
+};
+/** Defines an authentication provider for Adobe IMS. */
+type ImsAuthProvider = {
+  getAccessToken: () => Promise<string> | string;
+  getHeaders: () => Promise<ImsAuthHeaders> | ImsAuthHeaders;
+};
+//#endregion
+//#region source/lib/ims-auth/forwarding.d.ts
+declare const ForwardedImsAuthSourceSchema: v.VariantSchema<"from", [v.ObjectSchema<{
+  readonly from: v.LiteralSchema<"headers", undefined>;
+  readonly headers: v.RecordSchema<v.StringSchema<undefined>, v.OptionalSchema<v.StringSchema<undefined>, undefined>, undefined>;
+}, undefined>, v.ObjectSchema<{
+  readonly from: v.LiteralSchema<"getter", undefined>;
+  readonly getHeaders: v.CustomSchema<() => ImsAuthHeaders | Promise<ImsAuthHeaders>, v.ErrorMessage<v.CustomIssue> | undefined>;
+}, undefined>, v.ObjectSchema<{
+  readonly from: v.LiteralSchema<"params", undefined>;
+  readonly params: v.LooseObjectSchema<{
+    readonly AIO_COMMERCE_AUTH_IMS_TOKEN: v.StringSchema<`Expected a string value for property '${string}'`>;
+    readonly AIO_COMMERCE_AUTH_IMS_API_KEY: v.OptionalSchema<v.StringSchema<`Expected a string value for property '${string}'`>, undefined>;
+  }, undefined>;
+}, undefined>], undefined>;
+/**
+ * Discriminated union for different sources of forwarded IMS auth credentials.
+ *
+ * - `headers`: Extract credentials from a raw headers object (e.g. an HTTP request).
+ * - `getter`: Use a function that returns IMS auth headers (sync or async).
+ * - `params`: Read credentials from a params object using `AIO_COMMERCE_AUTH_IMS_TOKEN` and `AIO_COMMERCE_AUTH_IMS_API_KEY` keys.
+ */
+type ForwardedImsAuthSource = v.InferOutput<typeof ForwardedImsAuthSourceSchema>;
+/**
+ * Creates an {@link ImsAuthProvider} by forwarding authentication credentials from various sources.
+ *
+ * @param source The source of the credentials to forward, as a {@link ForwardedImsAuthSource}.
+ * @returns An {@link ImsAuthProvider} instance that returns the forwarded access token and headers.
+ *
+ * @throws {CommerceSdkValidationError} If the source object is invalid.
+ * @throws {CommerceSdkValidationError} If `from: "headers"` is used and the `Authorization` header is missing.
+ * @throws {CommerceSdkValidationError} If `from: "headers"` is used and the `Authorization` header is not in Bearer token format.
+ * @throws {CommerceSdkValidationError} If `from: "params"` is used and `AIO_COMMERCE_AUTH_IMS_TOKEN` is missing or empty.
+ *
+ * @example
+ * ```typescript
+ * import { getForwardedImsAuthProvider } from "@adobe/aio-commerce-lib-auth";
+ *
+ * // From raw headers (e.g. from an HTTP request).
+ * const provider1 = getForwardedImsAuthProvider({
+ *   from: "headers",
+ *   headers: params.__ow_headers,
+ * });
+ *
+ * // From async getter (e.g. fetch from secret manager)
+ * const provider2 = getForwardedImsAuthProvider({
+ *   from: "getter",
+ *   getHeaders: async () => {
+ *     const token = await secretManager.getSecret("ims-token");
+ *     return { Authorization: `Bearer ${token}` };
+ *   },
+ * });
+ *
+ * // From a params object (using AIO_COMMERCE_AUTH_IMS_TOKEN and AIO_COMMERCE_AUTH_IMS_API_KEY keys)
+ * const provider3 = getForwardedImsAuthProvider({
+ *   from: "params",
+ *   params: actionParams,
+ * });
+ *
+ * // Use the provider
+ * const token = await provider1.getAccessToken();
+ * const headers = await provider1.getHeaders();
+ * ```
+ */
+declare function getForwardedImsAuthProvider(source: v.InferInput<typeof ForwardedImsAuthSourceSchema>): ImsAuthProvider;
+/**
+ * Creates an {@link ImsAuthProvider} by forwarding authentication credentials from runtime action parameters.
+ *
+ * This function automatically detects the source of credentials by trying multiple strategies in order:
+ * 1. **Params token** - Looks for `AIO_COMMERCE_AUTH_IMS_TOKEN` (and optionally `AIO_COMMERCE_AUTH_IMS_API_KEY`) in the params object
+ * 2. **HTTP headers** - Falls back to extracting the `Authorization` header from `__ow_headers`
+ *
+ * Use this function when building actions that receive authenticated requests and need to forward
+ * those credentials to downstream services (proxy pattern).
+ *
+ * @param params The runtime action parameters object. Can contain either:
+ *   - `AIO_COMMERCE_AUTH_IMS_TOKEN` and optionally `AIO_COMMERCE_AUTH_IMS_API_KEY` for direct token forwarding
+ *   - `__ow_headers` with an `Authorization` header for HTTP request forwarding
+ * @returns An {@link ImsAuthProvider} instance that returns the forwarded access token and headers.
+ *
+ * @throws {Error} If neither a valid token param nor Authorization header is found.
+ *
+ * @example
+ * ```typescript
+ * import { forwardImsAuthProvider } from "@adobe/aio-commerce-lib-auth";
+ *
+ * export async function main(params: Record<string, unknown>) {
+ *   // Automatically detects credentials from params or headers
+ *   const authProvider = forwardImsAuthProvider(params);
+ *
+ *   // Get the access token
+ *   const token = await authProvider.getAccessToken();
+ *
+ *   // Get headers for downstream API requests
+ *   const headers = await authProvider.getHeaders();
+ *   // {
+ *   //   Authorization: "Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9...",
+ *   //   "x-api-key": "my-api-key" // Only if available
+ *   // }
+ *
+ *   // Use the forwarded credentials in downstream API calls
+ *   const response = await fetch("https://api.adobe.io/some-endpoint", {
+ *     headers,
+ *   });
+ *
+ *   return { statusCode: 200, body: await response.json() };
+ * }
+ * ```
+ */
+declare function forwardImsAuthProvider(params: Record<string, unknown>): ImsAuthProvider;
+//#endregion
 //#region source/lib/ims-auth/schema.d.ts
 /** Validation schema for IMS auth environment values. */
-declare const ImsAuthEnvSchema: valibot21.PicklistSchema<["prod", "stage"], undefined>;
+declare const ImsAuthEnvSchema: v.PicklistSchema<["prod", "stage"], undefined>;
 /** Defines the schema to validate the necessary parameters for the IMS auth service. */
-declare const ImsAuthParamsSchema: valibot21.ObjectSchema<{
-  readonly clientId: valibot21.SchemaWithPipe<readonly [valibot21.StringSchema<`Expected a string value for the IMS auth parameter ${string}`>, valibot21.NonEmptyAction<string, `Expected a non-empty string value for the IMS auth parameter ${string}`>]>;
-  readonly clientSecrets: valibot21.SchemaWithPipe<readonly [valibot21.UnionSchema<[valibot21.SchemaWithPipe<readonly [valibot21.SchemaWithPipe<readonly [valibot21.StringSchema<`Expected a string value for the IMS auth parameter ${string}`>, valibot21.NonEmptyAction<string, `Expected a non-empty string value for the IMS auth parameter ${string}`>]>, valibot21.RawTransformAction<string, any>]>, valibot21.SchemaWithPipe<readonly [valibot21.ArraySchema<valibot21.StringSchema<undefined>, `Expected a string array value for the IMS auth parameter ${string}`>, valibot21.MinLengthAction<string[], number, `Expected at least ${number} items for the IMS auth parameter ${string}`>]>], undefined>, valibot21.SchemaWithPipe<readonly [valibot21.ArraySchema<valibot21.StringSchema<undefined>, `Expected a string array value for the IMS auth parameter ${string}`>, valibot21.MinLengthAction<string[], number, `Expected at least ${number} items for the IMS auth parameter ${string}`>]>]>;
-  readonly technicalAccountId: valibot21.SchemaWithPipe<readonly [valibot21.StringSchema<`Expected a string value for the IMS auth parameter ${string}`>, valibot21.NonEmptyAction<string, `Expected a non-empty string value for the IMS auth parameter ${string}`>]>;
-  readonly technicalAccountEmail: valibot21.SchemaWithPipe<readonly [valibot21.StringSchema<"Expected a string value for the IMS auth parameter technicalAccountEmail">, valibot21.EmailAction<string, "Expected a valid email format for technicalAccountEmail">]>;
-  readonly imsOrgId: valibot21.SchemaWithPipe<readonly [valibot21.StringSchema<`Expected a string value for the IMS auth parameter ${string}`>, valibot21.NonEmptyAction<string, `Expected a non-empty string value for the IMS auth parameter ${string}`>]>;
-  readonly environment: valibot21.SchemaWithPipe<readonly [valibot21.OptionalSchema<valibot21.PicklistSchema<["prod", "stage"], undefined>, undefined>]>;
-  readonly context: valibot21.SchemaWithPipe<readonly [valibot21.OptionalSchema<valibot21.StringSchema<undefined>, undefined>]>;
-  readonly scopes: valibot21.SchemaWithPipe<readonly [valibot21.ArraySchema<valibot21.StringSchema<undefined>, `Expected a string array value for the IMS auth parameter ${string}`>, valibot21.MinLengthAction<string[], number, `Expected at least ${number} items for the IMS auth parameter ${string}`>]>;
+declare const ImsAuthParamsSchema: v.ObjectSchema<{
+  readonly clientId: v.SchemaWithPipe<readonly [v.StringSchema<`Expected a string value for the IMS auth parameter ${string}`>, v.NonEmptyAction<string, `Expected a non-empty string value for the IMS auth parameter ${string}`>]>;
+  readonly clientSecrets: v.SchemaWithPipe<readonly [v.ArraySchema<v.StringSchema<undefined>, `Expected a string array value for the IMS auth parameter ${string}`>, v.MinLengthAction<string[], number, `Expected at least ${number} items for the IMS auth parameter ${string}`>]>;
+  readonly technicalAccountId: v.SchemaWithPipe<readonly [v.StringSchema<`Expected a string value for the IMS auth parameter ${string}`>, v.NonEmptyAction<string, `Expected a non-empty string value for the IMS auth parameter ${string}`>]>;
+  readonly technicalAccountEmail: v.SchemaWithPipe<readonly [v.StringSchema<"Expected a string value for the IMS auth parameter technicalAccountEmail">, v.EmailAction<string, "Expected a valid email format for technicalAccountEmail">]>;
+  readonly imsOrgId: v.SchemaWithPipe<readonly [v.StringSchema<`Expected a string value for the IMS auth parameter ${string}`>, v.NonEmptyAction<string, `Expected a non-empty string value for the IMS auth parameter ${string}`>]>;
+  readonly environment: v.SchemaWithPipe<readonly [v.OptionalSchema<v.PicklistSchema<["prod", "stage"], undefined>, undefined>]>;
+  readonly context: v.SchemaWithPipe<readonly [v.OptionalSchema<v.StringSchema<undefined>, undefined>]>;
+  readonly scopes: v.SchemaWithPipe<readonly [v.ArraySchema<v.StringSchema<undefined>, `Expected a string array value for the IMS auth parameter ${string}`>, v.MinLengthAction<string[], number, `Expected at least ${number} items for the IMS auth parameter ${string}`>]>;
 }, undefined>;
 /** Defines the parameters for the IMS auth service. */
 type ImsAuthParams = InferOutput<typeof ImsAuthParamsSchema>;
@@ -35,15 +144,6 @@ type ImsAuthParams = InferOutput<typeof ImsAuthParamsSchema>;
 type ImsAuthEnv = InferOutput<typeof ImsAuthEnvSchema>;
 //#endregion
 //#region source/lib/ims-auth/provider.d.ts
-/** Defines the header keys used for IMS authentication. */
-type ImsAuthHeader = "Authorization" | "x-api-key";
-/** Defines the headers required for IMS authentication. */
-type ImsAuthHeaders = Record<ImsAuthHeader, string>;
-/** Defines an authentication provider for Adobe IMS. */
-type ImsAuthProvider = {
-  getAccessToken: () => Promise<string>;
-  getHeaders: () => Promise<ImsAuthHeaders>;
-};
 /**
  * Type guard to check if a value is an ImsAuthProvider instance.
  *
@@ -103,10 +203,7 @@ declare function isImsAuthProvider(provider: unknown): provider is ImsAuthProvid
  */
 declare function getImsAuthProvider(authParams: ImsAuthParams): {
   getAccessToken: () => Promise<string>;
-  getHeaders: () => Promise<{
-    Authorization: string;
-    "x-api-key": string;
-  }>;
+  getHeaders: () => Promise<ImsAuthHeaders>;
 };
 //#endregion
 //#region source/lib/ims-auth/utils.d.ts
@@ -156,11 +253,11 @@ type HttpMethodInput = "GET" | "POST" | "PUT" | "PATCH" | "DELETE";
  * The schema for the Commerce Integration parameters.
  * This is used to validate the parameters passed to the Commerce Integration provider.
  */
-declare const IntegrationAuthParamsSchema: valibot21.NonOptionalSchema<valibot21.ObjectSchema<{
-  readonly consumerKey: valibot21.SchemaWithPipe<readonly [valibot21.StringSchema<`Expected a string value for the Commerce Integration parameter ${string}`>, valibot21.NonEmptyAction<string, `Expected a non-empty string value for the Commerce Integration parameter ${string}`>]>;
-  readonly consumerSecret: valibot21.SchemaWithPipe<readonly [valibot21.StringSchema<`Expected a string value for the Commerce Integration parameter ${string}`>, valibot21.NonEmptyAction<string, `Expected a non-empty string value for the Commerce Integration parameter ${string}`>]>;
-  readonly accessToken: valibot21.SchemaWithPipe<readonly [valibot21.StringSchema<`Expected a string value for the Commerce Integration parameter ${string}`>, valibot21.NonEmptyAction<string, `Expected a non-empty string value for the Commerce Integration parameter ${string}`>]>;
-  readonly accessTokenSecret: valibot21.SchemaWithPipe<readonly [valibot21.StringSchema<`Expected a string value for the Commerce Integration parameter ${string}`>, valibot21.NonEmptyAction<string, `Expected a non-empty string value for the Commerce Integration parameter ${string}`>]>;
+declare const IntegrationAuthParamsSchema: v.NonOptionalSchema<v.ObjectSchema<{
+  readonly consumerKey: v.SchemaWithPipe<readonly [v.StringSchema<`Expected a string value for the Commerce Integration parameter ${string}`>, v.NonEmptyAction<string, `Expected a non-empty string value for the Commerce Integration parameter ${string}`>]>;
+  readonly consumerSecret: v.SchemaWithPipe<readonly [v.StringSchema<`Expected a string value for the Commerce Integration parameter ${string}`>, v.NonEmptyAction<string, `Expected a non-empty string value for the Commerce Integration parameter ${string}`>]>;
+  readonly accessToken: v.SchemaWithPipe<readonly [v.StringSchema<`Expected a string value for the Commerce Integration parameter ${string}`>, v.NonEmptyAction<string, `Expected a non-empty string value for the Commerce Integration parameter ${string}`>]>;
+  readonly accessTokenSecret: v.SchemaWithPipe<readonly [v.StringSchema<`Expected a string value for the Commerce Integration parameter ${string}`>, v.NonEmptyAction<string, `Expected a non-empty string value for the Commerce Integration parameter ${string}`>]>;
 }, undefined>, undefined>;
 /** Defines the parameters required for Commerce Integration authentication. */
 type IntegrationAuthParams = InferOutput<typeof IntegrationAuthParamsSchema>;
@@ -272,7 +369,8 @@ declare function assertIntegrationAuthParams(config: Record<PropertyKey, unknown
  * }
  * ```
  */
-declare function resolveAuthParams(params: Record<string, unknown>): ({
+declare function resolveAuthParams(params: Record<string, unknown>): {
+  strategy: "ims";
   clientId: string;
   clientSecrets: string[];
   technicalAccountId: string;
@@ -281,15 +379,12 @@ declare function resolveAuthParams(params: Record<string, unknown>): ({
   environment?: "prod" | "stage" | undefined;
   context?: string | undefined;
   scopes: string[];
-} & {
-  readonly strategy: "ims";
-}) | ({
+} | {
+  strategy: "integration";
   consumerKey: string;
   consumerSecret: string;
   accessToken: string;
   accessTokenSecret: string;
-} & {
-  readonly strategy: "integration";
-});
+};
 //#endregion
-export { type ImsAuthEnv, type ImsAuthParams, type ImsAuthProvider, type IntegrationAuthParams, type IntegrationAuthProvider, assertImsAuthParams, assertIntegrationAuthParams, getImsAuthProvider, getIntegrationAuthProvider, isImsAuthProvider, isIntegrationAuthProvider, resolveAuthParams };
+export { type ForwardedImsAuthSource, type ImsAuthEnv, type ImsAuthHeaders, type ImsAuthParams, type ImsAuthProvider, type IntegrationAuthParams, type IntegrationAuthProvider, assertImsAuthParams, assertIntegrationAuthParams, forwardImsAuthProvider, getForwardedImsAuthProvider, getImsAuthProvider, getIntegrationAuthProvider, isImsAuthProvider, isIntegrationAuthProvider, resolveAuthParams };

package/dist/es/index.mjs

@@ -0,0 +1 @@
+import{createHeaderAccessor,getHeader,getHeadersFromParams,parseBearerToken}from"@adobe/aio-commerce-lib-core/headers";import*as v from"valibot";import{array,email,instance,minLength,nonEmpty,nonOptional,object,optional,parse,picklist,pipe,rawTransform,safeParse,string,transform,union,url}from"valibot";import{CommerceSdkValidationError}from"@adobe/aio-commerce-lib-core/error";import aioLibIms from"@adobe/aio-lib-ims";import crypto from"crypto";import OAuth1a from"oauth-1.0a";import{allNonEmpty}from"@adobe/aio-commerce-lib-core/params";function stringValueSchema(propertyName){return v.string(`Expected a string value for property '${propertyName}'`)}function parseOrThrow(schema,input,message){let result=v.safeParse(schema,input);if(!result.success)throw new CommerceSdkValidationError(message??`Invalid input`,{issues:result.issues});return result.output}const imsAuthParameter=name=>pipe(string(`Expected a string value for the IMS auth parameter ${name}`),nonEmpty(`Expected a non-empty string value for the IMS auth parameter ${name}`)),stringArray=(name,minimumLength)=>pipe(array(string(),`Expected a string array value for the IMS auth parameter ${name}`),minLength(minimumLength,`Expected at least ${minimumLength} items for the IMS auth parameter ${name}`)),StringArrayTransformSchema=name=>pipe(union([stringArray(name,1),pipe(string(),rawTransform(({dataset:{value:v$1},addIssue,NEVER})=>{if(v$1.startsWith(`[`)&&v$1.endsWith(`]`))try{let parsed=JSON.parse(v$1);return Array.isArray(parsed)?parsed:(addIssue({received:v$1,message:`Expected a valid JSON array for the IMS auth parameter ${name}: ${v$1}`}),NEVER)}catch(error){let errorMessage=error.message;return addIssue({received:v$1,message:`Expected a valid JSON array for the IMS auth parameter ${name}: ${errorMessage}`}),NEVER}return[v$1]}))]),stringArray(`value`,1)),ImsAuthEnvSchema=picklist([`prod`,`stage`]),ImsAuthParamsSchema=object({clientId:imsAuthParameter(`clientId`),clientSecrets:stringArray(`clientSecrets`,1),technicalAccountId:imsAuthParameter(`technicalAccountId`),technicalAccountEmail:pipe(string(`Expected a string value for the IMS auth parameter technicalAccountEmail`),email(`Expected a valid email format for technicalAccountEmail`)),imsOrgId:imsAuthParameter(`imsOrgId`),environment:pipe(optional(ImsAuthEnvSchema)),context:pipe(optional(string())),scopes:stringArray(`scopes`,1)});function __transformStringArray(name,value){if(value===void 0)return;let result=safeParse(StringArrayTransformSchema(name),value);if(!result.success)throw new CommerceSdkValidationError(`Invalid ImsAuthProvider configuration`,{issues:result.issues});return result.output}function __parseImsAuthParams(config){let result=safeParse(ImsAuthParamsSchema,config);if(!result.success)throw new CommerceSdkValidationError(`Invalid ImsAuthProvider configuration`,{issues:result.issues});return result.output}function assertImsAuthParams(config){__parseImsAuthParams(config)}function resolveImsAuthParams(params){return __parseImsAuthParams({clientId:params.AIO_COMMERCE_AUTH_IMS_CLIENT_ID,clientSecrets:__transformStringArray(`AIO_COMMERCE_AUTH_IMS_CLIENT_SECRETS`,params.AIO_COMMERCE_AUTH_IMS_CLIENT_SECRETS),technicalAccountId:params.AIO_COMMERCE_AUTH_IMS_TECHNICAL_ACCOUNT_ID,technicalAccountEmail:params.AIO_COMMERCE_AUTH_IMS_TECHNICAL_ACCOUNT_EMAIL,imsOrgId:params.AIO_COMMERCE_AUTH_IMS_ORG_ID,scopes:__transformStringArray(`AIO_COMMERCE_AUTH_IMS_SCOPES`,params.AIO_COMMERCE_AUTH_IMS_SCOPES),environment:params.AIO_COMMERCE_AUTH_IMS_ENVIRONMENT,context:params.AIO_COMMERCE_AUTH_IMS_CONTEXT})}function buildImsHeaders(accessToken,apiKey){let imsHeaders={Authorization:`Bearer ${accessToken}`};return apiKey&&(imsHeaders[`x-api-key`]=apiKey),imsHeaders}const IMS_AUTH_TOKEN_PARAM=`AIO_COMMERCE_AUTH_IMS_TOKEN`,IMS_AUTH_API_KEY_PARAM=`AIO_COMMERCE_AUTH_IMS_API_KEY`,ImsAuthParamsInputSchema=v.looseObject({[IMS_AUTH_TOKEN_PARAM]:stringValueSchema(IMS_AUTH_TOKEN_PARAM),[IMS_AUTH_API_KEY_PARAM]:v.optional(stringValueSchema(IMS_AUTH_API_KEY_PARAM))}),ForwardedImsAuthSourceSchema=v.variant(`from`,[v.object({from:v.literal(`headers`),headers:v.record(v.string(),v.optional(v.string()))}),v.object({from:v.literal(`getter`),getHeaders:v.custom(input=>typeof input==`function`,`Expected a function for getHeaders`)}),v.object({from:v.literal(`params`),params:ImsAuthParamsInputSchema})]);function getForwardedImsAuthProvider(source){let validatedSource=parseOrThrow(ForwardedImsAuthSourceSchema,source,`Invalid forwarded IMS auth source`);switch(validatedSource.from){case`headers`:{let{authorization}=createHeaderAccessor(validatedSource.headers,[`Authorization`]),apiKey=getHeader(validatedSource.headers,`x-api-key`),{token}=parseBearerToken(authorization);return{getAccessToken:()=>token,getHeaders:()=>buildImsHeaders(token,apiKey)}}case`getter`:return{getHeaders:validatedSource.getHeaders,getAccessToken:async()=>{let{token}=parseBearerToken((await validatedSource.getHeaders()).Authorization);return token}};case`params`:{let{params}=validatedSource,accessToken=params[IMS_AUTH_TOKEN_PARAM],apiKey=params[IMS_AUTH_API_KEY_PARAM];return{getAccessToken:()=>accessToken,getHeaders:()=>buildImsHeaders(accessToken,apiKey)}}}}function forwardImsAuthProviderFromRequest(params){return getForwardedImsAuthProvider({from:`headers`,headers:getHeadersFromParams(params)})}function forwardImsAuthProviderFromParams(params){return getForwardedImsAuthProvider({from:`params`,params:parseOrThrow(ImsAuthParamsInputSchema,params,`Missing AIO_COMMERCE_AUTH_IMS_TOKEN in params`)})}function forwardImsAuthProvider(params){try{return forwardImsAuthProviderFromParams(params)}catch{}try{return forwardImsAuthProviderFromRequest(params)}catch{}throw Error(`Can't forward IMS authentication from the given params. Make sure your params contain an AIO_COMMERCE_AUTH_IMS_TOKEN input or an Authorization header with an IMS token.`)}const{context,getToken}=aioLibIms;function toImsAuthConfig(config){return{scopes:config.scopes,env:config?.environment??`prod`,context:config.context??`aio-commerce-lib-auth-creds`,client_id:config.clientId,client_secrets:config.clientSecrets,technical_account_id:config.technicalAccountId,technical_account_email:config.technicalAccountEmail,ims_org_id:config.imsOrgId}}function isImsAuthProvider(provider){return typeof provider==`object`&&!!provider&&`getAccessToken`in provider&&`getHeaders`in provider&&typeof provider.getAccessToken==`function`&&typeof provider.getHeaders==`function`}function getImsAuthProvider(authParams){let getAccessToken=async()=>{let imsAuthConfig=toImsAuthConfig(authParams);return await context.set(imsAuthConfig.context,imsAuthConfig),getToken(imsAuthConfig.context,{})};return{getAccessToken,getHeaders:async()=>buildImsHeaders(await getAccessToken(),authParams.clientId)}}const integrationAuthParameter=name=>pipe(string(`Expected a string value for the Commerce Integration parameter ${name}`),nonEmpty(`Expected a non-empty string value for the Commerce Integration parameter ${name}`)),UrlSchema=pipe(union([pipe(string(`Expected a string for the Adobe Commerce endpoint`),nonEmpty(`Expected a non-empty string for the Adobe Commerce endpoint`),url(`Expected a valid url for the Adobe Commerce endpoint`)),instance(URL)]),transform(url$1=>url$1 instanceof URL?url$1.toString():url$1)),IntegrationAuthParamsSchema=nonOptional(object({consumerKey:integrationAuthParameter(`consumerKey`),consumerSecret:integrationAuthParameter(`consumerSecret`),accessToken:integrationAuthParameter(`accessToken`),accessTokenSecret:integrationAuthParameter(`accessTokenSecret`)}));function isIntegrationAuthProvider(provider){return typeof provider==`object`&&!!provider&&`getHeaders`in provider&&typeof provider.getHeaders==`function`}function getIntegrationAuthProvider(authParams){let oauth=new OAuth1a({consumer:{key:authParams.consumerKey,secret:authParams.consumerSecret},signature_method:`HMAC-SHA256`,hash_function:(baseString,key)=>crypto.createHmac(`sha256`,key).update(baseString).digest(`base64`)}),oauthToken={key:authParams.accessToken,secret:authParams.accessTokenSecret};return{getHeaders:(method,url$1)=>{let urlString=parse(UrlSchema,url$1);return oauth.toHeader(oauth.authorize({url:urlString,method},oauthToken))}}}function __parseIntegrationAuthParams(config){let result=safeParse(IntegrationAuthParamsSchema,config);if(!result.success)throw new CommerceSdkValidationError(`Invalid IntegrationAuthProvider configuration`,{issues:result.issues});return result.output}function assertIntegrationAuthParams(config){__parseIntegrationAuthParams(config)}function resolveIntegrationAuthParams(params){return __parseIntegrationAuthParams({consumerKey:params.AIO_COMMERCE_AUTH_INTEGRATION_CONSUMER_KEY,consumerSecret:params.AIO_COMMERCE_AUTH_INTEGRATION_CONSUMER_SECRET,accessToken:params.AIO_COMMERCE_AUTH_INTEGRATION_ACCESS_TOKEN,accessTokenSecret:params.AIO_COMMERCE_AUTH_INTEGRATION_ACCESS_TOKEN_SECRET})}const IMS_AUTH_PARAMS=[`AIO_COMMERCE_AUTH_IMS_CLIENT_ID`,`AIO_COMMERCE_AUTH_IMS_CLIENT_SECRETS`,`AIO_COMMERCE_AUTH_IMS_TECHNICAL_ACCOUNT_ID`,`AIO_COMMERCE_AUTH_IMS_TECHNICAL_ACCOUNT_EMAIL`,`AIO_COMMERCE_AUTH_IMS_ORG_ID`,`AIO_COMMERCE_AUTH_IMS_SCOPES`],INTEGRATION_AUTH_PARAMS=[`AIO_COMMERCE_AUTH_INTEGRATION_CONSUMER_KEY`,`AIO_COMMERCE_AUTH_INTEGRATION_CONSUMER_SECRET`,`AIO_COMMERCE_AUTH_INTEGRATION_ACCESS_TOKEN`,`AIO_COMMERCE_AUTH_INTEGRATION_ACCESS_TOKEN_SECRET`];function resolveAuthParams(params){if(allNonEmpty(params,IMS_AUTH_PARAMS))return{...resolveImsAuthParams(params),strategy:`ims`};if(allNonEmpty(params,INTEGRATION_AUTH_PARAMS))return{...resolveIntegrationAuthParams(params),strategy:`integration`};throw Error(`Can't resolve authentication options for the given params. Please provide either IMS options (${IMS_AUTH_PARAMS.join(`, `)}) or Commerce integration options (${INTEGRATION_AUTH_PARAMS.join(`, `)}).`)}export{assertImsAuthParams,assertIntegrationAuthParams,forwardImsAuthProvider,getForwardedImsAuthProvider,getImsAuthProvider,getIntegrationAuthProvider,isImsAuthProvider,isIntegrationAuthProvider,resolveAuthParams};

package/package.json

@@ -2,7 +2,7 @@
   "name": "@adobe/aio-commerce-lib-auth",
   "type": "module",
   "author": "Adobe Inc.",
-  "version": "0.6.1",
+  "version": "0.7.0",
   "private": false,
   "engines": {
     "node": ">=20 <=24"
@@ -25,13 +25,13 @@
     "directory": "packages/aio-commerce-lib-auth"
   },
   "main": "./dist/cjs/index.cjs",
-  "module": "./dist/es/index.js",
+  "module": "./dist/es/index.mjs",
   "types": "./dist/cjs/index.d.cts",
   "exports": {
     ".": {
       "import": {
-        "types": "./dist/es/index.d.ts",
-        "default": "./dist/es/index.js"
+        "types": "./dist/es/index.d.mts",
+        "default": "./dist/es/index.mjs"
       },
       "require": {
         "types": "./dist/cjs/index.d.cts",
@@ -40,6 +40,10 @@
     },
     "./package.json": "./package.json"
   },
+  "imports": {
+    "#*": "./source/*.ts",
+    "#test*": "./test/*.ts"
+  },
   "files": [
     "dist",
     "package.json",
@@ -51,17 +55,19 @@
     "ansis": "^4.1.0",
     "oauth-1.0a": "^2.2.6",
     "valibot": "^1.1.0",
-    "@adobe/aio-commerce-lib-core": "0.5.1"
+    "@adobe/aio-commerce-lib-core": "0.6.0"
   },
   "devDependencies": {
     "@aio-commerce-sdk/config-tsdown": "1.0.0",
+    "@aio-commerce-sdk/config-typedoc": "1.0.0",
     "@aio-commerce-sdk/config-typescript": "1.0.0",
     "@aio-commerce-sdk/config-vitest": "1.0.0",
-    "@aio-commerce-sdk/config-typedoc": "1.0.0"
+    "@aio-commerce-sdk/common-utils": "0.0.2"
   },
   "sideEffects": false,
   "scripts": {
     "build": "tsdown",
+    "publint": "publint",
     "docs": "typedoc && prettier --write '**/*.md'",
     "assist": "biome check --formatter-enabled=false --linter-enabled=false --assist-enabled=true --no-errors-on-unmatched",
     "assist:apply": "biome check --write --formatter-enabled=false --linter-enabled=false --assist-enabled=true --no-errors-on-unmatched",

package/dist/es/index.js

@@ -1,14 +0,0 @@
-/**
-* @license
-* 
-* Copyright 2025 Adobe. All rights reserved.
-* This file is licensed to you under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License. You may obtain a copy
-* of the License at http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software distributed under
-* the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR REPRESENTATIONS
-* OF ANY KIND, either express or implied. See the License for the specific language
-* governing permissions and limitations under the License.
-*/
-import aioLibIms from"@adobe/aio-lib-ims";import{CommerceSdkValidationError}from"@adobe/aio-commerce-lib-core/error";import{array,email,instance,minLength,nonEmpty,nonOptional,object,optional,parse,picklist,pipe,rawTransform,safeParse,string,transform,union,url}from"valibot";import crypto from"crypto";import OAuth1a from"oauth-1.0a";import{allNonEmpty}from"@adobe/aio-commerce-lib-core/params";const{context,getToken}=aioLibIms;function toImsAuthConfig(config){return{scopes:config.scopes,env:config?.environment??`prod`,context:config.context??`aio-commerce-lib-auth-creds`,client_id:config.clientId,client_secrets:config.clientSecrets,technical_account_id:config.technicalAccountId,technical_account_email:config.technicalAccountEmail,ims_org_id:config.imsOrgId}}function isImsAuthProvider(provider){return typeof provider==`object`&&!!provider&&`getAccessToken`in provider&&`getHeaders`in provider&&typeof provider.getAccessToken==`function`&&typeof provider.getHeaders==`function`}function getImsAuthProvider(authParams){let getAccessToken=async()=>{let imsAuthConfig=toImsAuthConfig(authParams);return await context.set(imsAuthConfig.context,imsAuthConfig),getToken(imsAuthConfig.context,{})};return{getAccessToken,getHeaders:async()=>({Authorization:`Bearer ${await getAccessToken()}`,"x-api-key":authParams.clientId})}}const imsAuthParameter=name=>pipe(string(`Expected a string value for the IMS auth parameter ${name}`),nonEmpty(`Expected a non-empty string value for the IMS auth parameter ${name}`)),stringArray=(name,minimumLength)=>pipe(array(string(),`Expected a string array value for the IMS auth parameter ${name}`),minLength(minimumLength,`Expected at least ${minimumLength} items for the IMS auth parameter ${name}`)),maybeJsonStringArray=name=>pipe(imsAuthParameter(name),rawTransform(({dataset:{value:v},addIssue,NEVER})=>{if(v.startsWith(`[`)&&v.endsWith(`]`))try{return JSON.parse(v)}catch(error){let errorMessage=error.message;return addIssue({received:v,message:`Expected a valid JSON array for the IMS auth parameter "${name}": ${errorMessage}`}),NEVER}return[v]})),ImsAuthEnvSchema=picklist([`prod`,`stage`]),ImsAuthParamsSchema=object({clientId:imsAuthParameter(`clientId`),clientSecrets:pipe(union([maybeJsonStringArray(`clientSecrets`),stringArray(`clientSecrets`,1)]),stringArray(`clientSecrets`,1)),technicalAccountId:imsAuthParameter(`technicalAccountId`),technicalAccountEmail:pipe(string(`Expected a string value for the IMS auth parameter technicalAccountEmail`),email(`Expected a valid email format for technicalAccountEmail`)),imsOrgId:imsAuthParameter(`imsOrgId`),environment:pipe(optional(ImsAuthEnvSchema)),context:pipe(optional(string())),scopes:stringArray(`scopes`,1)});function __parseImsAuthParams(config){let result=safeParse(ImsAuthParamsSchema,config);if(!result.success)throw new CommerceSdkValidationError(`Invalid ImsAuthProvider configuration`,{issues:result.issues});return result.output}function assertImsAuthParams(config){__parseImsAuthParams(config)}function resolveImsAuthParams(params){return __parseImsAuthParams({clientId:params.AIO_COMMERCE_AUTH_IMS_CLIENT_ID,clientSecrets:params.AIO_COMMERCE_AUTH_IMS_CLIENT_SECRETS,technicalAccountId:params.AIO_COMMERCE_AUTH_IMS_TECHNICAL_ACCOUNT_ID,technicalAccountEmail:params.AIO_COMMERCE_AUTH_IMS_TECHNICAL_ACCOUNT_EMAIL,imsOrgId:params.AIO_COMMERCE_AUTH_IMS_ORG_ID,scopes:params.AIO_COMMERCE_AUTH_IMS_SCOPES,environment:params.AIO_COMMERCE_AUTH_IMS_ENVIRONMENT,context:params.AIO_COMMERCE_AUTH_IMS_CONTEXT})}const integrationAuthParameter=name=>pipe(string(`Expected a string value for the Commerce Integration parameter ${name}`),nonEmpty(`Expected a non-empty string value for the Commerce Integration parameter ${name}`)),UrlSchema=pipe(union([pipe(string(`Expected a string for the Adobe Commerce endpoint`),nonEmpty(`Expected a non-empty string for the Adobe Commerce endpoint`),url(`Expected a valid url for the Adobe Commerce endpoint`)),instance(URL)]),transform(url$1=>url$1 instanceof URL?url$1.toString():url$1)),IntegrationAuthParamsSchema=nonOptional(object({consumerKey:integrationAuthParameter(`consumerKey`),consumerSecret:integrationAuthParameter(`consumerSecret`),accessToken:integrationAuthParameter(`accessToken`),accessTokenSecret:integrationAuthParameter(`accessTokenSecret`)}));function isIntegrationAuthProvider(provider){return typeof provider==`object`&&!!provider&&`getHeaders`in provider&&typeof provider.getHeaders==`function`}function getIntegrationAuthProvider(authParams){let oauth=new OAuth1a({consumer:{key:authParams.consumerKey,secret:authParams.consumerSecret},signature_method:`HMAC-SHA256`,hash_function:(baseString,key)=>crypto.createHmac(`sha256`,key).update(baseString).digest(`base64`)}),oauthToken={key:authParams.accessToken,secret:authParams.accessTokenSecret};return{getHeaders:(method,url$1)=>{let urlString=parse(UrlSchema,url$1);return oauth.toHeader(oauth.authorize({url:urlString,method},oauthToken))}}}function __parseIntegrationAuthParams(config){let result=safeParse(IntegrationAuthParamsSchema,config);if(!result.success)throw new CommerceSdkValidationError(`Invalid IntegrationAuthProvider configuration`,{issues:result.issues});return result.output}function assertIntegrationAuthParams(config){__parseIntegrationAuthParams(config)}function resolveIntegrationAuthParams(params){return __parseIntegrationAuthParams({consumerKey:params.AIO_COMMERCE_AUTH_INTEGRATION_CONSUMER_KEY,consumerSecret:params.AIO_COMMERCE_AUTH_INTEGRATION_CONSUMER_SECRET,accessToken:params.AIO_COMMERCE_AUTH_INTEGRATION_ACCESS_TOKEN,accessTokenSecret:params.AIO_COMMERCE_AUTH_INTEGRATION_ACCESS_TOKEN_SECRET})}const IMS_AUTH_PARAMS=[`AIO_COMMERCE_AUTH_IMS_CLIENT_ID`,`AIO_COMMERCE_AUTH_IMS_CLIENT_SECRETS`,`AIO_COMMERCE_AUTH_IMS_TECHNICAL_ACCOUNT_ID`,`AIO_COMMERCE_AUTH_IMS_TECHNICAL_ACCOUNT_EMAIL`,`AIO_COMMERCE_AUTH_IMS_ORG_ID`,`AIO_COMMERCE_AUTH_IMS_SCOPES`],INTEGRATION_AUTH_PARAMS=[`AIO_COMMERCE_AUTH_INTEGRATION_CONSUMER_KEY`,`AIO_COMMERCE_AUTH_INTEGRATION_CONSUMER_SECRET`,`AIO_COMMERCE_AUTH_INTEGRATION_ACCESS_TOKEN`,`AIO_COMMERCE_AUTH_INTEGRATION_ACCESS_TOKEN_SECRET`];function resolveAuthParams(params){if(allNonEmpty(params,IMS_AUTH_PARAMS))return Object.assign(resolveImsAuthParams(params),{strategy:`ims`});if(allNonEmpty(params,INTEGRATION_AUTH_PARAMS))return Object.assign(resolveIntegrationAuthParams(params),{strategy:`integration`});throw Error(`Can't resolve authentication options for the given params. Please provide either IMS options (${IMS_AUTH_PARAMS.join(`, `)}) or Commerce integration options (${INTEGRATION_AUTH_PARAMS.join(`, `)}).`)}export{assertImsAuthParams,assertIntegrationAuthParams,getImsAuthProvider,getIntegrationAuthProvider,isImsAuthProvider,isIntegrationAuthProvider,resolveAuthParams};